From 561ee23f218c7a68a2ef46525502f978e56fc1bb Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Tue, 29 Nov 2016 13:30:55 +0100 Subject: MOVED TO: https://github.com/p11-glue/p11-kit This repository has moved to GitHub to allow further contributions and more flexibility who can merge changes. More details here: https://lists.freedesktop.org/archives/p11-glue/2016-November/000626.html --- AUTHORS | 1 - ChangeLog | 31 - HACKING | 7 +- Makefile.am | 108 - NEWS | 300 -- README | 4 + autogen.sh | 37 - automaint.sh | 52 - build/certs/Makefile | 51 - build/certs/cacert-ca.der | Bin 1857 -> 0 bytes build/certs/cacert3.der | Bin 1885 -> 0 bytes build/certs/distant-end-date.der | Bin 366 -> 0 bytes build/certs/entrust-invalid.der | Bin 1120 -> 0 bytes build/certs/redhat-newca.der | Bin 948 -> 0 bytes build/certs/self-server.der | Bin 396 -> 0 bytes build/certs/self-signed-with-eku.der | Bin 480 -> 0 bytes build/certs/self-signed-with-ku.der | Bin 478 -> 0 bytes build/certs/testing-ca.der | Bin 970 -> 0 bytes build/certs/testing-server.der | Bin 554 -> 0 bytes build/certs/verisign-v1.der | Bin 576 -> 0 bytes build/certs/with-eku.conf | 19 - build/certs/with-ku.conf | 19 - build/gtk-doc.make | 259 -- build/litter/.empty | 1 - build/m4/.empty | 1 - build/tx-update | 66 - common/Makefile.am | 111 - common/argv.c | 115 - common/argv.h | 44 - common/array.c | 129 - common/array.h | 68 - common/attrs.c | 903 ----- common/attrs.h | 136 - common/buffer.c | 197 - common/buffer.h | 93 - common/compat.c | 924 ----- common/compat.h | 341 -- common/constants.c | 708 ---- common/constants.h | 82 - common/debug.c | 158 - common/debug.h | 145 - common/dict.c | 389 -- common/dict.h | 180 - common/frob-getauxval.c | 61 - common/frob-getenv.c | 65 - common/hash.c | 174 - common/hash.h | 47 - common/lexer.c | 239 -- common/lexer.h | 84 - common/library.c | 212 -- common/library.h | 74 - common/message.c | 172 - common/message.h | 66 - common/mock.c | 3975 -------------------- common/mock.h | 1134 ------ common/path.c | 325 -- common/path.h | 69 - common/pkcs11.h | 1398 ------- common/pkcs11i.h | 505 --- common/pkcs11x.h | 149 - common/test-array.c | 209 - common/test-attrs.c | 757 ---- common/test-buffer.c | 199 - common/test-compat.c | 145 - common/test-constants.c | 102 - common/test-dict.c | 522 --- common/test-hash.c | 106 - common/test-lexer.c | 253 -- common/test-message.c | 65 - common/test-path.c | 216 -- common/test-tests.c | 95 - common/test-url.c | 164 - common/test.c | 548 --- common/test.h | 152 - common/tool.c | 333 -- common/tool.h | 65 - common/url.c | 133 - common/url.h | 60 - configure.ac | 539 --- doc/Makefile.am | 6 - doc/internal/persist-format.txt | 59 - doc/manual/Makefile.am | 169 - doc/manual/annotation-glossary.xml | 67 - doc/manual/docbook-params.xsl | 39 - doc/manual/p11-kit-config.xml | 98 - doc/manual/p11-kit-devel.xml | 323 -- doc/manual/p11-kit-docs.xml | 45 - doc/manual/p11-kit-overrides.txt | 0 doc/manual/p11-kit-proxy.xml | 29 - doc/manual/p11-kit-sections.txt | 136 - doc/manual/p11-kit-sharing.xml | 110 - doc/manual/p11-kit-trust.xml | 128 - doc/manual/p11-kit.xml | 131 - doc/manual/pkcs11.conf.xml | 281 -- doc/manual/style.css | 116 - doc/manual/trust.xml | 372 -- p11-kit/Makefile.am | 253 -- p11-kit/conf.c | 509 --- p11-kit/conf.h | 75 - p11-kit/deprecated.h | 97 - p11-kit/docs.h | 38 - p11-kit/fixtures/package-modules/four.module | 5 - p11-kit/fixtures/package-modules/win32/four.module | 4 - p11-kit/fixtures/system-modules/one.module | 5 - .../fixtures/system-modules/two-duplicate.module | 4 - p11-kit/fixtures/system-modules/two.badname | 6 - p11-kit/fixtures/system-modules/win32/one.module | 4 - .../system-modules/win32/two-duplicate.module | 4 - p11-kit/fixtures/system-modules/win32/two.badname | 6 - p11-kit/fixtures/system-pkcs11.conf | 6 - p11-kit/fixtures/test-1.conf | 6 - p11-kit/fixtures/test-pinfile | 1 - p11-kit/fixtures/test-pinfile-large | 53 - p11-kit/fixtures/test-system-invalid.conf | 3 - p11-kit/fixtures/test-system-merge.conf | 7 - p11-kit/fixtures/test-system-none.conf | 8 - p11-kit/fixtures/test-system-only.conf | 8 - p11-kit/fixtures/test-user-invalid.conf | 3 - p11-kit/fixtures/test-user-only.conf | 4 - p11-kit/fixtures/test-user.conf | 3 - p11-kit/fixtures/user-modules/one.module | 4 - p11-kit/fixtures/user-modules/three.module | 6 - p11-kit/fixtures/user-modules/win32/one.module | 2 - p11-kit/fixtures/user-modules/win32/three.module | 6 - p11-kit/frob-setuid.c | 95 - p11-kit/iter.c | 983 ----- p11-kit/iter.h | 117 - p11-kit/lists.c | 290 -- p11-kit/log.c | 2022 ---------- p11-kit/log.h | 53 - p11-kit/messages.c | 242 -- p11-kit/mock-module-ep.c | 54 - p11-kit/mock-module-ep2.c | 56 - p11-kit/mock-module-ep3.c | 68 - p11-kit/modules.c | 2704 ------------- p11-kit/modules.h | 51 - p11-kit/p11-kit-1.pc.in | 22 - p11-kit/p11-kit.c | 135 - p11-kit/p11-kit.h | 122 - p11-kit/pin.c | 704 ---- p11-kit/pin.h | 107 - p11-kit/pkcs11.conf.example.in | 9 - p11-kit/pkcs11.h | 40 - p11-kit/print-messages.c | 137 - p11-kit/private.h | 67 - p11-kit/proxy.c | 2425 ------------ p11-kit/proxy.h | 43 - p11-kit/remote.c | 111 - p11-kit/remote.h | 56 - p11-kit/rpc-client.c | 2104 ----------- p11-kit/rpc-message.c | 769 ---- p11-kit/rpc-message.h | 370 -- p11-kit/rpc-server.c | 2017 ---------- p11-kit/rpc-transport.c | 864 ----- p11-kit/rpc.h | 95 - p11-kit/test-conf.c | 456 --- p11-kit/test-deprecated.c | 513 --- p11-kit/test-init.c | 420 --- p11-kit/test-iter.c | 1512 -------- p11-kit/test-log.c | 112 - p11-kit/test-managed.c | 271 -- p11-kit/test-mock.c | 1685 --------- p11-kit/test-modules.c | 453 --- p11-kit/test-pin.c | 313 -- p11-kit/test-progname.c | 86 - p11-kit/test-proxy.c | 296 -- p11-kit/test-rpc.c | 1061 ------ p11-kit/test-transport.c | 318 -- p11-kit/test-uri.c | 1512 -------- p11-kit/test-util.c | 59 - p11-kit/test-virtual.c | 171 - p11-kit/uri.c | 1490 -------- p11-kit/uri.h | 177 - p11-kit/util.c | 295 -- p11-kit/virtual.c | 2975 --------------- p11-kit/virtual.h | 68 - po/LINGUAS | 71 - po/Makevars | 41 - po/POTFILES.in | 2 - po/ar.po | 342 -- po/as.po | 342 -- po/az.po | 342 -- po/bg.po | 342 -- po/bn_IN.po | 342 -- po/boldquot.sed | 10 - po/ca.po | 342 -- po/ca@valencia.po | 342 -- po/cs.po | 343 -- po/cy.po | 342 -- po/da.po | 343 -- po/de.po | 344 -- po/el.po | 343 -- po/en@boldquot.header | 25 - po/en@quot.header | 22 - po/en_GB.po | 343 -- po/eo.po | 343 -- po/es.po | 344 -- po/et.po | 342 -- po/eu.po | 342 -- po/fa.po | 342 -- po/fi.po | 345 -- po/fo.po | 342 -- po/fr.po | 344 -- po/ga.po | 342 -- po/gl.po | 343 -- po/gu.po | 342 -- po/he.po | 342 -- po/hi.po | 342 -- po/hr.po | 343 -- po/hu.po | 344 -- po/ia.po | 342 -- po/id.po | 343 -- po/insert-header.sin | 23 - po/it.po | 345 -- po/ja.po | 343 -- po/ka.po | 343 -- po/kk.po | 343 -- po/kn.po | 342 -- po/ko.po | 345 -- po/lt.po | 342 -- po/lv.po | 343 -- po/ml.po | 342 -- po/mr.po | 342 -- po/ms.po | 342 -- po/nb.po | 342 -- po/nl.po | 343 -- po/nn.po | 342 -- po/oc.po | 342 -- po/or.po | 342 -- po/pa.po | 343 -- po/pl.po | 343 -- po/pt.po | 342 -- po/pt_BR.po | 343 -- po/quot.sed | 6 - po/remove-potcdate.sin | 19 - po/ro.po | 342 -- po/ru.po | 345 -- po/sk.po | 344 -- po/sl.po | 343 -- po/sq.po | 342 -- po/sr.po | 343 -- po/sr@latin.po | 342 -- po/sv.po | 343 -- po/ta.po | 342 -- po/te.po | 342 -- po/th.po | 342 -- po/tr.po | 343 -- po/uk.po | 343 -- po/vi.po | 342 -- po/wa.po | 342 -- po/zh_CN.po | 344 -- po/zh_HK.po | 342 -- po/zh_TW.po | 343 -- trust/Makefile.am | 295 -- trust/anchor.c | 660 ---- trust/anchor.h | 43 - trust/asn1.c | 374 -- trust/asn1.h | 86 - trust/base64.c | 251 -- trust/base64.h | 59 - trust/basic.asn | 12 - trust/basic.asn.h | 13 - trust/builder.c | 1872 --------- trust/builder.h | 67 - trust/digest.c | 632 ---- trust/digest.h | 60 - trust/enumerate.c | 743 ---- trust/enumerate.h | 107 - trust/extract-cer.c | 116 - trust/extract-jks.c | 330 -- trust/extract-openssl.c | 696 ---- trust/extract-pem.c | 178 - trust/extract.c | 322 -- trust/extract.h | 86 - trust/fixtures/cacert-ca.der | Bin 1857 -> 0 bytes trust/fixtures/cacert3-distrust-all.pem | 44 - trust/fixtures/cacert3-distrusted-all.pem | 43 - trust/fixtures/cacert3-not-trusted.pem | 42 - trust/fixtures/cacert3-trusted-alias.pem | 42 - trust/fixtures/cacert3-trusted-keyid.pem | 42 - trust/fixtures/cacert3-trusted-server-alias.pem | 43 - trust/fixtures/cacert3-trusted.pem | 43 - trust/fixtures/cacert3-twice.pem | 84 - trust/fixtures/cacert3.der | Bin 1885 -> 0 bytes trust/fixtures/cacert3.pem | 42 - trust/fixtures/distrusted.pem | 23 - trust/fixtures/empty-file | 0 trust/fixtures/multiple.pem | 58 - trust/fixtures/openssl-trust-no-trust.pem | 27 - trust/fixtures/redhat-ca.der | Bin 948 -> 0 bytes trust/fixtures/self-signed-with-eku.der | Bin 480 -> 0 bytes trust/fixtures/self-signed-with-ku.der | Bin 478 -> 0 bytes trust/fixtures/simple-string | 1 - trust/fixtures/testing-server.der | Bin 554 -> 0 bytes trust/fixtures/thawte.pem | 25 - trust/fixtures/unrecognized-file.txt | 1 - trust/fixtures/verisign-v1.der | Bin 576 -> 0 bytes trust/fixtures/verisign-v1.pem | 15 - trust/frob-bc.c | 102 - trust/frob-cert.c | 134 - trust/frob-eku.c | 103 - trust/frob-ext.c | 119 - trust/frob-ku.c | 126 - trust/frob-multi-init.c | 69 - trust/frob-nss-trust.c | 221 -- trust/frob-oid.c | 102 - trust/frob-pow.c | 57 - trust/frob-token.c | 64 - trust/index.c | 912 ----- trust/index.h | 127 - trust/input/anchors/cacert3.der | Bin 1885 -> 0 bytes trust/input/anchors/testing-ca.der | Bin 970 -> 0 bytes trust/input/blacklist/self-server.der | Bin 396 -> 0 bytes trust/input/cacert-ca.der | Bin 1857 -> 0 bytes trust/input/distrusted.pem | 23 - trust/input/verisign-v1.p11-kit | 17 - trust/list.c | 260 -- trust/list.h | 43 - trust/module.c | 1837 --------- trust/module.h | 42 - trust/oid.c | 96 - trust/oid.h | 236 -- trust/openssl.asn | 28 - trust/openssl.asn.h | 28 - trust/p11-kit-trust.module | 17 - trust/parser.c | 762 ---- trust/parser.h | 89 - trust/pem.c | 288 -- trust/pem.h | 58 - trust/persist.c | 768 ---- trust/persist.h | 63 - trust/pkix.asn | 566 --- trust/pkix.asn.h | 408 -- trust/save.c | 593 --- trust/save.h | 85 - trust/session.c | 97 - trust/session.h | 66 - trust/test-asn1.c | 164 - trust/test-base64.c | 204 - trust/test-builder.c | 2237 ----------- trust/test-bundle.c | 272 -- trust/test-cer.c | 247 -- trust/test-digest.c | 143 - trust/test-enumerate.c | 538 --- trust/test-extract.in | 189 - trust/test-index.c | 1144 ------ trust/test-module.c | 1218 ------ trust/test-oid.c | 127 - trust/test-openssl.c | 662 ---- trust/test-parser.c | 567 --- trust/test-pem.c | 341 -- trust/test-persist.c | 635 ---- trust/test-save.c | 595 --- trust/test-token.c | 793 ---- trust/test-trust.c | 333 -- trust/test-trust.h | 431 --- trust/test-utf8.c | 244 -- trust/test-x509.c | 416 -- trust/token.c | 909 ----- trust/token.h | 68 - trust/trust-extract-compat.in | 32 - trust/trust.c | 69 - trust/types.h | 54 - trust/utf8.c | 329 -- trust/utf8.h | 53 - trust/x509.c | 370 -- trust/x509.h | 89 - 367 files changed, 10 insertions(+), 106672 deletions(-) delete mode 100644 AUTHORS delete mode 100644 ChangeLog delete mode 100644 Makefile.am delete mode 100644 NEWS delete mode 100755 autogen.sh delete mode 100755 automaint.sh delete mode 100644 build/certs/Makefile delete mode 100644 build/certs/cacert-ca.der delete mode 100644 build/certs/cacert3.der delete mode 100644 build/certs/distant-end-date.der delete mode 100644 build/certs/entrust-invalid.der delete mode 100644 build/certs/redhat-newca.der delete mode 100644 build/certs/self-server.der delete mode 100644 build/certs/self-signed-with-eku.der delete mode 100644 build/certs/self-signed-with-ku.der delete mode 100644 build/certs/testing-ca.der delete mode 100644 build/certs/testing-server.der delete mode 100644 build/certs/verisign-v1.der delete mode 100644 build/certs/with-eku.conf delete mode 100644 build/certs/with-ku.conf delete mode 100644 build/gtk-doc.make delete mode 100644 build/litter/.empty delete mode 100644 build/m4/.empty delete mode 100644 build/tx-update delete mode 100644 common/Makefile.am delete mode 100644 common/argv.c delete mode 100644 common/argv.h delete mode 100644 common/array.c delete mode 100644 common/array.h delete mode 100644 common/attrs.c delete mode 100644 common/attrs.h delete mode 100644 common/buffer.c delete mode 100644 common/buffer.h delete mode 100644 common/compat.c delete mode 100644 common/compat.h delete mode 100644 common/constants.c delete mode 100644 common/constants.h delete mode 100644 common/debug.c delete mode 100644 common/debug.h delete mode 100644 common/dict.c delete mode 100644 common/dict.h delete mode 100644 common/frob-getauxval.c delete mode 100644 common/frob-getenv.c delete mode 100644 common/hash.c delete mode 100644 common/hash.h delete mode 100644 common/lexer.c delete mode 100644 common/lexer.h delete mode 100644 common/library.c delete mode 100644 common/library.h delete mode 100644 common/message.c delete mode 100644 common/message.h delete mode 100644 common/mock.c delete mode 100644 common/mock.h delete mode 100644 common/path.c delete mode 100644 common/path.h delete mode 100644 common/pkcs11.h delete mode 100644 common/pkcs11i.h delete mode 100644 common/pkcs11x.h delete mode 100644 common/test-array.c delete mode 100644 common/test-attrs.c delete mode 100644 common/test-buffer.c delete mode 100644 common/test-compat.c delete mode 100644 common/test-constants.c delete mode 100644 common/test-dict.c delete mode 100644 common/test-hash.c delete mode 100644 common/test-lexer.c delete mode 100644 common/test-message.c delete mode 100644 common/test-path.c delete mode 100644 common/test-tests.c delete mode 100644 common/test-url.c delete mode 100644 common/test.c delete mode 100644 common/test.h delete mode 100644 common/tool.c delete mode 100644 common/tool.h delete mode 100644 common/url.c delete mode 100644 common/url.h delete mode 100644 configure.ac delete mode 100644 doc/Makefile.am delete mode 100644 doc/internal/persist-format.txt delete mode 100644 doc/manual/Makefile.am delete mode 100644 doc/manual/annotation-glossary.xml delete mode 100644 doc/manual/docbook-params.xsl delete mode 100644 doc/manual/p11-kit-config.xml delete mode 100644 doc/manual/p11-kit-devel.xml delete mode 100644 doc/manual/p11-kit-docs.xml delete mode 100644 doc/manual/p11-kit-overrides.txt delete mode 100644 doc/manual/p11-kit-proxy.xml delete mode 100644 doc/manual/p11-kit-sections.txt delete mode 100644 doc/manual/p11-kit-sharing.xml delete mode 100644 doc/manual/p11-kit-trust.xml delete mode 100644 doc/manual/p11-kit.xml delete mode 100644 doc/manual/pkcs11.conf.xml delete mode 100644 doc/manual/style.css delete mode 100644 doc/manual/trust.xml delete mode 100644 p11-kit/Makefile.am delete mode 100644 p11-kit/conf.c delete mode 100644 p11-kit/conf.h delete mode 100644 p11-kit/deprecated.h delete mode 100644 p11-kit/docs.h delete mode 100644 p11-kit/fixtures/package-modules/four.module delete mode 100644 p11-kit/fixtures/package-modules/win32/four.module delete mode 100644 p11-kit/fixtures/system-modules/one.module delete mode 100644 p11-kit/fixtures/system-modules/two-duplicate.module delete mode 100644 p11-kit/fixtures/system-modules/two.badname delete mode 100644 p11-kit/fixtures/system-modules/win32/one.module delete mode 100644 p11-kit/fixtures/system-modules/win32/two-duplicate.module delete mode 100644 p11-kit/fixtures/system-modules/win32/two.badname delete mode 100644 p11-kit/fixtures/system-pkcs11.conf delete mode 100644 p11-kit/fixtures/test-1.conf delete mode 100644 p11-kit/fixtures/test-pinfile delete mode 100644 p11-kit/fixtures/test-pinfile-large delete mode 100644 p11-kit/fixtures/test-system-invalid.conf delete mode 100644 p11-kit/fixtures/test-system-merge.conf delete mode 100644 p11-kit/fixtures/test-system-none.conf delete mode 100644 p11-kit/fixtures/test-system-only.conf delete mode 100644 p11-kit/fixtures/test-user-invalid.conf delete mode 100644 p11-kit/fixtures/test-user-only.conf delete mode 100644 p11-kit/fixtures/test-user.conf delete mode 100644 p11-kit/fixtures/user-modules/one.module delete mode 100644 p11-kit/fixtures/user-modules/three.module delete mode 100644 p11-kit/fixtures/user-modules/win32/one.module delete mode 100644 p11-kit/fixtures/user-modules/win32/three.module delete mode 100644 p11-kit/frob-setuid.c delete mode 100644 p11-kit/iter.c delete mode 100644 p11-kit/iter.h delete mode 100644 p11-kit/lists.c delete mode 100644 p11-kit/log.c delete mode 100644 p11-kit/log.h delete mode 100644 p11-kit/messages.c delete mode 100644 p11-kit/mock-module-ep.c delete mode 100644 p11-kit/mock-module-ep2.c delete mode 100644 p11-kit/mock-module-ep3.c delete mode 100644 p11-kit/modules.c delete mode 100644 p11-kit/modules.h delete mode 100644 p11-kit/p11-kit-1.pc.in delete mode 100644 p11-kit/p11-kit.c delete mode 100644 p11-kit/p11-kit.h delete mode 100644 p11-kit/pin.c delete mode 100644 p11-kit/pin.h delete mode 100644 p11-kit/pkcs11.conf.example.in delete mode 100644 p11-kit/pkcs11.h delete mode 100644 p11-kit/print-messages.c delete mode 100644 p11-kit/private.h delete mode 100644 p11-kit/proxy.c delete mode 100644 p11-kit/proxy.h delete mode 100644 p11-kit/remote.c delete mode 100644 p11-kit/remote.h delete mode 100644 p11-kit/rpc-client.c delete mode 100644 p11-kit/rpc-message.c delete mode 100644 p11-kit/rpc-message.h delete mode 100644 p11-kit/rpc-server.c delete mode 100644 p11-kit/rpc-transport.c delete mode 100644 p11-kit/rpc.h delete mode 100644 p11-kit/test-conf.c delete mode 100644 p11-kit/test-deprecated.c delete mode 100644 p11-kit/test-init.c delete mode 100644 p11-kit/test-iter.c delete mode 100644 p11-kit/test-log.c delete mode 100644 p11-kit/test-managed.c delete mode 100644 p11-kit/test-mock.c delete mode 100644 p11-kit/test-modules.c delete mode 100644 p11-kit/test-pin.c delete mode 100644 p11-kit/test-progname.c delete mode 100644 p11-kit/test-proxy.c delete mode 100644 p11-kit/test-rpc.c delete mode 100644 p11-kit/test-transport.c delete mode 100644 p11-kit/test-uri.c delete mode 100644 p11-kit/test-util.c delete mode 100644 p11-kit/test-virtual.c delete mode 100644 p11-kit/uri.c delete mode 100644 p11-kit/uri.h delete mode 100644 p11-kit/util.c delete mode 100644 p11-kit/virtual.c delete mode 100644 p11-kit/virtual.h delete mode 100644 po/LINGUAS delete mode 100644 po/Makevars delete mode 100644 po/POTFILES.in delete mode 100644 po/ar.po delete mode 100644 po/as.po delete mode 100644 po/az.po delete mode 100644 po/bg.po delete mode 100644 po/bn_IN.po delete mode 100644 po/boldquot.sed delete mode 100644 po/ca.po delete mode 100644 po/ca@valencia.po delete mode 100644 po/cs.po delete mode 100644 po/cy.po delete mode 100644 po/da.po delete mode 100644 po/de.po delete mode 100644 po/el.po delete mode 100644 po/en@boldquot.header delete mode 100644 po/en@quot.header delete mode 100644 po/en_GB.po delete mode 100644 po/eo.po delete mode 100644 po/es.po delete mode 100644 po/et.po delete mode 100644 po/eu.po delete mode 100644 po/fa.po delete mode 100644 po/fi.po delete mode 100644 po/fo.po delete mode 100644 po/fr.po delete mode 100644 po/ga.po delete mode 100644 po/gl.po delete mode 100644 po/gu.po delete mode 100644 po/he.po delete mode 100644 po/hi.po delete mode 100644 po/hr.po delete mode 100644 po/hu.po delete mode 100644 po/ia.po delete mode 100644 po/id.po delete mode 100644 po/insert-header.sin delete mode 100644 po/it.po delete mode 100644 po/ja.po delete mode 100644 po/ka.po delete mode 100644 po/kk.po delete mode 100644 po/kn.po delete mode 100644 po/ko.po delete mode 100644 po/lt.po delete mode 100644 po/lv.po delete mode 100644 po/ml.po delete mode 100644 po/mr.po delete mode 100644 po/ms.po delete mode 100644 po/nb.po delete mode 100644 po/nl.po delete mode 100644 po/nn.po delete mode 100644 po/oc.po delete mode 100644 po/or.po delete mode 100644 po/pa.po delete mode 100644 po/pl.po delete mode 100644 po/pt.po delete mode 100644 po/pt_BR.po delete mode 100644 po/quot.sed delete mode 100644 po/remove-potcdate.sin delete mode 100644 po/ro.po delete mode 100644 po/ru.po delete mode 100644 po/sk.po delete mode 100644 po/sl.po delete mode 100644 po/sq.po delete mode 100644 po/sr.po delete mode 100644 po/sr@latin.po delete mode 100644 po/sv.po delete mode 100644 po/ta.po delete mode 100644 po/te.po delete mode 100644 po/th.po delete mode 100644 po/tr.po delete mode 100644 po/uk.po delete mode 100644 po/vi.po delete mode 100644 po/wa.po delete mode 100644 po/zh_CN.po delete mode 100644 po/zh_HK.po delete mode 100644 po/zh_TW.po delete mode 100644 trust/Makefile.am delete mode 100644 trust/anchor.c delete mode 100644 trust/anchor.h delete mode 100644 trust/asn1.c delete mode 100644 trust/asn1.h delete mode 100644 trust/base64.c delete mode 100644 trust/base64.h delete mode 100644 trust/basic.asn delete mode 100644 trust/basic.asn.h delete mode 100644 trust/builder.c delete mode 100644 trust/builder.h delete mode 100644 trust/digest.c delete mode 100644 trust/digest.h delete mode 100644 trust/enumerate.c delete mode 100644 trust/enumerate.h delete mode 100644 trust/extract-cer.c delete mode 100644 trust/extract-jks.c delete mode 100644 trust/extract-openssl.c delete mode 100644 trust/extract-pem.c delete mode 100644 trust/extract.c delete mode 100644 trust/extract.h delete mode 100644 trust/fixtures/cacert-ca.der delete mode 100644 trust/fixtures/cacert3-distrust-all.pem delete mode 100644 trust/fixtures/cacert3-distrusted-all.pem delete mode 100644 trust/fixtures/cacert3-not-trusted.pem delete mode 100644 trust/fixtures/cacert3-trusted-alias.pem delete mode 100644 trust/fixtures/cacert3-trusted-keyid.pem delete mode 100644 trust/fixtures/cacert3-trusted-server-alias.pem delete mode 100644 trust/fixtures/cacert3-trusted.pem delete mode 100644 trust/fixtures/cacert3-twice.pem delete mode 100644 trust/fixtures/cacert3.der delete mode 100644 trust/fixtures/cacert3.pem delete mode 100644 trust/fixtures/distrusted.pem delete mode 100644 trust/fixtures/empty-file delete mode 100644 trust/fixtures/multiple.pem delete mode 100644 trust/fixtures/openssl-trust-no-trust.pem delete mode 100644 trust/fixtures/redhat-ca.der delete mode 100644 trust/fixtures/self-signed-with-eku.der delete mode 100644 trust/fixtures/self-signed-with-ku.der delete mode 100644 trust/fixtures/simple-string delete mode 100644 trust/fixtures/testing-server.der delete mode 100644 trust/fixtures/thawte.pem delete mode 100644 trust/fixtures/unrecognized-file.txt delete mode 100644 trust/fixtures/verisign-v1.der delete mode 100644 trust/fixtures/verisign-v1.pem delete mode 100644 trust/frob-bc.c delete mode 100644 trust/frob-cert.c delete mode 100644 trust/frob-eku.c delete mode 100644 trust/frob-ext.c delete mode 100644 trust/frob-ku.c delete mode 100644 trust/frob-multi-init.c delete mode 100644 trust/frob-nss-trust.c delete mode 100644 trust/frob-oid.c delete mode 100644 trust/frob-pow.c delete mode 100644 trust/frob-token.c delete mode 100644 trust/index.c delete mode 100644 trust/index.h delete mode 100644 trust/input/anchors/cacert3.der delete mode 100644 trust/input/anchors/testing-ca.der delete mode 100644 trust/input/blacklist/self-server.der delete mode 100644 trust/input/cacert-ca.der delete mode 100644 trust/input/distrusted.pem delete mode 100644 trust/input/verisign-v1.p11-kit delete mode 100644 trust/list.c delete mode 100644 trust/list.h delete mode 100644 trust/module.c delete mode 100644 trust/module.h delete mode 100644 trust/oid.c delete mode 100644 trust/oid.h delete mode 100644 trust/openssl.asn delete mode 100644 trust/openssl.asn.h delete mode 100644 trust/p11-kit-trust.module delete mode 100644 trust/parser.c delete mode 100644 trust/parser.h delete mode 100644 trust/pem.c delete mode 100644 trust/pem.h delete mode 100644 trust/persist.c delete mode 100644 trust/persist.h delete mode 100644 trust/pkix.asn delete mode 100644 trust/pkix.asn.h delete mode 100644 trust/save.c delete mode 100644 trust/save.h delete mode 100644 trust/session.c delete mode 100644 trust/session.h delete mode 100644 trust/test-asn1.c delete mode 100644 trust/test-base64.c delete mode 100644 trust/test-builder.c delete mode 100644 trust/test-bundle.c delete mode 100644 trust/test-cer.c delete mode 100644 trust/test-digest.c delete mode 100644 trust/test-enumerate.c delete mode 100644 trust/test-extract.in delete mode 100644 trust/test-index.c delete mode 100644 trust/test-module.c delete mode 100644 trust/test-oid.c delete mode 100644 trust/test-openssl.c delete mode 100644 trust/test-parser.c delete mode 100644 trust/test-pem.c delete mode 100644 trust/test-persist.c delete mode 100644 trust/test-save.c delete mode 100644 trust/test-token.c delete mode 100644 trust/test-trust.c delete mode 100644 trust/test-trust.h delete mode 100644 trust/test-utf8.c delete mode 100644 trust/test-x509.c delete mode 100644 trust/token.c delete mode 100644 trust/token.h delete mode 100755 trust/trust-extract-compat.in delete mode 100644 trust/trust.c delete mode 100644 trust/types.h delete mode 100644 trust/utf8.c delete mode 100644 trust/utf8.h delete mode 100644 trust/x509.c delete mode 100644 trust/x509.h diff --git a/AUTHORS b/AUTHORS deleted file mode 100644 index 27270fb..0000000 --- a/AUTHORS +++ /dev/null @@ -1 +0,0 @@ -Stef Walter diff --git a/ChangeLog b/ChangeLog deleted file mode 100644 index 0be3835..0000000 --- a/ChangeLog +++ /dev/null @@ -1,31 +0,0 @@ -=== ChangeLog is autogenerated === - - This project relys on commit messages to provide change history. Please - write commit messages in the following format: - -=== begin example commit === - - Short explanation of the commit - - Longer explanation explaining exactly what's changed, whether any - external or private interfaces changed, what bugs were fixed (with bug - tracker reference if applicable) and so forth. Be concise but not too - brief. - -=== end example commit === - - - Always add a brief description of the commit to the _first_ line of - the commit and terminate by two newlines. This may be the title of - a fixed bug, copied from Bugzilla. - - - First line (the brief description) must only be one sentence and - should start with a capital letter unless it starts with a - lowercase symbol or identifier. Don't use a trailing full stop, - and don't exceed 72 characters. - - - The main description (the body) is normal prose and should use - normal punctuation and capital letters where appropriate. - - - When committing code on behalf of others use the --author option, - e.g. git commit -a --author "Joe Coder " and - --signoff. diff --git a/HACKING b/HACKING index 5fa9570..acb2e65 100644 --- a/HACKING +++ b/HACKING @@ -1,4 +1,9 @@ -HACKING p11-kit +MOVED: The code for p11-kit has moved: + +https://github.com/p11-glue/p11-kit + + +HACKING on p11-kit * Documentation on developing p11-kit: http://p11-glue.freedesktop.org/doc/p11-kit/devel.html diff --git a/Makefile.am b/Makefile.am deleted file mode 100644 index f310068..0000000 --- a/Makefile.am +++ /dev/null @@ -1,108 +0,0 @@ - -NULL = -WEBHOST = anarchy.freedesktop.org -WEBBASE = /srv/p11-glue.freedesktop.org/www - -AM_CPPFLAGS = \ - -I$(top_srcdir) \ - -I$(top_srcdir)/common \ - -DBINDIR=\"$(bindir)\" \ - -DBUILDDIR=\"$(abs_builddir)\" \ - -DDATA_DIR=\"$(datadir)\" \ - -DPRIVATEDIR=\"$(privatedir)\" \ - -DSRCDIR=\"$(abs_srcdir)\" \ - -DSYSCONFDIR=\"$(sysconfdir)\" \ - -DP11_KIT_FUTURE_UNSTABLE_API - -bin_PROGRAMS = -private_PROGRAMS = - -CHECK_PROGS = - -EXTRA_DIST = HACKING - -incdir = $(includedir)/p11-kit-1/p11-kit -inc_HEADERS = - -lib_LTLIBRARIES = - -noinst_LTLIBRARIES = -noinst_PROGRAMS = $(CHECK_PROGS) -noinst_SCRIPTS = - -TESTS = $(CHECK_PROGS) - -include common/Makefile.am -include p11-kit/Makefile.am - -if WITH_TRUST_MODULE -include trust/Makefile.am -endif - -SUBDIRS = . doc po - -ACLOCAL_AMFLAGS = -I build/m4 - -DISTCHECK_CONFIGURE_FLAGS = \ - --enable-doc \ - --disable-coverage \ - --enable-strict \ - CFLAGS='-O2' - - -MEMCHECK_ENV = $(TEST_RUNNER) valgrind --error-exitcode=80 --quiet - -LEAKCHECK_ENV = $(TEST_RUNNER) valgrind --error-exitcode=81 --quiet --leak-check=yes - -HELLCHECK_ENV = $(TEST_RUNNER) valgrind --error-exitcode=82 --quiet --tool=helgrind - -memcheck: all - make $(AM_MAKEFLAGS) TESTS_ENVIRONMENT="$(MEMCHECK_ENV)" check-TESTS - -leakcheck: all - make $(AM_MAKEFLAGS) TESTS_ENVIRONMENT="$(LEAKCHECK_ENV)" check-TESTS - -hellcheck: all - make $(AM_MAKEFLAGS) TESTS_ENVIRONMENT="$(HELLCHECK_ENV)" check-TESTS - -dist-hook: - @if test -d "$(srcdir)/.git"; \ - then \ - echo Creating ChangeLog && \ - ( cd "$(top_srcdir)" && \ - echo '# Generate automatically. Do not edit.'; echo; \ - $(top_srcdir)/missing --run git log --stat --date=short ) > ChangeLog.tmp \ - && mv -f ChangeLog.tmp $(top_distdir)/ChangeLog \ - || ( rm -f ChangeLog.tmp ; \ - echo Failed to generate ChangeLog >&2 ); \ - else \ - echo A git clone is required to generate a ChangeLog >&2; \ - fi - -if WITH_COVERAGE -coverage: - mkdir -p build/coverage - $(LCOV) --directory . --zerocounters - $(MAKE) check - $(LCOV) --directory . --capture --output-file build/coverage.info - $(GENHTML) --output-directory build/coverage \ - --title "p11-kit $(PACKAGE_VERSION)" \ - build/coverage.info - @echo "file://$(abs_top_builddir)/build/coverage/index.html" - -upload-coverage: coverage - rsync -Hvax build/coverage/./ $(WEBHOST):$(WEBBASE)/build/coverage/./ -endif - -if ENABLE_GTK_DOC -upload-doc: all - rsync -Hvax --exclude doc --exclude build \ - doc/manual/html/./ $(WEBHOST):$(WEBBASE)/doc/p11-kit/./ -endif - -upload-release: $(DIST_ARCHIVES) - gpg --detach-sign --local-user 'stef@thewalter.net' $< - scp $< $<.sig $(WEBHOST):$(WEBBASE)/releases/ - -transifex: - cd $(srcdir) && sh build/tx-update diff --git a/NEWS b/NEWS deleted file mode 100644 index 0cf48e4..0000000 --- a/NEWS +++ /dev/null @@ -1,300 +0,0 @@ -0.23.2 (devel) - * Fix forking issues with libffi [#90289 ...] - * Updated translations - * Build fixes [#90827 #89081 #92434 #92520 #92445 #92551 #92843 #92842 #92807 #93211 ...] - -0.23.1 (devel) - * Use new PKCS#11 URI draft fields for URIs [#86474 #87582] - * Add pem-directory-hash extract format - * Build fixes - -0.22.1 (stable) - * Use SubjectKeyIdentifier for CKA_ID when available [#84761] - * Allow 'BEGIN PuBLIC KEY' PEM blocks in .p11-kit files - * Bump libtool library version - * Build fixes [#84665 ...] - -0.22.0 (stable) - * Remove the 'isolated = yes' option due to unclear semantics - replacement forth coming in later versions. - * Use secure_getenv() where necessary - * Run separate binary for 'p11-kit remote' command - -0.21.3 (unstable) - * New public pkcs11x.h header containing extensions [#83495] - * Export necessary defines to lookup attached extensions [#83495] - * Use term 'attached extensions' rather than 'stabled extensions' - * Make proxy module respect 'critical = no' [#83651] - * Show public-key-info in 'trust list --details' - * Build fixes [#75674 ...] - -0.21.2 (unstable) - * Don't use invalid keys for looking up stapled extensions [#82328] - * Better error messages when invalid certificate extensions - * Fix parsing of some odd OpenSSL TRUSTED CERTIFICATE files - * Fix some leaks, and memory issues - * Silence some clang scanner warnings - * Fix build against older pthread implementations [#82617] - * Move to a non-recursive Makefile - * Can now specify which tests to run on command line - -0.21.1 (unstable) - * Add new 'isolate' pkcs11 config option [#80472] - * Add 'p11-kit remote' command for isolating modules [#54105] - * Don't complain about C_Finalize after a fork - * Other minor fixes - -0.20.3 (stable) - * Fix problems reinitializing managed modules after fork - * Fix bad bookeeping when fail initializing one of the modules - * Fix case where module would be unloaded while in use [#74919] - * Remove assertions when module used before initialized [#74919] - * Fix handling of mmap failure and mapping empty files [#74773] - * Stable p11_kit_be_quiet() and p11_kit_be_loud() functions - * Require automake 1.12 or later - * Build fixes for Windows [#76594 #74149] - -0.20.2 (stable) - * Fix bug where blacklist didn't affect extracted ca-anchors if the anchor - and blacklist were not in the same trust path (regression) [#73558] - * Check for race in BasicConstraints stapled extension [#69314] - * autogen.sh now runs configure as srcdir != builddir by default - * Build fixes and cleanup - -0.20.1 (stable) - * Extract compat trust data after we've changes - * Skip compat extraction if running as non-root - * Better failure messages when removing anchors - * Build cleanup - -0.20.0 (stable) - * Doc fixes - -0.19.4 (unstable) - * 'trust anchor' now adds/removes certificate anchors - * 'trust list' lists trust policy stuff - * 'p11-kit extract' is now 'trust extract' - * 'p11-kit extract-trust' is now 'trust extract-compat' - * Workarounds for working on broken zfsonlinux.org [#68525] - * Add --with-module-config parameter to the configure script [#68122] - * Add support for removing stored PKCS#11 objects in trust module - * Various debugging tweaks - -0.19.3 (unstable) - * Fix up problems with automake testing - * Fix a bunch of memory leaks in newly refactored code - * Don't use _GNU_SOURCE and the unportability it brings - * Testing fixes - -0.19.2 (unstable) - * Add basic 'trust anchor' command to store a new anchor - * Support for writing out trust token objects - * Port to use CKA_PUBLIC_KEY_INFO and updated trust store spec - * Add option to use freebl for hashing - * Implement reloading of token data - * Fix warnings and possible minor bugs higlighted by code scanners - * Don't load configs in home directories when running setuid or setgid - * Support treating ~/.config as $XDG_CONFIG_HOME - * Use $XDG_DATA_HOME/pkcs11 as default user config directory - * Use $TMPDIR instead of $TEMP while testing - * Open files and fds with O_CLOEXEC - * Abort initialization if a critical module fails to load - * Don't use thread-unsafe functions: strerror, getpwuid - * Fix p11_kit_space_strlen() result when empty string - * Refactoring of where various components live - * Build fixes - -0.19.1 (unstable) - * Refactor API to be able to handle managed modules - * Deprecate much of old p11-kit API - * Implement concept of managed modules - * Make C_CloseAllSessions function work for multiple callers - * New dependency on libffi - * Fix possible threading problems reported by hellgrind - * Add log-calls option - * Mark p11_kit_message() as a stable function - * Use our own unit testing framework - -0.18.3 (stable) - * Fix reinitialization of trust module [#65401] - * Fix crash in trust module C_Initialize - * Mac OS fixes [#57714] - -0.18.2 (stable) - * Build fixes [#64378 ...] - -0.18.1 (stable) - * Put the external tools in $libdir/p11-kit - * Documentation build fixes - -0.18.0 (stable) - * Fix use of trust module with gcr and empathy [#62896] - * Further tweaks to trust module date parsing - * Fix unaligned memory reads [#62819] - * Win32 fixes [#63062, #63046] - * Debug and logging tweaks [#62874] - * Other build fixes - -0.17.5 (unstable) - * Don't try to guess at overflowing time values on 32-bit systems [#62825] - * Test fixes [#927394] - -0.17.4 (unstable) - * Check for duplicate certificates in a token, warn and discard [#62548] - * Implement a proper index so we have decent load performance - -0.17.3 (unstable) - * Use descriptive labels for the trust module tokens [#62534] - * Remove the temporary built in distrust objects - * Make extracted output directories and files read-only [#61898] - * Don't export unneccessary ABI - * Build fixes [#62479] - -0.17.2 (unstable) - * Fix build on 32-bit linux - * Fix several crashers - -0.17.1 (unstable) - * Support a p11-kit specific PKCS#11 attribute persistance format [#62156] - * Use the SHA1 hash of SPKI as the CKA_ID in the trust module by default [#62329] - * Refactor a trust builder which builds objects out of parsed data [#62329] - * Combine trust policy when extracting certificates [#61497] - * The extract --comment option adds comments to PEM bundles [#62029] - * A new 'priority' config option for ordering modules [#61978] - * Make each configured path its own trust module token [#61499] - * Use --with-trust-paths to configure trust module [#62327] - * Fix bug decoding some PEM files - * Better debug output for trust module lookups - * Work around bug in NSS when doing serial number lookups - * Work around broken strndup() function in firefox - * Fix the nickname for the distrusted attribute - * Build fixes - -0.16.4 (stable) - * Display per command help again [#62153] - * Don't always print tools debug output [#62152] - -0.16.3 (stable) - * When iterating don't skip tokens without the CKF_TOKEN_INITIALIZED flag - * Hardcode some distrust records for NSS temporarily - * Parse global options better in the p11-kit command - * Better debugging - -0.16.2 (stable) - * Fix regression in 'p11-kit extract --purpose' option [#62009] - * Documentation updates - * Build fixes [#62001, ...] - -0.16.1 (stable) - * Don't break when cA field of BasicConstraints is missing [#61975] - * Documentation fixes and updates - * p11-kit extract-trust is a placeholder script now - -0.16.0 (stable) - * Update the pkcs11.h header for new mechanisms - * Fix build and tests on mingw64 (ie: win32) - * Relicense LGPL code to BSD license - * Documentation tweaks - * Pull translations from Transifex [#60792] - * Build fixes [#61739, #60894, #61740] - -0.15.2 (unstable) - * Add German and Finish translations - * Better define the libtasn1 dependency - * Crasher and bug fixes - * Build fixes - -0.15.1 (unstable) - * Fix some memory leaks - * Add a location for packages to drop module configs - * Documentation updates and fixes - * Add command line tool manual page - * Remove unused err() function and friends - * Move more code into common/ directory and refactor - * Add a system trust policy module - * Refactor how the p11-kit command line tool works - * Add p11-kit extract and extract-trust commands - * Don't complain if we cannot access ~/.pkcs11/pkcs11.conf - * Refuse to load the p11-kit-proxy.so as a registered module - * Don't fail initialization if last initialized module fails - -0.14 - * Change default for user-config to merge - * Always URI-encode the 'id' attribute in PKCS#11 URIs - * Expect a .module extension on module configs - * Windows compatibility fixes - * Testing fixes - * Build fixes - -0.13 - * Don't allow reading of PIN files larger than 4096 bytes - * If a module is not marked as critical then ignore init failure - * Use preconditions to check for input problems and out of memory - * Add enable-in and disable-in options to module config - * Fix the flags in pin.h - * Use gcc extensions to check varargs during compile - * Fix crasher when a duplicate module is present - * Fix broken hashmap behavior - * Testing fixes - * Win32 build fixes - * 'p11-kit -h' now works - * Documentation fixes - -0.12 - * Build fix - -0.11 - * Remove automatic reinitialization of PKCS#11 after fork - -0.10 - * Build fixes, for windows, gcc 4.6.1 - -0.9 - * p11-kit can't be used as a static library - * Fix problems crashing when freeing TLS on windows - * Add debug output to windows init and uninit of library - * Build fixes, especially for windows - -0.8 - * Rename non-static functions to have a _p11_xxx prefix - * No concurrent calling of C_Initialize and C_Finalize - * Print more information in 'p11-kit -l' - * Initial port to win32 - * Build, testing fixes - -0.7 - * Expand p11-kit config variables correctly invarious build scenarios - * Add test tool to print out error messages - * Build fix on FreeBSD - -0.6 - * Add concept of a default module directory from which modules with - relative paths are loaded. - * Renamed pkg-config variables to make it clearer what's what. - -0.5 - * Fix crasher in p11_kit_registered_modules() - * Add 'critical' setting for modules, which defaults to 'no' - * Fix initialization issues in the proxy module - -0.4 - * Fix endless loop if module forks during initialization - * Update PKCS#11 URI code for new draft of spec - * Don't fail when duplicate modules are configured - * Better debug output - * Add example configuration documentation - * Support whitespace in PKCS#11 URIs - -0.3 - * Rewrite hash table, and simplify licensing. - * Correct paths for p11-kit config files. - * Many build fixes and tweaks. - -0.2 - * List token labels in 'p11-kit -l' - * Add API's for handing the pinfile part of URIs - * Use /etc/pkcs11 by default instead of ${prefix}/etc/pkcs11 - * Bug fixes - -0.1 - * Initial release diff --git a/README b/README index 5e9943a..42f44f6 100644 --- a/README +++ b/README @@ -1,3 +1,7 @@ +MOVED: The code for p11-kit has moved: + +https://github.com/p11-glue/p11-kit + P11-KIT Provides a way to load and enumerate PKCS#11 modules. Provides a standard diff --git a/autogen.sh b/autogen.sh deleted file mode 100755 index 94b54ab..0000000 --- a/autogen.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/sh -e - -set -e - -oldpwd=$(pwd) -topdir=$(dirname $0) -cd $topdir - -# Some boiler plate to get git setup as expected -if test -d .git; then - if test -f .git/hooks/pre-commit.sample && \ - test ! -f .git/hooks/pre-commit; then - cp -pv .git/hooks/pre-commit.sample .git/hooks/pre-commit - fi -fi - -set -x - -gettextize=$(which gettextize || true) -if test -z "$gettextize"; then - echo "Couldn't find gettextize" >&2 - exit 1 -fi - -# Copied from avahi's autogen.sh to work around gettext braindamage -rm -f Makefile.am~ configure.ac~ -# Evil, evil, evil, evil hack -sed 's/read dummy/\#/' $gettextize | sh -s -- --copy --force --no-changelog -test -f Makefile.am~ && mv Makefile.am~ Makefile.am -test -f configure.ac~ && mv configure.ac~ configure.ac - -autoreconf --force --install --verbose -if test x"$NOCONFIGURE" = x; then - cd $oldpwd - exec $topdir/configure "$@" -fi - diff --git a/automaint.sh b/automaint.sh deleted file mode 100755 index 8859dcc..0000000 --- a/automaint.sh +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/sh - -set -e - -NOCONFIGURE=1 ./autogen.sh - -ARGS="--enable-strict --enable-debug" -CROSS="x86_64-w64-mingw32" - -configure() -( - build=$1 - shift - - pwd=$(pwd) - mkdir -p $build - cd $build - echo "Configuring for: $build" >&2 - echo $pwd/configure "$@" >&2 - $pwd/configure "$@" -) - -# Configure the local build. To control which arguments are used create a -# CONFIG_SITE script as directed in the autoconf documentation: -# http://www.gnu.org/software/autoconf/manual/autoconf.html#Site-Defaults -configure ./build --prefix=/usr --enable-doc --enable-coverage $ARGS "$@" - -# Configure the cross builds -for cross in $CROSS; do - configure ./$cross --prefix=/opt/$cross --host=$cross $ARGS "$@" -done - -# B - -( - echo "CROSS = $CROSS" - - for target in all check clean distclean; do - echo "$target:" - echo ' $(MAKE) -C ./build' $target - echo ' @for dir in $(CROSS); do \' - echo ' $(MAKE) -C ./$$dir' $target '; \' - echo ' done' - done - - for target in distcheck memcheck leakcheck hellcheck install upload-coverage \ - coverage upload-doc upload-release transifex; do - echo "$target:" - echo ' $(MAKE) -C ./build' $target - done - -) > ./makefile diff --git a/build/certs/Makefile b/build/certs/Makefile deleted file mode 100644 index 033ecde..0000000 --- a/build/certs/Makefile +++ /dev/null @@ -1,51 +0,0 @@ - -# Note that nothing here is distributed. It just lives in the git repository -# We copy everything into its final location, and those test files are -# distributed in the tarballs - -TRUST = ../../trust - -prepare-certs: - cp -v cacert3.der $(TRUST)/input/anchors - cp -v cacert3.der $(TRUST)/fixtures - cp -v cacert3.der $(TRUST)/fixtures - openssl x509 -in cacert3.der -inform DER -out $(TRUST)/fixtures/cacert3.pem - openssl x509 -in cacert3.der -inform DER -out $(TRUST)/fixtures/cacert3.pem - cat $(TRUST)/fixtures/cacert3.pem $(TRUST)/fixtures/cacert3.pem > $(TRUST)/fixtures/cacert3-twice.pem - openssl x509 -in cacert3.der -inform DER -out $(TRUST)/fixtures/cacert3-trusted.pem \ - -addtrust serverAuth -addreject emailProtection \ - -setalias "Custom Label" - cp $(TRUST)/fixtures/cacert3-trusted.pem $(TRUST)/fixtures/cacert3-trusted-server-alias.pem - openssl x509 -in cacert3.der -inform DER -out $(TRUST)/fixtures/cacert3-trusted-alias.pem \ - -setalias "Custom Label" - openssl x509 -in cacert3.der -inform DER -out $(TRUST)/fixtures/cacert3-distrust-all.pem \ - -addreject serverAuth -addreject clientAuth -addreject codeSigning \ - -addreject emailProtection -addreject ipsecEndSystem -addreject ipsecTunnel \ - -addreject ipsecUser -addreject timeStamping - openssl x509 -in verisign-v1.der -inform DER -out $(TRUST)/fixtures/verisign-v1.pem \ - -setalias "Custom Label" - cat $(TRUST)/fixtures/cacert3-trusted-server-alias.pem \ - $(TRUST)/fixtures/verisign-v1.pem > $(TRUST)/fixtures/multiple.pem - cp -v cacert-ca.der $(TRUST)/input - cp -v cacert-ca.der $(TRUST)/fixtures - openssl x509 -in redhat-newca.der -inform DER -out $(TRUST)/fixtures/distrusted.pem \ - -addreject clientAuth -setalias "Red Hat Is the CA" - cp -v $(TRUST)/fixtures/distrusted.pem $(TRUST)/input - cp -v self-server.der $(TRUST)/input/blacklist - cp -v self-signed-with-eku.der $(TRUST)/fixtures - cp -v self-signed-with-ku.der $(TRUST)/fixtures - cp -v testing-ca.der $(TRUST)/input/anchors - cp -v testing-server.der $(TRUST)/fixtures - -# Rebuild the self-signed certificates. This is almost never necessary and -# will require other changes in the code, mostly here as documentation -build-self-signed: - openssl req -new -x509 -outform DER -out self-signed-with-eku.der \ - -newkey rsa -keyout /dev/null -nodes -subj /CN=self-signed-with-eku.example.com \ - -config with-eku.conf -set_serial 888 -extensions v3_ca - openssl req -new -x509 -outform DER -out self-signed-with-ku.der \ - -newkey rsa -keyout /dev/null -nodes -subj /CN=self-signed-with-ku.example.com \ - -config with-ku.conf -set_serial 888 -extensions v3_ca - openssl req -new -x509 -outform DER -out distant-end-date.der \ - -newkey rsa:512 -keyout /dev/null -nodes -subj /CN=far-in-the-future.example.com \ - -config with-ku.conf -set_serial 999 -extensions v3_ca -days 20000 diff --git a/build/certs/cacert-ca.der b/build/certs/cacert-ca.der deleted file mode 100644 index 719b0ff..0000000 Binary files a/build/certs/cacert-ca.der and /dev/null differ diff --git a/build/certs/cacert3.der b/build/certs/cacert3.der deleted file mode 100644 index 56f8c88..0000000 Binary files a/build/certs/cacert3.der and /dev/null differ diff --git a/build/certs/distant-end-date.der b/build/certs/distant-end-date.der deleted file mode 100644 index 1b3fd47..0000000 Binary files a/build/certs/distant-end-date.der and /dev/null differ diff --git a/build/certs/entrust-invalid.der b/build/certs/entrust-invalid.der deleted file mode 100644 index 7be5c18..0000000 Binary files a/build/certs/entrust-invalid.der and /dev/null differ diff --git a/build/certs/redhat-newca.der b/build/certs/redhat-newca.der deleted file mode 100644 index affae24..0000000 Binary files a/build/certs/redhat-newca.der and /dev/null differ diff --git a/build/certs/self-server.der b/build/certs/self-server.der deleted file mode 100644 index 68fe9af..0000000 Binary files a/build/certs/self-server.der and /dev/null differ diff --git a/build/certs/self-signed-with-eku.der b/build/certs/self-signed-with-eku.der deleted file mode 100644 index 33e0760..0000000 Binary files a/build/certs/self-signed-with-eku.der and /dev/null differ diff --git a/build/certs/self-signed-with-ku.der b/build/certs/self-signed-with-ku.der deleted file mode 100644 index 51bb227..0000000 Binary files a/build/certs/self-signed-with-ku.der and /dev/null differ diff --git a/build/certs/testing-ca.der b/build/certs/testing-ca.der deleted file mode 100644 index d3f70ea..0000000 Binary files a/build/certs/testing-ca.der and /dev/null differ diff --git a/build/certs/testing-server.der b/build/certs/testing-server.der deleted file mode 100644 index cf2de65..0000000 Binary files a/build/certs/testing-server.der and /dev/null differ diff --git a/build/certs/verisign-v1.der b/build/certs/verisign-v1.der deleted file mode 100644 index bcd5ebb..0000000 Binary files a/build/certs/verisign-v1.der and /dev/null differ diff --git a/build/certs/with-eku.conf b/build/certs/with-eku.conf deleted file mode 100644 index 8eab21d..0000000 --- a/build/certs/with-eku.conf +++ /dev/null @@ -1,19 +0,0 @@ -# -# Use with the following command -# $ openssl req -new -x509 -outform DER -out self-signed-with-ku.pem \ -# -newkey rsa -keyout self-signed-with-ku.key -nodes \ -# -config with-ku.conf -set_serial 888 -extensions v3_ca -# - -[ req ] -default_bits = 1024 -distinguished_name = req_distinguished_name -x509_extensions = v3_ca -dirstring_type = nobmp - -[ req_distinguished_name ] -commonName = Common Name -commonName_max = 64 - -[ v3_ca ] -keyUsage=keyCertSign,digitalSignature \ No newline at end of file diff --git a/build/certs/with-ku.conf b/build/certs/with-ku.conf deleted file mode 100644 index aa0acc1..0000000 --- a/build/certs/with-ku.conf +++ /dev/null @@ -1,19 +0,0 @@ -# -# Use with the following command -# $ openssl req -new -x509 -outform DER -out self-signed-with-eku.pem \ -# -newkey rsa -keyout self-signed-with-eku.key -nodes \ -# -config with-eku.conf -set_serial 888 -extensions v3_ca -# - -[ req ] -default_bits = 1024 -distinguished_name = req_distinguished_name -x509_extensions = v3_ca -dirstring_type = nobmp - -[ req_distinguished_name ] -commonName = Common Name -commonName_max = 64 - -[ v3_ca ] -extendedKeyUsage=clientAuth,emailProtection,1.2.3.4 \ No newline at end of file diff --git a/build/gtk-doc.make b/build/gtk-doc.make deleted file mode 100644 index 4709268..0000000 --- a/build/gtk-doc.make +++ /dev/null @@ -1,259 +0,0 @@ -# -*- mode: makefile -*- - -#################################### -# Everything below here is generic # -#################################### - -if GTK_DOC_USE_LIBTOOL -GTKDOC_CC = $(LIBTOOL) --tag=CC --mode=compile $(CC) $(INCLUDES) $(GTKDOC_DEPS_CFLAGS) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -GTKDOC_LD = $(LIBTOOL) --tag=CC --mode=link $(CC) $(GTKDOC_DEPS_LIBS) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -GTKDOC_RUN = $(LIBTOOL) --mode=execute -else -GTKDOC_CC = $(CC) $(INCLUDES) $(GTKDOC_DEPS_CFLAGS) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -GTKDOC_LD = $(CC) $(GTKDOC_DEPS_LIBS) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -GTKDOC_RUN = -endif - -# We set GPATH here; this gives us semantics for GNU make -# which are more like other make's VPATH, when it comes to -# whether a source that is a target of one rule is then -# searched for in VPATH/GPATH. -# -GPATH = $(srcdir) - -TARGET_DIR=$(HTML_DIR)/$(DOC_MODULE) - -SETUP_FILES = \ - $(content_files) \ - $(DOC_MAIN_SGML_FILE) \ - $(DOC_MODULE)-sections.txt \ - $(DOC_MODULE)-overrides.txt \ - style.css - -EXTRA_DIST = \ - $(HTML_IMAGES) \ - $(SETUP_FILES) - -DOC_STAMPS=setup-build.stamp scan-build.stamp sgml-build.stamp \ - html-build.stamp pdf-build.stamp \ - sgml.stamp html.stamp pdf.stamp - -SCANOBJ_FILES = \ - $(DOC_MODULE).args \ - $(DOC_MODULE).hierarchy \ - $(DOC_MODULE).interfaces \ - $(DOC_MODULE).prerequisites \ - $(DOC_MODULE).signals - -REPORT_FILES = \ - $(DOC_MODULE)-undocumented.txt \ - $(DOC_MODULE)-undeclared.txt \ - $(DOC_MODULE)-unused.txt - -CLEANFILES = $(SCANOBJ_FILES) $(REPORT_FILES) $(DOC_STAMPS) - -if ENABLE_GTK_DOC -if GTK_DOC_BUILD_HTML -HTML_BUILD_STAMP=html-build.stamp -else -HTML_BUILD_STAMP= -endif -if GTK_DOC_BUILD_PDF -PDF_BUILD_STAMP=pdf-build.stamp -else -PDF_BUILD_STAMP= -endif - -all-local: $(HTML_BUILD_STAMP) $(PDF_BUILD_STAMP) -else -all-local: -endif - -docs: $(HTML_BUILD_STAMP) $(PDF_BUILD_STAMP) - -$(REPORT_FILES): sgml-build.stamp - -#### setup #### - -setup-build.stamp: - -@if test "$(abs_srcdir)" != "$(abs_builddir)" ; then \ - echo ' DOC Preparing build'; \ - files=`echo $(SETUP_FILES) $(expand_content_files) $(DOC_MODULE).types`; \ - if test "x$$files" != "x" ; then \ - for file in $$files ; do \ - test -f $(abs_srcdir)/$$file && \ - cp -pu $(abs_srcdir)/$$file $(abs_builddir)/ || true; \ - done; \ - fi; \ - fi - @touch setup-build.stamp - - -#### scan #### - -scan-build.stamp: $(HFILE_GLOB) $(CFILE_GLOB) - @echo ' DOC Scanning header files' - @_source_dir='' ; \ - for i in $(DOC_SOURCE_DIR) ; do \ - _source_dir="$${_source_dir} --source-dir=$$i" ; \ - done ; \ - gtkdoc-scan --module=$(DOC_MODULE) --ignore-headers="$(IGNORE_HFILES)" $${_source_dir} $(SCAN_OPTIONS) $(EXTRA_HFILES) - @if grep -l '^..*$$' $(DOC_MODULE).types > /dev/null 2>&1 ; then \ - echo " DOC Introspecting gobjects"; \ - scanobj_options=""; \ - gtkdoc-scangobj 2>&1 --help | grep >/dev/null "\-\-verbose"; \ - if test "$(?)" = "0"; then \ - if test "x$(V)" = "x1"; then \ - scanobj_options="--verbose"; \ - fi; \ - fi; \ - CC="$(GTKDOC_CC)" LD="$(GTKDOC_LD)" RUN="$(GTKDOC_RUN)" CFLAGS="$(GTKDOC_CFLAGS) $(CFLAGS)" LDFLAGS="$(GTKDOC_LIBS) $(LDFLAGS)" \ - gtkdoc-scangobj $(SCANGOBJ_OPTIONS) $$scanobj_options --module=$(DOC_MODULE); \ - else \ - for i in $(SCANOBJ_FILES) ; do \ - test -f $$i || touch $$i ; \ - done \ - fi - @touch scan-build.stamp - -$(DOC_MODULE)-decl.txt $(SCANOBJ_FILES): scan-build.stamp - @true - -#### xml #### - -sgml-build.stamp: setup-build.stamp $(DOC_MODULE)-decl.txt $(SCANOBJ_FILES) $(DOC_MODULE)-sections.txt $(DOC_MODULE)-overrides.txt $(expand_content_files) - @echo ' DOC Building XML' - @_source_dir='' ; \ - for i in $(DOC_SOURCE_DIR) ; do \ - _source_dir="$${_source_dir} --source-dir=$$i" ; \ - done ; \ - gtkdoc-mkdb --module=$(DOC_MODULE) --output-format=xml --expand-content-files="$(expand_content_files)" --main-sgml-file=$(DOC_MAIN_SGML_FILE) $${_source_dir} $(MKDB_OPTIONS) - @touch sgml-build.stamp - -sgml.stamp: sgml-build.stamp - @true - -#### html #### - -html-build.stamp: sgml.stamp $(DOC_MAIN_SGML_FILE) $(content_files) $(srcdir)/style.css - @echo ' DOC Building HTML' - @rm -rf html - @mkdir html - @mkhtml_options=""; \ - gtkdoc-mkhtml 2>&1 --help | grep >/dev/null "\-\-verbose"; \ - if test "$(?)" = "0"; then \ - if test "x$(V)" = "x1"; then \ - mkhtml_options="$$mkhtml_options --verbose"; \ - fi; \ - fi; \ - gtkdoc-mkhtml 2>&1 --help | grep >/dev/null "\-\-path"; \ - if test "$(?)" = "0"; then \ - mkhtml_options="$$mkhtml_options --path=\"$(abs_srcdir)\""; \ - fi; \ - cd html && gtkdoc-mkhtml $$mkhtml_options $(MKHTML_OPTIONS) $(DOC_MODULE) ../$(DOC_MAIN_SGML_FILE) - -@test "x$(HTML_IMAGES)" = "x" || \ - for file in $(HTML_IMAGES) ; do \ - if test -f $(abs_srcdir)/$$file ; then \ - cp $(abs_srcdir)/$$file $(abs_builddir)/html; \ - fi; \ - if test -f $(abs_builddir)/$$file ; then \ - cp $(abs_builddir)/$$file $(abs_builddir)/html; \ - fi; \ - done; - @echo ' DOC Fixing cross-references' - @gtkdoc-fixxref --module=$(DOC_MODULE) --module-dir=html --html-dir=$(HTML_DIR) $(FIXXREF_OPTIONS) - @mv $(builddir)/html/style.css $(builddir)/html/gtk-doc.css - @cp $(srcdir)/style.css $(builddir)/html/style.css - @touch html-build.stamp - -#### pdf #### - -pdf-build.stamp: sgml.stamp $(DOC_MAIN_SGML_FILE) $(content_files) - @echo ' DOC Building PDF' - @rm -f $(DOC_MODULE).pdf - @mkpdf_options=""; \ - gtkdoc-mkpdf 2>&1 --help | grep >/dev/null "\-\-verbose"; \ - if test "$(?)" = "0"; then \ - if test "x$(V)" = "x1"; then \ - mkpdf_options="$$mkpdf_options --verbose"; \ - fi; \ - fi; \ - if test "x$(HTML_IMAGES)" != "x"; then \ - for img in $(HTML_IMAGES); do \ - part=`dirname $$img`; \ - echo $$mkpdf_options | grep >/dev/null "\-\-imgdir=$$part "; \ - if test $$? != 0; then \ - mkpdf_options="$$mkpdf_options --imgdir=$$part"; \ - fi; \ - done; \ - fi; \ - gtkdoc-mkpdf --path="$(abs_srcdir)" $$mkpdf_options $(DOC_MODULE) $(DOC_MAIN_SGML_FILE) $(MKPDF_OPTIONS) - @touch pdf-build.stamp - -############## - -clean-local: - @rm -f *~ *.bak - @rm -rf .libs - -distclean-local: - @rm -rf xml html $(REPORT_FILES) $(DOC_MODULE).pdf \ - $(DOC_MODULE)-decl-list.txt $(DOC_MODULE)-decl.txt - @if test "$(abs_srcdir)" != "$(abs_builddir)" ; then \ - rm -f $(SETUP_FILES) $(expand_content_files) $(DOC_MODULE).types; \ - fi - -maintainer-clean-local: clean - @rm -rf xml html - -install-data-local: - @installfiles=`echo $(builddir)/html/*`; \ - if test "$$installfiles" = '$(builddir)/html/*'; \ - then echo 1>&2 'Nothing to install' ; \ - else \ - if test -n "$(DOC_MODULE_VERSION)"; then \ - installdir="$(DESTDIR)$(TARGET_DIR)-$(DOC_MODULE_VERSION)"; \ - else \ - installdir="$(DESTDIR)$(TARGET_DIR)"; \ - fi; \ - $(mkinstalldirs) $${installdir} ; \ - for i in $$installfiles; do \ - echo ' $(INSTALL_DATA) '$$i ; \ - $(INSTALL_DATA) $$i $${installdir}; \ - done; \ - if test -n "$(DOC_MODULE_VERSION)"; then \ - mv -f $${installdir}/$(DOC_MODULE).devhelp2 \ - $${installdir}/$(DOC_MODULE)-$(DOC_MODULE_VERSION).devhelp2; \ - fi; \ - $(GTKDOC_REBASE) --relative --dest-dir=$(DESTDIR) --html-dir=$${installdir}; \ - fi - -uninstall-local: - @if test -n "$(DOC_MODULE_VERSION)"; then \ - installdir="$(DESTDIR)$(TARGET_DIR)-$(DOC_MODULE_VERSION)"; \ - else \ - installdir="$(DESTDIR)$(TARGET_DIR)"; \ - fi; \ - rm -rf $${installdir} - -# -# Require gtk-doc when making dist -# -if ENABLE_GTK_DOC -dist-check-gtkdoc: -else -dist-check-gtkdoc: - @echo "*** gtk-doc must be installed and --enable-doc in order to make dist" - @false -endif - -dist-hook: dist-check-gtkdoc dist-hook-local - @mkdir $(distdir)/html - @cp ./html/* $(distdir)/html - @-cp ./$(DOC_MODULE).pdf $(distdir)/ - @-cp ./$(DOC_MODULE).types $(distdir)/ - @-cp ./$(DOC_MODULE)-sections.txt $(distdir)/ - @cd $(distdir) && rm -f $(DISTCLEANFILES) - @$(GTKDOC_REBASE) --online --relative --html-dir=$(distdir)/html - -.PHONY : dist-hook-local docs diff --git a/build/litter/.empty b/build/litter/.empty deleted file mode 100644 index be533a1..0000000 --- a/build/litter/.empty +++ /dev/null @@ -1 +0,0 @@ -Stub file to track in git diff --git a/build/m4/.empty b/build/m4/.empty deleted file mode 100644 index be533a1..0000000 --- a/build/m4/.empty +++ /dev/null @@ -1 +0,0 @@ -Stub file to track in git diff --git a/build/tx-update b/build/tx-update deleted file mode 100644 index 5d61335..0000000 --- a/build/tx-update +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/sh - -set -euf - -TX_PROJECT="p11-kit" -TX_HOST="https://www.transifex.com" -TX_RESOURCE="$TX_PROJECT.master" - -fail() -{ - echo "tx-update: $@" >&2 - exit 2 -} - -tx_langs() -( - cd .tx/$TX_RESOURCE - ls | sed 's/_translation//' -) - -lingua_langs() -{ - cat po/LINGUAS | while read lang extra; do - case $lang in \ - \#*) ;; - en) ;; - *) echo -n "$lang " - esac - done -} - -if [ ! -d po ]; then - fail "run this script in the top level project directory" -fi - -if [ ! -d .tx ]; then - tx init --host=$TX_HOST - tx set --source -r $TX_RESOURCE -l en po/$TX_PROJECT.pot -fi - -# Push source to server -tx push -s - -# Pull from the server -tx pull -a - -pull_again="no" - -# Update LINGUAS -for lang in $(tx_langs); do - if ! grep -qw $lang po/LINGUAS; then - echo $lang >> po/LINGUAS - pull_again="yes" - fi -done - -# Setup associations -for lang in $(lingua_langs); do - tx set -r $TX_RESOURCE -l $lang po/$lang.po - pull_again="yes" -done - -# Pull and get all translations -if [ "$pull_again" = "yes" ]; then - tx pull -fi diff --git a/common/Makefile.am b/common/Makefile.am deleted file mode 100644 index b053ec0..0000000 --- a/common/Makefile.am +++ /dev/null @@ -1,111 +0,0 @@ - -inc_HEADERS += \ - common/pkcs11.h \ - common/pkcs11x.h \ - $(NULL) - -noinst_LTLIBRARIES += \ - libp11-common.la \ - libp11-library.la \ - libp11-test.la \ - libp11-tool.la \ - $(NULL) - -libp11_common_la_SOURCES = \ - common/argv.c common/argv.h \ - common/attrs.c common/attrs.h \ - common/array.c common/array.h \ - common/buffer.c common/buffer.h \ - common/compat.c common/compat.h \ - common/constants.c common/constants.h \ - common/debug.c common/debug.h \ - common/dict.c common/dict.h \ - common/hash.c common/hash.h \ - common/lexer.c common/lexer.h \ - common/message.c common/message.h \ - common/path.c common/path.h \ - common/pkcs11.h common/pkcs11x.h common/pkcs11i.h \ - common/url.c common/url.h \ - $(NULL) - -libp11_library_la_SOURCES = \ - common/library.c common/library.h \ - $(NULL) - -libp11_test_la_SOURCES = \ - common/mock.c common/mock.h \ - common/test.c common/test.h \ - $(NULL) - -libp11_tool_la_SOURCES = \ - common/tool.c common/tool.h \ - $(NULL) - -# Tests ---------------------------------------------------------------- - -common_LIBS = \ - libp11-test.la \ - libp11-common.la \ - $(NULL) - -CHECK_PROGS += \ - test-tests \ - test-compat \ - test-hash \ - test-dict \ - test-array \ - test-constants \ - test-attrs \ - test-buffer \ - test-url \ - test-path \ - test-lexer \ - test-message \ - $(NULL) - -test_array_SOURCES = common/test-array.c -test_array_LDADD = $(common_LIBS) - -test_attrs_SOURCES = common/test-attrs.c -test_attrs_LDADD = $(common_LIBS) - -test_buffer_SOURCES = common/test-buffer.c -test_buffer_LDADD = $(common_LIBS) - -test_compat_SOURCES = common/test-compat.c -test_compat_LDADD = $(common_LIBS) - -test_constants_SOURCES = common/test-constants.c -test_constants_LDADD = $(common_LIBS) - -test_dict_SOURCES = common/test-dict.c -test_dict_LDADD = $(common_LIBS) - -test_hash_SOURCES = common/test-hash.c -test_hash_LDADD = $(common_LIBS) - -test_lexer_SOURCES = common/test-lexer.c -test_lexer_LDADD = $(common_LIBS) - -test_message_SOURCES = common/test-message.c -test_message_LDADD = $(common_LIBS) - -test_path_SOURCES = common/test-path.c -test_path_LDADD = $(common_LIBS) - -test_tests_SOURCES = common/test-tests.c -test_tests_LDADD = $(common_LIBS) - -test_url_SOURCES = common/test-url.c -test_url_LDADD = $(common_LIBS) - -noinst_PROGRAMS += \ - frob-getauxval \ - frob-getenv \ - $(NULL) - -frob_getauxval_SOURCES = common/frob-getauxval.c -frob_getauxval_LDADD = $(common_LIBS) - -frob_getenv_SOURCES = common/frob-getenv.c -frob_getenv_LDADD = $(common_LIBS) diff --git a/common/argv.c b/common/argv.c deleted file mode 100644 index 6d91bfa..0000000 --- a/common/argv.c +++ /dev/null @@ -1,115 +0,0 @@ -/* - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "argv.h" -#include "debug.h" - -#include -#include -#include - -bool -p11_argv_parse (const char *string, - void (*sink) (char *, void *), - void *argument) -{ - char quote = '\0'; - char *src, *dup, *at, *arg; - bool ret = true; - - return_val_if_fail (string != NULL, false); - return_val_if_fail (sink != NULL, false); - - src = dup = strdup (string); - return_val_if_fail (dup != NULL, false); - - arg = at = src; - for (src = dup; *src; src++) { - - /* Matching quote */ - if (quote == *src) { - quote = '\0'; - - /* Inside of quotes */ - } else if (quote != '\0') { - if (*src == '\\') { - *at++ = *src++; - if (!*src) { - ret = false; - goto done; - } - if (*src != quote) - *at++ = '\\'; - } - *at++ = *src; - - /* Space, not inside of quotes */ - } else if (isspace (*src)) { - *at = 0; - sink (arg, argument); - arg = at; - - /* Other character outside of quotes */ - } else { - switch (*src) { - case '\'': - case '"': - quote = *src; - break; - case '\\': - *at++ = *src++; - if (!*src) { - ret = false; - goto done; - } - /* fall through */ - default: - *at++ = *src; - break; - } - } - } - - - if (at != arg) { - *at = 0; - sink (arg, argument); - } - -done: - free (dup); - return ret; -} diff --git a/common/argv.h b/common/argv.h deleted file mode 100644 index 8f95490..0000000 --- a/common/argv.h +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef P11_ARGV_H_ -#define P11_ARGV_H_ - -#include "compat.h" - -bool p11_argv_parse (const char *string, - void (*sink) (char *, void *), - void *argument); - -#endif /* P11_ARGV_H_ */ diff --git a/common/array.c b/common/array.c deleted file mode 100644 index 185ea2f..0000000 --- a/common/array.c +++ /dev/null @@ -1,129 +0,0 @@ -/* - * Copyright (c) 2011 Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - */ - -#include "config.h" - -#include "array.h" -#include "debug.h" - -#include -#include - -static bool -maybe_expand_array (p11_array *array, - unsigned int length) -{ - unsigned int new_allocated; - void **new_memory; - - if (length <= array->allocated) - return true; - - - new_allocated = array->allocated * 2; - if (new_allocated == 0) - new_allocated = 16; - if (new_allocated < length) - new_allocated = length; - - new_memory = realloc (array->elem, new_allocated * sizeof (void*)); - return_val_if_fail (new_memory != NULL, false); - - array->elem = new_memory; - array->allocated = new_allocated; - return true; -} - -p11_array * -p11_array_new (p11_destroyer destroyer) -{ - p11_array *array; - - array = calloc (1, sizeof (p11_array)); - if (array == NULL) - return NULL; - - if (!maybe_expand_array (array, 2)) { - p11_array_free (array); - return NULL; - } - - array->destroyer = destroyer; - return array; -} - -void -p11_array_free (p11_array *array) -{ - if (array == NULL) - return; - - p11_array_clear (array); - free (array->elem); - free (array); -} - -bool -p11_array_push (p11_array *array, - void *value) -{ - if (!maybe_expand_array (array, array->num + 1)) - return_val_if_reached (false); - - array->elem[array->num] = value; - array->num++; - return true; -} - -void -p11_array_remove (p11_array *array, - unsigned int index) -{ - if (array->destroyer) - (array->destroyer) (array->elem[index]); - memmove (array->elem + index, array->elem + index + 1, - (array->num - (index + 1)) * sizeof (void*)); - array->num--; -} - -void -p11_array_clear (p11_array *array) -{ - unsigned int i; - - if (array->destroyer) { - for (i = 0; i < array->num; i++) - (array->destroyer) (array->elem[i]); - } - - array->num = 0; -} diff --git a/common/array.h b/common/array.h deleted file mode 100644 index 94be29c..0000000 --- a/common/array.h +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright (c) 2011 Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Waler - */ - -#ifndef __P11_ARRAY_H__ -#define __P11_ARRAY_H__ - -#include "compat.h" - -#ifndef P11_DESTROYER_DEFINED -#define P11_DESTROYER_DEFINED - -typedef void (*p11_destroyer) (void *data); - -#endif - -typedef struct _p11_array { - void **elem; - unsigned int num; - - /* private */ - unsigned int allocated; - p11_destroyer destroyer; -} p11_array; - -p11_array * p11_array_new (p11_destroyer destroyer); - -void p11_array_free (p11_array *array); - -bool p11_array_push (p11_array *array, - void *value); - -void p11_array_remove (p11_array *array, - unsigned int index); - -void p11_array_clear (p11_array *array); - -#endif /* __P11_ARRAY_H__ */ diff --git a/common/attrs.c b/common/attrs.c deleted file mode 100644 index 5a138a8..0000000 --- a/common/attrs.c +++ /dev/null @@ -1,903 +0,0 @@ -/* - * Copyright (C) 2012, Redhat Inc. - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "attrs.h" -#include "buffer.h" -#include "compat.h" -#include "constants.h" -#include "debug.h" -#include "hash.h" -#include "pkcs11.h" -#include "pkcs11i.h" -#include "pkcs11x.h" - -#include -#include -#include -#include -#include -#include - -#define ELEMS(x) (sizeof (x) / sizeof (x[0])) - -bool -p11_attrs_terminator (const CK_ATTRIBUTE *attrs) -{ - return (attrs == NULL || attrs->type == CKA_INVALID); -} - -CK_ULONG -p11_attrs_count (const CK_ATTRIBUTE *attrs) -{ - CK_ULONG count; - - if (attrs == NULL) - return 0UL; - - for (count = 0; !p11_attrs_terminator (attrs); count++, attrs++); - - return count; -} - -void -p11_attrs_free (void *attrs) -{ - CK_ATTRIBUTE *ats = attrs; - int i; - - if (!attrs) - return; - - for (i = 0; !p11_attrs_terminator (ats + i); i++) - free (ats[i].pValue); - free (ats); -} - -static CK_ATTRIBUTE * -attrs_build (CK_ATTRIBUTE *attrs, - CK_ULONG count_to_add, - bool take_values, - bool override, - CK_ATTRIBUTE * (*generator) (void *), - void *state) -{ - CK_ATTRIBUTE *attr; - CK_ATTRIBUTE *add; - CK_ULONG current; - CK_ULONG at; - CK_ULONG j; - CK_ULONG i; - - /* How many attributes we already have */ - current = p11_attrs_count (attrs); - - /* Reallocate for how many we need */ - attrs = realloc (attrs, (current + count_to_add + 1) * sizeof (CK_ATTRIBUTE)); - return_val_if_fail (attrs != NULL, NULL); - - at = current; - for (i = 0; i < count_to_add; i++) { - add = (generator) (state); - - /* Skip with invalid type */ - if (!add || add->type == CKA_INVALID) - continue; - - attr = NULL; - - /* Do we have this attribute? */ - for (j = 0; attr == NULL && j < current; j++) { - if (attrs[j].type == add->type) { - attr = attrs + j; - break; - } - } - - /* The attribute doesn't exist */ - if (attr == NULL) { - attr = attrs + at; - at++; - - /* The attribute exists and we're not overriding */ - } else if (!override) { - if (take_values) - free (add->pValue); - continue; - - /* The attribute exitss, and we're overriding */ - } else { - free (attr->pValue); - } - - memcpy (attr, add, sizeof (CK_ATTRIBUTE)); - if (!take_values && attr->pValue != NULL) { - if (attr->ulValueLen == 0) - attr->pValue = malloc (1); - else - attr->pValue = memdup (attr->pValue, attr->ulValueLen); - return_val_if_fail (attr->pValue != NULL, NULL); - } - } - - /* Mark this as the end */ - (attrs + at)->type = CKA_INVALID; - assert (p11_attrs_terminator (attrs + at)); - return attrs; -} - -static CK_ATTRIBUTE * -vararg_generator (void *state) -{ - va_list *va = state; - return va_arg (*va, CK_ATTRIBUTE *); -} - -CK_ATTRIBUTE * -p11_attrs_build (CK_ATTRIBUTE *attrs, - ...) -{ - CK_ULONG count; - va_list va; - - count = 0UL; - va_start (va, attrs); - while (va_arg (va, CK_ATTRIBUTE *)) - count++; - va_end (va); - - va_start (va, attrs); - attrs = attrs_build (attrs, count, false, true, - vararg_generator, &va); - va_end (va); - - return attrs; -} - -static CK_ATTRIBUTE * -template_generator (void *state) -{ - CK_ATTRIBUTE **template = state; - return (*template)++; -} - -CK_ATTRIBUTE * -p11_attrs_buildn (CK_ATTRIBUTE *attrs, - const CK_ATTRIBUTE *add, - CK_ULONG count) -{ - return attrs_build (attrs, count, false, true, - template_generator, &add); -} - -CK_ATTRIBUTE * -p11_attrs_take (CK_ATTRIBUTE *attrs, - CK_ATTRIBUTE_TYPE type, - CK_VOID_PTR value, - CK_ULONG length) -{ - CK_ATTRIBUTE attr = { type, value, length }; - CK_ATTRIBUTE *add = &attr; - return attrs_build (attrs, 1, true, true, - template_generator, &add); -} - -CK_ATTRIBUTE * -p11_attrs_merge (CK_ATTRIBUTE *attrs, - CK_ATTRIBUTE *merge, - bool replace) -{ - CK_ATTRIBUTE *ptr; - CK_ULONG count; - - if (attrs == NULL) - return merge; - - ptr = merge; - count = p11_attrs_count (merge); - - attrs = attrs_build (attrs, count, true, replace, - template_generator, &ptr); - - /* - * Since we're supposed to own the merge attributes, - * free the container array. - */ - free (merge); - - return attrs; -} - -CK_ATTRIBUTE * -p11_attrs_dup (const CK_ATTRIBUTE *attrs) -{ - CK_ULONG count; - - count = p11_attrs_count (attrs); - return p11_attrs_buildn (NULL, attrs, count); -} - -CK_ATTRIBUTE * -p11_attrs_find (CK_ATTRIBUTE *attrs, - CK_ATTRIBUTE_TYPE type) -{ - CK_ULONG i; - - for (i = 0; !p11_attrs_terminator (attrs + i); i++) { - if (attrs[i].type == type) - return attrs + i; - } - - return NULL; -} - -CK_ATTRIBUTE * -p11_attrs_findn (CK_ATTRIBUTE *attrs, - CK_ULONG count, - CK_ATTRIBUTE_TYPE type) -{ - CK_ULONG i; - - for (i = 0; i < count; i++) { - if (attrs[i].type == type) - return attrs + i; - } - - return NULL; -} - -bool -p11_attrs_find_bool (const CK_ATTRIBUTE *attrs, - CK_ATTRIBUTE_TYPE type, - CK_BBOOL *value) -{ - CK_ULONG i; - - for (i = 0; !p11_attrs_terminator (attrs + i); i++) { - if (attrs[i].type == type && - attrs[i].ulValueLen == sizeof (CK_BBOOL) && - attrs[i].pValue != NULL) { - *value = *((CK_BBOOL *)attrs[i].pValue); - return true; - } - } - - return false; -} - -bool -p11_attrs_findn_bool (const CK_ATTRIBUTE *attrs, - CK_ULONG count, - CK_ATTRIBUTE_TYPE type, - CK_BBOOL *value) -{ - CK_ULONG i; - - for (i = 0; i < count; i++) { - if (attrs[i].type == type && - attrs[i].ulValueLen == sizeof (CK_BBOOL) && - attrs[i].pValue != NULL) { - *value = *((CK_BBOOL *)attrs[i].pValue); - return true; - } - } - - return false; -} - -bool -p11_attrs_find_ulong (const CK_ATTRIBUTE *attrs, - CK_ATTRIBUTE_TYPE type, - CK_ULONG *value) -{ - CK_ULONG i; - - for (i = 0; !p11_attrs_terminator (attrs + i); i++) { - if (attrs[i].type == type && - attrs[i].ulValueLen == sizeof (CK_ULONG) && - attrs[i].pValue != NULL) { - *value = *((CK_ULONG *)attrs[i].pValue); - return true; - } - } - - return false; -} - -bool -p11_attrs_findn_ulong (const CK_ATTRIBUTE *attrs, - CK_ULONG count, - CK_ATTRIBUTE_TYPE type, - CK_ULONG *value) -{ - CK_ULONG i; - - for (i = 0; i < count; i++) { - if (attrs[i].type == type && - attrs[i].ulValueLen == sizeof (CK_ULONG) && - attrs[i].pValue != NULL) { - *value = *((CK_ULONG *)attrs[i].pValue); - return true; - } - } - - return false; -} - -void * -p11_attrs_find_value (CK_ATTRIBUTE *attrs, - CK_ATTRIBUTE_TYPE type, - size_t *length) -{ - CK_ULONG i; - - for (i = 0; !p11_attrs_terminator (attrs + i); i++) { - if (attrs[i].type == type && - attrs[i].ulValueLen != 0 && - attrs[i].ulValueLen != (CK_ULONG)-1 && - attrs[i].pValue != NULL) { - if (length) - *length = attrs[i].ulValueLen; - return attrs[i].pValue; - } - } - - return NULL; -} - -CK_ATTRIBUTE * -p11_attrs_find_valid (CK_ATTRIBUTE *attrs, - CK_ATTRIBUTE_TYPE type) -{ - CK_ULONG i; - - for (i = 0; !p11_attrs_terminator (attrs + i); i++) { - if (attrs[i].type == type && - attrs[i].pValue != NULL && - attrs[i].ulValueLen != 0 && - attrs[i].ulValueLen != (CK_ULONG)-1) - return attrs + i; - } - - return NULL; -} - -bool -p11_attrs_remove (CK_ATTRIBUTE *attrs, - CK_ATTRIBUTE_TYPE type) -{ - CK_ULONG count; - CK_ULONG i; - - count = p11_attrs_count (attrs); - for (i = 0; i < count; i++) { - if (attrs[i].type == type) - break; - } - - if (i == count) - return false; - - if (attrs[i].pValue) - free (attrs[i].pValue); - - memmove (attrs + i, attrs + i + 1, (count - (i + 1)) * sizeof (CK_ATTRIBUTE)); - attrs[count - 1].type = CKA_INVALID; - return true; -} - -void -p11_attrs_purge (CK_ATTRIBUTE *attrs) -{ - int in, out; - - for (in = 0, out = 0; !p11_attrs_terminator (attrs + in); in++) { - if (attrs[in].ulValueLen == (CK_ULONG)-1) { - free (attrs[in].pValue); - attrs[in].pValue = NULL; - attrs[in].ulValueLen = 0; - } else { - if (in != out) - memcpy (attrs + out, attrs + in, sizeof (CK_ATTRIBUTE)); - out++; - } - } - - attrs[out].type = CKA_INVALID; - assert (p11_attrs_terminator (attrs + out)); - -} - -bool -p11_attrs_match (const CK_ATTRIBUTE *attrs, - const CK_ATTRIBUTE *match) -{ - CK_ATTRIBUTE *attr; - - for (; !p11_attrs_terminator (match); match++) { - attr = p11_attrs_find ((CK_ATTRIBUTE *)attrs, match->type); - if (!attr) - return false; - if (!p11_attr_equal (attr, match)) - return false; - } - - return true; -} - -bool -p11_attrs_matchn (const CK_ATTRIBUTE *attrs, - const CK_ATTRIBUTE *match, - CK_ULONG count) -{ - CK_ATTRIBUTE *attr; - CK_ULONG i; - - for (i = 0; i < count; i++) { - attr = p11_attrs_find ((CK_ATTRIBUTE *)attrs, match[i].type); - if (!attr) - return false; - if (!p11_attr_equal (attr, match + i)) - return false; - } - - return true; - -} - - -bool -p11_attr_match_value (const CK_ATTRIBUTE *attr, - const void *value, - ssize_t length) -{ - if (length < 0) - length = strlen (value); - return (attr != NULL && - attr->ulValueLen == length && - (attr->pValue == value || - (attr->pValue && value && - memcmp (attr->pValue, value, attr->ulValueLen) == 0))); -} - -bool -p11_attr_equal (const void *v1, - const void *v2) -{ - const CK_ATTRIBUTE *one = v1; - const CK_ATTRIBUTE *two = v2; - - return (one == two || - (one && two && one->type == two->type && - p11_attr_match_value (one, two->pValue, two->ulValueLen))); -} - -unsigned int -p11_attr_hash (const void *data) -{ - const CK_ATTRIBUTE *attr = data; - uint32_t hash = 0; - - if (attr != NULL) { - p11_hash_murmur3 (&hash, - &attr->type, sizeof (attr->type), - attr->pValue, (size_t)attr->ulValueLen, - NULL); - } - - return hash; -} - -static void -buffer_append_printf (p11_buffer *buffer, - const char *format, - ...) GNUC_PRINTF(2, 3); - -static void -buffer_append_printf (p11_buffer *buffer, - const char *format, - ...) -{ - char *string; - va_list va; - - va_start (va, format); - if (vasprintf (&string, format, va) < 0) - return_if_reached (); - va_end (va); - - p11_buffer_add (buffer, string, -1); - free (string); -} - -static bool -attribute_is_ulong_of_type (const CK_ATTRIBUTE *attr, - CK_ULONG type) -{ - if (attr->type != type) - return false; - if (attr->ulValueLen != sizeof (CK_ULONG)) - return false; - if (!attr->pValue) - return false; - return true; -} - -static bool -attribute_is_trust_value (const CK_ATTRIBUTE *attr) -{ - switch (attr->type) { - case CKA_TRUST_DIGITAL_SIGNATURE: - case CKA_TRUST_NON_REPUDIATION: - case CKA_TRUST_KEY_ENCIPHERMENT: - case CKA_TRUST_DATA_ENCIPHERMENT: - case CKA_TRUST_KEY_AGREEMENT: - case CKA_TRUST_KEY_CERT_SIGN: - case CKA_TRUST_CRL_SIGN: - case CKA_TRUST_SERVER_AUTH: - case CKA_TRUST_CLIENT_AUTH: - case CKA_TRUST_CODE_SIGNING: - case CKA_TRUST_EMAIL_PROTECTION: - case CKA_TRUST_IPSEC_END_SYSTEM: - case CKA_TRUST_IPSEC_TUNNEL: - case CKA_TRUST_IPSEC_USER: - case CKA_TRUST_TIME_STAMPING: - break; - default: - return false; - } - - return attribute_is_ulong_of_type (attr, attr->type); -} - -static bool -attribute_is_sensitive (const CK_ATTRIBUTE *attr, - CK_OBJECT_CLASS klass) -{ - /* - * Don't print any just attribute, since they may contain - * sensitive data - */ - - switch (attr->type) { - #define X(x) case x: return false; - X (CKA_CLASS) - X (CKA_TOKEN) - X (CKA_PRIVATE) - X (CKA_LABEL) - X (CKA_APPLICATION) - X (CKA_OBJECT_ID) - X (CKA_CERTIFICATE_TYPE) - X (CKA_ISSUER) - X (CKA_SERIAL_NUMBER) - X (CKA_AC_ISSUER) - X (CKA_OWNER) - X (CKA_ATTR_TYPES) - X (CKA_TRUSTED) - X (CKA_CERTIFICATE_CATEGORY) - X (CKA_JAVA_MIDP_SECURITY_DOMAIN) - X (CKA_URL) - X (CKA_HASH_OF_SUBJECT_PUBLIC_KEY) - X (CKA_HASH_OF_ISSUER_PUBLIC_KEY) - X (CKA_CHECK_VALUE) - X (CKA_KEY_TYPE) - X (CKA_SUBJECT) - X (CKA_ID) - X (CKA_SENSITIVE) - X (CKA_ENCRYPT) - X (CKA_DECRYPT) - X (CKA_WRAP) - X (CKA_UNWRAP) - X (CKA_SIGN) - X (CKA_SIGN_RECOVER) - X (CKA_VERIFY) - X (CKA_VERIFY_RECOVER) - X (CKA_DERIVE) - X (CKA_START_DATE) - X (CKA_END_DATE) - X (CKA_MODULUS_BITS) - X (CKA_PRIME_BITS) - /* X (CKA_SUBPRIME_BITS) */ - /* X (CKA_SUB_PRIME_BITS) */ - X (CKA_VALUE_BITS) - X (CKA_VALUE_LEN) - X (CKA_EXTRACTABLE) - X (CKA_LOCAL) - X (CKA_NEVER_EXTRACTABLE) - X (CKA_ALWAYS_SENSITIVE) - X (CKA_KEY_GEN_MECHANISM) - X (CKA_MODIFIABLE) - X (CKA_SECONDARY_AUTH) - X (CKA_AUTH_PIN_FLAGS) - X (CKA_ALWAYS_AUTHENTICATE) - X (CKA_WRAP_WITH_TRUSTED) - X (CKA_WRAP_TEMPLATE) - X (CKA_UNWRAP_TEMPLATE) - X (CKA_HW_FEATURE_TYPE) - X (CKA_RESET_ON_INIT) - X (CKA_HAS_RESET) - X (CKA_PIXEL_X) - X (CKA_PIXEL_Y) - X (CKA_RESOLUTION) - X (CKA_CHAR_ROWS) - X (CKA_CHAR_COLUMNS) - X (CKA_COLOR) - X (CKA_BITS_PER_PIXEL) - X (CKA_CHAR_SETS) - X (CKA_ENCODING_METHODS) - X (CKA_MIME_TYPES) - X (CKA_MECHANISM_TYPE) - X (CKA_REQUIRED_CMS_ATTRIBUTES) - X (CKA_DEFAULT_CMS_ATTRIBUTES) - X (CKA_SUPPORTED_CMS_ATTRIBUTES) - X (CKA_ALLOWED_MECHANISMS) - X (CKA_X_ASSERTION_TYPE) - X (CKA_X_CERTIFICATE_VALUE) - X (CKA_X_PURPOSE) - X (CKA_X_PEER) - X (CKA_X_DISTRUSTED) - X (CKA_X_CRITICAL) - X (CKA_PUBLIC_KEY_INFO) - X (CKA_NSS_URL) - X (CKA_NSS_EMAIL) - X (CKA_NSS_SMIME_INFO) - X (CKA_NSS_SMIME_TIMESTAMP) - X (CKA_NSS_PKCS8_SALT) - X (CKA_NSS_PASSWORD_CHECK) - X (CKA_NSS_EXPIRES) - X (CKA_NSS_KRL) - X (CKA_NSS_PQG_COUNTER) - X (CKA_NSS_PQG_SEED) - X (CKA_NSS_PQG_H) - X (CKA_NSS_PQG_SEED_BITS) - X (CKA_NSS_MODULE_SPEC) - X (CKA_TRUST_DIGITAL_SIGNATURE) - X (CKA_TRUST_NON_REPUDIATION) - X (CKA_TRUST_KEY_ENCIPHERMENT) - X (CKA_TRUST_DATA_ENCIPHERMENT) - X (CKA_TRUST_KEY_AGREEMENT) - X (CKA_TRUST_KEY_CERT_SIGN) - X (CKA_TRUST_CRL_SIGN) - X (CKA_TRUST_SERVER_AUTH) - X (CKA_TRUST_CLIENT_AUTH) - X (CKA_TRUST_CODE_SIGNING) - X (CKA_TRUST_EMAIL_PROTECTION) - X (CKA_TRUST_IPSEC_END_SYSTEM) - X (CKA_TRUST_IPSEC_TUNNEL) - X (CKA_TRUST_IPSEC_USER) - X (CKA_TRUST_TIME_STAMPING) - X (CKA_TRUST_STEP_UP_APPROVED) - X (CKA_CERT_SHA1_HASH) - X (CKA_CERT_MD5_HASH) - case CKA_VALUE: - return (klass != CKO_CERTIFICATE && - klass != CKO_X_CERTIFICATE_EXTENSION); - #undef X - } - - return true; -} - -static void -format_class (p11_buffer *buffer, - CK_OBJECT_CLASS klass) -{ - const char *string = p11_constant_name (p11_constant_classes, klass); - if (string != NULL) - p11_buffer_add (buffer, string, -1); - else - buffer_append_printf (buffer, "0x%08lX", klass); -} - -static void -format_assertion_type (p11_buffer *buffer, - CK_X_ASSERTION_TYPE type) -{ - const char *string = p11_constant_name (p11_constant_asserts, type); - if (string != NULL) - p11_buffer_add (buffer, string, -1); - else - buffer_append_printf (buffer, "0x%08lX", type); -} - -static void -format_key_type (p11_buffer *buffer, - CK_KEY_TYPE type) -{ - const char *string = p11_constant_name (p11_constant_keys, type); - if (string != NULL) - p11_buffer_add (buffer, string, -1); - else - buffer_append_printf (buffer, "0x%08lX", type); -} - -static void -format_certificate_type (p11_buffer *buffer, - CK_CERTIFICATE_TYPE type) -{ - const char *string = p11_constant_name (p11_constant_certs, type); - if (string != NULL) - p11_buffer_add (buffer, string, -1); - else - buffer_append_printf (buffer, "0x%08lX", type); -} - -static void -format_trust_value (p11_buffer *buffer, - CK_TRUST trust) -{ - const char *string = p11_constant_name (p11_constant_trusts, trust); - if (string != NULL) - p11_buffer_add (buffer, string, -1); - else - buffer_append_printf (buffer, "0x%08lX", trust); -} - -static void -format_certificate_category (p11_buffer *buffer, - CK_ULONG category) -{ - const char *string = p11_constant_name (p11_constant_categories, category); - if (string != NULL) - buffer_append_printf (buffer, "%lu (%s)", category, string); - else - buffer_append_printf (buffer, "%lu", category); -} - -static void -format_attribute_type (p11_buffer *buffer, - CK_ULONG type) -{ - const char *string = p11_constant_name (p11_constant_types, type); - if (string != NULL) - p11_buffer_add (buffer, string, -1); - else - buffer_append_printf (buffer, "CKA_0x%08lX", type); -} - -static void -format_some_bytes (p11_buffer *buffer, - void *bytes, - CK_ULONG length) -{ - unsigned char ch; - const unsigned char *data = bytes; - CK_ULONG i; - - if (bytes == NULL) { - p11_buffer_add (buffer, "NULL", -1); - return; - } - - p11_buffer_add (buffer, "\"", 1); - for (i = 0; i < length && i < 128; i++) { - ch = data[i]; - if (ch == '\t') - p11_buffer_add (buffer, "\\t", -1); - else if (ch == '\n') - p11_buffer_add (buffer, "\\n", -1); - else if (ch == '\r') - p11_buffer_add (buffer, "\\r", -1); - else if (ch >= 32 && ch < 127) - p11_buffer_add (buffer, &ch, 1); - else - buffer_append_printf (buffer, "\\x%02x", ch); - } - - if (i < length) - buffer_append_printf (buffer, "..."); - p11_buffer_add (buffer, "\"", 1); -} - -void -p11_attr_format (p11_buffer *buffer, - const CK_ATTRIBUTE *attr, - CK_OBJECT_CLASS klass) -{ - p11_buffer_add (buffer, "{ ", -1); - format_attribute_type (buffer, attr->type); - p11_buffer_add (buffer, " = ", -1); - if (attr->ulValueLen == CKA_INVALID) { - buffer_append_printf (buffer, "(-1) INVALID"); - } else if (attribute_is_ulong_of_type (attr, CKA_CLASS)) { - format_class (buffer, *((CK_OBJECT_CLASS *)attr->pValue)); - } else if (attribute_is_ulong_of_type (attr, CKA_X_ASSERTION_TYPE)) { - format_assertion_type (buffer, *((CK_X_ASSERTION_TYPE *)attr->pValue)); - } else if (attribute_is_ulong_of_type (attr, CKA_CERTIFICATE_TYPE)) { - format_certificate_type (buffer, *((CK_CERTIFICATE_TYPE *)attr->pValue)); - } else if (attribute_is_ulong_of_type (attr, CKA_CERTIFICATE_CATEGORY)) { - format_certificate_category (buffer, *((CK_ULONG *)attr->pValue)); - } else if (attribute_is_ulong_of_type (attr, CKA_KEY_TYPE)) { - format_key_type (buffer, *((CK_KEY_TYPE *)attr->pValue)); - } else if (attribute_is_trust_value (attr)) { - format_trust_value (buffer, *((CK_TRUST *)attr->pValue)); - } else if (attribute_is_sensitive (attr, klass)) { - buffer_append_printf (buffer, "(%lu) NOT-PRINTED", attr->ulValueLen); - } else { - buffer_append_printf (buffer, "(%lu) ", attr->ulValueLen); - format_some_bytes (buffer, attr->pValue, attr->ulValueLen); - } - p11_buffer_add (buffer, " }", -1); -} - -void -p11_attrs_format (p11_buffer *buffer, - const CK_ATTRIBUTE *attrs, - int count) -{ - CK_BBOOL first = CK_TRUE; - CK_OBJECT_CLASS klass; - int i; - - if (count < 0) - count = p11_attrs_count (attrs); - - if (!p11_attrs_findn_ulong (attrs, CKA_CLASS, count, &klass)) - klass = CKA_INVALID; - - buffer_append_printf (buffer, "(%d) [", count); - for (i = 0; i < count; i++) { - if (first) - p11_buffer_add (buffer, " ", 1); - else - p11_buffer_add (buffer, ", ", 2); - first = CK_FALSE; - p11_attr_format (buffer, attrs + i, klass); - } - p11_buffer_add (buffer, " ]", -1); -} - -char * -p11_attrs_to_string (const CK_ATTRIBUTE *attrs, - int count) -{ - p11_buffer buffer; - if (!p11_buffer_init_null (&buffer, 128)) - return_val_if_reached (NULL); - p11_attrs_format (&buffer, attrs, count); - return p11_buffer_steal (&buffer, NULL); -} - -char * -p11_attr_to_string (const CK_ATTRIBUTE *attr, - CK_OBJECT_CLASS klass) -{ - p11_buffer buffer; - if (!p11_buffer_init_null (&buffer, 32)) - return_val_if_reached (NULL); - p11_attr_format (&buffer, attr, klass); - return p11_buffer_steal (&buffer, NULL); -} diff --git a/common/attrs.h b/common/attrs.h deleted file mode 100644 index 2780013..0000000 --- a/common/attrs.h +++ /dev/null @@ -1,136 +0,0 @@ -/* - * Copyright (C) 2012, Redhat Inc. - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef P11_ATTRS_H_ -#define P11_ATTRS_H_ - -#include "buffer.h" -#include "compat.h" -#include "pkcs11.h" - -#define CKA_INVALID ((CK_ULONG)-1) - -CK_ATTRIBUTE * p11_attrs_dup (const CK_ATTRIBUTE *attrs); - -CK_ATTRIBUTE * p11_attrs_build (CK_ATTRIBUTE *attrs, - ...); - -CK_ATTRIBUTE * p11_attrs_buildn (CK_ATTRIBUTE *attrs, - const CK_ATTRIBUTE *add, - CK_ULONG count); - -CK_ATTRIBUTE * p11_attrs_take (CK_ATTRIBUTE *attrs, - CK_ATTRIBUTE_TYPE type, - CK_VOID_PTR value, - CK_ULONG length); - -CK_ATTRIBUTE * p11_attrs_merge (CK_ATTRIBUTE *attrs, - CK_ATTRIBUTE *merge, - bool replace); - -void p11_attrs_purge (CK_ATTRIBUTE *attrs); - -bool p11_attrs_terminator (const CK_ATTRIBUTE *attrs); - -CK_ULONG p11_attrs_count (const CK_ATTRIBUTE *attrs); - -void p11_attrs_free (void *attrs); - -CK_ATTRIBUTE * p11_attrs_find (CK_ATTRIBUTE *attrs, - CK_ATTRIBUTE_TYPE type); - -CK_ATTRIBUTE * p11_attrs_findn (CK_ATTRIBUTE *attrs, - CK_ULONG count, - CK_ATTRIBUTE_TYPE type); - -bool p11_attrs_find_bool (const CK_ATTRIBUTE *attrs, - CK_ATTRIBUTE_TYPE type, - CK_BBOOL *value); - -bool p11_attrs_findn_bool (const CK_ATTRIBUTE *attrs, - CK_ULONG count, - CK_ATTRIBUTE_TYPE type, - CK_BBOOL *value); - -bool p11_attrs_find_ulong (const CK_ATTRIBUTE *attrs, - CK_ATTRIBUTE_TYPE type, - CK_ULONG *value); - -bool p11_attrs_findn_ulong (const CK_ATTRIBUTE *attrs, - CK_ULONG count, - CK_ATTRIBUTE_TYPE type, - CK_ULONG *value); - -void * p11_attrs_find_value (CK_ATTRIBUTE *attrs, - CK_ATTRIBUTE_TYPE type, - size_t *length); - -CK_ATTRIBUTE * p11_attrs_find_valid (CK_ATTRIBUTE *attrs, - CK_ATTRIBUTE_TYPE type); - -bool p11_attrs_remove (CK_ATTRIBUTE *attrs, - CK_ATTRIBUTE_TYPE type); - -bool p11_attrs_match (const CK_ATTRIBUTE *attrs, - const CK_ATTRIBUTE *match); - -bool p11_attrs_matchn (const CK_ATTRIBUTE *attrs, - const CK_ATTRIBUTE *match, - CK_ULONG count); - -char * p11_attrs_to_string (const CK_ATTRIBUTE *attrs, - int count); - -void p11_attrs_format (p11_buffer *buffer, - const CK_ATTRIBUTE *attrs, - int count); - -char * p11_attr_to_string (const CK_ATTRIBUTE *attr, - CK_OBJECT_CLASS klass); - -void p11_attr_format (p11_buffer *buffer, - const CK_ATTRIBUTE *attr, - CK_OBJECT_CLASS klass); - -bool p11_attr_equal (const void *one, - const void *two); - -unsigned int p11_attr_hash (const void *data); - -bool p11_attr_match_value (const CK_ATTRIBUTE *attr, - const void *value, - ssize_t length); - -#endif /* P11_ATTRS_H_ */ diff --git a/common/buffer.c b/common/buffer.c deleted file mode 100644 index f2e2cb8..0000000 --- a/common/buffer.c +++ /dev/null @@ -1,197 +0,0 @@ -/* - * Copyright (C) 2007, 2012 Stefan Walter - * Copyright (C) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "buffer.h" -#include "debug.h" - -#include -#include -#include -#include -#include - -static bool -buffer_realloc (p11_buffer *buffer, - size_t size) -{ - void *data; - - /* Memory owned elsewhere can't be reallocated */ - return_val_if_fail (buffer->frealloc != NULL, false); - - /* Reallocate built in buffer using allocator */ - data = (buffer->frealloc) (buffer->data, size); - if (!data && size > 0) { - p11_buffer_fail (buffer); - return_val_if_reached (false); - } - - buffer->data = data; - buffer->size = size; - return true; -} - -bool -p11_buffer_init (p11_buffer *buffer, - size_t reserve) -{ - p11_buffer_init_full (buffer, NULL, 0, 0, realloc, free); - return buffer_realloc (buffer, reserve); -} - -bool -p11_buffer_init_null (p11_buffer *buffer, - size_t reserve) -{ - p11_buffer_init_full (buffer, NULL, 0, P11_BUFFER_NULL, realloc, free); - return buffer_realloc (buffer, reserve); -} - -void -p11_buffer_init_full (p11_buffer *buffer, - void *data, - size_t len, - int flags, - void * (* frealloc) (void *, size_t), - void (* ffree) (void *)) -{ - memset (buffer, 0, sizeof (*buffer)); - - buffer->data = data; - buffer->len = len; - buffer->size = len; - buffer->flags = flags; - buffer->frealloc = frealloc; - buffer->ffree = ffree; - - return_if_fail (!(flags & P11_BUFFER_FAILED)); -} - -void -p11_buffer_uninit (p11_buffer *buffer) -{ - return_if_fail (buffer != NULL); - - if (buffer->ffree && buffer->data) - (buffer->ffree) (buffer->data); - memset (buffer, 0, sizeof (*buffer)); -} - -void * -p11_buffer_steal (p11_buffer *buffer, - size_t *length) -{ - void *data; - - return_val_if_fail (p11_buffer_ok (buffer), NULL); - - if (length) - *length = buffer->len; - data = buffer->data; - - buffer->data = NULL; - buffer->size = 0; - buffer->len = 0; - return data; -} - -bool -p11_buffer_reset (p11_buffer *buffer, - size_t reserve) -{ - buffer->flags &= ~P11_BUFFER_FAILED; - buffer->len = 0; - - if (reserve < buffer->size) - return true; - return buffer_realloc (buffer, reserve); -} - -void * -p11_buffer_append (p11_buffer *buffer, - size_t length) -{ - unsigned char *data; - size_t terminator; - size_t newlen; - size_t reserve; - - return_val_if_fail (p11_buffer_ok (buffer), NULL); - - terminator = (buffer->flags & P11_BUFFER_NULL) ? 1 : 0; - - /* Check for unlikely and unrecoverable integer overflow */ - return_val_if_fail (SIZE_MAX - (terminator + length) > buffer->len, NULL); - - reserve = terminator + length + buffer->len; - - if (reserve > buffer->size) { - - /* Calculate a new length, minimize number of buffer allocations */ - return_val_if_fail (buffer->size < SIZE_MAX / 2, NULL); - newlen = buffer->size * 2; - if (!newlen) - newlen = 16; - if (reserve > newlen) - newlen = reserve; - - if (!buffer_realloc (buffer, newlen)) - return_val_if_reached (NULL); - } - - data = buffer->data; - data += buffer->len; - buffer->len += length; - if (terminator) - data[length] = '\0'; - return data; -} - -void -p11_buffer_add (p11_buffer *buffer, - const void *data, - ssize_t length) -{ - void *at; - - if (length < 0) - length = strlen (data); - - at = p11_buffer_append (buffer, length); - return_if_fail (at != NULL); - memcpy (at, data, length); -} diff --git a/common/buffer.h b/common/buffer.h deleted file mode 100644 index 6a61083..0000000 --- a/common/buffer.h +++ /dev/null @@ -1,93 +0,0 @@ -/* - * Copyright (C) 2007, 2012 Stefan Walter - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef P11_BUFFER_H_ -#define P11_BUFFER_H_ - -#include "compat.h" - -enum { - P11_BUFFER_FAILED = 1 << 0, - P11_BUFFER_NULL = 1 << 1, -}; - -typedef struct { - void *data; - size_t len; - - int flags; - size_t size; - void * (* frealloc) (void *, size_t); - void (* ffree) (void *); -} p11_buffer; - -bool p11_buffer_init (p11_buffer *buffer, - size_t size); - -bool p11_buffer_init_null (p11_buffer *buffer, - size_t size); - -void p11_buffer_init_full (p11_buffer *buffer, - void *data, - size_t len, - int flags, - void * (* frealloc) (void *, size_t), - void (* ffree) (void *)); - -void p11_buffer_uninit (p11_buffer *buffer); - -void * p11_buffer_steal (p11_buffer *buffer, - size_t *length); - -bool p11_buffer_reset (p11_buffer *buffer, - size_t size); - -void * p11_buffer_append (p11_buffer *buffer, - size_t length); - -void p11_buffer_add (p11_buffer *buffer, - const void *data, - ssize_t length); - -#define p11_buffer_fail(buf) \ - ((buf)->flags |= P11_BUFFER_FAILED) - -#define p11_buffer_ok(buf) \ - (((buf)->flags & P11_BUFFER_FAILED) ? false : true) - -#define p11_buffer_failed(buf) \ - (((buf)->flags & P11_BUFFER_FAILED) ? true : false) - -#endif /* BUFFER_H */ diff --git a/common/compat.c b/common/compat.c deleted file mode 100644 index de5b99b..0000000 --- a/common/compat.c +++ /dev/null @@ -1,924 +0,0 @@ -/* - * Copyright (c) 2011 Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -/* - * This is needed to expose pthread_mutexattr_settype and PTHREAD_MUTEX_DEFAULT - * on older pthreads implementations - */ -#define _XOPEN_SOURCE 700 - -#include "compat.h" - -#include -#include -#include -#include -#include - -/*- - * Portions of this file are covered by the following copyright: - * - * Copyright (c) 2001 Mike Barcroft - * Copyright (c) 1990, 1993 - * Copyright (c) 1987, 1993 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Chris Torek. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifndef HAVE_GETPROGNAME - -#ifdef OS_UNIX - -#include - -#if defined (HAVE_PROGRAM_INVOCATION_SHORT_NAME) && !HAVE_DECL_PROGRAM_INVOCATION_SHORT_NAME -extern char *program_invocation_short_name; -#endif - -#if defined (HAVE___PROGNAME) && !HAVE_DECL___PROGNAME -extern char *__progname; -#endif - -const char * -getprogname (void) -{ - const char *name; - -#if defined (HAVE_GETEXECNAME) - const char *p; - name = getexecname(); - p = strrchr (name ? name : "", '/'); - if (p != NULL) - name = p + 1; -#elif defined (HAVE_PROGRAM_INVOCATION_SHORT_NAME) - name = program_invocation_short_name; -#elif defined (HAVE___PROGNAME) - name = __progname; -#else - #error No way to retrieve short program name -#endif - - return name; -} - -#else /* OS_WIN32 */ - -extern char **__argv; -static char prognamebuf[256]; - -const char * -getprogname (void) -{ - const char *name; - const char *p, *p2; - size_t length; - - name = __argv[0]; - if (name == NULL) - return NULL; - - p = strrchr (name, '\\'); - p2 = strrchr (name, '/'); - if (p2 > p) - p = p2; - if (p != NULL) - name = p + 1; - - length = sizeof (prognamebuf) - 1; - strncpy (prognamebuf, name, length); - prognamebuf[length] = 0; - length = strlen (prognamebuf); - if (length > 4 && _stricmp (prognamebuf + (length - 4), ".exe") == 0) - prognamebuf[length - 4] = '\0'; - - return prognamebuf; -} - -#endif /* OS_WIN32 */ - -#endif /* HAVE_GETPROGNAME */ - -#ifdef OS_UNIX -#include -#include -#include -#include - -void -p11_mutex_init (p11_mutex_t *mutex) -{ - pthread_mutexattr_t attr; - int ret; - - pthread_mutexattr_init (&attr); - pthread_mutexattr_settype (&attr, PTHREAD_MUTEX_DEFAULT); - ret = pthread_mutex_init (mutex, &attr); - assert (ret == 0); - pthread_mutexattr_destroy (&attr); -} - -char * -p11_dl_error (void) -{ - const char *msg = dlerror (); - return msg ? strdup (msg) : NULL; -} - -struct _p11_mmap { - int fd; - void *data; - size_t size; -}; - -p11_mmap * -p11_mmap_open (const char *path, - struct stat *sb, - void **data, - size_t *size) -{ - struct stat stb; - p11_mmap *map; - - map = calloc (1, sizeof (p11_mmap)); - if (map == NULL) - return NULL; - - map->fd = open (path, O_RDONLY | O_CLOEXEC); - if (map->fd == -1) { - free (map); - return NULL; - } - - if (sb == NULL) { - sb = &stb; - if (fstat (map->fd, &stb) < 0) { - close (map->fd); - free (map); - return NULL; - } - } - - /* Workaround for broken ZFS on Linux */ - if (S_ISDIR (sb->st_mode)) { - errno = EISDIR; - close (map->fd); - free (map); - return NULL; - } - - if (sb->st_size == 0) { - *data = ""; - *size = 0; - return map; - } - - map->size = sb->st_size; - map->data = mmap (NULL, map->size, PROT_READ, MAP_PRIVATE, map->fd, 0); - if (map->data == MAP_FAILED) { - close (map->fd); - free (map); - return NULL; - } - - *data = map->data; - *size = map->size; - return map; -} - -void -p11_mmap_close (p11_mmap *map) -{ - if (map->size) - munmap (map->data, map->size); - close (map->fd); - free (map); -} - -#endif /* OS_UNIX */ - -#ifdef OS_WIN32 - -char * -p11_dl_error (void) -{ - DWORD code = GetLastError(); - LPVOID msg_buf; - - FormatMessageA (FORMAT_MESSAGE_ALLOCATE_BUFFER | - FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS, - NULL, code, - MAKELANGID (LANG_NEUTRAL, SUBLANG_DEFAULT), - (LPSTR)&msg_buf, 0, NULL); - - return msg_buf; -} - -void -p11_dl_close (void *dl) -{ - FreeLibrary (dl); -} - -int -p11_thread_create (p11_thread_t *thread, - p11_thread_routine routine, - void *arg) -{ - assert (thread); - - *thread = CreateThread (NULL, 0, - (LPTHREAD_START_ROUTINE)routine, - arg, 0, NULL); - - if (*thread == NULL) - return GetLastError (); - - return 0; -} - -int -p11_thread_join (p11_thread_t thread) -{ - DWORD res; - - res = WaitForSingleObject (thread, INFINITE); - if (res == WAIT_FAILED) - return GetLastError (); - - CloseHandle (thread); - return 0; -} - -struct _p11_mmap { - HANDLE file; - HANDLE mapping; - void *data; -}; - -p11_mmap * -p11_mmap_open (const char *path, - struct stat *sb, - void **data, - size_t *size) -{ - HANDLE mapping; - LARGE_INTEGER large; - DWORD errn; - p11_mmap *map; - - map = calloc (1, sizeof (p11_mmap)); - if (map == NULL) { - errno = ENOMEM; - return NULL; - } - - map->file = CreateFile (path, GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_FLAG_RANDOM_ACCESS, NULL); - if (map->file == INVALID_HANDLE_VALUE) { - errn = GetLastError (); - free (map); - SetLastError (errn); - if (errn == ERROR_PATH_NOT_FOUND || errn == ERROR_FILE_NOT_FOUND) - errno = ENOENT; - else if (errn == ERROR_ACCESS_DENIED) - errno = EPERM; - return NULL; - } - - if (sb == NULL) { - if (!GetFileSizeEx (map->file, &large)) { - errn = GetLastError (); - CloseHandle (map->file); - free (map); - SetLastError (errn); - if (errn == ERROR_ACCESS_DENIED) - errno = EPERM; - return NULL; - } - } else { - large.QuadPart = sb->st_size; - } - - mapping = CreateFileMapping (map->file, NULL, PAGE_READONLY, 0, 0, NULL); - if (!mapping) { - errn = GetLastError (); - CloseHandle (map->file); - free (map); - SetLastError (errn); - if (errn == ERROR_ACCESS_DENIED) - errno = EPERM; - return NULL; - } - - map->data = MapViewOfFile (mapping, FILE_MAP_READ, 0, 0, large.QuadPart); - CloseHandle (mapping); - - if (map->data == NULL) { - errn = GetLastError (); - CloseHandle (map->file); - free (map); - SetLastError (errn); - if (errn == ERROR_ACCESS_DENIED) - errno = EPERM; - return NULL; - } - - *data = map->data; - *size = large.QuadPart; - return map; -} - -void -p11_mmap_close (p11_mmap *map) -{ - UnmapViewOfFile (map->data); - CloseHandle (map->file); - free (map); -} - -#endif /* OS_WIN32 */ - -#ifndef HAVE_STRNSTR -#include - -/* - * Find the first occurrence of find in s, where the search is limited to the - * first slen characters of s. - */ -char * -strnstr (const char *s, - const char *find, - size_t slen) -{ - char c, sc; - size_t len; - - if ((c = *find++) != '\0') { - len = strlen (find); - do { - do { - if (slen-- < 1 || (sc = *s++) == '\0') - return (NULL); - } while (sc != c); - if (len > slen) - return (NULL); - } while (strncmp(s, find, len) != 0); - s--; - } - return ((char *)s); -} - -#endif /* HAVE_STRNSTR */ - -#ifndef HAVE_MEMDUP - -void * -memdup (const void *data, - size_t length) -{ - void *dup; - - if (!data) - return NULL; - - dup = malloc (length); - if (dup != NULL) - memcpy (dup, data, length); - - return dup; -} - -#endif /* HAVE_MEMDUP */ - -/* - * WORKAROUND: So in lots of released builds of firefox a completely broken strndup() - * is present. It does not NULL terminate its string output. It is unconditionally - * defined, and overrides the libc strndup() function on platforms where it - * exists as a function. For this reason we (for now) unconditionally define - * strndup(). - */ - -#if 1 /* #ifndef HAVE_STRNDUP */ - -/* - * HAVE_STRNDUP may be undefined if strndup() isn't working. So it may be - * present, and yet strndup may still be a defined header macro. - */ -#ifdef strndup -#undef strndup -#endif - -char * -strndup (const char *data, - size_t length); - -char * -strndup (const char *data, - size_t length) -{ - char *ret; - - ret = malloc (length + 1); - if (ret != NULL) { - strncpy (ret, data, length); - ret[length] = 0; - } - - return ret; -} - -#endif /* HAVE_STRNDUP */ - -#ifndef HAVE_STRCONCAT - -#include - -char * -strconcat (const char *first, - ...) -{ - size_t length = 0; - const char *arg; - char *result, *at; - va_list va; - - va_start (va, first); - - for (arg = first; arg; arg = va_arg (va, const char*)) - length += strlen (arg); - - va_end (va); - - at = result = malloc (length + 1); - if (result == NULL) - return NULL; - - va_start (va, first); - - for (arg = first; arg; arg = va_arg (va, const char*)) { - length = strlen (arg); - memcpy (at, arg, length); - at += length; - } - - va_end (va); - - *at = 0; - return result; -} - -#endif /* HAVE_STRCONCAT */ - -#ifndef HAVE_VASPRINTF -#include - -int vasprintf(char **strp, const char *fmt, va_list ap); - -int -vasprintf (char **strp, - const char *fmt, - va_list ap) -{ - char *buf = NULL; - char *nbuf; - int guess = 128; - int length = 0; - int ret; - - if (fmt == NULL) { - errno = EINVAL; - return -1; - } - - for (;;) { - nbuf = realloc (buf, guess); - if (!nbuf) { - free (buf); - return -1; - } - - buf = nbuf; - length = guess; - - ret = vsnprintf (buf, length, fmt, ap); - - if (ret < 0) - guess *= 2; - - else if (ret >= length) - guess = ret + 1; - - else - break; - } - - *strp = buf; - return ret; -} - -#endif /* HAVE_VASPRINTF */ - -#ifndef HAVE_ASPRINTF - -int asprintf(char **strp, const char *fmt, ...); - -int -asprintf (char **strp, - const char *fmt, - ...) -{ - va_list va; - int ret; - - va_start (va, fmt); - ret = vasprintf (strp, fmt, va); - va_end (va); - - return ret; -} - -#endif /* HAVE_ASPRINTF */ - -#ifndef HAVE_GMTIME_R - -struct tm * -gmtime_r (const time_t *timep, - struct tm *result) -{ -#ifdef OS_WIN32 - /* - * On win32 gmtime() returns thread local storage, so we can - * just copy it out into the buffer without worrying about races. - */ - struct tm *tg; - tg = gmtime (timep); - if (!tg) - return NULL; - memcpy (result, tg, sizeof (struct tm)); - return result; -#else - #error Need either gmtime_r() function on Unix -#endif -} - -#endif /* HAVE_GMTIME_R */ - -#if !defined(HAVE_MKDTEMP) || !defined(HAVE_MKSTEMP) -#include -#include - -static int -_gettemp (char *path, - int *doopen, - int domkdir, - int slen) -{ - static const char padchar[] = - "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; - static const int maxpathlen = 1024; - - char *start, *trv, *suffp, *carryp; - char *pad; - struct stat sbuf; - int rval; - int rnd; - char carrybuf[maxpathlen]; - - if ((doopen != NULL && domkdir) || slen < 0) { - errno = EINVAL; - return (0); - } - - for (trv = path; *trv != '\0'; ++trv) - ; - if (trv - path >= maxpathlen) { - errno = ENAMETOOLONG; - return (0); - } - trv -= slen; - suffp = trv; - --trv; - if (trv < path || NULL != strchr (suffp, '/')) { - errno = EINVAL; - return (0); - } - - /* Fill space with random characters */ - while (trv >= path && *trv == 'X') { - rnd = rand () % sizeof (padchar) - 1; - *trv-- = padchar[rnd]; - } - start = trv + 1; - - /* save first combination of random characters */ - memcpy (carrybuf, start, suffp - start); - - /* - * check the target directory. - */ - if (doopen != NULL || domkdir) { - for (; trv > path; --trv) { - if (*trv == '/') { - *trv = '\0'; - rval = stat(path, &sbuf); - *trv = '/'; - if (rval != 0) - return (0); - if (!S_ISDIR(sbuf.st_mode)) { - errno = ENOTDIR; - return (0); - } - break; - } - } - } - - for (;;) { - if (doopen) { - if ((*doopen = open (path, O_BINARY | O_CREAT | O_EXCL | O_RDWR | O_CLOEXEC, 0600)) >= 0) - return (1); - if (errno != EEXIST) - return (0); - } else if (domkdir) { -#ifdef OS_UNIX - if (mkdir (path, 0700) == 0) -#else - if (mkdir (path) == 0) -#endif - return (1); - if (errno != EEXIST) - return (0); -#ifdef OS_UNIX - } else if (lstat (path, &sbuf)) -#else - } else if (stat (path, &sbuf)) -#endif - return (errno == ENOENT); - - /* If we have a collision, cycle through the space of filenames */ - for (trv = start, carryp = carrybuf;;) { - /* have we tried all possible permutations? */ - if (trv == suffp) - return (0); /* yes - exit with EEXIST */ - pad = strchr(padchar, *trv); - if (pad == NULL) { - /* this should never happen */ - errno = EIO; - return (0); - } - /* increment character */ - *trv = (*++pad == '\0') ? padchar[0] : *pad; - /* carry to next position? */ - if (*trv == *carryp) { - /* increment position and loop */ - ++trv; - ++carryp; - } else { - /* try with new name */ - break; - } - } - } - - /*NOTREACHED*/ -} - -#endif /* !HAVE_MKDTEMP || !HAVE_MKSTEMP */ - -#ifndef HAVE_MKSTEMP - -int -mkstemp (char *template) -{ - int fd; - - return (_gettemp (template, &fd, 0, 0) ? fd : -1); -} - -#endif /* HAVE_MKSTEMP */ - -#ifndef HAVE_MKDTEMP - -char * -mkdtemp (char *template) -{ - return (_gettemp (template, (int *)NULL, 1, 0) ? template : (char *)NULL); -} - -#endif /* HAVE_MKDTEMP */ - -#ifndef HAVE_GETAUXVAL - -unsigned long -getauxval (unsigned long type) -{ - static unsigned long secure = 0UL; - static bool check_secure_initialized = false; - - /* - * This is the only one our stand-in impl supports and is - * also the only type we define in compat.h header - */ - assert (type == AT_SECURE); - - if (!check_secure_initialized) { -#if defined(HAVE___LIBC_ENABLE_SECURE) - extern int __libc_enable_secure; - secure = __libc_enable_secure; - -#elif defined(HAVE_ISSETUGID) - secure = issetugid (); - -#elif defined(OS_UNIX) - uid_t ruid, euid, suid; /* Real, effective and saved user ID's */ - gid_t rgid, egid, sgid; /* Real, effective and saved group ID's */ - -#ifdef HAVE_GETRESUID - if (getresuid (&ruid, &euid, &suid) != 0 || - getresgid (&rgid, &egid, &sgid) != 0) -#endif /* HAVE_GETRESUID */ - { - suid = ruid = getuid (); - sgid = rgid = getgid (); - euid = geteuid (); - egid = getegid (); - } - - secure = (ruid != euid || ruid != suid || - rgid != egid || rgid != sgid); -#endif /* OS_UNIX */ - check_secure_initialized = true; - } - - return secure; -} - -#endif /* HAVE_GETAUXVAL */ - -char * -secure_getenv (const char *name) -{ - if (getauxval (AT_SECURE)) - return NULL; - return getenv (name); -} - -#ifndef HAVE_STRERROR_R - -int -strerror_r (int errnum, - char *buf, - size_t buflen) -{ -#ifdef OS_WIN32 -#if _WIN32_WINNT < 0x502 /* WinXP or older */ - int n = sys_nerr; - const char *p; - if (errnum < 0 || errnum >= n) - p = sys_errlist[n]; - else - p = sys_errlist[errnum]; - if (buf == NULL || buflen == 0) - return EINVAL; - strncpy(buf, p, buflen); - buf[buflen-1] = 0; - return 0; -#else /* Server 2003 or newer */ - return strerror_s (buf, buflen, errnum); -#endif /*_WIN32_WINNT*/ - -#else - #error no strerror_r implementation -#endif -} - -#endif /* HAVE_STRERROR_R */ - -#ifdef OS_UNIX - -#include - -#ifndef HAVE_FDWALK - -#ifdef HAVE_SYS_RESOURCE_H -#include -#endif - -int -fdwalk (int (* cb) (void *data, int fd), - void *data) -{ - struct dirent *de; - char *end; - DIR *dir; - int open_max; - long num; - int res = 0; - int fd; - -#ifdef HAVE_SYS_RESOURCE_H - struct rlimit rl; -#endif - - dir = opendir ("/proc/self/fd"); - if (dir != NULL) { - while ((de = readdir (dir)) != NULL) { - end = NULL; - num = (int) strtol (de->d_name, &end, 10); - - /* didn't parse or is the opendir() fd */ - if (!end || *end != '\0' || - (int)num == dirfd (dir)) - continue; - - fd = num; - - /* call the callback */ - res = cb (data, fd); - if (res != 0) - break; - } - - closedir (dir); - return res; - } - - /* No /proc, brute force */ -#ifdef HAVE_SYS_RESOURCE_H - if (getrlimit (RLIMIT_NOFILE, &rl) == 0 && rl.rlim_max != RLIM_INFINITY) - open_max = rl.rlim_max; - else -#endif - open_max = sysconf (_SC_OPEN_MAX); - - for (fd = 0; fd < open_max; fd++) { - res = cb (data, fd); - if (res != 0) - break; - } - - return res; -} - -#endif /* HAVE_FDWALK */ - -#endif /* OS_UNIX */ diff --git a/common/compat.h b/common/compat.h deleted file mode 100644 index acbccf9..0000000 --- a/common/compat.h +++ /dev/null @@ -1,341 +0,0 @@ -/* - * Copyright (c) 2011 Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef __COMPAT_H__ -#define __COMPAT_H__ - -#include "config.h" - -#include -#include - -#ifdef _GNU_SOURCE -#error Make the crap stop. _GNU_SOURCE is completely unportable and breaks all sorts of behavior -#endif - -#if !defined(__cplusplus) && (__GNUC__ > 2) -#define GNUC_PRINTF(x, y) __attribute__((__format__(__printf__, x, y))) -#else -#define GNUC_PRINTF(x, y) -#endif - -#if __GNUC__ >= 4 -#define GNUC_NULL_TERMINATED __attribute__((__sentinel__)) -#else -#define GNUC_NULL_TERMINATED -#endif - -/* For detecting clang features */ -#ifndef __has_feature -#define __has_feature(x) 0 -#endif - -#ifndef CLANG_ANALYZER_NORETURN -#if __has_feature(attribute_analyzer_noreturn) -#define CLANG_ANALYZER_NORETURN __attribute__((analyzer_noreturn)) -#else -#define CLANG_ANALYZER_NORETURN -#endif -#endif - -#ifndef O_BINARY -#define O_BINARY 0 -#endif - -#ifndef O_CLOEXEC -#define O_CLOEXEC 0 -#endif - -#ifndef HAVE_GETPROGNAME -const char * getprogname (void); -#endif - -#ifndef HAVE_MKSTEMP - -int mkstemp (char *template); - -#endif /* HAVE_MKSTEMP */ - -#ifndef HAVE_MKDTEMP - -char * mkdtemp (char *template); - -#endif /* HAVE_MKDTEMP */ - -char * strdup_path_mangle (const char *template); - -/* ----------------------------------------------------------------------------- - * WIN32 - */ - -#ifdef OS_WIN32 - -#ifndef _WIN32_WINNT -#define _WIN32_WINNT 0x500 -#endif - -#ifndef _WIN32_IE -#define _WIN32_IE 0x500 -#endif - -#define WIN32_LEAN_AND_MEAN 1 -#include - -#include - -/* Oh ... my ... god */ -#undef CreateMutex - -typedef CRITICAL_SECTION p11_mutex_t; - -typedef HANDLE p11_thread_t; - -typedef DWORD p11_thread_id_t; - -#define p11_mutex_init(m) \ - (InitializeCriticalSection (m)) -#define p11_mutex_lock(m) \ - (EnterCriticalSection (m)) -#define p11_mutex_unlock(m) \ - (LeaveCriticalSection (m)) -#define p11_mutex_uninit(m) \ - (DeleteCriticalSection (m)) - -typedef void * (*p11_thread_routine) (void *arg); - -int p11_thread_create (p11_thread_t *thread, p11_thread_routine, void *arg); - -int p11_thread_join (p11_thread_t thread); - -/* Returns a thread_id_t */ -#define p11_thread_id_self() \ - (GetCurrentThreadId ()) - -typedef HMODULE dl_module_t; - -#define p11_dl_open(f) \ - (LoadLibrary (f)) -#define p11_dl_symbol(d, s) \ - ((void *)GetProcAddress ((d), (s))) - -char * p11_dl_error (void); - -void p11_dl_close (void * dl); - -#define p11_sleep_ms(ms) \ - (Sleep (ms)) - -typedef struct _p11_mmap p11_mmap; - -p11_mmap * p11_mmap_open (const char *path, - struct stat *sb, - void **data, - size_t *size); - -void p11_mmap_close (p11_mmap *map); - -#ifndef HAVE_SETENV -#define setenv(n, v, z) _putenv_s(n, v) -#endif /* HAVE_SETENV */ - -#endif /* OS_WIN32 */ - -/* ---------------------------------------------------------------------------- - * UNIX - */ - -#ifdef OS_UNIX - -#include -#include -#include -#include - -typedef pthread_mutex_t p11_mutex_t; - -void p11_mutex_init (p11_mutex_t *mutex); - -#define p11_mutex_lock(m) \ - (pthread_mutex_lock (m)) -#define p11_mutex_unlock(m) \ - (pthread_mutex_unlock (m)) -#define p11_mutex_uninit(m) \ - (pthread_mutex_destroy(m)) - -typedef pthread_t p11_thread_t; - -typedef pthread_t p11_thread_id_t; - -typedef void * (*p11_thread_routine) (void *arg); - -#define p11_thread_create(t, r, a) \ - (pthread_create ((t), NULL, (r), (a))) -#define p11_thread_join(t) \ - (pthread_join ((t), NULL)) -#define p11_thread_id_self(m) \ - (pthread_self ()) - -typedef void * dl_module_t; - -#define p11_dl_open(f) \ - (dlopen ((f), RTLD_LOCAL | RTLD_NOW)) -#define p11_dl_close \ - dlclose -#define p11_dl_symbol(d, s) \ - (dlsym ((d), (s))) - -char * p11_dl_error (void); - -#define p11_sleep_ms(ms) \ - do { int _ms = (ms); \ - struct timespec _ts = { _ms / 1000, (_ms % 1000) * 1000 * 1000 }; \ - nanosleep (&_ts, NULL); \ - } while(0) - -typedef struct _p11_mmap p11_mmap; - -p11_mmap * p11_mmap_open (const char *path, - struct stat *sb, - void **data, - size_t *size); - -void p11_mmap_close (p11_mmap *map); - -#endif /* OS_UNIX */ - -/* ---------------------------------------------------------------------------- - * MORE COMPAT - */ - -#ifdef HAVE_ERRNO_H -#include -#endif /* HAVE_ERRNO_H */ - -#ifndef HAVE_STRNSTR - -char * strnstr (const char *s, - const char *find, - size_t slen); - -#endif /* HAVE_STRNSTR */ - -#ifndef HAVE_MEMDUP - -void * memdup (const void *data, - size_t length); - -#endif /* HAVE_MEMDUP */ - -#ifndef HAVE_STRNDUP - -char * strndup (const char *data, - size_t length); - -#endif /* HAVE_STRDUP */ - -#ifdef HAVE_STDBOOL_H -#include -#else -typedef enum { false, true } bool; -#endif - -#ifndef HAVE_STRCONCAT - -char * strconcat (const char *first, - ...) GNUC_NULL_TERMINATED; - -#endif /* HAVE_STRCONCAT */ - -#if defined HAVE_DECL_ASPRINTF && !HAVE_DECL_ASPRINTF - -int asprintf (char **strp, - const char *fmt, - ...); - -#endif /* HAVE_ASPRINTF */ - -#if defined HAVE_DECL_VASPRINTF && !HAVE_DECL_VASPRINTF -#include - -int vasprintf (char **strp, - const char *fmt, - va_list ap); - -#endif /* HAVE_DECL_VASPRINTF */ - -#ifndef HAVE_GMTIME_R -#include - -struct tm * gmtime_r (const time_t *timep, - struct tm *result); - -#endif /* HAVE_GMTIME_R */ - -#ifndef HAVE_TIMEGM -#include - -time_t timegm (struct tm *tm); - -#endif /* HAVE_TIMEGM */ - -#ifdef HAVE_GETAUXVAL - -#include - -#else /* !HAVE_GETAUXVAL */ - -unsigned long getauxval (unsigned long type); - -#define AT_SECURE 23 - -#endif /* !HAVE_GETAUXVAL */ - -char * secure_getenv (const char *name); - -#ifndef HAVE_STRERROR_R - -int strerror_r (int errnum, - char *buf, - size_t buflen); - -#endif /* HAVE_STRERROR_R */ - -#ifndef HAVE_FDWALK - -int fdwalk (int (* cb) (void *data, int fd), - void *data); - -#endif - -#endif /* __COMPAT_H__ */ diff --git a/common/constants.c b/common/constants.c deleted file mode 100644 index f4aa66b..0000000 --- a/common/constants.c +++ /dev/null @@ -1,708 +0,0 @@ -/* - * Copyright (C) 2013, Redhat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "attrs.h" -#include "constants.h" -#include "debug.h" -#include "pkcs11.h" -#include "pkcs11i.h" -#include "pkcs11x.h" - -#include - -#define ELEMS(x) (sizeof (x) / sizeof (x[0])) - -/* - * These are in numeric order of their type for easy lookup - * After changing something make sure to run the test-attrs - * test to verify everything is in order. - */ - -#define CT(x, n) { x, #x, { n } }, -#define CT2(x, n, n2) { x, #x, { n, n2 } }, - -const p11_constant p11_constant_types[] = { - CT (CKA_CLASS, "class") - CT (CKA_TOKEN, "token") - CT (CKA_PRIVATE, "private") - CT (CKA_LABEL, "label") - CT (CKA_APPLICATION, "application") - CT (CKA_VALUE, "value") - CT (CKA_OBJECT_ID, "object-id") - CT (CKA_CERTIFICATE_TYPE, "certificate-type") - CT (CKA_ISSUER, "issuer") - CT (CKA_SERIAL_NUMBER, "serial-number") - CT (CKA_AC_ISSUER, "ac-issuer") - CT (CKA_OWNER, "owner") - CT (CKA_ATTR_TYPES, "attr-types") - CT (CKA_TRUSTED, "trusted") - CT (CKA_CERTIFICATE_CATEGORY, "certificate-category") - CT (CKA_JAVA_MIDP_SECURITY_DOMAIN, "java-midp-security-domain") - CT (CKA_URL, "url") - CT (CKA_HASH_OF_SUBJECT_PUBLIC_KEY, "hash-of-subject-public-key") - CT (CKA_HASH_OF_ISSUER_PUBLIC_KEY, "hash-of-issuer-public-key") - CT (CKA_CHECK_VALUE, "check-value") - CT (CKA_KEY_TYPE, "key-type") - CT (CKA_SUBJECT, "subject") - CT (CKA_ID, "id") - CT (CKA_SENSITIVE, "sensitive") - CT (CKA_ENCRYPT, "encrypt") - CT (CKA_DECRYPT, "decrypt") - CT (CKA_WRAP, "wrap") - CT (CKA_UNWRAP, "unwrap") - CT (CKA_SIGN, "sign") - CT (CKA_SIGN_RECOVER, "sign-recover") - CT (CKA_VERIFY, "verify") - CT (CKA_VERIFY_RECOVER, "recover") - CT (CKA_DERIVE, "derive") - CT (CKA_START_DATE, "start-date") - CT (CKA_END_DATE, "end-date") - CT (CKA_MODULUS, "modulus") - CT (CKA_MODULUS_BITS, "modulus-bits") - CT (CKA_PUBLIC_EXPONENT, "public-exponent") - CT (CKA_PRIVATE_EXPONENT, "private-exponent") - CT (CKA_PRIME_1, "prime-1") - CT (CKA_PRIME_2, "prime-2") - CT (CKA_EXPONENT_1, "exponent-1") - CT (CKA_EXPONENT_2, "exponent-2") - CT (CKA_COEFFICIENT, "coefficient") - CT2 (CKA_PUBLIC_KEY_INFO, "public-key-info", "x-public-key-info") - CT (CKA_PRIME, "prime") - CT (CKA_SUBPRIME, "subprime") - CT (CKA_BASE, "base") - CT (CKA_PRIME_BITS, "prime-bits") - /* CT (CKA_SUBPRIME_BITS) */ - CT (CKA_SUB_PRIME_BITS, "subprime-bits") - CT (CKA_VALUE_BITS, "value-bits") - CT (CKA_VALUE_LEN, "value-len") - CT (CKA_EXTRACTABLE, "extractable") - CT (CKA_LOCAL, "local") - CT (CKA_NEVER_EXTRACTABLE, "never-extractable") - CT (CKA_ALWAYS_SENSITIVE, "always-sensitive") - CT (CKA_KEY_GEN_MECHANISM, "key-gen-mechanism") - CT (CKA_MODIFIABLE, "modifiable") - CT (CKA_ECDSA_PARAMS, "ecdsa-params") - /* CT (CKA_EC_PARAMS) */ - CT (CKA_EC_POINT, "ec-point") - CT (CKA_SECONDARY_AUTH, "secondary-auth") - CT (CKA_AUTH_PIN_FLAGS, "auth-pin-flags") - CT (CKA_ALWAYS_AUTHENTICATE, "always-authenticate") - CT (CKA_WRAP_WITH_TRUSTED, "wrap-with-trusted") - CT (CKA_HW_FEATURE_TYPE, "hw-feature-type") - CT (CKA_RESET_ON_INIT, "reset-on-init") - CT (CKA_HAS_RESET, "has-reset") - CT (CKA_PIXEL_X, "pixel-x") - CT (CKA_PIXEL_Y, "pixel-y") - CT (CKA_RESOLUTION, "resolution") - CT (CKA_CHAR_ROWS, "char-rows") - CT (CKA_CHAR_COLUMNS, "char-columns") - CT (CKA_COLOR, "color") - CT (CKA_BITS_PER_PIXEL, "bits-per-pixel") - CT (CKA_CHAR_SETS, "char-sets") - CT (CKA_ENCODING_METHODS, "encoding-methods") - CT (CKA_MIME_TYPES, "mime-types") - CT (CKA_MECHANISM_TYPE, "mechanism-type") - CT (CKA_REQUIRED_CMS_ATTRIBUTES, "required-cms-attributes") - CT (CKA_DEFAULT_CMS_ATTRIBUTES, "default-cms-attributes") - CT (CKA_SUPPORTED_CMS_ATTRIBUTES, "supported-cms-attributes") - CT (CKA_WRAP_TEMPLATE, "wrap-template") - CT (CKA_UNWRAP_TEMPLATE, "unwrap-template") - CT (CKA_ALLOWED_MECHANISMS, "allowed-mechanisms") - CT (CKA_NSS_URL, "nss-url") - CT (CKA_NSS_EMAIL, "nss-email") - CT (CKA_NSS_SMIME_INFO, "nss-smime-constant") - CT (CKA_NSS_SMIME_TIMESTAMP, "nss-smime-timestamp") - CT (CKA_NSS_PKCS8_SALT, "nss-pkcs8-salt") - CT (CKA_NSS_PASSWORD_CHECK, "nss-password-check") - CT (CKA_NSS_EXPIRES, "nss-expires") - CT (CKA_NSS_KRL, "nss-krl") - CT (CKA_NSS_PQG_COUNTER, "nss-pqg-counter") - CT (CKA_NSS_PQG_SEED, "nss-pqg-seed") - CT (CKA_NSS_PQG_H, "nss-pqg-h") - CT (CKA_NSS_PQG_SEED_BITS, "nss-pqg-seed-bits") - CT (CKA_NSS_MODULE_SPEC, "nss-module-spec") - CT (CKA_TRUST_DIGITAL_SIGNATURE, "trust-digital-signature") - CT (CKA_TRUST_NON_REPUDIATION, "trust-non-repudiation") - CT (CKA_TRUST_KEY_ENCIPHERMENT, "trust-key-encipherment") - CT (CKA_TRUST_DATA_ENCIPHERMENT, "trust-data-encipherment") - CT (CKA_TRUST_KEY_AGREEMENT, "trust-key-agreement") - CT (CKA_TRUST_KEY_CERT_SIGN, "trust-key-cert-sign") - CT (CKA_TRUST_CRL_SIGN, "trust-crl-sign") - CT (CKA_TRUST_SERVER_AUTH, "trust-server-auth") - CT (CKA_TRUST_CLIENT_AUTH, "trust-client-auth") - CT (CKA_TRUST_CODE_SIGNING, "trust-code-signing") - CT (CKA_TRUST_EMAIL_PROTECTION, "trust-email-protection") - CT (CKA_TRUST_IPSEC_END_SYSTEM, "trust-ipsec-end-system") - CT (CKA_TRUST_IPSEC_TUNNEL, "trust-ipsec-tunnel") - CT (CKA_TRUST_IPSEC_USER, "trust-ipsec-user") - CT (CKA_TRUST_TIME_STAMPING, "trust-time-stamping") - CT (CKA_TRUST_STEP_UP_APPROVED, "trust-step-up-approved") - CT (CKA_CERT_SHA1_HASH, "cert-sha1-hash") - CT (CKA_CERT_MD5_HASH, "cert-md5-hash") - CT (CKA_X_ASSERTION_TYPE, "x-assertion-type") - CT (CKA_X_CERTIFICATE_VALUE, "x-cetrificate-value") - CT (CKA_X_PURPOSE, "x-purpose") - CT (CKA_X_PEER, "x-peer") - CT (CKA_X_DISTRUSTED, "x-distrusted") - CT (CKA_X_CRITICAL, "x-critical") - { CKA_INVALID }, -}; - -const p11_constant p11_constant_classes[] = { - CT (CKO_DATA, "data") - CT (CKO_CERTIFICATE, "certificate") - CT (CKO_PUBLIC_KEY, "public-key") - CT (CKO_PRIVATE_KEY, "private-key") - CT (CKO_SECRET_KEY, "secret-key") - CT (CKO_HW_FEATURE, "hw-feature") - CT (CKO_DOMAIN_PARAMETERS, "domain-parameters") - CT (CKO_MECHANISM, "mechanism") - CT (CKO_NSS_CRL, "nss-crl") - CT (CKO_NSS_SMIME, "nss-smime") - CT (CKO_NSS_TRUST, "nss-trust") - CT (CKO_NSS_BUILTIN_ROOT_LIST, "nss-builtin-root-list") - CT (CKO_NSS_NEWSLOT, "nss-newslot") - CT (CKO_NSS_DELSLOT, "nss-delslot") - CT (CKO_X_TRUST_ASSERTION, "x-trust-assertion") - CT (CKO_X_CERTIFICATE_EXTENSION, "x-certificate-extension") - { CKA_INVALID }, -}; - -const p11_constant p11_constant_trusts[] = { - CT (CKT_NSS_TRUSTED, "nss-trusted") - CT (CKT_NSS_TRUSTED_DELEGATOR, "nss-trusted-delegator") - CT (CKT_NSS_MUST_VERIFY_TRUST, "nss-must-verify-trust") - CT (CKT_NSS_TRUST_UNKNOWN, "nss-trust-unknown") - CT (CKT_NSS_NOT_TRUSTED, "nss-not-trusted") - CT (CKT_NSS_VALID_DELEGATOR, "nss-valid-delegator") - { CKA_INVALID }, -}; - -const p11_constant p11_constant_certs[] = { - CT (CKC_X_509, "x-509") - CT (CKC_X_509_ATTR_CERT, "x-509-attr-cert") - CT (CKC_WTLS, "wtls") - { CKA_INVALID }, -}; - -const p11_constant p11_constant_keys[] = { - CT (CKK_RSA, "rsa") - CT (CKK_DSA, "dsa") - CT (CKK_DH, "dh") - /* CT (CKK_ECDSA) */ - CT (CKK_EC, "ec") - CT (CKK_X9_42_DH, "x9-42-dh") - CT (CKK_KEA, "kea") - CT (CKK_GENERIC_SECRET, "generic-secret") - CT (CKK_RC2, "rc2") - CT (CKK_RC4, "rc4") - CT (CKK_DES, "des") - CT (CKK_DES2, "des2") - CT (CKK_DES3, "des3") - CT (CKK_CAST, "cast") - CT (CKK_CAST3, "cast3") - CT (CKK_CAST128, "cast128") - CT (CKK_RC5, "rc5") - CT (CKK_IDEA, "idea") - CT (CKK_SKIPJACK, "skipjack") - CT (CKK_BATON, "baton") - CT (CKK_JUNIPER, "juniper") - CT (CKK_CDMF, "cdmf") - CT (CKK_AES, "aes") - CT (CKK_BLOWFISH, "blowfish") - CT (CKK_TWOFISH, "twofish") - CT (CKK_NSS_PKCS8, "nss-pkcs8") - { CKA_INVALID }, -}; - -const p11_constant p11_constant_asserts[] = { - CT (CKT_X_DISTRUSTED_CERTIFICATE, "x-distrusted-certificate") - CT (CKT_X_PINNED_CERTIFICATE, "x-pinned-certificate") - CT (CKT_X_ANCHORED_CERTIFICATE, "x-anchored-certificate") - { CKA_INVALID }, -}; - -const p11_constant p11_constant_categories[] = { - { 0, "unspecified", { "unspecified" } }, - { 1, "token-user", { "token-user" } }, - { 2, "authority", { "authority" } }, - { 3, "other-entry", { "other-entry" } }, - { CKA_INVALID }, -}; - -const p11_constant p11_constant_users[] = { - CT (CKU_SO, NULL) - CT (CKU_USER, NULL) - CT (CKU_CONTEXT_SPECIFIC, NULL) - { CKA_INVALID }, -}; - -const p11_constant p11_constant_states[] = { - CT (CKS_RO_PUBLIC_SESSION, NULL) - CT (CKS_RO_USER_FUNCTIONS, NULL) - CT (CKS_RW_PUBLIC_SESSION, NULL) - CT (CKS_RW_USER_FUNCTIONS, NULL) - CT (CKS_RW_SO_FUNCTIONS, NULL) - { CKA_INVALID }, -}; - -const p11_constant p11_constant_returns[] = { - CT (CKR_OK, NULL) - CT (CKR_CANCEL, NULL) - CT (CKR_HOST_MEMORY, NULL) - CT (CKR_SLOT_ID_INVALID, NULL) - CT (CKR_GENERAL_ERROR, NULL) - CT (CKR_FUNCTION_FAILED, NULL) - CT (CKR_ARGUMENTS_BAD, NULL) - CT (CKR_NO_EVENT, NULL) - CT (CKR_NEED_TO_CREATE_THREADS, NULL) - CT (CKR_CANT_LOCK, NULL) - CT (CKR_ATTRIBUTE_READ_ONLY, NULL) - CT (CKR_ATTRIBUTE_SENSITIVE, NULL) - CT (CKR_ATTRIBUTE_TYPE_INVALID, NULL) - CT (CKR_ATTRIBUTE_VALUE_INVALID, NULL) - CT (CKR_DATA_INVALID, NULL) - CT (CKR_DATA_LEN_RANGE, NULL) - CT (CKR_DEVICE_ERROR, NULL) - CT (CKR_DEVICE_MEMORY, NULL) - CT (CKR_DEVICE_REMOVED, NULL) - CT (CKR_ENCRYPTED_DATA_INVALID, NULL) - CT (CKR_ENCRYPTED_DATA_LEN_RANGE, NULL) - CT (CKR_FUNCTION_CANCELED, NULL) - CT (CKR_FUNCTION_NOT_PARALLEL, NULL) - CT (CKR_FUNCTION_NOT_SUPPORTED, NULL) - CT (CKR_KEY_HANDLE_INVALID, NULL) - CT (CKR_KEY_SIZE_RANGE, NULL) - CT (CKR_KEY_TYPE_INCONSISTENT, NULL) - CT (CKR_KEY_NOT_NEEDED, NULL) - CT (CKR_KEY_CHANGED, NULL) - CT (CKR_KEY_NEEDED, NULL) - CT (CKR_KEY_INDIGESTIBLE, NULL) - CT (CKR_KEY_FUNCTION_NOT_PERMITTED, NULL) - CT (CKR_KEY_NOT_WRAPPABLE, NULL) - CT (CKR_KEY_UNEXTRACTABLE, NULL) - CT (CKR_MECHANISM_INVALID, NULL) - CT (CKR_MECHANISM_PARAM_INVALID, NULL) - CT (CKR_OBJECT_HANDLE_INVALID, NULL) - CT (CKR_OPERATION_ACTIVE, NULL) - CT (CKR_OPERATION_NOT_INITIALIZED, NULL) - CT (CKR_PIN_INCORRECT, NULL) - CT (CKR_PIN_INVALID, NULL) - CT (CKR_PIN_LEN_RANGE, NULL) - CT (CKR_PIN_EXPIRED, NULL) - CT (CKR_PIN_LOCKED, NULL) - CT (CKR_SESSION_CLOSED, NULL) - CT (CKR_SESSION_COUNT, NULL) - CT (CKR_SESSION_HANDLE_INVALID, NULL) - CT (CKR_SESSION_PARALLEL_NOT_SUPPORTED, NULL) - CT (CKR_SESSION_READ_ONLY, NULL) - CT (CKR_SESSION_EXISTS, NULL) - CT (CKR_SESSION_READ_ONLY_EXISTS, NULL) - CT (CKR_SESSION_READ_WRITE_SO_EXISTS, NULL) - CT (CKR_SIGNATURE_INVALID, NULL) - CT (CKR_SIGNATURE_LEN_RANGE, NULL) - CT (CKR_TEMPLATE_INCOMPLETE, NULL) - CT (CKR_TEMPLATE_INCONSISTENT, NULL) - CT (CKR_TOKEN_NOT_PRESENT, NULL) - CT (CKR_TOKEN_NOT_RECOGNIZED, NULL) - CT (CKR_TOKEN_WRITE_PROTECTED, NULL) - CT (CKR_UNWRAPPING_KEY_HANDLE_INVALID, NULL) - CT (CKR_UNWRAPPING_KEY_SIZE_RANGE, NULL) - CT (CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, NULL) - CT (CKR_USER_ALREADY_LOGGED_IN, NULL) - CT (CKR_USER_NOT_LOGGED_IN, NULL) - CT (CKR_USER_PIN_NOT_INITIALIZED, NULL) - CT (CKR_USER_TYPE_INVALID, NULL) - CT (CKR_USER_ANOTHER_ALREADY_LOGGED_IN, NULL) - CT (CKR_USER_TOO_MANY_TYPES, NULL) - CT (CKR_WRAPPED_KEY_INVALID, NULL) - CT (CKR_WRAPPED_KEY_LEN_RANGE, NULL) - CT (CKR_WRAPPING_KEY_HANDLE_INVALID, NULL) - CT (CKR_WRAPPING_KEY_SIZE_RANGE, NULL) - CT (CKR_WRAPPING_KEY_TYPE_INCONSISTENT, NULL) - CT (CKR_RANDOM_SEED_NOT_SUPPORTED, NULL) - CT (CKR_RANDOM_NO_RNG, NULL) - CT (CKR_DOMAIN_PARAMS_INVALID, NULL) - CT (CKR_BUFFER_TOO_SMALL, NULL) - CT (CKR_SAVED_STATE_INVALID, NULL) - CT (CKR_INFORMATION_SENSITIVE, NULL) - CT (CKR_STATE_UNSAVEABLE, NULL) - CT (CKR_CRYPTOKI_NOT_INITIALIZED, NULL) - CT (CKR_CRYPTOKI_ALREADY_INITIALIZED, NULL) - CT (CKR_MUTEX_BAD, NULL) - CT (CKR_MUTEX_NOT_LOCKED, NULL) - CT (CKR_FUNCTION_REJECTED, NULL) - { CKA_INVALID }, -}; - -const p11_constant p11_constant_mechanisms[] = { - CT (CKM_RSA_PKCS_KEY_PAIR_GEN, "rsa-pkcs-key-pair-gen") - CT (CKM_RSA_PKCS, "rsa-pkcs") - CT (CKM_RSA_9796, "rsa-9796") - CT (CKM_RSA_X_509, "rsa-x-509") - CT (CKM_MD2_RSA_PKCS, "md2-rsa-pkcs") - CT (CKM_MD5_RSA_PKCS, "md5-rsa-pkcs") - CT (CKM_SHA1_RSA_PKCS, "sha1-rsa-pkcs") - CT (CKM_RIPEMD128_RSA_PKCS, "ripemd128-rsa-pkcs") - CT (CKM_RIPEMD160_RSA_PKCS, "ripemd160-rsa-pkcs") - CT (CKM_RSA_PKCS_OAEP, "rsa-pkcs-oaep") - CT (CKM_RSA_X9_31_KEY_PAIR_GEN, "rsa-x9-31-key-pair-gen") - CT (CKM_RSA_X9_31, "rsa-x9-31") - CT (CKM_SHA1_RSA_X9_31, "sha1-rsa-x9-31") - CT (CKM_RSA_PKCS_PSS, "rsa-pkcs-pss") - CT (CKM_SHA1_RSA_PKCS_PSS, "sha1-rsa-pkcs-pss") - CT (CKM_DSA_KEY_PAIR_GEN, "dsa-key-pair-gen") - CT (CKM_DSA, NULL) /* "dsa" */ - CT (CKM_DSA_SHA1, "dsa-sha1") - CT (CKM_DH_PKCS_KEY_PAIR_GEN, "dh-pkcs-key-pair-gen") - CT (CKM_DH_PKCS_DERIVE, "dh-pkcs-derive") - CT (CKM_X9_42_DH_KEY_PAIR_GEN, "x9-42-dh-key-pair-gen") - CT (CKM_X9_42_DH_DERIVE, "x9-42-dh-derive") - CT (CKM_X9_42_DH_HYBRID_DERIVE, "x9-42-dh-hybrid-derive") - CT (CKM_X9_42_MQV_DERIVE, "x9-42-mqv-derive") - CT (CKM_SHA256_RSA_PKCS, "sha256-rsa-pkcs") - CT (CKM_SHA384_RSA_PKCS, "sha384-rsa-pkcs") - CT (CKM_SHA512_RSA_PKCS, "sha512-rsa-pkcs") - CT (CKM_SHA256_RSA_PKCS_PSS, "sha256-rsa-pkcs-pss") - CT (CKM_SHA384_RSA_PKCS_PSS, "sha384-rsa-pkcs-pss") - CT (CKM_SHA512_RSA_PKCS_PSS, "sha512-rsa-pkcs-pss") - CT (CKM_RC2_KEY_GEN, "rc2-key-gen") - CT (CKM_RC2_ECB, "rc2-ecb") - CT (CKM_RC2_CBC, "rc2-cbc") - CT (CKM_RC2_MAC, "rc2-mac") - CT (CKM_RC2_MAC_GENERAL, "rc2-mac-general") - CT (CKM_RC2_CBC_PAD, "rc2-cbc-pad") - CT (CKM_RC4_KEY_GEN, "rc4-key-gen") - CT (CKM_RC4, NULL) /* "rc4" */ - CT (CKM_DES_KEY_GEN, "des-key-gen") - CT (CKM_DES_ECB, "des-ecb") - CT (CKM_DES_CBC, "des-cbc") - CT (CKM_DES_MAC, "des-mac") - CT (CKM_DES_MAC_GENERAL, "des-mac-general") - CT (CKM_DES_CBC_PAD, "des-cbc-pad") - CT (CKM_DES2_KEY_GEN, "des2-key-gen") - CT (CKM_DES3_KEY_GEN, "des3-key-gen") - CT (CKM_DES3_ECB, "des3-ecb") - CT (CKM_DES3_CBC, "des3-cbc") - CT (CKM_DES3_MAC, "des3-mac") - CT (CKM_DES3_MAC_GENERAL, "des3-mac-general") - CT (CKM_DES3_CBC_PAD, "des3-cbc-pad") - CT (CKM_CDMF_KEY_GEN, "cdmf-key-gen") - CT (CKM_CDMF_ECB, "cdmf-ecb") - CT (CKM_CDMF_CBC, "cdmf-cbc") - CT (CKM_CDMF_MAC, "cdmf-mac") - CT (CKM_CDMF_MAC_GENERAL, "cdmf-mac-general") - CT (CKM_CDMF_CBC_PAD, "cdmf-cbc-pad") - CT (CKM_DES_OFB64, "des-ofb64") - CT (CKM_DES_OFB8, "des-ofb8") - CT (CKM_DES_CFB64, "des-cfb64") - CT (CKM_DES_CFB8, "des-cfb8") - CT (CKM_MD2, "md2") - CT (CKM_MD2_HMAC, "md2-hmac") - CT (CKM_MD2_HMAC_GENERAL, "md2-hmac-general") - CT (CKM_MD5, "md5") - CT (CKM_MD5_HMAC, "md5-hmac") - CT (CKM_MD5_HMAC_GENERAL, "md5-hmac-general") - CT (CKM_SHA_1, "sha-1") - CT (CKM_SHA_1_HMAC, "sha-1-hmac") - CT (CKM_SHA_1_HMAC_GENERAL, "sha-1-hmac-general") - CT (CKM_RIPEMD128, "ripemd128") - CT (CKM_RIPEMD128_HMAC, "ripemd128-hmac") - CT (CKM_RIPEMD128_HMAC_GENERAL, "ripemd128-hmac-general") - CT (CKM_RIPEMD160, "ripemd160") - CT (CKM_RIPEMD160_HMAC, "ripemd160-hmac") - CT (CKM_RIPEMD160_HMAC_GENERAL, "ripemd160-hmac-general") - CT (CKM_SHA256, "sha256") - CT (CKM_SHA256_HMAC, "sha256-hmac") - CT (CKM_SHA256_HMAC_GENERAL, "sha256-hmac-general") - CT (CKM_SHA384, "sha384") - CT (CKM_SHA384_HMAC, "sha384-hmac") - CT (CKM_SHA384_HMAC_GENERAL, "sha384-hmac-general") - CT (CKM_SHA512, "sha512") - CT (CKM_SHA512_HMAC, "sha512-hmac") - CT (CKM_SHA512_HMAC_GENERAL, "sha512-hmac-general") - CT (CKM_CAST_KEY_GEN, "cast-key-gen") - CT (CKM_CAST_ECB, "cast-ecb") - CT (CKM_CAST_CBC, "cast-cbc") - CT (CKM_CAST_MAC, "cast-mac") - CT (CKM_CAST_MAC_GENERAL, "cast-mac-general") - CT (CKM_CAST_CBC_PAD, "cast-cbc-pad") - CT (CKM_CAST3_KEY_GEN, "cast3-key-gen") - CT (CKM_CAST3_ECB, "cast3-ecb") - CT (CKM_CAST3_CBC, "cast3-cbc") - CT (CKM_CAST3_MAC, "cast3-mac") - CT (CKM_CAST3_MAC_GENERAL, "cast3-mac-general") - CT (CKM_CAST3_CBC_PAD, "cast3-cbc-pad") - CT (CKM_CAST5_KEY_GEN, "cast5-key-gen") - /* CT (CKM_CAST128_KEY_GEN) */ - CT (CKM_CAST5_ECB, "cast5-ecb") - /* CT (CKM_CAST128_ECB) */ - CT (CKM_CAST5_CBC, "cast5-cbc") - /* CT (CKM_CAST128_CBC) */ - CT (CKM_CAST5_MAC, "cast5-mac") - /* CT (CKM_CAST128_MAC) */ - CT (CKM_CAST5_MAC_GENERAL, "cast5-mac-general") - /* CT (CKM_CAST128_MAC_GENERAL) */ - CT (CKM_CAST5_CBC_PAD, "cast5-cbc-pad") - /* CT (CKM_CAST128_CBC_PAD) */ - CT (CKM_RC5_KEY_GEN, "rc5-key-gen") - CT (CKM_RC5_ECB, "rc5-ecb") - CT (CKM_RC5_CBC, "rc5-cbc") - CT (CKM_RC5_MAC, "rc5-mac") - CT (CKM_RC5_MAC_GENERAL, "rc5-mac-general") - CT (CKM_RC5_CBC_PAD, "rc5-cbc-pad") - CT (CKM_IDEA_KEY_GEN, "idea-key-gen") - CT (CKM_IDEA_ECB, "idea-ecb") - CT (CKM_IDEA_CBC, "idea-cbc") - CT (CKM_IDEA_MAC, "idea-mac") - CT (CKM_IDEA_MAC_GENERAL, "idea-mac-general") - CT (CKM_IDEA_CBC_PAD, "idea-cbc-pad") - CT (CKM_GENERIC_SECRET_KEY_GEN, "generic-secret-key-gen") - CT (CKM_CONCATENATE_BASE_AND_KEY, "concatenate-base-and-key") - CT (CKM_CONCATENATE_BASE_AND_DATA, "concatenate-base-and-data") - CT (CKM_CONCATENATE_DATA_AND_BASE, "concatenate-data-and-base") - CT (CKM_XOR_BASE_AND_DATA, "xor-base-and-data") - CT (CKM_EXTRACT_KEY_FROM_KEY, "extract-key-from-key") - CT (CKM_SSL3_PRE_MASTER_KEY_GEN, "ssl3-pre-master-key-gen") - CT (CKM_SSL3_MASTER_KEY_DERIVE, "ssl3-master-key-derive") - CT (CKM_SSL3_KEY_AND_MAC_DERIVE, "ssl3-key-and-mac-derive") - CT (CKM_SSL3_MASTER_KEY_DERIVE_DH, "ssl3-master-key-derive-dh") - CT (CKM_TLS_PRE_MASTER_KEY_GEN, "tls-pre-master-key-gen") - CT (CKM_TLS_MASTER_KEY_DERIVE, "tls-master-key-derive") - CT (CKM_TLS_KEY_AND_MAC_DERIVE, "tls-key-and-mac-derive") - CT (CKM_TLS_MASTER_KEY_DERIVE_DH, "tls-master-key-derive-dh") - /* CT (CKM_TLS_PRF) */ - CT (CKM_SSL3_MD5_MAC, "ssl3-md5-mac") - CT (CKM_SSL3_SHA1_MAC, "ssl3-sha1-mac") - CT (CKM_MD5_KEY_DERIVATION, "md5-key-derivation") - CT (CKM_MD2_KEY_DERIVATION, "md2-key-derivation") - CT (CKM_SHA1_KEY_DERIVATION, "sha1-key-derivation") - CT (CKM_SHA256_KEY_DERIVATION, "sha256-key-derivation") - CT (CKM_SHA384_KEY_DERIVATION, "sha384-key-derivation") - CT (CKM_SHA512_KEY_DERIVATION, "sha512-key-derivation") - CT (CKM_PBE_MD2_DES_CBC, "pbe-md2-des-cbc") - CT (CKM_PBE_MD5_DES_CBC, "pbe-md5-des-cbc") - CT (CKM_PBE_MD5_CAST_CBC, "pbe-md5-cast-cbc") - CT (CKM_PBE_MD5_CAST3_CBC, "pbe-md5-cast3-cbc") - CT (CKM_PBE_MD5_CAST5_CBC, "pbe-md5-cast5-cbc") - /* CT (CKM_PBE_MD5_CAST128_CBC) */ - CT (CKM_PBE_SHA1_CAST5_CBC, "pbe-sha1-cast5-cbc") - /* CT (CKM_PBE_SHA1_CAST128_CBC) */ - CT (CKM_PBE_SHA1_RC4_128, "pbe-sha1-rc4-128") - CT (CKM_PBE_SHA1_RC4_40, "pbe-sha1-rc4-40") - CT (CKM_PBE_SHA1_DES3_EDE_CBC, "pbe-sha1-des3-ede-cbc") - CT (CKM_PBE_SHA1_DES2_EDE_CBC, "pbe-sha1-des2-ede-cbc") - CT (CKM_PBE_SHA1_RC2_128_CBC, "pbe-sha1-rc2-128-cbc") - CT (CKM_PBE_SHA1_RC2_40_CBC, "pbe-sha1-rc2-40-cbc") - CT (CKM_PKCS5_PBKD2, "pkcs5-pbkd2") - CT (CKM_PBA_SHA1_WITH_SHA1_HMAC, "pba-sha1-with-sha1-hmac") - CT (CKM_WTLS_PRE_MASTER_KEY_GEN, "wtls-pre-master-key-gen") - CT (CKM_WTLS_MASTER_KEY_DERIVE, "wtls-master-key-derive") - CT (CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC, "wtls-master-key-derive-dh-ecc") - CT (CKM_WTLS_PRF, "wtls-prf") - CT (CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE, "wtls-server-key-and-mac-derive") - CT (CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE, "wtls-client-key-and-mac-derive") - CT (CKM_KEY_WRAP_LYNKS, "key-wrap-lynks") - CT (CKM_KEY_WRAP_SET_OAEP, "key-wrap-set-oaep") - CT (CKM_CMS_SIG, "cms-sig") - CT (CKM_SKIPJACK_KEY_GEN, "skipjack-key-gen") - CT (CKM_SKIPJACK_ECB64, "skipjack-ecb64") - CT (CKM_SKIPJACK_CBC64, "skipjack-cbc64") - CT (CKM_SKIPJACK_OFB64, "skipjack-ofb64") - CT (CKM_SKIPJACK_CFB64, "skipjack-cfb64") - CT (CKM_SKIPJACK_CFB32, "skipjack-cfb32") - CT (CKM_SKIPJACK_CFB16, "skipjack-cfb16") - CT (CKM_SKIPJACK_CFB8, "skipjack-cfb8") - CT (CKM_SKIPJACK_WRAP, "skipjack-wrap") - CT (CKM_SKIPJACK_PRIVATE_WRAP, "skipjack-private-wrap") - CT (CKM_SKIPJACK_RELAYX, "skipjack-relayx") - CT (CKM_KEA_KEY_PAIR_GEN, "kea-key-pair-gen") - CT (CKM_KEA_KEY_DERIVE, "kea-key-derive") - CT (CKM_FORTEZZA_TIMESTAMP, "fortezza-timestamp") - CT (CKM_BATON_KEY_GEN, "baton-key-gen") - CT (CKM_BATON_ECB128, "baton-ecb128") - CT (CKM_BATON_ECB96, "baton-ecb96") - CT (CKM_BATON_CBC128, "baton-cbc128") - CT (CKM_BATON_COUNTER, "baton-counter") - CT (CKM_BATON_SHUFFLE, "baton-shuffle") - CT (CKM_BATON_WRAP, "baton-wrap") - CT (CKM_ECDSA_KEY_PAIR_GEN, "ecdsa-key-pair-gen") - /* CT (CKM_EC_KEY_PAIR_GEN) */ - CT (CKM_ECDSA, "ecdsa") - CT (CKM_ECDSA_SHA1, "ecdsa-sha1") - CT (CKM_ECDH1_DERIVE, "ecdh1-derive") - CT (CKM_ECDH1_COFACTOR_DERIVE, "ecdh1-cofactor-derive") - CT (CKM_ECMQV_DERIVE, "ecmqv-derive") - CT (CKM_JUNIPER_KEY_GEN, "juniper-key-gen") - CT (CKM_JUNIPER_ECB128, "juniper-ecb128") - CT (CKM_JUNIPER_CBC128, "juniper-cbc128") - CT (CKM_JUNIPER_COUNTER, "juniper-counter") - CT (CKM_JUNIPER_SHUFFLE, "juniper-shuffle") - CT (CKM_JUNIPER_WRAP, "juniper-wrap") - CT (CKM_FASTHASH, "fasthash") - CT (CKM_AES_KEY_GEN, "aes-key-gen") - CT (CKM_AES_ECB, "aes-ecb") - CT (CKM_AES_CBC, "aes-cbc") - CT (CKM_AES_MAC, "aes-mac") - CT (CKM_AES_MAC_GENERAL, "aes-mac-general") - CT (CKM_AES_CBC_PAD, "aes-cbc-pad") - CT (CKM_BLOWFISH_KEY_GEN, "blowfish-key-gen") - CT (CKM_BLOWFISH_CBC, "blowfish-cbc") - CT (CKM_TWOFISH_KEY_GEN, "twofish-key-gen") - CT (CKM_TWOFISH_CBC, "twofish-cbc") - CT (CKM_DES_ECB_ENCRYPT_DATA, "des-ecb-encrypt-data") - CT (CKM_DES_CBC_ENCRYPT_DATA, "des-cbc-encrypt-data") - CT (CKM_DES3_ECB_ENCRYPT_DATA, "des3-ecb-encrypt-data") - CT (CKM_DES3_CBC_ENCRYPT_DATA, "des3-cbc-encrypt-data") - CT (CKM_AES_ECB_ENCRYPT_DATA, "aes-ecb-encrypt-data") - CT (CKM_AES_CBC_ENCRYPT_DATA, "aes-cbc-encrypt-data") - CT (CKM_DSA_PARAMETER_GEN, "dsa-parameter-gen") - CT (CKM_DH_PKCS_PARAMETER_GEN, "dh-pkcs-parameter-gen") - CT (CKM_X9_42_DH_PARAMETER_GEN, "x9-42-dh-parameter-gen") - { CKA_INVALID }, -}; - -#undef CT - -struct { - const p11_constant *table; - int length; -} tables[] = { - { p11_constant_types, ELEMS (p11_constant_types) - 1 }, - { p11_constant_classes, ELEMS (p11_constant_classes) - 1 }, - { p11_constant_trusts, ELEMS (p11_constant_trusts) - 1 }, - { p11_constant_certs, ELEMS (p11_constant_certs) - 1 }, - { p11_constant_keys, ELEMS (p11_constant_keys) - 1 }, - { p11_constant_asserts, ELEMS (p11_constant_asserts) - 1 }, - { p11_constant_categories, ELEMS (p11_constant_categories) - 1 }, - { p11_constant_mechanisms, ELEMS (p11_constant_mechanisms) - 1 }, - { p11_constant_states, ELEMS (p11_constant_states) - 1 }, - { p11_constant_users, ELEMS (p11_constant_users) - 1 }, - { p11_constant_returns, ELEMS (p11_constant_returns) - 1 }, -}; - -static int -compar_attr_info (const void *one, - const void *two) -{ - const p11_constant *a1 = one; - const p11_constant *a2 = two; - if (a1->value == a2->value) - return 0; - if (a1->value < a2->value) - return -1; - return 1; -} - -static const p11_constant * -lookup_info (const p11_constant *table, - CK_ATTRIBUTE_TYPE type) -{ - p11_constant match = { type, NULL, { NULL } }; - int length = -1; - int i; - - for (i = 0; i < ELEMS (tables); i++) { - if (table == tables[i].table) { - length = tables[i].length; - break; - } - } - - return_val_if_fail (length != -1, NULL); - return bsearch (&match, table, length, sizeof (p11_constant), compar_attr_info); - -} -const char * -p11_constant_name (const p11_constant *constants, - CK_ULONG type) -{ - const p11_constant *constant = lookup_info (constants, type); - return constant ? constant->name : NULL; -} - -const char * -p11_constant_nick (const p11_constant *constants, - CK_ULONG type) -{ - const p11_constant *constant = lookup_info (constants, type); - return constant ? constant->nicks[0] : NULL; -} - -p11_dict * -p11_constant_reverse (bool nick) -{ - const p11_constant *table; - p11_dict *lookups; - int length = -1; - int i, j, k; - - lookups = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); - return_val_if_fail (lookups != NULL, NULL); - - for (i = 0; i < ELEMS (tables); i++) { - table = tables[i].table; - length = tables[i].length; - - for (j = 0; j < length; j++) { - if (nick) { - for (k = 0; table[j].nicks[k] != NULL; k++) { - if (!p11_dict_set (lookups, (void *)table[j].nicks[k], - (void *)&table[j].value)) - return_val_if_reached (NULL); - } - } else { - if (!p11_dict_set (lookups, (void *)table[j].name, (void *)&table[j].value)) - return_val_if_reached (NULL); - } - } - } - - return lookups; -} - -CK_ULONG -p11_constant_resolve (p11_dict *reversed, - const char *string) -{ - CK_ULONG *ptr; - - return_val_if_fail (reversed != NULL, CKA_INVALID); - return_val_if_fail (string != NULL, CKA_INVALID); - - ptr = p11_dict_get (reversed, string); - return ptr ? *ptr : CKA_INVALID; -} diff --git a/common/constants.h b/common/constants.h deleted file mode 100644 index 1526373..0000000 --- a/common/constants.h +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright (C) 2012, Redhat Inc. - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef P11_CONSTANTS_H_ -#define P11_CONSTANTS_H_ - -#include "compat.h" -#include "dict.h" -#include "pkcs11.h" - -typedef struct { - CK_ULONG value; - const char *name; - const char *nicks[4]; -} p11_constant; - -const char * p11_constant_name (const p11_constant *constants, - CK_ULONG value); - -const char * p11_constant_nick (const p11_constant *constants, - CK_ULONG type); - -p11_dict * p11_constant_reverse (bool nick); - -CK_ULONG p11_constant_resolve (p11_dict *table, - const char *string); - -extern const p11_constant p11_constant_types[]; - -extern const p11_constant p11_constant_classes[]; - -extern const p11_constant p11_constant_trusts[]; - -extern const p11_constant p11_constant_certs[]; - -extern const p11_constant p11_constant_keys[]; - -extern const p11_constant p11_constant_asserts[]; - -extern const p11_constant p11_constant_categories[]; - -extern const p11_constant p11_constant_mechanisms[]; - -extern const p11_constant p11_constant_states[]; - -extern const p11_constant p11_constant_users[]; - -extern const p11_constant p11_constant_returns[]; - -#endif /* P11_CONSTANTS_H_ */ diff --git a/common/debug.c b/common/debug.c deleted file mode 100644 index 47933fa..0000000 --- a/common/debug.c +++ /dev/null @@ -1,158 +0,0 @@ -/* - * Copyright (c) 2011 Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * - * CONTRIBUTORS - * Stef Walter - */ - -#include "config.h" - -#include "compat.h" -#include "debug.h" - -#include -#include -#include -#include -#include -#include - -struct DebugKey { - const char *name; - int value; -}; - -static struct DebugKey debug_keys[] = { - { "lib", P11_DEBUG_LIB }, - { "conf", P11_DEBUG_CONF }, - { "uri", P11_DEBUG_URI }, - { "proxy", P11_DEBUG_PROXY }, - { "trust", P11_DEBUG_TRUST }, - { "tool", P11_DEBUG_TOOL }, - { "rpc", P11_DEBUG_RPC }, - { 0, } -}; - -static bool debug_inited = false; -static bool debug_strict = false; - -/* global variable exported in debug.h */ -int p11_debug_current_flags = ~0; - -static int -parse_environ_flags (void) -{ - const char *env; - int result = 0; - const char *p; - const char *q; - int i; - - env = secure_getenv ("P11_KIT_STRICT"); - if (env && env[0] != '\0') - debug_strict = true; - - env = getenv ("P11_KIT_DEBUG"); - if (!env) - return 0; - - if (strcmp (env, "all") == 0) { - for (i = 0; debug_keys[i].name; i++) - result |= debug_keys[i].value; - - } else if (strcmp (env, "help") == 0) { - fprintf (stderr, "Supported debug values:"); - for (i = 0; debug_keys[i].name; i++) - fprintf (stderr, " %s", debug_keys[i].name); - fprintf (stderr, "\n"); - - } else { - p = env; - while (*p) { - q = strpbrk (p, ":;, \t"); - if (!q) - q = p + strlen (p); - - for (i = 0; debug_keys[i].name; i++) { - if (q - p == strlen (debug_keys[i].name) && - strncmp (debug_keys[i].name, p, q - p) == 0) - result |= debug_keys[i].value; - } - - p = q; - if (*p) - p++; - } - } - - return result; -} - -void -p11_debug_init (void) -{ - p11_debug_current_flags = parse_environ_flags (); - debug_inited = true; -} - -void -p11_debug_message (int flag, - const char *format, ...) -{ - va_list args; - - if (flag & p11_debug_current_flags) { - fprintf (stderr, "(p11-kit:%d) ", getpid()); - va_start (args, format); - vfprintf (stderr, format, args); - va_end (args); - fprintf (stderr, "\n"); - } -} - -void -p11_debug_precond (const char *format, - ...) -{ - va_list va; - - va_start (va, format); - vfprintf (stderr, format, va); - va_end (va); - -#ifdef __COVERITY__ - fprintf (stderr, "ignoring P11_KIT_STRICT under coverity: %d", (int)debug_strict); -#else - if (debug_strict) -#endif - abort (); -} diff --git a/common/debug.h b/common/debug.h deleted file mode 100644 index 6106f19..0000000 --- a/common/debug.h +++ /dev/null @@ -1,145 +0,0 @@ -/* - * Copyright (c) 2011 Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef P11_DEBUG_H -#define P11_DEBUG_H - -#include "compat.h" - -/* Please keep this enum in sync with keys in debug.c */ -enum { - P11_DEBUG_LIB = 1 << 1, - P11_DEBUG_CONF = 1 << 2, - P11_DEBUG_URI = 1 << 3, - P11_DEBUG_PROXY = 1 << 4, - P11_DEBUG_TRUST = 1 << 5, - P11_DEBUG_TOOL = 1 << 6, - P11_DEBUG_RPC = 1 << 7, -}; - -extern int p11_debug_current_flags; - -void p11_debug_init (void); - -void p11_debug_message (int flag, - const char *format, - ...) GNUC_PRINTF (2, 3); - -void p11_debug_precond (const char *format, - ...) GNUC_PRINTF (1, 2) - CLANG_ANALYZER_NORETURN; - -#ifndef assert_not_reached -#define assert_not_reached() \ - (assert (false && "this code should not be reached")) -#endif - -#define return_val_if_fail(x, v) \ - do { if (!(x)) { \ - p11_debug_precond ("p11-kit: '%s' not true at %s\n", #x, __func__); \ - return v; \ - } } while (false) - -#define return_if_fail(x) \ - do { if (!(x)) { \ - p11_debug_precond ("p11-kit: '%s' not true at %s\n", #x, __func__); \ - return; \ - } } while (false) - -#define return_if_reached() \ - do { \ - p11_debug_precond ("p11-kit: shouldn't be reached at %s\n", __func__); \ - return; \ - } while (false) - -#define return_val_if_reached(v) \ - do { \ - p11_debug_precond ("p11-kit: shouldn't be reached at %s\n", __func__); \ - return v; \ - } while (false) - -#define warn_if_reached(v) \ - do { \ - p11_debug_precond ("p11-kit: shouldn't be reached at %s\n", __func__); \ - } while (false) - -#define warn_if_fail(x) \ - do { if (!(x)) { \ - p11_debug_precond ("p11-kit: '%s' not true at %s\n", #x, __func__); \ - } } while (false) - -#endif /* DEBUG_H */ - -/* ----------------------------------------------------------------------------- - * Below this point is outside the DEBUG_H guard - so it can take effect - * more than once. So you can do: - * - * #define P11_DEBUG_FLAG P11_DEBUG_ONE_THING - * #include "debug.h" - * ... - * p11_debug ("if we're debugging one thing"); - * ... - * #undef P11_DEBUG_FLAG - * #define P11_DEBUG_FLAG DEBUG_OTHER_THING - * #include "debug.h" - * ... - * p11_debug ("if we're debugging the other thing"); - * ... - */ - -#ifdef P11_DEBUG_FLAG -#ifdef WITH_DEBUG - -#undef p11_debug -#define p11_debug(format, ...) do { \ - if (P11_DEBUG_FLAG & p11_debug_current_flags) \ - p11_debug_message (P11_DEBUG_FLAG, "%s: " format, __PRETTY_FUNCTION__, ##__VA_ARGS__); \ - } while (0) - -#undef p11_debugging -#define p11_debugging \ - (P11_DEBUG_FLAG & p11_debug_current_flags) - -#else /* !defined (WITH_DEBUG) */ - -#undef p11_debug -#define p11_debug(format, ...) \ - do {} while (false) - -#undef p11_debugging -#define p11_debugging (0) - -#endif /* !defined (WITH_DEBUG) */ - -#endif /* defined (P11_DEBUG_FLAG) */ diff --git a/common/dict.c b/common/dict.c deleted file mode 100644 index b7ab00d..0000000 --- a/common/dict.c +++ /dev/null @@ -1,389 +0,0 @@ -/* - * Copyright (c) 2004 Stefan Walter - * Copyright (c) 2011 Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - */ - -#include "config.h" - -#include "debug.h" -#include "dict.h" -#include "hash.h" - -#include - -#include -#include -#include -#include - -struct _p11_dict { - p11_dict_hasher hash_func; - p11_dict_equals equal_func; - p11_destroyer key_destroy_func; - p11_destroyer value_destroy_func; - - struct _p11_dictbucket **buckets; - unsigned int num_items; - unsigned int num_buckets; -}; - -typedef struct _p11_dictbucket { - void *key; - unsigned int hashed; - void *value; - struct _p11_dictbucket *next; -} dictbucket; - -static dictbucket * -next_entry (p11_dictiter *iter) -{ - dictbucket *bucket = iter->next; - while (!bucket) { - if (iter->index >= iter->dict->num_buckets) - return NULL; - bucket = iter->dict->buckets[iter->index++]; - } - iter->next = bucket->next; - return bucket; -} - - -bool -p11_dict_next (p11_dictiter *iter, - void **key, - void **value) -{ - dictbucket *bucket = next_entry (iter); - if (bucket == NULL) - return false; - if (key) - *key = bucket->key; - if (value) - *value = bucket->value; - return true; -} - -void -p11_dict_iterate (p11_dict *dict, - p11_dictiter *iter) -{ - iter->dict = dict; - iter->index = 0; - iter->next = NULL; -} - -static dictbucket ** -lookup_or_create_bucket (p11_dict *dict, - const void *key, - bool create) -{ - dictbucket **bucketp; - unsigned int hash; - - /* Perform the hashing */ - hash = dict->hash_func (key); - - /* scan linked list */ - for (bucketp = &dict->buckets[hash % dict->num_buckets]; - *bucketp != NULL; bucketp = &(*bucketp)->next) { - if((*bucketp)->hashed == hash && dict->equal_func ((*bucketp)->key, key)) - break; - } - - if ((*bucketp) != NULL || !create) - return bucketp; - - /* add a new entry for non-NULL val */ - (*bucketp) = calloc (sizeof (dictbucket), 1); - - if (*bucketp != NULL) { - (*bucketp)->key = (void*)key; - (*bucketp)->hashed = hash; - dict->num_items++; - } - - return bucketp; -} - -void * -p11_dict_get (p11_dict *dict, - const void *key) -{ - dictbucket **bucketp; - - bucketp = lookup_or_create_bucket (dict, key, false); - if (bucketp && *bucketp) - return (void*)((*bucketp)->value); - else - return NULL; -} - -bool -p11_dict_set (p11_dict *dict, - void *key, - void *val) -{ - dictbucket **bucketp; - p11_dictiter iter; - dictbucket *bucket; - dictbucket **new_buckets; - unsigned int num_buckets; - - bucketp = lookup_or_create_bucket (dict, key, true); - if(bucketp && *bucketp) { - - /* Destroy the previous key */ - if ((*bucketp)->key && (*bucketp)->key != key && dict->key_destroy_func) - dict->key_destroy_func ((*bucketp)->key); - - /* Destroy the previous value */ - if ((*bucketp)->value && (*bucketp)->value != val && dict->value_destroy_func) - dict->value_destroy_func ((*bucketp)->value); - - /* replace entry */ - (*bucketp)->key = key; - (*bucketp)->value = val; - - /* check that the collision rate isn't too high */ - if (dict->num_items > dict->num_buckets) { - num_buckets = dict->num_buckets * 2 + 1; - new_buckets = (dictbucket **)calloc (sizeof (dictbucket *), num_buckets); - - /* Ignore failures, maybe we can expand later */ - if(new_buckets) { - p11_dict_iterate (dict, &iter); - while ((bucket = next_entry (&iter)) != NULL) { - unsigned int i = bucket->hashed % num_buckets; - bucket->next = new_buckets[i]; - new_buckets[i] = bucket; - } - - free (dict->buckets); - dict->buckets = new_buckets; - dict->num_buckets = num_buckets; - } - } - - return true; - } - - return_val_if_reached (false); -} - -bool -p11_dict_steal (p11_dict *dict, - const void *key, - void **stolen_key, - void **stolen_value) -{ - dictbucket **bucketp; - - bucketp = lookup_or_create_bucket (dict, key, false); - if (bucketp && *bucketp) { - dictbucket *old = *bucketp; - *bucketp = (*bucketp)->next; - --dict->num_items; - if (stolen_key) - *stolen_key = old->key; - if (stolen_value) - *stolen_value = old->value; - free (old); - return true; - } - - return false; - -} - -bool -p11_dict_remove (p11_dict *dict, - const void *key) -{ - void *old_key; - void *old_value; - - if (!p11_dict_steal (dict, key, &old_key, &old_value)) - return false; - - if (dict->key_destroy_func) - dict->key_destroy_func (old_key); - if (dict->value_destroy_func) - dict->value_destroy_func (old_value); - return true; -} - -void -p11_dict_clear (p11_dict *dict) -{ - dictbucket *bucket, *next; - unsigned int i; - - /* Free all entries in the array */ - for (i = 0; i < dict->num_buckets; ++i) { - bucket = dict->buckets[i]; - while (bucket != NULL) { - next = bucket->next; - if (dict->key_destroy_func) - dict->key_destroy_func (bucket->key); - if (dict->value_destroy_func) - dict->value_destroy_func (bucket->value); - free (bucket); - bucket = next; - } - } - - memset (dict->buckets, 0, dict->num_buckets * sizeof (dictbucket *)); - dict->num_items = 0; -} - -p11_dict * -p11_dict_new (p11_dict_hasher hash_func, - p11_dict_equals equal_func, - p11_destroyer key_destroy_func, - p11_destroyer value_destroy_func) -{ - p11_dict *dict; - - assert (hash_func); - assert (equal_func); - - dict = malloc (sizeof (p11_dict)); - if (dict) { - dict->hash_func = hash_func; - dict->equal_func = equal_func; - dict->key_destroy_func = key_destroy_func; - dict->value_destroy_func = value_destroy_func; - - dict->num_buckets = 9; - dict->buckets = (dictbucket **)calloc (sizeof (dictbucket *), dict->num_buckets); - if (!dict->buckets) { - free (dict); - return NULL; - } - - dict->num_items = 0; - } - - return dict; -} - -void -p11_dict_free (p11_dict *dict) -{ - dictbucket *bucket; - p11_dictiter iter; - - if (!dict) - return; - - p11_dict_iterate (dict, &iter); - while ((bucket = next_entry (&iter)) != NULL) { - if (dict->key_destroy_func) - dict->key_destroy_func (bucket->key); - if (dict->value_destroy_func) - dict->value_destroy_func (bucket->value); - free (bucket); - } - - if (dict->buckets) - free (dict->buckets); - - free (dict); -} - -unsigned int -p11_dict_size (p11_dict *dict) -{ - return dict->num_items; -} - -unsigned int -p11_dict_str_hash (const void *string) -{ - uint32_t hash; - p11_hash_murmur3 (&hash, string, strlen (string), NULL); - return hash; -} - -bool -p11_dict_str_equal (const void *string_one, - const void *string_two) -{ - assert (string_one); - assert (string_two); - - return strcmp (string_one, string_two) == 0; -} - -unsigned int -p11_dict_ulongptr_hash (const void *to_ulong) -{ - assert (to_ulong); - return (unsigned int)*((unsigned long*)to_ulong); -} - -bool -p11_dict_ulongptr_equal (const void *ulong_one, - const void *ulong_two) -{ - assert (ulong_one); - assert (ulong_two); - return *((unsigned long*)ulong_one) == *((unsigned long*)ulong_two); -} - -unsigned int -p11_dict_intptr_hash (const void *to_int) -{ - assert (to_int); - return (unsigned int)*((int*)to_int); -} - -bool -p11_dict_intptr_equal (const void *int_one, - const void *int_two) -{ - assert (int_one); - assert (int_two); - return *((int*)int_one) == *((int*)int_two); -} - -unsigned int -p11_dict_direct_hash (const void *ptr) -{ - return (unsigned int)(size_t)ptr; -} - -bool -p11_dict_direct_equal (const void *ptr_one, - const void *ptr_two) -{ - return ptr_one == ptr_two; -} diff --git a/common/dict.h b/common/dict.h deleted file mode 100644 index 080f6b8..0000000 --- a/common/dict.h +++ /dev/null @@ -1,180 +0,0 @@ -/* - * Copyright (c) 2004 Stefan Walter - * Copyright (c) 2011 Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Waler - */ - -#ifndef P11_DICT_H_ -#define P11_DICT_H_ - -#include "compat.h" - -/* - * ARGUMENT DOCUMENTATION - * - * dict: The dict - * key: Pointer to the key value - * val: Pointer to the value - * iter: A dict iterator - */ - - -/* ---------------------------------------------------------------------------------- - * TYPES - */ - -/* Abstract type for dicts. */ -typedef struct _p11_dict p11_dict; - -/* Type for scanning hash tables. */ -typedef struct _p11_dictiter { - p11_dict *dict; - struct _p11_dictbucket *next; - unsigned int index; -} p11_dictiter; - -typedef unsigned int (*p11_dict_hasher) (const void *data); - -typedef bool (*p11_dict_equals) (const void *one, - const void *two); - -#ifndef P11_DESTROYER_DEFINED -#define P11_DESTROYER_DEFINED - -typedef void (*p11_destroyer) (void *data); - -#endif - -/* ----------------------------------------------------------------------------- - * MAIN - */ - -/* - * p11_dict_create : Create a hash table - * - returns an allocated hashtable - */ -p11_dict * p11_dict_new (p11_dict_hasher hasher, - p11_dict_equals equals, - p11_destroyer key_destroyer, - p11_destroyer value_destroyer); - -/* - * p11_dict_free : Free a hash table - */ -void p11_dict_free (p11_dict *dict); - -/* - * p11_dict_size: Number of values in hash table - * - returns the number of entries in hash table - */ -unsigned int p11_dict_size (p11_dict *dict); - -/* - * p11_dict_get: Retrieves a value from the hash table - * - returns the value of the entry - */ -void* p11_dict_get (p11_dict *dict, - const void *key); - -/* - * p11_dict_set: Set a value in the hash table - * - returns true if the entry was added properly - */ -bool p11_dict_set (p11_dict *dict, - void *key, - void *value); - -/* - * p11_dict_remove: Remove a value from the hash table - * - returns true if the entry was found - */ -bool p11_dict_remove (p11_dict *dict, - const void *key); - -/* - * p11_dict_steal: Remove a value from the hash table without calling - * destroy funcs - * - returns true if the entry was found - */ -bool p11_dict_steal (p11_dict *dict, - const void *key, - void **stolen_key, - void **stolen_value); - -/* - * p11_dict_iterate: Start enumerating through the hash table - * - returns a hash iterator - */ -void p11_dict_iterate (p11_dict *dict, - p11_dictiter *iter); - -/* - * p11_dict_next: Enumerate through hash table - * - sets key and value to key and/or value - * - returns whether there was another entry - * - p11_dict_remove or p11_dict_steal is safe to use on - * the current key. - */ -bool p11_dict_next (p11_dictiter *iter, - void **key, - void **value); - -/* - * p11_dict_clear: Clear all values from has htable. - */ -void p11_dict_clear (p11_dict *dict); - -/* ----------------------------------------------------------------------------- - * KEY FUNCTIONS - */ - -unsigned int p11_dict_str_hash (const void *string); - -bool p11_dict_str_equal (const void *string_one, - const void *string_two); - -unsigned int p11_dict_ulongptr_hash (const void *to_ulong); - -bool p11_dict_ulongptr_equal (const void *ulong_one, - const void *ulong_two); - -unsigned int p11_dict_intptr_hash (const void *to_int); - -bool p11_dict_intptr_equal (const void *int_one, - const void *int_two); - -unsigned int p11_dict_direct_hash (const void *ptr); - -bool p11_dict_direct_equal (const void *ptr_one, - const void *ptr_two); - -#endif /* __P11_DICT_H__ */ diff --git a/common/frob-getauxval.c b/common/frob-getauxval.c deleted file mode 100644 index 02745be..0000000 --- a/common/frob-getauxval.c +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "compat.h" - -#include -#include -#include -#include - -int -main (int argc, - char *argv[]) -{ - unsigned long type = 0; - unsigned long ret; - - if (argc == 2) - type = atoi (argv[1]); - - if (type == 0) { - fprintf (stderr, "usage: frob-getauxval 23"); - abort (); - } - - ret = getauxval (type); - printf ("getauxval(%lu) == %lu\n", type, ret); - return (int)ret; -} diff --git a/common/frob-getenv.c b/common/frob-getenv.c deleted file mode 100644 index a36594a..0000000 --- a/common/frob-getenv.c +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Copyright (c) 2014 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "compat.h" - -#include -#include -#include -#include - -int -main (int argc, - char *argv[]) -{ - int ret; - const char *val; - -fprintf (stderr, "calling secure_getenv(%s) getenv(%s) = %s\n", argv[1], argv[1], getenv(argv[1])); - val = secure_getenv (argv[1]); - if (val == NULL) { - printf ("%s=NULL\n", argv[1]); - return 0; - } - - ret = atoi (val); - if (ret == 0) { - fprintf (stderr, "usage: frob-getenv VAR"); - abort (); - } - - printf ("%s=%d\n", argv[1], ret); - return ret; -} diff --git a/common/hash.c b/common/hash.c deleted file mode 100644 index 5572085..0000000 --- a/common/hash.c +++ /dev/null @@ -1,174 +0,0 @@ -/* - * Copyright (C) 2004, 2005, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH - * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE - * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -/*! \file - * SHA-1 in C - * \author By Steve Reid - * 100% Public Domain - * \verbatim - * Test Vectors - * "abc" - * A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D - * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" - * 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 - * A million repetitions of "a" - * 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F - * \endverbatim - */ - -#include "config.h" - -#include "hash.h" - -#include -#include -#include -#include - -/* This code is based on the public domain MurmurHash3 from Austin Appleby: - * http://code.google.com/p/smhasher/source/browse/trunk/MurmurHash3.cpp - * - * We use only the 32 bit variant, and slow it down a bit to support unaligned - * reads. - */ - -#if !defined(__cplusplus) && (__GNUC__ > 2) -#define GNUC_INLINE __attribute__((always_inline)) -#else -#define GNUC_INLINE -#endif - -GNUC_INLINE static inline uint32_t -rotl (uint32_t x, - int8_t r) -{ - return (x << r) | (x >> (32 - r)); -} - -/* - * Finalization mix - force all bits of a hash block to avalanche - */ - -GNUC_INLINE static inline uint32_t -fmix (uint32_t h) -{ - h ^= h >> 16; - h *= 0x85ebca6b; - h ^= h >> 13; - h *= 0xc2b2ae35; - h ^= h >> 16; - - return h; -} - - -void -p11_hash_murmur3 (void *hash, - const void *input, - size_t len, - ...) -{ - uint8_t overflow[4]; - const uint8_t *data; - va_list va; - uint32_t h1; - uint32_t k1; - uint32_t c1; - uint32_t c2; - - h1 = 42; /* arbitrary choice of seed */ - c1 = 0xcc9e2d51; - c2 = 0x1b873593; - data = input; - - /* body */ - - /* Mix 4 bytes at a time into the hash */ - va_start (va, len); - for (;;) { - if (len >= 4) { - memcpy (&k1, data, 4); - data += 4; - len -= 4; - - } else { - size_t num = len; - memcpy (overflow, data, len); - - while (num < 4) { - size_t part; - - data = va_arg (va, const void *); - if (!data) - break; - - /* Combine uint32 from old and new */ - len = va_arg (va, size_t); - part = 4 - num; - if (part > len) - part = len; - memcpy (overflow + num, data, part); - data += part; - len -= part; - num += part; - } - - if (num < 4) { - len = num; - break; - } - - memcpy (&k1, overflow, 4); - } - - k1 *= c1; - k1 = rotl (k1, 15); - k1 *= c2; - - h1 ^= k1; - h1 = rotl (h1, 13); - h1 = h1 * 5 + 0xe6546b64; - } - va_end (va); - - /* tail */ - - k1 = 0; - - switch (len) { - case 3: - k1 ^= overflow[2] << 16; - case 2: - k1 ^= overflow[1] << 8; - case 1: - k1 ^= overflow[0]; - k1 *= c1; - k1 = rotl (k1, 15); - k1 *= c2; - h1 ^= k1; - default: - break; - } - - /* finalization */ - - h1 ^= len; - h1 = fmix(h1); - - assert (sizeof (h1) == P11_HASH_MURMUR3_LEN); - memcpy (hash, &h1, sizeof (h1)); -} diff --git a/common/hash.h b/common/hash.h deleted file mode 100644 index 41371c6..0000000 --- a/common/hash.h +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef P11_HASH_H_ -#define P11_HASH_H_ - -#include "compat.h" - -#define P11_HASH_MURMUR3_LEN 4 - -void p11_hash_murmur3 (void *hash, - const void *input, - size_t length, - ...) GNUC_NULL_TERMINATED; - -#endif /* P11_HASH_H_ */ diff --git a/common/lexer.c b/common/lexer.c deleted file mode 100644 index 6253492..0000000 --- a/common/lexer.c +++ /dev/null @@ -1,239 +0,0 @@ -/* - * Copyright (c) 2005 Stefan Walter - * Copyright (c) 2011 Collabora Ltd. - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * - * CONTRIBUTORS - * Stef Walter - */ - -#include "config.h" - -#define P11_DEBUG_FLAG P11_DEBUG_CONF -#include "debug.h" -#include "lexer.h" -#include "message.h" - -#include -#include -#include -#include -#include -#include - -void -p11_lexer_init (p11_lexer *lexer, - const char *filename, - const char *data, - size_t length) -{ - return_if_fail (lexer != NULL); - - memset (lexer, 0, sizeof (p11_lexer)); - lexer->at = data; - lexer->remaining = length; - - return_if_fail (filename != NULL); - lexer->filename = strdup (filename); - return_if_fail (lexer->filename != NULL); -} - -static void -clear_state (p11_lexer *lexer) -{ - switch (lexer->tok_type) { - case TOK_FIELD: - free (lexer->tok.field.name); - free (lexer->tok.field.value); - break; - case TOK_SECTION: - free (lexer->tok.section.name); - break; - case TOK_PEM: - case TOK_EOF: - break; - } - - memset (&lexer->tok, 0, sizeof (lexer->tok)); - lexer->tok_type = TOK_EOF; - lexer->complained = false; -} - -bool -p11_lexer_next (p11_lexer *lexer, - bool *failed) -{ - const char *colon; - const char *value; - const char *line; - const char *end; - const char *pos; - char *part; - - return_val_if_fail (lexer != NULL, false); - - clear_state (lexer); - if (failed) - *failed = false; - - /* Go through lines and process them */ - while (lexer->remaining != 0) { - assert (lexer->remaining > 0); - - /* Is this line the start of a PEM block? */ - if (strncmp (lexer->at, "-----BEGIN ", 11) == 0) { - pos = strnstr (lexer->at, "\n-----END ", lexer->remaining); - if (pos != NULL) { - end = memchr (pos + 1, '\n', lexer->remaining - (pos - lexer->at) - 1); - if (end) - end += 1; - else - end = lexer->at + lexer->remaining; - lexer->tok_type = TOK_PEM; - lexer->tok.pem.begin = lexer->at; - lexer->tok.pem.length = end - lexer->at; - assert (end - lexer->at <= lexer->remaining); - lexer->remaining -= (end - lexer->at); - lexer->at = end; - return true; - } - - p11_lexer_msg (lexer, "invalid pem block: no ending line"); - if (failed) - *failed = true; - return false; - } - - line = lexer->at; - end = memchr (lexer->at, '\n', lexer->remaining); - if (end == NULL) { - end = lexer->at + lexer->remaining; - lexer->remaining = 0; - lexer->at = end; - } else { - assert ((end - lexer->at) + 1 <= lexer->remaining); - lexer->remaining -= (end - lexer->at) + 1; - lexer->at = end + 1; - } - - /* Strip whitespace from line */ - while (line != end && isspace (line[0])) - ++line; - while (line != end && isspace (*(end - 1))) - --end; - - /* Empty lines / comments at start */ - if (line == end || line[0] == '#') - continue; - - /* Is the the a section ? */ - if (line[0] == '[') { - if (*(end - 1) != ']') { - part = strndup (line, end - line); - p11_lexer_msg (lexer, "invalid section header: missing braces"); - free (part); - if (failed) - *failed = true; - return false; - } - - lexer->tok_type = TOK_SECTION; - lexer->tok.section.name = strndup (line + 1, (end - line) - 2); - return_val_if_fail (lexer->tok.section.name != NULL, false); - return true; - } - - /* Look for the break between name: value on the same line */ - colon = memchr (line, ':', end - line); - if (!colon) { - part = strndup (line, end - line); - p11_lexer_msg (lexer, "invalid field line: no colon"); - free (part); - if (failed) - *failed = true; - return false; - } - - /* Strip whitespace from name and value */ - value = colon + 1; - while (value != end && isspace (value[0])) - ++value; - while (line != colon && isspace (*(colon - 1))) - --colon; - - lexer->tok_type = TOK_FIELD; - lexer->tok.field.name = strndup (line, colon - line); - lexer->tok.field.value = strndup (value, end - value); - return_val_if_fail (lexer->tok.field.name && lexer->tok.field.value, false); - return true; - } - - return false; -} - -void -p11_lexer_done (p11_lexer *lexer) -{ - return_if_fail (lexer != NULL); - clear_state (lexer); - free (lexer->filename); - memset (lexer, 0, sizeof (p11_lexer)); -} - -void -p11_lexer_msg (p11_lexer *lexer, - const char *msg) -{ - return_if_fail (lexer != NULL); - - if (lexer->complained) - return; - - switch (lexer->tok_type) { - case TOK_FIELD: - p11_message ("%s: %s: %s", lexer->filename, - lexer->tok.field.name, msg); - break; - case TOK_SECTION: - p11_message ("%s: [%s]: %s", lexer->filename, - lexer->tok.section.name, msg); - break; - case TOK_PEM: - p11_message ("%s: BEGIN ...: %s", lexer->filename, msg); - break; - default: - p11_message ("%s: %s", lexer->filename, msg); - break; - } - - lexer->complained = true; -} diff --git a/common/lexer.h b/common/lexer.h deleted file mode 100644 index 9daf296..0000000 --- a/common/lexer.h +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Copyright (c) 2005 Stefan Walter - * Copyright (c) 2011 Collabora Ltd. - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef P11_LEXER_H__ -#define P11_LEXER_H__ - -#include "compat.h" - -enum { - TOK_EOF = 0, - TOK_SECTION = 1, - TOK_FIELD, - TOK_PEM, -}; - -typedef struct { - char *filename; - const char *at; - int remaining; - int complained; - - int tok_type; - union { - struct { - char *name; - } section; - struct { - char *name; - char *value; - } field; - struct { - const char *begin; - size_t length; - } pem; - } tok; -} p11_lexer; - -void p11_lexer_init (p11_lexer *lexer, - const char *filename, - const char *data, - size_t length); - -bool p11_lexer_next (p11_lexer *lexer, - bool *failed); - -void p11_lexer_done (p11_lexer *lexer); - -void p11_lexer_msg (p11_lexer *lexer, - const char *msg); - -#endif /* P11_LEXER_H__ */ diff --git a/common/library.c b/common/library.c deleted file mode 100644 index 502ea98..0000000 --- a/common/library.c +++ /dev/null @@ -1,212 +0,0 @@ -/* - * Copyright (c) 2011 Collabora Ltd - * Copyright (c) 2012 Stef Walter - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * - * CONTRIBUTORS - * Stef Walter - */ - -#include "config.h" - -#include "compat.h" -#define P11_DEBUG_FLAG P11_DEBUG_LIB -#include "debug.h" -#include "library.h" -#include "message.h" - -#include -#include -#include -#include -#include - -#define P11_MESSAGE_MAX 512 - -typedef struct { - char message[P11_MESSAGE_MAX]; -} p11_local; - -static p11_local * _p11_library_get_thread_local (void); - -p11_mutex_t p11_library_mutex; - -#ifdef OS_UNIX -pthread_once_t p11_library_once = PTHREAD_ONCE_INIT; -#endif - -unsigned int p11_forkid = 1; - -static char * -thread_local_message (void) -{ - p11_local *local; - local = _p11_library_get_thread_local (); - return local ? local->message : NULL; -} - -static char * -dont_store_message (void) -{ - return NULL; -} - -static void -uninit_common (void) -{ - p11_debug ("uninitializing library"); -} - -#ifdef OS_UNIX - -static pthread_key_t thread_local = 0; - -static p11_local * -_p11_library_get_thread_local (void) -{ - p11_local *local; - - p11_library_init_once (); - - local = pthread_getspecific (thread_local); - if (local == NULL) { - local = calloc (1, sizeof (p11_local)); - pthread_setspecific (thread_local, local); - } - - return local; -} - -static void -count_forks (void) -{ - /* Thread safe, executed in child, one thread exists */ - p11_forkid++; -} - -void -p11_library_init_impl (void) -{ - p11_debug_init (); - p11_debug ("initializing library"); - p11_mutex_init (&p11_library_mutex); - pthread_key_create (&thread_local, free); - p11_message_storage = thread_local_message; - - pthread_atfork (NULL, NULL, count_forks); -} - -void -p11_library_init (void) -{ - p11_library_init_once (); -} - -void -p11_library_uninit (void) -{ - uninit_common (); - - /* Some cleanup to pacify valgrind */ - free (pthread_getspecific (thread_local)); - pthread_setspecific (thread_local, NULL); - - p11_message_storage = dont_store_message; - pthread_key_delete (thread_local); - p11_mutex_uninit (&p11_library_mutex); -} - -#endif /* OS_UNIX */ - -#ifdef OS_WIN32 - -static DWORD thread_local = TLS_OUT_OF_INDEXES; - -BOOL WINAPI DllMain (HINSTANCE, DWORD, LPVOID); - -static p11_local * -_p11_library_get_thread_local (void) -{ - LPVOID data; - - if (thread_local == TLS_OUT_OF_INDEXES) - return NULL; - - data = TlsGetValue (thread_local); - if (data == NULL) { - data = LocalAlloc (LPTR, sizeof (p11_local)); - TlsSetValue (thread_local, data); - } - - return (p11_local *)data; -} - -void -p11_library_init (void) -{ - p11_debug_init (); - p11_debug ("initializing library"); - p11_mutex_init (&p11_library_mutex); - thread_local = TlsAlloc (); - if (thread_local == TLS_OUT_OF_INDEXES) - p11_debug ("couldn't setup tls"); - else - p11_message_storage = thread_local_message; -} - -void -p11_library_thread_cleanup (void) -{ - p11_local *local; - if (thread_local != TLS_OUT_OF_INDEXES) { - p11_debug ("thread stopped, freeing tls"); - local = TlsGetValue (thread_local); - LocalFree (local); - } -} - -void -p11_library_uninit (void) -{ - LPVOID data; - - uninit_common (); - - if (thread_local != TLS_OUT_OF_INDEXES) { - p11_message_storage = dont_store_message; - data = TlsGetValue (thread_local); - LocalFree (data); - TlsFree (thread_local); - } - p11_mutex_uninit (&p11_library_mutex); -} - -#endif /* OS_WIN32 */ diff --git a/common/library.h b/common/library.h deleted file mode 100644 index f87494d..0000000 --- a/common/library.h +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright (c) 2011 Collabora Ltd - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * - * CONTRIBUTORS - * Stef Walter - */ - -#ifndef P11_LIBRARY_H_ -#define P11_LIBRARY_H_ - -#include "config.h" -#include "compat.h" - -#include - -extern p11_mutex_t p11_library_mutex; - -extern unsigned int p11_forkid; - -#define p11_lock() p11_mutex_lock (&p11_library_mutex); - -#define p11_unlock() p11_mutex_unlock (&p11_library_mutex); - -#ifdef OS_WIN32 - -/* No implementation, because done by DllMain */ -#define p11_library_init_once() - -#else /* !OS_WIN32 */ -extern pthread_once_t p11_library_once; - -#define p11_library_init_once() \ - pthread_once (&p11_library_once, p11_library_init_impl); - -void p11_library_init_impl (void); - -#endif /* !OS_WIN32 */ - -void p11_library_init (void); - -void p11_library_thread_cleanup (void); - -void p11_library_uninit (void); - -#endif /* P11_LIBRARY_H_ */ diff --git a/common/message.c b/common/message.c deleted file mode 100644 index 35f2764..0000000 --- a/common/message.c +++ /dev/null @@ -1,172 +0,0 @@ -/* - * Copyright (c) 2011 Collabora Ltd - * Copyright (c) 2012 Stef Walter - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * - * CONTRIBUTORS - * Stef Walter - */ - -#include "config.h" - -/* - * Oh god. glibc is nasty. Changes behavior and definitions of POSIX - * functions to completely different signatures depending on defines - */ -#define _POSIX_C_SOURCE 200112L - -#include "compat.h" -#define P11_DEBUG_FLAG P11_DEBUG_LIB -#include "debug.h" -#include "message.h" - -#include -#include -#include -#include -#include - -static bool print_messages = true; - -static char * -default_message_storage (void) -{ - static char message[P11_MESSAGE_MAX] = { 0, }; - return message; -} - -/* Function pointer declared in message.h as extern */ -char * (* p11_message_storage) (void) = default_message_storage; - -void -p11_message_store (const char* msg, - size_t length) -{ - char *buffer; - - /* - * p11_message_storage() is called to get a storage location for - * the last message. It defaults to a globally allocated buffer - * but is overridden in library.c with a function that returns - * per thread buffers. - * - * The returned value is P11_MESSAGE_MAX bytes long - */ - buffer = p11_message_storage (); - - if (length > P11_MESSAGE_MAX - 1) - length = P11_MESSAGE_MAX - 1; - - if (buffer != NULL) { - memcpy (buffer, msg, length); - buffer[length] = 0; - } -} - -void -p11_message_err (int errnum, - const char* msg, - ...) -{ - char buffer[P11_MESSAGE_MAX]; - char strerr[P11_MESSAGE_MAX]; - va_list va; - size_t length; - - va_start (va, msg); - length = vsnprintf (buffer, P11_MESSAGE_MAX - 1, msg, va); - va_end (va); - - /* Was it truncated? */ - if (length > P11_MESSAGE_MAX - 1) - length = P11_MESSAGE_MAX - 1; - buffer[length] = 0; - - strncpy (strerr, "Unknown error", sizeof (strerr)); - strerror_r (errnum, strerr, sizeof (strerr)); - strerr[P11_MESSAGE_MAX - 1] = 0; - - p11_message ("%s: %s", buffer, strerr); -} - -void -p11_message (const char* msg, - ...) -{ - char buffer[P11_MESSAGE_MAX]; - va_list va; - size_t length; - - va_start (va, msg); - length = vsnprintf (buffer, P11_MESSAGE_MAX - 1, msg, va); - va_end (va); - - /* Was it truncated? */ - if (length > P11_MESSAGE_MAX - 1) - length = P11_MESSAGE_MAX - 1; - buffer[length] = 0; - - /* If printing is not disabled, just print out */ - if (print_messages) - fprintf (stderr, "p11-kit: %s\n", buffer); - else - p11_debug_message (P11_DEBUG_LIB, "message: %s", buffer); - p11_message_store (buffer, length); -} - -void -p11_message_quiet (void) -{ - print_messages = false; -} - -void -p11_message_loud (void) -{ - print_messages = true; -} - -const char * -p11_message_last (void) -{ - char *buffer; - buffer = p11_message_storage (); - return buffer && buffer[0] ? buffer : NULL; -} - -void -p11_message_clear (void) -{ - char *buffer; - buffer = p11_message_storage (); - if (buffer != NULL) - buffer[0] = 0; -} diff --git a/common/message.h b/common/message.h deleted file mode 100644 index 3fe86df..0000000 --- a/common/message.h +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Copyright (c) 2011 Collabora Ltd - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * - * CONTRIBUTORS - * Stef Walter - */ - -#ifndef P11_MESSAGE_H_ -#define P11_MESSAGE_H_ - -#include "compat.h" - -#include - -#define P11_MESSAGE_MAX 512 - -extern char * (* p11_message_storage) (void); - -void p11_message (const char* msg, - ...) GNUC_PRINTF (1, 2); - -void p11_message_err (int errnum, - const char* msg, - ...) GNUC_PRINTF (2, 3); - -void p11_message_store (const char* msg, - size_t length); - -const char * p11_message_last (void); - -void p11_message_clear (void); - -void p11_message_quiet (void); - -void p11_message_loud (void); - -#endif /* P11_MESSAGE_H_ */ diff --git a/common/mock.c b/common/mock.c deleted file mode 100644 index c3f2503..0000000 --- a/common/mock.c +++ /dev/null @@ -1,3975 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "debug.h" -#define CRYPTOKI_EXPORTS -#include "pkcs11.h" -#include "message.h" - -#include "mock.h" - -#include "attrs.h" -#define P11_DEBUG_FLAG P11_DEBUG_LIB -#include "debug.h" -#include "dict.h" -#include "array.h" -#include "library.h" - -#include -#include -#include -#include -#include -#include -#include - -/* ------------------------------------------------------------------- - * GLOBALS and SUPPORT STUFF - */ - -/* Various mutexes */ -static p11_mutex_t init_mutex; - -/* Whether we've been initialized, and on what process id it happened */ -static bool pkcs11_initialized = false; -static pid_t pkcs11_initialized_pid = 0; - -static CK_UTF8CHAR *the_pin = NULL; -static CK_ULONG n_the_pin = 0; - -static bool logged_in = false; -static CK_USER_TYPE the_user_type = 0; - -typedef struct _Session { - CK_SESSION_HANDLE handle; - p11_dict *objects; - CK_SESSION_INFO info; - - /* For find operations */ - bool finding; - p11_array *matches; - - bool want_context_login; - - /* For encrypt, decrypt operations */ - CK_OBJECT_HANDLE crypto_key; - CK_ATTRIBUTE_TYPE crypto_method; - CK_MECHANISM_TYPE crypto_mechanism; - - /* For sign, verify, digest, CKM_MOCK_COUNT */ - CK_MECHANISM_TYPE hash_mechanism; - CK_ATTRIBUTE_TYPE hash_method; - CK_OBJECT_HANDLE hash_key; - CK_ULONG hash_count; - - /* For 'signing' with CKM_MOCK_PREFIX */ - CK_BYTE sign_prefix[128]; - CK_ULONG n_sign_prefix; - - /* The random seed */ - CK_BYTE random_seed[128]; - CK_ULONG random_seed_len; -} Session; - -static unsigned int unique_identifier = 100; -static p11_dict *the_sessions = NULL; -static p11_dict *the_objects = NULL; - -#define SIGNED_PREFIX "signed-prefix:" - -#define handle_to_pointer(handle) \ - ((void *)(size_t)(handle)) - -#define pointer_to_handle(pointer) \ - ((CK_ULONG)(size_t)(pointer)) - -static void -free_session (void *data) -{ - Session *sess = (Session *)data; - if (sess) { - p11_dict_free (sess->objects); - p11_array_free (sess->matches); - } - free (sess); -} - -static CK_RV -lookup_object (Session *sess, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE **attrs, - p11_dict **table) -{ - CK_BBOOL priv; - - *attrs = p11_dict_get (the_objects, handle_to_pointer (object)); - if (*attrs) { - if (table) - *table = the_objects; - } else { - *attrs = p11_dict_get (sess->objects, handle_to_pointer (object)); - if (*attrs) { - if (table) - *table = sess->objects; - } - } - - if (!*attrs) - return CKR_OBJECT_HANDLE_INVALID; - else if (!logged_in && p11_attrs_find_bool (*attrs, CKA_PRIVATE, &priv) && priv) - return CKR_USER_NOT_LOGGED_IN; - - return CKR_OK; -} - -void -mock_module_add_object (CK_SLOT_ID slot_id, - const CK_ATTRIBUTE *attrs) -{ - CK_ATTRIBUTE *copy; - - return_if_fail (slot_id == MOCK_SLOT_ONE_ID); - return_if_fail (attrs != NULL); - - copy = p11_attrs_dup (attrs); - return_if_fail (copy != NULL); - - mock_module_take_object (slot_id, copy); -} - -void -mock_module_take_object (CK_SLOT_ID slot_id, - CK_ATTRIBUTE *attrs) -{ - CK_OBJECT_HANDLE object; - - return_if_fail (slot_id == MOCK_SLOT_ONE_ID); - return_if_fail (attrs != NULL); - - object = ++unique_identifier; - if (!p11_dict_set (the_objects, handle_to_pointer (object), attrs)) - return_if_reached (); -} - -static void -module_reset_objects (CK_SLOT_ID slot_id) -{ - return_if_fail (slot_id == MOCK_SLOT_ONE_ID); - - if (!the_objects) { - the_objects = p11_dict_new (p11_dict_direct_hash, - p11_dict_direct_equal, - NULL, p11_attrs_free); - return_if_fail (the_objects != NULL); - } - - p11_dict_clear (the_objects); - - /* Our token object */ - { - CK_OBJECT_CLASS klass = CKO_DATA; - char *label = "TEST LABEL"; - CK_ATTRIBUTE attrs[] = { - { CKA_CLASS, &klass, sizeof (klass) }, - { CKA_LABEL, label, strlen (label) }, - { CKA_INVALID, NULL, 0 }, - }; - p11_dict_set (the_objects, handle_to_pointer (MOCK_DATA_OBJECT), p11_attrs_dup (attrs)); - } - - /* Private capitalize key */ - { - CK_OBJECT_CLASS klass = CKO_PRIVATE_KEY; - char *label = "Private Capitalize Key"; - char *value = "value"; - CK_MECHANISM_TYPE type = CKM_MOCK_CAPITALIZE; - CK_BBOOL btrue = CK_TRUE; - CK_ATTRIBUTE attrs[] = { - { CKA_CLASS, &klass, sizeof (klass) }, - { CKA_LABEL, label, strlen (label) }, - { CKA_ALLOWED_MECHANISMS, &type, sizeof (type) }, - { CKA_DECRYPT, &btrue, sizeof (btrue) }, - { CKA_PRIVATE, &btrue, sizeof (btrue) }, - { CKA_WRAP, &btrue, sizeof (btrue) }, - { CKA_UNWRAP, &btrue, sizeof (btrue) }, - { CKA_DERIVE, &btrue, sizeof (btrue) }, - { CKA_VALUE, value, strlen (value) }, - { CKA_INVALID, NULL, 0 }, - }; - p11_dict_set (the_objects, handle_to_pointer (MOCK_PRIVATE_KEY_CAPITALIZE), p11_attrs_dup (attrs)); - - } - - { - CK_OBJECT_CLASS klass = CKO_PUBLIC_KEY; - char *label = "Public Capitalize Key"; - char *value = "value"; - CK_MECHANISM_TYPE type = CKM_MOCK_CAPITALIZE; - CK_BBOOL btrue = CK_TRUE; - CK_BBOOL bfalse = CK_FALSE; - CK_ATTRIBUTE attrs[] = { - { CKA_CLASS, &klass, sizeof (klass) }, - { CKA_LABEL, label, strlen (label) }, - { CKA_ALLOWED_MECHANISMS, &type, sizeof (type) }, - { CKA_ENCRYPT, &btrue, sizeof (btrue) }, - { CKA_PRIVATE, &bfalse, sizeof (bfalse) }, - { CKA_VALUE, value, strlen (value) }, - { CKA_INVALID, NULL, 0 }, - }; - p11_dict_set (the_objects, handle_to_pointer (MOCK_PUBLIC_KEY_CAPITALIZE), p11_attrs_dup (attrs)); - - } - - { - CK_OBJECT_CLASS klass = CKO_PRIVATE_KEY; - char *label = "Private prefix key"; - char *value = "value"; - CK_MECHANISM_TYPE type = CKM_MOCK_PREFIX; - CK_BBOOL btrue = CK_TRUE; - CK_ATTRIBUTE attrs[] = { - { CKA_CLASS, &klass, sizeof (klass) }, - { CKA_LABEL, label, strlen (label) }, - { CKA_ALLOWED_MECHANISMS, &type, sizeof (type) }, - { CKA_SIGN, &btrue, sizeof (btrue) }, - { CKA_PRIVATE, &btrue, sizeof (btrue) }, - { CKA_ALWAYS_AUTHENTICATE, &btrue, sizeof (btrue) }, - { CKA_VALUE, value, strlen (value) }, - { CKA_INVALID, NULL, 0 }, - }; - p11_dict_set (the_objects, handle_to_pointer (MOCK_PRIVATE_KEY_PREFIX), p11_attrs_dup (attrs)); - - } - - { - CK_OBJECT_CLASS klass = CKO_PUBLIC_KEY; - char *label = "Public prefix key"; - char *value = "value"; - CK_MECHANISM_TYPE type = CKM_MOCK_PREFIX; - CK_BBOOL btrue = CK_TRUE; - CK_BBOOL bfalse = CK_FALSE; - CK_ATTRIBUTE attrs[] = { - { CKA_CLASS, &klass, sizeof (klass) }, - { CKA_LABEL, label, strlen (label) }, - { CKA_ALLOWED_MECHANISMS, &type, sizeof (type) }, - { CKA_VERIFY, &btrue, sizeof (btrue) }, - { CKA_PRIVATE, &bfalse, sizeof (bfalse) }, - { CKA_ALWAYS_AUTHENTICATE, &btrue, sizeof (btrue) }, - { CKA_VALUE, value, strlen (value) }, - { CKA_INVALID, NULL, 0 }, - }; - p11_dict_set (the_objects, handle_to_pointer (MOCK_PUBLIC_KEY_PREFIX), p11_attrs_dup (attrs)); - - } -} - -static void -module_finalize (void) -{ - p11_mutex_lock (&init_mutex); - - /* This should stop all other calls in */ - pkcs11_initialized = false; - pkcs11_initialized_pid = 0; - - if (the_objects) - p11_dict_free (the_objects); - the_objects = NULL; - - if (the_sessions) - p11_dict_free (the_sessions); - the_sessions = NULL; - logged_in = false; - the_user_type = 0; - - free (the_pin); - the_pin = NULL; - n_the_pin = 0; - - p11_mutex_unlock (&init_mutex); -} - -bool -mock_module_initialized (void) -{ - return pkcs11_initialized; -} -void -mock_module_reset (void) -{ - module_finalize (); - module_reset_objects (MOCK_SLOT_ONE_ID); - -} - -void -mock_module_enumerate_objects (CK_SESSION_HANDLE handle, - mock_enumerator func, - void *user_data) -{ - p11_dictiter iter; - void *key; - void *value; - Session *sess; - - assert (the_objects != NULL); - assert (func != NULL); - - /* Token objects */ - p11_dict_iterate (the_objects, &iter); - while (p11_dict_next (&iter, &key, &value)) { - if (!(func) (pointer_to_handle (key), value, user_data)) - return; - } - - /* session objects */ - if (handle) { - sess = p11_dict_get (the_sessions, handle_to_pointer (handle)); - if (sess) { - p11_dict_iterate (sess->objects, &iter); - while (p11_dict_next (&iter, &key, &value)) { - if (!(func) (pointer_to_handle (key), value, user_data)) - return; - } - } - } -} - -/* ------------------------------------------------------------------- - * INITIALIZATION and 'GLOBAL' CALLS - */ - -CK_RV -mock_C_Initialize (CK_VOID_PTR init_args) -{ - CK_C_INITIALIZE_ARGS_PTR args = NULL; - CK_RV ret = CKR_OK; - pid_t pid; - - p11_mutex_lock (&init_mutex); - - if (init_args != NULL) { - int supplied_ok; - - /* pReserved must be NULL */ - args = init_args; - - /* ALL supplied function pointers need to have the value either NULL or non-NULL. */ - supplied_ok = (args->CreateMutex == NULL && args->DestroyMutex == NULL && - args->LockMutex == NULL && args->UnlockMutex == NULL) || - (args->CreateMutex != NULL && args->DestroyMutex != NULL && - args->LockMutex != NULL && args->UnlockMutex != NULL); - if (!supplied_ok) { - p11_debug_precond ("invalid set of mutex calls supplied\n"); - ret = CKR_ARGUMENTS_BAD; - goto done; - } - - /* - * When the CKF_OS_LOCKING_OK flag isn't set return an error. - * We must be able to use our pthread functionality. - */ - if (!(args->flags & CKF_OS_LOCKING_OK)) { - p11_debug_precond ("can't do without os locking\n"); - ret = CKR_CANT_LOCK; - goto done; - } - } - - pid = getpid (); - if (pkcs11_initialized) { - - /* This process has called C_Initialize already */ - if (pid == pkcs11_initialized_pid) { - p11_debug_precond ("p11-kit: C_Initialize called twice for same process\n"); - ret = CKR_CRYPTOKI_ALREADY_INITIALIZED; - goto done; - } - } - - /* We store CK_ULONG as pointers here, so verify that they fit */ - assert (sizeof (CK_ULONG) <= sizeof (void *)); - - free (the_pin); - the_pin = (CK_UTF8CHAR_PTR)strdup ("booo"); - n_the_pin = 4; - - if (the_sessions) - p11_dict_free (the_sessions); - the_sessions = p11_dict_new (p11_dict_direct_hash, - p11_dict_direct_equal, - NULL, free_session); - - module_reset_objects (MOCK_SLOT_ONE_ID); - -done: - /* Mark us as officially initialized */ - if (ret == CKR_OK) { - pkcs11_initialized = true; - pkcs11_initialized_pid = pid; - } else if (ret != CKR_CRYPTOKI_ALREADY_INITIALIZED) { - pkcs11_initialized = false; - pkcs11_initialized_pid = 0; - } - - p11_mutex_unlock (&init_mutex); - - return ret; -} - -CK_RV -mock_X_Initialize (CK_X_FUNCTION_LIST *self, - CK_VOID_PTR init_args) -{ - return mock_C_Initialize (init_args); -} - -CK_RV -mock_C_Initialize__fails (CK_VOID_PTR init_args) -{ - return CKR_FUNCTION_FAILED; -} - -CK_RV -mock_X_Initialize__fails (CK_X_FUNCTION_LIST *self, - CK_VOID_PTR init_args) -{ - return mock_C_Initialize__fails (init_args); -} - -CK_RV -mock_C_Finalize (CK_VOID_PTR reserved) -{ - return_val_if_fail (pkcs11_initialized, CKR_CRYPTOKI_NOT_INITIALIZED); - return_val_if_fail (reserved == NULL, CKR_ARGUMENTS_BAD); - - module_finalize (); - return CKR_OK; -} - -CK_RV -mock_X_Finalize (CK_X_FUNCTION_LIST *self, - CK_VOID_PTR reserved) -{ - return mock_C_Finalize (reserved); -} - -CK_RV -mock_C_GetInfo (CK_INFO_PTR info) -{ - return_val_if_fail (info, CKR_ARGUMENTS_BAD); - - memcpy (info, &MOCK_INFO, sizeof (*info)); - return CKR_OK; -} - -CK_RV -mock_X_GetInfo (CK_X_FUNCTION_LIST *self, - CK_INFO_PTR info) -{ - return mock_C_GetInfo (info); -} - -CK_RV -mock_C_GetFunctionList_not_supported (CK_FUNCTION_LIST_PTR_PTR list) -{ - /* This would be a strange call to receive, should be overridden */ - return_val_if_reached (CKR_FUNCTION_NOT_SUPPORTED); -} - -CK_RV -mock_C_GetSlotList (CK_BBOOL token_present, - CK_SLOT_ID_PTR slot_list, - CK_ULONG_PTR count) -{ - CK_ULONG num; - - return_val_if_fail (count, CKR_ARGUMENTS_BAD); - - num = token_present ? 1 : 2; - - /* Application only wants to know the number of slots. */ - if (slot_list == NULL) { - *count = num; - return CKR_OK; - } - - if (*count < num) - return_val_if_reached (CKR_BUFFER_TOO_SMALL); - - *count = num; - slot_list[0] = MOCK_SLOT_ONE_ID; - if (!token_present) - slot_list[1] = MOCK_SLOT_TWO_ID; - - return CKR_OK; - -} - -CK_RV -mock_C_GetSlotList__no_tokens (CK_BBOOL token_present, - CK_SLOT_ID_PTR slot_list, - CK_ULONG_PTR count) -{ - return_val_if_fail (count, CKR_ARGUMENTS_BAD); - - /* No tokens */ - *count = 0; - return CKR_OK; -} - -CK_RV -mock_X_GetSlotList__no_tokens (CK_X_FUNCTION_LIST *self, - CK_BBOOL token_present, - CK_SLOT_ID_PTR slot_list, - CK_ULONG_PTR count) -{ - return mock_C_GetSlotList__no_tokens (token_present, - slot_list, - count); -; -} - -/* Update mock-module.h URIs when updating this */ - -static const CK_SLOT_INFO MOCK_INFO_ONE = { - "TEST SLOT ", - "TEST MANUFACTURER ", - CKF_TOKEN_PRESENT | CKF_REMOVABLE_DEVICE, - { 55, 155 }, - { 65, 165 }, -}; - -/* Update mock-module.h URIs when updating this */ - -static const CK_SLOT_INFO MOCK_INFO_TWO = { - "TEST SLOT ", - "TEST MANUFACTURER ", - CKF_REMOVABLE_DEVICE, - { 55, 155 }, - { 65, 165 }, -}; - -CK_RV -mock_C_GetSlotInfo (CK_SLOT_ID slot_id, - CK_SLOT_INFO_PTR info) -{ - return_val_if_fail (info, CKR_ARGUMENTS_BAD); - - if (slot_id == MOCK_SLOT_ONE_ID) { - memcpy (info, &MOCK_INFO_ONE, sizeof (*info)); - return CKR_OK; - } else if (slot_id == MOCK_SLOT_TWO_ID) { - memcpy (info, &MOCK_INFO_TWO, sizeof (*info)); - return CKR_OK; - } else { - return CKR_SLOT_ID_INVALID; - } -} - -CK_RV -mock_C_GetSlotList__fail_first (CK_BBOOL token_present, - CK_SLOT_ID_PTR slot_list, - CK_ULONG_PTR count) -{ - return CKR_VENDOR_DEFINED; -} - -CK_RV -mock_C_GetSlotList__fail_late (CK_BBOOL token_present, - CK_SLOT_ID_PTR slot_list, - CK_ULONG_PTR count) -{ - if (!slot_list) - return mock_C_GetSlotList (token_present, slot_list, count); - return CKR_VENDOR_DEFINED; -} - -CK_RV -mock_C_GetSlotInfo__invalid_slotid (CK_SLOT_ID id, - CK_SLOT_INFO_PTR info) -{ - return_val_if_fail (info, CKR_ARGUMENTS_BAD); - - return CKR_SLOT_ID_INVALID; -} - -CK_RV -mock_X_GetSlotInfo__invalid_slotid (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID id, - CK_SLOT_INFO_PTR info) -{ - return_val_if_fail (info, CKR_ARGUMENTS_BAD); - - return CKR_SLOT_ID_INVALID; -} - -/* Update gck-mock.h URIs when updating this */ - -static const CK_TOKEN_INFO MOCK_TOKEN_ONE = { - "TEST LABEL ", - "TEST MANUFACTURER ", - "TEST MODEL ", - "TEST SERIAL ", - CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED | CKF_CLOCK_ON_TOKEN | CKF_TOKEN_INITIALIZED, - 1, - 2, - 3, - 4, - 5, - 6, - 7, - 8, - 9, - 10, - { 75, 175 }, - { 85, 185 }, - { '1', '9', '9', '9', '0', '5', '2', '5', '0', '9', '1', '9', '5', '9', '0', '0' } -}; - -CK_RV -mock_C_GetTokenInfo (CK_SLOT_ID slot_id, - CK_TOKEN_INFO_PTR info) -{ - return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD); - - if (slot_id == MOCK_SLOT_ONE_ID) { - memcpy (info, &MOCK_TOKEN_ONE, sizeof (*info)); - return CKR_OK; - } else if (slot_id == MOCK_SLOT_TWO_ID) { - return CKR_TOKEN_NOT_PRESENT; - } else { - return CKR_SLOT_ID_INVALID; - } -} - -CK_RV -mock_C_GetTokenInfo__invalid_slotid (CK_SLOT_ID slot_id, - CK_TOKEN_INFO_PTR info) -{ - return_val_if_fail (info, CKR_ARGUMENTS_BAD); - - return CKR_SLOT_ID_INVALID; -} - -CK_RV -mock_X_GetTokenInfo__invalid_slotid (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_TOKEN_INFO_PTR info) -{ - return_val_if_fail (info, CKR_ARGUMENTS_BAD); - - return CKR_SLOT_ID_INVALID; -} - -/* - * TWO mechanisms: - * CKM_MOCK_CAPITALIZE - * CKM_MOCK_PREFIX - */ - -CK_RV -mock_C_GetMechanismList (CK_SLOT_ID slot_id, - CK_MECHANISM_TYPE_PTR mechanism_list, - CK_ULONG_PTR count) -{ - return_val_if_fail (count != NULL, CKR_ARGUMENTS_BAD); - - if (slot_id == MOCK_SLOT_TWO_ID) - return CKR_TOKEN_NOT_PRESENT; - else if (slot_id != MOCK_SLOT_ONE_ID) - return CKR_SLOT_ID_INVALID; - - /* Application only wants to know the number of slots. */ - if (mechanism_list == NULL) { - *count = 2; - return CKR_OK; - } - - if (*count < 2) - return_val_if_reached (CKR_BUFFER_TOO_SMALL); - - mechanism_list[0] = CKM_MOCK_CAPITALIZE; - mechanism_list[1] = CKM_MOCK_PREFIX; - *count = 2; - return CKR_OK; -} - -CK_RV -mock_C_GetTokenInfo__not_initialized (CK_SLOT_ID slot_id, - CK_TOKEN_INFO_PTR info) -{ - CK_RV rv; - - rv = mock_C_GetTokenInfo (slot_id, info); - if (rv == CKR_OK) - info->flags &= ~ CKF_TOKEN_INITIALIZED; - - return rv; -} - -/* - * TWO mechanisms: - * CKM_MOCK_CAPITALIZE - * CKM_MOCK_PREFIX - */ - -CK_RV -mock_C_GetMechanismList__invalid_slotid (CK_SLOT_ID id, - CK_MECHANISM_TYPE_PTR mechanism_list, - CK_ULONG_PTR count) -{ - return_val_if_fail (count, CKR_ARGUMENTS_BAD); - - return CKR_SLOT_ID_INVALID; -} - -CK_RV -mock_X_GetMechanismList__invalid_slotid (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID id, - CK_MECHANISM_TYPE_PTR mechanism_list, - CK_ULONG_PTR count) -{ - return_val_if_fail (count, CKR_ARGUMENTS_BAD); - - return CKR_SLOT_ID_INVALID; -} - -static const CK_MECHANISM_INFO MOCK_MECH_CAPITALIZE = { - 512, 4096, CKF_ENCRYPT | CKF_DECRYPT -}; - -static const CK_MECHANISM_INFO MOCK_MECH_PREFIX = { - 2048, 2048, CKF_SIGN | CKF_VERIFY -}; - -CK_RV -mock_C_GetMechanismInfo (CK_SLOT_ID slot_id, - CK_MECHANISM_TYPE type, - CK_MECHANISM_INFO_PTR info) -{ - return_val_if_fail (info, CKR_ARGUMENTS_BAD); - - if (slot_id == MOCK_SLOT_TWO_ID) - return CKR_TOKEN_NOT_PRESENT; - else if (slot_id != MOCK_SLOT_ONE_ID) - return CKR_SLOT_ID_INVALID; - - if (type == CKM_MOCK_CAPITALIZE) { - memcpy (info, &MOCK_MECH_CAPITALIZE, sizeof (*info)); - return CKR_OK; - } else if (type == CKM_MOCK_PREFIX) { - memcpy (info, &MOCK_MECH_PREFIX, sizeof (*info)); - return CKR_OK; - } else { - return CKR_MECHANISM_INVALID; - } -} - -CK_RV -mock_C_GetMechanismInfo__invalid_slotid (CK_SLOT_ID slot_id, - CK_MECHANISM_TYPE type, - CK_MECHANISM_INFO_PTR info) -{ - return_val_if_fail (info, CKR_ARGUMENTS_BAD); - - return CKR_SLOT_ID_INVALID; -} - -CK_RV -mock_X_GetMechanismInfo__invalid_slotid (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_MECHANISM_TYPE type, - CK_MECHANISM_INFO_PTR info) -{ - return_val_if_fail (info, CKR_ARGUMENTS_BAD); - - return CKR_SLOT_ID_INVALID; -} - -CK_RV -mock_C_InitToken__specific_args (CK_SLOT_ID slot_id, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len, - CK_UTF8CHAR_PTR label) -{ - return_val_if_fail (pin != NULL, CKR_ARGUMENTS_BAD); - return_val_if_fail (label != NULL, CKR_ARGUMENTS_BAD); - - if (slot_id == MOCK_SLOT_TWO_ID) - return CKR_TOKEN_NOT_PRESENT; - else if (slot_id != MOCK_SLOT_ONE_ID) - return CKR_SLOT_ID_INVALID; - - if (strlen ("TEST PIN") != pin_len || - strncmp ((char *)pin, "TEST PIN", pin_len) != 0) - return CKR_PIN_INVALID; - if (strcmp ((char *)label, "TEST LABEL") != 0) - return CKR_ARGUMENTS_BAD; - - free (the_pin); - the_pin = memdup (pin, pin_len); - return_val_if_fail (the_pin != NULL, CKR_HOST_MEMORY); - n_the_pin = pin_len; - return CKR_OK; -} - -CK_RV -mock_C_InitToken__invalid_slotid (CK_SLOT_ID slot_id, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len, - CK_UTF8CHAR_PTR label) -{ - return CKR_SLOT_ID_INVALID; -} - -CK_RV -mock_X_InitToken__invalid_slotid (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len, - CK_UTF8CHAR_PTR label) -{ - return CKR_SLOT_ID_INVALID; -} - -CK_RV -mock_C_WaitForSlotEvent (CK_FLAGS flags, - CK_SLOT_ID_PTR slot, - CK_VOID_PTR reserved) -{ - return_val_if_fail (slot, CKR_ARGUMENTS_BAD); - - if (flags & CKF_DONT_BLOCK) - return CKR_NO_EVENT; - - *slot = MOCK_SLOT_TWO_ID; - return CKR_OK; -} - -CK_RV -mock_C_WaitForSlotEvent__no_event (CK_FLAGS flags, - CK_SLOT_ID_PTR slot, - CK_VOID_PTR reserved) -{ - return_val_if_fail (slot, CKR_ARGUMENTS_BAD); - - return CKR_NO_EVENT; -} - -CK_RV -mock_X_WaitForSlotEvent__no_event (CK_X_FUNCTION_LIST *self, - CK_FLAGS flags, - CK_SLOT_ID_PTR slot, - CK_VOID_PTR reserved) -{ - return_val_if_fail (slot, CKR_ARGUMENTS_BAD); - - return CKR_NO_EVENT; -} - -CK_RV -mock_C_OpenSession (CK_SLOT_ID slot_id, - CK_FLAGS flags, - CK_VOID_PTR user_data, - CK_NOTIFY callback, - CK_SESSION_HANDLE_PTR session) -{ - Session *sess; - - return_val_if_fail (session, CKR_ARGUMENTS_BAD); - - if (slot_id == MOCK_SLOT_TWO_ID) - return CKR_TOKEN_NOT_PRESENT; - else if (slot_id != MOCK_SLOT_ONE_ID) - return CKR_SLOT_ID_INVALID; - if ((flags & CKF_SERIAL_SESSION) != CKF_SERIAL_SESSION) - return CKR_SESSION_PARALLEL_NOT_SUPPORTED; - - sess = calloc (1, sizeof (Session)); - sess->handle = ++unique_identifier; - sess->info.flags = flags; - sess->info.slotID = slot_id; - sess->info.state = 0; - sess->info.ulDeviceError = 1414; - sess->objects = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, - NULL, p11_attrs_free); - *session = sess->handle; - - memcpy (sess->random_seed, "random", 6); - sess->random_seed_len = 6; - - p11_dict_set (the_sessions, handle_to_pointer (sess->handle), sess); - return CKR_OK; -} - -CK_RV -mock_C_OpenSession__invalid_slotid (CK_SLOT_ID slot_id, - CK_FLAGS flags, - CK_VOID_PTR user_data, - CK_NOTIFY callback, - CK_SESSION_HANDLE_PTR session) -{ - return_val_if_fail (session, CKR_ARGUMENTS_BAD); - - return CKR_SLOT_ID_INVALID; -} - -CK_RV -mock_X_OpenSession__invalid_slotid (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_FLAGS flags, - CK_VOID_PTR user_data, - CK_NOTIFY callback, - CK_SESSION_HANDLE_PTR session) -{ - return_val_if_fail (session, CKR_ARGUMENTS_BAD); - - return CKR_SLOT_ID_INVALID; -} - -CK_RV -mock_C_OpenSession__fails (CK_SLOT_ID slot_id, - CK_FLAGS flags, - CK_VOID_PTR user_data, - CK_NOTIFY callback, - CK_SESSION_HANDLE_PTR session) -{ - return_val_if_fail (session, CKR_ARGUMENTS_BAD); - - return CKR_DEVICE_ERROR; -} - -CK_RV -mock_C_CloseSession (CK_SESSION_HANDLE session) -{ - Session *sess; - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (!sess) - return CKR_SESSION_HANDLE_INVALID; - - p11_dict_remove (the_sessions, handle_to_pointer (session)); - return CKR_OK; -} - -CK_RV -mock_C_CloseSession__invalid_handle (CK_SESSION_HANDLE session) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_CloseSession__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_CloseAllSessions (CK_SLOT_ID slot_id) -{ - if (slot_id == MOCK_SLOT_TWO_ID) - return CKR_TOKEN_NOT_PRESENT; - else if (slot_id != MOCK_SLOT_ONE_ID) - return CKR_SLOT_ID_INVALID; - - p11_dict_clear (the_sessions); - return CKR_OK; -} - -CK_RV -mock_C_CloseAllSessions__invalid_slotid (CK_SLOT_ID slot_id) -{ - return CKR_SLOT_ID_INVALID; -} - -CK_RV -mock_X_CloseAllSessions__invalid_slotid (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id) -{ - return CKR_SLOT_ID_INVALID; -} - -CK_RV -mock_C_GetFunctionStatus (CK_SESSION_HANDLE session) -{ - if (!p11_dict_get (the_sessions, handle_to_pointer (session))) - return CKR_SESSION_HANDLE_INVALID; - return CKR_FUNCTION_NOT_PARALLEL; -} - -CK_RV -mock_C_GetFunctionStatus__not_parallel (CK_SESSION_HANDLE session) -{ - return CKR_FUNCTION_NOT_PARALLEL; -} - -CK_RV -mock_C_CancelFunction (CK_SESSION_HANDLE session) -{ - if (!p11_dict_get (the_sessions, handle_to_pointer (session))) - return CKR_SESSION_HANDLE_INVALID; - return CKR_FUNCTION_NOT_PARALLEL; -} - -CK_RV -mock_C_CancelFunction__not_parallel (CK_SESSION_HANDLE session) -{ - return CKR_FUNCTION_NOT_PARALLEL; -} - -CK_RV -mock_C_GetSessionInfo (CK_SESSION_HANDLE session, - CK_SESSION_INFO_PTR info) -{ - Session *sess; - - return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD); - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (!sess) - return CKR_SESSION_HANDLE_INVALID; - - if (logged_in) { - if (sess->info.flags & CKF_RW_SESSION) - sess->info.state = CKS_RW_USER_FUNCTIONS; - else - sess->info.state = CKS_RO_USER_FUNCTIONS; - } else { - if (sess->info.flags & CKF_RW_SESSION) - sess->info.state = CKS_RW_PUBLIC_SESSION; - else - sess->info.state = CKS_RO_PUBLIC_SESSION; - } - - memcpy (info, &sess->info, sizeof (*info)); - return CKR_OK; -} - -CK_RV -mock_C_GetSessionInfo__invalid_handle (CK_SESSION_HANDLE session, - CK_SESSION_INFO_PTR info) -{ - return_val_if_fail (info, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_GetSessionInfo__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_SESSION_INFO_PTR info) -{ - return_val_if_fail (info, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_InitPIN__specific_args (CK_SESSION_HANDLE session, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len) -{ - Session *sess; - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (sess == NULL) - return CKR_SESSION_HANDLE_INVALID; - - if (strlen ("TEST PIN") != pin_len || - strncmp ((char *)pin, "TEST PIN", pin_len) != 0) - return CKR_PIN_INVALID; - - free (the_pin); - the_pin = memdup (pin, pin_len); - return_val_if_fail (the_pin != NULL, CKR_HOST_MEMORY); - n_the_pin = pin_len; - return CKR_OK; -} - -CK_RV -mock_C_InitPIN__invalid_handle (CK_SESSION_HANDLE session, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_InitPIN__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_SetPIN__specific_args (CK_SESSION_HANDLE session, - CK_UTF8CHAR_PTR old_pin, - CK_ULONG old_pin_len, - CK_UTF8CHAR_PTR new_pin, - CK_ULONG new_pin_len) -{ - Session *sess; - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (sess == NULL) - return CKR_SESSION_HANDLE_INVALID; - - if (old_pin_len != n_the_pin) - return CKR_PIN_INCORRECT; - if (memcmp (old_pin, the_pin, n_the_pin) != 0) - return CKR_PIN_INCORRECT; - - if (strlen ("TEST PIN") != new_pin_len || - strncmp ((char *)new_pin, "TEST PIN", new_pin_len) != 0) - return CKR_PIN_INVALID; - - free (the_pin); - the_pin = memdup (new_pin, new_pin_len); - return_val_if_fail (the_pin != NULL, CKR_HOST_MEMORY); - n_the_pin = new_pin_len; - return CKR_OK; -} - -CK_RV -mock_C_SetPIN__invalid_handle (CK_SESSION_HANDLE session, - CK_UTF8CHAR_PTR old_pin, - CK_ULONG old_pin_len, - CK_UTF8CHAR_PTR new_pin, - CK_ULONG new_pin_len) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_SetPIN__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_UTF8CHAR_PTR old_pin, - CK_ULONG old_pin_len, - CK_UTF8CHAR_PTR new_pin, - CK_ULONG new_pin_len) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_GetOperationState (CK_SESSION_HANDLE session, - CK_BYTE_PTR operation_state, - CK_ULONG_PTR operation_state_len) -{ - Session *sess; - - return_val_if_fail (operation_state_len, CKR_ARGUMENTS_BAD); - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (sess == NULL) - return CKR_SESSION_HANDLE_INVALID; - - if (!operation_state) { - *operation_state_len = sizeof (sess); - return CKR_OK; - } - - if (*operation_state_len < sizeof (sess)) - return CKR_BUFFER_TOO_SMALL; - - memcpy (operation_state, &sess, sizeof (sess)); - *operation_state_len = sizeof (sess); - return CKR_OK; -} - -CK_RV -mock_C_GetOperationState__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR operation_state, - CK_ULONG_PTR operation_state_len) -{ - return CKR_FUNCTION_NOT_SUPPORTED; -} - -CK_RV -mock_X_GetOperationState__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR operation_state, - CK_ULONG_PTR operation_state_len) -{ - return CKR_FUNCTION_NOT_SUPPORTED; -} - -CK_RV -mock_C_SetOperationState (CK_SESSION_HANDLE session, - CK_BYTE_PTR operation_state, - CK_ULONG operation_state_len, - CK_OBJECT_HANDLE encryption_key, - CK_OBJECT_HANDLE authentication_key) -{ - Session *sess; - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (sess == NULL) - return CKR_SESSION_HANDLE_INVALID; - - if (!operation_state || operation_state_len != sizeof (sess)) - return CKR_ARGUMENTS_BAD; - - /* Yes, just arbitrary numbers, to make sure they got through */ - if (encryption_key != 355 || authentication_key != 455) - return CKR_KEY_HANDLE_INVALID; - if (memcmp (operation_state, &sess, sizeof (sess)) != 0) - return CKR_SAVED_STATE_INVALID; - return CKR_OK; -} - -CK_RV -mock_C_SetOperationState__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR operation_state, - CK_ULONG operation_state_len, - CK_OBJECT_HANDLE encryption_key, - CK_OBJECT_HANDLE authentication_key) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_SetOperationState__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR operation_state, - CK_ULONG operation_state_len, - CK_OBJECT_HANDLE encryption_key, - CK_OBJECT_HANDLE authentication_key) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_Login (CK_SESSION_HANDLE session, - CK_USER_TYPE user_type, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len) -{ - Session *sess; - - return_val_if_fail (user_type == CKU_SO || - user_type == CKU_USER || - user_type == CKU_CONTEXT_SPECIFIC, - CKR_USER_TYPE_INVALID); - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (sess == NULL) - return CKR_SESSION_HANDLE_INVALID; - - if (logged_in && user_type != CKU_CONTEXT_SPECIFIC) - return CKR_USER_ALREADY_LOGGED_IN; - - if (!pin) - return CKR_PIN_INCORRECT; - - if (pin_len != n_the_pin) - return CKR_PIN_INCORRECT; - if (strncmp ((char *)pin, (char *)the_pin, pin_len) != 0) - return CKR_PIN_INCORRECT; - - if (user_type == CKU_CONTEXT_SPECIFIC) { - return_val_if_fail (sess->want_context_login, CKR_OPERATION_NOT_INITIALIZED); - sess->want_context_login = false; - } else { - logged_in = true; - the_user_type = user_type; - } - - return CKR_OK; -} - -CK_RV -mock_C_Login__invalid_handle (CK_SESSION_HANDLE session, - CK_USER_TYPE user_type, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_Login__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_USER_TYPE user_type, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_Logout (CK_SESSION_HANDLE session) -{ - Session *sess; - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (!sess) - return CKR_SESSION_HANDLE_INVALID; - - if (!logged_in) - return CKR_USER_NOT_LOGGED_IN; - - logged_in = false; - the_user_type = 0; - return CKR_OK; -} - -CK_RV -mock_C_Logout__invalid_handle (CK_SESSION_HANDLE session) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_Logout__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_CreateObject (CK_SESSION_HANDLE session, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR object) -{ - CK_ATTRIBUTE *attrs; - Session *sess; - CK_BBOOL token, priv; - - return_val_if_fail (object, CKR_ARGUMENTS_BAD); - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (!sess) - return CKR_SESSION_HANDLE_INVALID; - - attrs = p11_attrs_buildn (NULL, template, count); - - if (p11_attrs_find_bool (attrs, CKA_PRIVATE, &priv) && priv) { - if (!logged_in) { - p11_attrs_free (attrs); - return CKR_USER_NOT_LOGGED_IN; - } - } - - *object = ++unique_identifier; - if (p11_attrs_find_bool (attrs, CKA_TOKEN, &token) && token) - p11_dict_set (the_objects, handle_to_pointer (*object), attrs); - else - p11_dict_set (sess->objects, handle_to_pointer (*object), attrs); - - return CKR_OK; -} - -CK_RV -mock_C_CreateObject__invalid_handle (CK_SESSION_HANDLE session, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR new_object) -{ - return_val_if_fail (new_object, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_CreateObject__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR new_object) -{ - return_val_if_fail (new_object, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_CopyObject (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR new_object) -{ - CK_ATTRIBUTE *attrs; - Session *sess; - CK_BBOOL token, priv; - CK_RV rv; - - return_val_if_fail (object, CKR_ARGUMENTS_BAD); - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (!sess) - return CKR_SESSION_HANDLE_INVALID; - - rv = lookup_object (sess, object, &attrs, NULL); - if (rv != CKR_OK) - return rv; - - if (p11_attrs_find_bool (attrs, CKA_PRIVATE, &priv) && priv) { - if (!logged_in) - return CKR_USER_NOT_LOGGED_IN; - } - - attrs = p11_attrs_buildn (p11_attrs_dup (attrs), template, count); - - *new_object = ++unique_identifier; - if (p11_attrs_find_bool (attrs, CKA_TOKEN, &token) && token) - p11_dict_set (the_objects, handle_to_pointer (*new_object), attrs); - else - p11_dict_set (sess->objects, handle_to_pointer (*new_object), attrs); - - return CKR_OK; -} - -CK_RV -mock_C_CopyObject__invalid_handle (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR new_object) -{ - return_val_if_fail (new_object, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - - -CK_RV -mock_X_CopyObject__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR new_object) -{ - return_val_if_fail (new_object, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_DestroyObject (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object) -{ - CK_ATTRIBUTE *attrs; - Session *sess; - p11_dict *table; - CK_RV rv; - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (!sess) - return CKR_SESSION_HANDLE_INVALID; - - rv = lookup_object (sess, object, &attrs, &table); - if (rv != CKR_OK) - return rv; - - p11_dict_remove (table, handle_to_pointer (object)); - return CKR_OK; -} - -CK_RV -mock_C_DestroyObject__invalid_handle (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_DestroyObject__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_GetObjectSize (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ULONG_PTR size) -{ - CK_ATTRIBUTE *attrs; - Session *sess; - CK_RV rv; - CK_ULONG i; - - return_val_if_fail (size != NULL, CKR_ARGUMENTS_BAD); - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (!sess) - return CKR_SESSION_HANDLE_INVALID; - - rv = lookup_object (sess, object, &attrs, NULL); - if (rv != CKR_OK) - return rv; - - *size = 0; - for (i = 0; !p11_attrs_terminator (attrs + i); i++) { - if (attrs[i].ulValueLen != (CK_ULONG)-1) - *size += attrs[i].ulValueLen; - } - - return CKR_OK; -} - -CK_RV -mock_C_GetObjectSize__invalid_handle (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ULONG_PTR size) -{ - return_val_if_fail (size, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_GetObjectSize__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ULONG_PTR size) -{ - return_val_if_fail (size, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_GetAttributeValue (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - CK_ATTRIBUTE *result; - CK_RV ret = CKR_OK; - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *attr; - Session *sess; - CK_ULONG i; - CK_RV rv; - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (sess == NULL) - return CKR_SESSION_HANDLE_INVALID; - - rv = lookup_object (sess, object, &attrs, NULL); - if (rv != CKR_OK) - return rv; - - for (i = 0; i < count; ++i) { - result = template + i; - attr = p11_attrs_find (attrs, result->type); - if (!attr) { - result->ulValueLen = (CK_ULONG)-1; - ret = CKR_ATTRIBUTE_TYPE_INVALID; - continue; - } - - if (!result->pValue) { - result->ulValueLen = attr->ulValueLen; - continue; - } - - if (result->ulValueLen >= attr->ulValueLen) { - memcpy (result->pValue, attr->pValue, attr->ulValueLen); - result->ulValueLen = attr->ulValueLen; - continue; - } - - result->ulValueLen = (CK_ULONG)-1; - ret = CKR_BUFFER_TOO_SMALL; - } - - return ret; -} - -CK_RV -mock_C_GetAttributeValue__invalid_handle (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_GetAttributeValue__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_GetAttributeValue__fail_first (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - return CKR_FUNCTION_REJECTED; -} - -CK_RV -mock_C_GetAttributeValue__fail_late (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - CK_ULONG i; - - for (i = 0; i < count; i++) { - if (template[i].pValue) - return CKR_FUNCTION_FAILED; - } - return mock_C_GetAttributeValue (session, object, template, count); -} - -CK_RV -mock_C_SetAttributeValue (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - Session *sess; - CK_ATTRIBUTE *attrs; - p11_dict *table; - CK_RV rv; - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (!sess) - return CKR_SESSION_HANDLE_INVALID; - - rv = lookup_object (sess, object, &attrs, &table); - if (rv != CKR_OK) - return rv; - - p11_dict_steal (table, handle_to_pointer (object), NULL, (void **)&attrs); - attrs = p11_attrs_buildn (attrs, template, count); - p11_dict_set (table, handle_to_pointer (object), attrs); - return CKR_OK; -} - -CK_RV -mock_C_SetAttributeValue__invalid_handle (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_SetAttributeValue__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -typedef struct _FindObjects { - CK_ATTRIBUTE *template; - CK_ULONG count; - Session *sess; -} FindObjects; - -static bool -enumerate_and_find_objects (CK_OBJECT_HANDLE object, - CK_ATTRIBUTE *attrs, - void *user_data) -{ - FindObjects *ctx = user_data; - CK_ATTRIBUTE *match; - CK_ATTRIBUTE *attr; - CK_BBOOL private; - CK_ULONG i; - - if (!logged_in) { - if (p11_attrs_find_bool (attrs, CKA_PRIVATE, &private) && private) - return 1; /* Continue */ - } - - for (i = 0; i < ctx->count; ++i) { - match = ctx->template + i; - attr = p11_attrs_find (attrs, match->type); - if (!attr) - return true; /* Continue */ - - if (attr->ulValueLen != match->ulValueLen || - memcmp (attr->pValue, match->pValue, attr->ulValueLen) != 0) - return true; /* Continue */ - } - - p11_array_push (ctx->sess->matches, handle_to_pointer (object)); - return true; /* Continue */ -} - -static int -compar_handles (const void *one, - const void *two) -{ - void **p1 = (void **)one; - void **p2 = (void **)two; - return pointer_to_handle (*p2) - pointer_to_handle (*p1); -} - -CK_RV -mock_C_FindObjectsInit (CK_SESSION_HANDLE session, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - Session *sess; - FindObjects ctx; - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (!sess) - return CKR_SESSION_HANDLE_INVALID; - - /* Starting an operation, cancels any previous one */ - sess->crypto_mechanism = 0; - sess->hash_mechanism = 0; - - sess->finding = true; - p11_array_free (sess->matches); - sess->matches = p11_array_new (NULL); - - ctx.template = template; - ctx.count = count; - ctx.sess = sess; - - mock_module_enumerate_objects (session, enumerate_and_find_objects, &ctx); - qsort (sess->matches->elem, sess->matches->num, sizeof (void *), compar_handles); - return CKR_OK; -} - -CK_RV -mock_C_FindObjectsInit__invalid_handle (CK_SESSION_HANDLE session, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_FindObjectsInit__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_FindObjectsInit__fails (CK_SESSION_HANDLE session, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - return CKR_DEVICE_MEMORY; -} - -CK_RV -mock_C_FindObjects (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE_PTR objects, - CK_ULONG max_object_count, - CK_ULONG_PTR object_count) -{ - Session *sess; - - return_val_if_fail (objects, CKR_ARGUMENTS_BAD); - return_val_if_fail (object_count, CKR_ARGUMENTS_BAD); - return_val_if_fail (max_object_count != 0, CKR_ARGUMENTS_BAD); - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (sess == NULL) - return CKR_SESSION_HANDLE_INVALID; - if (!sess->finding) - return CKR_OPERATION_NOT_INITIALIZED; - - *object_count = 0; - while (max_object_count > 0) { - if (sess->matches->num == 0) - break; - *objects = pointer_to_handle (sess->matches->elem[sess->matches->num - 1]); - ++objects; - --max_object_count; - ++(*object_count); - p11_array_remove (sess->matches, sess->matches->num - 1); - } - - return CKR_OK; -} - -CK_RV -mock_C_FindObjects__invalid_handle (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE_PTR objects, - CK_ULONG max_count, - CK_ULONG_PTR count) -{ - return_val_if_fail (count, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_FindObjects__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE_PTR objects, - CK_ULONG max_count, - CK_ULONG_PTR count) -{ - return_val_if_fail (count, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_FindObjects__fails (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE_PTR objects, - CK_ULONG max_count, - CK_ULONG_PTR count) -{ - return_val_if_fail (count, CKR_ARGUMENTS_BAD); - - return CKR_DEVICE_REMOVED; -} - -CK_RV -mock_C_FindObjectsFinal (CK_SESSION_HANDLE session) -{ - - Session *sess; - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (sess == NULL) - return CKR_SESSION_HANDLE_INVALID; - if (!sess->finding) - return CKR_OPERATION_NOT_INITIALIZED; - - sess->finding = false; - p11_array_free (sess->matches); - sess->matches = NULL; - - return CKR_OK; -} - -CK_RV -mock_C_FindObjectsFinal__invalid_handle (CK_SESSION_HANDLE session) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_FindObjectsFinal__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_EncryptInit (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - Session *sess; - - return_val_if_fail (mechanism != NULL, CKR_ARGUMENTS_BAD); - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (!sess) - return CKR_SESSION_HANDLE_INVALID; - - /* Starting an operation, cancels any previous one */ - sess->finding = CK_FALSE; - - if (mechanism->mechanism != CKM_MOCK_CAPITALIZE) - return CKR_MECHANISM_INVALID; - if (key != MOCK_PUBLIC_KEY_CAPITALIZE) - return CKR_KEY_HANDLE_INVALID; - - sess->crypto_method = CKA_ENCRYPT; - sess->crypto_mechanism = CKM_MOCK_CAPITALIZE; - sess->crypto_key = key; - return CKR_OK; -} - -CK_RV -mock_C_EncryptInit__invalid_handle (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_EncryptInit__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_Encrypt (CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR encrypted_data, - CK_ULONG_PTR encrypted_data_len) -{ - CK_ULONG last = 0; - CK_RV rv; - rv = mock_C_EncryptUpdate (session, data, data_len, encrypted_data, encrypted_data_len); - if (rv == CKR_OK) - rv = mock_C_EncryptFinal (session, encrypted_data, &last); - return rv; -} - -CK_RV -mock_C_Encrypt__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR encrypted_data, - CK_ULONG_PTR encrypted_data_len) -{ - return_val_if_fail (encrypted_data_len, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_Encrypt__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR encrypted_data, - CK_ULONG_PTR encrypted_data_len) -{ - return_val_if_fail (encrypted_data_len, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_EncryptUpdate (CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR encrypted_part, - CK_ULONG_PTR encrypted_part_len) -{ - Session *sess; - CK_ULONG i; - - return_val_if_fail (part != NULL, CKR_DATA_INVALID); - return_val_if_fail (encrypted_part_len != NULL, CKR_ARGUMENTS_BAD); - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (!sess) - return CKR_SESSION_HANDLE_INVALID; - - if (!sess->crypto_mechanism) - return CKR_OPERATION_NOT_INITIALIZED; - if (sess->crypto_method != CKA_ENCRYPT) - return CKR_OPERATION_NOT_INITIALIZED; - assert (sess->crypto_mechanism == CKM_MOCK_CAPITALIZE); - assert (sess->crypto_key == MOCK_PUBLIC_KEY_CAPITALIZE); - - if (!encrypted_part) { - *encrypted_part_len = part_len; - return CKR_OK; - } - - if (*encrypted_part_len < part_len) { - *encrypted_part_len = part_len; - return CKR_BUFFER_TOO_SMALL; - } - - for (i = 0; i < part_len; ++i) - encrypted_part[i] = toupper (part[i]); - *encrypted_part_len = part_len; - return CKR_OK; -} - -CK_RV -mock_C_EncryptUpdate__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR encrypted_part, - CK_ULONG_PTR encrypted_part_len) -{ - return_val_if_fail (encrypted_part_len, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_EncryptUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR encrypted_part, - CK_ULONG_PTR encrypted_part_len) -{ - return_val_if_fail (encrypted_part_len, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_EncryptFinal (CK_SESSION_HANDLE session, - CK_BYTE_PTR last_encrypted_part, - CK_ULONG_PTR last_encrypted_part_len) -{ - Session *sess; - - return_val_if_fail (last_encrypted_part_len != NULL, CKR_ARGUMENTS_BAD); - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (!sess) - return CKR_SESSION_HANDLE_INVALID; - - if (!sess->crypto_mechanism) - return CKR_OPERATION_NOT_INITIALIZED; - if (sess->crypto_method != CKA_ENCRYPT) - return CKR_OPERATION_NOT_INITIALIZED; - - *last_encrypted_part_len = 0; - - sess->crypto_method = 0; - sess->crypto_mechanism = 0; - sess->crypto_key = 0; - return CKR_OK; -} - -CK_RV -mock_C_EncryptFinal__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR last_part, - CK_ULONG_PTR last_part_len) -{ - return_val_if_fail (last_part_len, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_EncryptFinal__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR last_part, - CK_ULONG_PTR last_part_len) -{ - return_val_if_fail (last_part_len, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_DecryptInit (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - Session *sess; - - return_val_if_fail (mechanism != NULL, CKR_ARGUMENTS_BAD); - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (!sess) - return CKR_SESSION_HANDLE_INVALID; - - /* Starting an operation, cancels any previous one */ - sess->finding = false; - - if (mechanism->mechanism != CKM_MOCK_CAPITALIZE) - return CKR_MECHANISM_INVALID; - if (key != MOCK_PRIVATE_KEY_CAPITALIZE) - return CKR_KEY_HANDLE_INVALID; - - sess->crypto_method = CKA_DECRYPT; - sess->crypto_mechanism = CKM_MOCK_CAPITALIZE; - sess->crypto_key = key; - return CKR_OK; -} - -CK_RV -mock_C_DecryptInit__invalid_handle (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_DecryptInit__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_Decrypt (CK_SESSION_HANDLE session, - CK_BYTE_PTR encrypted_data, - CK_ULONG encrypted_data_len, - CK_BYTE_PTR data, - CK_ULONG_PTR data_len) -{ - CK_ULONG last = 0; - CK_RV rv; - rv = mock_C_DecryptUpdate (session, encrypted_data, encrypted_data_len, data, data_len); - if (rv == CKR_OK) - rv = mock_C_DecryptFinal (session, data, &last); - return rv; -} - -CK_RV -mock_C_Decrypt__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR enc_data, - CK_ULONG enc_data_len, - CK_BYTE_PTR data, - CK_ULONG_PTR data_len) -{ - return_val_if_fail (data_len, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_Decrypt__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR enc_data, - CK_ULONG enc_data_len, - CK_BYTE_PTR data, - CK_ULONG_PTR data_len) -{ - return_val_if_fail (data_len, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_DecryptUpdate (CK_SESSION_HANDLE session, - CK_BYTE_PTR encrypted_part, - CK_ULONG encrypted_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - Session *sess; - CK_ULONG i; - - return_val_if_fail (encrypted_part, CKR_ENCRYPTED_DATA_INVALID); - return_val_if_fail (part_len, CKR_ARGUMENTS_BAD); - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (!sess) - return CKR_SESSION_HANDLE_INVALID; - - if (!sess->crypto_mechanism) - return CKR_OPERATION_NOT_INITIALIZED; - if (sess->crypto_method != CKA_DECRYPT) - return CKR_OPERATION_NOT_INITIALIZED; - assert (sess->crypto_mechanism == CKM_MOCK_CAPITALIZE); - assert (sess->crypto_key == MOCK_PRIVATE_KEY_CAPITALIZE); - - if (!part) { - *part_len = encrypted_part_len; - return CKR_OK; - } - - if (*part_len < encrypted_part_len) { - *part_len = encrypted_part_len; - return CKR_BUFFER_TOO_SMALL; - } - - for (i = 0; i < encrypted_part_len; ++i) - part[i] = tolower (encrypted_part[i]); - *part_len = encrypted_part_len; - return CKR_OK; -} - -CK_RV -mock_C_DecryptUpdate__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - return_val_if_fail (part_len, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_DecryptUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - return_val_if_fail (part_len, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_DecryptFinal (CK_SESSION_HANDLE session, - CK_BYTE_PTR last_part, - CK_ULONG_PTR last_part_len) -{ - Session *sess; - - return_val_if_fail (last_part_len != NULL, CKR_ARGUMENTS_BAD); - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (!sess) - return CKR_SESSION_HANDLE_INVALID; - - if (!sess->crypto_mechanism) - return CKR_OPERATION_NOT_INITIALIZED; - if (sess->crypto_method != CKA_DECRYPT) - return CKR_OPERATION_NOT_INITIALIZED; - - *last_part_len = 0; - - sess->crypto_method = 0; - sess->crypto_mechanism = 0; - sess->crypto_key = 0; - - return CKR_OK; -} - -CK_RV -mock_C_DecryptFinal__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR last_part, - CK_ULONG_PTR last_part_len) -{ - return_val_if_fail (last_part_len, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_DecryptFinal__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR last_part, - CK_ULONG_PTR last_part_len) -{ - return_val_if_fail (last_part_len, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_DigestInit (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism) -{ - Session *sess; - - return_val_if_fail (mechanism != NULL, CKR_ARGUMENTS_BAD); - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (!sess) - return CKR_SESSION_HANDLE_INVALID; - - /* Starting an operation, cancels any previous one */ - sess->finding = false; - - if (mechanism->mechanism != CKM_MOCK_COUNT) - return CKR_MECHANISM_INVALID; - - sess->hash_mechanism = CKM_MOCK_COUNT; - sess->hash_method = (CK_ULONG)-1; - sess->hash_count = 0; - sess->hash_key = 0; - return CKR_OK; -} - -CK_RV -mock_C_DigestInit__invalid_handle (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_DigestInit__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_Digest (CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len) -{ - CK_RV rv; - - return_val_if_fail (digest_len, CKR_ARGUMENTS_BAD); - - rv = mock_C_DigestUpdate (session, data, data_len); - if (rv == CKR_OK) - rv = mock_C_DigestFinal (session, digest, digest_len); - return rv; -} - -CK_RV -mock_C_Digest__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len) -{ - return_val_if_fail (digest_len, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_Digest__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len) -{ - return_val_if_fail (digest_len, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_DigestUpdate (CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - Session *sess; - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (!sess) - return CKR_SESSION_HANDLE_INVALID; - - if (!sess->hash_mechanism) - return CKR_OPERATION_NOT_INITIALIZED; - if (sess->hash_method != (CK_ULONG)-1) - return CKR_OPERATION_NOT_INITIALIZED; - assert (sess->hash_mechanism == CKM_MOCK_COUNT); - - sess->hash_count += part_len; - return CKR_OK; -} - -CK_RV -mock_C_DigestUpdate__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_DigestUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_DigestKey (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE key) -{ - Session *sess; - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (!sess) - return CKR_SESSION_HANDLE_INVALID; - - if (!sess->hash_mechanism) - return CKR_OPERATION_NOT_INITIALIZED; - if (sess->hash_method != (CK_ULONG)-1) - return CKR_OPERATION_NOT_INITIALIZED; - assert (sess->hash_mechanism == CKM_MOCK_COUNT); - - sess->hash_count += key; - return CKR_OK; -} - -CK_RV -mock_C_DigestKey__invalid_handle (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE key) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_DigestKey__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE key) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_DigestFinal (CK_SESSION_HANDLE session, - CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len) -{ - char buffer[32]; - Session *sess; - int len; - - return_val_if_fail (digest_len != NULL, CKR_ARGUMENTS_BAD); - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (!sess) - return CKR_SESSION_HANDLE_INVALID; - - if (!sess->hash_mechanism) - return CKR_OPERATION_NOT_INITIALIZED; - if (sess->hash_method != (CK_ULONG)-1) - return CKR_OPERATION_NOT_INITIALIZED; - assert (sess->hash_mechanism == CKM_MOCK_COUNT); - - len = snprintf (buffer, sizeof (buffer), "%lu", sess->hash_count); - - if (!digest) { - *digest_len = len; - return CKR_OK; - } else if (*digest_len < len) { - *digest_len = len; - return CKR_BUFFER_TOO_SMALL; - } - - memcpy (digest, &buffer, len); - *digest_len = len; - - sess->hash_count = 0; - sess->hash_mechanism = 0; - sess->hash_key = 0; - sess->hash_method = 0; - - return CKR_OK; -} - -CK_RV -mock_C_DigestFinal__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len) -{ - return_val_if_fail (digest_len, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_DigestFinal__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len) -{ - return_val_if_fail (digest_len, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -static CK_RV -prefix_mechanism_init (CK_SESSION_HANDLE session, - CK_ATTRIBUTE_TYPE method, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - Session *sess; - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *value; - CK_BYTE_PTR param; - CK_ULONG n_param; - CK_ULONG length; - CK_RV rv; - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (!sess) - return CKR_SESSION_HANDLE_INVALID; - - if (mechanism->mechanism != CKM_MOCK_PREFIX) - return CKR_MECHANISM_INVALID; - if (method == CKA_SIGN || method == CKA_SIGN_RECOVER) { - if (key != MOCK_PRIVATE_KEY_PREFIX) - return CKR_KEY_HANDLE_INVALID; - } else if (method == CKA_VERIFY || method == CKA_VERIFY_RECOVER) { - if (key != MOCK_PUBLIC_KEY_PREFIX) - return CKR_KEY_HANDLE_INVALID; - } else { - assert_not_reached (); - } - - rv = lookup_object (sess, key, &attrs, NULL); - if (rv != CKR_OK) - return rv; - - value = p11_attrs_find_valid (attrs, CKA_VALUE); - if (value == NULL) - return CKR_KEY_TYPE_INCONSISTENT; - - if (mechanism->pParameter) { - param = mechanism->pParameter; - n_param = mechanism->ulParameterLen; - } else { - param = (CK_BYTE_PTR)SIGNED_PREFIX; - n_param = strlen (SIGNED_PREFIX) + 1; - } - - length = value->ulValueLen + n_param; - if (length > sizeof (sess->sign_prefix)) - return CKR_KEY_SIZE_RANGE; - - /* Starting an operation, cancels any finding */ - sess->finding = false; - - sess->hash_mechanism = CKM_MOCK_PREFIX; - sess->hash_method = method; - sess->hash_key = key; - sess->hash_count = 0; - - memcpy (sess->sign_prefix, param, n_param); - memcpy (sess->sign_prefix + n_param, value->pValue, value->ulValueLen); - sess->n_sign_prefix = length; - - /* The private key has CKA_ALWAYS_AUTHENTICATE above */ - if (method == CKA_SIGN || method == CKA_SIGN_RECOVER) - sess->want_context_login = true; - - return CKR_OK; - -} - -CK_RV -mock_C_SignInit (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return_val_if_fail (mechanism != NULL, CKR_ARGUMENTS_BAD); - return prefix_mechanism_init (session, CKA_SIGN, mechanism, key); -} - -CK_RV -mock_C_SignInit__invalid_handle (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_SignInit__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_Sign (CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - CK_RV rv; - - rv = mock_C_SignUpdate (session, data, data_len); - if (rv == CKR_OK) - rv = mock_C_SignFinal (session, signature, signature_len); - - return rv; -} - -CK_RV -mock_C_Sign__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_Sign__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_SignUpdate (CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - Session *sess; - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (!sess) - return CKR_SESSION_HANDLE_INVALID; - if (sess->hash_mechanism != CKM_MOCK_PREFIX || - sess->hash_method != CKA_SIGN) - return CKR_OPERATION_NOT_INITIALIZED; - if (sess->want_context_login) - return CKR_USER_NOT_LOGGED_IN; - - sess->hash_count += part_len; - return CKR_OK; -} - -CK_RV -mock_C_SignUpdate__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - return_val_if_fail (part_len, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_SignUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - return_val_if_fail (part_len, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_SignFinal (CK_SESSION_HANDLE session, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - char buffer[32]; - Session *sess; - CK_ULONG length; - int len; - - return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD); - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (!sess) - return CKR_SESSION_HANDLE_INVALID; - if (sess->hash_mechanism != CKM_MOCK_PREFIX || - sess->hash_method != CKA_SIGN) - return CKR_OPERATION_NOT_INITIALIZED; - if (sess->want_context_login) - return CKR_USER_NOT_LOGGED_IN; - - len = snprintf (buffer, sizeof (buffer), "%lu", sess->hash_count); - length = sess->n_sign_prefix + len; - - if (!signature) { - *signature_len = length; - return CKR_OK; - } - - if (*signature_len < length) { - *signature_len = length; - return CKR_BUFFER_TOO_SMALL; - } - - memcpy (signature, sess->sign_prefix, sess->n_sign_prefix); - memcpy (signature + sess->n_sign_prefix, buffer, len); - *signature_len = length; - - sess->hash_mechanism = 0; - sess->hash_method = 0; - sess->hash_count = 0; - sess->hash_key = 0; - - return CKR_OK; -} - -CK_RV -mock_C_SignFinal__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_SignFinal__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_SignRecoverInit (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return_val_if_fail (mechanism != NULL, CKR_ARGUMENTS_BAD); - return prefix_mechanism_init (session, CKA_SIGN_RECOVER, mechanism, key); -} - -CK_RV -mock_C_SignRecoverInit__invalid_handle (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_SignRecoverInit__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_SignRecover (CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - Session *sess; - CK_ULONG length; - - return_val_if_fail (data, CKR_DATA_INVALID); - return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD); - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (!sess) - return CKR_SESSION_HANDLE_INVALID; - if (sess->hash_method != CKA_SIGN_RECOVER || - sess->hash_mechanism != CKM_MOCK_PREFIX) - return CKR_OPERATION_NOT_INITIALIZED; - if (sess->want_context_login) - return CKR_USER_NOT_LOGGED_IN; - - length = sess->n_sign_prefix + data_len; - - if (!signature) { - *signature_len = length; - return CKR_OK; - } - - if (*signature_len < length) { - *signature_len = length; - return CKR_BUFFER_TOO_SMALL; - } - - memcpy (signature, sess->sign_prefix, sess->n_sign_prefix); - memcpy (signature + sess->n_sign_prefix, data, data_len); - *signature_len = length; - - sess->hash_method = 0; - sess->hash_mechanism = 0; - sess->hash_key = 0; - sess->hash_count = 0; - - return CKR_OK; -} - -CK_RV -mock_C_SignRecover__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_SignRecover__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_VerifyInit (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return_val_if_fail (mechanism != NULL, CKR_ARGUMENTS_BAD); - return prefix_mechanism_init (session, CKA_VERIFY, mechanism, key); -} - -CK_RV -mock_C_VerifyInit__invalid_handle (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_VerifyInit__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_Verify (CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR signature, - CK_ULONG signature_len) -{ - CK_RV rv; - - rv = mock_C_VerifyUpdate (session, data, data_len); - if (rv == CKR_OK) - rv = mock_C_VerifyFinal (session, signature, signature_len); - - return rv; -} - -CK_RV -mock_C_Verify__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR signature, - CK_ULONG signature_len) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_Verify__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR signature, - CK_ULONG signature_len) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_VerifyUpdate (CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - Session *sess; - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (!sess) - return CKR_SESSION_HANDLE_INVALID; - if (sess->hash_mechanism != CKM_MOCK_PREFIX || - sess->hash_method != CKA_VERIFY) - return CKR_OPERATION_NOT_INITIALIZED; - if (sess->want_context_login) - return CKR_USER_NOT_LOGGED_IN; - - sess->hash_count += part_len; - return CKR_OK; -} - -CK_RV -mock_C_VerifyUpdate__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_VerifyUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_VerifyFinal (CK_SESSION_HANDLE session, - CK_BYTE_PTR signature, - CK_ULONG signature_len) -{ - char buffer[32]; - Session *sess; - CK_ULONG length; - int len; - - return_val_if_fail (signature, CKR_ARGUMENTS_BAD); - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (!sess) - return CKR_SESSION_HANDLE_INVALID; - if (sess->hash_mechanism != CKM_MOCK_PREFIX || - sess->hash_method != CKA_VERIFY) - return CKR_OPERATION_NOT_INITIALIZED; - if (sess->want_context_login) - return CKR_USER_NOT_LOGGED_IN; - - len = snprintf (buffer, sizeof (buffer), "%lu", sess->hash_count); - length = sess->n_sign_prefix + len; - - if (signature_len != length) - return CKR_SIGNATURE_LEN_RANGE; - - if (memcmp (signature, sess->sign_prefix, sess->n_sign_prefix) != 0 || - memcmp (signature + sess->n_sign_prefix, buffer, len) != 0) - return CKR_SIGNATURE_INVALID; - - sess->hash_mechanism = 0; - sess->hash_method = 0; - sess->hash_count = 0; - sess->hash_key = 0; - - return CKR_OK; -} - -CK_RV -mock_C_VerifyFinal__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR signature, - CK_ULONG signature_len) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_VerifyFinal__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR signature, - CK_ULONG signature_len) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_VerifyRecoverInit (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return_val_if_fail (mechanism != NULL, CKR_ARGUMENTS_BAD); - return prefix_mechanism_init (session, CKA_VERIFY_RECOVER, mechanism, key); -} - -CK_RV -mock_C_VerifyRecoverInit__invalid_handle (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_VerifyRecoverInit__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_VerifyRecover (CK_SESSION_HANDLE session, - CK_BYTE_PTR signature, - CK_ULONG signature_len, - CK_BYTE_PTR data, - CK_ULONG_PTR data_len) -{ - Session *sess; - CK_ULONG length; - - return_val_if_fail (signature, CKR_ARGUMENTS_BAD); - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (!sess) - return CKR_SESSION_HANDLE_INVALID; - if (sess->hash_mechanism != CKM_MOCK_PREFIX || - sess->hash_method != CKA_VERIFY_RECOVER) - return CKR_OPERATION_NOT_INITIALIZED; - if (sess->want_context_login) - return CKR_USER_NOT_LOGGED_IN; - - if (signature_len < sess->n_sign_prefix) - return CKR_SIGNATURE_LEN_RANGE; - if (memcmp (signature, sess->sign_prefix, sess->n_sign_prefix) != 0) - return CKR_SIGNATURE_INVALID; - - length = signature_len - sess->n_sign_prefix; - if (!data) { - *data_len = length; - return CKR_OK; - } - - if (*data_len < length) { - *data_len = length; - return CKR_BUFFER_TOO_SMALL; - } - - *data_len = length; - memcpy (data, signature + sess->n_sign_prefix, length); - return CKR_OK; -} - -CK_RV -mock_C_VerifyRecover__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR signature, - CK_ULONG signature_len, - CK_BYTE_PTR data, - CK_ULONG_PTR data_len) -{ - return_val_if_fail (data_len, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_VerifyRecover__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR signature, - CK_ULONG signature_len, - CK_BYTE_PTR data, - CK_ULONG_PTR data_len) -{ - return_val_if_fail (data_len, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_DigestEncryptUpdate (CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR encrypted_part, - CK_ULONG_PTR encrypted_part_len) -{ - CK_RV rv; - - rv = mock_C_EncryptUpdate (session, part, part_len, encrypted_part, encrypted_part_len); - if (rv == CKR_OK) - rv = mock_C_DigestUpdate (session, part, part_len); - - return rv; -} - -CK_RV -mock_C_DigestEncryptUpdate__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR enc_part, - CK_ULONG_PTR enc_part_len) -{ - return_val_if_fail (enc_part_len, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_DigestEncryptUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR enc_part, - CK_ULONG_PTR enc_part_len) -{ - return_val_if_fail (enc_part_len, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_DecryptDigestUpdate (CK_SESSION_HANDLE session, - CK_BYTE_PTR encrypted_part, - CK_ULONG encrypted_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - CK_RV rv; - - rv = mock_C_DecryptUpdate (session, encrypted_part, encrypted_part_len, part, part_len); - if (rv == CKR_OK) - rv = mock_C_DigestUpdate (session, part, *part_len); - - return rv; -} - -CK_RV -mock_C_DecryptDigestUpdate__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - return_val_if_fail (part_len, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_DecryptDigestUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - return_val_if_fail (part_len, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_SignEncryptUpdate (CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR encrypted_part, - CK_ULONG_PTR encrypted_part_len) -{ - CK_RV rv; - - rv = mock_C_EncryptUpdate (session, part, part_len, encrypted_part, encrypted_part_len); - if (rv == CKR_OK) - rv = mock_C_SignUpdate (session, part, part_len); - - return rv; -} - -CK_RV -mock_C_SignEncryptUpdate__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR enc_part, - CK_ULONG_PTR enc_part_len) -{ - return_val_if_fail (enc_part_len, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_SignEncryptUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR enc_part, - CK_ULONG_PTR enc_part_len) -{ - return_val_if_fail (enc_part_len, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_DecryptVerifyUpdate (CK_SESSION_HANDLE session, - CK_BYTE_PTR encrypted_part, - CK_ULONG encrypted_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - CK_RV rv; - - rv = mock_C_DecryptUpdate (session, encrypted_part, encrypted_part_len, part, part_len); - if (rv == CKR_OK) - rv = mock_C_VerifyUpdate (session, part, *part_len); - - return rv; -} - -CK_RV -mock_C_DecryptVerifyUpdate__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - return_val_if_fail (part_len, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_DecryptVerifyUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - return_val_if_fail (part_len, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_GenerateKey (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE value; - Session *sess; - CK_BBOOL token; - - return_val_if_fail (mechanism, CKR_MECHANISM_INVALID); - return_val_if_fail (template, CKR_TEMPLATE_INCOMPLETE); - return_val_if_fail (count, CKR_TEMPLATE_INCOMPLETE); - return_val_if_fail (key, CKR_ARGUMENTS_BAD); - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (!sess) - return CKR_SESSION_HANDLE_INVALID; - - if (mechanism->mechanism != CKM_MOCK_GENERATE) - return CKR_MECHANISM_INVALID; - - if (!mechanism->pParameter || mechanism->ulParameterLen != 9 || - memcmp (mechanism->pParameter, "generate", 9) != 0) - return CKR_MECHANISM_PARAM_INVALID; - - value.type = CKA_VALUE; - value.pValue = "generated"; - value.ulValueLen = strlen (value.pValue); - - attrs = p11_attrs_buildn (NULL, template, count); - attrs = p11_attrs_buildn (attrs, &value, 1); - - *key = ++unique_identifier; - if (p11_attrs_find_bool (attrs, CKA_TOKEN, &token) && token) - p11_dict_set (the_objects, handle_to_pointer (*key), attrs); - else - p11_dict_set (sess->objects, handle_to_pointer (*key), attrs); - - return CKR_OK; -} - -CK_RV -mock_C_GenerateKey__invalid_handle (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_GenerateKey__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_GenerateKeyPair (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR public_key_template, - CK_ULONG public_key_count, - CK_ATTRIBUTE_PTR private_key_template, - CK_ULONG private_key_count, - CK_OBJECT_HANDLE_PTR public_key, - CK_OBJECT_HANDLE_PTR private_key) -{ - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE value; - Session *sess; - CK_BBOOL token; - - return_val_if_fail (mechanism, CKR_MECHANISM_INVALID); - return_val_if_fail (public_key_template, CKR_TEMPLATE_INCOMPLETE); - return_val_if_fail (public_key_count, CKR_TEMPLATE_INCOMPLETE); - return_val_if_fail (private_key_template, CKR_TEMPLATE_INCOMPLETE); - return_val_if_fail (private_key_count, CKR_TEMPLATE_INCOMPLETE); - return_val_if_fail (public_key, CKR_ARGUMENTS_BAD); - return_val_if_fail (private_key, CKR_ARGUMENTS_BAD); - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (!sess) - return CKR_SESSION_HANDLE_INVALID; - - if (mechanism->mechanism != CKM_MOCK_GENERATE) - return CKR_MECHANISM_INVALID; - - if (!mechanism->pParameter || mechanism->ulParameterLen != 9 || - memcmp (mechanism->pParameter, "generate", 9) != 0) - return CKR_MECHANISM_PARAM_INVALID; - - value.type = CKA_VALUE; - value.pValue = "generated"; - value.ulValueLen = strlen (value.pValue); - - attrs = p11_attrs_buildn (NULL, public_key_template, public_key_count); - attrs = p11_attrs_buildn (attrs, &value, 1); - - *public_key = ++unique_identifier; - if (p11_attrs_find_bool (attrs, CKA_TOKEN, &token) && token) - p11_dict_set (the_objects, handle_to_pointer (*public_key), attrs); - else - p11_dict_set (sess->objects, handle_to_pointer (*public_key), attrs); - - attrs = p11_attrs_buildn (NULL, private_key_template, private_key_count); - attrs = p11_attrs_buildn (attrs, &value, 1); - - *private_key = ++unique_identifier; - if (p11_attrs_find_bool (attrs, CKA_TOKEN, &token) && token) - p11_dict_set (the_objects, handle_to_pointer (*private_key), attrs); - else - p11_dict_set (sess->objects, handle_to_pointer (*private_key), attrs); - - return CKR_OK; -} - -CK_RV -mock_C_GenerateKeyPair__invalid_handle (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR pub_template, - CK_ULONG pub_count, - CK_ATTRIBUTE_PTR priv_template, - CK_ULONG priv_count, - CK_OBJECT_HANDLE_PTR pub_key, - CK_OBJECT_HANDLE_PTR priv_key) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_GenerateKeyPair__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR pub_template, - CK_ULONG pub_count, - CK_ATTRIBUTE_PTR priv_template, - CK_ULONG priv_count, - CK_OBJECT_HANDLE_PTR pub_key, - CK_OBJECT_HANDLE_PTR priv_key) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_WrapKey (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE wrapping_key, - CK_OBJECT_HANDLE key, - CK_BYTE_PTR wrapped_key, - CK_ULONG_PTR wrapped_key_len) -{ - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *attr; - Session *sess; - CK_RV rv; - - return_val_if_fail (mechanism, CKR_MECHANISM_INVALID); - return_val_if_fail (wrapping_key, CKR_OBJECT_HANDLE_INVALID); - return_val_if_fail (key, CKR_OBJECT_HANDLE_INVALID); - return_val_if_fail (wrapped_key_len, CKR_WRAPPED_KEY_LEN_RANGE); - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (!sess) - return CKR_SESSION_HANDLE_INVALID; - - rv = lookup_object (sess, wrapping_key, &attrs, NULL); - if (rv == CKR_OBJECT_HANDLE_INVALID) - return CKR_WRAPPING_KEY_HANDLE_INVALID; - else if (rv != CKR_OK) - return rv; - - rv = lookup_object (sess, key, &attrs, NULL); - if (rv == CKR_OBJECT_HANDLE_INVALID) - return CKR_WRAPPING_KEY_HANDLE_INVALID; - else if (rv != CKR_OK) - return rv; - - if (mechanism->mechanism != CKM_MOCK_WRAP) - return CKR_MECHANISM_INVALID; - - if (mechanism->pParameter == NULL || - mechanism->ulParameterLen != 4 || - memcmp (mechanism->pParameter, "wrap", 4) != 0) { - return CKR_MECHANISM_PARAM_INVALID; - } - - attr = p11_attrs_find_valid (attrs, CKA_VALUE); - if (attr == NULL) - return CKR_WRAPPED_KEY_INVALID; - - if (!wrapped_key) { - *wrapped_key_len = attr->ulValueLen; - return CKR_OK; - } - - if (*wrapped_key_len < attr->ulValueLen) { - *wrapped_key_len = attr->ulValueLen; - return CKR_BUFFER_TOO_SMALL; - } - - memcpy (wrapped_key, attr->pValue, attr->ulValueLen); - *wrapped_key_len = attr->ulValueLen; - - return CKR_OK; -} - -CK_RV -mock_C_WrapKey__invalid_handle (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE wrapping_key, - CK_OBJECT_HANDLE key, - CK_BYTE_PTR wrapped_key, - CK_ULONG_PTR wrapped_key_len) -{ - return_val_if_fail (wrapped_key_len, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_WrapKey__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE wrapping_key, - CK_OBJECT_HANDLE key, - CK_BYTE_PTR wrapped_key, - CK_ULONG_PTR wrapped_key_len) -{ - return_val_if_fail (wrapped_key_len, CKR_ARGUMENTS_BAD); - - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_UnwrapKey (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE unwrapping_key, - CK_BYTE_PTR wrapped_key, - CK_ULONG wrapped_key_len, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE value; - Session *sess; - CK_BBOOL token; - CK_RV rv; - - return_val_if_fail (mechanism, CKR_MECHANISM_INVALID); - return_val_if_fail (unwrapping_key, CKR_WRAPPING_KEY_HANDLE_INVALID); - return_val_if_fail (wrapped_key, CKR_WRAPPED_KEY_INVALID); - return_val_if_fail (wrapped_key_len, CKR_WRAPPED_KEY_LEN_RANGE); - return_val_if_fail (key, CKR_ARGUMENTS_BAD); - return_val_if_fail (template, CKR_TEMPLATE_INCOMPLETE); - return_val_if_fail (count, CKR_TEMPLATE_INCONSISTENT); - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (!sess) - return CKR_SESSION_HANDLE_INVALID; - - rv = lookup_object (sess, unwrapping_key, &attrs, NULL); - if (rv == CKR_OBJECT_HANDLE_INVALID) - return CKR_WRAPPING_KEY_HANDLE_INVALID; - else if (rv != CKR_OK) - return rv; - - if (mechanism->mechanism != CKM_MOCK_WRAP) - return CKR_MECHANISM_INVALID; - - if (mechanism->pParameter == NULL || - mechanism->ulParameterLen != 4 || - memcmp (mechanism->pParameter, "wrap", 4) != 0) { - return CKR_MECHANISM_PARAM_INVALID; - } - - value.type = CKA_VALUE; - value.pValue = wrapped_key; - value.ulValueLen = wrapped_key_len; - - attrs = p11_attrs_buildn (NULL, template, count); - attrs = p11_attrs_buildn (attrs, &value, 1); - - *key = ++unique_identifier; - if (p11_attrs_find_bool (attrs, CKA_TOKEN, &token) && token) - p11_dict_set (the_objects, handle_to_pointer (*key), attrs); - else - p11_dict_set (sess->objects, handle_to_pointer (*key), attrs); - - return CKR_OK; -} - -CK_RV -mock_C_UnwrapKey__invalid_handle (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE unwrapping_key, - CK_BYTE_PTR wrapped_key, - CK_ULONG wrapped_key_len, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_UnwrapKey__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE unwrapping_key, - CK_BYTE_PTR wrapped_key, - CK_ULONG wrapped_key_len, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_DeriveKey (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE base_key, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - CK_ATTRIBUTE *attrs, *copy; - CK_ATTRIBUTE value; - Session *sess; - CK_BBOOL token; - CK_RV rv; - - return_val_if_fail (mechanism, CKR_MECHANISM_INVALID); - return_val_if_fail (count, CKR_TEMPLATE_INCOMPLETE); - return_val_if_fail (template, CKR_TEMPLATE_INCOMPLETE); - return_val_if_fail (key, CKR_ARGUMENTS_BAD); - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (!sess) - return CKR_SESSION_HANDLE_INVALID; - - rv = lookup_object (sess, base_key, &attrs, NULL); - if (rv == CKR_OBJECT_HANDLE_INVALID) - return CKR_KEY_HANDLE_INVALID; - else if (rv != CKR_OK) - return rv; - - if (mechanism->mechanism != CKM_MOCK_DERIVE) - return CKR_MECHANISM_INVALID; - - if (mechanism->pParameter == NULL || - mechanism->ulParameterLen != 6 || - memcmp (mechanism->pParameter, "derive", 6) != 0) { - return CKR_MECHANISM_PARAM_INVALID; - } - - value.type = CKA_VALUE; - value.pValue = "derived"; - value.ulValueLen = strlen (value.pValue); - - copy = p11_attrs_buildn (NULL, template, count); - copy = p11_attrs_buildn (copy, &value, 1); - - *key = ++unique_identifier; - if (p11_attrs_find_bool (copy, CKA_TOKEN, &token) && token) - p11_dict_set (the_objects, handle_to_pointer (*key), copy); - else - p11_dict_set (sess->objects, handle_to_pointer (*key), copy); - - return CKR_OK; -} - -CK_RV -mock_C_DeriveKey__invalid_handle (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE base_key, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_DeriveKey__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE base_key, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_SeedRandom (CK_SESSION_HANDLE session, - CK_BYTE_PTR seed, - CK_ULONG seed_len) -{ - Session *sess; - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (!sess) - return CKR_SESSION_HANDLE_INVALID; - - if (seed_len > sizeof (sess->random_seed)) - return CKR_RANDOM_SEED_NOT_SUPPORTED; - - memcpy (sess->random_seed, seed, seed_len); - sess->random_seed_len = seed_len; - return CKR_OK; -} - -CK_RV -mock_C_SeedRandom__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR seed, - CK_ULONG seed_len) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_SeedRandom__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR seed, - CK_ULONG seed_len) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_C_GenerateRandom (CK_SESSION_HANDLE session, - CK_BYTE_PTR random_data, - CK_ULONG random_len) -{ - Session *sess; - CK_ULONG block; - - sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (!sess) - return CKR_SESSION_HANDLE_INVALID; - - while (random_len > 0) { - block = sess->random_seed_len; - if (block > random_len) - block = random_len; - memcpy (random_data, sess->random_seed, block); - random_data += block; - random_len -= block; - } - - return CKR_OK; -} - -CK_RV -mock_C_GenerateRandom__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR random_data, - CK_ULONG random_len) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_RV -mock_X_GenerateRandom__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR random_data, - CK_ULONG random_len) -{ - return CKR_SESSION_HANDLE_INVALID; -} - -CK_FUNCTION_LIST mock_module_no_slots = { - { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, /* version */ - mock_C_Initialize, - mock_C_Finalize, - mock_C_GetInfo, - mock_C_GetFunctionList_not_supported, - mock_C_GetSlotList__no_tokens, - mock_C_GetSlotInfo__invalid_slotid, - mock_C_GetTokenInfo__invalid_slotid, - mock_C_GetMechanismList__invalid_slotid, - mock_C_GetMechanismInfo__invalid_slotid, - mock_C_InitToken__invalid_slotid, - mock_C_InitPIN__invalid_handle, - mock_C_SetPIN__invalid_handle, - mock_C_OpenSession__invalid_slotid, - mock_C_CloseSession__invalid_handle, - mock_C_CloseAllSessions__invalid_slotid, - mock_C_GetSessionInfo__invalid_handle, - mock_C_GetOperationState__invalid_handle, - mock_C_SetOperationState__invalid_handle, - mock_C_Login__invalid_handle, - mock_C_Logout__invalid_handle, - mock_C_CreateObject__invalid_handle, - mock_C_CopyObject__invalid_handle, - mock_C_DestroyObject__invalid_handle, - mock_C_GetObjectSize__invalid_handle, - mock_C_GetAttributeValue__invalid_handle, - mock_C_SetAttributeValue__invalid_handle, - mock_C_FindObjectsInit__invalid_handle, - mock_C_FindObjects__invalid_handle, - mock_C_FindObjectsFinal__invalid_handle, - mock_C_EncryptInit__invalid_handle, - mock_C_Encrypt__invalid_handle, - mock_C_EncryptUpdate__invalid_handle, - mock_C_EncryptFinal__invalid_handle, - mock_C_DecryptInit__invalid_handle, - mock_C_Decrypt__invalid_handle, - mock_C_DecryptUpdate__invalid_handle, - mock_C_DecryptFinal__invalid_handle, - mock_C_DigestInit__invalid_handle, - mock_C_Digest__invalid_handle, - mock_C_DigestUpdate__invalid_handle, - mock_C_DigestKey__invalid_handle, - mock_C_DigestFinal__invalid_handle, - mock_C_SignInit__invalid_handle, - mock_C_Sign__invalid_handle, - mock_C_SignUpdate__invalid_handle, - mock_C_SignFinal__invalid_handle, - mock_C_SignRecoverInit__invalid_handle, - mock_C_SignRecover__invalid_handle, - mock_C_VerifyInit__invalid_handle, - mock_C_Verify__invalid_handle, - mock_C_VerifyUpdate__invalid_handle, - mock_C_VerifyFinal__invalid_handle, - mock_C_VerifyRecoverInit__invalid_handle, - mock_C_VerifyRecover__invalid_handle, - mock_C_DigestEncryptUpdate__invalid_handle, - mock_C_DecryptDigestUpdate__invalid_handle, - mock_C_SignEncryptUpdate__invalid_handle, - mock_C_DecryptVerifyUpdate__invalid_handle, - mock_C_GenerateKey__invalid_handle, - mock_C_GenerateKeyPair__invalid_handle, - mock_C_WrapKey__invalid_handle, - mock_C_UnwrapKey__invalid_handle, - mock_C_DeriveKey__invalid_handle, - mock_C_SeedRandom__invalid_handle, - mock_C_GenerateRandom__invalid_handle, - mock_C_GetFunctionStatus__not_parallel, - mock_C_CancelFunction__not_parallel, - mock_C_WaitForSlotEvent__no_event, -}; - -CK_X_FUNCTION_LIST mock_x_module_no_slots = { - { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, /* version */ - mock_X_Initialize, - mock_X_Finalize, - mock_X_GetInfo, - mock_X_GetSlotList__no_tokens, - mock_X_GetSlotInfo__invalid_slotid, - mock_X_GetTokenInfo__invalid_slotid, - mock_X_GetMechanismList__invalid_slotid, - mock_X_GetMechanismInfo__invalid_slotid, - mock_X_InitToken__invalid_slotid, - mock_X_InitPIN__invalid_handle, - mock_X_SetPIN__invalid_handle, - mock_X_OpenSession__invalid_slotid, - mock_X_CloseSession__invalid_handle, - mock_X_CloseAllSessions__invalid_slotid, - mock_X_GetSessionInfo__invalid_handle, - mock_X_GetOperationState__invalid_handle, - mock_X_SetOperationState__invalid_handle, - mock_X_Login__invalid_handle, - mock_X_Logout__invalid_handle, - mock_X_CreateObject__invalid_handle, - mock_X_CopyObject__invalid_handle, - mock_X_DestroyObject__invalid_handle, - mock_X_GetObjectSize__invalid_handle, - mock_X_GetAttributeValue__invalid_handle, - mock_X_SetAttributeValue__invalid_handle, - mock_X_FindObjectsInit__invalid_handle, - mock_X_FindObjects__invalid_handle, - mock_X_FindObjectsFinal__invalid_handle, - mock_X_EncryptInit__invalid_handle, - mock_X_Encrypt__invalid_handle, - mock_X_EncryptUpdate__invalid_handle, - mock_X_EncryptFinal__invalid_handle, - mock_X_DecryptInit__invalid_handle, - mock_X_Decrypt__invalid_handle, - mock_X_DecryptUpdate__invalid_handle, - mock_X_DecryptFinal__invalid_handle, - mock_X_DigestInit__invalid_handle, - mock_X_Digest__invalid_handle, - mock_X_DigestUpdate__invalid_handle, - mock_X_DigestKey__invalid_handle, - mock_X_DigestFinal__invalid_handle, - mock_X_SignInit__invalid_handle, - mock_X_Sign__invalid_handle, - mock_X_SignUpdate__invalid_handle, - mock_X_SignFinal__invalid_handle, - mock_X_SignRecoverInit__invalid_handle, - mock_X_SignRecover__invalid_handle, - mock_X_VerifyInit__invalid_handle, - mock_X_Verify__invalid_handle, - mock_X_VerifyUpdate__invalid_handle, - mock_X_VerifyFinal__invalid_handle, - mock_X_VerifyRecoverInit__invalid_handle, - mock_X_VerifyRecover__invalid_handle, - mock_X_DigestEncryptUpdate__invalid_handle, - mock_X_DecryptDigestUpdate__invalid_handle, - mock_X_SignEncryptUpdate__invalid_handle, - mock_X_DecryptVerifyUpdate__invalid_handle, - mock_X_GenerateKey__invalid_handle, - mock_X_GenerateKeyPair__invalid_handle, - mock_X_WrapKey__invalid_handle, - mock_X_UnwrapKey__invalid_handle, - mock_X_DeriveKey__invalid_handle, - mock_X_SeedRandom__invalid_handle, - mock_X_GenerateRandom__invalid_handle, - mock_X_WaitForSlotEvent__no_event, -}; - -CK_FUNCTION_LIST mock_module = { - { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, /* version */ - mock_C_Initialize, - mock_C_Finalize, - mock_C_GetInfo, - mock_C_GetFunctionList_not_supported, - mock_C_GetSlotList, - mock_C_GetSlotInfo, - mock_C_GetTokenInfo, - mock_C_GetMechanismList, - mock_C_GetMechanismInfo, - mock_C_InitToken__specific_args, - mock_C_InitPIN__specific_args, - mock_C_SetPIN__specific_args, - mock_C_OpenSession, - mock_C_CloseSession, - mock_C_CloseAllSessions, - mock_C_GetSessionInfo, - mock_C_GetOperationState, - mock_C_SetOperationState, - mock_C_Login, - mock_C_Logout, - mock_C_CreateObject, - mock_C_CopyObject, - mock_C_DestroyObject, - mock_C_GetObjectSize, - mock_C_GetAttributeValue, - mock_C_SetAttributeValue, - mock_C_FindObjectsInit, - mock_C_FindObjects, - mock_C_FindObjectsFinal, - mock_C_EncryptInit, - mock_C_Encrypt, - mock_C_EncryptUpdate, - mock_C_EncryptFinal, - mock_C_DecryptInit, - mock_C_Decrypt, - mock_C_DecryptUpdate, - mock_C_DecryptFinal, - mock_C_DigestInit, - mock_C_Digest, - mock_C_DigestUpdate, - mock_C_DigestKey, - mock_C_DigestFinal, - mock_C_SignInit, - mock_C_Sign, - mock_C_SignUpdate, - mock_C_SignFinal, - mock_C_SignRecoverInit, - mock_C_SignRecover, - mock_C_VerifyInit, - mock_C_Verify, - mock_C_VerifyUpdate, - mock_C_VerifyFinal, - mock_C_VerifyRecoverInit, - mock_C_VerifyRecover, - mock_C_DigestEncryptUpdate, - mock_C_DecryptDigestUpdate, - mock_C_SignEncryptUpdate, - mock_C_DecryptVerifyUpdate, - mock_C_GenerateKey, - mock_C_GenerateKeyPair, - mock_C_WrapKey, - mock_C_UnwrapKey, - mock_C_DeriveKey, - mock_C_SeedRandom, - mock_C_GenerateRandom, - mock_C_GetFunctionStatus, - mock_C_CancelFunction, - mock_C_WaitForSlotEvent, -}; - -void -mock_module_init (void) -{ - static bool initialized = false; - if (!initialized) { - p11_mutex_init (&init_mutex); - initialized = true; - } -} diff --git a/common/mock.h b/common/mock.h deleted file mode 100644 index 16beb66..0000000 --- a/common/mock.h +++ /dev/null @@ -1,1134 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef __MOCK_H__ -#define __MOCK_H__ - -#include "compat.h" -#include "pkcs11.h" -#include "pkcs11i.h" - -enum { - MOCK_DATA_OBJECT = 2, - MOCK_PRIVATE_KEY_CAPITALIZE = 3, - MOCK_PUBLIC_KEY_CAPITALIZE = 4, - MOCK_PRIVATE_KEY_PREFIX = 5, - MOCK_PUBLIC_KEY_PREFIX = 6, - - /* - * CKM_MOCK_CAPITALIZE (encrypt/decrypt) - * - Capitalizes to encrypt - * - Lowercase to decrypt - */ - CKM_MOCK_CAPITALIZE = (CKM_VENDOR_DEFINED | 1), - - /* - * CKM_MOCK_PREFIX (sign/verify) - * - Sign prefixes the data with a key label - * - Verify unprefixes data using key label - */ - CKM_MOCK_PREFIX = (CKM_VENDOR_DEFINED | 2), - - /* - * CKM_MOCK_GENERATE (generate-pair) - * - Generates a pair of keys, mechanism parameter should be 'generate' - */ - CKM_MOCK_GENERATE = (CKM_VENDOR_DEFINED | 3), - - /* - * CKM_MOCK_WRAP (wrap key) - * - Wraps key by returning value, mechanism parameter should be 'wrap' - */ - CKM_MOCK_WRAP = (CKM_VENDOR_DEFINED | 4), - - /* - * CKM_MOCK_DERIVE (derive-key) - * - Derives key by setting value to 'derived' - * - Mechanism param should be 'derive' - */ - CKM_MOCK_DERIVE = (CKM_VENDOR_DEFINED | 5), - - /* - * CKM_MOCK_COUNT (digest) - * - Counts the number of bytes, and returns a CK_ULONG 'hash' value - */ - CKM_MOCK_COUNT = (CKM_VENDOR_DEFINED | 6), - - MOCK_SLOT_ONE_ID = 52, - MOCK_SLOT_TWO_ID = 134, - - MOCK_SLOTS_PRESENT = 1, - MOCK_SLOTS_ALL = 2, -}; - -static const CK_INFO MOCK_INFO = { - { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, - "MOCK MANUFACTURER ", - 0, - "MOCK LIBRARY ", - { 45, 145 } -}; - -extern CK_FUNCTION_LIST mock_module; - -extern CK_FUNCTION_LIST mock_module_no_slots; - -extern CK_X_FUNCTION_LIST mock_x_module_no_slots; - -void mock_module_init (void); - -typedef bool (* mock_enumerator) (CK_OBJECT_HANDLE handle, - CK_ATTRIBUTE *attrs, - void *user_data); - -void mock_module_enumerate_objects (CK_SESSION_HANDLE session, - mock_enumerator func, - void *user_data); - -void mock_module_add_object (CK_SLOT_ID slot_id, - const CK_ATTRIBUTE *attrs); - -void mock_module_reset (void); - -bool mock_module_initialized (void); - -void mock_module_take_object (CK_SLOT_ID slot_id, - CK_ATTRIBUTE *attrs); - -CK_RV mock_C_Initialize (CK_VOID_PTR init_args); - -CK_RV mock_C_Initialize__fails (CK_VOID_PTR init_args); - -CK_RV mock_X_Initialize (CK_X_FUNCTION_LIST *self, - CK_VOID_PTR init_args); - -CK_RV mock_X_Initialize__fails (CK_X_FUNCTION_LIST *self, - CK_VOID_PTR init_args); - -CK_RV mock_C_Finalize (CK_VOID_PTR reserved); - -CK_RV mock_X_Finalize (CK_X_FUNCTION_LIST *self, - CK_VOID_PTR reserved); - -CK_RV mock_C_GetInfo (CK_INFO_PTR info); - -CK_RV mock_X_GetInfo (CK_X_FUNCTION_LIST *self, - CK_INFO_PTR info); - -CK_RV mock_C_GetFunctionList_not_supported (CK_FUNCTION_LIST_PTR_PTR list); - -CK_RV mock_C_GetSlotList (CK_BBOOL token_present, - CK_SLOT_ID_PTR slot_list, - CK_ULONG_PTR count); - -CK_RV mock_C_GetSlotList__no_tokens (CK_BBOOL token_present, - CK_SLOT_ID_PTR slot_list, - CK_ULONG_PTR count); - -CK_RV mock_C_GetSlotList__fail_first (CK_BBOOL token_present, - CK_SLOT_ID_PTR slot_list, - CK_ULONG_PTR count); - -CK_RV mock_C_GetSlotList__fail_late (CK_BBOOL token_present, - CK_SLOT_ID_PTR slot_list, - CK_ULONG_PTR count); - -CK_RV mock_C_GetSlotInfo (CK_SLOT_ID slot_id, - CK_SLOT_INFO_PTR info); - -CK_RV mock_X_GetSlotList__no_tokens (CK_X_FUNCTION_LIST *self, - CK_BBOOL token_present, - CK_SLOT_ID_PTR slot_list, - CK_ULONG_PTR count); - -CK_RV mock_C_GetSlotInfo__invalid_slotid (CK_SLOT_ID slot_id, - CK_SLOT_INFO_PTR info); - -CK_RV mock_X_GetSlotInfo__invalid_slotid (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_SLOT_INFO_PTR info); - -CK_RV mock_C_GetTokenInfo (CK_SLOT_ID slot_id, - CK_TOKEN_INFO_PTR info); - -CK_RV mock_C_GetTokenInfo__invalid_slotid (CK_SLOT_ID slot_id, - CK_TOKEN_INFO_PTR info); - -CK_RV mock_X_GetTokenInfo__invalid_slotid (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_TOKEN_INFO_PTR info); - -CK_RV mock_C_GetTokenInfo__not_initialized (CK_SLOT_ID slot_id, - CK_TOKEN_INFO_PTR info); - -CK_RV mock_C_GetMechanismList (CK_SLOT_ID slot_id, - CK_MECHANISM_TYPE_PTR mechanism_list, - CK_ULONG_PTR count); - -CK_RV mock_C_GetMechanismList__invalid_slotid (CK_SLOT_ID slot_id, - CK_MECHANISM_TYPE_PTR mechanism_list, - CK_ULONG_PTR count); - -CK_RV mock_X_GetMechanismList__invalid_slotid (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_MECHANISM_TYPE_PTR mechanism_list, - CK_ULONG_PTR count); - -CK_RV mock_C_GetMechanismInfo (CK_SLOT_ID slot_id, - CK_MECHANISM_TYPE type, - CK_MECHANISM_INFO_PTR info); - -CK_RV mock_C_GetMechanismInfo__invalid_slotid (CK_SLOT_ID slot_id, - CK_MECHANISM_TYPE type, - CK_MECHANISM_INFO_PTR info); - -CK_RV mock_X_GetMechanismInfo__invalid_slotid (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_MECHANISM_TYPE type, - CK_MECHANISM_INFO_PTR info); - -CK_RV mock_C_InitToken__specific_args (CK_SLOT_ID slot_id, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len, - CK_UTF8CHAR_PTR label); - -CK_RV mock_C_InitToken__invalid_slotid (CK_SLOT_ID slot_id, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len, - CK_UTF8CHAR_PTR label); - -CK_RV mock_X_InitToken__invalid_slotid (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len, - CK_UTF8CHAR_PTR label); - - -CK_RV mock_C_WaitForSlotEvent (CK_FLAGS flags, - CK_SLOT_ID_PTR slot, - CK_VOID_PTR reserved); - -CK_RV mock_C_WaitForSlotEvent__no_event (CK_FLAGS flags, - CK_SLOT_ID_PTR slot, - CK_VOID_PTR reserved); - -CK_RV mock_X_WaitForSlotEvent__no_event (CK_X_FUNCTION_LIST *self, - CK_FLAGS flags, - CK_SLOT_ID_PTR slot, - CK_VOID_PTR reserved); - -CK_RV mock_C_OpenSession__invalid_slotid (CK_SLOT_ID slot_id, - CK_FLAGS flags, - CK_VOID_PTR user_data, - CK_NOTIFY callback, - CK_SESSION_HANDLE_PTR session); - -CK_RV mock_X_OpenSession__invalid_slotid (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_FLAGS flags, - CK_VOID_PTR user_data, - CK_NOTIFY callback, - CK_SESSION_HANDLE_PTR session); - -CK_RV mock_C_OpenSession__fails (CK_SLOT_ID slot_id, - CK_FLAGS flags, - CK_VOID_PTR user_data, - CK_NOTIFY callback, - CK_SESSION_HANDLE_PTR session); - -CK_RV mock_C_OpenSession (CK_SLOT_ID slot_id, - CK_FLAGS flags, - CK_VOID_PTR user_data, - CK_NOTIFY callback, - CK_SESSION_HANDLE_PTR session); - -CK_RV mock_C_CloseSession (CK_SESSION_HANDLE session); - -CK_RV mock_C_CloseSession__invalid_handle (CK_SESSION_HANDLE session); - -CK_RV mock_X_CloseSession__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session); - -CK_RV mock_C_CloseAllSessions (CK_SLOT_ID slot_id); - -CK_RV mock_C_CloseAllSessions__invalid_slotid (CK_SLOT_ID slot_id); - -CK_RV mock_X_CloseAllSessions__invalid_slotid (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id); - -CK_RV mock_C_GetFunctionStatus (CK_SESSION_HANDLE session); - -CK_RV mock_C_GetFunctionStatus__not_parallel (CK_SESSION_HANDLE session); - -CK_RV mock_C_CancelFunction (CK_SESSION_HANDLE session); - -CK_RV mock_C_CancelFunction__not_parallel (CK_SESSION_HANDLE session); - -CK_RV mock_C_GetSessionInfo (CK_SESSION_HANDLE session, - CK_SESSION_INFO_PTR info); - -CK_RV mock_C_GetSessionInfo__invalid_handle (CK_SESSION_HANDLE session, - CK_SESSION_INFO_PTR info); - -CK_RV mock_X_GetSessionInfo__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_SESSION_INFO_PTR info); - -CK_RV mock_C_InitPIN__specific_args (CK_SESSION_HANDLE session, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len); - -CK_RV mock_C_InitPIN__invalid_handle (CK_SESSION_HANDLE session, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len); - -CK_RV mock_X_InitPIN__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len); - -CK_RV mock_C_SetPIN__specific_args (CK_SESSION_HANDLE session, - CK_UTF8CHAR_PTR old_pin, - CK_ULONG old_pin_len, - CK_UTF8CHAR_PTR new_pin, - CK_ULONG new_pin_len); - -CK_RV mock_C_SetPIN__invalid_handle (CK_SESSION_HANDLE session, - CK_UTF8CHAR_PTR old_pin, - CK_ULONG old_pin_len, - CK_UTF8CHAR_PTR new_pin, - CK_ULONG new_pin_len); - -CK_RV mock_X_SetPIN__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_UTF8CHAR_PTR old_pin, - CK_ULONG old_pin_len, - CK_UTF8CHAR_PTR new_pin, - CK_ULONG new_pin_len); - -CK_RV mock_C_GetOperationState (CK_SESSION_HANDLE session, - CK_BYTE_PTR operation_state, - CK_ULONG_PTR operation_state_len); - -CK_RV mock_C_GetOperationState__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR operation_state, - CK_ULONG_PTR operation_state_len); - -CK_RV mock_X_GetOperationState__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR operation_state, - CK_ULONG_PTR operation_state_len); - -CK_RV mock_C_SetOperationState (CK_SESSION_HANDLE session, - CK_BYTE_PTR operation_state, - CK_ULONG operation_state_len, - CK_OBJECT_HANDLE encryption_key, - CK_OBJECT_HANDLE authentication_key); - -CK_RV mock_C_SetOperationState__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR operation_state, - CK_ULONG operation_state_len, - CK_OBJECT_HANDLE encryption_key, - CK_OBJECT_HANDLE authentication_key); - -CK_RV mock_X_SetOperationState__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR operation_state, - CK_ULONG operation_state_len, - CK_OBJECT_HANDLE encryption_key, - CK_OBJECT_HANDLE authentication_key); - -CK_RV mock_C_Login (CK_SESSION_HANDLE session, - CK_USER_TYPE user_type, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len); - -CK_RV mock_C_Login__invalid_handle (CK_SESSION_HANDLE session, - CK_USER_TYPE user_type, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len); - -CK_RV mock_X_Login__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_USER_TYPE user_type, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len); - -CK_RV mock_C_Logout (CK_SESSION_HANDLE session); - -CK_RV mock_C_Logout__invalid_handle (CK_SESSION_HANDLE session); - -CK_RV mock_X_Logout__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session); - -CK_RV mock_C_CreateObject (CK_SESSION_HANDLE session, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR object); - -CK_RV mock_C_CreateObject__invalid_handle (CK_SESSION_HANDLE session, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR new_object); - -CK_RV mock_X_CreateObject__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR new_object); - -CK_RV mock_C_CopyObject (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR new_object); - -CK_RV mock_C_CopyObject__invalid_handle (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR new_object); - -CK_RV mock_X_CopyObject__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR new_object); - -CK_RV mock_C_DestroyObject (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object); - -CK_RV mock_C_DestroyObject__invalid_handle (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object); - -CK_RV mock_X_DestroyObject__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object); - -CK_RV mock_C_GetObjectSize (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ULONG_PTR size); - -CK_RV mock_C_GetObjectSize__invalid_handle (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ULONG_PTR size); - -CK_RV mock_X_GetObjectSize__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ULONG_PTR size); - -CK_RV mock_C_GetAttributeValue (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count); - -CK_RV mock_C_GetAttributeValue__invalid_handle (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count); - -CK_RV mock_X_GetAttributeValue__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count); - -CK_RV mock_C_GetAttributeValue__fail_first (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count); - -CK_RV mock_C_GetAttributeValue__fail_late (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count); - -CK_RV mock_C_SetAttributeValue (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count); - -CK_RV mock_C_SetAttributeValue__invalid_handle (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count); - -CK_RV mock_X_SetAttributeValue__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count); - -CK_RV mock_C_FindObjectsInit (CK_SESSION_HANDLE session, - CK_ATTRIBUTE_PTR template, - CK_ULONG count); - -CK_RV mock_C_FindObjectsInit__invalid_handle (CK_SESSION_HANDLE session, - CK_ATTRIBUTE_PTR template, - CK_ULONG count); - -CK_RV mock_X_FindObjectsInit__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_ATTRIBUTE_PTR template, - CK_ULONG count); - -CK_RV mock_C_FindObjectsInit__fails (CK_SESSION_HANDLE session, - CK_ATTRIBUTE_PTR template, - CK_ULONG count); - -CK_RV mock_C_FindObjects (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE_PTR objects, - CK_ULONG max_object_count, - CK_ULONG_PTR object_count); - -CK_RV mock_C_FindObjects__invalid_handle (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE_PTR objects, - CK_ULONG max_count, - CK_ULONG_PTR count); - -CK_RV mock_X_FindObjects__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE_PTR objects, - CK_ULONG max_count, - CK_ULONG_PTR count); - -CK_RV mock_C_FindObjects__fails (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE_PTR objects, - CK_ULONG max_count, - CK_ULONG_PTR count); - -CK_RV mock_C_FindObjectsFinal (CK_SESSION_HANDLE session); - -CK_RV mock_C_FindObjectsFinal__invalid_handle (CK_SESSION_HANDLE session); - -CK_RV mock_X_FindObjectsFinal__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session); - -CK_RV mock_C_EncryptInit (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key); - -CK_RV mock_C_EncryptInit__invalid_handle (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key); - -CK_RV mock_X_EncryptInit__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key); - -CK_RV mock_C_Encrypt (CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR encrypted_data, - CK_ULONG_PTR encrypted_data_len); - -CK_RV mock_C_Encrypt__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR encrypted_data, - CK_ULONG_PTR encrypted_data_len); - -CK_RV mock_X_Encrypt__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR encrypted_data, - CK_ULONG_PTR encrypted_data_len); - -CK_RV mock_C_EncryptUpdate (CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR encrypted_part, - CK_ULONG_PTR encrypted_part_len); - -CK_RV mock_C_EncryptUpdate__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR encrypted_part, - CK_ULONG_PTR encrypted_part_len); - -CK_RV mock_X_EncryptUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR encrypted_part, - CK_ULONG_PTR encrypted_part_len); - -CK_RV mock_C_EncryptFinal (CK_SESSION_HANDLE session, - CK_BYTE_PTR last_encrypted_part, - CK_ULONG_PTR last_encrypted_part_len); - -CK_RV mock_C_EncryptFinal__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR last_part, - CK_ULONG_PTR last_part_len); - -CK_RV mock_X_EncryptFinal__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR last_part, - CK_ULONG_PTR last_part_len); - -CK_RV mock_C_DecryptInit (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key); - -CK_RV mock_C_DecryptInit__invalid_handle (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key); - -CK_RV mock_X_DecryptInit__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key); - -CK_RV mock_C_Decrypt (CK_SESSION_HANDLE session, - CK_BYTE_PTR encrypted_data, - CK_ULONG encrypted_data_len, - CK_BYTE_PTR data, - CK_ULONG_PTR data_len); - -CK_RV mock_C_Decrypt__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR enc_data, - CK_ULONG enc_data_len, - CK_BYTE_PTR data, - CK_ULONG_PTR data_len); - -CK_RV mock_X_Decrypt__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR enc_data, - CK_ULONG enc_data_len, - CK_BYTE_PTR data, - CK_ULONG_PTR data_len); - -CK_RV mock_C_DecryptUpdate (CK_SESSION_HANDLE session, - CK_BYTE_PTR encrypted_part, - CK_ULONG encrypted_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len); - -CK_RV mock_C_DecryptUpdate__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len); - -CK_RV mock_X_DecryptUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len); - -CK_RV mock_C_DecryptFinal (CK_SESSION_HANDLE session, - CK_BYTE_PTR last_part, - CK_ULONG_PTR last_part_len); - -CK_RV mock_C_DecryptFinal__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR last_part, - CK_ULONG_PTR last_part_len); - -CK_RV mock_X_DecryptFinal__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR last_part, - CK_ULONG_PTR last_part_len); - -CK_RV mock_C_DigestInit (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism); - -CK_RV mock_C_DigestInit__invalid_handle (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism); - -CK_RV mock_X_DigestInit__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism); - -CK_RV mock_C_Digest (CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len); - -CK_RV mock_C_Digest__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len); - -CK_RV mock_X_Digest__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len); - -CK_RV mock_C_DigestUpdate (CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len); - -CK_RV mock_C_DigestUpdate__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len); - -CK_RV mock_X_DigestUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len); - -CK_RV mock_C_DigestKey (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE key); - -CK_RV mock_C_DigestKey__invalid_handle (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE key); - -CK_RV mock_X_DigestKey__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE key); - -CK_RV mock_C_DigestFinal (CK_SESSION_HANDLE session, - CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len); - -CK_RV mock_C_DigestFinal__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len); - -CK_RV mock_X_DigestFinal__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len); - -CK_RV mock_C_SignInit (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key); - -CK_RV mock_C_SignInit__invalid_handle (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key); - -CK_RV mock_X_SignInit__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key); - -CK_RV mock_C_Sign (CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len); - -CK_RV mock_C_Sign__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len); - -CK_RV mock_X_Sign__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len); - -CK_RV mock_C_SignUpdate (CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len); - -CK_RV mock_C_SignUpdate__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len); - -CK_RV mock_X_SignUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len); - -CK_RV mock_C_SignFinal (CK_SESSION_HANDLE session, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len); - -CK_RV mock_C_SignFinal__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len); - -CK_RV mock_X_SignFinal__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len); - -CK_RV mock_C_SignRecoverInit (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key); - -CK_RV mock_C_SignRecoverInit__invalid_handle (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key); - -CK_RV mock_X_SignRecoverInit__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key); - -CK_RV mock_C_SignRecover (CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len); - -CK_RV mock_C_SignRecover__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len); - -CK_RV mock_X_SignRecover__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len); - -CK_RV mock_C_VerifyInit (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key); - -CK_RV mock_C_VerifyInit__invalid_handle (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key); - -CK_RV mock_X_VerifyInit__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key); - -CK_RV mock_C_Verify (CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR signature, - CK_ULONG signature_len); - -CK_RV mock_C_Verify__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR signature, - CK_ULONG signature_len); - -CK_RV mock_X_Verify__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR signature, - CK_ULONG signature_len); - -CK_RV mock_C_VerifyUpdate (CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len); - -CK_RV mock_C_VerifyUpdate__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len); - -CK_RV mock_X_VerifyUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len); - -CK_RV mock_C_VerifyFinal (CK_SESSION_HANDLE session, - CK_BYTE_PTR signature, - CK_ULONG signature_len); - -CK_RV mock_C_VerifyFinal__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR signature, - CK_ULONG signature_len); - -CK_RV mock_X_VerifyFinal__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR signature, - CK_ULONG signature_len); - -CK_RV mock_C_VerifyRecoverInit (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key); - -CK_RV mock_C_VerifyRecoverInit__invalid_handle (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key); - -CK_RV mock_X_VerifyRecoverInit__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key); - -CK_RV mock_C_VerifyRecover (CK_SESSION_HANDLE session, - CK_BYTE_PTR signature, - CK_ULONG signature_len, - CK_BYTE_PTR data, - CK_ULONG_PTR data_len); - -CK_RV mock_C_VerifyRecover__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR signature, - CK_ULONG signature_len, - CK_BYTE_PTR data, - CK_ULONG_PTR data_len); - -CK_RV mock_X_VerifyRecover__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR signature, - CK_ULONG signature_len, - CK_BYTE_PTR data, - CK_ULONG_PTR data_len); - -CK_RV mock_C_DigestEncryptUpdate (CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR encrypted_part, - CK_ULONG_PTR encrypted_part_len); - -CK_RV mock_C_DigestEncryptUpdate__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR enc_part, - CK_ULONG_PTR enc_part_len); - -CK_RV mock_X_DigestEncryptUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR enc_part, - CK_ULONG_PTR enc_part_len); - -CK_RV mock_C_DecryptDigestUpdate (CK_SESSION_HANDLE session, - CK_BYTE_PTR encrypted_part, - CK_ULONG encrypted_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len); - -CK_RV mock_C_DecryptDigestUpdate__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len); - -CK_RV mock_X_DecryptDigestUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len); - -CK_RV mock_C_SignEncryptUpdate (CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR encrypted_part, - CK_ULONG_PTR encrypted_part_len); - -CK_RV mock_C_SignEncryptUpdate__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR enc_part, - CK_ULONG_PTR enc_part_len); - -CK_RV mock_X_SignEncryptUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR enc_part, - CK_ULONG_PTR enc_part_len); - -CK_RV mock_C_DecryptVerifyUpdate (CK_SESSION_HANDLE session, - CK_BYTE_PTR encrypted_part, - CK_ULONG encrypted_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len); - -CK_RV mock_C_DecryptVerifyUpdate__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len); - -CK_RV mock_X_DecryptVerifyUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len); - -CK_RV mock_C_GenerateKey (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key); - -CK_RV mock_C_GenerateKey__invalid_handle (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key); - -CK_RV mock_X_GenerateKey__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key); - -CK_RV mock_C_GenerateKeyPair (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR public_key_template, - CK_ULONG public_key_count, - CK_ATTRIBUTE_PTR private_key_template, - CK_ULONG private_key_count, - CK_OBJECT_HANDLE_PTR public_key, - CK_OBJECT_HANDLE_PTR private_key); - -CK_RV mock_C_GenerateKeyPair__invalid_handle (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR pub_template, - CK_ULONG pub_count, - CK_ATTRIBUTE_PTR priv_template, - CK_ULONG priv_count, - CK_OBJECT_HANDLE_PTR pub_key, - CK_OBJECT_HANDLE_PTR priv_key); - -CK_RV mock_X_GenerateKeyPair__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR pub_template, - CK_ULONG pub_count, - CK_ATTRIBUTE_PTR priv_template, - CK_ULONG priv_count, - CK_OBJECT_HANDLE_PTR pub_key, - CK_OBJECT_HANDLE_PTR priv_key); - -CK_RV mock_C_WrapKey (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE wrapping_key, - CK_OBJECT_HANDLE key, - CK_BYTE_PTR wrapped_key, - CK_ULONG_PTR wrapped_key_len); - -CK_RV mock_C_WrapKey__invalid_handle (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE wrapping_key, - CK_OBJECT_HANDLE key, - CK_BYTE_PTR wrapped_key, - CK_ULONG_PTR wrapped_key_len); - -CK_RV mock_X_WrapKey__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE wrapping_key, - CK_OBJECT_HANDLE key, - CK_BYTE_PTR wrapped_key, - CK_ULONG_PTR wrapped_key_len); - -CK_RV mock_C_UnwrapKey (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE unwrapping_key, - CK_BYTE_PTR wrapped_key, - CK_ULONG wrapped_key_len, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key); - -CK_RV mock_C_UnwrapKey__invalid_handle (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE unwrapping_key, - CK_BYTE_PTR wrapped_key, - CK_ULONG wrapped_key_len, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key); - -CK_RV mock_X_UnwrapKey__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE unwrapping_key, - CK_BYTE_PTR wrapped_key, - CK_ULONG wrapped_key_len, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key); - -CK_RV mock_C_DeriveKey (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE base_key, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key); - -CK_RV mock_C_DeriveKey__invalid_handle (CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE base_key, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key); - -CK_RV mock_X_DeriveKey__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE base_key, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key); - -CK_RV mock_C_SeedRandom (CK_SESSION_HANDLE session, - CK_BYTE_PTR seed, - CK_ULONG seed_len); - -CK_RV mock_C_SeedRandom__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR seed, - CK_ULONG seed_len); - -CK_RV mock_X_SeedRandom__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR seed, - CK_ULONG seed_len); - -CK_RV mock_C_GenerateRandom (CK_SESSION_HANDLE session, - CK_BYTE_PTR random_data, - CK_ULONG random_len); - -CK_RV mock_C_GenerateRandom__invalid_handle (CK_SESSION_HANDLE session, - CK_BYTE_PTR random_data, - CK_ULONG random_len); - -CK_RV mock_X_GenerateRandom__invalid_handle (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR random_data, - CK_ULONG random_len); - -#endif /* __MOCK_H__ */ diff --git a/common/path.c b/common/path.c deleted file mode 100644 index 34c00cb..0000000 --- a/common/path.c +++ /dev/null @@ -1,325 +0,0 @@ -/* - * Copyright (c) 2005 Stefan Walter - * Copyright (c) 2011 Collabora Ltd. - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * - * CONTRIBUTORS - * Stef Walter - */ - -#include "config.h" - -#include "debug.h" -#include "message.h" -#include "path.h" - -#include -#include -#include -#include -#include - -#ifdef OS_UNIX -#include -#include -#endif - -#ifdef OS_WIN32 -#include -#endif - - -char * -p11_path_base (const char *path) -{ -#ifdef OS_WIN32 - const char *delims = "/\\"; -#else - const char *delims = "/"; -#endif - - const char *end; - const char *beg; - - return_val_if_fail (path != NULL, NULL); - - /* Any trailing slashes */ - end = path + strlen (path); - while (end != path) { - if (!strchr (delims, *(end - 1))) - break; - end--; - } - - /* Find the last slash after those */ - beg = end; - while (beg != path) { - if (strchr (delims, *(beg - 1))) - break; - beg--; - } - - return strndup (beg, end - beg); -} - -static inline bool -is_path_component_or_null (char ch) -{ - return (ch == '\0' || ch == '/' -#ifdef OS_WIN32 - || ch == '\\' -#endif - ); -} - -static char * -expand_homedir (const char *remainder) -{ - const char *env; - - if (getauxval (AT_SECURE)) { - errno = EPERM; - return NULL; - } - - while (remainder[0] && is_path_component_or_null (remainder[0])) - remainder++; - if (remainder[0] == '\0') - remainder = NULL; - - /* Expand $XDG_CONFIG_HOME */ - if (remainder != NULL && - strncmp (remainder, ".config", 7) == 0 && - is_path_component_or_null (remainder[7])) { - env = getenv ("XDG_CONFIG_HOME"); - if (env && env[0]) - return p11_path_build (env, remainder + 8, NULL); - } - - env = getenv ("HOME"); - if (env && env[0]) { - return p11_path_build (env, remainder, NULL); - - } else { -#ifdef OS_UNIX - char buf[1024]; - struct passwd pws; - struct passwd *pwd = NULL; - int error; - int ret; - - errno = 0; - ret = getpwuid_r (getuid (), &pws, buf, sizeof (buf), &pwd); - if (pwd == NULL) { - if (ret == 0) - error = ESRCH; - else - error = errno; - p11_message_err (error, "couldn't lookup home directory for user %d", getuid ()); - errno = error; - return NULL; - } - - return p11_path_build (pwd->pw_dir, remainder, NULL); - -#else /* OS_WIN32 */ - char directory[MAX_PATH + 1]; - - if (!SHGetSpecialFolderPathA (NULL, directory, CSIDL_PROFILE, TRUE)) { - p11_message ("couldn't lookup home directory for user"); - errno = ENOTDIR; - return NULL; - } - - return p11_path_build (directory, remainder, NULL); - -#endif /* OS_WIN32 */ - } -} - -char * -p11_path_expand (const char *path) -{ - return_val_if_fail (path != NULL, NULL); - - if (strncmp (path, "~", 1) == 0 && - is_path_component_or_null (path[1])) { - return expand_homedir (path + 1); - - } else { - return strdup (path); - } -} - -bool -p11_path_absolute (const char *path) -{ - return_val_if_fail (path != NULL, false); - - return (path[0] == '/') -#ifdef OS_WIN32 - || (path[0] != '\0' && path[1] == ':' && path[2] == '\\') -#endif - ; -} - -char * -p11_path_build (const char *path, - ...) -{ -#ifdef OS_WIN32 - const char delim = '\\'; -#else - const char delim = '/'; -#endif - const char *first = path; - char *built; - size_t len; - size_t at; - size_t num; - size_t until; - va_list va; - - return_val_if_fail (path != NULL, NULL); - - len = 1; - va_start (va, path); - while (path != NULL) { - len += strlen (path) + 1; - path = va_arg (va, const char *); - } - va_end (va); - - built = malloc (len + 1); - return_val_if_fail (built != NULL, NULL); - - at = 0; - path = first; - va_start (va, path); - while (path != NULL) { - num = strlen (path); - - /* Trim end of the path */ - until = (at > 0) ? 0 : 1; - while (num > until && is_path_component_or_null (path[num - 1])) - num--; - - if (at != 0) { - if (num == 0) - continue; - built[at++] = delim; - } - - assert (at + num < len); - memcpy (built + at, path, num); - at += num; - - path = va_arg (va, const char *); - - /* Trim beginning of path */ - while (path && path[0] && is_path_component_or_null (path[0])) - path++; - } - va_end (va); - - assert (at < len); - built[at] = '\0'; - return built; -} - -char * -p11_path_parent (const char *path) -{ - const char *e; - char *parent; - bool had = false; - - return_val_if_fail (path != NULL, NULL); - - /* Find the end of the last component */ - e = path + strlen (path); - while (e != path && is_path_component_or_null (*e)) - e--; - - /* Find the beginning of the last component */ - while (e != path && !is_path_component_or_null (*e)) { - had = true; - e--; - } - - /* Find the end of the last component */ - while (e != path && is_path_component_or_null (*e)) - e--; - - if (e == path) { - if (!had) - return NULL; - parent = strdup ("/"); - } else { - parent = strndup (path, (e - path) + 1); - } - - return_val_if_fail (parent != NULL, NULL); - return parent; -} - -bool -p11_path_prefix (const char *string, - const char *prefix) -{ - int a, b; - - return_val_if_fail (string != NULL, false); - return_val_if_fail (prefix != NULL, false); - - a = strlen (string); - b = strlen (prefix); - - return a > b && - strncmp (string, prefix, b) == 0 && - is_path_component_or_null (string[b]); -} - -void -p11_path_canon (char *name) -{ - static const char *VALID = - "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_"; - int i; - - return_if_fail (name != NULL); - - for (i = 0; name[i] != '\0'; i++) { - if (strchr (VALID, name[i]) == NULL) - name[i] = '_'; - } -} diff --git a/common/path.h b/common/path.h deleted file mode 100644 index 0b19a5d..0000000 --- a/common/path.h +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef P11_PATH_H__ -#define P11_PATH_H__ - -#include "compat.h" - -#ifdef OS_WIN32 -#define P11_PATH_SEP ";" -#define P11_PATH_SEP_C ';' -#else -#define P11_PATH_SEP ":" -#define P11_PATH_SEP_C ':' -#endif - -/* - * The semantics of both POSIX basename() and GNU asename() are so crappy that - * we just don't even bother. And what's worse is how it completely changes - * behavior if _GNU_SOURCE is defined. Nasty stuff. - */ -char * p11_path_base (const char *name); - -char * p11_path_expand (const char *path); - -char * p11_path_build (const char *path, - ...) GNUC_NULL_TERMINATED; - -bool p11_path_absolute (const char *path); - -char * p11_path_parent (const char *path); - -bool p11_path_prefix (const char *string, - const char *prefix); - -void p11_path_canon (char *name); - -#endif /* P11_PATH_H__ */ diff --git a/common/pkcs11.h b/common/pkcs11.h deleted file mode 100644 index f8dc78e..0000000 --- a/common/pkcs11.h +++ /dev/null @@ -1,1398 +0,0 @@ -/* pkcs11.h - Copyright 2006, 2007 g10 Code GmbH - Copyright 2006 Andreas Jellinghaus - - This file is free software; as a special exception the author gives - unlimited permission to copy and/or distribute it, with or without - modifications, as long as this notice is preserved. - - This file is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY, to the extent permitted by law; without even - the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR - PURPOSE. */ - -/* Please submit changes back to the Scute project at - http://www.scute.org/ (or send them to marcus@g10code.com), so that - they can be picked up by other projects from there as well. */ - -/* This file is a modified implementation of the PKCS #11 standard by - RSA Security Inc. It is mostly a drop-in replacement, with the - following change: - - This header file does not require any macro definitions by the user - (like CK_DEFINE_FUNCTION etc). In fact, it defines those macros - for you (if useful, some are missing, let me know if you need - more). - - There is an additional API available that does comply better to the - GNU coding standard. It can be switched on by defining - CRYPTOKI_GNU before including this header file. For this, the - following changes are made to the specification: - - All structure types are changed to a "struct ck_foo" where CK_FOO - is the type name in PKCS #11. - - All non-structure types are changed to ck_foo_t where CK_FOO is the - lowercase version of the type name in PKCS #11. The basic types - (CK_ULONG et al.) are removed without substitute. - - All members of structures are modified in the following way: Type - indication prefixes are removed, and underscore characters are - inserted before words. Then the result is lowercased. - - Note that function names are still in the original case, as they - need for ABI compatibility. - - CK_FALSE, CK_TRUE and NULL_PTR are removed without substitute. Use - . - - If CRYPTOKI_COMPAT is defined before including this header file, - then none of the API changes above take place, and the API is the - one defined by the PKCS #11 standard. */ - -#ifndef PKCS11_H -#define PKCS11_H 1 - -#if defined(__cplusplus) -extern "C" { -#endif - - -/* The version of cryptoki we implement. The revision is changed with - each modification of this file. If you do not use the "official" - version of this file, please consider deleting the revision macro - (you may use a macro with a different name to keep track of your - versions). */ -#define CRYPTOKI_VERSION_MAJOR 2 -#define CRYPTOKI_VERSION_MINOR 20 -#define CRYPTOKI_VERSION_REVISION 6 - - -/* Compatibility interface is default, unless CRYPTOKI_GNU is - given. */ -#ifndef CRYPTOKI_GNU -#ifndef CRYPTOKI_COMPAT -#define CRYPTOKI_COMPAT 1 -#endif -#endif - -/* System dependencies. */ - -#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32) - -/* There is a matching pop below. */ -#pragma pack(push, cryptoki, 1) - -#ifdef CRYPTOKI_EXPORTS -#define CK_SPEC __declspec(dllexport) -#else -#define CK_SPEC __declspec(dllimport) -#endif - -#else - -#define CK_SPEC - -#endif - - -#ifdef CRYPTOKI_COMPAT - /* If we are in compatibility mode, switch all exposed names to the - PKCS #11 variant. There are corresponding #undefs below. */ - -#define ck_flags_t CK_FLAGS -#define ck_version _CK_VERSION - -#define ck_info _CK_INFO -#define cryptoki_version cryptokiVersion -#define manufacturer_id manufacturerID -#define library_description libraryDescription -#define library_version libraryVersion - -#define ck_notification_t CK_NOTIFICATION -#define ck_slot_id_t CK_SLOT_ID - -#define ck_slot_info _CK_SLOT_INFO -#define slot_description slotDescription -#define hardware_version hardwareVersion -#define firmware_version firmwareVersion - -#define ck_token_info _CK_TOKEN_INFO -#define serial_number serialNumber -#define max_session_count ulMaxSessionCount -#define session_count ulSessionCount -#define max_rw_session_count ulMaxRwSessionCount -#define rw_session_count ulRwSessionCount -#define max_pin_len ulMaxPinLen -#define min_pin_len ulMinPinLen -#define total_public_memory ulTotalPublicMemory -#define free_public_memory ulFreePublicMemory -#define total_private_memory ulTotalPrivateMemory -#define free_private_memory ulFreePrivateMemory -#define utc_time utcTime - -#define ck_session_handle_t CK_SESSION_HANDLE -#define ck_user_type_t CK_USER_TYPE -#define ck_state_t CK_STATE - -#define ck_session_info _CK_SESSION_INFO -#define slot_id slotID -#define device_error ulDeviceError - -#define ck_object_handle_t CK_OBJECT_HANDLE -#define ck_object_class_t CK_OBJECT_CLASS -#define ck_hw_feature_type_t CK_HW_FEATURE_TYPE -#define ck_key_type_t CK_KEY_TYPE -#define ck_certificate_type_t CK_CERTIFICATE_TYPE -#define ck_attribute_type_t CK_ATTRIBUTE_TYPE - -#define ck_attribute _CK_ATTRIBUTE -#define value pValue -#define value_len ulValueLen - -#define ck_date _CK_DATE - -#define ck_mechanism_type_t CK_MECHANISM_TYPE - -#define ck_mechanism _CK_MECHANISM -#define parameter pParameter -#define parameter_len ulParameterLen - -#define ck_mechanism_info _CK_MECHANISM_INFO -#define min_key_size ulMinKeySize -#define max_key_size ulMaxKeySize - -#define ck_rv_t CK_RV -#define ck_notify_t CK_NOTIFY - -#define ck_function_list _CK_FUNCTION_LIST - -#define ck_createmutex_t CK_CREATEMUTEX -#define ck_destroymutex_t CK_DESTROYMUTEX -#define ck_lockmutex_t CK_LOCKMUTEX -#define ck_unlockmutex_t CK_UNLOCKMUTEX - -#define ck_c_initialize_args _CK_C_INITIALIZE_ARGS -#define create_mutex CreateMutex -#define destroy_mutex DestroyMutex -#define lock_mutex LockMutex -#define unlock_mutex UnlockMutex -#define reserved pReserved - -#endif /* CRYPTOKI_COMPAT */ - - - -typedef unsigned long ck_flags_t; - -struct ck_version -{ - unsigned char major; - unsigned char minor; -}; - - -struct ck_info -{ - struct ck_version cryptoki_version; - unsigned char manufacturer_id[32]; - ck_flags_t flags; - unsigned char library_description[32]; - struct ck_version library_version; -}; - - -typedef unsigned long ck_notification_t; - -#define CKN_SURRENDER (0UL) - - -typedef unsigned long ck_slot_id_t; - - -struct ck_slot_info -{ - unsigned char slot_description[64]; - unsigned char manufacturer_id[32]; - ck_flags_t flags; - struct ck_version hardware_version; - struct ck_version firmware_version; -}; - - -#define CKF_TOKEN_PRESENT (1UL << 0) -#define CKF_REMOVABLE_DEVICE (1UL << 1) -#define CKF_HW_SLOT (1UL << 2) -#define CKF_ARRAY_ATTRIBUTE (1UL << 30) - - -struct ck_token_info -{ - unsigned char label[32]; - unsigned char manufacturer_id[32]; - unsigned char model[16]; - unsigned char serial_number[16]; - ck_flags_t flags; - unsigned long max_session_count; - unsigned long session_count; - unsigned long max_rw_session_count; - unsigned long rw_session_count; - unsigned long max_pin_len; - unsigned long min_pin_len; - unsigned long total_public_memory; - unsigned long free_public_memory; - unsigned long total_private_memory; - unsigned long free_private_memory; - struct ck_version hardware_version; - struct ck_version firmware_version; - unsigned char utc_time[16]; -}; - - -#define CKF_RNG (1UL << 0) -#define CKF_WRITE_PROTECTED (1UL << 1) -#define CKF_LOGIN_REQUIRED (1UL << 2) -#define CKF_USER_PIN_INITIALIZED (1UL << 3) -#define CKF_RESTORE_KEY_NOT_NEEDED (1UL << 5) -#define CKF_CLOCK_ON_TOKEN (1UL << 6) -#define CKF_PROTECTED_AUTHENTICATION_PATH (1UL << 8) -#define CKF_DUAL_CRYPTO_OPERATIONS (1UL << 9) -#define CKF_TOKEN_INITIALIZED (1UL << 10) -#define CKF_SECONDARY_AUTHENTICATION (1UL << 11) -#define CKF_USER_PIN_COUNT_LOW (1UL << 16) -#define CKF_USER_PIN_FINAL_TRY (1UL << 17) -#define CKF_USER_PIN_LOCKED (1UL << 18) -#define CKF_USER_PIN_TO_BE_CHANGED (1UL << 19) -#define CKF_SO_PIN_COUNT_LOW (1UL << 20) -#define CKF_SO_PIN_FINAL_TRY (1UL << 21) -#define CKF_SO_PIN_LOCKED (1UL << 22) -#define CKF_SO_PIN_TO_BE_CHANGED (1UL << 23) - -#define CK_UNAVAILABLE_INFORMATION ((unsigned long)-1L) -#define CK_EFFECTIVELY_INFINITE (0UL) - - -typedef unsigned long ck_session_handle_t; - -#define CK_INVALID_HANDLE (0UL) - - -typedef unsigned long ck_user_type_t; - -#define CKU_SO (0UL) -#define CKU_USER (1UL) -#define CKU_CONTEXT_SPECIFIC (2UL) - - -typedef unsigned long ck_state_t; - -#define CKS_RO_PUBLIC_SESSION (0UL) -#define CKS_RO_USER_FUNCTIONS (1UL) -#define CKS_RW_PUBLIC_SESSION (2UL) -#define CKS_RW_USER_FUNCTIONS (3UL) -#define CKS_RW_SO_FUNCTIONS (4UL) - - -struct ck_session_info -{ - ck_slot_id_t slot_id; - ck_state_t state; - ck_flags_t flags; - unsigned long device_error; -}; - -#define CKF_RW_SESSION (1UL << 1) -#define CKF_SERIAL_SESSION (1UL << 2) - - -typedef unsigned long ck_object_handle_t; - - -typedef unsigned long ck_object_class_t; - -#define CKO_DATA (0UL) -#define CKO_CERTIFICATE (1UL) -#define CKO_PUBLIC_KEY (2UL) -#define CKO_PRIVATE_KEY (3UL) -#define CKO_SECRET_KEY (4UL) -#define CKO_HW_FEATURE (5UL) -#define CKO_DOMAIN_PARAMETERS (6UL) -#define CKO_MECHANISM (7UL) -#define CKO_VENDOR_DEFINED ((unsigned long) (1UL << 31)) - - -typedef unsigned long ck_hw_feature_type_t; - -#define CKH_MONOTONIC_COUNTER (1UL) -#define CKH_CLOCK (2UL) -#define CKH_USER_INTERFACE (3UL) -#define CKH_VENDOR_DEFINED ((unsigned long) (1UL << 31)) - - -typedef unsigned long ck_key_type_t; - -#define CKK_RSA (0UL) -#define CKK_DSA (1UL) -#define CKK_DH (2UL) -#define CKK_ECDSA (3UL) -#define CKK_EC (3UL) -#define CKK_X9_42_DH (4UL) -#define CKK_KEA (5UL) -#define CKK_GENERIC_SECRET (0x10UL) -#define CKK_RC2 (0x11UL) -#define CKK_RC4 (0x12UL) -#define CKK_DES (0x13UL) -#define CKK_DES2 (0x14UL) -#define CKK_DES3 (0x15UL) -#define CKK_CAST (0x16UL) -#define CKK_CAST3 (0x17UL) -#define CKK_CAST128 (0x18UL) -#define CKK_RC5 (0x19UL) -#define CKK_IDEA (0x1aUL) -#define CKK_SKIPJACK (0x1bUL) -#define CKK_BATON (0x1cUL) -#define CKK_JUNIPER (0x1dUL) -#define CKK_CDMF (0x1eUL) -#define CKK_AES (0x1fUL) -#define CKK_BLOWFISH (0x20UL) -#define CKK_TWOFISH (0x21UL) -#define CKK_VENDOR_DEFINED ((unsigned long) (1UL << 31)) - - -typedef unsigned long ck_certificate_type_t; - -#define CKC_X_509 (0UL) -#define CKC_X_509_ATTR_CERT (1UL) -#define CKC_WTLS (2UL) -#define CKC_VENDOR_DEFINED ((unsigned long) (1UL << 31)) - - -typedef unsigned long ck_attribute_type_t; - -#define CKA_CLASS (0UL) -#define CKA_TOKEN (1UL) -#define CKA_PRIVATE (2UL) -#define CKA_LABEL (3UL) -#define CKA_APPLICATION (0x10UL) -#define CKA_VALUE (0x11UL) -#define CKA_OBJECT_ID (0x12UL) -#define CKA_CERTIFICATE_TYPE (0x80UL) -#define CKA_ISSUER (0x81UL) -#define CKA_SERIAL_NUMBER (0x82UL) -#define CKA_AC_ISSUER (0x83UL) -#define CKA_OWNER (0x84UL) -#define CKA_ATTR_TYPES (0x85UL) -#define CKA_TRUSTED (0x86UL) -#define CKA_CERTIFICATE_CATEGORY (0x87UL) -#define CKA_JAVA_MIDP_SECURITY_DOMAIN (0x88UL) -#define CKA_URL (0x89UL) -#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY (0x8aUL) -#define CKA_HASH_OF_ISSUER_PUBLIC_KEY (0x8bUL) -#define CKA_CHECK_VALUE (0x90UL) -#define CKA_KEY_TYPE (0x100UL) -#define CKA_SUBJECT (0x101UL) -#define CKA_ID (0x102UL) -#define CKA_SENSITIVE (0x103UL) -#define CKA_ENCRYPT (0x104UL) -#define CKA_DECRYPT (0x105UL) -#define CKA_WRAP (0x106UL) -#define CKA_UNWRAP (0x107UL) -#define CKA_SIGN (0x108UL) -#define CKA_SIGN_RECOVER (0x109UL) -#define CKA_VERIFY (0x10aUL) -#define CKA_VERIFY_RECOVER (0x10bUL) -#define CKA_DERIVE (0x10cUL) -#define CKA_START_DATE (0x110UL) -#define CKA_END_DATE (0x111UL) -#define CKA_MODULUS (0x120UL) -#define CKA_MODULUS_BITS (0x121UL) -#define CKA_PUBLIC_EXPONENT (0x122UL) -#define CKA_PRIVATE_EXPONENT (0x123UL) -#define CKA_PRIME_1 (0x124UL) -#define CKA_PRIME_2 (0x125UL) -#define CKA_EXPONENT_1 (0x126UL) -#define CKA_EXPONENT_2 (0x127UL) -#define CKA_COEFFICIENT (0x128UL) -#define CKA_PRIME (0x130UL) -#define CKA_SUBPRIME (0x131UL) -#define CKA_BASE (0x132UL) -#define CKA_PRIME_BITS (0x133UL) -#define CKA_SUB_PRIME_BITS (0x134UL) -#define CKA_VALUE_BITS (0x160UL) -#define CKA_VALUE_LEN (0x161UL) -#define CKA_EXTRACTABLE (0x162UL) -#define CKA_LOCAL (0x163UL) -#define CKA_NEVER_EXTRACTABLE (0x164UL) -#define CKA_ALWAYS_SENSITIVE (0x165UL) -#define CKA_KEY_GEN_MECHANISM (0x166UL) -#define CKA_MODIFIABLE (0x170UL) -#define CKA_ECDSA_PARAMS (0x180UL) -#define CKA_EC_PARAMS (0x180UL) -#define CKA_EC_POINT (0x181UL) -#define CKA_SECONDARY_AUTH (0x200UL) -#define CKA_AUTH_PIN_FLAGS (0x201UL) -#define CKA_ALWAYS_AUTHENTICATE (0x202UL) -#define CKA_WRAP_WITH_TRUSTED (0x210UL) -#define CKA_HW_FEATURE_TYPE (0x300UL) -#define CKA_RESET_ON_INIT (0x301UL) -#define CKA_HAS_RESET (0x302UL) -#define CKA_PIXEL_X (0x400UL) -#define CKA_PIXEL_Y (0x401UL) -#define CKA_RESOLUTION (0x402UL) -#define CKA_CHAR_ROWS (0x403UL) -#define CKA_CHAR_COLUMNS (0x404UL) -#define CKA_COLOR (0x405UL) -#define CKA_BITS_PER_PIXEL (0x406UL) -#define CKA_CHAR_SETS (0x480UL) -#define CKA_ENCODING_METHODS (0x481UL) -#define CKA_MIME_TYPES (0x482UL) -#define CKA_MECHANISM_TYPE (0x500UL) -#define CKA_REQUIRED_CMS_ATTRIBUTES (0x501UL) -#define CKA_DEFAULT_CMS_ATTRIBUTES (0x502UL) -#define CKA_SUPPORTED_CMS_ATTRIBUTES (0x503UL) -#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x211UL) -#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x212UL) -#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE | 0x600UL) -#define CKA_VENDOR_DEFINED ((unsigned long) (1UL << 31)) - - -struct ck_attribute -{ - ck_attribute_type_t type; - void *value; - unsigned long value_len; -}; - - -struct ck_date -{ - unsigned char year[4]; - unsigned char month[2]; - unsigned char day[2]; -}; - - -typedef unsigned long ck_mechanism_type_t; - -#define CKM_RSA_PKCS_KEY_PAIR_GEN (0UL) -#define CKM_RSA_PKCS (1UL) -#define CKM_RSA_9796 (2UL) -#define CKM_RSA_X_509 (3UL) -#define CKM_MD2_RSA_PKCS (4UL) -#define CKM_MD5_RSA_PKCS (5UL) -#define CKM_SHA1_RSA_PKCS (6UL) -#define CKM_RIPEMD128_RSA_PKCS (7UL) -#define CKM_RIPEMD160_RSA_PKCS (8UL) -#define CKM_RSA_PKCS_OAEP (9UL) -#define CKM_RSA_X9_31_KEY_PAIR_GEN (0xaUL) -#define CKM_RSA_X9_31 (0xbUL) -#define CKM_SHA1_RSA_X9_31 (0xcUL) -#define CKM_RSA_PKCS_PSS (0xdUL) -#define CKM_SHA1_RSA_PKCS_PSS (0xeUL) -#define CKM_DSA_KEY_PAIR_GEN (0x10UL) -#define CKM_DSA (0x11UL) -#define CKM_DSA_SHA1 (0x12UL) -#define CKM_DH_PKCS_KEY_PAIR_GEN (0x20UL) -#define CKM_DH_PKCS_DERIVE (0x21UL) -#define CKM_X9_42_DH_KEY_PAIR_GEN (0x30UL) -#define CKM_X9_42_DH_DERIVE (0x31UL) -#define CKM_X9_42_DH_HYBRID_DERIVE (0x32UL) -#define CKM_X9_42_MQV_DERIVE (0x33UL) -#define CKM_SHA256_RSA_PKCS (0x40UL) -#define CKM_SHA384_RSA_PKCS (0x41UL) -#define CKM_SHA512_RSA_PKCS (0x42UL) -#define CKM_SHA256_RSA_PKCS_PSS (0x43UL) -#define CKM_SHA384_RSA_PKCS_PSS (0x44UL) -#define CKM_SHA512_RSA_PKCS_PSS (0x45UL) -#define CKM_RC2_KEY_GEN (0x100UL) -#define CKM_RC2_ECB (0x101UL) -#define CKM_RC2_CBC (0x102UL) -#define CKM_RC2_MAC (0x103UL) -#define CKM_RC2_MAC_GENERAL (0x104UL) -#define CKM_RC2_CBC_PAD (0x105UL) -#define CKM_RC4_KEY_GEN (0x110UL) -#define CKM_RC4 (0x111UL) -#define CKM_DES_KEY_GEN (0x120UL) -#define CKM_DES_ECB (0x121UL) -#define CKM_DES_CBC (0x122UL) -#define CKM_DES_MAC (0x123UL) -#define CKM_DES_MAC_GENERAL (0x124UL) -#define CKM_DES_CBC_PAD (0x125UL) -#define CKM_DES2_KEY_GEN (0x130UL) -#define CKM_DES3_KEY_GEN (0x131UL) -#define CKM_DES3_ECB (0x132UL) -#define CKM_DES3_CBC (0x133UL) -#define CKM_DES3_MAC (0x134UL) -#define CKM_DES3_MAC_GENERAL (0x135UL) -#define CKM_DES3_CBC_PAD (0x136UL) -#define CKM_CDMF_KEY_GEN (0x140UL) -#define CKM_CDMF_ECB (0x141UL) -#define CKM_CDMF_CBC (0x142UL) -#define CKM_CDMF_MAC (0x143UL) -#define CKM_CDMF_MAC_GENERAL (0x144UL) -#define CKM_CDMF_CBC_PAD (0x145UL) -#define CKM_DES_OFB64 (0x150UL) -#define CKM_DES_OFB8 (0x151UL) -#define CKM_DES_CFB64 (0x152UL) -#define CKM_DES_CFB8 (0x153UL) -#define CKM_MD2 (0x200UL) -#define CKM_MD2_HMAC (0x201UL) -#define CKM_MD2_HMAC_GENERAL (0x202UL) -#define CKM_MD5 (0x210UL) -#define CKM_MD5_HMAC (0x211UL) -#define CKM_MD5_HMAC_GENERAL (0x212UL) -#define CKM_SHA_1 (0x220UL) -#define CKM_SHA_1_HMAC (0x221UL) -#define CKM_SHA_1_HMAC_GENERAL (0x222UL) -#define CKM_RIPEMD128 (0x230UL) -#define CKM_RIPEMD128_HMAC (0x231UL) -#define CKM_RIPEMD128_HMAC_GENERAL (0x232UL) -#define CKM_RIPEMD160 (0x240UL) -#define CKM_RIPEMD160_HMAC (0x241UL) -#define CKM_RIPEMD160_HMAC_GENERAL (0x242UL) -#define CKM_SHA256 (0x250UL) -#define CKM_SHA256_HMAC (0x251UL) -#define CKM_SHA256_HMAC_GENERAL (0x252UL) -#define CKM_SHA384 (0x260UL) -#define CKM_SHA384_HMAC (0x261UL) -#define CKM_SHA384_HMAC_GENERAL (0x262UL) -#define CKM_SHA512 (0x270UL) -#define CKM_SHA512_HMAC (0x271UL) -#define CKM_SHA512_HMAC_GENERAL (0x272UL) -#define CKM_CAST_KEY_GEN (0x300UL) -#define CKM_CAST_ECB (0x301UL) -#define CKM_CAST_CBC (0x302UL) -#define CKM_CAST_MAC (0x303UL) -#define CKM_CAST_MAC_GENERAL (0x304UL) -#define CKM_CAST_CBC_PAD (0x305UL) -#define CKM_CAST3_KEY_GEN (0x310UL) -#define CKM_CAST3_ECB (0x311UL) -#define CKM_CAST3_CBC (0x312UL) -#define CKM_CAST3_MAC (0x313UL) -#define CKM_CAST3_MAC_GENERAL (0x314UL) -#define CKM_CAST3_CBC_PAD (0x315UL) -#define CKM_CAST5_KEY_GEN (0x320UL) -#define CKM_CAST128_KEY_GEN (0x320UL) -#define CKM_CAST5_ECB (0x321UL) -#define CKM_CAST128_ECB (0x321UL) -#define CKM_CAST5_CBC (0x322UL) -#define CKM_CAST128_CBC (0x322UL) -#define CKM_CAST5_MAC (0x323UL) -#define CKM_CAST128_MAC (0x323UL) -#define CKM_CAST5_MAC_GENERAL (0x324UL) -#define CKM_CAST128_MAC_GENERAL (0x324UL) -#define CKM_CAST5_CBC_PAD (0x325UL) -#define CKM_CAST128_CBC_PAD (0x325UL) -#define CKM_RC5_KEY_GEN (0x330UL) -#define CKM_RC5_ECB (0x331UL) -#define CKM_RC5_CBC (0x332UL) -#define CKM_RC5_MAC (0x333UL) -#define CKM_RC5_MAC_GENERAL (0x334UL) -#define CKM_RC5_CBC_PAD (0x335UL) -#define CKM_IDEA_KEY_GEN (0x340UL) -#define CKM_IDEA_ECB (0x341UL) -#define CKM_IDEA_CBC (0x342UL) -#define CKM_IDEA_MAC (0x343UL) -#define CKM_IDEA_MAC_GENERAL (0x344UL) -#define CKM_IDEA_CBC_PAD (0x345UL) -#define CKM_GENERIC_SECRET_KEY_GEN (0x350UL) -#define CKM_CONCATENATE_BASE_AND_KEY (0x360UL) -#define CKM_CONCATENATE_BASE_AND_DATA (0x362UL) -#define CKM_CONCATENATE_DATA_AND_BASE (0x363UL) -#define CKM_XOR_BASE_AND_DATA (0x364UL) -#define CKM_EXTRACT_KEY_FROM_KEY (0x365UL) -#define CKM_SSL3_PRE_MASTER_KEY_GEN (0x370UL) -#define CKM_SSL3_MASTER_KEY_DERIVE (0x371UL) -#define CKM_SSL3_KEY_AND_MAC_DERIVE (0x372UL) -#define CKM_SSL3_MASTER_KEY_DERIVE_DH (0x373UL) -#define CKM_TLS_PRE_MASTER_KEY_GEN (0x374UL) -#define CKM_TLS_MASTER_KEY_DERIVE (0x375UL) -#define CKM_TLS_KEY_AND_MAC_DERIVE (0x376UL) -#define CKM_TLS_MASTER_KEY_DERIVE_DH (0x377UL) -#define CKM_TLS_PRF (0x378UL) -#define CKM_SSL3_MD5_MAC (0x380UL) -#define CKM_SSL3_SHA1_MAC (0x381UL) -#define CKM_MD5_KEY_DERIVATION (0x390UL) -#define CKM_MD2_KEY_DERIVATION (0x391UL) -#define CKM_SHA1_KEY_DERIVATION (0x392UL) -#define CKM_SHA256_KEY_DERIVATION (0x393UL) -#define CKM_SHA384_KEY_DERIVATION (0x394UL) -#define CKM_SHA512_KEY_DERIVATION (0x395UL) -#define CKM_PBE_MD2_DES_CBC (0x3a0UL) -#define CKM_PBE_MD5_DES_CBC (0x3a1UL) -#define CKM_PBE_MD5_CAST_CBC (0x3a2UL) -#define CKM_PBE_MD5_CAST3_CBC (0x3a3UL) -#define CKM_PBE_MD5_CAST5_CBC (0x3a4UL) -#define CKM_PBE_MD5_CAST128_CBC (0x3a4UL) -#define CKM_PBE_SHA1_CAST5_CBC (0x3a5UL) -#define CKM_PBE_SHA1_CAST128_CBC (0x3a5UL) -#define CKM_PBE_SHA1_RC4_128 (0x3a6UL) -#define CKM_PBE_SHA1_RC4_40 (0x3a7UL) -#define CKM_PBE_SHA1_DES3_EDE_CBC (0x3a8UL) -#define CKM_PBE_SHA1_DES2_EDE_CBC (0x3a9UL) -#define CKM_PBE_SHA1_RC2_128_CBC (0x3aaUL) -#define CKM_PBE_SHA1_RC2_40_CBC (0x3abUL) -#define CKM_PKCS5_PBKD2 (0x3b0UL) -#define CKM_PBA_SHA1_WITH_SHA1_HMAC (0x3c0UL) -#define CKM_WTLS_PRE_MASTER_KEY_GEN (0x3d0UL) -#define CKM_WTLS_MASTER_KEY_DERIVE (0x3d1UL) -#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC (0x3d2UL) -#define CKM_WTLS_PRF (0x3d3UL) -#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE (0x3d4UL) -#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE (0x3d5UL) -#define CKM_KEY_WRAP_LYNKS (0x400UL) -#define CKM_KEY_WRAP_SET_OAEP (0x401UL) -#define CKM_CMS_SIG (0x500UL) -#define CKM_SKIPJACK_KEY_GEN (0x1000UL) -#define CKM_SKIPJACK_ECB64 (0x1001UL) -#define CKM_SKIPJACK_CBC64 (0x1002UL) -#define CKM_SKIPJACK_OFB64 (0x1003UL) -#define CKM_SKIPJACK_CFB64 (0x1004UL) -#define CKM_SKIPJACK_CFB32 (0x1005UL) -#define CKM_SKIPJACK_CFB16 (0x1006UL) -#define CKM_SKIPJACK_CFB8 (0x1007UL) -#define CKM_SKIPJACK_WRAP (0x1008UL) -#define CKM_SKIPJACK_PRIVATE_WRAP (0x1009UL) -#define CKM_SKIPJACK_RELAYX (0x100aUL) -#define CKM_KEA_KEY_PAIR_GEN (0x1010UL) -#define CKM_KEA_KEY_DERIVE (0x1011UL) -#define CKM_FORTEZZA_TIMESTAMP (0x1020UL) -#define CKM_BATON_KEY_GEN (0x1030UL) -#define CKM_BATON_ECB128 (0x1031UL) -#define CKM_BATON_ECB96 (0x1032UL) -#define CKM_BATON_CBC128 (0x1033UL) -#define CKM_BATON_COUNTER (0x1034UL) -#define CKM_BATON_SHUFFLE (0x1035UL) -#define CKM_BATON_WRAP (0x1036UL) -#define CKM_ECDSA_KEY_PAIR_GEN (0x1040UL) -#define CKM_EC_KEY_PAIR_GEN (0x1040UL) -#define CKM_ECDSA (0x1041UL) -#define CKM_ECDSA_SHA1 (0x1042UL) -#define CKM_ECDH1_DERIVE (0x1050UL) -#define CKM_ECDH1_COFACTOR_DERIVE (0x1051UL) -#define CKM_ECMQV_DERIVE (0x1052UL) -#define CKM_JUNIPER_KEY_GEN (0x1060UL) -#define CKM_JUNIPER_ECB128 (0x1061UL) -#define CKM_JUNIPER_CBC128 (0x1062UL) -#define CKM_JUNIPER_COUNTER (0x1063UL) -#define CKM_JUNIPER_SHUFFLE (0x1064UL) -#define CKM_JUNIPER_WRAP (0x1065UL) -#define CKM_FASTHASH (0x1070UL) -#define CKM_AES_KEY_GEN (0x1080UL) -#define CKM_AES_ECB (0x1081UL) -#define CKM_AES_CBC (0x1082UL) -#define CKM_AES_MAC (0x1083UL) -#define CKM_AES_MAC_GENERAL (0x1084UL) -#define CKM_AES_CBC_PAD (0x1085UL) -#define CKM_BLOWFISH_KEY_GEN (0x1090UL) -#define CKM_BLOWFISH_CBC (0x1091UL) -#define CKM_TWOFISH_KEY_GEN (0x1092UL) -#define CKM_TWOFISH_CBC (0x1093UL) -#define CKM_DES_ECB_ENCRYPT_DATA (0x1100UL) -#define CKM_DES_CBC_ENCRYPT_DATA (0x1101UL) -#define CKM_DES3_ECB_ENCRYPT_DATA (0x1102UL) -#define CKM_DES3_CBC_ENCRYPT_DATA (0x1103UL) -#define CKM_AES_ECB_ENCRYPT_DATA (0x1104UL) -#define CKM_AES_CBC_ENCRYPT_DATA (0x1105UL) -#define CKM_DSA_PARAMETER_GEN (0x2000UL) -#define CKM_DH_PKCS_PARAMETER_GEN (0x2001UL) -#define CKM_X9_42_DH_PARAMETER_GEN (0x2002UL) -#define CKM_VENDOR_DEFINED ((unsigned long) (1UL << 31)) - -/* Ammendments */ -#define CKM_SHA224 (0x255UL) -#define CKM_SHA224_HMAC (0x256UL) -#define CKM_SHA224_HMAC_GENERAL (0x257UL) -#define CKM_SHA224_RSA_PKCS (0x46UL) -#define CKM_SHA224_RSA_PKCS_PSS (0x47UL) -#define CKM_SHA224_KEY_DERIVATION (0x396UL) - -#define CKM_CAMELLIA_KEY_GEN (0x550UL) -#define CKM_CAMELLIA_ECB (0x551UL) -#define CKM_CAMELLIA_CBC (0x552UL) -#define CKM_CAMELLIA_MAC (0x553UL) -#define CKM_CAMELLIA_MAC_GENERAL (0x554UL) -#define CKM_CAMELLIA_CBC_PAD (0x555UL) -#define CKM_CAMELLIA_ECB_ENCRYPT_DATA (0x556UL) -#define CKM_CAMELLIA_CBC_ENCRYPT_DATA (0x557UL) - -struct ck_mechanism -{ - ck_mechanism_type_t mechanism; - void *parameter; - unsigned long parameter_len; -}; - - -struct ck_mechanism_info -{ - unsigned long min_key_size; - unsigned long max_key_size; - ck_flags_t flags; -}; - -#define CKF_HW (1UL << 0) -#define CKF_ENCRYPT (1UL << 8) -#define CKF_DECRYPT (1UL << 9) -#define CKF_DIGEST (1UL << 10) -#define CKF_SIGN (1UL << 11) -#define CKF_SIGN_RECOVER (1UL << 12) -#define CKF_VERIFY (1UL << 13) -#define CKF_VERIFY_RECOVER (1UL << 14) -#define CKF_GENERATE (1UL << 15) -#define CKF_GENERATE_KEY_PAIR (1UL << 16) -#define CKF_WRAP (1UL << 17) -#define CKF_UNWRAP (1UL << 18) -#define CKF_DERIVE (1UL << 19) -#define CKF_EXTENSION ((unsigned long) (1UL << 31)) - - -/* Flags for C_WaitForSlotEvent. */ -#define CKF_DONT_BLOCK (1UL) - - -typedef unsigned long ck_rv_t; - - -typedef ck_rv_t (*ck_notify_t) (ck_session_handle_t session, - ck_notification_t event, void *application); - -/* Forward reference. */ -struct ck_function_list; - -#define _CK_DECLARE_FUNCTION(name, args) \ -typedef ck_rv_t (*CK_ ## name) args; \ -ck_rv_t CK_SPEC name args - -_CK_DECLARE_FUNCTION (C_Initialize, (void *init_args)); -_CK_DECLARE_FUNCTION (C_Finalize, (void *reserved)); -_CK_DECLARE_FUNCTION (C_GetInfo, (struct ck_info *info)); -_CK_DECLARE_FUNCTION (C_GetFunctionList, - (struct ck_function_list **function_list)); - -_CK_DECLARE_FUNCTION (C_GetSlotList, - (unsigned char token_present, ck_slot_id_t *slot_list, - unsigned long *count)); -_CK_DECLARE_FUNCTION (C_GetSlotInfo, - (ck_slot_id_t slot_id, struct ck_slot_info *info)); -_CK_DECLARE_FUNCTION (C_GetTokenInfo, - (ck_slot_id_t slot_id, struct ck_token_info *info)); -_CK_DECLARE_FUNCTION (C_WaitForSlotEvent, - (ck_flags_t flags, ck_slot_id_t *slot, void *reserved)); -_CK_DECLARE_FUNCTION (C_GetMechanismList, - (ck_slot_id_t slot_id, - ck_mechanism_type_t *mechanism_list, - unsigned long *count)); -_CK_DECLARE_FUNCTION (C_GetMechanismInfo, - (ck_slot_id_t slot_id, ck_mechanism_type_t type, - struct ck_mechanism_info *info)); -_CK_DECLARE_FUNCTION (C_InitToken, - (ck_slot_id_t slot_id, unsigned char *pin, - unsigned long pin_len, unsigned char *label)); -_CK_DECLARE_FUNCTION (C_InitPIN, - (ck_session_handle_t session, unsigned char *pin, - unsigned long pin_len)); -_CK_DECLARE_FUNCTION (C_SetPIN, - (ck_session_handle_t session, unsigned char *old_pin, - unsigned long old_len, unsigned char *new_pin, - unsigned long new_len)); - -_CK_DECLARE_FUNCTION (C_OpenSession, - (ck_slot_id_t slot_id, ck_flags_t flags, - void *application, ck_notify_t notify, - ck_session_handle_t *session)); -_CK_DECLARE_FUNCTION (C_CloseSession, (ck_session_handle_t session)); -_CK_DECLARE_FUNCTION (C_CloseAllSessions, (ck_slot_id_t slot_id)); -_CK_DECLARE_FUNCTION (C_GetSessionInfo, - (ck_session_handle_t session, - struct ck_session_info *info)); -_CK_DECLARE_FUNCTION (C_GetOperationState, - (ck_session_handle_t session, - unsigned char *operation_state, - unsigned long *operation_state_len)); -_CK_DECLARE_FUNCTION (C_SetOperationState, - (ck_session_handle_t session, - unsigned char *operation_state, - unsigned long operation_state_len, - ck_object_handle_t encryption_key, - ck_object_handle_t authentiation_key)); -_CK_DECLARE_FUNCTION (C_Login, - (ck_session_handle_t session, ck_user_type_t user_type, - unsigned char *pin, unsigned long pin_len)); -_CK_DECLARE_FUNCTION (C_Logout, (ck_session_handle_t session)); - -_CK_DECLARE_FUNCTION (C_CreateObject, - (ck_session_handle_t session, - struct ck_attribute *templ, - unsigned long count, ck_object_handle_t *object)); -_CK_DECLARE_FUNCTION (C_CopyObject, - (ck_session_handle_t session, ck_object_handle_t object, - struct ck_attribute *templ, unsigned long count, - ck_object_handle_t *new_object)); -_CK_DECLARE_FUNCTION (C_DestroyObject, - (ck_session_handle_t session, - ck_object_handle_t object)); -_CK_DECLARE_FUNCTION (C_GetObjectSize, - (ck_session_handle_t session, - ck_object_handle_t object, - unsigned long *size)); -_CK_DECLARE_FUNCTION (C_GetAttributeValue, - (ck_session_handle_t session, - ck_object_handle_t object, - struct ck_attribute *templ, - unsigned long count)); -_CK_DECLARE_FUNCTION (C_SetAttributeValue, - (ck_session_handle_t session, - ck_object_handle_t object, - struct ck_attribute *templ, - unsigned long count)); -_CK_DECLARE_FUNCTION (C_FindObjectsInit, - (ck_session_handle_t session, - struct ck_attribute *templ, - unsigned long count)); -_CK_DECLARE_FUNCTION (C_FindObjects, - (ck_session_handle_t session, - ck_object_handle_t *object, - unsigned long max_object_count, - unsigned long *object_count)); -_CK_DECLARE_FUNCTION (C_FindObjectsFinal, - (ck_session_handle_t session)); - -_CK_DECLARE_FUNCTION (C_EncryptInit, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - ck_object_handle_t key)); -_CK_DECLARE_FUNCTION (C_Encrypt, - (ck_session_handle_t session, - unsigned char *data, unsigned long data_len, - unsigned char *encrypted_data, - unsigned long *encrypted_data_len)); -_CK_DECLARE_FUNCTION (C_EncryptUpdate, - (ck_session_handle_t session, - unsigned char *part, unsigned long part_len, - unsigned char *encrypted_part, - unsigned long *encrypted_part_len)); -_CK_DECLARE_FUNCTION (C_EncryptFinal, - (ck_session_handle_t session, - unsigned char *last_encrypted_part, - unsigned long *last_encrypted_part_len)); - -_CK_DECLARE_FUNCTION (C_DecryptInit, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - ck_object_handle_t key)); -_CK_DECLARE_FUNCTION (C_Decrypt, - (ck_session_handle_t session, - unsigned char *encrypted_data, - unsigned long encrypted_data_len, - unsigned char *data, unsigned long *data_len)); -_CK_DECLARE_FUNCTION (C_DecryptUpdate, - (ck_session_handle_t session, - unsigned char *encrypted_part, - unsigned long encrypted_part_len, - unsigned char *part, unsigned long *part_len)); -_CK_DECLARE_FUNCTION (C_DecryptFinal, - (ck_session_handle_t session, - unsigned char *last_part, - unsigned long *last_part_len)); - -_CK_DECLARE_FUNCTION (C_DigestInit, - (ck_session_handle_t session, - struct ck_mechanism *mechanism)); -_CK_DECLARE_FUNCTION (C_Digest, - (ck_session_handle_t session, - unsigned char *data, unsigned long data_len, - unsigned char *digest, - unsigned long *digest_len)); -_CK_DECLARE_FUNCTION (C_DigestUpdate, - (ck_session_handle_t session, - unsigned char *part, unsigned long part_len)); -_CK_DECLARE_FUNCTION (C_DigestKey, - (ck_session_handle_t session, ck_object_handle_t key)); -_CK_DECLARE_FUNCTION (C_DigestFinal, - (ck_session_handle_t session, - unsigned char *digest, - unsigned long *digest_len)); - -_CK_DECLARE_FUNCTION (C_SignInit, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - ck_object_handle_t key)); -_CK_DECLARE_FUNCTION (C_Sign, - (ck_session_handle_t session, - unsigned char *data, unsigned long data_len, - unsigned char *signature, - unsigned long *signature_len)); -_CK_DECLARE_FUNCTION (C_SignUpdate, - (ck_session_handle_t session, - unsigned char *part, unsigned long part_len)); -_CK_DECLARE_FUNCTION (C_SignFinal, - (ck_session_handle_t session, - unsigned char *signature, - unsigned long *signature_len)); -_CK_DECLARE_FUNCTION (C_SignRecoverInit, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - ck_object_handle_t key)); -_CK_DECLARE_FUNCTION (C_SignRecover, - (ck_session_handle_t session, - unsigned char *data, unsigned long data_len, - unsigned char *signature, - unsigned long *signature_len)); - -_CK_DECLARE_FUNCTION (C_VerifyInit, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - ck_object_handle_t key)); -_CK_DECLARE_FUNCTION (C_Verify, - (ck_session_handle_t session, - unsigned char *data, unsigned long data_len, - unsigned char *signature, - unsigned long signature_len)); -_CK_DECLARE_FUNCTION (C_VerifyUpdate, - (ck_session_handle_t session, - unsigned char *part, unsigned long part_len)); -_CK_DECLARE_FUNCTION (C_VerifyFinal, - (ck_session_handle_t session, - unsigned char *signature, - unsigned long signature_len)); -_CK_DECLARE_FUNCTION (C_VerifyRecoverInit, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - ck_object_handle_t key)); -_CK_DECLARE_FUNCTION (C_VerifyRecover, - (ck_session_handle_t session, - unsigned char *signature, - unsigned long signature_len, - unsigned char *data, - unsigned long *data_len)); - -_CK_DECLARE_FUNCTION (C_DigestEncryptUpdate, - (ck_session_handle_t session, - unsigned char *part, unsigned long part_len, - unsigned char *encrypted_part, - unsigned long *encrypted_part_len)); -_CK_DECLARE_FUNCTION (C_DecryptDigestUpdate, - (ck_session_handle_t session, - unsigned char *encrypted_part, - unsigned long encrypted_part_len, - unsigned char *part, - unsigned long *part_len)); -_CK_DECLARE_FUNCTION (C_SignEncryptUpdate, - (ck_session_handle_t session, - unsigned char *part, unsigned long part_len, - unsigned char *encrypted_part, - unsigned long *encrypted_part_len)); -_CK_DECLARE_FUNCTION (C_DecryptVerifyUpdate, - (ck_session_handle_t session, - unsigned char *encrypted_part, - unsigned long encrypted_part_len, - unsigned char *part, - unsigned long *part_len)); - -_CK_DECLARE_FUNCTION (C_GenerateKey, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - struct ck_attribute *templ, - unsigned long count, - ck_object_handle_t *key)); -_CK_DECLARE_FUNCTION (C_GenerateKeyPair, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - struct ck_attribute *public_key_template, - unsigned long public_key_attribute_count, - struct ck_attribute *private_key_template, - unsigned long private_key_attribute_count, - ck_object_handle_t *public_key, - ck_object_handle_t *private_key)); -_CK_DECLARE_FUNCTION (C_WrapKey, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - ck_object_handle_t wrapping_key, - ck_object_handle_t key, - unsigned char *wrapped_key, - unsigned long *wrapped_key_len)); -_CK_DECLARE_FUNCTION (C_UnwrapKey, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - ck_object_handle_t unwrapping_key, - unsigned char *wrapped_key, - unsigned long wrapped_key_len, - struct ck_attribute *templ, - unsigned long attribute_count, - ck_object_handle_t *key)); -_CK_DECLARE_FUNCTION (C_DeriveKey, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - ck_object_handle_t base_key, - struct ck_attribute *templ, - unsigned long attribute_count, - ck_object_handle_t *key)); - -_CK_DECLARE_FUNCTION (C_SeedRandom, - (ck_session_handle_t session, unsigned char *seed, - unsigned long seed_len)); -_CK_DECLARE_FUNCTION (C_GenerateRandom, - (ck_session_handle_t session, - unsigned char *random_data, - unsigned long random_len)); - -_CK_DECLARE_FUNCTION (C_GetFunctionStatus, (ck_session_handle_t session)); -_CK_DECLARE_FUNCTION (C_CancelFunction, (ck_session_handle_t session)); - - -struct ck_function_list -{ - struct ck_version version; - CK_C_Initialize C_Initialize; - CK_C_Finalize C_Finalize; - CK_C_GetInfo C_GetInfo; - CK_C_GetFunctionList C_GetFunctionList; - CK_C_GetSlotList C_GetSlotList; - CK_C_GetSlotInfo C_GetSlotInfo; - CK_C_GetTokenInfo C_GetTokenInfo; - CK_C_GetMechanismList C_GetMechanismList; - CK_C_GetMechanismInfo C_GetMechanismInfo; - CK_C_InitToken C_InitToken; - CK_C_InitPIN C_InitPIN; - CK_C_SetPIN C_SetPIN; - CK_C_OpenSession C_OpenSession; - CK_C_CloseSession C_CloseSession; - CK_C_CloseAllSessions C_CloseAllSessions; - CK_C_GetSessionInfo C_GetSessionInfo; - CK_C_GetOperationState C_GetOperationState; - CK_C_SetOperationState C_SetOperationState; - CK_C_Login C_Login; - CK_C_Logout C_Logout; - CK_C_CreateObject C_CreateObject; - CK_C_CopyObject C_CopyObject; - CK_C_DestroyObject C_DestroyObject; - CK_C_GetObjectSize C_GetObjectSize; - CK_C_GetAttributeValue C_GetAttributeValue; - CK_C_SetAttributeValue C_SetAttributeValue; - CK_C_FindObjectsInit C_FindObjectsInit; - CK_C_FindObjects C_FindObjects; - CK_C_FindObjectsFinal C_FindObjectsFinal; - CK_C_EncryptInit C_EncryptInit; - CK_C_Encrypt C_Encrypt; - CK_C_EncryptUpdate C_EncryptUpdate; - CK_C_EncryptFinal C_EncryptFinal; - CK_C_DecryptInit C_DecryptInit; - CK_C_Decrypt C_Decrypt; - CK_C_DecryptUpdate C_DecryptUpdate; - CK_C_DecryptFinal C_DecryptFinal; - CK_C_DigestInit C_DigestInit; - CK_C_Digest C_Digest; - CK_C_DigestUpdate C_DigestUpdate; - CK_C_DigestKey C_DigestKey; - CK_C_DigestFinal C_DigestFinal; - CK_C_SignInit C_SignInit; - CK_C_Sign C_Sign; - CK_C_SignUpdate C_SignUpdate; - CK_C_SignFinal C_SignFinal; - CK_C_SignRecoverInit C_SignRecoverInit; - CK_C_SignRecover C_SignRecover; - CK_C_VerifyInit C_VerifyInit; - CK_C_Verify C_Verify; - CK_C_VerifyUpdate C_VerifyUpdate; - CK_C_VerifyFinal C_VerifyFinal; - CK_C_VerifyRecoverInit C_VerifyRecoverInit; - CK_C_VerifyRecover C_VerifyRecover; - CK_C_DigestEncryptUpdate C_DigestEncryptUpdate; - CK_C_DecryptDigestUpdate C_DecryptDigestUpdate; - CK_C_SignEncryptUpdate C_SignEncryptUpdate; - CK_C_DecryptVerifyUpdate C_DecryptVerifyUpdate; - CK_C_GenerateKey C_GenerateKey; - CK_C_GenerateKeyPair C_GenerateKeyPair; - CK_C_WrapKey C_WrapKey; - CK_C_UnwrapKey C_UnwrapKey; - CK_C_DeriveKey C_DeriveKey; - CK_C_SeedRandom C_SeedRandom; - CK_C_GenerateRandom C_GenerateRandom; - CK_C_GetFunctionStatus C_GetFunctionStatus; - CK_C_CancelFunction C_CancelFunction; - CK_C_WaitForSlotEvent C_WaitForSlotEvent; -}; - - -typedef ck_rv_t (*ck_createmutex_t) (void **mutex); -typedef ck_rv_t (*ck_destroymutex_t) (void *mutex); -typedef ck_rv_t (*ck_lockmutex_t) (void *mutex); -typedef ck_rv_t (*ck_unlockmutex_t) (void *mutex); - - -struct ck_c_initialize_args -{ - ck_createmutex_t create_mutex; - ck_destroymutex_t destroy_mutex; - ck_lockmutex_t lock_mutex; - ck_unlockmutex_t unlock_mutex; - ck_flags_t flags; - void *reserved; -}; - - -#define CKF_LIBRARY_CANT_CREATE_OS_THREADS (1UL << 0) -#define CKF_OS_LOCKING_OK (1UL << 1) - -#define CKR_OK (0UL) -#define CKR_CANCEL (1UL) -#define CKR_HOST_MEMORY (2UL) -#define CKR_SLOT_ID_INVALID (3UL) -#define CKR_GENERAL_ERROR (5UL) -#define CKR_FUNCTION_FAILED (6UL) -#define CKR_ARGUMENTS_BAD (7UL) -#define CKR_NO_EVENT (8UL) -#define CKR_NEED_TO_CREATE_THREADS (9UL) -#define CKR_CANT_LOCK (0xaUL) -#define CKR_ATTRIBUTE_READ_ONLY (0x10UL) -#define CKR_ATTRIBUTE_SENSITIVE (0x11UL) -#define CKR_ATTRIBUTE_TYPE_INVALID (0x12UL) -#define CKR_ATTRIBUTE_VALUE_INVALID (0x13UL) -#define CKR_DATA_INVALID (0x20UL) -#define CKR_DATA_LEN_RANGE (0x21UL) -#define CKR_DEVICE_ERROR (0x30UL) -#define CKR_DEVICE_MEMORY (0x31UL) -#define CKR_DEVICE_REMOVED (0x32UL) -#define CKR_ENCRYPTED_DATA_INVALID (0x40UL) -#define CKR_ENCRYPTED_DATA_LEN_RANGE (0x41UL) -#define CKR_FUNCTION_CANCELED (0x50UL) -#define CKR_FUNCTION_NOT_PARALLEL (0x51UL) -#define CKR_FUNCTION_NOT_SUPPORTED (0x54UL) -#define CKR_KEY_HANDLE_INVALID (0x60UL) -#define CKR_KEY_SIZE_RANGE (0x62UL) -#define CKR_KEY_TYPE_INCONSISTENT (0x63UL) -#define CKR_KEY_NOT_NEEDED (0x64UL) -#define CKR_KEY_CHANGED (0x65UL) -#define CKR_KEY_NEEDED (0x66UL) -#define CKR_KEY_INDIGESTIBLE (0x67UL) -#define CKR_KEY_FUNCTION_NOT_PERMITTED (0x68UL) -#define CKR_KEY_NOT_WRAPPABLE (0x69UL) -#define CKR_KEY_UNEXTRACTABLE (0x6aUL) -#define CKR_MECHANISM_INVALID (0x70UL) -#define CKR_MECHANISM_PARAM_INVALID (0x71UL) -#define CKR_OBJECT_HANDLE_INVALID (0x82UL) -#define CKR_OPERATION_ACTIVE (0x90UL) -#define CKR_OPERATION_NOT_INITIALIZED (0x91UL) -#define CKR_PIN_INCORRECT (0xa0UL) -#define CKR_PIN_INVALID (0xa1UL) -#define CKR_PIN_LEN_RANGE (0xa2UL) -#define CKR_PIN_EXPIRED (0xa3UL) -#define CKR_PIN_LOCKED (0xa4UL) -#define CKR_SESSION_CLOSED (0xb0UL) -#define CKR_SESSION_COUNT (0xb1UL) -#define CKR_SESSION_HANDLE_INVALID (0xb3UL) -#define CKR_SESSION_PARALLEL_NOT_SUPPORTED (0xb4UL) -#define CKR_SESSION_READ_ONLY (0xb5UL) -#define CKR_SESSION_EXISTS (0xb6UL) -#define CKR_SESSION_READ_ONLY_EXISTS (0xb7UL) -#define CKR_SESSION_READ_WRITE_SO_EXISTS (0xb8UL) -#define CKR_SIGNATURE_INVALID (0xc0UL) -#define CKR_SIGNATURE_LEN_RANGE (0xc1UL) -#define CKR_TEMPLATE_INCOMPLETE (0xd0UL) -#define CKR_TEMPLATE_INCONSISTENT (0xd1UL) -#define CKR_TOKEN_NOT_PRESENT (0xe0UL) -#define CKR_TOKEN_NOT_RECOGNIZED (0xe1UL) -#define CKR_TOKEN_WRITE_PROTECTED (0xe2UL) -#define CKR_UNWRAPPING_KEY_HANDLE_INVALID (0xf0UL) -#define CKR_UNWRAPPING_KEY_SIZE_RANGE (0xf1UL) -#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT (0xf2UL) -#define CKR_USER_ALREADY_LOGGED_IN (0x100UL) -#define CKR_USER_NOT_LOGGED_IN (0x101UL) -#define CKR_USER_PIN_NOT_INITIALIZED (0x102UL) -#define CKR_USER_TYPE_INVALID (0x103UL) -#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN (0x104UL) -#define CKR_USER_TOO_MANY_TYPES (0x105UL) -#define CKR_WRAPPED_KEY_INVALID (0x110UL) -#define CKR_WRAPPED_KEY_LEN_RANGE (0x112UL) -#define CKR_WRAPPING_KEY_HANDLE_INVALID (0x113UL) -#define CKR_WRAPPING_KEY_SIZE_RANGE (0x114UL) -#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT (0x115UL) -#define CKR_RANDOM_SEED_NOT_SUPPORTED (0x120UL) -#define CKR_RANDOM_NO_RNG (0x121UL) -#define CKR_DOMAIN_PARAMS_INVALID (0x130UL) -#define CKR_BUFFER_TOO_SMALL (0x150UL) -#define CKR_SAVED_STATE_INVALID (0x160UL) -#define CKR_INFORMATION_SENSITIVE (0x170UL) -#define CKR_STATE_UNSAVEABLE (0x180UL) -#define CKR_CRYPTOKI_NOT_INITIALIZED (0x190UL) -#define CKR_CRYPTOKI_ALREADY_INITIALIZED (0x191UL) -#define CKR_MUTEX_BAD (0x1a0UL) -#define CKR_MUTEX_NOT_LOCKED (0x1a1UL) -#define CKR_FUNCTION_REJECTED (0x200UL) -#define CKR_VENDOR_DEFINED ((unsigned long) (1UL << 31)) - - - -/* Compatibility layer. */ - -#ifdef CRYPTOKI_COMPAT - -#undef CK_DEFINE_FUNCTION -#define CK_DEFINE_FUNCTION(retval, name) retval CK_SPEC name - -/* For NULL. */ -#include - -typedef unsigned char CK_BYTE; -typedef unsigned char CK_CHAR; -typedef unsigned char CK_UTF8CHAR; -typedef unsigned char CK_BBOOL; -typedef unsigned long int CK_ULONG; -typedef long int CK_LONG; -typedef CK_BYTE *CK_BYTE_PTR; -typedef CK_CHAR *CK_CHAR_PTR; -typedef CK_UTF8CHAR *CK_UTF8CHAR_PTR; -typedef CK_ULONG *CK_ULONG_PTR; -typedef void *CK_VOID_PTR; -typedef void **CK_VOID_PTR_PTR; -#define CK_FALSE 0 -#define CK_TRUE 1 -#ifndef CK_DISABLE_TRUE_FALSE -#ifndef FALSE -#define FALSE 0 -#endif -#ifndef TRUE -#define TRUE 1 -#endif -#endif - -typedef struct ck_version CK_VERSION; -typedef struct ck_version *CK_VERSION_PTR; - -typedef struct ck_info CK_INFO; -typedef struct ck_info *CK_INFO_PTR; - -typedef ck_slot_id_t *CK_SLOT_ID_PTR; - -typedef struct ck_slot_info CK_SLOT_INFO; -typedef struct ck_slot_info *CK_SLOT_INFO_PTR; - -typedef struct ck_token_info CK_TOKEN_INFO; -typedef struct ck_token_info *CK_TOKEN_INFO_PTR; - -typedef ck_session_handle_t *CK_SESSION_HANDLE_PTR; - -typedef struct ck_session_info CK_SESSION_INFO; -typedef struct ck_session_info *CK_SESSION_INFO_PTR; - -typedef ck_object_handle_t *CK_OBJECT_HANDLE_PTR; - -typedef ck_object_class_t *CK_OBJECT_CLASS_PTR; - -typedef struct ck_attribute CK_ATTRIBUTE; -typedef struct ck_attribute *CK_ATTRIBUTE_PTR; - -typedef struct ck_date CK_DATE; -typedef struct ck_date *CK_DATE_PTR; - -typedef ck_mechanism_type_t *CK_MECHANISM_TYPE_PTR; - -typedef struct ck_mechanism CK_MECHANISM; -typedef struct ck_mechanism *CK_MECHANISM_PTR; - -typedef struct ck_mechanism_info CK_MECHANISM_INFO; -typedef struct ck_mechanism_info *CK_MECHANISM_INFO_PTR; - -typedef struct ck_function_list CK_FUNCTION_LIST; -typedef struct ck_function_list *CK_FUNCTION_LIST_PTR; -typedef struct ck_function_list **CK_FUNCTION_LIST_PTR_PTR; - -typedef struct ck_c_initialize_args CK_C_INITIALIZE_ARGS; -typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR; - -#define NULL_PTR NULL - -/* Delete the helper macros defined at the top of the file. */ -#undef ck_flags_t -#undef ck_version - -#undef ck_info -#undef cryptoki_version -#undef manufacturer_id -#undef library_description -#undef library_version - -#undef ck_notification_t -#undef ck_slot_id_t - -#undef ck_slot_info -#undef slot_description -#undef hardware_version -#undef firmware_version - -#undef ck_token_info -#undef serial_number -#undef max_session_count -#undef session_count -#undef max_rw_session_count -#undef rw_session_count -#undef max_pin_len -#undef min_pin_len -#undef total_public_memory -#undef free_public_memory -#undef total_private_memory -#undef free_private_memory -#undef utc_time - -#undef ck_session_handle_t -#undef ck_user_type_t -#undef ck_state_t - -#undef ck_session_info -#undef slot_id -#undef device_error - -#undef ck_object_handle_t -#undef ck_object_class_t -#undef ck_hw_feature_type_t -#undef ck_key_type_t -#undef ck_certificate_type_t -#undef ck_attribute_type_t - -#undef ck_attribute -#undef value -#undef value_len - -#undef ck_date - -#undef ck_mechanism_type_t - -#undef ck_mechanism -#undef parameter -#undef parameter_len - -#undef ck_mechanism_info -#undef min_key_size -#undef max_key_size - -#undef ck_rv_t -#undef ck_notify_t - -#undef ck_function_list - -#undef ck_createmutex_t -#undef ck_destroymutex_t -#undef ck_lockmutex_t -#undef ck_unlockmutex_t - -#undef ck_c_initialize_args -#undef create_mutex -#undef destroy_mutex -#undef lock_mutex -#undef unlock_mutex -#undef reserved - -#endif /* CRYPTOKI_COMPAT */ - - -/* System dependencies. */ -#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32) -#pragma pack(pop, cryptoki) -#endif - -#if defined(__cplusplus) -} -#endif - -#endif /* PKCS11_H */ diff --git a/common/pkcs11i.h b/common/pkcs11i.h deleted file mode 100644 index d9e3ffc..0000000 --- a/common/pkcs11i.h +++ /dev/null @@ -1,505 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef PKCS11_I_H_ -#define PKCS11_I_H_ 1 - -#if defined(__cplusplus) -extern "C" { -#endif - -/* ------------------------------------------------------------------- - * TRUST ASSERTIONS - * - * These are retired and should not be used in new code - */ - -#define CKO_X_TRUST_ASSERTION (CKO_X_VENDOR + 100) -#define CKA_X_ASSERTION_TYPE (CKA_X_VENDOR + 1) -#define CKA_X_CERTIFICATE_VALUE (CKA_X_VENDOR + 2) -#define CKA_X_PURPOSE (CKA_X_VENDOR + 3) -#define CKA_X_PEER (CKA_X_VENDOR + 4) -typedef CK_ULONG CK_X_ASSERTION_TYPE; -#define CKT_X_DISTRUSTED_CERTIFICATE 1UL -#define CKT_X_PINNED_CERTIFICATE 2UL -#define CKT_X_ANCHORED_CERTIFICATE 3UL - -/* ------------------------------------------------------------------- - * Other deprecated definitions - */ -#define CKA_X_CRITICAL (CKA_X_VENDOR + 101) - -/* ------------------------------------------------------------------- - * SUBCLASSABLE PKCS#11 FUNCTIONS - */ - -typedef struct _CK_X_FUNCTION_LIST CK_X_FUNCTION_LIST; - -typedef CK_RV (* CK_X_Initialize) (CK_X_FUNCTION_LIST *, - CK_VOID_PTR); - -typedef CK_RV (* CK_X_Finalize) (CK_X_FUNCTION_LIST *, - CK_VOID_PTR); - -typedef CK_RV (* CK_X_GetInfo) (CK_X_FUNCTION_LIST *, - CK_INFO_PTR); - -typedef CK_RV (* CK_X_GetSlotList) (CK_X_FUNCTION_LIST *, - CK_BBOOL, - CK_SLOT_ID_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_GetSlotInfo) (CK_X_FUNCTION_LIST *, - CK_SLOT_ID, - CK_SLOT_INFO_PTR); - -typedef CK_RV (* CK_X_GetTokenInfo) (CK_X_FUNCTION_LIST *, - CK_SLOT_ID, - CK_TOKEN_INFO_PTR); - -typedef CK_RV (* CK_X_GetMechanismList) (CK_X_FUNCTION_LIST *, - CK_SLOT_ID, - CK_MECHANISM_TYPE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_GetMechanismInfo) (CK_X_FUNCTION_LIST *, - CK_SLOT_ID, - CK_MECHANISM_TYPE, - CK_MECHANISM_INFO_PTR); - -typedef CK_RV (* CK_X_InitToken) (CK_X_FUNCTION_LIST *, - CK_SLOT_ID, - CK_BYTE_PTR, - CK_ULONG, - CK_BYTE_PTR); - -typedef CK_RV (* CK_X_InitPIN) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG); - -typedef CK_RV (* CK_X_SetPIN) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG, - CK_BYTE_PTR, - CK_ULONG); - -typedef CK_RV (* CK_X_OpenSession) (CK_X_FUNCTION_LIST *, - CK_SLOT_ID, - CK_FLAGS, - CK_VOID_PTR, - CK_NOTIFY, - CK_SESSION_HANDLE_PTR); - -typedef CK_RV (* CK_X_CloseSession) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE); - -typedef CK_RV (* CK_X_CloseAllSessions) (CK_X_FUNCTION_LIST *, - CK_SLOT_ID); - -typedef CK_RV (* CK_X_GetSessionInfo) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_SESSION_INFO_PTR); - -typedef CK_RV (* CK_X_GetOperationState) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_SetOperationState) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG, - CK_OBJECT_HANDLE, - CK_OBJECT_HANDLE); - -typedef CK_RV (* CK_X_Login) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_USER_TYPE, - CK_BYTE_PTR, - CK_ULONG); - -typedef CK_RV (* CK_X_Logout) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE); - -typedef CK_RV (* CK_X_CreateObject) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_ATTRIBUTE_PTR, - CK_ULONG, - CK_OBJECT_HANDLE_PTR); - -typedef CK_RV (* CK_X_CopyObject) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_OBJECT_HANDLE, - CK_ATTRIBUTE_PTR, - CK_ULONG, - CK_OBJECT_HANDLE_PTR); - -typedef CK_RV (* CK_X_DestroyObject) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_OBJECT_HANDLE); - -typedef CK_RV (* CK_X_GetObjectSize) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_OBJECT_HANDLE, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_GetAttributeValue) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_OBJECT_HANDLE, - CK_ATTRIBUTE_PTR, - CK_ULONG); - -typedef CK_RV (* CK_X_SetAttributeValue) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_OBJECT_HANDLE, - CK_ATTRIBUTE_PTR, - CK_ULONG); - -typedef CK_RV (* CK_X_FindObjectsInit) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_ATTRIBUTE_PTR, - CK_ULONG); - -typedef CK_RV (* CK_X_FindObjects) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_OBJECT_HANDLE_PTR, - CK_ULONG, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_FindObjectsFinal) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE); - -typedef CK_RV (* CK_X_EncryptInit) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_MECHANISM_PTR, - CK_OBJECT_HANDLE); - -typedef CK_RV (* CK_X_Encrypt) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG, - CK_BYTE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_EncryptUpdate) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG, - CK_BYTE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_EncryptFinal) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_DecryptInit) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_MECHANISM_PTR, - CK_OBJECT_HANDLE); - -typedef CK_RV (* CK_X_Decrypt) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG, - CK_BYTE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_DecryptUpdate) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG, - CK_BYTE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_DecryptFinal) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_DigestInit) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_MECHANISM_PTR); - -typedef CK_RV (* CK_X_Digest) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG, - CK_BYTE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_DigestUpdate) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG); - -typedef CK_RV (* CK_X_DigestKey) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_OBJECT_HANDLE); - -typedef CK_RV (* CK_X_DigestFinal) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_SignInit) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_MECHANISM_PTR, - CK_OBJECT_HANDLE); - -typedef CK_RV (* CK_X_Sign) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG, - CK_BYTE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_SignUpdate) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG); - -typedef CK_RV (* CK_X_SignFinal) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_SignRecoverInit) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_MECHANISM_PTR, - CK_OBJECT_HANDLE); - -typedef CK_RV (* CK_X_SignRecover) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG, - CK_BYTE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_VerifyInit) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_MECHANISM_PTR, - CK_OBJECT_HANDLE); - -typedef CK_RV (* CK_X_Verify) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG, - CK_BYTE_PTR, - CK_ULONG); - -typedef CK_RV (* CK_X_VerifyUpdate) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG); - -typedef CK_RV (* CK_X_VerifyFinal) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG); - -typedef CK_RV (* CK_X_VerifyRecoverInit) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_MECHANISM_PTR, - CK_OBJECT_HANDLE); - -typedef CK_RV (* CK_X_VerifyRecover) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG, - CK_BYTE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_DigestEncryptUpdate) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG, - CK_BYTE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_DecryptDigestUpdate) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG, - CK_BYTE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_SignEncryptUpdate) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG, - CK_BYTE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_DecryptVerifyUpdate) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG, - CK_BYTE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_GenerateKey) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_MECHANISM_PTR, - CK_ATTRIBUTE_PTR, - CK_ULONG, - CK_OBJECT_HANDLE_PTR); - -typedef CK_RV (* CK_X_GenerateKeyPair) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_MECHANISM_PTR, - CK_ATTRIBUTE_PTR, - CK_ULONG, - CK_ATTRIBUTE_PTR, - CK_ULONG, - CK_OBJECT_HANDLE_PTR, - CK_OBJECT_HANDLE_PTR); - -typedef CK_RV (* CK_X_WrapKey) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_MECHANISM_PTR, - CK_OBJECT_HANDLE, - CK_OBJECT_HANDLE, - CK_BYTE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_UnwrapKey) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_MECHANISM_PTR, - CK_OBJECT_HANDLE, - CK_BYTE_PTR, - CK_ULONG, - CK_ATTRIBUTE_PTR, - CK_ULONG, - CK_OBJECT_HANDLE_PTR); - -typedef CK_RV (* CK_X_DeriveKey) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_MECHANISM_PTR, - CK_OBJECT_HANDLE, - CK_ATTRIBUTE_PTR, - CK_ULONG, - CK_OBJECT_HANDLE_PTR); - -typedef CK_RV (* CK_X_SeedRandom) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG); - -typedef CK_RV (* CK_X_GenerateRandom) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG); - -typedef CK_RV (* CK_X_WaitForSlotEvent) (CK_X_FUNCTION_LIST *, - CK_FLAGS, - CK_SLOT_ID_PTR, - CK_VOID_PTR); - -struct _CK_X_FUNCTION_LIST { - CK_VERSION version; - CK_X_Initialize C_Initialize; - CK_X_Finalize C_Finalize; - CK_X_GetInfo C_GetInfo; - CK_X_GetSlotList C_GetSlotList; - CK_X_GetSlotInfo C_GetSlotInfo; - CK_X_GetTokenInfo C_GetTokenInfo; - CK_X_GetMechanismList C_GetMechanismList; - CK_X_GetMechanismInfo C_GetMechanismInfo; - CK_X_InitToken C_InitToken; - CK_X_InitPIN C_InitPIN; - CK_X_SetPIN C_SetPIN; - CK_X_OpenSession C_OpenSession; - CK_X_CloseSession C_CloseSession; - CK_X_CloseAllSessions C_CloseAllSessions; - CK_X_GetSessionInfo C_GetSessionInfo; - CK_X_GetOperationState C_GetOperationState; - CK_X_SetOperationState C_SetOperationState; - CK_X_Login C_Login; - CK_X_Logout C_Logout; - CK_X_CreateObject C_CreateObject; - CK_X_CopyObject C_CopyObject; - CK_X_DestroyObject C_DestroyObject; - CK_X_GetObjectSize C_GetObjectSize; - CK_X_GetAttributeValue C_GetAttributeValue; - CK_X_SetAttributeValue C_SetAttributeValue; - CK_X_FindObjectsInit C_FindObjectsInit; - CK_X_FindObjects C_FindObjects; - CK_X_FindObjectsFinal C_FindObjectsFinal; - CK_X_EncryptInit C_EncryptInit; - CK_X_Encrypt C_Encrypt; - CK_X_EncryptUpdate C_EncryptUpdate; - CK_X_EncryptFinal C_EncryptFinal; - CK_X_DecryptInit C_DecryptInit; - CK_X_Decrypt C_Decrypt; - CK_X_DecryptUpdate C_DecryptUpdate; - CK_X_DecryptFinal C_DecryptFinal; - CK_X_DigestInit C_DigestInit; - CK_X_Digest C_Digest; - CK_X_DigestUpdate C_DigestUpdate; - CK_X_DigestKey C_DigestKey; - CK_X_DigestFinal C_DigestFinal; - CK_X_SignInit C_SignInit; - CK_X_Sign C_Sign; - CK_X_SignUpdate C_SignUpdate; - CK_X_SignFinal C_SignFinal; - CK_X_SignRecoverInit C_SignRecoverInit; - CK_X_SignRecover C_SignRecover; - CK_X_VerifyInit C_VerifyInit; - CK_X_Verify C_Verify; - CK_X_VerifyUpdate C_VerifyUpdate; - CK_X_VerifyFinal C_VerifyFinal; - CK_X_VerifyRecoverInit C_VerifyRecoverInit; - CK_X_VerifyRecover C_VerifyRecover; - CK_X_DigestEncryptUpdate C_DigestEncryptUpdate; - CK_X_DecryptDigestUpdate C_DecryptDigestUpdate; - CK_X_SignEncryptUpdate C_SignEncryptUpdate; - CK_X_DecryptVerifyUpdate C_DecryptVerifyUpdate; - CK_X_GenerateKey C_GenerateKey; - CK_X_GenerateKeyPair C_GenerateKeyPair; - CK_X_WrapKey C_WrapKey; - CK_X_UnwrapKey C_UnwrapKey; - CK_X_DeriveKey C_DeriveKey; - CK_X_SeedRandom C_SeedRandom; - CK_X_GenerateRandom C_GenerateRandom; - CK_X_WaitForSlotEvent C_WaitForSlotEvent; -}; - -#if defined(__cplusplus) -} -#endif - -#endif /* PKCS11_X_H_ */ diff --git a/common/pkcs11x.h b/common/pkcs11x.h deleted file mode 100644 index 4a89f73..0000000 --- a/common/pkcs11x.h +++ /dev/null @@ -1,149 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef PKCS11_X_H_ -#define PKCS11_X_H_ 1 - -#if defined(__cplusplus) -extern "C" { -#endif - -/* ------------------------------------------------------------------- - * NSS TRUST OBJECTS - * - * And related, non-standard - */ - -/* Define this if you want the NSS specific symbols */ -#define CRYPTOKI_NSS_VENDOR_DEFINED 1 -#ifdef CRYPTOKI_NSS_VENDOR_DEFINED - -/* Various NSS objects */ -#define CKO_NSS_CRL 0xce534351UL -#define CKO_NSS_SMIME 0xce534352UL -#define CKO_NSS_TRUST 0xce534353UL -#define CKO_NSS_BUILTIN_ROOT_LIST 0xce534354UL -#define CKO_NSS_NEWSLOT 0xce534355UL -#define CKO_NSS_DELSLOT 0xce534356UL - -/* Various NSS key types */ -#define CKK_NSS_PKCS8 0xce534351UL - -/* Various NSS attributes */ -#define CKA_NSS_URL 0xce534351UL -#define CKA_NSS_EMAIL 0xce534352UL -#define CKA_NSS_SMIME_INFO 0xce534353UL -#define CKA_NSS_SMIME_TIMESTAMP 0xce534354UL -#define CKA_NSS_PKCS8_SALT 0xce534355UL -#define CKA_NSS_PASSWORD_CHECK 0xce534356UL -#define CKA_NSS_EXPIRES 0xce534357UL -#define CKA_NSS_KRL 0xce534358UL -#define CKA_NSS_PQG_COUNTER 0xce534364UL -#define CKA_NSS_PQG_SEED 0xce534365UL -#define CKA_NSS_PQG_H 0xce534366UL -#define CKA_NSS_PQG_SEED_BITS 0xce534367UL -#define CKA_NSS_MODULE_SPEC 0xce534368UL - -/* NSS trust attributes */ -#define CKA_TRUST_DIGITAL_SIGNATURE 0xce536351UL -#define CKA_TRUST_NON_REPUDIATION 0xce536352UL -#define CKA_TRUST_KEY_ENCIPHERMENT 0xce536353UL -#define CKA_TRUST_DATA_ENCIPHERMENT 0xce536354UL -#define CKA_TRUST_KEY_AGREEMENT 0xce536355UL -#define CKA_TRUST_KEY_CERT_SIGN 0xce536356UL -#define CKA_TRUST_CRL_SIGN 0xce536357UL -#define CKA_TRUST_SERVER_AUTH 0xce536358UL -#define CKA_TRUST_CLIENT_AUTH 0xce536359UL -#define CKA_TRUST_CODE_SIGNING 0xce53635aUL -#define CKA_TRUST_EMAIL_PROTECTION 0xce53635bUL -#define CKA_TRUST_IPSEC_END_SYSTEM 0xce53635cUL -#define CKA_TRUST_IPSEC_TUNNEL 0xce53635dUL -#define CKA_TRUST_IPSEC_USER 0xce53635eUL -#define CKA_TRUST_TIME_STAMPING 0xce53635fUL -#define CKA_TRUST_STEP_UP_APPROVED 0xce536360UL -#define CKA_CERT_SHA1_HASH 0xce5363b4UL -#define CKA_CERT_MD5_HASH 0xce5363b5UL - -/* NSS trust values */ -typedef CK_ULONG CK_TRUST; -#define CKT_NSS_TRUSTED 0xce534351UL -#define CKT_NSS_TRUSTED_DELEGATOR 0xce534352UL -#define CKT_NSS_MUST_VERIFY_TRUST 0xce534353UL -#define CKT_NSS_NOT_TRUSTED 0xce53435AUL -#define CKT_NSS_TRUST_UNKNOWN 0xce534355UL -#define CKT_NSS_VALID_DELEGATOR 0xce53435BUL - -/* NSS specific mechanisms */ -#define CKM_NSS_AES_KEY_WRAP 0xce534351UL -#define CKM_NSS_AES_KEY_WRAP_PAD 0xce534352UL - -/* NSS specific return values */ -#define CKR_NSS_CERTDB_FAILED 0xce534351UL -#define CKR_NSS_KEYDB_FAILED 0xce534352UL - -#endif /* CRYPTOKI_NSS_VENDOR_DEFINED */ - -/* Define this if you want the vendor specific symbols */ -#define CRYPTOKI_X_VENDOR_DEFINED 1 -#ifdef CRYPTOKI_X_VENDOR_DEFINED - -#define CKA_X_VENDOR (CKA_VENDOR_DEFINED | 0x58444700UL) -#define CKO_X_VENDOR (CKA_VENDOR_DEFINED | 0x58444700UL) - -/* ------------------------------------------------------------------- - * BLACKLISTS - */ - -#define CKA_X_DISTRUSTED (CKA_X_VENDOR + 100) - -/* ------------------------------------------------------------------- - * CERTIFICATE EXTENSIONS - * - * For attaching certificate extensions to certificates - */ - -#define CKO_X_CERTIFICATE_EXTENSION (CKO_X_VENDOR + 200) - -/* From the 2.40 draft */ -#ifndef CKA_PUBLIC_KEY_INFO -#define CKA_PUBLIC_KEY_INFO 0x00000129UL -#endif - -#endif /* CRYPTOKI_X_VENDOR_DEFINED */ - -#if defined(__cplusplus) -} -#endif - -#endif /* PKCS11_X_H_ */ diff --git a/common/test-array.c b/common/test-array.c deleted file mode 100644 index 695917a..0000000 --- a/common/test-array.c +++ /dev/null @@ -1,209 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include -#include -#include - -#include "array.h" -#include "test.h" - -static void -test_create (void) -{ - p11_array *array; - - array = p11_array_new (NULL); - assert_ptr_not_null (array); - p11_array_free (array); -} - -static void -test_free_null (void) -{ - p11_array_free (NULL); -} - -static void -destroy_value (void *data) -{ - int *value = data; - *value = 2; -} - -static void -test_free_destroys (void) -{ - p11_array *array; - int value = 0; - - array = p11_array_new (destroy_value); - assert_ptr_not_null (array); - if (!p11_array_push (array, &value)) - assert_not_reached (); - p11_array_free (array); - - assert_num_eq (2, value); -} - -static void -test_add (void) -{ - char *value = "VALUE"; - p11_array *array; - - array = p11_array_new (NULL); - if (!p11_array_push (array, value)) - assert_not_reached (); - - assert_num_eq (1, array->num); - assert_ptr_eq (array->elem[0], value); - - p11_array_free (array); -} - -static void -test_add_remove (void) -{ - char *value = "VALUE"; - p11_array *array; - - array = p11_array_new (NULL); - if (!p11_array_push (array, value)) - assert_not_reached (); - - assert_num_eq (1, array->num); - - assert_ptr_eq (array->elem[0], value); - - p11_array_remove (array, 0); - - assert_num_eq (0, array->num); - - p11_array_free (array); -} - -static void -test_remove_destroys (void) -{ - p11_array *array; - int value = 0; - - array = p11_array_new (destroy_value); - if (!p11_array_push (array, &value)) - assert_not_reached (); - - p11_array_remove (array, 0); - - assert_num_eq (2, value); - - /* should not be destroyed again */ - value = 0; - - p11_array_free (array); - - assert_num_eq (0, value); -} - -static void -test_remove_and_count (void) -{ - p11_array *array; - int *value; - int i; - - array = p11_array_new (free); - - assert_num_eq (0, array->num); - - for (i = 0; i < 20000; ++i) { - value = malloc (sizeof (int)); - assert (value != NULL); - *value = i; - if (!p11_array_push (array, value)) - assert_not_reached (); - assert_num_eq (i + 1, array->num); - } - - for (i = 10; i < 20000; ++i) { - p11_array_remove (array, 10); - assert_num_eq (20010 - (i + 1), array->num); - } - - assert_num_eq (10, array->num); - - p11_array_free (array); -} - -static void -test_clear_destroys (void) -{ - p11_array *array; - int value = 0; - - array = p11_array_new (destroy_value); - if (!p11_array_push (array, &value)) - assert_not_reached (); - - assert_num_eq (1, array->num); - - p11_array_clear (array); - - assert_num_eq (2, value); - assert_num_eq (0, array->num); - - /* should not be destroyed again */ - value = 0; - - p11_array_free (array); - - assert_num_eq (0, value); -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_create, "/array/create"); - p11_test (test_add, "/array/add"); - p11_test (test_add_remove, "/array/add-remove"); - p11_test (test_remove_destroys, "/array/remove-destroys"); - p11_test (test_remove_and_count, "/array/remove-and-count"); - p11_test (test_free_null, "/array/free-null"); - p11_test (test_free_destroys, "/array/free-destroys"); - p11_test (test_clear_destroys, "/array/clear-destroys"); - return p11_test_run (argc, argv); -} diff --git a/common/test-attrs.c b/common/test-attrs.c deleted file mode 100644 index 79895e2..0000000 --- a/common/test-attrs.c +++ /dev/null @@ -1,757 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include -#include -#include - -#include "attrs.h" -#include "debug.h" - -static void -test_terminator (void) -{ - CK_ATTRIBUTE attrs[] = { - { CKA_LABEL, "label", 5 }, - { CKA_LABEL, NULL, 0 }, - { CKA_INVALID }, - }; - - assert_num_eq (true, p11_attrs_terminator (attrs + 2)); - assert_num_eq (true, p11_attrs_terminator (NULL)); - assert_num_eq (false, p11_attrs_terminator (attrs)); - assert_num_eq (false, p11_attrs_terminator (attrs + 1)); -} - -static void -test_count (void) -{ - CK_BBOOL vtrue = CK_TRUE; - - CK_ATTRIBUTE attrs[] = { - { CKA_LABEL, "label", 5 }, - { CKA_TOKEN, &vtrue, sizeof (vtrue) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE empty[] = { - { CKA_INVALID }, - }; - - assert_num_eq (2, p11_attrs_count (attrs)); - assert_num_eq (0, p11_attrs_count (NULL)); - assert_num_eq (0, p11_attrs_count (empty)); -} - -static void -test_build_one (void) -{ - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE add = { CKA_LABEL, "yay", 3 }; - - attrs = p11_attrs_build (NULL, &add, NULL); - - /* Test the first attribute */ - assert_ptr_not_null (attrs); - assert (attrs->type == CKA_LABEL); - assert_num_eq (3, attrs->ulValueLen); - assert (memcmp (attrs->pValue, "yay", 3) == 0); - - assert (attrs[1].type == CKA_INVALID); - - p11_attrs_free (attrs); -} - -static void -test_build_two (void) -{ - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE one = { CKA_LABEL, "yay", 3 }; - CK_ATTRIBUTE two = { CKA_VALUE, "eight", 5 }; - - attrs = p11_attrs_build (NULL, &one, &two, NULL); - - assert_ptr_not_null (attrs); - assert (attrs[0].type == CKA_LABEL); - assert_num_eq (3, attrs[0].ulValueLen); - assert (memcmp (attrs[0].pValue, "yay", 3) == 0); - - assert_ptr_not_null (attrs); - assert (attrs[1].type == CKA_VALUE); - assert_num_eq (5, attrs[1].ulValueLen); - assert (memcmp (attrs[1].pValue, "eight", 5) == 0); - - assert (attrs[2].type == CKA_INVALID); - - p11_attrs_free (attrs); -} - -static void -test_build_invalid (void) -{ - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE one = { CKA_LABEL, "yay", 3 }; - CK_ATTRIBUTE invalid = { CKA_INVALID }; - CK_ATTRIBUTE two = { CKA_VALUE, "eight", 5 }; - - attrs = p11_attrs_build (NULL, &one, &invalid, &two, NULL); - - assert_ptr_not_null (attrs); - assert (attrs[0].type == CKA_LABEL); - assert_num_eq (3, attrs[0].ulValueLen); - assert (memcmp (attrs[0].pValue, "yay", 3) == 0); - - assert_ptr_not_null (attrs); - assert (attrs[1].type == CKA_VALUE); - assert_num_eq (5, attrs[1].ulValueLen); - assert (memcmp (attrs[1].pValue, "eight", 5) == 0); - - assert (attrs[2].type == CKA_INVALID); - - p11_attrs_free (attrs); -} - -static void -test_buildn_two (void) -{ - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE add[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 } - }; - - attrs = p11_attrs_buildn (NULL, add, 2); - - /* Test the first attribute */ - assert_ptr_not_null (attrs); - assert (attrs->type == CKA_LABEL); - assert_num_eq (3, attrs->ulValueLen); - assert (memcmp (attrs->pValue, "yay", 3) == 0); - - assert_ptr_not_null (attrs); - assert (attrs[1].type == CKA_VALUE); - assert_num_eq (5, attrs[1].ulValueLen); - assert (memcmp (attrs[1].pValue, "eight", 5) == 0); - - assert (attrs[2].type == CKA_INVALID); - - p11_attrs_free (attrs); -} - -static void -test_buildn_one (void) -{ - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE add = { CKA_LABEL, "yay", 3 }; - - attrs = p11_attrs_buildn (NULL, &add, 1); - - /* Test the first attribute */ - assert_ptr_not_null (attrs); - assert (attrs->type == CKA_LABEL); - assert_num_eq (3, attrs->ulValueLen); - assert (memcmp (attrs->pValue, "yay", 3) == 0); - - assert (attrs[1].type == CKA_INVALID); - - p11_attrs_free (attrs); -} - -static void -test_build_add (void) -{ - CK_ATTRIBUTE initial[] = { - { CKA_LABEL, "label", 5 }, - { CKA_VALUE, "nine", 4 }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE one = { CKA_LABEL, "yay", 3 }; - CK_ATTRIBUTE two = { CKA_TOKEN, "\x01", 1 }; - - attrs = p11_attrs_buildn (NULL, initial, 2); - attrs = p11_attrs_build (attrs, &one, &two, NULL); - - assert_ptr_not_null (attrs); - assert (attrs[0].type == CKA_LABEL); - assert_num_eq (3, attrs[0].ulValueLen); - assert (memcmp (attrs[0].pValue, "yay", 3) == 0); - - assert_ptr_not_null (attrs); - assert (attrs[1].type == CKA_VALUE); - assert_num_eq (4, attrs[1].ulValueLen); - assert (memcmp (attrs[1].pValue, "nine", 4) == 0); - - assert_ptr_not_null (attrs); - assert (attrs[2].type == CKA_TOKEN); - assert_num_eq (1, attrs[2].ulValueLen); - assert (memcmp (attrs[2].pValue, "\x01", 1) == 0); - - assert (attrs[3].type == CKA_INVALID); - - p11_attrs_free (attrs); -} - -static void -test_build_null (void) -{ - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE add = { CKA_LABEL, NULL, (CK_ULONG)-1 }; - - attrs = p11_attrs_build (NULL, &add, NULL); - - /* Test the first attribute */ - assert_ptr_not_null (attrs); - assert (attrs->type == CKA_LABEL); - assert (attrs->ulValueLen == (CK_ULONG)-1); - assert_ptr_eq (NULL, attrs->pValue); - - p11_attrs_free (attrs); -} - -static void -test_dup (void) -{ - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE original[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - attrs = p11_attrs_dup (original); - - /* Test the first attribute */ - assert_ptr_not_null (attrs); - assert (attrs->type == CKA_LABEL); - assert_num_eq (3, attrs->ulValueLen); - assert (memcmp (attrs->pValue, "yay", 3) == 0); - - assert_ptr_not_null (attrs); - assert (attrs[1].type == CKA_VALUE); - assert_num_eq (5, attrs[1].ulValueLen); - assert (memcmp (attrs[1].pValue, "eight", 5) == 0); - - assert (attrs[2].type == CKA_INVALID); - - p11_attrs_free (attrs); -} - -static void -test_take (void) -{ - CK_ATTRIBUTE initial[] = { - { CKA_LABEL, "label", 5 }, - { CKA_VALUE, "nine", 4 }, - }; - - CK_ATTRIBUTE *attrs; - - attrs = p11_attrs_buildn (NULL, initial, 2); - attrs = p11_attrs_take (attrs, CKA_LABEL, strdup ("boooyah"), 7); - attrs = p11_attrs_take (attrs, CKA_TOKEN, strdup ("\x01"), 1); - assert_ptr_not_null (attrs); - - assert (attrs[0].type == CKA_LABEL); - assert_num_eq (7, attrs[0].ulValueLen); - assert (memcmp (attrs[0].pValue, "boooyah", 7) == 0); - - assert_ptr_not_null (attrs); - assert (attrs[1].type == CKA_VALUE); - assert_num_eq (4, attrs[1].ulValueLen); - assert (memcmp (attrs[1].pValue, "nine", 4) == 0); - - assert_ptr_not_null (attrs); - assert (attrs[2].type == CKA_TOKEN); - assert_num_eq (1, attrs[2].ulValueLen); - assert (memcmp (attrs[2].pValue, "\x01", 1) == 0); - - assert (attrs[3].type == CKA_INVALID); - - p11_attrs_free (attrs); -} - - -static void -test_merge_replace (void) -{ - CK_ATTRIBUTE initial[] = { - { CKA_LABEL, "label", 5 }, - { CKA_VALUE, "nine", 4 }, - }; - - CK_ATTRIBUTE extra[] = { - { CKA_LABEL, "boooyah", 7 }, - { CKA_APPLICATION, "disco", 5 }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *merge; - - attrs = p11_attrs_buildn (NULL, initial, 2); - merge = p11_attrs_buildn (NULL, extra, 2); - attrs = p11_attrs_merge (attrs, merge, true); - assert_ptr_not_null (attrs); - - assert (attrs[0].type == CKA_LABEL); - assert_num_eq (7, attrs[0].ulValueLen); - assert (memcmp (attrs[0].pValue, "boooyah", 7) == 0); - - assert_ptr_not_null (attrs); - assert (attrs[1].type == CKA_VALUE); - assert_num_eq (4, attrs[1].ulValueLen); - assert (memcmp (attrs[1].pValue, "nine", 4) == 0); - - assert_ptr_not_null (attrs); - assert (attrs[2].type == CKA_APPLICATION); - assert_num_eq (5, attrs[2].ulValueLen); - assert (memcmp (attrs[2].pValue, "disco", 5) == 0); - - assert (attrs[3].type == CKA_INVALID); - - p11_attrs_free (attrs); -} - -static void -test_merge_empty (void) -{ - CK_ATTRIBUTE extra[] = { - { CKA_LABEL, "boooyah", 7 }, - { CKA_APPLICATION, "disco", 5 }, - }; - - CK_ATTRIBUTE *attrs = NULL; - CK_ATTRIBUTE *merge; - - merge = p11_attrs_buildn (NULL, extra, 2); - attrs = p11_attrs_merge (attrs, merge, true); - assert_ptr_not_null (attrs); - assert_ptr_eq (merge, attrs); - - p11_attrs_free (attrs); -} - -static void -test_merge_augment (void) -{ - CK_ATTRIBUTE initial[] = { - { CKA_LABEL, "label", 5 }, - { CKA_VALUE, "nine", 4 }, - }; - - CK_ATTRIBUTE extra[] = { - { CKA_LABEL, "boooyah", 7 }, - { CKA_APPLICATION, "disco", 5 }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *merge; - - attrs = p11_attrs_buildn (NULL, initial, 2); - merge = p11_attrs_buildn (NULL, extra, 2); - attrs = p11_attrs_merge (attrs, merge, false); - assert_ptr_not_null (attrs); - - assert (attrs[0].type == CKA_LABEL); - assert_num_eq (5, attrs[0].ulValueLen); - assert (memcmp (attrs[0].pValue, "label", 5) == 0); - - assert_ptr_not_null (attrs); - assert (attrs[1].type == CKA_VALUE); - assert_num_eq (4, attrs[1].ulValueLen); - assert (memcmp (attrs[1].pValue, "nine", 4) == 0); - - assert_ptr_not_null (attrs); - assert (attrs[2].type == CKA_APPLICATION); - assert_num_eq (5, attrs[2].ulValueLen); - assert (memcmp (attrs[2].pValue, "disco", 5) == 0); - - assert (attrs[3].type == CKA_INVALID); - - p11_attrs_free (attrs); -} - -static void -test_free_null (void) -{ - p11_attrs_free (NULL); -} - -static void -test_equal (void) -{ - char *data = "extra attribute"; - CK_ATTRIBUTE one = { CKA_LABEL, "yay", 3 }; - CK_ATTRIBUTE null = { CKA_LABEL, NULL, 3 }; - CK_ATTRIBUTE two = { CKA_VALUE, "yay", 3 }; - CK_ATTRIBUTE other = { CKA_VALUE, data, 5 }; - CK_ATTRIBUTE overflow = { CKA_VALUE, data, 5 }; - CK_ATTRIBUTE content = { CKA_VALUE, "conte", 5 }; - - assert (p11_attr_equal (&one, &one)); - assert (!p11_attr_equal (&one, NULL)); - assert (!p11_attr_equal (NULL, &one)); - assert (!p11_attr_equal (&one, &two)); - assert (!p11_attr_equal (&two, &other)); - assert (p11_attr_equal (&other, &overflow)); - assert (!p11_attr_equal (&one, &null)); - assert (!p11_attr_equal (&one, &null)); - assert (!p11_attr_equal (&other, &content)); -} - -static void -test_hash (void) -{ - char *data = "extra attribute"; - CK_ATTRIBUTE one = { CKA_LABEL, "yay", 3 }; - CK_ATTRIBUTE null = { CKA_LABEL, NULL, 3 }; - CK_ATTRIBUTE two = { CKA_VALUE, "yay", 3 }; - CK_ATTRIBUTE other = { CKA_VALUE, data, 5 }; - CK_ATTRIBUTE overflow = { CKA_VALUE, data, 5 }; - CK_ATTRIBUTE content = { CKA_VALUE, "conte", 5 }; - unsigned int hash; - - hash = p11_attr_hash (&one); - assert (hash != 0); - - assert (p11_attr_hash (&one) == hash); - assert (p11_attr_hash (&two) != hash); - assert (p11_attr_hash (&other) != hash); - assert (p11_attr_hash (&overflow) != hash); - assert (p11_attr_hash (&null) != hash); - assert (p11_attr_hash (&content) != hash); - - hash = p11_attr_hash (NULL); - assert (hash == 0); -} - -static void -test_to_string (void) -{ - char *data = "extra attribute"; - CK_ATTRIBUTE one = { CKA_LABEL, "yay", 3 }; - CK_ATTRIBUTE attrs[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, data, 5 }, - { CKA_INVALID }, - }; - - char *string; - - - string = p11_attr_to_string (&one, CKA_INVALID); - assert_str_eq ("{ CKA_LABEL = (3) \"yay\" }", string); - free (string); - - string = p11_attrs_to_string (attrs, -1); - assert_str_eq ("(2) [ { CKA_LABEL = (3) \"yay\" }, { CKA_VALUE = (5) NOT-PRINTED } ]", string); - free (string); - - string = p11_attrs_to_string (attrs, 1); - assert_str_eq ("(1) [ { CKA_LABEL = (3) \"yay\" } ]", string); - free (string); -} - -static void -test_find (void) -{ - CK_BBOOL vtrue = CK_TRUE; - CK_ATTRIBUTE *attr; - - CK_ATTRIBUTE attrs[] = { - { CKA_LABEL, "label", 5 }, - { CKA_TOKEN, &vtrue, sizeof (vtrue) }, - { CKA_INVALID }, - }; - - attr = p11_attrs_find (attrs, CKA_LABEL); - assert_ptr_eq (attrs + 0, attr); - - attr = p11_attrs_find (attrs, CKA_TOKEN); - assert_ptr_eq (attrs + 1, attr); - - attr = p11_attrs_find (attrs, CKA_VALUE); - assert_ptr_eq (NULL, attr); -} - -static void -test_findn (void) -{ - CK_BBOOL vtrue = CK_TRUE; - CK_ATTRIBUTE *attr; - - CK_ATTRIBUTE attrs[] = { - { CKA_LABEL, "label", 5 }, - { CKA_TOKEN, &vtrue, sizeof (vtrue) }, - }; - - attr = p11_attrs_findn (attrs, 2, CKA_LABEL); - assert_ptr_eq (attrs + 0, attr); - - attr = p11_attrs_findn (attrs, 2, CKA_TOKEN); - assert_ptr_eq (attrs + 1, attr); - - attr = p11_attrs_findn (attrs, 2, CKA_VALUE); - assert_ptr_eq (NULL, attr); - - attr = p11_attrs_findn (attrs, 1, CKA_TOKEN); - assert_ptr_eq (NULL, attr); -} - -static void -test_remove (void) -{ - CK_BBOOL vtrue = CK_TRUE; - CK_ATTRIBUTE *attr; - CK_ATTRIBUTE *attrs; - CK_BBOOL ret; - - CK_ATTRIBUTE initial[] = { - { CKA_LABEL, "label", 5 }, - { CKA_TOKEN, &vtrue, sizeof (vtrue) }, - }; - - attrs = p11_attrs_buildn (NULL, initial, 2); - assert_ptr_not_null (attrs); - - attr = p11_attrs_find (attrs, CKA_LABEL); - assert_ptr_eq (attrs + 0, attr); - - ret = p11_attrs_remove (attrs, CKA_LABEL); - assert_num_eq (CK_TRUE, ret); - - attr = p11_attrs_find (attrs, CKA_LABEL); - assert_ptr_eq (NULL, attr); - - ret = p11_attrs_remove (attrs, CKA_LABEL); - assert_num_eq (CK_FALSE, ret); - - p11_attrs_free (attrs); -} - -static void -test_match (void) -{ - CK_BBOOL vtrue = CK_TRUE; - - CK_ATTRIBUTE attrs[] = { - { CKA_LABEL, "label", 5 }, - { CKA_TOKEN, &vtrue, sizeof (vtrue) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE subset[] = { - { CKA_LABEL, "label", 5 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE different[] = { - { CKA_LABEL, "other", 5 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE extra[] = { - { CKA_VALUE, "the value", 9 }, - { CKA_LABEL, "other", 5 }, - { CKA_TOKEN, &vtrue, sizeof (vtrue) }, - { CKA_INVALID }, - }; - - assert (p11_attrs_match (attrs, attrs)); - assert (p11_attrs_match (attrs, subset)); - assert (!p11_attrs_match (attrs, different)); - assert (!p11_attrs_match (attrs, extra)); -} - -static void -test_matchn (void) -{ - CK_BBOOL vtrue = CK_TRUE; - - CK_ATTRIBUTE attrs[] = { - { CKA_LABEL, "label", 5 }, - { CKA_TOKEN, &vtrue, sizeof (vtrue) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE subset[] = { - { CKA_LABEL, "label", 5 }, - }; - - CK_ATTRIBUTE different[] = { - { CKA_TOKEN, &vtrue, sizeof (vtrue) }, - { CKA_LABEL, "other", 5 }, - }; - - CK_ATTRIBUTE extra[] = { - { CKA_VALUE, "the value", 9 }, - { CKA_LABEL, "other", 5 }, - { CKA_TOKEN, &vtrue, sizeof (vtrue) }, - }; - - assert (p11_attrs_matchn (attrs, subset, 1)); - assert (!p11_attrs_matchn (attrs, different, 2)); - assert (!p11_attrs_matchn (attrs, extra, 3)); -} - -static void -test_find_bool (void) -{ - CK_BBOOL vtrue = CK_TRUE; - CK_BBOOL vfalse = CK_FALSE; - CK_BBOOL value; - - CK_ATTRIBUTE attrs[] = { - { CKA_LABEL, "\x01yy", 3 }, - { CKA_VALUE, &vtrue, (CK_ULONG)-1 }, - { CKA_TOKEN, &vtrue, sizeof (CK_BBOOL) }, - { CKA_TOKEN, &vfalse, sizeof (CK_BBOOL) }, - { CKA_INVALID }, - }; - - assert (p11_attrs_find_bool (attrs, CKA_TOKEN, &value) && value == CK_TRUE); - assert (!p11_attrs_find_bool (attrs, CKA_LABEL, &value)); - assert (!p11_attrs_find_bool (attrs, CKA_VALUE, &value)); -} - -static void -test_find_ulong (void) -{ - CK_ULONG v33 = 33UL; - CK_ULONG v45 = 45UL; - CK_ULONG value; - - CK_ATTRIBUTE attrs[] = { - { CKA_LABEL, &v33, 2 }, - { CKA_VALUE, &v45, (CK_ULONG)-1 }, - { CKA_BITS_PER_PIXEL, &v33, sizeof (CK_ULONG) }, - { CKA_BITS_PER_PIXEL, &v45, sizeof (CK_ULONG) }, - { CKA_INVALID }, - }; - - assert (p11_attrs_find_ulong (attrs, CKA_BITS_PER_PIXEL, &value) && value == v33); - assert (!p11_attrs_find_ulong (attrs, CKA_LABEL, &value)); - assert (!p11_attrs_find_ulong (attrs, CKA_VALUE, &value)); -} - -static void -test_find_value (void) -{ - void *value; - size_t length; - - CK_ATTRIBUTE attrs[] = { - { CKA_LABEL, "", (CK_ULONG)-1 }, - { CKA_LABEL, NULL, 5 }, - { CKA_LABEL, "", 0 }, - { CKA_LABEL, "test", 4 }, - { CKA_VALUE, NULL, 0 }, - { CKA_INVALID }, - }; - - value = p11_attrs_find_value (attrs, CKA_LABEL, &length); - assert_ptr_eq (attrs[3].pValue, value); - assert_num_eq (4, length); - - value = p11_attrs_find_value (attrs, CKA_LABEL, NULL); - assert_ptr_eq (attrs[3].pValue, value); - - value = p11_attrs_find_value (attrs, CKA_VALUE, &length); - assert_ptr_eq (NULL, value); - - value = p11_attrs_find_value (attrs, CKA_TOKEN, &length); - assert_ptr_eq (NULL, value); -} - -static void -test_find_valid (void) -{ - CK_ATTRIBUTE *attr; - - CK_ATTRIBUTE attrs[] = { - { CKA_LABEL, "", (CK_ULONG)-1 }, - { CKA_LABEL, NULL, 5 }, - { CKA_LABEL, "", 0 }, - { CKA_LABEL, "test", 4 }, - { CKA_VALUE, "value", 5 }, - { CKA_INVALID }, - }; - - attr = p11_attrs_find_valid (attrs, CKA_LABEL); - assert_ptr_eq (attrs + 3, attr); - - attr = p11_attrs_find_valid (attrs, CKA_VALUE); - assert_ptr_eq (attrs + 4, attr); - - attr = p11_attrs_find_valid (attrs, CKA_TOKEN); - assert_ptr_eq (NULL, attr); -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_equal, "/attrs/equal"); - p11_test (test_hash, "/attrs/hash"); - p11_test (test_to_string, "/attrs/to-string"); - - p11_test (test_terminator, "/attrs/terminator"); - p11_test (test_count, "/attrs/count"); - p11_test (test_build_one, "/attrs/build-one"); - p11_test (test_build_two, "/attrs/build-two"); - p11_test (test_build_invalid, "/attrs/build-invalid"); - p11_test (test_buildn_one, "/attrs/buildn-one"); - p11_test (test_buildn_two, "/attrs/buildn-two"); - p11_test (test_build_add, "/attrs/build-add"); - p11_test (test_build_null, "/attrs/build-null"); - p11_test (test_dup, "/attrs/dup"); - p11_test (test_take, "/attrs/take"); - p11_test (test_merge_replace, "/attrs/merge-replace"); - p11_test (test_merge_augment, "/attrs/merge-augment"); - p11_test (test_merge_empty, "/attrs/merge-empty"); - p11_test (test_free_null, "/attrs/free-null"); - p11_test (test_match, "/attrs/match"); - p11_test (test_matchn, "/attrs/matchn"); - p11_test (test_find, "/attrs/find"); - p11_test (test_findn, "/attrs/findn"); - p11_test (test_find_bool, "/attrs/find-bool"); - p11_test (test_find_ulong, "/attrs/find-ulong"); - p11_test (test_find_value, "/attrs/find-value"); - p11_test (test_find_valid, "/attrs/find-valid"); - p11_test (test_remove, "/attrs/remove"); - return p11_test_run (argc, argv); -} diff --git a/common/test-buffer.c b/common/test-buffer.c deleted file mode 100644 index 4fd060d..0000000 --- a/common/test-buffer.c +++ /dev/null @@ -1,199 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include -#include -#include - -#include "debug.h" -#include "buffer.h" - -static void -test_init_uninit (void) -{ - p11_buffer buffer; - - p11_buffer_init (&buffer, 10); - assert_ptr_not_null (buffer.data); - assert_num_eq (0, buffer.len); - assert_num_eq (0, buffer.flags); - assert (buffer.size >= 10); - assert_ptr_not_null (buffer.ffree); - assert_ptr_not_null (buffer.frealloc); - - p11_buffer_uninit (&buffer); -} - -static void -test_append (void) -{ - p11_buffer buffer; - - p11_buffer_init (&buffer, 10); - buffer.len = 5; - p11_buffer_append (&buffer, 35); - assert_num_eq (5 + 35, buffer.len); - assert (buffer.size >= 35 + 5); - - p11_buffer_append (&buffer, 15); - assert_num_eq (5 + 35 + 15, buffer.len); - assert (buffer.size >= 5 + 35 + 15); - - p11_buffer_uninit (&buffer); -} - -static void -test_null (void) -{ - p11_buffer buffer; - - p11_buffer_init_null (&buffer, 10); - p11_buffer_add (&buffer, "Blah", -1); - p11_buffer_add (&buffer, " blah", -1); - - assert_str_eq ("Blah blah", buffer.data); - - p11_buffer_uninit (&buffer); -} - -static int mock_realloced = 0; -static int mock_freed = 0; - -static void * -mock_realloc (void *data, - size_t size) -{ - mock_realloced++; - return realloc (data, size); -} - -static void -mock_free (void *data) -{ - mock_freed++; - free (data); -} - -static void -test_init_for_data (void) -{ - p11_buffer buffer; - unsigned char *ret; - size_t len; - - mock_realloced = 0; - mock_freed = 0; - - p11_buffer_init_full (&buffer, (unsigned char *)strdup ("blah"), 4, 0, - mock_realloc, mock_free); - - assert_ptr_not_null (buffer.data); - assert_str_eq ("blah", (char *)buffer.data); - assert_num_eq (4, buffer.len); - assert_num_eq (0, buffer.flags); - assert_num_eq (4, buffer.size); - assert_ptr_eq (mock_free, buffer.ffree); - assert_ptr_eq (mock_realloc, buffer.frealloc); - - assert_num_eq (0, mock_realloced); - assert_num_eq (0, mock_freed); - - len = buffer.len; - ret = p11_buffer_append (&buffer, 1024); - assert_ptr_eq ((char *)buffer.data + len, ret); - assert_num_eq (1, mock_realloced); - - p11_buffer_uninit (&buffer); - assert_num_eq (1, mock_realloced); - assert_num_eq (1, mock_freed); -} - -static void -test_steal (void) -{ - p11_buffer buffer; - char *string; - size_t length; - - mock_freed = 0; - - p11_buffer_init_full (&buffer, (unsigned char *)strdup ("blah"), 4, - P11_BUFFER_NULL, mock_realloc, mock_free); - - assert_ptr_not_null (buffer.data); - assert_str_eq ("blah", buffer.data); - - p11_buffer_add (&buffer, " yada", -1); - assert_str_eq ("blah yada", buffer.data); - - string = p11_buffer_steal (&buffer, &length); - p11_buffer_uninit (&buffer); - - assert_str_eq ("blah yada", string); - assert_num_eq (9, length); - assert_num_eq (0, mock_freed); - - free (string); -} - -static void -test_add (void) -{ - p11_buffer buffer; - - p11_buffer_init (&buffer, 10); - - p11_buffer_add (&buffer, (unsigned char *)"Planet Express", 15); - assert_num_eq (15, buffer.len); - assert_str_eq ("Planet Express", (char *)buffer.data); - assert (p11_buffer_ok (&buffer)); - - p11_buffer_uninit (&buffer); -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_init_uninit, "/buffer/init-uninit"); - p11_test (test_init_for_data, "/buffer/init-for-data"); - p11_test (test_append, "/buffer/append"); - p11_test (test_null, "/buffer/null"); - p11_test (test_add, "/buffer/add"); - p11_test (test_steal, "/buffer/steal"); - return p11_test_run (argc, argv); -} diff --git a/common/test-compat.c b/common/test-compat.c deleted file mode 100644 index e28698e..0000000 --- a/common/test-compat.c +++ /dev/null @@ -1,145 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include -#include -#include -#include - -#include "compat.h" - -static void -test_strndup (void) -{ - char unterminated[] = { 't', 'e', 's', 't', 'e', 'r', 'o', 'n', 'i', 'o' }; - char *res; - - res = strndup (unterminated, 6); - assert_str_eq (res, "tester"); - free (res); - - res = strndup ("test", 6); - assert_str_eq (res, "test"); - free (res); -} - -#ifdef OS_UNIX - -static void -test_getauxval (void) -{ - /* 23 is AT_SECURE */ - const char *args[] = { BUILDDIR "/frob-getauxval", "23", NULL }; - char *path; - int ret; - - ret = p11_test_run_child (args, true); - assert_num_eq (ret, 0); - - path = p11_test_copy_setgid (args[0]); - if (path == NULL) - return; - - args[0] = path; - ret = p11_test_run_child (args, true); - assert_num_cmp (ret, !=, 0); - - if (unlink (path) < 0) - assert_fail ("unlink failed", strerror (errno)); - free (path); -} - -static void -test_secure_getenv (void) -{ - const char *args[] = { BUILDDIR "/frob-getenv", "BLAH", NULL }; - char *path; - int ret; - - setenv ("BLAH", "5", 1); - - ret = p11_test_run_child (args, true); - assert_num_eq (ret, 5); - - path = p11_test_copy_setgid (args[0]); - if (path == NULL) - return; - - args[0] = path; - ret = p11_test_run_child (args, true); - assert_num_cmp (ret, ==, 0); - -/* if (unlink (path) < 0) - assert_fail ("unlink failed", strerror (errno)); - */ - free (path); -} - -static void -test_mmap (void) -{ - p11_mmap *map; - void *data; - size_t size; - char file[] = "emptyfileXXXXXX"; - int fd = mkstemp (file); - assert (fd >= 0); - close (fd); - /* mmap on empty file should work */ - map = p11_mmap_open (file, NULL, &data, &size); - unlink (file); - assert_ptr_not_null (map); - p11_mmap_close (map); -} - -#endif /* OS_UNIX */ - -int -main (int argc, - char *argv[]) -{ - p11_test (test_strndup, "/compat/strndup"); -#ifdef OS_UNIX - /* Don't run this test when under fakeroot */ - if (!getenv ("FAKED_MODE")) { - p11_test (test_getauxval, "/compat/getauxval"); - p11_test (test_secure_getenv, "/compat/secure_getenv"); - } - p11_test (test_mmap, "/compat/mmap"); -#endif - return p11_test_run (argc, argv); -} diff --git a/common/test-constants.c b/common/test-constants.c deleted file mode 100644 index 577d611..0000000 --- a/common/test-constants.c +++ /dev/null @@ -1,102 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include -#include -#include - -#include "attrs.h" -#include "constants.h" -#include "debug.h" - -static void -test_constants (void *arg) -{ - const p11_constant *constant = arg; - p11_dict *nicks, *names; - CK_ULONG check; - int i, j; - - nicks = p11_constant_reverse (true); - names = p11_constant_reverse (false); - - for (i = 1; constant[i].value != CKA_INVALID; i++) { - if (constant[i].value < constant[i - 1].value) - assert_fail ("attr constant out of order", constant[i].name); - } - for (i = 0; constant[i].value != CKA_INVALID; i++) { - assert_ptr_not_null (constant[i].name); - - if (constant[i].nicks[0]) { - assert_str_eq (constant[i].nicks[0], - p11_constant_nick (constant, constant[i].value)); - } - - assert_str_eq (constant[i].name, - p11_constant_name (constant, constant[i].value)); - - for (j = 0; constant[i].nicks[j] != NULL; j++) { - check = p11_constant_resolve (nicks, constant[i].nicks[j]); - assert_num_eq (constant[i].value, check); - } - - check = p11_constant_resolve (names, constant[i].name); - assert_num_eq (constant[i].value, check); - } - - p11_dict_free (names); - p11_dict_free (nicks); -} - -int -main (int argc, - char *argv[]) -{ - p11_testx (test_constants, (void *)p11_constant_types, "/constants/types"); - p11_testx (test_constants, (void *)p11_constant_classes, "/constants/classes"); - p11_testx (test_constants, (void *)p11_constant_trusts, "/constants/trusts"); - p11_testx (test_constants, (void *)p11_constant_certs, "/constants/certs"); - p11_testx (test_constants, (void *)p11_constant_keys, "/constants/keys"); - p11_testx (test_constants, (void *)p11_constant_asserts, "/constants/asserts"); - p11_testx (test_constants, (void *)p11_constant_categories, "/constants/categories"); - p11_testx (test_constants, (void *)p11_constant_mechanisms, "/constants/mechanisms"); - p11_testx (test_constants, (void *)p11_constant_users, "/constants/users"); - p11_testx (test_constants, (void *)p11_constant_states, "/constants/states"); - p11_testx (test_constants, (void *)p11_constant_returns, "/constants/returns"); - - return p11_test_run (argc, argv); -} diff --git a/common/test-dict.c b/common/test-dict.c deleted file mode 100644 index f12a34e..0000000 --- a/common/test-dict.c +++ /dev/null @@ -1,522 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include -#include -#include -#include - -#include "dict.h" - -static void -test_create (void) -{ - p11_dict *map; - - map = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, NULL, NULL); - assert_ptr_not_null (map); - p11_dict_free (map); -} - -static void -test_free_null (void) -{ - p11_dict_free (NULL); -} - -typedef struct { - int value; - bool freed; -} Key; - -static unsigned int -key_hash (const void *ptr) -{ - const Key *k = ptr; - assert (!k->freed); - return p11_dict_intptr_hash (&k->value); -} - -static bool -key_equal (const void *one, - const void *two) -{ - const Key *k1 = one; - const Key *k2 = two; - assert (!k1->freed); - assert (!k2->freed); - return p11_dict_intptr_equal (&k1->value, &k2->value); -} - -static void -key_destroy (void *data) -{ - Key *k = data; - assert (!k->freed); - k->freed = true; -} - -static void -value_destroy (void *data) -{ - int *value = data; - *value = 2; -} - -static void -test_free_destroys (void) -{ - p11_dict *map; - Key key = { 8, 0 }; - int value = 0; - - map = p11_dict_new (key_hash, key_equal, key_destroy, value_destroy); - assert_ptr_not_null (map); - if (!p11_dict_set (map, &key, &value)) - assert_not_reached (); - p11_dict_free (map); - - assert_num_eq (true, key.freed); - assert_num_eq (2, value); -} - -static void -test_iterate (void) -{ - p11_dict *map; - p11_dictiter iter; - int key = 1; - int value = 2; - void *pkey; - void *pvalue; - int ret; - - map = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, NULL, NULL); - assert_ptr_not_null (map); - if (!p11_dict_set (map, &key, &value)) - assert_not_reached (); - - p11_dict_iterate (map, &iter); - - ret = p11_dict_next (&iter, &pkey, &pvalue); - assert_num_eq (1, ret); - assert_ptr_eq (pkey, &key); - assert_ptr_eq (pvalue, &value); - - ret = p11_dict_next (&iter, &pkey, &pvalue); - assert_num_eq (0, ret); - - p11_dict_free (map); -} - -static int -compar_strings (const void *one, - const void *two) -{ - char **p1 = (char **)one; - char **p2 = (char **)two; - return strcmp (*p1, *p2); -} - -static void -test_iterate_remove (void) -{ - p11_dict *map; - p11_dictiter iter; - char *keys[] = { "111", "222", "333" }; - char *values[] = { "444", "555", "666" }; - void *okeys[3]; - void *ovalues[3]; - bool ret; - int i; - - map = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); - assert_ptr_not_null (map); - - for (i = 0; i < 3; i++) { - if (!p11_dict_set (map, keys[i], values[i])) - assert_not_reached (); - } - - p11_dict_iterate (map, &iter); - - ret = p11_dict_next (&iter, &okeys[0], &ovalues[0]); - assert_num_eq (true, ret); - - ret = p11_dict_next (&iter, &okeys[1], &ovalues[1]); - assert_num_eq (true, ret); - if (!p11_dict_remove (map, okeys[1])) - assert_not_reached (); - - ret = p11_dict_next (&iter, &okeys[2], &ovalues[2]); - assert_num_eq (true, ret); - - ret = p11_dict_next (&iter, NULL, NULL); - assert_num_eq (false, ret); - - assert_num_eq (2, p11_dict_size (map)); - p11_dict_free (map); - - qsort (okeys, 3, sizeof (void *), compar_strings); - qsort (ovalues, 3, sizeof (void *), compar_strings); - - for (i = 0; i < 3; i++) { - assert_str_eq (keys[i], okeys[i]); - assert_ptr_eq (keys[i], okeys[i]); - assert_str_eq (values[i], ovalues[i]); - assert_ptr_eq (values[i], ovalues[i]); - } -} - -static void -test_set_get (void) -{ - char *key = "KEY"; - char *value = "VALUE"; - char *check; - p11_dict *map; - - map = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); - p11_dict_set (map, key, value); - check = p11_dict_get (map, key); - assert_ptr_eq (check, value); - - p11_dict_free (map); -} - -static void -test_set_get_remove (void) -{ - char *key = "KEY"; - char *value = "VALUE"; - char *check; - p11_dict *map; - bool ret; - - map = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); - - if (!p11_dict_set (map, key, value)) - assert_not_reached (); - - check = p11_dict_get (map, key); - assert_ptr_eq (check, value); - - ret = p11_dict_remove (map, key); - assert_num_eq (true, ret); - ret = p11_dict_remove (map, key); - assert_num_eq (false, ret); - - check = p11_dict_get (map, key); - assert (check == NULL); - - p11_dict_free (map); -} - -static void -test_set_clear (void) -{ - char *key = "KEY"; - char *value = "VALUE"; - char *check; - p11_dict *map; - - map = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, NULL, NULL); - - if (!p11_dict_set (map, key, value)) - assert_not_reached (); - - p11_dict_clear (map); - - check = p11_dict_get (map, key); - assert (check == NULL); - - p11_dict_free (map); -} - -static void -test_remove_destroys (void) -{ - p11_dict *map; - Key key = { 8, 0 }; - int value = 0; - bool ret; - - map = p11_dict_new (key_hash, key_equal, key_destroy, value_destroy); - assert_ptr_not_null (map); - if (!p11_dict_set (map, &key, &value)) - assert_not_reached (); - - ret = p11_dict_remove (map, &key); - assert_num_eq (true, ret); - assert_num_eq (true, key.freed); - assert_num_eq (2, value); - - /* should not be destroyed again */ - key.freed = false; - value = 0; - - ret = p11_dict_remove (map, &key); - assert_num_eq (false, ret); - assert_num_eq (false, key.freed); - assert_num_eq (0, value); - - /* should not be destroyed again */ - key.freed = false; - value = 0; - - p11_dict_free (map); - - assert_num_eq (false, key.freed); - assert_num_eq (0, value); -} - -static void -test_set_destroys (void) -{ - p11_dict *map; - Key key = { 8, 0 }; - Key key2 = { 8, 0 }; - int value, value2; - bool ret; - - map = p11_dict_new (key_hash, key_equal, key_destroy, value_destroy); - assert_ptr_not_null (map); - if (!p11_dict_set (map, &key, &value)) - assert_not_reached (); - - key.freed = key2.freed = false; - value = value2 = 0; - - /* Setting same key and value, should not be destroyed */ - ret = p11_dict_set (map, &key, &value); - assert_num_eq (true, ret); - assert_num_eq (false, key.freed); - assert_num_eq (false, key2.freed); - assert_num_eq (0, value); - assert_num_eq (0, value2); - - key.freed = key2.freed = false; - value = value2 = 0; - - /* Setting a new key same value, key should be destroyed */ - ret = p11_dict_set (map, &key2, &value); - assert_num_eq (true, ret); - assert_num_eq (true, key.freed); - assert_num_eq (false, key2.freed); - assert_num_eq (0, value); - assert_num_eq (0, value2); - - key.freed = key2.freed = false; - value = value2 = 0; - - /* Setting same key, new value, value should be destroyed */ - ret = p11_dict_set (map, &key2, &value2); - assert_num_eq (true, ret); - assert_num_eq (false, key.freed); - assert_num_eq (false, key2.freed); - assert_num_eq (2, value); - assert_num_eq (0, value2); - - key.freed = key2.freed = false; - value = value2 = 0; - - /* Setting new key new value, both should be destroyed */ - ret = p11_dict_set (map, &key, &value); - assert_num_eq (true, ret); - assert_num_eq (false, key.freed); - assert_num_eq (true, key2.freed); - assert_num_eq (0, value); - assert_num_eq (2, value2); - - key.freed = key2.freed = false; - value = value2 = 0; - - p11_dict_free (map); - assert_num_eq (true, key.freed); - assert_num_eq (2, value); - assert_num_eq (false, key2.freed); - assert_num_eq (0, value2); -} - - -static void -test_clear_destroys (void) -{ - p11_dict *map; - Key key = { 18, 0 }; - int value = 0; - - map = p11_dict_new (key_hash, key_equal, key_destroy, value_destroy); - assert_ptr_not_null (map); - if (!p11_dict_set (map, &key, &value)) - assert_not_reached (); - - p11_dict_clear (map); - assert_num_eq (true, key.freed); - assert_num_eq (2, value); - - /* should not be destroyed again */ - key.freed = false; - value = 0; - - p11_dict_clear (map); - assert_num_eq (false, key.freed); - assert_num_eq (0, value); - - /* should not be destroyed again */ - key.freed = false; - value = 0; - - p11_dict_free (map); - - assert_num_eq (false, key.freed); - assert_num_eq (0, value); -} - -static unsigned int -test_hash_intptr_with_collisions (const void *data) -{ - /* lots and lots of collisions, only returns 100 values */ - return (unsigned int)(*((int*)data) % 100); -} - -static void -test_hash_add_check_lots_and_collisions (void) -{ - p11_dict *map; - int *value; - int i; - - map = p11_dict_new (test_hash_intptr_with_collisions, - p11_dict_intptr_equal, NULL, free); - - for (i = 0; i < 20000; ++i) { - value = malloc (sizeof (int)); - assert (value != NULL); - *value = i; - if (!p11_dict_set (map, value, value)) - assert_not_reached (); - } - - for (i = 0; i < 20000; ++i) { - value = p11_dict_get (map, &i); - assert_ptr_not_null (value); - assert_num_eq (i, *value); - } - - p11_dict_free (map); -} - -static void -test_hash_count (void) -{ - p11_dict *map; - int *value; - int i; - bool ret; - - map = p11_dict_new (p11_dict_intptr_hash, p11_dict_intptr_equal, NULL, free); - - assert_num_eq (0, p11_dict_size (map)); - - for (i = 0; i < 20000; ++i) { - value = malloc (sizeof (int)); - assert (value != NULL); - *value = i; - if (!p11_dict_set (map, value, value)) - assert_not_reached (); - assert_num_eq (i + 1, p11_dict_size (map)); - } - - for (i = 0; i < 20000; ++i) { - ret = p11_dict_remove (map, &i); - assert_num_eq (true, ret); - assert_num_eq (20000 - (i + 1), p11_dict_size (map)); - } - - p11_dict_clear (map); - assert_num_eq (0, p11_dict_size (map)); - - p11_dict_free (map); -} - -static void -test_hash_ulongptr (void) -{ - p11_dict *map; - unsigned long *value; - unsigned long i; - - map = p11_dict_new (p11_dict_ulongptr_hash, p11_dict_ulongptr_equal, NULL, free); - - for (i = 0; i < 20000; ++i) { - value = malloc (sizeof (unsigned long)); - assert (value != NULL); - *value = i; - if (!p11_dict_set (map, value, value)) - assert_not_reached (); - } - - for (i = 0; i < 20000; ++i) { - value = p11_dict_get (map, &i); - assert_ptr_not_null (value); - assert_num_eq (i, *value); - } - - p11_dict_free (map); -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_create, "/dict/create"); - p11_test (test_set_get, "/dict/set-get"); - p11_test (test_set_get_remove, "/dict/set-get-remove"); - p11_test (test_remove_destroys, "/dict/remove-destroys"); - p11_test (test_set_clear, "/dict/set-clear"); - p11_test (test_set_destroys, "/dict/set-destroys"); - p11_test (test_clear_destroys, "/dict/clear-destroys"); - p11_test (test_free_null, "/dict/free-null"); - p11_test (test_free_destroys, "/dict/free-destroys"); - p11_test (test_iterate, "/dict/iterate"); - p11_test (test_iterate_remove, "/dict/iterate-remove"); - p11_test (test_hash_add_check_lots_and_collisions, "/dict/add-check-lots-and-collisions"); - p11_test (test_hash_count, "/dict/count"); - p11_test (test_hash_ulongptr, "/dict/ulongptr"); - return p11_test_run (argc, argv); -} diff --git a/common/test-hash.c b/common/test-hash.c deleted file mode 100644 index a12d5a4..0000000 --- a/common/test-hash.c +++ /dev/null @@ -1,106 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include -#include -#include -#include -#include - -#include "hash.h" - -static void -test_murmur3 (void) -{ - uint32_t one, two, four, seven, eleven, split; - - assert (sizeof (one) == P11_HASH_MURMUR3_LEN); - - p11_hash_murmur3 ((unsigned char *)&one, "one", 3, NULL); - p11_hash_murmur3 ((unsigned char *)&two, "two", 3, NULL); - p11_hash_murmur3 ((unsigned char *)&four, "four", 4, NULL); - p11_hash_murmur3 ((unsigned char *)&seven, "seven", 5, NULL); - p11_hash_murmur3 ((unsigned char *)&eleven, "eleven", 6, NULL); - p11_hash_murmur3 ((unsigned char *)&split, "ele", 3, "ven", 3, NULL); - - assert (one != two); - assert (one != four); - assert (one != seven); - assert (one != eleven); - - assert (two != four); - assert (two != seven); - assert (two != eleven); - - assert (four != seven); - assert (four != eleven); - - assert (split == eleven); -} - -static void -test_murmur3_incr (void) -{ - uint32_t first, second; - - p11_hash_murmur3 ((unsigned char *)&first, - "this is the long input!", (size_t)23, - NULL); - - p11_hash_murmur3 ((unsigned char *)&second, - "this", (size_t)4, - " ", (size_t)1, - "is ", (size_t)3, - "the long ", (size_t)9, - "in", (size_t)2, - "p", (size_t)1, - "u", (size_t)1, - "t", (size_t)1, - "!", (size_t)1, - NULL); - - assert_num_eq (first, second); -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_murmur3, "/hash/murmur3"); - p11_test (test_murmur3_incr, "/hash/murmur3-incr"); - return p11_test_run (argc, argv); -} diff --git a/common/test-lexer.c b/common/test-lexer.c deleted file mode 100644 index 7d18e87..0000000 --- a/common/test-lexer.c +++ /dev/null @@ -1,253 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include -#include -#include - -#include "compat.h" -#include "debug.h" -#include "lexer.h" -#include "message.h" - -typedef struct { - int tok_type; - const char *name; - const char *value; -} expected_tok; - -static void -check_lex_msg (const char *file, - int line, - const char *function, - const expected_tok *expected, - const char *input, - bool failure) -{ - p11_lexer lexer; - size_t len; - bool failed; - int i; - - p11_lexer_init (&lexer, "test", input, strlen (input)); - for (i = 0; p11_lexer_next (&lexer, &failed); i++) { - if (expected[i].tok_type != lexer.tok_type) - p11_test_fail (file, line, function, - "lexer token type does not match: (%d != %d)", - expected[i].tok_type, lexer.tok_type); - switch (lexer.tok_type) { - case TOK_FIELD: - if (strcmp (expected[i].name, lexer.tok.field.name) != 0) - p11_test_fail (file, line, function, - "field name doesn't match: (%s != %s)", - expected[i].name, lexer.tok.field.name); - if (strcmp (expected[i].value, lexer.tok.field.value) != 0) - p11_test_fail (file, line, function, - "field value doesn't match: (%s != %s)", - expected[i].value, lexer.tok.field.value); - break; - case TOK_SECTION: - if (strcmp (expected[i].name, lexer.tok.field.name) != 0) - p11_test_fail (file, line, function, - "section name doesn't match: (%s != %s)", - expected[i].name, lexer.tok.field.name); - break; - case TOK_PEM: - len = strlen (expected[i].name); - if (lexer.tok.pem.length < len || - strncmp (lexer.tok.pem.begin, expected[i].name, len) != 0) { - p11_test_fail (file, line, function, - "wrong type of PEM block: %s", - expected[i].name); - } - break; - case TOK_EOF: - p11_test_fail (file, line, function, "eof should not be recieved"); - break; - } - } - - if (failure && !failed) - p11_test_fail (file, line, function, "lexing didn't fail"); - else if (!failure && failed) - p11_test_fail (file, line, function, "lexing failed"); - if (TOK_EOF != expected[i].tok_type) - p11_test_fail (file, line, function, "premature end of lexing"); - - p11_lexer_done (&lexer); -} - -#define check_lex_success(expected, input) \ - check_lex_msg (__FILE__, __LINE__, __FUNCTION__, expected, input, false) - -#define check_lex_failure(expected, input) \ - check_lex_msg (__FILE__, __LINE__, __FUNCTION__, expected, input, true) - -static void -test_basic (void) -{ - const char *input = "[the header]\n" - "field: value\n" - "-----BEGIN BLOCK1-----\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" - "-----END BLOCK1-----\n"; - - const expected_tok expected[] = { - { TOK_SECTION, "the header" }, - { TOK_FIELD, "field", "value" }, - { TOK_PEM, "-----BEGIN BLOCK1-----\n", }, - { TOK_EOF } - }; - - check_lex_success (expected, input); -} - -static void -test_corners (void) -{ - const char *input = "\r\n" /* blankline */ - " [the header]\r\n" /* bad line endings */ - " field: value \r\n" /* whitespace */ - "number: 2\n" /* extra space*/ - "number :3\n" /* extra space*/ - "number : 4\n" /* extra space*/ - "\n" - " # A comment \n" - "not-a-comment: # value\n" - "-----BEGIN BLOCK1-----\r\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\r\n" - "-----END BLOCK1-----"; /* no new line */ - - const expected_tok expected[] = { - { TOK_SECTION, "the header" }, - { TOK_FIELD, "field", "value" }, - { TOK_FIELD, "number", "2" }, - { TOK_FIELD, "number", "3" }, - { TOK_FIELD, "number", "4" }, - { TOK_FIELD, "not-a-comment", "# value" }, - { TOK_PEM, "-----BEGIN BLOCK1-----\r\n", }, - { TOK_EOF } - }; - - check_lex_success (expected, input); -} - -static void -test_following (void) -{ - const char *input = "-----BEGIN BLOCK1-----\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" - "-----END BLOCK1-----\n" - "field: value"; - - const expected_tok expected[] = { - { TOK_PEM, "-----BEGIN BLOCK1-----\n", }, - { TOK_FIELD, "field", "value" }, - { TOK_EOF } - }; - - check_lex_success (expected, input); -} - -static void -test_bad_pem (void) -{ - const char *input = "field: value\n" - "-----BEGIN BLOCK1-----\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n"; - - const expected_tok expected[] = { - { TOK_FIELD, "field", "value" }, - { TOK_EOF } - }; - - p11_message_quiet (); - - check_lex_failure (expected, input); - - p11_message_loud (); -} - -static void -test_bad_section (void) -{ - const char *input = "field: value\n" - "[section\n" - "bad]\n"; - - const expected_tok expected[] = { - { TOK_FIELD, "field", "value" }, - { TOK_EOF } - }; - - p11_message_quiet (); - - check_lex_failure (expected, input); - - p11_message_loud (); -} - -static void -test_bad_value (void) -{ - const char *input = "field_value\n" - "[section\n" - "bad]\n"; - - const expected_tok expected[] = { - { TOK_EOF } - }; - - p11_message_quiet (); - - check_lex_failure (expected, input); - - p11_message_loud (); -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_basic, "/lexer/basic"); - p11_test (test_corners, "/lexer/corners"); - p11_test (test_following, "/lexer/following"); - p11_test (test_bad_pem, "/lexer/bad-pem"); - p11_test (test_bad_section, "/lexer/bad-section"); - p11_test (test_bad_value, "/lexer/bad-value"); - return p11_test_run (argc, argv); -} diff --git a/common/test-message.c b/common/test-message.c deleted file mode 100644 index 63ecf31..0000000 --- a/common/test-message.c +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include "message.h" - -#include -#include - -static void -test_with_err (void) -{ - const char *last; - char *expected; - - errno = E2BIG; - p11_message_err (ENOENT, "Details: %s", "value"); - last = p11_message_last (); - - if (asprintf (&expected, "Details: value: %s", strerror (ENOENT)) < 0) - assert_not_reached (); - assert_str_eq (expected, last); - free (expected); -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_with_err, "/message/with-err"); - return p11_test_run (argc, argv); -} diff --git a/common/test-path.c b/common/test-path.c deleted file mode 100644 index 57619c8..0000000 --- a/common/test-path.c +++ /dev/null @@ -1,216 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include -#include -#include - -#include "compat.h" -#include "path.h" - -static void -test_base (void) -{ - struct { - const char *in; - const char *out; - } fixtures[] = { - { "/this/is/a/path", "path" }, - { "/this/is/a/folder/", "folder" }, - { "folder/", "folder" }, - { "/", "" }, - { "this", "this" }, -#ifdef OS_WIN32 - { "\\this\\is\\a\\path", "path" }, - { "\\this\\is\\a\\folder\\", "folder" }, - { "C:\\this\\is\\a\\path", "path" }, - { "D:\\this\\is\\a\\folder\\", "folder" }, - { "folder\\", "folder" }, - { "\\", "" }, -#endif - { NULL }, - }; - - char *out; - int i; - - for (i = 0; fixtures[i].in != NULL; i++) { - out = p11_path_base (fixtures[i].in); - assert_str_eq (fixtures[i].out, out); - free (out); - } -} - -#define assert_str_eq_free(ex, ac) \ - do { const char *__s1 = (ex); \ - char *__s2 = (ac); \ - if (__s1 && __s2 && strcmp (__s1, __s2) == 0) ; else \ - p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "assertion failed (%s == %s): (%s == %s)", \ - #ex, #ac, __s1 ? __s1 : "(null)", __s2 ? __s2 : "(null)"); \ - free (__s2); \ - } while (0) - -static void -test_build (void) -{ -#ifdef OS_UNIX - assert_str_eq_free ("/root/second", - p11_path_build ("/root", "second", NULL)); - assert_str_eq_free ("/root/second", - p11_path_build ("/root", "/second", NULL)); - assert_str_eq_free ("/root/second", - p11_path_build ("/root/", "second", NULL)); - assert_str_eq_free ("/root/second/third", - p11_path_build ("/root", "second", "third", NULL)); - assert_str_eq_free ("/root/second/third", - p11_path_build ("/root", "/second/third", NULL)); -#else /* OS_WIN32 */ - assert_str_eq_free ("C:\\root\\second", - p11_path_build ("C:\\root", "second", NULL)); - assert_str_eq_free ("C:\\root\\second", - p11_path_build ("C:\\root", "\\second", NULL)); - assert_str_eq_free ("C:\\root\\second", - p11_path_build ("C:\\root\\", "second", NULL)); - assert_str_eq_free ("C:\\root\\second\\third", - p11_path_build ("C:\\root", "second", "third", NULL)); - assert_str_eq_free ("C:\\root\\second/third", - p11_path_build ("C:\\root", "second/third", NULL)); -#endif -} - -static void -test_expand (void) -{ - char *path; - -#ifdef OS_UNIX - putenv ("HOME=/home/blah"); - assert_str_eq_free ("/home/blah/my/path", - p11_path_expand ("~/my/path")); - assert_str_eq_free ("/home/blah", - p11_path_expand ("~")); - putenv ("XDG_CONFIG_HOME=/my"); - assert_str_eq_free ("/my/path", - p11_path_expand ("~/.config/path")); - putenv ("XDG_CONFIG_HOME="); - assert_str_eq_free ("/home/blah/.config/path", - p11_path_expand ("~/.config/path")); -#else /* OS_WIN32 */ - putenv ("HOME=C:\\Users\\blah"); - assert_str_eq_free ("C:\\Users\\blah\\path", - p11_path_expand ("~/my/path")); - assert_str_eq_free ("C:\\Users\\blah\\path", - p11_path_expand ("~\\path")); -#endif - - putenv("HOME="); - path = p11_path_expand ("~/this/is/my/path"); - assert (strstr (path, "this/is/my/path") != NULL); - free (path); -} - -static void -test_absolute (void) -{ -#ifdef OS_UNIX - assert (p11_path_absolute ("/home")); - assert (!p11_path_absolute ("home")); -#else /* OS_WIN32 */ - assert (p11_path_absolute ("C:\\home")); - assert (!p11_path_absolute ("home")); - assert (p11_path_absolute ("/home")); -#endif -} - -static void -test_parent (void) -{ - assert_str_eq_free ("/", p11_path_parent ("/root")); - assert_str_eq_free ("/", p11_path_parent ("/root/")); - assert_str_eq_free ("/", p11_path_parent ("/root//")); - assert_str_eq_free ("/root", p11_path_parent ("/root/second")); - assert_str_eq_free ("/root", p11_path_parent ("/root//second")); - assert_str_eq_free ("/root", p11_path_parent ("/root//second//")); - assert_str_eq_free ("/root", p11_path_parent ("/root///second")); - assert_str_eq_free ("/root/second", p11_path_parent ("/root/second/test.file")); - assert_ptr_eq (NULL, p11_path_parent ("/")); - assert_ptr_eq (NULL, p11_path_parent ("//")); - assert_ptr_eq (NULL, p11_path_parent ("")); -} - -static void -test_prefix (void) -{ - assert (p11_path_prefix ("/test/second", "/test")); - assert (!p11_path_prefix ("/test", "/test")); - assert (!p11_path_prefix ("/different/prefix", "/test")); - assert (!p11_path_prefix ("/te", "/test")); - assert (!p11_path_prefix ("/test", "/test/blah")); - assert (p11_path_prefix ("/test/other/second", "/test")); - assert (p11_path_prefix ("/test//other//second", "/test")); -} - -static void -test_canon (void) -{ - char *test; - - test = strdup ("2309haonutb;AOE@#$O "); - p11_path_canon (test); - assert_str_eq (test, "2309haonutb_AOE___O_"); - free (test); - - test = strdup ("22@# %ATI@#$onot"); - p11_path_canon (test); - assert_str_eq (test, "22____ATI___onot"); - free (test); -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_base, "/path/base"); - p11_test (test_build, "/path/build"); - p11_test (test_expand, "/path/expand"); - p11_test (test_absolute, "/path/absolute"); - p11_test (test_parent, "/path/parent"); - p11_test (test_prefix, "/path/prefix"); - p11_test (test_canon, "/path/canon"); - - return p11_test_run (argc, argv); -} diff --git a/common/test-tests.c b/common/test-tests.c deleted file mode 100644 index ba31d83..0000000 --- a/common/test-tests.c +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include - -static void -test_success (void) -{ - /* Yup, nothing */ -} - - -static void -test_failure (void) -{ - if (getenv ("TEST_FAIL")) { - p11_test_fail (__FILE__, __LINE__, __FUNCTION__, - "Unconditional test failure due to TEST_FAIL environment variable"); - } -} - -static void -test_memory (void) -{ - char *mem; - - if (getenv ("TEST_FAIL")) { - mem = malloc (1); - assert (mem != NULL); - free (mem); - *mem = 1; - } -} - - -static void -test_leak (void) -{ - char *mem; - - if (getenv ("TEST_FAIL")) { - mem = malloc (1); - assert (mem != NULL); - *mem = 1; - } -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_success, "/test/success"); - - if (getenv ("TEST_FAIL")) { - p11_test (test_failure, "/test/failure"); - p11_test (test_memory, "/test/memory"); - p11_test (test_leak, "/test/leak"); - } - - return p11_test_run (argc, argv); -} diff --git a/common/test-url.c b/common/test-url.c deleted file mode 100644 index 892bf3c..0000000 --- a/common/test-url.c +++ /dev/null @@ -1,164 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include "debug.h" -#include "message.h" - -#include -#include -#include -#include - -#include "url.h" - -static void -check_decode_msg (const char *file, - int line, - const char *function, - const char *input, - ssize_t input_len, - const char *expected, - size_t expected_len) -{ - unsigned char *decoded; - size_t length; - - if (input_len < 0) - input_len = strlen (input); - decoded = p11_url_decode (input, input + input_len, "", &length); - - if (expected == NULL) { - if (decoded != NULL) - p11_test_fail (file, line, function, "decoding should have failed"); - - } else { - if (decoded == NULL) - p11_test_fail (file, line, function, "decoding failed"); - if (expected_len != length) - p11_test_fail (file, line, function, "wrong length: (%lu != %lu)", - (unsigned long)expected_len, (unsigned long)length); - if (memcmp (decoded, expected, length) != 0) - p11_test_fail (file, line, function, "decoding wrong"); - free (decoded); - } -} - -#define check_decode_success(input, input_len, expected, expected_len) \ - check_decode_msg (__FILE__, __LINE__, __FUNCTION__, input, input_len, expected, expected_len) - -#define check_decode_failure(input, input_len) \ - check_decode_msg (__FILE__, __LINE__, __FUNCTION__, input, input_len, NULL, 0) - -static void -test_decode_success (void) -{ - check_decode_success ("%54%45%53%54%00", -1, "TEST", 5); - check_decode_success ("%54%45%53%54%00", 6, "TE", 2); - check_decode_success ("%54est%00", -1, "Test", 5); -} - -static void -test_decode_skip (void) -{ - const char *input = "%54 %45 %53 %54 %00"; - unsigned char *decoded; - size_t length; - - decoded = p11_url_decode (input, input + strlen (input), P11_URL_WHITESPACE, &length); - assert_str_eq ("TEST", (char *)decoded); - assert_num_eq (5, length); - - free (decoded); -} - -static void -test_decode_failure (void) -{ - /* Early termination */ - check_decode_failure ("%54%45%53%5", -1); - check_decode_failure ("%54%45%53%", -1); - - /* Not hex characters */ - check_decode_failure ("%54%XX%53%54%00", -1); -} - -static void -test_encode (void) -{ - const unsigned char *input = (unsigned char *)"TEST"; - p11_buffer buf; - - if (!p11_buffer_init_null (&buf, 5)) - assert_not_reached (); - - p11_url_encode (input, input + 5, "", &buf); - assert (p11_buffer_ok (&buf)); - assert_str_eq ("%54%45%53%54%00", (char *)buf.data); - assert_num_eq (15, buf.len); - - p11_buffer_uninit (&buf); -} - -static void -test_encode_verbatim (void) -{ - const unsigned char *input = (unsigned char *)"TEST"; - p11_buffer buf; - - if (!p11_buffer_init_null (&buf, 5)) - assert_not_reached (); - - p11_url_encode (input, input + 5, "ES", &buf); - assert (p11_buffer_ok (&buf)); - assert_str_eq ("%54ES%54%00", (char *)buf.data); - assert_num_eq (11, buf.len); - - p11_buffer_uninit (&buf); -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_decode_success, "/url/decode-success"); - p11_test (test_decode_skip, "/url/decode-skip"); - p11_test (test_decode_failure, "/url/decode-failure"); - - p11_test (test_encode, "/url/encode"); - p11_test (test_encode_verbatim, "/url/encode-verbatim"); - return p11_test_run (argc, argv); -} diff --git a/common/test.c b/common/test.c deleted file mode 100644 index 9605d03..0000000 --- a/common/test.c +++ /dev/null @@ -1,548 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#define P11_TEST_SOURCE 1 - -#include "compat.h" -#include "test.h" -#include "debug.h" -#include "path.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#ifdef OS_UNIX -#include -#include -#endif - -enum { - FIXTURE, - TEST, -}; - -typedef void (*func_with_arg) (void *); - -typedef struct _test_item { - int type; - - union { - struct { - char name[1024]; - func_with_arg func; - void *argument; - int failed; - } test; - struct { - func_with_arg setup; - func_with_arg teardown; - } fix; - } x; - - struct _test_item *next; -} test_item; - -struct { - test_item *suite; - test_item *last; - int number; - jmp_buf jump; -} gl = { NULL, NULL, 0, }; - -void -p11_test_fail (const char *filename, - int line, - const char *function, - const char *message, - ...) -{ - const char *pos; - char *output; - char *from; - char *next; - va_list va; - - assert (gl.last != NULL); - assert (gl.last->type == TEST); - gl.last->x.test.failed = 1; - - printf ("not ok %d %s\n", gl.number, gl.last->x.test.name); - - va_start (va, message); - if (vasprintf (&output, message, va) < 0) - assert (0 && "vasprintf() failed"); - va_end (va); - - for (from = output; from != NULL; ) { - next = strchr (from, '\n'); - if (next) { - next[0] = '\0'; - next += 1; - } - - printf ("# %s\n", from); - from = next; - } - - pos = strrchr (filename, '/'); - if (pos != NULL && pos[1] != '\0') - filename = pos + 1; - - printf ("# in %s() at %s:%d\n", function, filename, line); - - free (output); - - /* Let coverity know we're not supposed to return from here */ -#ifdef __COVERITY__ - abort(); -#endif - - longjmp (gl.jump, 1); -} - -static void -test_push (test_item *it) -{ - test_item *item; - - item = calloc (1, sizeof (test_item)); - assert (item != NULL); - memcpy (item, it, sizeof (test_item)); - - if (!gl.suite) - gl.suite = item; - if (gl.last) - gl.last->next = item; - gl.last = item; -} - -void -p11_test (void (* function) (void), - const char *name, - ...) -{ - test_item item = { TEST, }; - va_list va; - - item.x.test.func = (func_with_arg)function; - - va_start (va, name); - vsnprintf (item.x.test.name, sizeof (item.x.test.name), name, va); - va_end (va); - - test_push (&item); -} - -void -p11_testx (void (* function) (void *), - void *argument, - const char *name, - ...) -{ - test_item item = { TEST, }; - va_list va; - - item.type = TEST; - item.x.test.func = function; - item.x.test.argument = argument; - - va_start (va, name); - vsnprintf (item.x.test.name, sizeof (item.x.test.name), name, va); - va_end (va); - - test_push (&item); -} - -void -p11_fixture (void (* setup) (void *), - void (* teardown) (void *)) -{ - test_item item; - - item.type = FIXTURE; - item.x.fix.setup = setup; - item.x.fix.teardown = teardown; - - test_push (&item); -} - -static int -should_run_test (int argc, - char **argv, - test_item *item) -{ - int i; - if (argc == 0) - return 1; - for (i = 0; i < argc; i++) { - if (strcmp (argv[i], item->x.test.name) == 0) - return 1; - } - - return 0; -} - -int -p11_test_run (int argc, - char **argv) -{ - test_item *fixture = NULL; - test_item *item; - test_item *next; - int count; - int ret = 0; - int setup; - int opt; - - /* p11-kit specific stuff */ - putenv ("P11_KIT_STRICT=1"); - p11_debug_init (); - - while ((opt = getopt (argc, argv, "")) != -1) { - switch (opt) { - default: - fprintf (stderr, "specify only test names on the command line\n"); - return 2; - } - } - - argc -= optind; - argv += optind; - - assert (gl.number == 0); - gl.last = NULL; - - for (item = gl.suite, count = 0; item != NULL; item = item->next) { - if (item->type == TEST && should_run_test (argc, argv, item)) - count++; - } - - if (count == 0) { - printf ("1..0 # No tests\n"); - return 0; - } - - printf ("1..%d\n", count); - - for (item = gl.suite, gl.number = 0; item != NULL; item = item->next) { - if (item->type == FIXTURE) { - fixture = item; - continue; - } - - assert (item->type == TEST); - - if (!should_run_test (argc, argv, item)) - continue; - - gl.last = item; - gl.number++; - setup = 0; - - if (setjmp (gl.jump) == 0) { - if (fixture && fixture->x.fix.setup) - (fixture->x.fix.setup) (item->x.test.argument); - - setup = 1; - - assert (item->x.test.func); - (item->x.test.func)(item->x.test.argument); - - printf ("ok %d %s\n", gl.number, item->x.test.name); - } - - if (setup) { - if (setjmp (gl.jump) == 0) { - if (fixture && fixture->x.fix.teardown) - (fixture->x.fix.teardown) (item->x.test.argument); - } - } - - gl.last = NULL; - } - - for (item = gl.suite; item != NULL; item = next) { - if (item->type == TEST) { - if (item->x.test.failed) - ret++; - } - - next = item->next; - free (item); - } - - gl.suite = NULL; - gl.last = 0; - gl.number = 0; - return ret; -} - -static char * -expand_tempdir (const char *name) -{ - const char *env; - - env = secure_getenv ("TMPDIR"); - if (env && env[0]) { - return p11_path_build (env, name, NULL); - - } else { -#ifdef OS_UNIX -#ifdef _PATH_TMP - return p11_path_build (_PATH_TMP, name, NULL); -#else - return p11_path_build ("/tmp", name, NULL); -#endif - -#else /* OS_WIN32 */ - char directory[MAX_PATH + 1]; - - if (!GetTempPathA (MAX_PATH + 1, directory)) { - printf ("# couldn't lookup temp directory\n"); - errno = ENOTDIR; - return NULL; - } - - return p11_path_build (directory, name, NULL); - -#endif /* OS_WIN32 */ - } -} - -char * -p11_test_directory (const char *prefix) -{ - char *templ; - char *directory; - - if (asprintf (&templ, "%s.XXXXXX", prefix) < 0) - assert_not_reached (); - - directory = expand_tempdir (templ); - assert (directory != NULL); - - if (!mkdtemp (directory)) { - printf ("# couldn't create temp directory: %s: %s\n", - directory, strerror (errno)); - free (directory); - assert_not_reached (); - } - - free (templ); - return directory; -} - -void -p11_test_file_write (const char *base, - const char *name, - const void *contents, - size_t length) -{ - char *path = NULL; - FILE *f; - - if (base) { - if (asprintf (&path, "%s/%s", base, name) < 0) - assert_not_reached (); - name = path; - } - - f = fopen (name, "wb"); - if (f == NULL) { - printf ("# couldn't open file for writing: %s: %s\n", name, strerror (errno)); - free (path); - assert_not_reached (); - } - - if (fwrite (contents, 1, length, f) != length || - fclose (f) != 0) { - printf ("# couldn't write to file: %s: %s\n", name, strerror (errno)); - free (path); - assert_not_reached (); - } - - free (path); -} - -void -p11_test_file_delete (const char *base, - const char *name) -{ - char *path = NULL; - - if (base) { - if (asprintf (&path, "%s/%s", base, name) < 0) - assert_not_reached (); - name = path; - } - - if (unlink (name) < 0) { - printf ("# Couldn't delete file: %s\n", name); - free (path); - assert_not_reached (); - } - - free (path); -} - -void -p11_test_directory_delete (const char *directory) -{ - struct dirent *dp; - DIR *dir; - - dir = opendir (directory); - if (dir == NULL) { - printf ("# Couldn't open directory: %s\n", directory); - assert_not_reached (); - } - - while ((dp = readdir (dir)) != NULL) { - if (strcmp (dp->d_name, ".") == 0 || - strcmp (dp->d_name, "..") == 0) - continue; - - p11_test_file_delete (directory, dp->d_name); - } - - closedir (dir); - - if (rmdir (directory) < 0) { - printf ("# Couldn't remove directory: %s\n", directory); - assert_not_reached (); - } -} - - -#ifdef OS_UNIX - -static void -copy_file (const char *input, - int fd) -{ - p11_mmap *mmap; - const char *data; - ssize_t written; - size_t size; - - mmap = p11_mmap_open (input, NULL, (void **)&data, &size); - assert (mmap != NULL); - - while (size > 0) { - written = write (fd, data, size); - assert (written >= 0); - - data += written; - size -= written; - } - - p11_mmap_close (mmap); -} - -char * -p11_test_copy_setgid (const char *input) -{ - gid_t groups[128]; - char *path; - gid_t group = 0; - int ret; - int fd; - int i; - - ret = getgroups (128, groups); - for (i = 0; i < ret; ++i) { - if (groups[i] != getgid ()) { - group = groups[i]; - break; - } - } - if (i == ret) { - fprintf (stderr, "# no suitable group, skipping test\n"); - return NULL; - } - - path = strdup ("/tmp/test-setgid.XXXXXX"); - assert (path != NULL); - - fd = mkstemp (path); - assert (fd >= 0); - - copy_file (input, fd); - if (fchown (fd, getuid (), group) < 0) - assert_not_reached (); - if (fchmod (fd, 02750) < 0) - assert_not_reached (); - if (close (fd) < 0) - assert_not_reached (); - - return path; -} - -int -p11_test_run_child (const char **argv, - bool quiet_out) -{ - pid_t child; - int status; - - child = fork (); - assert (child >= 0); - - /* In the child process? */ - if (child == 0) { - if (quiet_out) - close (1); /* stdout */ - execv (argv[0], (char **)argv); - assert_not_reached (); - } - - if (waitpid (child, &status, 0) < 0) - assert_not_reached (); - - assert (!WIFSIGNALED (status)); - assert (WIFEXITED (status)); - - return WEXITSTATUS (status); -} - -#endif /* OS_UNIX */ diff --git a/common/test.h b/common/test.h deleted file mode 100644 index e28bb55..0000000 --- a/common/test.h +++ /dev/null @@ -1,152 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "compat.h" - -#ifndef P11_TEST_H_ -#define P11_TEST_H_ - -#ifndef P11_TEST_SOURCE - -#include - -#ifdef assert_not_reached -#undef assert_not_reached -#endif - -#ifdef assert -#undef assert -#endif - -#define assert(expr) \ - assert_true(expr) -#define assert_true(expr) \ - do { if (expr) ; else \ - p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "assertion failed (%s)", #expr); \ - } while (0) -#define assert_false(expr) \ - do { if (expr) \ - p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "assertion failed (!(%s))", #expr); \ - } while (0) -#define assert_fail(msg, detail) \ - do { const char *__s = (detail); \ - p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "%s%s%s", (msg), __s ? ": ": "", __s ? __s : ""); \ - } while (0) -#define assert_not_reached(msg) \ - do { \ - p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "code should not be reached"); \ - } while (0) -#define assert_ptr_not_null(ptr) \ - do { if ((ptr) != NULL) ; else \ - p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "assertion failed (%s != NULL)", #ptr); \ - } while (0) -#define assert_num_cmp(a1, cmp, a2) \ - do { unsigned long __n1 = (a1); \ - unsigned long __n2 = (a2); \ - if (__n1 cmp __n2) ; else \ - p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "assertion failed (%s %s %s): (%lu %s %lu)", \ - #a1, #cmp, #a2, __n1, #cmp, __n2); \ - } while (0) -#define assert_num_eq(a1, a2) \ - assert_num_cmp(a1, ==, a2) -#define assert_str_cmp(a1, cmp, a2) \ - do { const char *__s1 = (a1); \ - const char *__s2 = (a2); \ - if (__s1 && __s2 && strcmp (__s1, __s2) cmp 0) ; else \ - p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "assertion failed (%s %s %s): (%s %s %s)", \ - #a1, #cmp, #a2, __s1 ? __s1 : "(null)", #cmp, __s2 ? __s2 : "(null)"); \ - } while (0) -#define assert_str_eq(a1, a2) \ - assert_str_cmp(a1, ==, a2) -#define assert_ptr_eq(a1, a2) \ - do { const void *__p1 = (a1); \ - const void *__p2 = (a2); \ - if (__p1 == __p2) ; else \ - p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "assertion failed (%s == %s): (0x%08lx == 0x%08lx)", \ - #a1, #a2, (unsigned long)(size_t)__p1, (unsigned long)(size_t)__p2); \ - } while (0) - -#define assert_str_contains(expr, needle) \ - do { const char *__str = (expr); \ - if (__str && strstr (__str, needle)) ; else \ - p1_test_fail (__FILE__, __LINE__, __FUNCTION__, "assertion failed (%s): '%s' does not contain '%s'", \ - #expr, __str, needle); \ - } while (0) - -#endif /* !P11_TEST_SOURCE */ - - -void p11_test_fail (const char *filename, - int line, - const char *function, - const char *message, - ...) GNUC_PRINTF(4, 5) CLANG_ANALYZER_NORETURN; - -void p11_test (void (* function) (void), - const char *name, - ...) GNUC_PRINTF(2, 3); - -void p11_testx (void (* function) (void *), - void *argument, - const char *name, - ...) GNUC_PRINTF(3, 4); - -void p11_fixture (void (* setup) (void *), - void (* teardown) (void *)); - -int p11_test_run (int argc, - char **argv); - -char * p11_test_directory (const char *prefix); - -void p11_test_directory_delete (const char *directory); - -void p11_test_file_write (const char *directory, - const char *name, - const void *contents, - size_t length); - -void p11_test_file_delete (const char *directory, - const char *name); - -#ifdef OS_UNIX - -char * p11_test_copy_setgid (const char *path); - -int p11_test_run_child (const char **argv, - bool quiet_out); - -#endif - -#endif /* P11_TEST_H_ */ diff --git a/common/tool.c b/common/tool.c deleted file mode 100644 index cca18a2..0000000 --- a/common/tool.c +++ /dev/null @@ -1,333 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "buffer.h" -#include "compat.h" -#include "debug.h" -#include "message.h" -#include "path.h" - -#include -#include -#include -#include -#include -#include -#include - -#include "tool.h" - -static char -short_option (int opt) -{ - if (isalpha (opt) || isdigit (opt)) - return (char)opt; - return 0; -} - -static const struct option * -find_option (const struct option *longopts, - int opt) -{ - int i; - - for (i = 0; longopts[i].name != NULL; i++) { - if (longopts[i].val == opt) - return longopts + i; - } - - return NULL; -} - -void -p11_tool_usage (const p11_tool_desc *usages, - const struct option *longopts) -{ - const struct option *longopt; - const int indent = 22; - const char *long_name; - const char *description; - const char *next; - char short_name; - int spaces; - int len; - int i; - - for (i = 0; usages[i].text != NULL; i++) { - - /* If no option, then this is a heading */ - if (!usages[i].option) { - printf ("%s\n\n", usages[i].text); - continue; - } - - longopt = find_option (longopts, usages[i].option); - long_name = longopt ? longopt->name : NULL; - short_name = short_option (usages[i].option); - description = usages[i].text; - - if (short_name && long_name) - len = printf (" -%c, --%s", (int)short_name, long_name); - else if (long_name) - len = printf (" --%s", long_name); - else - len = printf (" -%c", (int)short_name); - if (longopt && longopt->has_arg) - len += printf ("%s<%s>", - long_name ? "=" : " ", - usages[i].arg ? usages[i].arg : "..."); - if (len < indent) { - spaces = indent - len; - } else { - printf ("\n"); - spaces = indent; - } - while (description) { - while (spaces-- > 0) - fputc (' ', stdout); - next = strchr (description, '\n'); - if (next) { - next += 1; - printf ("%.*s", (int)(next - description), description); - description = next; - spaces = indent; - } else { - printf ("%s\n", description); - break; - } - } - - } -} - -int -p11_tool_getopt (int argc, - char *argv[], - const struct option *longopts) -{ - p11_buffer buf; - int ret; - char opt; - int i; - - if (!p11_buffer_init_null (&buf, 64)) - return_val_if_reached (-1); - - for (i = 0; longopts[i].name != NULL; i++) { - opt = short_option (longopts[i].val); - if (opt != 0) { - p11_buffer_add (&buf, &opt, 1); - assert (longopts[i].has_arg != optional_argument); - if (longopts[i].has_arg == required_argument) - p11_buffer_add (&buf, ":", 1); - } - } - - ret = getopt_long (argc, argv, buf.data, longopts, NULL); - - p11_buffer_uninit (&buf); - - return ret; -} - -static void -command_usage (const p11_tool_command *commands) -{ - const char *progname; - int i; - - progname = getprogname (); - printf ("usage: %s command ...\n", progname); - printf ("\nCommon %s commands are:\n", progname); - for (i = 0; commands[i].name != NULL; i++) { - if (strcmp (commands[i].name, P11_TOOL_FALLBACK) != 0) - printf (" %-15s %s\n", commands[i].name, commands[i].text); - } - printf ("\nSee '%s --help' for more information\n", progname); -} - -static void -verbose_arg (void) -{ - putenv ("P11_KIT_DEBUG=tool"); - p11_message_loud (); - p11_debug_init (); -} - -static void -quiet_arg (void) -{ - putenv ("P11_KIT_DEBUG="); - p11_message_quiet (); - p11_debug_init (); -} - -int -p11_tool_main (int argc, - char *argv[], - const p11_tool_command *commands) -{ - const p11_tool_command *fallback = NULL; - char *command = NULL; - bool want_help = false; - bool skip; - int in, out; - int i; - - /* - * Parse the global options. We rearrange the options as - * necessary, in order to pass relevant options through - * to the commands, but also have them take effect globally. - */ - - for (in = 1, out = 1; in < argc; in++, out++) { - - /* The non-option is the command, take it out of the arguments */ - if (argv[in][0] != '-') { - if (!command) { - skip = true; - command = argv[in]; - } else { - skip = false; - } - - /* The global long options */ - } else if (argv[in][1] == '-') { - skip = false; - - if (strcmp (argv[in], "--") == 0) { - if (!command) { - p11_message ("no command specified"); - return 2; - } else { - break; - } - - } else if (strcmp (argv[in], "--verbose") == 0) { - verbose_arg (); - - } else if (strcmp (argv[in], "--quiet") == 0) { - quiet_arg (); - - } else if (strcmp (argv[in], "--help") == 0) { - want_help = true; - - } else if (!command) { - p11_message ("unknown global option: %s", argv[in]); - return 2; - } - - /* The global short options */ - } else { - skip = false; - - for (i = 1; argv[in][i] != '\0'; i++) { - switch (argv[in][i]) { - case 'h': - want_help = true; - break; - - /* Compatibility option */ - case 'l': - command = "list-modules"; - break; - - case 'v': - verbose_arg (); - break; - - case 'q': - quiet_arg (); - break; - - default: - if (!command) { - p11_message ("unknown global option: -%c", (int)argv[in][i]); - return 2; - } - break; - } - } - } - - /* Skipping this argument? */ - if (skip) - out--; - else - argv[out] = argv[in]; - } - - /* Initialize tool's debugging after setting env vars above */ - p11_debug_init (); - - if (command == NULL) { - /* As a special favor if someone just typed the command, help them out */ - if (argc == 1) { - command_usage (commands); - return 2; - } else if (want_help) { - command_usage (commands); - return 0; - } else { - p11_message ("no command specified"); - return 2; - } - } - - argc = out; - - /* Look for the command */ - for (i = 0; commands[i].name != NULL; i++) { - if (strcmp (commands[i].name, P11_TOOL_FALLBACK) == 0) { - fallback = commands + i; - - } else if (strcmp (commands[i].name, command) == 0) { - argv[0] = command; - return (commands[i].function) (argc, argv); - } - } - - /* Got here because no command matched */ - if (fallback != NULL) { - argv[0] = command; - return (fallback->function) (argc, argv); - } - - /* At this point we have no command */ - p11_message ("'%s' is not a valid command. See '%s --help'", - command, getprogname ()); - return 2; -} diff --git a/common/tool.h b/common/tool.h deleted file mode 100644 index 16785da..0000000 --- a/common/tool.h +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef P11_TOOL_H_ -#define P11_TOOL_H_ - -#include - -#define P11_TOOL_FALLBACK "" - -typedef struct { - const char *name; - int (*function) (int, char*[]); - const char *text; -} p11_tool_command; - -typedef struct { - int option; - const char *text; - const char *arg; -} p11_tool_desc; - -int p11_tool_main (int argc, - char *argv[], - const p11_tool_command *commands); - -int p11_tool_getopt (int argc, - char *argv[], - const struct option *longopts); - -void p11_tool_usage (const p11_tool_desc *usages, - const struct option *longopts); - -#endif /* P11_TOOL_H_ */ diff --git a/common/url.c b/common/url.c deleted file mode 100644 index 4b7e47b..0000000 --- a/common/url.c +++ /dev/null @@ -1,133 +0,0 @@ -/* - * Copyright (C) 2011 Collabora Ltd. - * Copyright (C) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "debug.h" -#include "url.h" - -#include -#include -#include -#include -#include - -const static char HEX_CHARS[] = "0123456789abcdef"; - -unsigned char * -p11_url_decode (const char *value, - const char *end, - const char *skip, - size_t *length) -{ - char *a, *b; - unsigned char *result, *p; - - assert (value <= end); - assert (skip != NULL); - - /* String can only get shorter */ - result = malloc ((end - value) + 1); - return_val_if_fail (result != NULL, NULL); - - /* Now loop through looking for escapes */ - p = result; - while (value != end) { - /* - * A percent sign followed by two hex digits means - * that the digits represent an escaped character. - */ - if (*value == '%') { - value++; - if (value + 2 > end) { - free (result); - return NULL; - } - a = strchr (HEX_CHARS, tolower (value[0])); - b = strchr (HEX_CHARS, tolower (value[1])); - if (!a || !b) { - free (result); - return NULL; - } - *p = (a - HEX_CHARS) << 4; - *(p++) |= (b - HEX_CHARS); - value += 2; - - /* Ignore whitespace characters */ - } else if (strchr (skip, *value)) { - value++; - - /* A different character */ - } else { - *(p++) = *(value++); - } - } - - /* Null terminate string, in case its a string */ - *p = 0; - - if (length) - *length = p - result; - return result; -} - -void -p11_url_encode (const unsigned char *value, - const unsigned char *end, - const char *verbatim, - p11_buffer *buf) -{ - char hex[3]; - - assert (value <= end); - - /* Now loop through looking for escapes */ - while (value != end) { - - /* These characters we let through verbatim */ - if (*value && strchr (verbatim, *value) != NULL) { - p11_buffer_add (buf, value, 1); - - /* All others get encoded */ - } else { - hex[0] = '%'; - hex[1] = HEX_CHARS[((unsigned char)*value) >> 4]; - hex[2] = HEX_CHARS[((unsigned char)*value) & 0x0F]; - p11_buffer_add (buf, hex, 3); - } - - ++value; - } -} diff --git a/common/url.h b/common/url.h deleted file mode 100644 index 3c9cfb4..0000000 --- a/common/url.h +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright (c) 2011 Collabora Ltd. - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef P11_URL_H -#define P11_URL_H - -#include "buffer.h" -#include "compat.h" - -#include - -#define P11_URL_WHITESPACE " \n\r\v" - -#define P11_URL_VERBATIM "abcdefghijklmnopqrstuvwxyz" \ - "ABCDEFGHIJKLMNOPQRSTUVWXYZ" \ - "0123456789_-." - -unsigned char * p11_url_decode (const char *value, - const char *end, - const char *skip, - size_t *length); - -void p11_url_encode (const unsigned char *value, - const unsigned char *end, - const char *verbatim, - p11_buffer *buf); - -#endif /* P11_URL_H */ diff --git a/configure.ac b/configure.ac deleted file mode 100644 index 64f0b5a..0000000 --- a/configure.ac +++ /dev/null @@ -1,539 +0,0 @@ -AC_PREREQ(2.61) - -AC_INIT([p11-kit], - [0.23.2], - [https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue], - [p11-kit], - [http://p11-glue.freedesktop.org/p11-kit.html]) - -# ------------------------------------------------------------------------------ -# p11-kit libtool versioning -# CURRENT : REVISION : AGE -# +1 : 0 : +1 == new interface that does not break old one. -# +1 : 0 : 0 == removed an interface. Breaks old apps. -# ? : +1 : ? == internal changes that doesn't break anything. - -P11KIT_CURRENT=1 -P11KIT_REVISION=0 -P11KIT_AGE=1 - -# ------------------------------------------------------------------------------ - -AC_CONFIG_HEADERS([config.h]) -AC_CONFIG_MACRO_DIR([build/m4]) -AC_CONFIG_AUX_DIR([build/litter]) -AM_INIT_AUTOMAKE([1.12 foreign serial-tests subdir-objects]) -AM_SANITY_CHECK -AM_MAINTAINER_MODE([enable]) -m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])],) - -LT_PREREQ([2.2.6]) -LT_INIT([dlopen disable-static]) - -dnl Checks for programs. -AC_PROG_CC -AC_PROG_CPP -AM_PROG_CC_C_O -PKG_PROG_PKG_CONFIG - -LINGUAS="" -AM_GNU_GETTEXT([external], [need-ngettext]) - -if test "$enable_static" = "yes"; then - AC_MSG_ERROR([p11-kit cannot be used as a static library]) -fi - -AC_MSG_CHECKING([for win32]) -case "$host" in - *-*-mingw*) - AC_DEFINE_UNQUOTED(OS_WIN32, 1, [Building for win32]) - os_win32=yes - os_unix=no - ;; - *) - AC_DEFINE_UNQUOTED(OS_UNIX, 1, [Building for unix]) - os_win32=no - os_unix=yes - ;; -esac -AC_MSG_RESULT([$os_win32]) -AM_CONDITIONAL(OS_WIN32, test "$os_win32" = "yes") - -AC_C_BIGENDIAN - -# ------------------------------------------------------------------------------ -# Checks for libraries and headers - -AC_HEADER_STDBOOL - -if test "$os_unix" = "yes"; then - AC_CHECK_FUNC([pthread_create], , [ - AC_CHECK_LIB(pthread, pthread_create, , [ - AC_MSG_ERROR([could not find pthread_create]) - ]) - ]) - - AC_CHECK_FUNC([nanosleep], , [ - AC_SEARCH_LIBS([nanosleep], [rt], , [ - AC_MSG_ERROR([could not find nanosleep]) - ]) - ]) - - AC_SEARCH_LIBS([dlopen], [dl dld], [], [ - AC_MSG_ERROR([could not find dlopen]) - ]) - - # These are thngs we can work around - AC_CHECK_HEADERS([sys/resource.h]) - AC_CHECK_MEMBERS([struct dirent.d_type],,,[#include ]) - AC_CHECK_FUNCS([getprogname getexecname basename mkstemp mkdtemp]) - AC_CHECK_FUNCS([getauxval issetugid getresuid secure_getenv]) - AC_CHECK_FUNCS([strnstr memdup strndup strerror_r]) - AC_CHECK_FUNCS([asprintf vasprintf vsnprintf]) - AC_CHECK_FUNCS([fdwalk]) - AC_CHECK_FUNCS([setenv]) - - AC_CHECK_DECLS([asprintf, vasprintf], [], [], [[#include ]]) - - # Required functions - AC_CHECK_FUNCS([gmtime_r], - [AC_DEFINE([HAVE_GMTIME_R], 1, [Whether gmtime_r() is available])], - [AC_MSG_ERROR([could not find required gmtime_r() function])]) - - # Check if these are declared and/or available to link against - AC_CHECK_DECLS([program_invocation_short_name]) - AC_MSG_CHECKING([whether program_invocation_short_name is available]) - AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], - [[program_invocation_short_name = "test";]])], - [AC_DEFINE([HAVE_PROGRAM_INVOCATION_SHORT_NAME], [1], - [Whether program_invocation_short_name available]) - AC_MSG_RESULT([yes])], - [AC_MSG_RESULT([no])]) - AC_CHECK_DECLS([__progname]) - AC_LINK_IFELSE([AC_LANG_PROGRAM([[extern char *__progname;]], [[__progname=(char*)0;]])], - [AC_DEFINE(HAVE___PROGNAME, [1], [Whether __progname available])]) - AC_LINK_IFELSE([AC_LANG_PROGRAM([[extern int __libc_enable_secure;]], [[__libc_enable_secure = 0;]])], - [AC_DEFINE(HAVE___LIBC_ENABLE_SECURE, [1], [Whether __libc_enable_secure available])]) -fi - -AC_CHECK_LIB(intl, dgettext) - -# ------------------------------------------------------------------------------ -# PKCS#11 Directories - -AC_ARG_WITH([module-config], - [AS_HELP_STRING([--with-module-config], [Module configuration files shipped by packages])], - [module_config=$withval], - [module_config='${pkgdatadir}/modules']) - -AC_ARG_WITH([system-config], - [AS_HELP_STRING([--with-system-config], [Change PKCS#11 system config directory])], - [system_config_dir=$withval], - [system_config_dir=$sysconfdir/pkcs11]) - -AC_ARG_WITH([user-config], - [AS_HELP_STRING([--with-system-config], [Change PKCS#11 user config directory])], - [user_config_dir=$withval], - [user_config_dir="~/.config/pkcs11"]) - -AC_ARG_WITH([module-path], - [AS_HELP_STRING([--with-module-path], [Load modules with relative path names from here])], - [module_path=$withval], - [module_path=$libdir/pkcs11]) - -# We expand these so we have concrete paths -p11_system_config=$system_config_dir -p11_system_config_file=$p11_system_config/pkcs11.conf -p11_system_config_modules=$p11_system_config/modules -p11_package_config_modules=$module_config -p11_user_config=$user_config_dir -p11_user_config_file="$p11_user_config/pkcs11.conf" -p11_user_config_modules="$p11_user_config/modules" -p11_module_path="$module_path" - -AC_SUBST(p11_system_config) -AC_SUBST(p11_system_config_file) -AC_SUBST(p11_system_config_modules) -AC_SUBST(p11_package_config_modules) -AC_SUBST(p11_user_config) -AC_SUBST(p11_user_config_file) -AC_SUBST(p11_user_config_modules) -AC_SUBST(p11_module_path) - -# -------------------------------------------------------------------- -# libtasn1 support - -AC_ARG_WITH([libtasn1], - AS_HELP_STRING([--without-libtasn1], - [Disable dependency on libtasn1]) -) - -AS_IF([test "$with_libtasn1" != "no"], [ - PKG_CHECK_MODULES([LIBTASN1], [libtasn1 >= 2.3], [], - [AC_MSG_ERROR([libtasn1 not found. Building without it results in significant loss of functionality. To proceed use --without-libtasn1])] - ) - AC_SUBST(LIBTASN1_CFLAGS) - AC_SUBST(LIBTASN1_LIBS) - with_libtasn1="yes" - AC_DEFINE_UNQUOTED(WITH_ASN1, 1, [Build with libtasn1 and certificate support]) -]) - -AM_CONDITIONAL(WITH_ASN1, test "$with_libtasn1" = "yes") - -# -------------------------------------------------------------------- -# libffi - -AC_ARG_WITH([libffi], - AS_HELP_STRING([--without-libffi], - [Don't use libffi for building closures])) - -if test "$with_libffi" != "no"; then - PKG_CHECK_MODULES(LIBFFI, [libffi >= 3.0.0]) - AC_DEFINE_UNQUOTED(WITH_FFI, 1, [Use libffi for building closures]) - AC_SUBST(LIBFFI_CFLAGS) - AC_SUBST(LIBFFI_LIBS) - - SAVE_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $LIBFFI_CFLAGS" - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include ], - [ #if FFI_CLOSURES - #else - #error no closures - #endif - ])], - [], [AC_MSG_ERROR([the libffi on this system has no support for closures.])]) - CFLAGS="$SAVE_CFLAGS" - - with_libffi="yes" -fi - -AM_CONDITIONAL(WITH_FFI, test "$with_libffi" = "yes") - -# -------------------------------------------------------------------- -# Hash implementation - -AC_ARG_WITH([hash-impl], - AS_HELP_STRING([--with-hash-impl=@<:@freebl/internal@:>@], - [Choose the hash implementation to use]) -) - -AS_IF([test "$with_hash_impl" = ""], [with_hash_impl=internal]) - -AS_CASE([$with_hash_impl], - [freebl], [ - AC_CHECK_LIB(freebl3, NSSLOW_Init, - [ - HASH_LIBS=-lfreebl3 - AC_DEFINE_UNQUOTED(WITH_FREEBL, 1, [Use freebl for hash implementation]) - ], - AC_MSG_ERROR([could not find the freebl3 library]) - ) - ], - - [internal], [ - HASH_LIBS= - ], - - [ - AC_MSG_ERROR([unsupported hash impl: $with_hash_impl]) - ] -) - -AC_SUBST(HASH_LIBS) - -# -------------------------------------------------------------------- -# Trust Module - -AC_ARG_ENABLE([trust-module], - AS_HELP_STRING([--disable-trust-module], - [Disable building the trust module]) -) - -AC_MSG_CHECKING([if trust module is enabled]) -AS_IF([test "$with_libtasn1" != "yes"], [ - AS_IF([test "$enable_trust_module" = "yes"], [ - AC_MSG_ERROR([--with-libtasn1 is needed in order to build the trust module]) - ]) - AS_IF([test "$enable_trust_module" != "no"], [ - AC_MSG_WARN([--with-libtasn1 is needed in order to build the trust module, disabling]) - ]) - enable_trust_module="no" -]) - -AS_IF([test "$enable_trust_module" != "no"], [enable_trust_module="yes"]) -AM_CONDITIONAL(WITH_TRUST_MODULE, test "$enable_trust_module" = "yes") -AC_MSG_RESULT([$enable_trust_module]) - -AC_ARG_WITH([trust-paths], - AS_HELP_STRING([--with-trust-paths=@<:@path@:>@]: - [input paths for trust module]) -) - -AC_MSG_CHECKING([for trust module paths]) - -# This option was disabled, no anchors -if test "$with_trust_paths" = "no"; then - with_trust_paths="" - AC_MSG_RESULT([disabled]) - -elif test "$enable_trust_module" != "yes"; then - if test "$with_trust_paths" != ""; then - AC_MSG_ERROR([need --enable-trust-module in order to specify trust module paths.]) - fi - with_trust_paths="" - AC_MSG_RESULT([disabled]) - -# Option was not set, try to detect -elif test "$with_trust_paths" = "" -o "$with_trust_paths" = "yes"; then - with_trust_paths="" - for f in /etc/pki/tls/certs/ca-bundle.crt \ - /etc/ssl/certs/ca-certificates.crt \ - /etc/ssl/ca-bundle.pem \ - /etc/ssl/ca-bundle.crt; do - if test -f "$f"; then - with_trust_paths="$f" - break - fi - done - - if test "$with_trust_paths" = ""; then - AC_MSG_ERROR([could not find. Use --with-trust-paths=/path to set, or --without-trust-paths to disable]) - fi - - AC_MSG_RESULT($with_trust_paths) - -else - # Anchors explicitly set - AC_MSG_RESULT($with_trust_paths) -fi - -AC_DEFINE_UNQUOTED(TRUST_PATHS, ["$with_trust_paths"], [The trust module input paths]) -AC_SUBST(with_trust_paths) - -# -------------------------------------------------------------------- -# GTK Doc - -dnl check for tools -AC_PATH_PROG([GTKDOC_CHECK],[gtkdoc-check]) -AC_PATH_PROGS([GTKDOC_REBASE],[gtkdoc-rebase],[true]) -AC_PATH_PROG([GTKDOC_MKPDF],[gtkdoc-mkpdf]) -AC_PATH_PROG([GTKDOC_SCAN],[gtkdoc-scan]) -AC_PATH_PROG([XSLTPROC], [xsltproc]) - -dnl for overriding the documentation installation directory -AC_ARG_WITH([html-dir], - AS_HELP_STRING([--with-html-dir=PATH], [path to installed docs]),, - [with_html_dir='${datadir}/gtk-doc/html']) -HTML_DIR="$with_html_dir" -AC_SUBST([HTML_DIR]) - -dnl enable/disable documentation building -AC_ARG_ENABLE([doc], - AS_HELP_STRING([--enable-doc], - [build documentation using gtk-doc [[default=no]]]),, - [enable_doc=no]) - -if test x$enable_doc = xyes; then - if test -z "$GTKDOC_SCAN"; then - AC_MSG_ERROR([gtk-doc not installed and --enable-doc requested]) - fi - if test -z "$XSLTPROC"; then - AC_MSG_ERROR([the xsltproc command was not found and --enable-doc requested]) - fi - doc_status="yes (manual, reference)" -else - enable_doc=no - doc_status="no (no manual or reference)" -fi - -AC_MSG_CHECKING([whether to build documentation]) -AC_MSG_RESULT($enable_doc) - -dnl enable/disable output formats -AC_ARG_ENABLE([doc-html], - AS_HELP_STRING([--enable-doc-html], - [build documentation in html format [[default=yes]]]),, - [enable_doc_html=yes]) -AC_ARG_ENABLE([doc-pdf], - AS_HELP_STRING([--enable-doc-pdf], - [build documentation in pdf format [[default=no]]]),, - [enable_doc_pdf=no]) - -if test -z "$GTKDOC_MKPDF"; then - enable_doc_pdf=no -fi - -AM_CONDITIONAL(ENABLE_GTK_DOC, [test x$enable_doc = xyes]) -AM_CONDITIONAL(GTK_DOC_BUILD_HTML, [test x$enable_doc_html = xyes]) -AM_CONDITIONAL(GTK_DOC_BUILD_PDF, [test x$enable_doc_pdf = xyes]) -AM_CONDITIONAL(GTK_DOC_USE_LIBTOOL, [test -n "$LIBTOOL"]) -AM_CONDITIONAL(GTK_DOC_USE_REBASE, [test -n "$GTKDOC_REBASE"]) - -# -------------------------------------------------------------------- -# Compilation and linking options - -AC_MSG_CHECKING([for debug mode]) -AC_ARG_ENABLE(debug, - AC_HELP_STRING([--enable-debug=no/default/yes], - [Turn on or off debugging])) - -if test "$enable_debug" != "no"; then - AC_DEFINE_UNQUOTED(WITH_DEBUG, 1, [Print debug output]) - AC_DEFINE_UNQUOTED(_DEBUG, 1, [In debug mode]) - CFLAGS="$CFLAGS -g" -fi - -if test "$enable_debug" = "yes"; then - debug_status="yes (-g, -O0, debug output)" - CFLAGS="$CFLAGS -O0" -elif test "$enable_debug" = "no"; then - debug_status="no (no debug output, NDEBUG)" - AC_DEFINE_UNQUOTED(NDEBUG, 1, [Disable glib assertions]) -else - debug_status="default (-g, debug output)" -fi - -AC_MSG_RESULT($debug_status) - -AC_MSG_CHECKING(for more warnings) -if test "$GCC" = "yes"; then - CFLAGS="$CFLAGS \ - -Wall -Wstrict-prototypes -Wmissing-declarations \ - -Wmissing-prototypes -Wnested-externs -Wpointer-arith \ - -Wdeclaration-after-statement -Wformat=2 -Winit-self \ - -Waggregate-return -Wno-missing-format-attribute \ - -fno-strict-aliasing -fno-common" - - for option in -Wmissing-include-dirs -Wundef; do - SAVE_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $option" - AC_MSG_CHECKING([whether gcc understands $option]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [])], - [has_option=yes], - [has_option=no]) - AC_MSG_RESULT($has_option) - if test $has_option = no; then - CFLAGS="$SAVE_CFLAGS" - fi - done -else - AC_MSG_RESULT(no) -fi - -AC_ARG_ENABLE(strict, - [AS_HELP_STRING([--enable-strict], [Strict code compilation])] - ) - -AC_MSG_CHECKING([build strict]) - -if test "$enable_strict" = "yes"; then - CFLAGS="$CFLAGS -Werror" - AC_DEFINE_UNQUOTED(WITH_STRICT, 1, [More strict checks]) - strict_status="yes (-Werror, fatals)" -else - strict_status="no" -fi - -AC_MSG_RESULT($strict_status) - -AC_MSG_CHECKING([whether to build with gcov testing]) -AC_ARG_ENABLE([coverage], - [AS_HELP_STRING([--enable-coverage], [Whether to enable coverage testing ])], - [], - [enable_coverage=no]) - -AC_MSG_RESULT([$enable_coverage]) - -if test "$enable_coverage" = "yes"; then - if test "$GCC" != "yes"; then - AC_MSG_ERROR(Coverage testing requires GCC) - fi - - AC_PATH_PROG(GCOV, gcov, no) - if test "$GCOV" = "no" ; then - AC_MSG_ERROR(gcov tool is not available) - fi - - AC_PATH_PROG(LCOV, lcov, no) - if test "$LCOV" = "no" ; then - AC_MSG_ERROR(lcov tool is not installed) - fi - - AC_PATH_PROG(GENHTML, genhtml, no) - if test "$GENHTML" = "no" ; then - AC_MSG_ERROR(lcov's genhtml tool is not installed) - fi - - CFLAGS="$CFLAGS -O0 -g --coverage" - LDFLAGS="$LDFLAGS --coverage" -fi - -AM_CONDITIONAL([WITH_COVERAGE], [test "$enable_coverage" = "yes"]) -AC_SUBST(LCOV) -AC_SUBST(GCOV) -AC_SUBST(GENHTML) - -# --------------------------------------------------------------------- - -P11KIT_LT_RELEASE=$P11KIT_CURRENT:$P11KIT_REVISION:$P11KIT_AGE -AC_SUBST(P11KIT_LT_RELEASE) - -echo $PACKAGE_VERSION | tr '.' ' ' | while read major minor unused; do - AC_DEFINE_UNQUOTED(PACKAGE_MAJOR, $major, [Major version of package]) - AC_DEFINE_UNQUOTED(PACKAGE_MINOR, $minor, [Minor version of package]) - break -done - -case "$host" in -*-*-darwin*) - # It seems like libtool lies about this see: - # https://bugs.freedesktop.org/show_bug.cgi?id=57714 - SHLEXT='.so' - ;; -*) - eval SHLEXT=$shrext_cmds - ;; -esac - -AC_DEFINE_UNQUOTED(SHLEXT, ["$SHLEXT"], [File extension for shared libraries]) -AC_SUBST(SHLEXT) - -privatedir='${libdir}/p11-kit' -AC_SUBST(privatedir) - -AC_CONFIG_FILES([Makefile - doc/Makefile - doc/manual/Makefile - po/Makefile.in - p11-kit/p11-kit-1.pc - p11-kit/pkcs11.conf.example - trust/trust-extract-compat - trust/test-extract -]) -AC_OUTPUT - -# Format paths arguments which should wrap correctly in the output -indent='\n ' -trust_status=$(echo "$with_trust_paths" | sed -e "s/:/$indent/g") - -AC_MSG_NOTICE([build options: - - Host: $host - Debug build: $debug_status - Strict build: $strict_status - Build documentation: $doc_status - System global config: $p11_system_config_file - System module config directory: $p11_system_config_modules - Package module config directory: $p11_package_config_modules - User global config: $p11_user_config_file - User module config directory: $p11_user_config_modules - Load relative module paths from: $p11_module_path - - With libtasn1 dependency: $with_libtasn1 - With libffi: $with_libffi - With hash implementation: $with_hash_impl - - Build trust module: $enable_trust_module - Trust module paths: $trust_status - -]) diff --git a/doc/Makefile.am b/doc/Makefile.am deleted file mode 100644 index de840c0..0000000 --- a/doc/Makefile.am +++ /dev/null @@ -1,6 +0,0 @@ - -SUBDIRS = manual - -memcheck: - -leakcheck: diff --git a/doc/internal/persist-format.txt b/doc/internal/persist-format.txt deleted file mode 100644 index cb863be..0000000 --- a/doc/internal/persist-format.txt +++ /dev/null @@ -1,59 +0,0 @@ -These are some notes about the p11-kit persistence format - -The format is designed to be somewhat human readable and debuggable, and a bit -transparent but it is also not encouraged to read/write this format from other -applications or tools without first discussing this at the the mailing list: - -p11-glue@lists.freedesktop.org - -The format of the file reflects the PKCS#11 attributes exposed by p11-kit. The -attributes have a one to one mapping with PKCS#11 attributes of similar names. -No assumptions should be made that an attribute does what you think it does -from the label. - -Each object in the file starts with the header '[p11-kit-object-v1]'. After that -point there are names and valeus separated by colons. Whitespace surrounding -the names and values is ignored. - -Boolean values are 'true' and 'false'. Unsigned long attributes are plain -numbers. String/binary attributes are surrounded with quotes and percent -encoded. Object id attributes are in their dotted form. Various PKCS#11 -constants are available. - -PEM blocks can be present within an object, and these contribute certain -PKCS#11 attributes to the object. The attributes that come from PEM blocks -never override those explicitly specified. - -A 'CERTIFICATE' type PEM block contributes the 'value', 'class', -'certificate-type', 'subject', 'issuer' 'start-date', 'end-date', 'id', -'certificate-category', 'check-value', 'serial-number', 'public-key-info' -attributes with appropriate values. - -A 'PUBLIC KEY' type PEM block contributes the 'public-key-info' attribute -with an appropriate value. - -Comments starting with a '#' and blank lines are ignored. - -Only rudimentary checks are done to make sure that the resulting attributes -make sense. This may change in the future, and invalid files will be -unceremoniously rejected. So again use the mailing list if there's a need -to be writing these files at this point: - -p11-glue@lists.freedesktop.org - -Example file: - -[p11-kit-object-v1] -class = certificate -modifiable = true -java-midp-security-domain = 0 -label = "My special label" -id = "%01%02%03go" - ------BEGIN CERTIFICATE----- -MIIEXDCCA0SgAwIBAgIEOGO5ZjANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML -................................................................ -B/L/CNDi3tm/Kq+4h4YhPATKt5Rof8886ZjXOP/swNlQ8C5LWK5Gb9Auw2DaclVy -vUxFnmG6v4SBkgPR0ml8xQ== ------END CERTIFICATE----- -x-distrusted = true diff --git a/doc/manual/Makefile.am b/doc/manual/Makefile.am deleted file mode 100644 index c161b19..0000000 --- a/doc/manual/Makefile.am +++ /dev/null @@ -1,169 +0,0 @@ -abs_top_builddir = @abs_top_builddir@ - -NULL = - -# We require automake 1.6 at least. -AUTOMAKE_OPTIONS = 1.6 - -# The name of the module, e.g. 'glib'. -DOC_MODULE=p11-kit - -# The top-level SGML file. You can change this if you want to. -DOC_MAIN_SGML_FILE=$(DOC_MODULE)-docs.xml - -# The directory containing the source code. Relative to $(srcdir). -# gtk-doc will search all .c & .h files beneath here for inline comments -# documenting the functions and macros. -# e.g. DOC_SOURCE_DIR=../../../gtk -DOC_SOURCE_DIR=$(top_srcdir)/p11-kit - -# Extra options to pass to gtkdoc-scangobj. Not normally needed. -SCANGOBJ_OPTIONS= --version - -# Extra options to supply to gtkdoc-scan. -# e.g. SCAN_OPTIONS=--deprecated-guards="GTK_DISABLE_DEPRECATED" -SCAN_OPTIONS= --rebuild-types --deprecated-guards="P11_KIT_DISABLE_DEPRECATED" - -# Extra options to supply to gtkdoc-mkdb. -# e.g. MKDB_OPTIONS=--sgml-mode --output-format=xml -MKDB_OPTIONS=--sgml-mode --output-format=xml - -# Extra options to supply to gtkdoc-mktmpl -# e.g. MKTMPL_OPTIONS=--only-section-tmpl -MKTMPL_OPTIONS= - -# MKHTML_OPTIONS=--path="$(builddir)/html $(srcdir)/html" - -# Extra options to supply to gtkdoc-fixref. Not normally needed. -# e.g. FIXXREF_OPTIONS=--extra-dir=../gdk-pixbuf/html --extra-dir=../gdk/html -FIXXREF_OPTIONS= - -# Used for dependencies. The docs will be rebuilt if any of these change. -# e.g. HFILE_GLOB=$(top_srcdir)/gtk/*.h -# e.g. CFILE_GLOB=$(top_srcdir)/gtk/*.c -HFILE_GLOB=$(top_srcdir)/p11-kit/*.h -CFILE_GLOB=$(top_srcdir)/p11-kit/*.c - -# Header files to ignore when scanning. -# e.g. IGNORE_HFILES=gtkdebug.h gtkintl.h -IGNORE_HFILES= \ - private.h \ - pkcs11.h \ - conf.h \ - debug.h \ - dict.h \ - log.h \ - mock.h \ - modules.h \ - pkcs11.h \ - pkcs11i.h \ - pkcs11x.h \ - private.h \ - proxy.h \ - rpc.h \ - rpc-message.h \ - util.h \ - virtual.h \ - array.h \ - compat.h \ - $(NULL) - -# Images to copy into HTML directory. -# e.g. HTML_IMAGES=$(top_srcdir)/gtk/stock-icons/stock_about_24.png -HTML_IMAGES= - -generate_files= \ - version.xml \ - userdir.xml \ - sysdir.xml \ - $(NULL) - -# Extra SGML files that are included by $(DOC_MAIN_SGML_FILE). -# e.g. content_files=running.sgml building.sgml changes-2.0.sgml -content_files=p11-kit-config.xml p11-kit-sharing.xml \ - p11-kit-devel.xml \ - p11-kit-proxy.xml \ - p11-kit-trust.xml \ - p11-kit.xml \ - pkcs11.conf.xml \ - trust.xml \ - annotation-glossary.xml \ - $(NULL) - -# SGML files where gtk-doc abbrevations (#GtkWidget) are expanded -# These files must be listed here *and* in content_files -# e.g. expand_content_files=running.sgml -expand_content_files= $(generate_files) - -# CFLAGS and LDFLAGS for compiling gtkdoc-scangobj with your library. -# Only needed if you are using gtkdoc-scangobj to dynamically query widget -# signals and properties. -# e.g. INCLUDES=-I$(top_srcdir) -I$(top_builddir) $(GTK_DEBUG_FLAGS) -# e.g. GTKDOC_LIBS=$(top_builddir)/gtk/$(gtktargetlib) -GTKDOC_LIBS= - -# Hacks around gtk-doc brokenness for out of tree builds -$(builddir)/p11-kit-sections.txt: $(srcdir)/p11-kit-sections.txt - cp $(srcdir)/p11-kit-sections.txt $(builddir)/p11-kit-sections.txt -$(builddir)/p11-kit-overrides.txt: $(srcdir)/p11-kit-overrides.txt - cp $(srcdir)/p11-kit-overrides.txt $(builddir)/p11-kit-overrides.txt - -# Generate our files with variables -sysdir.xml: - $(AM_V_GEN) echo -n '$(p11_system_config)' > "$@" -userdir.xml: - $(AM_V_GEN) echo -n '$(p11_user_config)' > "$@" -version.xml: - $(AM_V_GEN) echo -n '$(VERSION)' > "$@" - -# This includes the standard gtk-doc make rules, copied by gtkdocize. -include $(top_srcdir)/build/gtk-doc.make - -if ENABLE_GTK_DOC -man1_MANS = trust.1 -man8_MANS = p11-kit.8 -man5_MANS = pkcs11.conf.5 - -XSLTPROC_FLAGS = \ - --nonet \ - --stringparam man.output.quietly 1 \ - --stringparam funcsynopsis.style ansi \ - --stringparam man.th.extra1.suppress 1 \ - --stringparam man.authors.section.enabled 0 \ - --stringparam man.copyright.section.enabled 0 - -XSLTPROC_MAN = \ - $(XSLTPROC) $(XSLTPROC_FLAGS) --path $(builddir) \ - http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl - -trust.1: trust.xml $(generate_files) - $(AM_V_GEN) $(XSLTPROC_MAN) $< -pkcs11.conf.5: pkcs11.conf.xml $(generate_files) - $(AM_V_GEN) $(XSLTPROC_MAN) $< -p11-kit.8: p11-kit.xml $(generate_files) - $(AM_V_GEN) $(XSLTPROC_MAN) $< - -else # ENABLE_GTK_DOC - -man1_MANS = -man5_MANS = -man8_MANS = - -endif # ENABLE_GTK_DOC - -MAN_IN_FILES = \ - $(man8_MANS:.8=.xml) \ - $(man5_MANS:.5=.xml) \ - $(man1_MANS:.1=.xml) \ - $(NULL) - -CLEANFILES += \ - $(generate_files) \ - $(man1_MANS) \ - $(man5_MANS) \ - $(man8_MANS) \ - $(NULL) - -EXTRA_DIST += \ - $(MAN_IN_FILES) \ - $(NULL) diff --git a/doc/manual/annotation-glossary.xml b/doc/manual/annotation-glossary.xml deleted file mode 100644 index 4a0f8a6..0000000 --- a/doc/manual/annotation-glossary.xml +++ /dev/null @@ -1,67 +0,0 @@ - - -]> - - -Annotation Glossary -A - - allow-none - - NULL is ok, both for passing and for returning. - - - - array - - Parameter points to an array of items. - - - -E - - element-type - - Generics and defining elements of containers and arrays. - - - -I - - inout - - Parameter for input and for returning results. Default is transfer full. - - - -O - - out - - Parameter for returning results. Default is transfer full. - - - -T - - transfer full - - Free data after the code is done. - - - - type - - Override the parsed C type with given type - - - - transfer none - - Don't free data after the code is done. - - - - \ No newline at end of file diff --git a/doc/manual/docbook-params.xsl b/doc/manual/docbook-params.xsl deleted file mode 100644 index 5d8591a..0000000 --- a/doc/manual/docbook-params.xsl +++ /dev/null @@ -1,39 +0,0 @@ - - - - - - - - 3 - 0 - - book toc - part nop - chapter toc - - style.css - ansi - 1 - 0 - 1 - - diff --git a/doc/manual/p11-kit-config.xml b/doc/manual/p11-kit-config.xml deleted file mode 100644 index c580445..0000000 --- a/doc/manual/p11-kit-config.xml +++ /dev/null @@ -1,98 +0,0 @@ - - - -]> - - - PKCS#11 Configuration - -
- Consistent configuration - - In order for multiple applications on the user's desktop to use - PKCS#11 modules in a consistent manner, there must be a configuration - or registry to specify which modules to load and how to use them. The - PKCS#11 specification does not specify such a configuration standard. - - - Because of the multi-library module initialization problem, use of - PKCS#11 modules must be coordinated within an application. p11-kit - provides that coordination. Since coordination is required, it follows - that p11-kit can also implement a consistent module configuration. - -
- -
- Example - - The following sections describe the config format in detail. But first - an example which shows the various features. The configuration below, loads - two modules called 'my-module' and 'nss'. The user settings override some - aspects of the system settings. - -Global configuration file: &sysdir;/pkcs11.conf - -# This setting controls whether to load user configuration from the -# &userdir; directory. Possible values: -# none: No user configuration -# merge: Merge the user config over the system configuration (default) -# only: Only user configuration, ignore system configuration -user-config: merge - - -One module configuration file per module: &sysdir;/modules/my-module - -# This setting controls the actual module library to load. This config file -# might be installed by the package that installs this module library. This -# is not an absolute path name. Relative path names are loaded from the -# $(libdir)/pkcs11 directory by default. -module: my-pkcs11-module.so - -# This controls whether the module is required to successfully initialize. If 'yes', then -# a failure to load or initialize this module will result in a p11-kit system failure. -critical: no - - -User configuration file: &userdir;/pkcs11.conf - -# This is an empty file. Files that do not exist are treated as empty. - - -User configuration file: &userdir;/modules/my-module - -# Merge with the settings in the system my-module config file. In this case -# a developer has overridden to load a different module for my-module instead. -module: /home/user/src/custom-module/my-module.so - - -User configuration file: &userdir;/modules/nss - -# Load the NSS libsoftokn.so.3 PKCS#11 library as a module. Note that we pass -# some custom non-standard initialization arguments, as NSS expects. -module: /usr/lib/libsoftokn3.so -x-init-reserved: configdir='sql:/home/test/.pki/nssdb' certPrefix='' keyPrefix='' secmod='socmod.db' -critical: yes - - - -
- -
- Configuration Files - - A complete configuration consists of several files. These files are - text files. Since p11-kit is built to be used in all - sorts of environments and at very low levels of the software stack, we - cannot make use of high level configuration APIs that you may find on a - modern desktop. - - See the manual page for more details - on the format and available options. - - Note that user configuration files are not loaded from the home - directory if running inside a setuid or setgid program. -
- diff --git a/doc/manual/p11-kit-devel.xml b/doc/manual/p11-kit-devel.xml deleted file mode 100644 index 2ce3f0c..0000000 --- a/doc/manual/p11-kit-devel.xml +++ /dev/null @@ -1,323 +0,0 @@ - - - - - Building, Packaging, and Contributing to p11-kit - - - -
- Packaging PKCS#11 module configs - - Developers or packagers of PKCS#11 modules need to install various - files into specific locations so that p11-kit will recognize and load the - module correctly. - - You should use pkg-config as described below - to determine configuration paths. p11-kit installs a - pkg-config file called p11-kit-1.pc. - This file contains all the information about the various paths that p11-kit - looks for files at. - -
- Path to place module configuration - - As described in the module configuration - documentation, each PKCS#11 module should install a config file describing - that module. These config files should be installed to a specific directory which - can be determined by running: - - -$ pkg-config p11-kit-1 --variable p11_module_configs -/usr/share/p11-kit/modules -
- -
- Default path for modules with relative paths - - If a module configuration - contains a relative path in its module: setting, - then that module will be loaded from the default module path. This - path can be determined by running: - - -$ pkg-config p11-kit-1 --variable p11_module_path -/usr/lib64/pkcs11 -
- -
- -
- Customizing installed commands - - The p11-kit tool provides a - extract-trust command which extracts trust - policy information such as certificate anchors and so on - into files for use with libraries that cannot read this trust - information directly. - - In order to be useful the extract-trust - command needs to be customized per distribution or site. You can - find this file in at tools/p11-kit-trust-extract.in - in the p11-kit source code. - - The command is implemented as a simple script which - performs the various p11-kit extract commands - necessary to extract the information. - - Using this script as a standard way to extract this - information allows for consistency between distributions and ease - of system administration. -
- -
- Compiling p11-kit from Source - This describes how to compiling the p11-kit package from - source code. This is normally only necessary for those wishing to - contribute to the project or package p11-kit. - - You can download - tarballs - of the releases of p11-kit or - check - out the source code from git. This documentation will not - go into all the details of how to get your development environment - set up and instead focus on the what's unique to compiling p11-kit. - -
- Building on UNIX - p11-kit uses the standard GNU build system, using autoconf for package - configuration and resolving portability issues, automake for building makefiles - that comply with the GNU Coding Standards, and libtool for building shared - libraries on multiple platforms. The normal sequence for compiling and - installing the p11-kit library is thus: - - -$ ./configure --prefix=/path/to/prefix ... -$ make -$ make install - - - If you've checked out the source code from git, then the - configure script does not yet exist. So use - the following instead: - - -$ ./autogen.sh --prefix=/path/to/prefix ... -$ make -$ make install - - - The standard options provided by GNU autoconf may be passed to the configure - script. Please see the autoconf documentation or run ./configure --help - for information about the standard options. In particular you probably want to adjust - the --prefix=/xxx argument depending on your system and development - environment. -
- -
- Optional Dependencies - - On a modern GNU Linux system, p11-kit has no required dependencies other - than the standard C library. However on older UNIX systems, some of the following - may be required. - - - gettext is required if your system doesn't - have the gettext() functionality for handling message - translation databases. This can be provided by the libintl library from - the GNU gettext - package. - pthread is required if your (ancient) system - doesn't have this included in the base system. How this is provided is platform - specific. - - - In addition p11-kit has several optional dependencies. If these are not available - during the build, then certain features will be disabled. - - - libffi for sharing of PKCS#11 modules - between multiple callers in the same process. It is highly recommended that - this dependency be treated as a required dependency. - gtk-doc is required to build the reference - manual. Use --enable-doc to control this - dependency. - xsltproc is required to build the command - manual pages. Use --enable-doc to control this - dependency. - libtasn1 is required to build the trust - module and code that interacts with certificates. - freebl3 (developed as part of the NSS - code base) is an optional dependency that may be used to meet policy - requirements of system builders. Enabling this dependency provides no other - advantage. - - -
- -
- Extra Configuration Options - - In addition to the normal options, the configure script in the p11-kit library - supports these additional arguments: - - - - - Disables building of the trust policy module. - - - , - By default p11-kit is built with debug symbols assertions and - and precondition checks. Enabling the debug option configures even more - detailed debug build, including disabling optimization. Disabling the debug - option is not recommended, as it disables all assertions, preconditions and - internal consistency checks, although it may result it a slightly faster - library. - - - - Enables building of the documentation and command line manual. - The documentation is built in the doc/html/ directory of - the build. Requires the gtk-doc and xsltproc - dependencies. - - - - Enables strict checks during building of p11-kit. All - compiler warnings become errors. - - - - Instead of using internal hash code, link to the freebl3 - library and use its hash implementations. The only advantage this brings is to - meet the policy requirements of system builders. - - - - , - Build with a dependency on the libtasn1 library. This dependency - allows the trust policy module to be built as well as other code that interacts with - certificates. - - - - Specify the path to look for PKCS#11 modules which were - listed in a module config file with a relative path. - - - - Specify the files or directories to look for certificate - anchors and blacklists. Multiple files and/or directories are specified with - a : in between them. The first path has the highest - priority when searching for certificates. - - - - Specify the path to look for p11-kit config files. This - usually defaults to something like /etc/pkcs11 - - - - Specify the path to look for user specific p11-kit config files. If - specify a path that begins with ~/ then this is expanded to the - home directory of the user running p11-kit. If you specify a path that begins with - ~/.config/ then this is expanded to the $XDG_CONFIG_HOME directory, - as outlined in the - XDG Base Dir specification. - This option defaults to ~/.pkcs11 - - - -
-
- -
- Coding Style - - We use a code style similar to the linux kernel. Use tabs - to indent and spaces to align/wrap beyond the indentation level. - - We don't try to guarantee completely robust and problem free - behavior in cases where the caller or system isn't behaving. We - consider these to be outside of our control: - - - Broken input from callers. We use preconditions - to check input and immediately return. We don't try to provide - error codes for all the various ways callers can screw - around. - - - Out of memory. It is pretty much impossible to handle out - of memory errors correctly. Handling them alongside other errors - is naive and broken. We don't try to guarantee library state - (such as locks or memory leaks) when memory allocation fails. - We do check the results from all memory allocations, but - treat them as unexpected conditions. As a nod to the behavior - of callers of this library, we don't abort on memory allocation - failures. We use preconditions with somewhat sane results. - Exception: when reading files or allocating potentially - unbounded amounts of memory, we should respond robustly to memory - allocation failures. - - - - These unexpected conditions indicate a bug either in p11-kit or - in the system. All bets are off once this occurs. - - Use the return_val_xxx() precondition macros to - check for unexpected conditions. -
- -
- Testing and Code Coverage - - As a general rule changes to p11-kit should have a tests exercising - that change. Use the make check command to run all - the tests. If you run it from a subdirectory only the tests in that - directory will be run. - - To check for memory errors or memory leaks, run make memcheck - or make leakcheck respectively. This requires valgrind - be installed. - - Build p11-kit with the configure - option to build code coverage support. - - Once you've done that you can either use make coverage - to build code coverage information. Alternatively (and this is usually - easier) you can use - - git coverage to easily check whether - you've tested the lines changed by a patch. - - A code coverage report is - available online. -
- -
- Debugging Tips - - Unexpected conditions will produce critical warnings by p11-kit. - These are often failed internal preconditions, and usually indicate a - bug either in p11-kit or the software calling it. - - You can use the environment variable P11_KIT_STRICT=yes - to make p11-kit do an abort() (and core dump depending on - your configuration) when a critical warning occurs. -
- diff --git a/doc/manual/p11-kit-docs.xml b/doc/manual/p11-kit-docs.xml deleted file mode 100644 index 77ff318..0000000 --- a/doc/manual/p11-kit-docs.xml +++ /dev/null @@ -1,45 +0,0 @@ - - - -]> - - - p11-kit - for p11-kit &version; - - - - - - - - - Manual Pages - - - - - - - API Reference - - - - - - - - - API Index - - - - - - - - - diff --git a/doc/manual/p11-kit-overrides.txt b/doc/manual/p11-kit-overrides.txt deleted file mode 100644 index e69de29..0000000 diff --git a/doc/manual/p11-kit-proxy.xml b/doc/manual/p11-kit-proxy.xml deleted file mode 100644 index 7cc3615..0000000 --- a/doc/manual/p11-kit-proxy.xml +++ /dev/null @@ -1,29 +0,0 @@ - - - - Proxy Module - - When an application is aware of the fact that coordination - is necessary between multiple consumers of a PKCS#11 module, and wants - to load standard configured PKCS#11 modules, it can link to - p11-kit and use the functions there to provide this - functionality. - - However most current consumers of PKCS#11 are ignorant of - this problem, and do not link to p11-kit. In order to solve this - multiple initialization problem for all applications, - p11-kit provides a proxy compatibility - module. - - This proxy module acts like a normal PKCS#11 module, but - internally loads a preconfigured set of PKCS#11 modules and - manages their features as described earlier. Each slot in the configured modules - is exposed as a slot of the p11-kit proxy module. The proxy - module is then used as a normal PKCS#11 module would be. It can be loaded by - crypto libraries like NSS and behaves as expected. - - The C_GetFunctionList exported entry point of the - proxy module returns a new managed PKCS#11 module each time it is called. These - managed instances are released when the proxy module is unloaded. - diff --git a/doc/manual/p11-kit-sections.txt b/doc/manual/p11-kit-sections.txt deleted file mode 100644 index 85e226f..0000000 --- a/doc/manual/p11-kit-sections.txt +++ /dev/null @@ -1,136 +0,0 @@ -
-p11-kit-uri -P11_KIT_URI_SCHEME -P11_KIT_URI_SCHEME_LEN -P11KitUriType -P11KitUriResult -P11KitUri -p11_kit_uri -p11_kit_uri_new -p11_kit_uri_get_module_info -p11_kit_uri_match_module_info -p11_kit_uri_get_token_info -p11_kit_uri_match_token_info -p11_kit_uri_get_attributes -p11_kit_uri_set_attributes -p11_kit_uri_clear_attributes -p11_kit_uri_match_attributes -p11_kit_uri_get_attribute -p11_kit_uri_set_attribute -p11_kit_uri_clear_attribute -p11_kit_uri_set_unrecognized -p11_kit_uri_any_unrecognized -p11_kit_uri_get_pin_source -p11_kit_uri_set_pin_source -p11_kit_uri_get_pinfile -p11_kit_uri_set_pinfile -p11_kit_uri_format -p11_kit_uri_parse -p11_kit_uri_free -p11_kit_uri_message -P11_KIT_URI_NO_MEMORY -
- -
-p11-kit-pin -P11KitPin -p11_kit_pin_new -p11_kit_pin_new_for_buffer -p11_kit_pin_new_for_string -p11_kit_pin_get_value -p11_kit_pin_get_length -p11_kit_pin_ref -p11_kit_pin_unref -P11KitPinFlags -P11_KIT_PIN_FALLBACK -p11_kit_pin_register_callback -p11_kit_pin_unregister_callback -p11_kit_pin_callback -p11_kit_pin_request -p11_kit_pin_destroy_func -p11_kit_pin_file_callback -
- -
-p11-kit -P11_KIT_MODULE_CRITICAL -P11_KIT_MODULE_UNMANAGED -p11_kit_modules_load_and_initialize -p11_kit_modules_finalize_and_release -p11_kit_modules_load -p11_kit_modules_initialize -p11_kit_modules_finalize -p11_kit_modules_release -p11_kit_module_load -p11_kit_module_initialize -p11_kit_module_finalize -p11_kit_module_release -p11_kit_module_for_name -p11_kit_module_get_name -p11_kit_module_get_flags -p11_kit_config_option -
- -
-p11-kit-util -p11_kit_strerror -p11_kit_message -p11_kit_space_strdup -p11_kit_space_strlen -p11_kit_be_quiet -p11_kit_be_loud - -CK_FUNCTION_LIST_PTR -CK_RV -CK_ATTRIBUTE -CK_ATTRIBUTE_PTR -CK_ATTRIBUTE_TYPE -CK_FLAGS -CK_FUNCTION_LIST -CK_INFO_PTR -CK_TOKEN_INFO_PTR -CK_ULONG -p11_kit_uri_result_t -p11_kit_uri_type_t -
- -
-p11-kit-future -p11_kit_set_progname -p11_kit_destroyer -P11KitIter -p11_kit_iter -p11_kit_iter_new -p11_kit_iter_set_uri -p11_kit_iter_add_callback -p11_kit_iter_add_filter -p11_kit_iter_callback -p11_kit_iter_begin -p11_kit_iter_begin_with -p11_kit_iter_next -p11_kit_iter_get_module -p11_kit_iter_get_slot -p11_kit_iter_get_token -p11_kit_iter_get_session -p11_kit_iter_keep_session -p11_kit_iter_get_object -p11_kit_iter_load_attributes -p11_kit_iter_destroy_object -p11_kit_iter_free -P11KitIterBehavior -p11_kit_remote_serve_module -
- -
-p11-kit-deprecated -p11_kit_initialize_registered -p11_kit_finalize_registered -p11_kit_registered_modules -p11_kit_registered_module_to_name -p11_kit_registered_name_to_module -p11_kit_registered_option -p11_kit_initialize_module -p11_kit_load_initialize_module -p11_kit_finalize_module -P11_KIT_DEPRECATED_FOR -
diff --git a/doc/manual/p11-kit-sharing.xml b/doc/manual/p11-kit-sharing.xml deleted file mode 100644 index 0edf36e..0000000 --- a/doc/manual/p11-kit-sharing.xml +++ /dev/null @@ -1,110 +0,0 @@ - - - - - Sharing PKCS#11 modules - -
- Multiple consumers of PKCS#11 in a process - - As more and more applications and libraries use PKCS#11 we run - into a very basic problem. The PKCS#11 modules cannot be initialized and - finalized properly without coordination between the various consumers. - - - An example: An application might use GnuTLS for - TLS connections, and use libgcr for display of certificates. Both of - these want to load (and initialize) the same PKCS#11 modules. There are - many places where this situation occurs, including large applications - like Evolution which due to their dependencies end up using both NSS and - GnuTLS. - - Consumer A loads a PKCS#11 module and uses the module's - C_Initialize function to initialize it, which works as expected. - When consumer B initializes the module (also using C_Initialize), - the error code CKR_CRYPTOKI_ALREADY_INITIALIZED - is correctly returned. This is normal PKCS#11 specification - defined behavior for when a module is initialized twice in the - same process. If consumer B is aware of this situation they may - choose to ignore this error code. - - However when the consumer A is done with its use of the - PKCS#11 module it finalizes the module using the module's - C_Finalize function. This is expected of a well behaved PKCS#11 - consumer. This then causes errors and/or crashes for consumer B, - which cannot know that the module has now been finalized out - from underneath it. - - It is necessary for the two consumers to coordinate their - initialization and finalization in some fashion. In - p11-kit we provide this coordination in a - loosely coupled, backwards compatible, and flexible way. -
- -
- Managed modules - - p11-kit wraps PKCS#11 modules to manage - them and customize their functionality so that they are able - to be shared between multiple callers in the same process. - - Each caller that uses the - p11_kit_modules_load() - or p11_kit_module_load() - function gets independent wrapped PKCS#11 module(s). This is unless a caller - or module configuration specifies that a module should be used in an - unmanaged fashion. - - When modules are managed, the following aspects are wrapped and - coordinated: - - - - Calls to C_Initialize and - C_Finalize can be called by multiple - callers. - - The first time that the managed module - C_Initialize is called, the PKCS#11 module's actual - C_Initialize function is called. Subsequent calls by - other callers will cause p11-kit to increment an - internal initialization count, rather than calling - C_Initialize again. - - Multiple callers can call the managed - C_Initialize function concurrently from different - threads and p11-kit will guarantee that this managed - in a thread-safe manner. - - - When the managed module C_Finalize is used - to finalize a module, each time it is called it decrements the internal - initialization count for that module. When the internal initialization - count reaches zero, the module's actual C_Finalize - function is called. - - Multiple callers can call the managed C_Finalize - function concurrently from different threads and p11-kit - will guarantee that this managed in a thread-safe manner. - - - Call to C_CloseAllSessions only close the - sessions that the caller of the managed module has opened. This allows the - C_CloseAllSessions function to be used without closing - sessions for other callers of the same PKCS#11 module. - - - Managed modules have ability to log PKCS#11 method calls for debugging - purposes. See the log-calls = yes - module configuration option. - - - Managed modules have the ability to be remoted to another machine or - isolated in their own process. - See the remote = ... - module configuration option. - - -
- diff --git a/doc/manual/p11-kit-trust.xml b/doc/manual/p11-kit-trust.xml deleted file mode 100644 index dde614c..0000000 --- a/doc/manual/p11-kit-trust.xml +++ /dev/null @@ -1,128 +0,0 @@ - - - -]> - - -Trust Policy Module - - The trust module provides system certificate anchors, blacklists - and other trust policy to crypto libraries applications. This - information is exposed as PKCS#11 objects. - - You can use the trust command line - tool to examine and modify the trust policy store. - -
- Paths loaded by the Module - - The trust module loads certificates and trust policy information - from preconfigured paths and allows them to be looked up via PKCS#11. - The input paths can be determined with using the following command: - - -$ pkg-config --variable p11_trust_paths p11-kit-1 -/usr/share/p11-kit/trust:/etc/pki/trust - - - Files in the following formats are supported for loading by the - trust policy module: - - - - X.509 certificates - X.509 certificates in raw DER format. Does not - automatically contain trust policy information. - - - PEM certificates - X.509 certificates in PEM format. These have a - BEGIN CERTIFICATE header. This file does not - automatically contain trust policy information. - - - OpenSSL trust certificates - OpenSSL specific certificates in PEM format - that contain trust information. These have a - BEGIN TRUSTED CERTIFICATE PEM header. Both - trust anchor and blacklist information can be loaded - from these files. - - - - If the input path is a file, then it is loaded. Certificate(s) in the - file are automatically treated as anchors, unless they contain alternate - trust policy information. - - If the input path is a directory, files inside that directory are - parsed and loaded. If the file contains trust policy information (such as the - OpenSSL trust certificates) then it will be respected. Files without trust policy - information are not automatically marked as an anchor or blacklisted. - - In addition two optional subdirectories of the input path are loaded. Files - placed in the anchors/ subdirectory become trust anchors - when they do not contain trust policy information. Files placed in the - blacklist/ subdirectory are blacklisted whether they - contain trust information or not. - - The first input path becomes the first PKCS#11 token of the trust - module, and has the highest priority when callers search for trust - policy information. -
- -
- Using the Trust Policy Module with NSS - - The trust policy module is a drop in replacement for the - libnssckbi.so module and thus works out of - the box with NSS. The trust policy module provides NSS style - PKCS#11 trust objects for NSS to retrieve. - - The module may be used to replace the - libnssckbi.so file via an distribution - specific alternatives mechanism or otherwise. - - Alternatively NSS applications like Firefox or Thunderbird - may be configured to use the trust policy module by adding - the p11-kit-trust.so PKCS#11 module via their - GUI or command line configuration. -
- -
- Using the Trust Policy Module with glib-networking - - The trust policy module can be used as a source of trust - information for glib-networking's gnutls-pkcs11 backend. - The module provides PKCS#11 trust assertion objects as expected. - - The module should work by default if the gnutls-pkcs11 - backend is selected as the glib-networking TLS backend. -
- -
- Disabling the Trust Policy Module - - This module is installed and enabled by default. It may - be disabled in the following ways: - - - Use the - during the p11-kit - build. - Disable loading trust policy information - from this module by adding a file to &sysdir;/modules - called p11-kit-trust.module containing a - trust-policy: no line. - - Disable this module completely by - adding a file to &sysdir;/modules - called p11-kit-trust.module containing a - enable-in: line (without a value). - - -
- - diff --git a/doc/manual/p11-kit.xml b/doc/manual/p11-kit.xml deleted file mode 100644 index be3f982..0000000 --- a/doc/manual/p11-kit.xml +++ /dev/null @@ -1,131 +0,0 @@ - - - - - - - p11-kit - p11-kit - - - Maintainer - Stef - Walter - stef@thewalter.net - - - - - - p11-kit - 8 - System Commands - - - - p11-kit - Tool for operating on configured PKCS#11 modules - - - - - p11-kit list-modules - - - p11-kit extract ... - - - - - Description - p11-kit is a command line tool that - can be used to perform operations on PKCS#11 modules configured on the - system. - - See the various sub commands below. The following global options - can be used: - - - - - Run in verbose mode with debug - output. - - - - Run in quiet mode without warning or - failure messages. - - - - - - - List Modules - - List system configured PKCS#11 modules. - - -$ p11-kit list-modules - - - The modules, information about them and the tokens present in - the PKCS#11 modules will be displayed. - - - - - Extract - - Extract certificates from configured PKCS#11 modules. - - See trust1 - for more information - - - - Extract Trust - - Extract standard trust information files. - - See trust1 - for more information - - - - Remote - - Run a PKCS#11 module remotely. - - -$ p11-kit remote /path/to/pkcs11-module.so - - - This is not meant to be run directly from a terminal. But rather in a - option in a - pkcs11.conf5 - file. - - - - Bugs - - Please send bug reports to either the distribution bug tracker - or the upstream bug tracker at - https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue&component=p11-kit. - - - - - See also - - pkcs11.conf5 - - - Further details available in the p11-kit online documentation at - http://p11-glue.freedesktop.org/doc/p11-kit/. - - - - diff --git a/doc/manual/pkcs11.conf.xml b/doc/manual/pkcs11.conf.xml deleted file mode 100644 index ffd89a5..0000000 --- a/doc/manual/pkcs11.conf.xml +++ /dev/null @@ -1,281 +0,0 @@ - - - -]> - - - - - pkcs11.conf - p11-kit - - - Maintainer - Stef - Walter - stef@thewalter.net - - - - - - pkcs11.conf - 5 - System Files - - - - pkcs11.conf - Configuration files for PKCS#11 modules - - - - Description - The pkcs11.conf configuration files are a standard - way to configure PKCS#11 modules. - - - - File format - A complete configuration consists of several files. These files are - text files. Since p11-kit is built to be used in all - sorts of environments and at very low levels of the software stack, we - cannot make use of high level configuration APIs that you may find on a - modern desktop. - - Each setting in the config file is specified consists of a name and - a value. The name is a simple string consisting of characters and dashes. - The name consists of alpha numeric characters, dot, hyphen and - underscore. - - The value is specified after the name on the same line, separated - from it by a : (colon). White space between the - name and value is ignored. - - Blank lines are ignored. White space at the beginning or end of - lines is stripped. Lines that begin with a # character - are ignored as comments. Comments are not recognized when they come after - a value on a line. - - A fictitious module configuration file might look like: - -module: module.so -# Here is a comment - -managed: true -setting.2: A long value with text. -x-custom : text - - - - - Module Configuration - - Each configured PKCS#11 module has its own config file. These files - can be placed in various locations. - The filename of the configuration file may consist of upper and lowercase letters - underscore, comma, dash and dots. The first characters needs to be an alphanumeric, - the filename should end with a .module extension. - Most importantly each config file specifies the path of the PKCS#11 module to - load. A module config file has the following fields: - - - - - - The filename of the PKCS#11 module to load. - This should include an extension like .so - If this value is blank, then the module will be ignored. - This can be used in the user configs to override loading of a module - specified in the system configuration. - - If this is a relative path, then the module will be loaded - from the default module directory. - - - - - - Set to yes if the module is critical and - required to load. If a critical module fails to load or initialize, - then the loading process for all registered modules will abort and - return an error code. - - This argument is optional and defaults to no. - - - - - - A comma and/or space separated list of names of programs that - this module should only be loaded in. The module will not be loaded - for other programs using p11-kit. The base name of the process executable - should be used here, for example - seahorse, ssh. - This is not a security feature. The argument is optional. If - not present, then any process will load the module. - - - - - - A comma and/or space separated list of names of programs that - this module should not be loaded in. The module will be loaded for any - other programs using p11-kit. The base name of the process - executable should be used here, for example - firefox, thunderbird-bin. - This is not a security feature. The argument is optional. If - not present, then any process will load the module. - - - - - - Set to no if the module is not to be managed by - p11-kit. Making a module unmanaged is not recommended, and will cause - problems if multiple callers in a single process share a PKCS#11 module. - - This argument is optional and defaults to yes. - - - - - - The value should be an integer. When lists of modules are - returned to a caller of p11-kit, modules with a higher number are sorted - first. When applications search modules for certificates, keys and - trust policy information, this setting will affect what find - first. - This argument is optional, and defaults to zero. Modules - with the same option will be sorted - alphabetically. - - - - - - Instead of loading the PKCS#11 module locally, run the module - remotely. - Specify a command to run, prefixed with | a pipe. - The command must speak the p11-kit remoting protocol on its standard in - and standard out. For example: - -remote: |ssh user@remote p11-kit remote /path/to/module.so - - Other forms of remoting will appear in later p11-kit releases. - - - - - - Set to yes to use use this module as a source - of trust policy information such as certificate anchors and black lists. - - - - log-calls: - - Set to yes to write a log to stderr of all the - calls into the module. This is only supported for managed modules. - - This argument is optional and defaults to no. - - - - - Do not specify both enable-in and disable-in - for the same module. - - Other fields may be present, but it is recommended that field names - that are not specified in this document start with a x- - prefix. - - - - Global Configuration - - A global configuration may also be present. This file contains settings - that are not related to a single PKCS#11 module. The location(s) of the - global configuration are described below. The global configuration file - can contain the following fields: - - - - - This will be equal to one of the following values: - none, merge, - only. - - - - - Set to yes or no to - force all modules to be managed or unmanaged by p11-kit. Setting this - setting in a global configuration file will override the - managed setting in the individual module configuration - files. Making modules unmanaged is not recommended, and will cause - problems if multiple callers in a single process share a PKCS#11 - module. - - This argument is optional. - - - - log-calls: - - Set to yes to write a log to stderr of all the - calls into all configured modules. This is only supported for managed - modules. - - This argument is optional. - - - - - Other fields may be present, but it is recommended that field names - that are not specified in this document start with a x- - prefix. - - - - Configuration Files - - Each configured PKCS#11 module has its own config file. These - files are placed in a directory. In addition a global config file exists. - There is a system configuration consisting of the various module config - files and a file for global configuration. Optionally each user can provide - additional configuration or override the system configuration. - - The system global configuration file is usually in - &sysdir;/pkcs11.conf and the user global - configuration file is in &userdir;/pkcs11.conf in the - user's home directory. - - The module config files are usually located in the - &sysdir;/modules directory, with one configuration - file per module. In addition the &userdir;/modules directory - can be used for modules installed by the user. - - Note that user configuration files are not loaded from the home - directory if running inside a setuid or setgid program. - - The default system config file and module directory can be changed - when building p11-kit. Always - lookup these paths using - pkg-config. - - - - See also - - p11-kit8 - - Further details available in the p11-kit online documentation at - http://p11-glue.freedesktop.org/doc/p11-kit/. - - - - diff --git a/doc/manual/style.css b/doc/manual/style.css deleted file mode 100644 index 3d0f951..0000000 --- a/doc/manual/style.css +++ /dev/null @@ -1,116 +0,0 @@ -@import url("gtk-doc.css"); - -TABLE.navigation { - background-color: #f9b631 !important; - border-width: 0 !important; - color: white; - font-family: Georgia, "Times New Roman", Times, serif; - height: 4em !important; -} - -TABLE.navigation TH { - font-size: 30pt !important; - font-weight: normal; - text-align: left !important; - padding-left: 10pt; -} - -TABLE.navigation TH:first-child { - padding-left: 40pt; -} - -.shortcuts { - color: white !important; -} - -.shortcuts a { - color: white !important; - font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif; -} - -P.title { - font-size: 30pt !important; -} - -BODY { - padding-top: 5.5em !important; -} - -DIV.book, -DIV.refentry, -DIV.chapter, -DIV.index, -DIV.footer, -DIV.section { - font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif; - font-size: 9.5pt; - line-height: 150%; -} - -BODY > DIV.book, -BODY > DIV.footer { - margin-left: 1em; - margin-right: 1em; -} - -BODY > DIV.refentry, -BODY > DIV.chapter, -BODY > DIV.index, -BODY > DIV.section { - margin-left: 3em; - margin-right: 1em; -} - -DIV.variablelist TABLE { - font-size: 9.5pt; - line-height: 150%; -} - -DIV.refsect1, -DIV.refsect2, -DIV.refsynopsisdiv { - margin-bottom: 3em !important; -} - -H1 { - position: relative; - left: -1em; - font-weight: normal !important; -} - -H2 { - position: relative; - left: -1em; - font-weight: normal !important; -} - -H3 { - position: relative; - left: -1em; - font-weight: normal !important; -} - -CODE.option { - white-space: nowrap; -} - -DIV.toc DL { - margin-top: 0; - margin-bottom: 0; -} - -DIV.book > DIV.toc > DL > DT { - margin-top: 1em; -} - -DIV.toc DT { - margin-bottom: 0.3em; -} - -TABLE.variablelist SPAN.term { - padding-right: 1em; -} - -DIV.cmdsynopsis { - font-family: monospace; -} diff --git a/doc/manual/trust.xml b/doc/manual/trust.xml deleted file mode 100644 index 05f2726..0000000 --- a/doc/manual/trust.xml +++ /dev/null @@ -1,372 +0,0 @@ - - - - - - - trust - p11-kit - - - Maintainer - Stef - Walter - stef@thewalter.net - - - - - - trust - 1 - User Commands - - - - trust - Tool for operating on the trust policy store - - - - - trust list - - - trust extract --filter=<what> - --format=<type> /path/to/destination - - - trust anchor /path/to/certificate.crt - - - - - Description - trust is a command line tool to examine and - modify the shared trust policy store. - - See the various sub commands below. The following global options - can be used: - - - - - Run in verbose mode with debug - output. - - - - Run in quiet mode without warning or - failure messages. - - - - - - - List - - List trust policy store items. - - -$ trust list - - - List information about the various items in the trust policy store. - Each item is listed with it's PKCS#11 URI and some descriptive information. - - You can specify the following options to control what to list. - - - - - Specifies what certificates to extract. You can specify the following values: - - - - Certificate anchors - - - - Anchors and blacklist (default) - - - - Blacklisted certificates - - - - All certificates - - - - A PKCS#11 URI to filter with - - - - - If an output format is chosen that cannot support type what has been - specified by the filter, a message will be printed. - - None of the available formats support storage of blacklist entries - that do not contain a full certificate. Thus any certificates blacklisted by - their issuer and serial number alone, are not included in the extracted - blacklist. - - - - - Limit to certificates usable for the given purpose - You can specify one of the following values: - - - - For authenticating servers - - - - For authenticating clients - - - - For email protection - - - - For authenticated signed code - - - - An arbitrary purpose OID - - - - - - - - - Anchor - - Store or remove trust anchors. - - -$ trust anchor /path/to/certificate.crt -$ trust anchor --remove /path/to/certificate.crt -$ trust anchor --remove "pkcs11:id=%AA%BB%CC%DD%EE;object-type=cert" - - - Store or remove trust anchors in the trust policy store. These are - usually root certificate authorities. - - Specify either the or - operations. If no operation is specified then is - assumed. - - When storing, one or more certificate files are expected on the - command line. These are stored as anchors, unless they are already - present. - - When removing an anchor, either specify certificate files or - PKCS#11 URI's on the command line. Matching anchors will be removed. - - It may be that this command needs to be run as root in order to - modify the system trust policy store, if no user specific store is - available. - - You can specify the following options. - - - - - Remove one or more anchors from the trust - policy store. Specify certificate files or PKCS#11 URI's - on the command line. - - - - Store one or more anchors to the trust - policy store. Specify certificate files on the command - line. - - - - - - - Extract - - Extract trust policy from the shared trust policy store. - - -$ trust extract --format=x509-directory --filter=ca-anchors /path/to/directory - - - You can specify the following options to control what to extract. - The and arguments - should be specified. By default this command will not overwrite the - destination file or directory. - - - - - Add identifying comments to PEM bundle output files - before each certificate. - - - - - Specifies what certificates to extract. You can specify the following values: - - - - Certificate anchors (default) - - - - Anchors and blacklist - - - - Blacklisted certificates - - - - All certificates - - - - A PKCS#11 URI - - - - - If an output format is chosen that cannot support type what has been - specified by the filter, a message will be printed. - - None of the available formats support storage of blacklist entries - that do not contain a full certificate. Thus any certificates blacklisted by - their issuer and serial number alone, are not included in the extracted - blacklist. - - - - - The format of the destination file or directory. - You can specify one of the following values: - - - - DER X.509 certificate file - - - - directory of X.509 certificates - - - - File containing one or more certificate PEM blocks - - - - Directory of PEM files each containing one certificate - - - - Directory of PEM files each containing one certificate, with hash symlinks - - - - OpenSSL specific PEM bundle of certificates - - - - Directory of OpenSSL specific PEM files - - - - Java keystore 'cacerts' certificate bundle - - - - - - - Overwrite output file or directory. - - - - Limit to certificates usable for the given purpose - You can specify one of the following values: - - - - For authenticating servers - - - - For authenticating clients - - - - For email protection - - - - For authenticated signed code - - - - An arbitrary purpose OID - - - - - - - - - - Extract Compat - - Extract compatibility trust certificate bundles. - - -$ trust extract-compat - - - OpenSSL, Java and some versions of GnuTLS cannot currently read - trust information directly from the trust policy store. This command - extracts trust information such as certificate anchors for use by - these libraries. - - What this command does, and where it extracts the files is - distribution or site specific. Packagers or administrators are expected - customize this command. - - - - - Bugs - - Please send bug reports to either the distribution bug tracker - or the upstream bug tracker at - https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue&component=p11-kit. - - - - - See also - - p11-kit8 - - An explanatory document about storing trust policy: - http://p11-glue.freedesktop.org/doc/storing-trust-policy/ - - Further details available in the p11-kit online documentation at - http://p11-glue.freedesktop.org/doc/p11-kit/. - - - - diff --git a/p11-kit/Makefile.am b/p11-kit/Makefile.am deleted file mode 100644 index 14ec4d6..0000000 --- a/p11-kit/Makefile.am +++ /dev/null @@ -1,253 +0,0 @@ - -inc_HEADERS += \ - p11-kit/deprecated.h \ - p11-kit/iter.h \ - p11-kit/p11-kit.h \ - p11-kit/pin.h \ - p11-kit/remote.h \ - p11-kit/uri.h \ - $(NULL) - -MODULE_SRCS = \ - p11-kit/util.c \ - p11-kit/conf.c p11-kit/conf.h \ - p11-kit/iter.c \ - p11-kit/log.c p11-kit/log.h \ - p11-kit/modules.c p11-kit/modules.h \ - p11-kit/pkcs11.h \ - p11-kit/pin.c \ - p11-kit/pkcs11.h \ - p11-kit/private.h \ - p11-kit/proxy.c p11-kit/proxy.h \ - p11-kit/messages.c \ - p11-kit/rpc-transport.c p11-kit/rpc.h \ - p11-kit/rpc-message.c p11-kit/rpc-message.h \ - p11-kit/rpc-client.c p11-kit/rpc-server.c \ - p11-kit/uri.c \ - p11-kit/virtual.c p11-kit/virtual.h \ - $(inc_HEADERS) - -lib_LTLIBRARIES += \ - libp11-kit.la - -libp11_kit_la_CFLAGS = \ - -DP11_SYSTEM_CONFIG_FILE=\""$(p11_system_config_file)"\" \ - -DP11_SYSTEM_CONFIG_MODULES=\""$(p11_system_config_modules)"\" \ - -DP11_PACKAGE_CONFIG_MODULES=\""$(p11_package_config_modules)"\" \ - -DP11_USER_CONFIG_FILE=\""$(p11_user_config_file)"\" \ - -DP11_USER_CONFIG_MODULES=\""$(p11_user_config_modules)"\" \ - -DP11_MODULE_PATH=\""$(p11_module_path)"\" \ - $(LIBFFI_CFLAGS) \ - $(NULL) - -libp11_kit_la_LDFLAGS = \ - -no-undefined \ - -version-info $(P11KIT_LT_RELEASE) \ - -export-symbols-regex '^C_GetFunctionList|^p11_kit_' - -libp11_kit_la_SOURCES = $(MODULE_SRCS) - -libp11_kit_la_LIBADD = \ - libp11-common.la \ - libp11-library.la \ - $(LIBFFI_LIBS) \ - $(LTLIBINTL) \ - $(NULL) - -noinst_LTLIBRARIES += \ - libp11-kit-testable.la - -libp11_kit_testable_la_LDFLAGS = -no-undefined -libp11_kit_testable_la_SOURCES = $(MODULE_SRCS) -libp11_kit_testable_la_LIBADD = $(libp11_kit_la_LIBADD) - -if OS_WIN32 - -libp11_kit_testable_la_CFLAGS = \ - -DP11_SYSTEM_CONFIG_FILE=\""$(abs_top_srcdir)/p11-kit/fixtures/system-pkcs11.conf"\" \ - -DP11_SYSTEM_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/fixtures/system-modules/win32"\" \ - -DP11_PACKAGE_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/fixtures/package-modules/win32"\" \ - -DP11_USER_CONFIG_FILE=\""$(abs_top_srcdir)/p11-kit/fixtures/user-pkcs11.conf"\" \ - -DP11_USER_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/fixtures/user-modules/win32"\" \ - -DP11_MODULE_PATH=\""$(abs_top_builddir)/.libs"\" \ - $(LIBFFI_CFLAGS) \ - $(NULL) - -else - -libp11_kit_testable_la_CFLAGS = \ - -DP11_SYSTEM_CONFIG_FILE=\""$(abs_top_srcdir)/p11-kit/fixtures/system-pkcs11.conf"\" \ - -DP11_SYSTEM_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/fixtures/system-modules"\" \ - -DP11_PACKAGE_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/fixtures/package-modules"\" \ - -DP11_USER_CONFIG_FILE=\""$(abs_top_srcdir)/p11-kit/fixtures/user-pkcs11.conf"\" \ - -DP11_USER_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/fixtures/user-modules"\" \ - -DP11_MODULE_PATH=\""$(abs_top_builddir)/.libs"\" \ - $(LIBFFI_CFLAGS) \ - $(NULL) - -# Proxy module is actually same as library, so install a link -install-exec-hook: - $(LN_S) -f `readlink $(DESTDIR)$(libdir)/libp11-kit.{so,dylib}` $(DESTDIR)$(libdir)/p11-kit-proxy.so - $(MKDIR_P) $(DESTDIR)$(p11_package_config_modules) - -endif - -pkgconfigdir = $(libdir)/pkgconfig -pkgconfig_DATA = p11-kit/p11-kit-1.pc - -exampledir = $(p11_system_config) -example_DATA = p11-kit/pkcs11.conf.example - -EXTRA_DIST += \ - p11-kit/p11-kit-1.pc.in \ - p11-kit/pkcs11.conf.example.in \ - p11-kit/docs.h \ - $(NULL) - -bin_PROGRAMS += p11-kit/p11-kit - -p11_kit_p11_kit_SOURCES = \ - p11-kit/lists.c \ - p11-kit/p11-kit.c \ - $(NULL) - -p11_kit_p11_kit_LDADD = \ - libp11-kit.la \ - libp11-tool.la \ - libp11-common.la \ - $(LTLIBINTL) \ - $(NULL) - -private_PROGRAMS += p11-kit-remote - -p11_kit_remote_SOURCES = \ - p11-kit/remote.c \ - $(NULL) - -p11_kit_remote_LDADD = \ - libp11-tool.la \ - libp11-common.la \ - libp11-kit.la \ - $(NULL) - -# Tests ---------------------------------------------------------------- - -p11_kit_LIBS = \ - libp11-kit-testable.la \ - libp11-test.la \ - libp11-common.la \ - $(LTLIBINTL) - -CHECK_PROGS += \ - test-progname \ - test-util \ - test-conf \ - test-uri \ - test-pin \ - test-init \ - test-modules \ - test-deprecated \ - test-proxy \ - test-iter \ - test-rpc \ - $(NULL) - -test_conf_SOURCES = p11-kit/test-conf.c -test_conf_LDADD = $(p11_kit_LIBS) - -test_deprecated_SOURCES = p11-kit/test-deprecated.c -test_deprecated_LDADD = $(p11_kit_LIBS) - -test_init_SOURCES = p11-kit/test-init.c -test_init_LDADD = $(p11_kit_LIBS) - -test_iter_SOURCES = p11-kit/test-iter.c -test_iter_LDADD = $(p11_kit_LIBS) - -test_modules_SOURCES = p11-kit/test-modules.c -test_modules_LDADD = $(p11_kit_LIBS) - -test_pin_SOURCES = p11-kit/test-pin.c -test_pin_LDADD = $(p11_kit_LIBS) - -test_progname_SOURCES = p11-kit/test-progname.c -test_progname_LDADD = $(p11_kit_LIBS) - -test_proxy_SOURCES = p11-kit/test-proxy.c -test_proxy_LDADD = $(p11_kit_LIBS) - -test_rpc_SOURCES = p11-kit/test-rpc.c -test_rpc_LDADD = $(p11_kit_LIBS) - -test_uri_SOURCES = p11-kit/test-uri.c -test_uri_LDADD = $(p11_kit_LIBS) - -test_util_SOURCES = p11-kit/test-util.c -test_util_LDADD = $(p11_kit_LIBS) - -noinst_PROGRAMS += \ - print-messages \ - frob-setuid - -print_messages_SOURCES = p11-kit/print-messages.c -print_messages_LDADD = $(p11_kit_LIBS) - -frob_setuid_SOURCES = p11-kit/frob-setuid.c -frob_setuid_LDADD = $(p11_kit_LIBS) - -if WITH_FFI - -CHECK_PROGS += \ - test-virtual \ - test-managed \ - test-log \ - test-transport \ - $(NULL) - -test_log_SOURCES = p11-kit/test-log.c -test_log_LDADD = $(p11_kit_LIBS) - -test_managed_SOURCES = p11-kit/test-managed.c -test_managed_LDADD = $(p11_kit_LIBS) - -test_transport_SOURCES = p11-kit/test-transport.c -test_transport_LDADD = $(p11_kit_LIBS) - -test_virtual_SOURCES = p11-kit/test-virtual.c -test_virtual_LDADD = $(p11_kit_LIBS) - -endif - -noinst_LTLIBRARIES += \ - mock-one.la \ - mock-two.la \ - mock-three.la \ - mock-four.la \ - mock-five.la - -mock_one_la_SOURCES = p11-kit/mock-module-ep.c -mock_one_la_LIBADD = libp11-test.la libp11-common.la -mock_one_la_LDFLAGS = \ - -module -avoid-version -rpath /nowhere \ - -no-undefined -export-symbols-regex 'C_GetFunctionList' - -mock_two_la_SOURCES = p11-kit/mock-module-ep2.c -mock_two_la_LDFLAGS = $(mock_one_la_LDFLAGS) -mock_two_la_LIBADD = $(mock_one_la_LIBADD) - -mock_three_la_SOURCES = $(mock_one_la_SOURCES) -mock_three_la_LDFLAGS = $(mock_one_la_LDFLAGS) -mock_three_la_LIBADD = $(mock_one_la_LIBADD) - -mock_four_la_SOURCES = $(mock_one_la_SOURCES) -mock_four_la_LDFLAGS = $(mock_one_la_LDFLAGS) -mock_four_la_LIBADD = $(mock_one_la_LIBADD) - -mock_five_la_SOURCES = p11-kit/mock-module-ep3.c -mock_five_la_LDFLAGS = $(mock_one_la_LDFLAGS) -mock_five_la_LIBADD = $(mock_one_la_LIBADD) - -EXTRA_DIST += \ - p11-kit/fixtures \ - p11-kit/test-mock.c \ - $(NULL) diff --git a/p11-kit/conf.c b/p11-kit/conf.c deleted file mode 100644 index 8a328ed..0000000 --- a/p11-kit/conf.c +++ /dev/null @@ -1,509 +0,0 @@ -/* - * Copyright (c) 2005 Stefan Walter - * Copyright (c) 2011 Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * - * CONTRIBUTORS - * Stef Walter - */ - -#include "config.h" - -#include "conf.h" -#define P11_DEBUG_FLAG P11_DEBUG_CONF -#include "debug.h" -#include "lexer.h" -#include "message.h" -#include "path.h" -#include "private.h" - -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -static int -strequal (const char *one, const char *two) -{ - return strcmp (one, two) == 0; -} - -/* ----------------------------------------------------------------------------- - * CONFIG PARSER - */ - -bool -_p11_conf_merge_defaults (p11_dict *map, - p11_dict *defaults) -{ - p11_dictiter iter; - void *key; - void *value; - - p11_dict_iterate (defaults, &iter); - while (p11_dict_next (&iter, &key, &value)) { - /* Only override if not set */ - if (p11_dict_get (map, key)) - continue; - key = strdup (key); - return_val_if_fail (key != NULL, false); - value = strdup (value); - return_val_if_fail (key != NULL, false); - if (!p11_dict_set (map, key, value)) - return_val_if_reached (false); - } - - return true; -} - -p11_dict * -_p11_conf_parse_file (const char* filename, - struct stat *sb, - int flags) -{ - p11_dict *map = NULL; - void *data; - p11_lexer lexer; - bool failed = false; - size_t length; - p11_mmap *mmap; - int error; - - assert (filename); - - p11_debug ("reading config file: %s", filename); - - mmap = p11_mmap_open (filename, sb, &data, &length); - if (mmap == NULL) { - error = errno; - if ((flags & CONF_IGNORE_MISSING) && - (error == ENOENT || error == ENOTDIR)) { - p11_debug ("config file does not exist"); - - } else if ((flags & CONF_IGNORE_ACCESS_DENIED) && - (error == EPERM || error == EACCES)) { - p11_debug ("config file is inaccessible"); - - } else { - p11_message_err (error, "couldn't open config file: %s", filename); - errno = error; - return NULL; - } - } - - map = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, free); - return_val_if_fail (map != NULL, NULL); - - /* Empty config fall through above */ - if (mmap == NULL) - return map; - - p11_lexer_init (&lexer, filename, data, length); - while (p11_lexer_next (&lexer, &failed)) { - switch (lexer.tok_type) { - case TOK_FIELD: - p11_debug ("config value: %s: %s", lexer.tok.field.name, - lexer.tok.field.value); - if (!p11_dict_set (map, lexer.tok.field.name, lexer.tok.field.value)) - return_val_if_reached (NULL); - lexer.tok.field.name = NULL; - lexer.tok.field.value = NULL; - break; - case TOK_PEM: - p11_message ("%s: unexpected pem block", filename); - failed = true; - break; - case TOK_SECTION: - p11_message ("%s: unexpected section header", filename); - failed = true; - break; - case TOK_EOF: - assert_not_reached (); - break; - } - - if (failed) - break; - } - - p11_lexer_done (&lexer); - p11_mmap_close (mmap); - - if (failed) { - p11_dict_free (map); - map = NULL; - errno = EINVAL; - } - - return map; -} - -static int -user_config_mode (p11_dict *config, - int defmode) -{ - const char *mode; - - /* Whether we should use or override from user directory */ - mode = p11_dict_get (config, "user-config"); - if (mode == NULL) { - return defmode; - } else if (strequal (mode, "none")) { - return CONF_USER_NONE; - } else if (strequal (mode, "merge")) { - return CONF_USER_MERGE; - } else if (strequal (mode, "only")) { - return CONF_USER_ONLY; - } else if (strequal (mode, "override")) { - return CONF_USER_ONLY; - } else { - p11_message ("invalid mode for 'user-config': %s", mode); - return CONF_USER_INVALID; - } -} - -p11_dict * -_p11_conf_load_globals (const char *system_conf, const char *user_conf, - int *user_mode) -{ - p11_dict *config = NULL; - p11_dict *uconfig = NULL; - p11_dict *result = NULL; - char *path = NULL; - int error = 0; - int flags; - int mode; - - /* - * This loads the system and user configs. This depends on the user-config - * value in both the system and user configs. A bit more complex than - * you might imagine, since user-config can be set to 'none' in the - * user configuration, essentially turning itself off. - */ - - /* Load the main configuration */ - config = _p11_conf_parse_file (system_conf, NULL, CONF_IGNORE_MISSING); - if (!config) - goto finished; - - /* Whether we should use or override from user directory */ - mode = user_config_mode (config, CONF_USER_MERGE); - if (mode == CONF_USER_INVALID) { - error = EINVAL; - goto finished; - } - - if (mode != CONF_USER_NONE && getauxval (AT_SECURE)) { - p11_debug ("skipping user config in setuid or setgid program"); - mode = CONF_USER_NONE; - } - - if (mode != CONF_USER_NONE) { - path = p11_path_expand (user_conf); - if (!path) { - error = errno; - goto finished; - } - - /* Load up the user configuration, ignore selinux denying us access */ - flags = CONF_IGNORE_MISSING | CONF_IGNORE_ACCESS_DENIED; - uconfig = _p11_conf_parse_file (path, NULL, flags); - if (!uconfig) { - error = errno; - goto finished; - } - - /* Figure out what the user mode is, defaulting to system mode if not set */ - mode = user_config_mode (uconfig, mode); - if (mode == CONF_USER_INVALID) { - error = EINVAL; - goto finished; - } - - /* If merging, then supplement user config with system values */ - if (mode == CONF_USER_MERGE) { - if (!_p11_conf_merge_defaults (uconfig, config)) { - error = errno; - goto finished; - } - } - - /* If user config valid at all, then replace system with what we have */ - if (mode != CONF_USER_NONE) { - p11_dict_free (config); - config = uconfig; - uconfig = NULL; - } - } - - if (user_mode) - *user_mode = mode; - - result = config; - config = NULL; - -finished: - free (path); - p11_dict_free (config); - p11_dict_free (uconfig); - errno = error; - return result; -} - -static char * -calc_name_from_filename (const char *fname) -{ - /* We eventually want to settle on .module */ - static const char *const suffix = ".module"; - static const size_t suffix_len = 7; - const char *c = fname; - size_t fname_len; - size_t name_len; - char *name; - - assert (fname); - - /* Make sure the filename starts with an alphanumeric */ - if (!isalnum(*c)) - return NULL; - ++c; - - /* Only allow alnum, _, -, and . */ - while (*c) { - if (!isalnum(*c) && *c != '_' && *c != '-' && *c != '.') - return NULL; - ++c; - } - - /* Make sure we have one of the suffixes */ - fname_len = strlen (fname); - if (suffix_len >= fname_len) - return NULL; - name_len = (fname_len - suffix_len); - if (strcmp (fname + name_len, suffix) != 0) - return NULL; - - name = malloc (name_len + 1); - return_val_if_fail (name != NULL, NULL); - memcpy (name, fname, name_len); - name[name_len] = 0; - return name; -} - -static bool -load_config_from_file (const char *configfile, - struct stat *sb, - const char *name, - p11_dict *configs, - int flags) -{ - p11_dict *config; - p11_dict *prev; - char *key; - int error = 0; - - assert (configfile); - - key = calc_name_from_filename (name); - if (key == NULL) { - p11_message ("invalid config filename, will be ignored in the future: %s", configfile); - key = strdup (name); - return_val_if_fail (key != NULL, false); - } - - config = _p11_conf_parse_file (configfile, sb, flags); - if (!config) { - free (key); - return false; - } - - prev = p11_dict_get (configs, key); - if (prev == NULL) { - if (!p11_dict_set (configs, key, config)) - return_val_if_reached (false); - config = NULL; - } else { - if (!_p11_conf_merge_defaults (prev, config)) - error = errno; - free (key); - } - - /* If still set */ - p11_dict_free (config); - - if (error) { - errno = error; - return false; - } - - return true; -} - -static bool -load_configs_from_directory (const char *directory, - p11_dict *configs, - int flags) -{ - struct dirent *dp; - struct stat st; - DIR *dir; - int error = 0; - bool is_dir; - char *path; - int count = 0; - - p11_debug ("loading module configs in: %s", directory); - - /* First we load all the modules */ - dir = opendir (directory); - if (!dir) { - error = errno; - if ((flags & CONF_IGNORE_MISSING) && - (errno == ENOENT || errno == ENOTDIR)) { - p11_debug ("module configs do not exist"); - return true; - } else if ((flags & CONF_IGNORE_ACCESS_DENIED) && - (errno == EPERM || errno == EACCES)) { - p11_debug ("couldn't list inacessible module configs"); - return true; - } - p11_message_err (error, "couldn't list directory: %s", directory); - errno = error; - return false; - } - - while ((dp = readdir(dir)) != NULL) { - path = p11_path_build (directory, dp->d_name, NULL); - return_val_if_fail (path != NULL, false); - - if (stat (path, &st) < 0) { - error = errno; - p11_message_err (error, "couldn't stat path: %s", path); - free (path); - break; - } - - is_dir = S_ISDIR (st.st_mode); - - if (!is_dir && !load_config_from_file (path, &st, dp->d_name, configs, flags)) { - error = errno; - free (path); - break; - } - - free (path); - count ++; - } - - closedir (dir); - - if (error) { - errno = error; - return false; - } - - return true; -} - -p11_dict * -_p11_conf_load_modules (int mode, - const char *package_dir, - const char *system_dir, - const char *user_dir) -{ - p11_dict *configs; - char *path; - int error = 0; - int flags; - - /* A hash table of name -> config */ - configs = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, - free, (p11_destroyer)p11_dict_free); - - /* Load each user config first, if user config is allowed */ - if (mode != CONF_USER_NONE) { - flags = CONF_IGNORE_MISSING | CONF_IGNORE_ACCESS_DENIED; - path = p11_path_expand (user_dir); - if (!path) - error = errno; - else if (!load_configs_from_directory (path, configs, flags)) - error = errno; - free (path); - if (error != 0) { - p11_dict_free (configs); - errno = error; - return NULL; - } - } - - /* - * Now unless user config is overriding, load system modules. - * Basically if a value for the same config name is not already - * loaded above (in the user configs) then they're loaded here. - */ - if (mode != CONF_USER_ONLY) { - flags = CONF_IGNORE_MISSING; - if (!load_configs_from_directory (system_dir, configs, flags) || - !load_configs_from_directory (package_dir, configs, flags)) { - error = errno; - p11_dict_free (configs); - errno = error; - return NULL; - } - } - - return configs; -} - -bool -_p11_conf_parse_boolean (const char *string, - bool default_value) -{ - if (!string) - return default_value; - - if (strcmp (string, "yes") == 0) { - return true; - } else if (strcmp (string, "no") == 0) { - return false; - } else { - p11_message ("invalid setting '%s' defaulting to '%s'", - string, default_value ? "yes" : "no"); - return default_value; - } -} diff --git a/p11-kit/conf.h b/p11-kit/conf.h deleted file mode 100644 index 911e650..0000000 --- a/p11-kit/conf.h +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Copyright (c) 2005 Stefan Walter - * Copyright (c) 2011 Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef __CONF_H__ -#define __CONF_H__ - -#include "dict.h" - -enum { - CONF_IGNORE_MISSING = 0x01, - CONF_IGNORE_ACCESS_DENIED = 0x02, -}; - -enum { - CONF_USER_INVALID = 0, - CONF_USER_NONE = 1, - CONF_USER_MERGE, - CONF_USER_ONLY -}; - -bool _p11_conf_merge_defaults (p11_dict *config, - p11_dict *defaults); - -/* Returns a hash of char *key -> char *value */ -p11_dict * _p11_conf_parse_file (const char *filename, - struct stat *sb, - int flags); - -/* Returns a hash of char *key -> char *value */ -p11_dict * _p11_conf_load_globals (const char *system_conf, - const char *user_conf, - int *user_mode); - -/* Returns a hash of char* name -> hash_t *config */ -p11_dict * _p11_conf_load_modules (int user_mode, - const char *package_dir, - const char *system_dir, - const char *user_dir); - -bool _p11_conf_parse_boolean (const char *string, - bool default_value); - -#endif /* __CONF_H__ */ diff --git a/p11-kit/deprecated.h b/p11-kit/deprecated.h deleted file mode 100644 index ffe5d9d..0000000 --- a/p11-kit/deprecated.h +++ /dev/null @@ -1,97 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef __P11_KIT_DEPRECATED_H__ -#define __P11_KIT_DEPRECATED_H__ - -#ifndef __P11_KIT_H__ -#error "Please include instead of this file." -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -#ifndef P11_KIT_NO_DEPRECATIONS -#if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5) -#define P11_KIT_DEPRECATED_FOR(f) __attribute__((deprecated("Use " #f " instead"))) -#elif __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1) -#define P11_KIT_DEPRECATED_FOR(f) __attribute__((__deprecated__)) -#endif -#endif - -#ifndef P11_KIT_DEPRECATED_FOR -#define P11_KIT_DEPRECATED_FOR(f) -#endif - -#ifndef P11_KIT_DISABLE_DEPRECATED - -P11_KIT_DEPRECATED_FOR (p11_kit_modules_load) -CK_RV p11_kit_initialize_registered (void); - -P11_KIT_DEPRECATED_FOR (p11_kit_modules_release) -CK_RV p11_kit_finalize_registered (void); - -P11_KIT_DEPRECATED_FOR (p11_kit_modules_release) -CK_FUNCTION_LIST_PTR * p11_kit_registered_modules (void); - -P11_KIT_DEPRECATED_FOR (p11_kit_module_for_name) -CK_FUNCTION_LIST_PTR p11_kit_registered_name_to_module (const char *name); - -P11_KIT_DEPRECATED_FOR (p11_kit_module_get_name) -char * p11_kit_registered_module_to_name (CK_FUNCTION_LIST_PTR module); - -P11_KIT_DEPRECATED_FOR (p11_kit_config_option) -char * p11_kit_registered_option (CK_FUNCTION_LIST_PTR module, - const char *field); - -P11_KIT_DEPRECATED_FOR (module->C_Initialize) -CK_RV p11_kit_initialize_module (CK_FUNCTION_LIST_PTR module); - -P11_KIT_DEPRECATED_FOR (module->C_Finalize) -CK_RV p11_kit_finalize_module (CK_FUNCTION_LIST_PTR module); - -P11_KIT_DEPRECATED_FOR (p11_kit_module_load) -CK_RV p11_kit_load_initialize_module (const char *module_path, - CK_FUNCTION_LIST_PTR *module); - -#endif /* P11_KIT_DISABLE_DEPRECATED */ - -#undef P11_KIT_DEPRECATED_FOR - -#ifdef __cplusplus -} /* extern "C" */ -#endif - -#endif /* __P11_KIT_DEPRECATED_H__ */ diff --git a/p11-kit/docs.h b/p11-kit/docs.h deleted file mode 100644 index 7b29e3d..0000000 --- a/p11-kit/docs.h +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -/* This header is not used by anything, and merely to help gtk-doc be sane */ - -#define P11_KIT_MODULE_UNMANAGED 1 -#define P11_KIT_MODULE_CRITICAL 1 diff --git a/p11-kit/fixtures/package-modules/four.module b/p11-kit/fixtures/package-modules/four.module deleted file mode 100644 index 933af2b..0000000 --- a/p11-kit/fixtures/package-modules/four.module +++ /dev/null @@ -1,5 +0,0 @@ - -module: mock-four.so -disable-in: test-disable, test-other -priority: 4 -trust-policy: no \ No newline at end of file diff --git a/p11-kit/fixtures/package-modules/win32/four.module b/p11-kit/fixtures/package-modules/win32/four.module deleted file mode 100644 index 6dc87c9..0000000 --- a/p11-kit/fixtures/package-modules/win32/four.module +++ /dev/null @@ -1,4 +0,0 @@ - -module: mock-four.dll -disable-in: test-disable, test-other -priority: 4 \ No newline at end of file diff --git a/p11-kit/fixtures/system-modules/one.module b/p11-kit/fixtures/system-modules/one.module deleted file mode 100644 index 5f49a8f..0000000 --- a/p11-kit/fixtures/system-modules/one.module +++ /dev/null @@ -1,5 +0,0 @@ - -module: mock-one.so -setting: system1 -trust-policy: yes -number: 18 diff --git a/p11-kit/fixtures/system-modules/two-duplicate.module b/p11-kit/fixtures/system-modules/two-duplicate.module deleted file mode 100644 index 756af69..0000000 --- a/p11-kit/fixtures/system-modules/two-duplicate.module +++ /dev/null @@ -1,4 +0,0 @@ - -# This is a duplicate of the 'two' module -module: mock-two.so -# no priority, use name \ No newline at end of file diff --git a/p11-kit/fixtures/system-modules/two.badname b/p11-kit/fixtures/system-modules/two.badname deleted file mode 100644 index eec3af0..0000000 --- a/p11-kit/fixtures/system-modules/two.badname +++ /dev/null @@ -1,6 +0,0 @@ -# This module doesn't have a .module extension, but p11-kit doesn't yet -# enforce the naming, just warns, so it should still be loaded - -module: mock-two.so -setting: system2 -# no priority, use name \ No newline at end of file diff --git a/p11-kit/fixtures/system-modules/win32/one.module b/p11-kit/fixtures/system-modules/win32/one.module deleted file mode 100644 index d153ce5..0000000 --- a/p11-kit/fixtures/system-modules/win32/one.module +++ /dev/null @@ -1,4 +0,0 @@ - -module: mock-one.dll -setting: system1 -# no order, use name \ No newline at end of file diff --git a/p11-kit/fixtures/system-modules/win32/two-duplicate.module b/p11-kit/fixtures/system-modules/win32/two-duplicate.module deleted file mode 100644 index 54ef1cc..0000000 --- a/p11-kit/fixtures/system-modules/win32/two-duplicate.module +++ /dev/null @@ -1,4 +0,0 @@ - -# This is a duplicate of the 'two' module -module: mock-two.dll -# no order, use name \ No newline at end of file diff --git a/p11-kit/fixtures/system-modules/win32/two.badname b/p11-kit/fixtures/system-modules/win32/two.badname deleted file mode 100644 index af63cf9..0000000 --- a/p11-kit/fixtures/system-modules/win32/two.badname +++ /dev/null @@ -1,6 +0,0 @@ -# This module doesn't have a .module extension, but p11-kit doesn't yet -# enforce the naming, just warns, so it should still be loaded - -module: mock-two.dll -setting: system2 -# no order, use name \ No newline at end of file diff --git a/p11-kit/fixtures/system-pkcs11.conf b/p11-kit/fixtures/system-pkcs11.conf deleted file mode 100644 index a3aa273..0000000 --- a/p11-kit/fixtures/system-pkcs11.conf +++ /dev/null @@ -1,6 +0,0 @@ - -# Merge in user config -user-config: merge - -# Another option -new: world \ No newline at end of file diff --git a/p11-kit/fixtures/test-1.conf b/p11-kit/fixtures/test-1.conf deleted file mode 100644 index d4ae0a1..0000000 --- a/p11-kit/fixtures/test-1.conf +++ /dev/null @@ -1,6 +0,0 @@ -key1:value1 -with-whitespace : value-with-whitespace -with-colon: value-of-colon - -# A comment -embedded-comment: this is # not a comment diff --git a/p11-kit/fixtures/test-pinfile b/p11-kit/fixtures/test-pinfile deleted file mode 100644 index f646f3d..0000000 --- a/p11-kit/fixtures/test-pinfile +++ /dev/null @@ -1 +0,0 @@ -yogabbagabba \ No newline at end of file diff --git a/p11-kit/fixtures/test-pinfile-large b/p11-kit/fixtures/test-pinfile-large deleted file mode 100644 index 506668d..0000000 --- a/p11-kit/fixtures/test-pinfile-large +++ /dev/null @@ -1,53 +0,0 @@ -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yo \ No newline at end of file diff --git a/p11-kit/fixtures/test-system-invalid.conf b/p11-kit/fixtures/test-system-invalid.conf deleted file mode 100644 index 344ee96..0000000 --- a/p11-kit/fixtures/test-system-invalid.conf +++ /dev/null @@ -1,3 +0,0 @@ - -# Invalid user-config setting -user-config: bad diff --git a/p11-kit/fixtures/test-system-merge.conf b/p11-kit/fixtures/test-system-merge.conf deleted file mode 100644 index 978427d..0000000 --- a/p11-kit/fixtures/test-system-merge.conf +++ /dev/null @@ -1,7 +0,0 @@ - -# Merge in user config -user-config: merge - -key1: system1 -key2: system2 -key3: system3 \ No newline at end of file diff --git a/p11-kit/fixtures/test-system-none.conf b/p11-kit/fixtures/test-system-none.conf deleted file mode 100644 index 2d43fa7..0000000 --- a/p11-kit/fixtures/test-system-none.conf +++ /dev/null @@ -1,8 +0,0 @@ - -# Only user config -user-config: none - -# These values will not be overridden -key1: system1 -key2: system2 -key3: system3 \ No newline at end of file diff --git a/p11-kit/fixtures/test-system-only.conf b/p11-kit/fixtures/test-system-only.conf deleted file mode 100644 index 589f1c7..0000000 --- a/p11-kit/fixtures/test-system-only.conf +++ /dev/null @@ -1,8 +0,0 @@ - -# Only user config -user-config: only - -# This stuff will be ignored -key1: system1 -key2: system2 -key3: system3 \ No newline at end of file diff --git a/p11-kit/fixtures/test-user-invalid.conf b/p11-kit/fixtures/test-user-invalid.conf deleted file mode 100644 index 344ee96..0000000 --- a/p11-kit/fixtures/test-user-invalid.conf +++ /dev/null @@ -1,3 +0,0 @@ - -# Invalid user-config setting -user-config: bad diff --git a/p11-kit/fixtures/test-user-only.conf b/p11-kit/fixtures/test-user-only.conf deleted file mode 100644 index 3224c01..0000000 --- a/p11-kit/fixtures/test-user-only.conf +++ /dev/null @@ -1,4 +0,0 @@ - -user-config: only -key2: user2 -key3: user3 \ No newline at end of file diff --git a/p11-kit/fixtures/test-user.conf b/p11-kit/fixtures/test-user.conf deleted file mode 100644 index 369544a..0000000 --- a/p11-kit/fixtures/test-user.conf +++ /dev/null @@ -1,3 +0,0 @@ - -key2: user2 -key3: user3 \ No newline at end of file diff --git a/p11-kit/fixtures/user-modules/one.module b/p11-kit/fixtures/user-modules/one.module deleted file mode 100644 index 5197daf..0000000 --- a/p11-kit/fixtures/user-modules/one.module +++ /dev/null @@ -1,4 +0,0 @@ - -setting: user1 -managed: yes -number: 33 diff --git a/p11-kit/fixtures/user-modules/three.module b/p11-kit/fixtures/user-modules/three.module deleted file mode 100644 index 3a2366d..0000000 --- a/p11-kit/fixtures/user-modules/three.module +++ /dev/null @@ -1,6 +0,0 @@ - -module: mock-three.so -setting: user3 - -enable-in: test-enable -priority: 3 \ No newline at end of file diff --git a/p11-kit/fixtures/user-modules/win32/one.module b/p11-kit/fixtures/user-modules/win32/one.module deleted file mode 100644 index c371e4a..0000000 --- a/p11-kit/fixtures/user-modules/win32/one.module +++ /dev/null @@ -1,2 +0,0 @@ - -setting: user1 \ No newline at end of file diff --git a/p11-kit/fixtures/user-modules/win32/three.module b/p11-kit/fixtures/user-modules/win32/three.module deleted file mode 100644 index 30a3b63..0000000 --- a/p11-kit/fixtures/user-modules/win32/three.module +++ /dev/null @@ -1,6 +0,0 @@ - -module: mock-three.dll -setting: user3 - -enable-in: test-enable -priority: 3 \ No newline at end of file diff --git a/p11-kit/frob-setuid.c b/p11-kit/frob-setuid.c deleted file mode 100644 index e546ece..0000000 --- a/p11-kit/frob-setuid.c +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include -#include -#include -#include - -#include "compat.h" -#include "p11-kit.h" - -int -main (void) -{ - CK_FUNCTION_LIST **modules; - CK_FUNCTION_LIST *module; - char *field; - char *name; - int ret; - int i; - - /* - * Use 'chmod ug+s frob-setuid' to change this program - * and test the output with/without setuid or setgid. - */ - - putenv ("P11_KIT_STRICT=1"); - - modules = p11_kit_modules_load_and_initialize (0); - assert (modules != NULL); - - /* This is a system configured module */ - module = p11_kit_module_for_name (modules, "one"); - assert (module != NULL); - - field = p11_kit_config_option (module, "setting"); - printf ("'setting' on module 'one': %s\n", field ? field : "(null)"); - - assert (field != NULL); - if (getauxval (AT_SECURE)) - assert (strcmp (field, "system1") == 0); - else - assert (strcmp (field, "user1") == 0); - - free (field); - - for (i = 0; modules[i] != NULL; i++) { - name = p11_kit_module_get_name (modules[i]); - printf ("%s\n", name); - free (name); - } - - field = p11_kit_config_option (module, "number"); - printf ("'number' on module 'one': %s\n", field ? field : "(null)"); - - ret = atoi (field ? field : "0"); - assert (ret != 0); - free (field); - - p11_kit_modules_finalize_and_release (modules); - return ret; -} diff --git a/p11-kit/iter.c b/p11-kit/iter.c deleted file mode 100644 index 4caf5d7..0000000 --- a/p11-kit/iter.c +++ /dev/null @@ -1,983 +0,0 @@ -/* - * Copyright (C) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "array.h" -#include "attrs.h" -#include "debug.h" -#include "iter.h" -#include "pin.h" -#include "private.h" - -#include -#include -#include - -typedef struct _Callback { - p11_kit_iter_callback func; - void *callback_data; - p11_kit_destroyer destroyer; - struct _Callback *next; -} Callback; - -/** - * P11KitIter: - * - * Used to iterate over PKCS\#11 objects. - */ -struct p11_kit_iter { - - /* Iterator matching data */ - CK_INFO match_module; - CK_SLOT_INFO match_slot; - CK_TOKEN_INFO match_token; - CK_ATTRIBUTE *match_attrs; - CK_SLOT_ID match_slot_id; - Callback *callbacks; - - /* The input modules */ - p11_array *modules; - - /* The results of C_GetSlotList */ - CK_SLOT_ID *slots; - CK_ULONG num_slots; - CK_ULONG saw_slots; - - /* The results of C_FindObjects */ - CK_OBJECT_HANDLE *objects; - CK_ULONG max_objects; - CK_ULONG num_objects; - CK_ULONG saw_objects; - - /* The current iteration */ - CK_FUNCTION_LIST_PTR module; - CK_SLOT_ID slot; - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE object; - CK_SLOT_INFO slot_info; - CK_TOKEN_INFO token_info; - - /* And various flags */ - unsigned int searching : 1; - unsigned int searched : 1; - unsigned int iterating : 1; - unsigned int match_nothing : 1; - unsigned int keep_session : 1; - unsigned int preload_results : 1; - unsigned int want_writable : 1; -}; - -/** - * P11KitIterBehavior: - * @P11_KIT_ITER_BUSY_SESSIONS: Allow the iterator's sessions to be - * in a busy state when the iterator returns an object. - * @P11_KIT_ITER_WANT_WRITABLE: Try to open read-write sessions when - * iterating over obojects. - * - * Various flags controlling the behavior of the iterator. - */ - -/** - * p11_kit_iter_new: - * @uri: (allow-none): a PKCS\#11 URI to filter on, or %NULL - * @behavior: various behavior flags for iterator - * - * Create a new PKCS\#11 iterator for iterating over objects. Only - * objects that match the @uri will be returned by the iterator. - * Relevant information in @uri is copied, and you need not keep - * @uri around. - * - * If no @uri is specified then the iterator will iterate over all - * objects, unless otherwise filtered. - * - * Returns: (transfer full): a new iterator, which should be freed - * with p11_kit_iter_free() - */ -P11KitIter * -p11_kit_iter_new (P11KitUri *uri, - P11KitIterBehavior behavior) -{ - P11KitIter *iter; - - iter = calloc (1, sizeof (P11KitIter)); - return_val_if_fail (iter != NULL, NULL); - - iter->modules = p11_array_new (NULL); - return_val_if_fail (iter->modules != NULL, NULL); - - iter->want_writable = !!(behavior & P11_KIT_ITER_WANT_WRITABLE); - iter->preload_results = !(behavior & P11_KIT_ITER_BUSY_SESSIONS); - - p11_kit_iter_set_uri (iter, uri); - return iter; -} - -/** - * p11_kit_iter_set_uri: - * @iter: the iterator - * @uri: (allow-none): a PKCS\#11 URI to filter on, or %NULL - * - * Set the PKCS\#11 uri for iterator. Only - * objects that match the @uri will be returned by the iterator. - * Relevant information in @uri is copied, and you need not keep - * @uri around. - * - * If no @uri is specified then the iterator will iterate over all - * objects, unless otherwise filtered. - * - * This function should be called at most once, and should be - * called before iterating begins. - * - */ -void -p11_kit_iter_set_uri (P11KitIter *iter, - P11KitUri *uri) -{ - CK_ATTRIBUTE *attrs; - CK_TOKEN_INFO *tinfo; - CK_SLOT_INFO *sinfo; - CK_INFO *minfo; - CK_ULONG count; - - return_if_fail (iter != NULL); - - if (uri != NULL) { - - if (p11_kit_uri_any_unrecognized (uri)) { - iter->match_nothing = 1; - - } else { - attrs = p11_kit_uri_get_attributes (uri, &count); - iter->match_attrs = p11_attrs_buildn (NULL, attrs, count); - - iter->match_slot_id = p11_kit_uri_get_slot_id (uri); - - minfo = p11_kit_uri_get_module_info (uri); - if (minfo != NULL) - memcpy (&iter->match_module, minfo, sizeof (CK_INFO)); - - sinfo = p11_kit_uri_get_slot_info (uri); - if (sinfo != NULL) - memcpy (&iter->match_slot, sinfo, sizeof (CK_SLOT_INFO)); - - tinfo = p11_kit_uri_get_token_info (uri); - if (tinfo != NULL) - memcpy (&iter->match_token, tinfo, sizeof (CK_TOKEN_INFO)); - } - } else { - /* Match any module version number and slot ID */ - memset (&iter->match_module, 0, sizeof (iter->match_module)); - iter->match_module.libraryVersion.major = (CK_BYTE)-1; - iter->match_module.libraryVersion.minor = (CK_BYTE)-1; - iter->match_slot_id = (CK_SLOT_ID)-1; - } -} - -/** - * p11_kit_destroyer: - * @data: data to destroy - * - * A callback called to free a resource. - */ - -/** - * p11_kit_iter_callback: - * @iter: the iterator - * @matches: (out): whether to match the current object - * @data: callback data - * - * A callback setup with p11_kit_iter_add_callback(). This callback is - * called for each object iterated. - * - * If the callback sets @matches to CK_FALSE, then this object is - * skipped and not matched by p11_kit_iter_next(). If you return - * anything but CKR_OK, then the iteration is stopped, and - * p11_kit_iter_next() returns the result code. - * - * Returns: CKR_OK to continue iterating, CKR_CANCEL to stop, or - * anything else to fail - */ - -/** - * p11_kit_iter_add_callback: - * @iter: the iterator - * @callback: a function to call for each iteration - * @callback_data: (allow-none): data to pass to the function - * @callback_destroy: (allow-none): used to cleanup the data - * - * Adds a callback to the iterator which will be called each time - * that an object is iterated. - * - * These callbacks can also perform filtering. If any callback - * indicates through it's matches argument that - * the object should not match, then that object will not be iterated - * as far as p11_kit_iter_next() is concerned. - * - * The callbacks will be called with the matches - * set to CK_TRUE and it's up to filters to change - * it to CK_FALSE when necessary. - */ -void -p11_kit_iter_add_callback (P11KitIter *iter, - p11_kit_iter_callback callback, - void *callback_data, - p11_kit_destroyer callback_destroy) -{ - Callback *cb; - - return_if_fail (iter != NULL); - return_if_fail (callback != NULL); - - cb = calloc (1, sizeof (Callback)); - return_if_fail (cb != NULL); - - cb->func = callback; - cb->destroyer = callback_destroy; - cb->callback_data = callback_data; - cb->next = iter->callbacks; - iter->callbacks = cb; -} - -/** - * p11_kit_iter_add_filter: - * @iter: the iterator - * @matching: (array length=count): the attributes that the objects should match - * @count: the number of attributes - * - * Add a filter to limit the objects that the iterator iterates over. - * - * Only objects matching the passed in attributes will be iterated. - * This function can be called multiple times. - * - * The @matching attributes are copied. - */ -void -p11_kit_iter_add_filter (P11KitIter *iter, - CK_ATTRIBUTE *matching, - CK_ULONG count) -{ - return_if_fail (iter != NULL); - return_if_fail (!iter->iterating); - - iter->match_attrs = p11_attrs_buildn (iter->match_attrs, matching, count); - return_if_fail (iter->match_attrs != NULL); -} - -static void -finish_object (P11KitIter *iter) -{ - iter->object = 0; -} - -static void -finish_slot (P11KitIter *iter) -{ - if (iter->session && !iter->keep_session) { - assert (iter->module != NULL); - (iter->module->C_CloseSession) (iter->session); - } - - iter->keep_session = 0; - iter->session = 0; - iter->searched = 0; - iter->searching = 0; - iter->slot = 0; -} - -static void -finish_module (P11KitIter *iter) -{ - iter->num_slots = 0; - iter->saw_slots = 0; - iter->module = NULL; -} - -static CK_RV -finish_iterating (P11KitIter *iter, - CK_RV rv) -{ - finish_object (iter); - finish_slot (iter); - finish_module (iter); - p11_array_clear (iter->modules); - - iter->iterating = 0; - return rv; -} - -/** - * p11_kit_iter_begin: - * @iter: the iterator - * @modules: (array zero-terminated=1): null-terminated list of - * modules to iterate over - * - * Begin iterating PKCS\#11 objects in the given @modules. - * - * The @modules arguments should be a null-terminated list of - * pointers to the modules' PKCS\#11 function pointers. - * - * For each module, all initialized slots will be iterated over, - * having sessions opened for each of them in turn, and searched - * for objects matching the search criteria. - */ -void -p11_kit_iter_begin (P11KitIter *iter, - CK_FUNCTION_LIST_PTR *modules) -{ - int i; - - return_if_fail (modules != NULL); - - finish_iterating (iter, CKR_OK); - - /* Use this module */ - for (i = 0; modules[i] != NULL; i++) { - if (!p11_array_push (iter->modules, modules[i])) - return_if_reached (); - } - - iter->iterating = 1; - iter->searched = 1; -} - -/** - * p11_kit_iter_begin_with: - * @iter: the iterator - * @module: the module to iterate over - * @slot: (allow-none): the slot to iterate objects in, or zero - * @session: (allow-none): the session to search for objects on, or zero - * - * Begin iterating PKCS\#11 objects in the given @module. - * - * If @slot is non-zero then the iteration will be limited to that - * slot. - * - * If @session is non-zero then the iteration will be limited to - * objects visible through that session, which implies that they - * are also limited to the slot which the session was opened for. - */ -void -p11_kit_iter_begin_with (P11KitIter *iter, - CK_FUNCTION_LIST_PTR module, - CK_SLOT_ID slot, - CK_SESSION_HANDLE session) -{ - CK_SESSION_INFO info; - CK_RV rv; - - finish_iterating (iter, CKR_OK); - - return_if_fail (module != NULL); - - if (session != 0) { - /* - * A currently active session. Initialize as if we're ready - * to search using this session. - */ - - /* If we have a session, but no slot, then look it up */ - if (slot == 0) { - assert (module != NULL); - rv = (module->C_GetSessionInfo) (session, &info); - if (rv == CKR_OK) - slot = info.slotID; - } - - /* So initialize as if we're ready to search */ - iter->session = session; - iter->slot = slot; - iter->module = module; - iter->keep_session = 1; - - } else if (slot != 0) { - - /* - * Limit to this slot. Initialize as if we're ready to use the - * slot from the slots list. - */ - - iter->module = module; - iter->slots = realloc (iter->slots, sizeof (CK_SLOT_ID)); - return_if_fail (iter->slots != NULL); - iter->slots[0] = slot; - iter->num_slots = 1; - iter->searched = 1; - - } else { - - /* - * Limit to this module. Initialize as if we're ready to use - * the module from the modules array. - */ - - assert (module != NULL); - p11_array_push (iter->modules, module); - iter->session = 0; - iter->slot = 0; - iter->searched = 1; - } - - iter->iterating = 1; -} - -static CK_RV -call_all_filters (P11KitIter *iter, - CK_BBOOL *matches) -{ - Callback *cb; - CK_RV rv; - - *matches = CK_TRUE; - - for (cb = iter->callbacks; cb != NULL; cb = cb->next) { - rv = (cb->func) (iter, matches, cb->callback_data); - if (rv != CKR_OK || !*matches) - return rv; - } - - return CKR_OK; -} - -static CK_RV -move_next_session (P11KitIter *iter) -{ - CK_ULONG session_flags; - CK_ULONG num_slots; - CK_INFO minfo; - CK_RV rv; - - finish_slot (iter); - - /* If we have no more slots, then move to next module */ - while (iter->saw_slots >= iter->num_slots) { - finish_module (iter); - - /* Iter is finished */ - if (iter->modules->num == 0) - return finish_iterating (iter, CKR_CANCEL); - - iter->module = iter->modules->elem[0]; - p11_array_remove (iter->modules, 0); - - /* Skip module if it doesn't match uri */ - assert (iter->module != NULL); - rv = (iter->module->C_GetInfo) (&minfo); - if (rv != CKR_OK || !p11_match_uri_module_info (&iter->match_module, &minfo)) - continue; - - rv = (iter->module->C_GetSlotList) (CK_TRUE, NULL, &num_slots); - if (rv != CKR_OK) - return finish_iterating (iter, rv); - - iter->slots = realloc (iter->slots, sizeof (CK_SLOT_ID) * (num_slots + 1)); - return_val_if_fail (iter->slots != NULL, CKR_HOST_MEMORY); - - rv = (iter->module->C_GetSlotList) (CK_TRUE, iter->slots, &num_slots); - if (rv != CKR_OK) - return finish_iterating (iter, rv); - - iter->num_slots = num_slots; - assert (iter->saw_slots == 0); - } - - /* Move to the next slot, and open a session on it */ - while (iter->saw_slots < iter->num_slots) { - iter->slot = iter->slots[iter->saw_slots++]; - - assert (iter->module != NULL); - if (iter->match_slot_id != (CK_SLOT_ID)-1 && iter->slot != iter->match_slot_id) - continue; - rv = (iter->module->C_GetSlotInfo) (iter->slot, &iter->slot_info); - if (rv != CKR_OK || !p11_match_uri_slot_info (&iter->match_slot, &iter->slot_info)) - continue; - rv = (iter->module->C_GetTokenInfo) (iter->slot, &iter->token_info); - if (rv != CKR_OK || !p11_match_uri_token_info (&iter->match_token, &iter->token_info)) - continue; - - session_flags = CKF_SERIAL_SESSION; - - /* Skip if the read/write on a read-only token */ - if (iter->want_writable && (iter->token_info.flags & CKF_WRITE_PROTECTED) == 0) - session_flags |= CKF_RW_SESSION; - - rv = (iter->module->C_OpenSession) (iter->slot, session_flags, - NULL, NULL, &iter->session); - if (rv != CKR_OK) - return finish_iterating (iter, rv); - - if (iter->session != 0) - return CKR_OK; - } - - /* Otherwise try again */ - return move_next_session (iter); -} - -/** - * p11_kit_iter_next: - * @iter: the iterator - * - * Iterate to the next matching object. - * - * To access the object, session and so on, use the p11_kit_iter_get_object(), - * p11_kit_iter_get_session(), and p11_kit_iter_get_module() functions. - * - * This call must only be called after either p11_kit_iter_begin() - * or p11_kit_iter_begin_with() have been called. - * - * Objects which are skipped by callbacks will not be returned here - * as matching objects. - * - * Returns: CKR_OK if an object matched, CKR_CANCEL if no more objects, or another error - */ -CK_RV -p11_kit_iter_next (P11KitIter *iter) -{ - CK_ULONG batch; - CK_ULONG count; - CK_BBOOL matches; - CK_RV rv; - - return_val_if_fail (iter->iterating, CKR_OPERATION_NOT_INITIALIZED); - - iter->object = 0; - - if (iter->match_nothing) - return finish_iterating (iter, CKR_CANCEL); - - /* - * If we have outstanding objects, then iterate one through those - * Note that we pass each object through the filters, and only - * assume it's iterated if it matches - */ - while (iter->saw_objects < iter->num_objects) { - iter->object = iter->objects[iter->saw_objects++]; - - rv = call_all_filters (iter, &matches); - if (rv != CKR_OK) - return finish_iterating (iter, rv); - - if (matches) - return CKR_OK; - } - - /* If we have finished searching then move to next session */ - if (iter->searched) { - rv = move_next_session (iter); - if (rv != CKR_OK) - return finish_iterating (iter, rv); - } - - /* Ready to start searching */ - if (!iter->searching && !iter->searched) { - count = p11_attrs_count (iter->match_attrs); - rv = (iter->module->C_FindObjectsInit) (iter->session, iter->match_attrs, count); - if (rv != CKR_OK) - return finish_iterating (iter, rv); - iter->searching = 1; - iter->searched = 0; - } - - /* If we have searched on this session then try to continue */ - if (iter->searching) { - assert (iter->module != NULL); - assert (iter->session != 0); - iter->num_objects = 0; - iter->saw_objects = 0; - - for (;;) { - if (iter->max_objects - iter->num_objects == 0) { - iter->max_objects = iter->max_objects ? iter->max_objects * 2 : 64; - iter->objects = realloc (iter->objects, iter->max_objects * sizeof (CK_ULONG)); - return_val_if_fail (iter->objects != NULL, CKR_HOST_MEMORY); - } - - batch = iter->max_objects - iter->num_objects; - rv = (iter->module->C_FindObjects) (iter->session, - iter->objects + iter->num_objects, - batch, &count); - if (rv != CKR_OK) - return finish_iterating (iter, rv); - - iter->num_objects += count; - - /* - * Done searching on this session, although there are still - * objects outstanding, which will be returned on next - * iterations. - */ - if (batch != count) { - iter->searching = 0; - iter->searched = 1; - (iter->module->C_FindObjectsFinal) (iter->session); - break; - } - - if (!iter->preload_results) - break; - } - } - - /* Try again */ - return p11_kit_iter_next (iter); -} - -/** - * p11_kit_iter_get_module: - * @iter: the iterator - * - * Get the module function pointers for the current matching object. - * - * This can only be called after p11_kit_iter_next() succeeds. - * - * Returns: the module which the current matching object is in - */ -CK_FUNCTION_LIST_PTR -p11_kit_iter_get_module (P11KitIter *iter) -{ - return_val_if_fail (iter != NULL, NULL); - return_val_if_fail (iter->iterating, 0); - return iter->module; -} - -/** - * p11_kit_iter_get_slot: - * @iter: the iterator - * - * Get the slot which the current matching object is on. - * - * This can only be called after p11_kit_iter_next() succeeds. - * - * Returns: the slot of the current matching object - */ -CK_SLOT_ID -p11_kit_iter_get_slot (P11KitIter *iter) -{ - return_val_if_fail (iter != NULL, 0); - return_val_if_fail (iter->iterating, 0); - return iter->slot; -} - -/** - * p11_kit_iter_get_slot_info: - * @iter: the iterator - * - * Get the slot info for the slot which the current matching object is on. - * - * This can only be called after p11_kit_iter_next() succeeds. - * - * Returns: the slot of the current matching object. - */ -CK_SLOT_INFO * -p11_kit_iter_get_slot_info (P11KitIter *iter) -{ - return_val_if_fail (iter != NULL, NULL); - return &iter->slot_info; -} - -/** - * p11_kit_iter_get_token: - * @iter: the iterator - * - * Get the token info for the token which the current matching object is on. - * - * This can only be called after p11_kit_iter_next() succeeds. - * - * Returns: the slot of the current matching object. - */ -CK_TOKEN_INFO * -p11_kit_iter_get_token (P11KitIter *iter) -{ - return_val_if_fail (iter != NULL, NULL); - return &iter->token_info; -} - -/** - * p11_kit_iter_get_session: - * @iter: the iterator - * - * Get the session which the current matching object is acessible - * through. - * - * This can only be called after p11_kit_iter_next() succeeds. - * - * The session may be closed after the next p11_kit_iter_next() call - * unless p11_kit_iter_keep_session() is called. - * - * Returns: the session used to find the current matching object - */ -CK_SESSION_HANDLE -p11_kit_iter_get_session (P11KitIter *iter) -{ - return_val_if_fail (iter != NULL, 0); - return_val_if_fail (iter->iterating, 0); - return iter->session; -} - -/** - * p11_kit_iter_get_object: - * @iter: the iterator - * - * Get the current matching object. - * - * This can only be called after p11_kit_iter_next() succeeds. - * - * Returns: the current matching object - */ -CK_OBJECT_HANDLE -p11_kit_iter_get_object (P11KitIter *iter) -{ - return_val_if_fail (iter != NULL, 0); - return iter->object; -} - -/** - * p11_kit_iter_destroy_object: - * @iter: the iterator - * - * Destroy the current matching object. - * - * This can only be called after p11_kit_iter_next() succeeds. - * - * Returns: CKR_OK or a failure code - */ -CK_RV -p11_kit_iter_destroy_object (P11KitIter *iter) -{ - return_val_if_fail (iter != NULL, CKR_GENERAL_ERROR); - return_val_if_fail (iter->iterating, CKR_GENERAL_ERROR); - return (iter->module->C_DestroyObject) (iter->session, iter->object); -} - -/** - * p11_kit_iter_get_attributes: - * @iter: the iterator - * @template: (array length=count) (inout): the attributes to get - * @count: the number of attributes - * - * Get attributes for the current matching object. - * - * This calls C_GetAttributeValue for the object - * currently iterated to. Return value and attribute memory behavior - * is identical to the PKCS\#11 C_GetAttributeValue - * function. - * - * You might choose to use p11_kit_iter_load_attributes() for a more - * helpful variant. - * - * This can only be called after p11_kit_iter_next() succeeds. - * - * Returns: The result from C_GetAttributeValue. - */ -CK_RV -p11_kit_iter_get_attributes (P11KitIter *iter, - CK_ATTRIBUTE *template, - CK_ULONG count) -{ - return_val_if_fail (iter != NULL, CKR_GENERAL_ERROR); - return_val_if_fail (iter->iterating, CKR_GENERAL_ERROR); - return_val_if_fail (iter->module != NULL, CKR_GENERAL_ERROR); - return_val_if_fail (iter->session != 0, CKR_GENERAL_ERROR); - return_val_if_fail (iter->object != 0, CKR_GENERAL_ERROR); - - return (iter->module->C_GetAttributeValue) (iter->session, iter->object, - template, count); -} - -/** - * p11_kit_iter_load_attributes: - * @iter: the iterator - * @template: (array length=count) (inout): the attributes to load - * @count: the number of attributes - * - * Retrieve attributes for the current matching object. - * - * Each attribute in the array will be filled in with the value - * of that attribute retrieved from the object. After use the - * attribute value memory pointed to by the pValue - * of each attribute should be freed with the free() - * function. - * - * If the pValue of an attribute is not %NULL passed - * to this function, then it will be passed to - * realloc() to allocate the correct amount - * of space for the attribute value. - * - * If any attribute is not present on the object, or is sensitive and - * cannot be retrieved, then the pValue will be NULL. - * If pValue was not %NULL when passed to this function - * then it will be freed with free(). In these - * cases CKR_OK is returned. - * - * This can only be called after p11_kit_iter_next() succeeds. - * - * Returns: CKR_OK or a failure code - */ -CK_RV -p11_kit_iter_load_attributes (P11KitIter *iter, - CK_ATTRIBUTE *template, - CK_ULONG count) -{ - CK_ATTRIBUTE *original = NULL; - CK_ULONG i; - CK_RV rv; - - return_val_if_fail (iter != NULL, CKR_GENERAL_ERROR); - return_val_if_fail (iter->iterating, CKR_GENERAL_ERROR); - return_val_if_fail (iter->module != NULL, CKR_GENERAL_ERROR); - return_val_if_fail (iter->session != 0, CKR_GENERAL_ERROR); - return_val_if_fail (iter->object != 0, CKR_GENERAL_ERROR); - - if (count == 0) - return CKR_OK; - - original = memdup (template, count * sizeof (CK_ATTRIBUTE)); - return_val_if_fail (original != NULL, CKR_HOST_MEMORY); - - for (i = 0; i < count; i++) - template[i].pValue = NULL; - - rv = (iter->module->C_GetAttributeValue) (iter->session, iter->object, template, count); - - switch (rv) { - case CKR_OK: - case CKR_ATTRIBUTE_TYPE_INVALID: - case CKR_ATTRIBUTE_SENSITIVE: - case CKR_BUFFER_TOO_SMALL: - break; - default: - free (original); - return rv; - } - - for (i = 0; i < count; i++) { - if (template[i].ulValueLen == (CK_ULONG)-1 || - template[i].ulValueLen == 0) { - free (original[i].pValue); - - } else if (original[i].pValue != NULL && - template[i].ulValueLen == original[i].ulValueLen) { - template[i].pValue = original[i].pValue; - - } else { - template[i].pValue = realloc (original[i].pValue, template[i].ulValueLen); - return_val_if_fail (template[i].pValue != NULL, CKR_HOST_MEMORY); - } - } - - free (original); - - rv = (iter->module->C_GetAttributeValue) (iter->session, iter->object, template, count); - - switch (rv) { - case CKR_OK: - case CKR_ATTRIBUTE_TYPE_INVALID: - case CKR_ATTRIBUTE_SENSITIVE: - rv = CKR_OK; - break; - default: - return_val_if_fail (rv != CKR_BUFFER_TOO_SMALL, rv); - return rv; - } - - for (i = 0; i < count; i++) { - if (template[i].ulValueLen == (CK_ULONG)-1 || - template[i].ulValueLen == 0) { - free (template[i].pValue); - template[i].pValue = NULL; - } - } - - return rv; -} - -/** - * p11_kit_iter_keep_session: - * @iter: the iterator - * - * After calling this function the session open for iterating - * the current object will not be automatically closed by - * the iterator after later calls to p11_kit_iter_next() or - * p11_kit_iter_free(). - * - * It is the callers responsibility to close this session, - * after the iterator has been freed. The session may still be - * used by the iterator if further iterations are performed. - * - * This can only be called after p11_kit_iter_next() succeeds. - * - * Returns: the current session - */ -CK_SESSION_HANDLE -p11_kit_iter_keep_session (P11KitIter *iter) -{ - return_val_if_fail (iter != NULL, 0); - return_val_if_fail (iter->iterating, 0); - return_val_if_fail (iter->session != 0, 0); - - iter->keep_session = 1; - return iter->session; -} - -/** - * p11_kit_iter_free: - * @iter: the iterator - * - * Frees the iterator and all resources, such as sessions - * or callbacks held by the iterator. - */ -void -p11_kit_iter_free (P11KitIter *iter) -{ - Callback *cb, *next; - - if (iter == NULL) - return; - - finish_iterating (iter, CKR_OK); - p11_array_free (iter->modules); - p11_attrs_free (iter->match_attrs); - free (iter->objects); - free (iter->slots); - - for (cb = iter->callbacks; cb != NULL; cb = next) { - next = cb->next; - if (cb->destroyer) - (cb->destroyer) (cb->callback_data); - free (cb); - } - - free (iter); -} diff --git a/p11-kit/iter.h b/p11-kit/iter.h deleted file mode 100644 index 3f51041..0000000 --- a/p11-kit/iter.h +++ /dev/null @@ -1,117 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat, Inc - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef P11_KIT_ITER_H -#define P11_KIT_ITER_H - -#include "p11-kit/p11-kit.h" -#include "p11-kit/pkcs11.h" -#include "p11-kit/uri.h" - -#ifdef __cplusplus -extern "C" { -#endif - -#ifdef P11_KIT_FUTURE_UNSTABLE_API - -typedef struct p11_kit_iter P11KitIter; -typedef P11KitIter p11_kit_iter; - -typedef enum { - P11_KIT_ITER_BUSY_SESSIONS = 1 << 1, - P11_KIT_ITER_WANT_WRITABLE = 1 << 2, -} P11KitIterBehavior; - -typedef CK_RV (* p11_kit_iter_callback) (P11KitIter *iter, - CK_BBOOL *matches, - void *data); - -P11KitIter * p11_kit_iter_new (P11KitUri *uri, - P11KitIterBehavior behavior); - -void p11_kit_iter_free (P11KitIter *iter); - -void p11_kit_iter_add_callback (P11KitIter *iter, - p11_kit_iter_callback callback, - void *callback_data, - p11_kit_destroyer callback_destroy); - -void p11_kit_iter_add_filter (P11KitIter *iter, - CK_ATTRIBUTE *matching, - CK_ULONG count); - -void p11_kit_iter_set_uri (P11KitIter *iter, - P11KitUri *uri); - -void p11_kit_iter_begin (P11KitIter *iter, - CK_FUNCTION_LIST_PTR *modules); - -void p11_kit_iter_begin_with (P11KitIter *iter, - CK_FUNCTION_LIST_PTR module, - CK_SLOT_ID slot, - CK_SESSION_HANDLE session); - -CK_RV p11_kit_iter_next (P11KitIter *iter); - -CK_FUNCTION_LIST_PTR p11_kit_iter_get_module (P11KitIter *iter); - -CK_SLOT_ID p11_kit_iter_get_slot (P11KitIter *iter); - -CK_SLOT_INFO * p11_kit_iter_get_slot_info (P11KitIter *iter); - -CK_TOKEN_INFO * p11_kit_iter_get_token (P11KitIter *iter); - -CK_SESSION_HANDLE p11_kit_iter_get_session (P11KitIter *iter); - -CK_OBJECT_HANDLE p11_kit_iter_get_object (P11KitIter *iter); - -CK_RV p11_kit_iter_get_attributes (P11KitIter *iter, - CK_ATTRIBUTE *template, - CK_ULONG count); - -CK_RV p11_kit_iter_load_attributes (P11KitIter *iter, - CK_ATTRIBUTE *template, - CK_ULONG count); - -CK_SESSION_HANDLE p11_kit_iter_keep_session (P11KitIter *iter); - -CK_RV p11_kit_iter_destroy_object (P11KitIter *iter); - -#endif /* P11_KIT_FUTURE_UNSTABLE_API */ - -#ifdef __cplusplus -} /* extern "C" */ -#endif - -#endif /* P11_KIT_ITER_H */ diff --git a/p11-kit/lists.c b/p11-kit/lists.c deleted file mode 100644 index 5804be2..0000000 --- a/p11-kit/lists.c +++ /dev/null @@ -1,290 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "compat.h" -#include "debug.h" - -#include -#include -#include -#include -#include -#include - -#include "message.h" -#include "p11-kit.h" -#include "tool.h" -#include "uri.h" - -int p11_kit_list_modules (int argc, - char *argv[]); - -bool verbose = false; - -static const char HEXC_LOWER[] = "0123456789abcdef"; - -static char * -hex_encode (const unsigned char *data, - size_t n_data) -{ - char *result; - size_t i; - size_t o; - - result = malloc (n_data * 3 + 1); - if (result == NULL) - return NULL; - - for (i = 0, o = 0; i < n_data; i++) { - if (i > 0) - result[o++] = ':'; - result[o++] = HEXC_LOWER[data[i] >> 4 & 0xf]; - result[o++] = HEXC_LOWER[data[i] & 0xf]; - } - - result[o] = 0; - return result; -} - -static bool -is_ascii_string (const unsigned char *data, - size_t n_data) -{ - size_t i; - - for (i = 0; i < n_data; i++) { - if (!isascii (data[i]) && - (data[i] < 0x20 && !isspace (data[i]))) - return false; - } - - return true; -} - -static void -print_token_info (CK_FUNCTION_LIST_PTR module, CK_SLOT_ID slot_id) -{ - CK_TOKEN_INFO info; - char *value; - CK_RV rv; - - rv = (module->C_GetTokenInfo) (slot_id, &info); - if (rv != CKR_OK) { - p11_message ("couldn't load module info: %s", p11_kit_strerror (rv)); - return; - } - - value = p11_kit_space_strdup (info.label, sizeof (info.label)); - printf (" token: %s\n", value); - free (value); - - value = p11_kit_space_strdup (info.manufacturerID, sizeof (info.manufacturerID)); - printf (" manufacturer: %s\n", value); - free (value); - - value = p11_kit_space_strdup (info.model, sizeof (info.model)); - printf (" model: %s\n", value); - free (value); - - if (is_ascii_string (info.serialNumber, sizeof (info.serialNumber))) - value = p11_kit_space_strdup (info.serialNumber, sizeof (info.serialNumber)); - else - value = hex_encode (info.serialNumber, sizeof (info.serialNumber)); - printf (" serial-number: %s\n", value); - free (value); - - if (info.hardwareVersion.major || info.hardwareVersion.minor) - printf (" hardware-version: %d.%d\n", - info.hardwareVersion.major, - info.hardwareVersion.minor); - - if (info.firmwareVersion.major || info.firmwareVersion.minor) - printf (" firmware-version: %d.%d\n", - info.firmwareVersion.major, - info.firmwareVersion.minor); - - printf (" flags:\n"); - #define X(x, y) if (info.flags & (x)) printf (" %s\n", (y)) - X(CKF_RNG, "rng"); - X(CKF_WRITE_PROTECTED, "write-protected"); - X(CKF_LOGIN_REQUIRED, "login-required"); - X(CKF_USER_PIN_INITIALIZED, "user-pin-initialized"); - X(CKF_RESTORE_KEY_NOT_NEEDED, "restore-key-not-needed"); - X(CKF_CLOCK_ON_TOKEN, "clock-on-token"); - X(CKF_PROTECTED_AUTHENTICATION_PATH, "protected-authentication-path"); - X(CKF_DUAL_CRYPTO_OPERATIONS, "dual-crypto-operations"); - X(CKF_TOKEN_INITIALIZED, "token-initialized"); - X(CKF_SECONDARY_AUTHENTICATION, "secondary-authentication"); - X(CKF_USER_PIN_COUNT_LOW, "user-pin-count-low"); - X(CKF_USER_PIN_FINAL_TRY, "user-pin-final-try"); - X(CKF_USER_PIN_LOCKED, "user-pin-locked"); - X(CKF_USER_PIN_TO_BE_CHANGED, "user-pin-to-be-changed"); - X(CKF_SO_PIN_COUNT_LOW, "so-pin-count-low"); - X(CKF_SO_PIN_FINAL_TRY, "so-pin-final-try"); - X(CKF_SO_PIN_LOCKED, "so-pin-locked"); - X(CKF_SO_PIN_TO_BE_CHANGED, "so-pin-to-be-changed"); - #undef X -} - -static void -print_module_info (CK_FUNCTION_LIST_PTR module) -{ - CK_SLOT_ID slot_list[256]; - CK_ULONG i, count; - CK_INFO info; - char *value; - CK_RV rv; - - rv = (module->C_GetInfo) (&info); - if (rv != CKR_OK) { - p11_message ("couldn't load module info: %s", p11_kit_strerror (rv)); - return; - } - - value = p11_kit_space_strdup (info.libraryDescription, - sizeof (info.libraryDescription)); - printf (" library-description: %s\n", value); - free (value); - - value = p11_kit_space_strdup (info.manufacturerID, - sizeof (info.manufacturerID)); - printf (" library-manufacturer: %s\n", value); - free (value); - - printf (" library-version: %d.%d\n", - info.libraryVersion.major, - info.libraryVersion.minor); - - count = sizeof (slot_list) / sizeof (slot_list[0]); - rv = (module->C_GetSlotList) (CK_TRUE, slot_list, &count); - if (rv != CKR_OK) { - p11_message ("couldn't load module info: %s", p11_kit_strerror (rv)); - return; - } - - for (i = 0; i < count; i++) - print_token_info (module, slot_list[i]); -} - -static int -print_modules (void) -{ - CK_FUNCTION_LIST_PTR *module_list; - char *name; - char *path; - int i; - - module_list = p11_kit_modules_load_and_initialize (0); - if (!module_list) - return 1; - - for (i = 0; module_list[i]; i++) { - name = p11_kit_module_get_name (module_list[i]); - path = p11_kit_config_option (module_list[i], "module"); - - printf ("%s: %s\n", - name ? name : "(null)", - path ? path : "(null)"); - print_module_info (module_list[i]); - - free (name); - free (path); - } - - p11_kit_modules_finalize_and_release (module_list); - return 0; -} - -int -p11_kit_list_modules (int argc, - char *argv[]) -{ - int opt; - - enum { - opt_verbose = 'v', - opt_quiet = 'q', - opt_list = 'l', - opt_help = 'h', - }; - - struct option options[] = { - { "verbose", no_argument, NULL, opt_verbose }, - { "quiet", no_argument, NULL, opt_quiet }, - { "list", no_argument, NULL, opt_list }, - { "help", no_argument, NULL, opt_help }, - { 0 }, - }; - - p11_tool_desc usages[] = { - { 0, "usage: p11-kit list" }, - { opt_verbose, "show verbose debug output", }, - { opt_quiet, "suppress command output", }, - { 0 }, - }; - - while ((opt = p11_tool_getopt (argc, argv, options)) != -1) { - switch (opt) { - - case opt_verbose: - p11_kit_be_loud (); - break; - - case opt_quiet: - p11_kit_be_quiet (); - break; - - case opt_list: - break; - - case opt_help: - p11_tool_usage (usages, options); - return 0; - case '?': - return 2; - default: - assert_not_reached (); - break; - } - } - - if (argc - optind != 0) { - p11_message ("extra arguments specified"); - return 2; - } - - return print_modules (); -} diff --git a/p11-kit/log.c b/p11-kit/log.c deleted file mode 100644 index 19377b2..0000000 --- a/p11-kit/log.c +++ /dev/null @@ -1,2022 +0,0 @@ -/* - * Copyright (c) 2007, Stefan Walter - * Copyright (c) 2013, Red Hat Inc. - * - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * - * CONTRIBUTORS - * Stef Walter - */ - -#include "config.h" - -#include "attrs.h" -#include "buffer.h" -#include "constants.h" -#include "debug.h" -#include "log.h" -#include "p11-kit.h" -#include "virtual.h" - -#include -#include -#include -#include -#include -#include - -bool p11_log_force = false; -bool p11_log_output = true; - -typedef struct { - p11_virtual virt; - CK_X_FUNCTION_LIST *lower; - p11_destroyer destroyer; -} LogData; - -#define LOG_FLAG(buf, flags, had, flag) \ - if ((flags & flag) == flag) { \ - p11_buffer_add (buf, had ? " | " : " = ", 3); \ - p11_buffer_add (buf, #flag, -1); \ - had++; \ - } - -static void -log_CKM (p11_buffer *buf, - CK_MECHANISM_TYPE v) -{ - char temp[32]; - const char *string; - - string = p11_constant_name (p11_constant_mechanisms, v); - if (string == NULL) { - snprintf (temp, sizeof (temp), "CKM_0x%08lX", v); - p11_buffer_add (buf, temp, -1); - } else { - p11_buffer_add (buf, string, -1); - } -} - -static void -log_CKS (p11_buffer *buf, - CK_STATE v) -{ - char temp[32]; - const char *string; - - string = p11_constant_name (p11_constant_states, v); - if (string == NULL) { - snprintf (temp, sizeof (temp), "CKS_0x%08lX", v); - p11_buffer_add (buf, temp, -1); - } else { - p11_buffer_add (buf, string, -1); - } -} - -static void -log_CKU (p11_buffer *buf, - CK_USER_TYPE v) -{ - char temp[32]; - const char *string; - - string = p11_constant_name (p11_constant_users, v); - if (string == NULL) { - snprintf (temp, sizeof (temp), "CKU_0x%08lX", v); - p11_buffer_add (buf, temp, -1); - } else { - p11_buffer_add (buf, string, -1); - } -} - -static void -log_CKR (p11_buffer *buf, - CK_RV v) -{ - char temp[32]; - const char *string; - - string = p11_constant_name (p11_constant_returns, v); - if (string == NULL) { - snprintf (temp, sizeof (temp), "CKR_0x%08lX", v); - p11_buffer_add (buf, temp, -1); - } else { - p11_buffer_add (buf, string, -1); - } -} - -static void -log_some_bytes (p11_buffer *buf, - CK_BYTE_PTR arr, - CK_ULONG num) -{ - CK_ULONG i; - char temp[128]; - char *p, *e; - CK_BYTE ch; - - if(!arr) { - p11_buffer_add (buf, "NULL", 4); - return; - } else if (num == (CK_ULONG)-1) { - p11_buffer_add (buf, "????", 4); - return; - } - - temp[0] = '\"'; - p = temp + 1; - e = temp + (sizeof (temp) - 8); - - for(i = 0; i < num && p < e; ++i, ++p) { - ch = arr[i]; - if (ch == '\t') { - p[0] = '\\'; p[1] = 't'; - ++p; - } else if (ch == '\n') { - p[0] = '\\'; p[1] = 'n'; - ++p; - } else if (ch == '\r') { - p[0] = '\\'; p[1] = 'r'; - ++p; - } else if (ch >= 32 && ch < 127) { - *p = ch; - } else { - p[0] = '\\'; - p[1] = 'x'; - sprintf(p + 2, "%02X", ch); - p += 3; - } - } - - *p = 0; - if (p >= e) - strcpy (e, "..."); - strcat (p, "\""); - p11_buffer_add (buf, temp, -1); -} - -static void -log_pointer (p11_buffer *buf, - const char *pref, - const char *name, - CK_VOID_PTR val, - CK_RV status) -{ - char temp[32]; - - if (status != CKR_OK) - return; - - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = ", 3); - if (val == NULL) { - p11_buffer_add (buf, "NULL\n", 5); - } else { - snprintf (temp, sizeof (temp), "0x%08lX\n", (unsigned long)(size_t)val); - p11_buffer_add (buf, temp, -1); - } -} - -static void -log_attribute_types (p11_buffer *buf, - const char *pref, - const char *name, - CK_ATTRIBUTE_PTR arr, - CK_ULONG num, - CK_RV status) -{ - const char *string; - char temp[32]; - CK_ULONG i; - - if (status == CKR_BUFFER_TOO_SMALL) { - arr = NULL; - status = CKR_OK; - } - if (status != CKR_OK) - return; - - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = ", 3); - if (arr == NULL) { - snprintf (temp, sizeof (temp), "(%lu) NONE\n", num); - p11_buffer_add (buf, temp, -1); - } else { - snprintf (temp, sizeof (temp), "(%lu) [ ", num); - p11_buffer_add (buf, temp, -1); - for (i = 0; i < num; i++) { - if (i > 0) - p11_buffer_add (buf, ", ", 2); - string = p11_constant_name (p11_constant_types, arr[i].type); - if (string != NULL) { - p11_buffer_add (buf, string, -1); - } else { - snprintf (temp, sizeof (temp), "CKA_0x%08lX", arr[i].type); - p11_buffer_add (buf, temp, -1); - } - } - - p11_buffer_add (buf, " ]\n", 3); - } -} - -static void -log_attribute_array (p11_buffer *buf, - const char *pref, - const char *name, - CK_ATTRIBUTE_PTR arr, - CK_ULONG num, - CK_RV status) -{ - char temp[32]; - - if (status == CKR_BUFFER_TOO_SMALL) { - arr = NULL; - status = CKR_OK; - } - if (status != CKR_OK) - return; - - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = ", 3); - if (arr == NULL) { - snprintf (temp, sizeof (temp), "(%lu) NONE\n", num); - p11_buffer_add (buf, temp, -1); - } else { - p11_attrs_format (buf, arr, num); - p11_buffer_add (buf, "\n", 1); - } -} - -static void -log_bool (p11_buffer *buf, - const char *pref, - const char *name, - CK_BBOOL val, - CK_RV status) -{ - if (status == CKR_OK) { - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = ", 3); - p11_buffer_add (buf, val ? "CK_TRUE" : "CK_FALSE", -1); - p11_buffer_add (buf, "\n", 1); - } -} - -static void -log_byte_array (p11_buffer *buf, - const char *pref, - const char *name, - CK_BYTE_PTR arr, - CK_ULONG_PTR num, - CK_RV status) -{ - char temp[32]; - - if (status == CKR_BUFFER_TOO_SMALL) { - arr = NULL; - status = CKR_OK; - } - - if (status != CKR_OK) - return; - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = ", 3); - if (num == NULL) { - p11_buffer_add (buf, "(?) NOTHING\n", -1); - } else if (arr == NULL) { - snprintf (temp, sizeof (temp), "(%lu) NOTHING\n", *num); - p11_buffer_add (buf, temp, -1); - } else { - snprintf (temp, sizeof (temp), "(%lu) ", *num); - p11_buffer_add (buf, temp, -1); - log_some_bytes (buf, arr, *num); - p11_buffer_add (buf, "\n", 1); - } -} - -static void -log_info (p11_buffer *buf, - const char *pref, - const char *name, - CK_INFO_PTR info, - CK_RV status) -{ - char temp[32]; - - if (status != CKR_OK) - return; - if (info == NULL) { - log_pointer (buf, pref, name, info, status); - } else { - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = {\n", 5); - p11_buffer_add (buf, "\tcryptokiVersion: ", -1); - snprintf (temp, sizeof (temp), "%u.%u", (unsigned int)info->cryptokiVersion.major, - (unsigned int)info->cryptokiVersion.minor); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n\tmanufacturerID: \"", -1); - p11_buffer_add (buf, info->manufacturerID, p11_kit_space_strlen (info->manufacturerID, sizeof (info->manufacturerID))); - p11_buffer_add (buf, "\"\n\tflags: ", -1); - snprintf (temp, sizeof (temp), "%lX", info->flags); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n\tlibraryDescription: \"", -1); - p11_buffer_add (buf, info->libraryDescription, p11_kit_space_strlen (info->libraryDescription, sizeof (info->libraryDescription))); - p11_buffer_add (buf, "\"\n\tlibraryVersion: ", -1); - snprintf (temp, sizeof (temp), "%u.%u", (unsigned int)info->libraryVersion.major, - (unsigned int)info->libraryVersion.minor); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n }\n", -1); - } -} - -static void -log_pInitArgs (p11_buffer *buf, - const char *pref, - const char *name, - CK_VOID_PTR pInitArgs, - CK_RV status) -{ - char temp[32]; - int had = 0; - - if (status != CKR_OK) - return; - if (pInitArgs == NULL) - log_pointer (buf, pref, name, pInitArgs, status); - else { - CK_C_INITIALIZE_ARGS *args = (CK_C_INITIALIZE_ARGS*)pInitArgs; - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = {\n", 5); - p11_buffer_add (buf, "\tCreateMutex: ", -1); - snprintf (temp, sizeof (temp), "0x%08lX", (unsigned long)(size_t)args->CreateMutex); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n\tDestroyMutex: ", -1); - snprintf (temp, sizeof (temp), "0x%08lX", (unsigned long)(size_t)args->DestroyMutex); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n\tLockMutex: ", -1); - snprintf (temp, sizeof (temp), "0x%08lX", (unsigned long)(size_t)args->LockMutex); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n\tUnlockMutex: ", -1); - snprintf (temp, sizeof (temp), "0x%08lX", (unsigned long)(size_t)args->UnlockMutex); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n\tflags: ", -1); - snprintf (temp, sizeof (temp), "%lX", args->flags); - LOG_FLAG (buf, args->flags, had, CKF_OS_LOCKING_OK); - p11_buffer_add (buf, "\n\treserved: ", -1); - snprintf (temp, sizeof (temp), "0x%08lX", (unsigned long)(size_t)args->pReserved); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n }\n", -1); - } -} - -static void -log_mechanism_info (p11_buffer *buf, - const char *pref, - const char *name, - CK_MECHANISM_INFO_PTR info, - CK_RV status) -{ - char temp[32]; - int had = 0; - - if (status != CKR_OK) - return; - if (info == NULL) { - log_pointer (buf, pref, name, info, status); - } else { - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = {\n", 5); - p11_buffer_add (buf, "\tulMinKeySize: ", -1); - snprintf (temp, sizeof (temp), "%lu", info->ulMinKeySize); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n\tulMaxKeySize: ", -1); - snprintf (temp, sizeof (temp), "%lu", info->ulMaxKeySize); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n\tflags: ", -1); - snprintf (temp, sizeof (temp), "%lX", info->flags); - p11_buffer_add (buf, temp, -1); - LOG_FLAG (buf, info->flags, had, CKF_HW); - LOG_FLAG (buf, info->flags, had, CKF_ENCRYPT); - LOG_FLAG (buf, info->flags, had, CKF_DECRYPT); - LOG_FLAG (buf, info->flags, had, CKF_DIGEST); - LOG_FLAG (buf, info->flags, had, CKF_SIGN); - LOG_FLAG (buf, info->flags, had, CKF_SIGN_RECOVER); - LOG_FLAG (buf, info->flags, had, CKF_VERIFY); - LOG_FLAG (buf, info->flags, had, CKF_VERIFY_RECOVER); - LOG_FLAG (buf, info->flags, had, CKF_GENERATE); - LOG_FLAG (buf, info->flags, had, CKF_GENERATE_KEY_PAIR); - LOG_FLAG (buf, info->flags, had, CKF_WRAP); - LOG_FLAG (buf, info->flags, had, CKF_UNWRAP); - LOG_FLAG (buf, info->flags, had, CKF_DERIVE); - LOG_FLAG (buf, info->flags, had, CKF_EXTENSION); - p11_buffer_add (buf, "\n }\n", -1); - } -} - -static void -log_mechanism (p11_buffer *buf, - const char *pref, - const char *name, - CK_MECHANISM_PTR mech, - CK_RV status) -{ - char temp[32]; - - if (status != CKR_OK) - return; - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = {\n", 5); - p11_buffer_add (buf, "\tmechanism: ", -1); - log_CKM (buf, mech->mechanism); - p11_buffer_add (buf, "\n\tpParameter: ", -1); - snprintf (temp, sizeof (temp), "(%lu) ", mech->ulParameterLen); - p11_buffer_add (buf, temp, -1); - log_some_bytes (buf, mech->pParameter, mech->ulParameterLen); - p11_buffer_add (buf, "\n }\n", -1); -} - -static void -log_mechanism_type (p11_buffer *buf, - const char *pref, - const char *name, - CK_MECHANISM_TYPE val, - CK_RV status) -{ - if (status != CKR_OK) - return; - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = ", 3); - log_CKM (buf, val); - p11_buffer_add (buf, "\n", 1); -} - -static void -log_mechanism_type_array (p11_buffer *buf, - const char *pref, - const char *name, - CK_MECHANISM_TYPE_PTR arr, - CK_ULONG_PTR num, - CK_RV status) -{ - char temp[32]; - CK_ULONG i; - - if (status == CKR_BUFFER_TOO_SMALL) { - arr = NULL; - status = CKR_OK; - } - if (status != CKR_OK) - return; - - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = ", 3); - if (num == NULL) { - p11_buffer_add (buf, "(?) NO-VALUES\n", -1); - } else if (arr == NULL) { - snprintf (temp, sizeof (temp), "(%lu) NO-VALUES\n", *num); - p11_buffer_add (buf, temp, -1); - } else { - snprintf (temp, sizeof (temp), "(%lu) [ ", *num); - p11_buffer_add (buf, temp, -1); - for(i = 0; i < *num; ++i) { - if (i > 0) - p11_buffer_add (buf, ", ", 2); - log_CKM (buf, arr[i]); - } - p11_buffer_add (buf, " ]\n", 3); - } -} - -static void -log_session_info (p11_buffer *buf, - const char *pref, - const char *name, - CK_SESSION_INFO_PTR info, - CK_RV status) -{ - char temp[32]; - int had = 0; - - if (status != CKR_OK) - return; - if (info == NULL) { - log_pointer (buf, pref, name, info, status); - } else { - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = {\n", 5); - p11_buffer_add (buf, "\tslotID: ", -1); - snprintf (temp, sizeof (temp), "SL%lu", info->slotID); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n\tstate: ", -1); - log_CKS (buf, info->state); - p11_buffer_add (buf, "\n\tflags: ", -1); - snprintf (temp, sizeof (temp), "%lX", info->flags); - p11_buffer_add (buf, temp, -1); - LOG_FLAG (buf, info->flags, had, CKF_SERIAL_SESSION); - LOG_FLAG (buf, info->flags, had, CKF_RW_SESSION); - p11_buffer_add (buf, "\n\tulDeviceError: ", -1); - snprintf (temp, sizeof (temp), "%lu", info->ulDeviceError); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n }\n", -1); - } -} - -static void -log_slot_info (p11_buffer *buf, - const char *pref, - const char *name, - CK_SLOT_INFO_PTR info, - CK_RV status) -{ - char temp[32]; - int had = 0; - - if (status != CKR_OK) - return; - if (info == NULL) { - log_pointer (buf, pref, name, info, status); - } else { - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = {\n", 5); - p11_buffer_add (buf, "\tslotDescription: \"", -1); - p11_buffer_add (buf, info->slotDescription, p11_kit_space_strlen (info->slotDescription, sizeof (info->slotDescription))); - p11_buffer_add (buf, "\"\n\tmanufacturerID: \"", -1); - p11_buffer_add (buf, info->manufacturerID, p11_kit_space_strlen (info->manufacturerID, sizeof (info->manufacturerID))); - p11_buffer_add (buf, "\"\n\tflags: ", -1); - snprintf (temp, sizeof (temp), "%lu", info->flags); - p11_buffer_add (buf, temp, -1); - LOG_FLAG (buf, info->flags, had, CKF_TOKEN_PRESENT); - LOG_FLAG (buf, info->flags, had, CKF_REMOVABLE_DEVICE); - LOG_FLAG (buf, info->flags, had, CKF_HW_SLOT); - p11_buffer_add (buf, "\n\thardwareVersion: ", -1); - snprintf (temp, sizeof (temp), "%u.%u", (unsigned int)info->hardwareVersion.major, - (unsigned int)info->hardwareVersion.minor); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n\tfirmwareVersion: ", -1); - snprintf (temp, sizeof (temp), "%u.%u", (unsigned int)info->firmwareVersion.major, - (unsigned int)info->firmwareVersion.minor); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n }\n", -1); - } -} - -static void -log_string (p11_buffer *buf, - const char *pref, - const char *name, - CK_UTF8CHAR_PTR str, - const CK_RV status) -{ - if (status != CKR_OK) - return; - if (str == NULL) { - log_pointer (buf, pref, name, str, status); - } else { - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = \"", 4); - p11_buffer_add (buf, str, -1); - p11_buffer_add (buf, "\"\n", 2); - } -} - -static void -log_token_number (p11_buffer *buf, - CK_ULONG number) -{ - char temp[32]; - - if (number == 0) { - p11_buffer_add (buf, "CK_UNAVAILABLE_INFORMATION", -1); - } else if (number == (CK_ULONG)-1) { - p11_buffer_add (buf, "CK_EFFECTIVELY_INFINITE", -1); - } else { - snprintf (temp, sizeof (temp), "%lu", number); - p11_buffer_add (buf, temp, -1); - } -} - -static void -log_token_info (p11_buffer *buf, - const char *pref, - const char *name, - CK_TOKEN_INFO_PTR info, - CK_RV status) -{ - char temp[32]; - int had = 0; - - if (status != CKR_OK) - return; - if (info == NULL) { - log_pointer (buf, pref, name, info, status); - } else { - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = {\n", 5); - p11_buffer_add (buf, "\tlabel: \"", -1); - p11_buffer_add (buf, info->label, p11_kit_space_strlen (info->label, sizeof (info->label))); - p11_buffer_add (buf, "\"\n\tmanufacturerID: \"", -1); - p11_buffer_add (buf, info->manufacturerID, p11_kit_space_strlen (info->manufacturerID, sizeof (info->manufacturerID))); - p11_buffer_add (buf, "\"\n\tmodel: \"", -1); - p11_buffer_add (buf, info->model, p11_kit_space_strlen (info->model, sizeof (info->model))); - p11_buffer_add (buf, "\"\n\tserialNumber: \"", -1); - p11_buffer_add (buf, info->serialNumber, p11_kit_space_strlen (info->serialNumber, sizeof (info->serialNumber))); - p11_buffer_add (buf, "\"\n\tflags: ", -1); - snprintf (temp, sizeof (temp), "%lu", info->flags); - p11_buffer_add (buf, temp, -1); - LOG_FLAG (buf, info->flags, had, CKF_RNG); - LOG_FLAG (buf, info->flags, had, CKF_WRITE_PROTECTED); - LOG_FLAG (buf, info->flags, had, CKF_LOGIN_REQUIRED); - LOG_FLAG (buf, info->flags, had, CKF_USER_PIN_INITIALIZED); - LOG_FLAG (buf, info->flags, had, CKF_RESTORE_KEY_NOT_NEEDED); - LOG_FLAG (buf, info->flags, had, CKF_CLOCK_ON_TOKEN); - LOG_FLAG (buf, info->flags, had, CKF_PROTECTED_AUTHENTICATION_PATH); - LOG_FLAG (buf, info->flags, had, CKF_DUAL_CRYPTO_OPERATIONS); - LOG_FLAG (buf, info->flags, had, CKF_TOKEN_INITIALIZED); - LOG_FLAG (buf, info->flags, had, CKF_SECONDARY_AUTHENTICATION); - LOG_FLAG (buf, info->flags, had, CKF_USER_PIN_COUNT_LOW); - LOG_FLAG (buf, info->flags, had, CKF_USER_PIN_FINAL_TRY); - LOG_FLAG (buf, info->flags, had, CKF_USER_PIN_LOCKED); - LOG_FLAG (buf, info->flags, had, CKF_USER_PIN_TO_BE_CHANGED); - LOG_FLAG (buf, info->flags, had, CKF_SO_PIN_COUNT_LOW); - LOG_FLAG (buf, info->flags, had, CKF_SO_PIN_FINAL_TRY); - LOG_FLAG (buf, info->flags, had, CKF_SO_PIN_LOCKED); - LOG_FLAG (buf, info->flags, had, CKF_SO_PIN_TO_BE_CHANGED); - if (!had) { - snprintf (temp, sizeof (temp), "%lu", info->flags); - p11_buffer_add (buf, temp, -1); - } - - p11_buffer_add (buf, "\n\tulMaxSessionCount: ", -1); - log_token_number (buf, info->ulMaxSessionCount); - p11_buffer_add (buf, "\n\tulSessionCount: ", -1); - snprintf (temp, sizeof (temp), "%lu", info->ulSessionCount); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n\tulMaxRwSessionCount: ", -1); - log_token_number (buf, info->ulMaxSessionCount); - p11_buffer_add (buf, "\n\tulRwSessionCount: ", -1); - snprintf (temp, sizeof (temp), "%lu", info->ulRwSessionCount); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n\tulMaxPinLen: ", -1); - snprintf (temp, sizeof (temp), "%lu", info->ulMaxPinLen); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n\tulMinPinLen: ", -1); - snprintf (temp, sizeof (temp), "%lu", info->ulMinPinLen); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n\tulTotalPublicMemory: ", -1); - log_token_number (buf, info->ulMaxSessionCount); - p11_buffer_add (buf, "\n\tulFreePublicMemory: ", -1); - log_token_number (buf, info->ulMaxSessionCount); - p11_buffer_add (buf, "\n\tulTotalPrivateMemory: ", -1); - log_token_number (buf, info->ulMaxSessionCount); - p11_buffer_add (buf, "\n\tulFreePrivateMemory: ", -1); - log_token_number (buf, info->ulMaxSessionCount); - p11_buffer_add (buf, "\n\tulFreePrivateMemory: ", -1); - log_token_number (buf, info->ulMaxSessionCount); - p11_buffer_add (buf, "\n\thardwareVersion: ", -1); - snprintf (temp, sizeof (temp), "%u.%u", (unsigned int)info->hardwareVersion.major, - (unsigned int)info->hardwareVersion.minor); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n\tfirmwareVersion: ", -1); - snprintf (temp, sizeof (temp), "%u.%u", (unsigned int)info->firmwareVersion.major, - (unsigned int)info->firmwareVersion.minor); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n\tutcTime: ", -1); - p11_buffer_add (buf, (info->flags & CKF_CLOCK_ON_TOKEN) ? (const char*)info->utcTime : "", -1); - p11_buffer_add (buf, "\n }\n", -1); - } -} - -static void -log_ulong (p11_buffer *buf, - const char *pref, - const char *name, - CK_ULONG val, - const char* npref, - CK_RV status) -{ - char temp[32]; - - if (!npref) - npref = ""; - if (status == CKR_OK) { - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = ", 3); - p11_buffer_add (buf, npref, -1); - snprintf (temp, sizeof (temp), "%lu", val); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n", 1); - } -} - -static void -log_ulong_array (p11_buffer *buf, - const char *pref, - const char *name, - CK_ULONG_PTR arr, - CK_ULONG_PTR num, - const char *npref, - CK_RV status) -{ - char temp[32]; - CK_ULONG i; - - if (status == CKR_BUFFER_TOO_SMALL) { - arr = NULL; - status = CKR_OK; - } - - if (status != CKR_OK) - return; - if (npref == NULL) - npref = ""; - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = ", 3); - if (num == NULL) { - p11_buffer_add (buf, "(?) NO-VALUES\n", -1); - } else if (arr == NULL) { - snprintf (temp, sizeof (temp), "(%lu) NO-VALUES\n", *num); - p11_buffer_add (buf, temp, -1); - } else { - snprintf (temp, sizeof (temp), "(%lu) [ ", *num); - p11_buffer_add (buf, temp, -1); - for (i = 0; i < *num; ++i) { - if (i > 0) - p11_buffer_add (buf, ", ", 2); - p11_buffer_add (buf, npref, -1); - snprintf (temp, sizeof (temp), "%lu", arr[i]); - p11_buffer_add (buf, temp, -1); - } - p11_buffer_add (buf, " ]\n", 3); - } -} - -static void -log_ulong_pointer (p11_buffer *buf, - const char *pref, - const char *name, - CK_ULONG_PTR val, - const char *npref, - CK_RV status) -{ - char temp[32]; - - if (status != CKR_OK) - return; - if (npref == NULL) - npref = ""; - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = ", 3); - if (val == NULL) { - p11_buffer_add (buf, "NULL\n", 5); - } else { - snprintf (temp, sizeof (temp), "0x%08lX", (unsigned long)(size_t)val); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, " = ", 3); - p11_buffer_add (buf, npref, -1); - snprintf (temp, sizeof (temp), "%lu", *val); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n", 1); - } -} - -static void -log_user_type (p11_buffer *buf, - const char *pref, - const char *name, - CK_USER_TYPE val, - CK_RV status) -{ - if (status != CKR_OK) - return; - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = ", 3); - log_CKU (buf, val); - p11_buffer_add (buf, "\n", 1); -} - -static void -flush_buffer (p11_buffer *buf) -{ - if (p11_log_output) { - fwrite (buf->data, 1, buf->len, stderr); - fflush (stderr); - } - p11_buffer_reset (buf, 128); -} - -#define BEGIN_CALL(name) \ - { \ - LogData *_log = (LogData *)self; \ - const char* _name = "C_" #name; \ - p11_buffer _buf; \ - CK_X_##name _func = _log->lower->C_##name; \ - CK_RV _ret = CKR_OK; \ - p11_buffer_init_null (&_buf, 128); \ - return_val_if_fail (_func != NULL, CKR_DEVICE_ERROR); \ - p11_buffer_add (&_buf, _name, -1); \ - p11_buffer_add (&_buf, "\n", 1); \ - self = _log->lower; - -#define PROCESS_CALL(args) \ - flush_buffer (&_buf); \ - _ret = (_func) args; - -#define DONE_CALL \ - p11_buffer_add (&_buf, _name, -1); \ - p11_buffer_add (&_buf, " = ", 3); \ - log_CKR (&_buf, _ret); \ - p11_buffer_add (&_buf, "\n", 1); \ - flush_buffer (&_buf); \ - p11_buffer_uninit (&_buf); \ - return _ret; \ - } - -#define LIN " IN: " -#define LOUT " OUT: " - -#define IN_ATTRIBUTE_ARRAY(a, n) \ - log_attribute_types (&_buf, LIN, #a, a, n, CKR_OK); - -#define IN_BOOL(a) \ - log_bool (&_buf, LIN, #a, a, CKR_OK); - -#define IN_BYTE_ARRAY(a, n) \ - log_byte_array (&_buf, LIN, #a, a, &n, CKR_OK); - -#define IN_HANDLE(a) \ - log_ulong (&_buf, LIN, #a, a, "H", CKR_OK); - -#define IN_INIT_ARGS(a) \ - log_pInitArgs (&_buf, LIN, #a, a, CKR_OK); - -#define IN_POINTER(a) \ - log_pointer (&_buf, LIN, #a, a, CKR_OK); - -#define IN_MECHANISM(a) \ - log_mechanism (&_buf, LIN, #a, a, CKR_OK); - -#define IN_MECHANISM_TYPE(a) \ - log_mechanism_type (&_buf, LIN, #a, a, CKR_OK); - -#define IN_SESSION(a) \ - log_ulong (&_buf, LIN, #a, a, "S", CKR_OK); - -#define IN_SLOT_ID(a) \ - log_ulong (&_buf, LIN, #a, a, "SL", CKR_OK); - -#define IN_STRING(a) \ - log_string (&_buf, LIN, #a, a, CKR_OK); - -#define IN_ULONG(a) \ - log_ulong (&_buf, LIN, #a, a, NULL, CKR_OK); - -#define IN_ULONG_PTR(a) \ - log_ulong_pointer (&_buf, LIN, #a, a, NULL, CKR_OK); - -#define IN_USER_TYPE(a) \ - log_user_type (&_buf, LIN, #a, a, CKR_OK); - -#define OUT_ATTRIBUTE_ARRAY(a, n) \ - log_attribute_array (&_buf, LOUT, #a, a, n, _ret); - -#define OUT_BYTE_ARRAY(a, n) \ - log_byte_array(&_buf, LOUT, #a, a, n, _ret); - -#define OUT_HANDLE(a) \ - log_ulong_pointer (&_buf, LOUT, #a, a, "H", _ret); - -#define OUT_HANDLE_ARRAY(a, n) \ - log_ulong_array (&_buf, LOUT, #a, a, n, "H", _ret); - -#define OUT_INFO(a) \ - log_info (&_buf, LOUT, #a, a, _ret); - -#define OUT_MECHANISM_INFO(a) \ - log_mechanism_info (&_buf, LOUT, #a, a, _ret); - -#define OUT_MECHANISM_TYPE_ARRAY(a, n) \ - log_mechanism_type_array (&_buf, LOUT, #a, a, n, _ret); - -#define OUT_POINTER(a) \ - log_pointer (&_buf, LOUT, #a, a, _ret); - -#define OUT_SESSION(a) \ - log_ulong_pointer (&_buf, LOUT, #a, a, "S", _ret); - -#define OUT_SESSION_INFO(a) \ - log_session_info (&_buf, LOUT, #a, a, _ret); - -#define OUT_SLOT_ID_ARRAY(a, n) \ - log_ulong_array (&_buf, LOUT, #a, a, n, "SL", _ret); - -#define OUT_SLOT_ID(a) \ - log_ulong_pointer (&_buf, LOUT, #a, a, "SL", _ret); - -#define OUT_SLOT_INFO(a) \ - log_slot_info (&_buf, LOUT, #a, a, _ret); - -#define OUT_TOKEN_INFO(a) \ - log_token_info (&_buf, LOUT, #a, a, _ret); - -#define OUT_ULONG(a) \ - log_ulong_pointer (&_buf, LOUT, #a, a, NULL, _ret); - -#define OUT_ULONG_ARRAY(a, n) \ - log_ulong_array (&_buf, LOUT, #a, a, n, NULL, _ret); - - - -/* ---------------------------------------------------------------- */ - -static CK_RV -log_C_Initialize (CK_X_FUNCTION_LIST *self, - CK_VOID_PTR pInitArgs) -{ - BEGIN_CALL (Initialize) - IN_INIT_ARGS (pInitArgs) - PROCESS_CALL ((self, pInitArgs)) - DONE_CALL -} - -static CK_RV -log_C_Finalize (CK_X_FUNCTION_LIST *self, - CK_VOID_PTR pReserved) -{ - BEGIN_CALL (Finalize) - IN_POINTER (pReserved) - PROCESS_CALL ((self, pReserved)) - DONE_CALL -} - -static CK_RV -log_C_GetInfo (CK_X_FUNCTION_LIST *self, - CK_INFO_PTR pInfo) -{ - BEGIN_CALL (GetInfo) - PROCESS_CALL ((self, pInfo)) - OUT_INFO (pInfo) - DONE_CALL -} - -static CK_RV -log_C_GetSlotList (CK_X_FUNCTION_LIST *self, - CK_BBOOL tokenPresent, - CK_SLOT_ID_PTR pSlotList, - CK_ULONG_PTR pulCount) -{ - BEGIN_CALL (GetSlotList) - IN_BOOL (tokenPresent) - IN_ULONG_PTR (pulCount) - PROCESS_CALL ((self, tokenPresent, pSlotList, pulCount)) - OUT_SLOT_ID_ARRAY (pSlotList, pulCount) - DONE_CALL -} - -static CK_RV -log_C_GetSlotInfo (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slotID, - CK_SLOT_INFO_PTR pInfo) -{ - BEGIN_CALL (GetSlotInfo) - IN_SLOT_ID (slotID) - PROCESS_CALL ((self, slotID, pInfo)) - OUT_SLOT_INFO (pInfo) - DONE_CALL -} - -static CK_RV -log_C_GetTokenInfo (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slotID, - CK_TOKEN_INFO_PTR pInfo) -{ - BEGIN_CALL (GetTokenInfo) - IN_SLOT_ID (slotID) - PROCESS_CALL ((self, slotID, pInfo)) - OUT_TOKEN_INFO (pInfo) - DONE_CALL -} - -static CK_RV -log_C_GetMechanismList (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slotID, - CK_MECHANISM_TYPE_PTR pMechanismList, - CK_ULONG_PTR pulCount) -{ - BEGIN_CALL (GetMechanismList) - IN_SLOT_ID (slotID) - IN_ULONG_PTR (pulCount) - PROCESS_CALL ((self, slotID, pMechanismList, pulCount)) - OUT_MECHANISM_TYPE_ARRAY (pMechanismList, pulCount) - DONE_CALL -} - -static CK_RV -log_C_GetMechanismInfo (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slotID, - CK_MECHANISM_TYPE type, - CK_MECHANISM_INFO_PTR pInfo) -{ - BEGIN_CALL (GetMechanismInfo) - IN_SLOT_ID (slotID) - IN_MECHANISM_TYPE (type) - PROCESS_CALL ((self, slotID, type, pInfo)) - OUT_MECHANISM_INFO (pInfo) - DONE_CALL -} - -static CK_RV -log_C_InitToken (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slotID, - CK_UTF8CHAR_PTR pPin, - CK_ULONG ulPinLen, - CK_UTF8CHAR_PTR pLabel) -{ - BEGIN_CALL (InitToken) - IN_SLOT_ID (slotID) - IN_BYTE_ARRAY (pPin, ulPinLen) - IN_STRING (pLabel) - PROCESS_CALL ((self, slotID, pPin, ulPinLen, pLabel)) - DONE_CALL -} - -static CK_RV -log_C_WaitForSlotEvent (CK_X_FUNCTION_LIST *self, - CK_FLAGS flags, - CK_SLOT_ID_PTR pSlot, - CK_VOID_PTR pReserved) -{ - char temp[32]; - int had = 0; - - BEGIN_CALL (WaitForSlotEvent) - p11_buffer_add (&_buf, " IN: flags = ", -1); - snprintf (temp, sizeof (temp), "%lu", flags); - p11_buffer_add (&_buf, temp, -1); - LOG_FLAG (&_buf, flags, had, CKF_DONT_BLOCK); - p11_buffer_add (&_buf, "\n", 1); - PROCESS_CALL ((self, flags, pSlot, pReserved)) - OUT_SLOT_ID (pSlot) - OUT_POINTER (pReserved) - DONE_CALL -} - -static CK_RV -log_C_OpenSession (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slotID, - CK_FLAGS flags, - CK_VOID_PTR pApplication, - CK_NOTIFY Notify, - CK_SESSION_HANDLE_PTR phSession) -{ - char temp[32]; - int had = 0; - - BEGIN_CALL (OpenSession) - IN_SLOT_ID (slotID) - p11_buffer_add (&_buf, " IN: flags = ", -1); - snprintf (temp, sizeof (temp), "%lu", flags); - p11_buffer_add (&_buf, temp, -1); - LOG_FLAG (&_buf, flags, had, CKF_SERIAL_SESSION); - LOG_FLAG (&_buf, flags, had, CKF_RW_SESSION); - p11_buffer_add (&_buf, "\n", 1); - IN_POINTER (pApplication); - IN_POINTER (Notify); - PROCESS_CALL ((self, slotID, flags, pApplication, Notify, phSession)); - OUT_SESSION (phSession) - DONE_CALL -} - -static CK_RV -log_C_CloseSession (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession) -{ - BEGIN_CALL (CloseSession) - IN_SESSION (hSession) - PROCESS_CALL ((self, hSession)) - DONE_CALL -} - -static CK_RV -log_C_CloseAllSessions (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slotID) -{ - BEGIN_CALL (CloseAllSessions) - IN_SLOT_ID (slotID) - PROCESS_CALL ((self, slotID)) - DONE_CALL -} - -static CK_RV -log_C_GetSessionInfo (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_SESSION_INFO_PTR pInfo) -{ - BEGIN_CALL (GetSessionInfo) - IN_SESSION (hSession) - PROCESS_CALL ((self, hSession, pInfo)) - OUT_SESSION_INFO (pInfo) - DONE_CALL -} - -static CK_RV -log_C_InitPIN (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_UTF8CHAR_PTR pPin, - CK_ULONG ulPinLen) -{ - BEGIN_CALL (InitPIN) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pPin, ulPinLen) - PROCESS_CALL ((self, hSession, pPin, ulPinLen)) - DONE_CALL -} - -static CK_RV -log_C_SetPIN (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_UTF8CHAR_PTR pOldPin, - CK_ULONG ulOldLen, - CK_UTF8CHAR_PTR pNewPin, - CK_ULONG ulNewLen) -{ - BEGIN_CALL (SetPIN) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pOldPin, ulOldLen) - IN_BYTE_ARRAY (pNewPin, ulNewLen); - PROCESS_CALL ((self, hSession, pOldPin, ulOldLen, pNewPin, ulNewLen)) - DONE_CALL -} - -static CK_RV -log_C_GetOperationState (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pOperationState, - CK_ULONG_PTR pulOperationStateLen) -{ - BEGIN_CALL (GetOperationState) - IN_SESSION (hSession) - IN_ULONG_PTR (pulOperationStateLen) - PROCESS_CALL ((self, hSession, pOperationState, pulOperationStateLen)) - OUT_BYTE_ARRAY (pOperationState, pulOperationStateLen) - DONE_CALL -} - -static CK_RV -log_C_SetOperationState (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pOperationState, - CK_ULONG ulOperationStateLen, - CK_OBJECT_HANDLE hEncryptionKey, - CK_OBJECT_HANDLE hAuthenticationKey) -{ - BEGIN_CALL (SetOperationState) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pOperationState, ulOperationStateLen) - IN_HANDLE (hEncryptionKey) - IN_HANDLE (hAuthenticationKey) - PROCESS_CALL ((self, hSession, pOperationState, ulOperationStateLen, hEncryptionKey, hAuthenticationKey)) - DONE_CALL -} - -static CK_RV -log_C_Login (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_USER_TYPE userType, - CK_UTF8CHAR_PTR pPin, - CK_ULONG ulPinLen) -{ - BEGIN_CALL (Login) - IN_SESSION (hSession) - IN_USER_TYPE (userType) - IN_BYTE_ARRAY (pPin, ulPinLen); - PROCESS_CALL ((self, hSession, userType, pPin, ulPinLen)) - DONE_CALL -} - -static CK_RV -log_C_Logout (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession) -{ - BEGIN_CALL (Logout) - IN_SESSION (hSession) - PROCESS_CALL ((self, hSession)) - DONE_CALL -} - -static CK_RV -log_C_CreateObject (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount, - CK_OBJECT_HANDLE_PTR phObject) -{ - BEGIN_CALL (CreateObject) - IN_SESSION (hSession) - IN_ATTRIBUTE_ARRAY (pTemplate, ulCount) - PROCESS_CALL ((self, hSession, pTemplate, ulCount, phObject)) - OUT_HANDLE (phObject) - DONE_CALL -} - -static CK_RV -log_C_CopyObject (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount, - CK_OBJECT_HANDLE_PTR phNewObject) -{ - BEGIN_CALL (CopyObject) - IN_SESSION (hSession) - IN_HANDLE (hObject) - IN_ATTRIBUTE_ARRAY (pTemplate, ulCount) - PROCESS_CALL ((self, hSession, hObject, pTemplate, ulCount, phNewObject)) - OUT_HANDLE (phNewObject) - DONE_CALL -} - - -static CK_RV -log_C_DestroyObject (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject) -{ - BEGIN_CALL (DestroyObject); - IN_SESSION (hSession) - IN_HANDLE (hObject) - PROCESS_CALL ((self, hSession, hObject)) - DONE_CALL -} - -static CK_RV -log_C_GetObjectSize (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject, - CK_ULONG_PTR size) -{ - BEGIN_CALL (GetObjectSize); - IN_SESSION (hSession) - IN_HANDLE (hObject) - PROCESS_CALL ((self, hSession, hObject, size)) - OUT_ULONG (size) - DONE_CALL -} - -static CK_RV -log_C_GetAttributeValue (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount) -{ - BEGIN_CALL (GetAttributeValue) - IN_SESSION (hSession) - IN_HANDLE (hObject) - IN_ATTRIBUTE_ARRAY (pTemplate, ulCount) - PROCESS_CALL ((self, hSession, hObject, pTemplate, ulCount)) - OUT_ATTRIBUTE_ARRAY (pTemplate, ulCount) - DONE_CALL -} - -static CK_RV -log_C_SetAttributeValue (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount) -{ - BEGIN_CALL (SetAttributeValue) - IN_SESSION (hSession) - IN_HANDLE (hObject) - IN_ATTRIBUTE_ARRAY (pTemplate, ulCount) - PROCESS_CALL ((self, hSession, hObject, pTemplate, ulCount)) - DONE_CALL -} - -static CK_RV -log_C_FindObjectsInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount) -{ - BEGIN_CALL (FindObjectsInit) - IN_SESSION (hSession) - IN_ATTRIBUTE_ARRAY (pTemplate, ulCount) - PROCESS_CALL ((self, hSession, pTemplate, ulCount)) - DONE_CALL -} - -static CK_RV -log_C_FindObjects (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE_PTR object, - CK_ULONG max_object_count, - CK_ULONG_PTR object_count) -{ - BEGIN_CALL (FindObjects) - IN_SESSION (hSession) - IN_ULONG (max_object_count) - PROCESS_CALL ((self, hSession, object, max_object_count, object_count)) - OUT_HANDLE_ARRAY (object, object_count) - DONE_CALL -} - -static CK_RV -log_C_FindObjectsFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession) -{ - BEGIN_CALL (FindObjectsFinal) - IN_SESSION (hSession) - PROCESS_CALL ((self, hSession)) - DONE_CALL -} - -static CK_RV -log_C_EncryptInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey) -{ - BEGIN_CALL (EncryptInit) - IN_SESSION (hSession) - IN_MECHANISM (pMechanism) - IN_HANDLE (hKey) - PROCESS_CALL ((self, hSession, pMechanism, hKey)) - DONE_CALL -} - -static CK_RV -log_C_Encrypt (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pData, - CK_ULONG ulDataLen, - CK_BYTE_PTR pEncryptedData, - CK_ULONG_PTR pulEncryptedDataLen) -{ - BEGIN_CALL (Encrypt) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pData, ulDataLen) - PROCESS_CALL ((self, hSession, pData, ulDataLen, pEncryptedData, pulEncryptedDataLen)) - OUT_BYTE_ARRAY (pEncryptedData, pulEncryptedDataLen) - DONE_CALL -} - -static CK_RV -log_C_EncryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pPart, - CK_ULONG ulPartLen, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG_PTR pulEncryptedPartLen) -{ - BEGIN_CALL (EncryptUpdate) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pPart, ulPartLen) - PROCESS_CALL ((self, hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen)) - OUT_BYTE_ARRAY (pEncryptedPart, pulEncryptedPartLen) - DONE_CALL -} - -static CK_RV -log_C_EncryptFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pLastEncryptedPart, - CK_ULONG_PTR pulLastEncryptedPartLen) -{ - BEGIN_CALL (EncryptFinal) - IN_SESSION (hSession) - PROCESS_CALL ((self, hSession, pLastEncryptedPart, pulLastEncryptedPartLen)) - OUT_BYTE_ARRAY (pLastEncryptedPart, pulLastEncryptedPartLen) - DONE_CALL -} - -static CK_RV -log_C_DecryptInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey) -{ - BEGIN_CALL (DecryptInit) - IN_SESSION (hSession) - IN_MECHANISM (pMechanism) - IN_HANDLE (hKey) - PROCESS_CALL ((self, hSession, pMechanism, hKey)) - DONE_CALL -} - -static CK_RV -log_C_Decrypt (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pEncryptedData, - CK_ULONG ulEncryptedDataLen, - CK_BYTE_PTR pData, - CK_ULONG_PTR pulDataLen) -{ - BEGIN_CALL (Decrypt) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pEncryptedData, ulEncryptedDataLen) - PROCESS_CALL ((self, hSession, pEncryptedData, ulEncryptedDataLen, pData, pulDataLen)) - OUT_BYTE_ARRAY (pData, pulDataLen) - DONE_CALL -} - -static CK_RV -log_C_DecryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG ulEncryptedPartLen, - CK_BYTE_PTR pPart, - CK_ULONG_PTR pulPartLen) -{ - BEGIN_CALL (DecryptUpdate) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pEncryptedPart, ulEncryptedPartLen) - PROCESS_CALL ((self, hSession, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen)) - OUT_BYTE_ARRAY (pPart, pulPartLen) - DONE_CALL -} - -static CK_RV -log_C_DecryptFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pLastPart, - CK_ULONG_PTR pulLastPartLen) -{ - BEGIN_CALL (DecryptFinal) - IN_SESSION (hSession) - PROCESS_CALL ((self, hSession, pLastPart, pulLastPartLen)) - OUT_BYTE_ARRAY (pLastPart, pulLastPartLen) - DONE_CALL -} - -static CK_RV -log_C_DigestInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism) -{ - BEGIN_CALL (DigestInit) - IN_SESSION (hSession) - IN_MECHANISM (pMechanism) - PROCESS_CALL ((self, hSession, pMechanism)) - DONE_CALL -} - -static CK_RV -log_C_Digest (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pData, - CK_ULONG ulDataLen, - CK_BYTE_PTR pDigest, - CK_ULONG_PTR pulDigestLen) -{ - BEGIN_CALL (Digest) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pData, ulDataLen) - PROCESS_CALL ((self, hSession, pData, ulDataLen, pDigest, pulDigestLen)) - OUT_BYTE_ARRAY (pDigest, pulDigestLen) - DONE_CALL -} - -static CK_RV -log_C_DigestUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pPart, - CK_ULONG ulPartLen) -{ - BEGIN_CALL (DigestUpdate) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pPart, ulPartLen) - PROCESS_CALL ((self, hSession, pPart, ulPartLen)) - DONE_CALL -} - -static CK_RV -log_C_DigestKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hKey) -{ - BEGIN_CALL (DigestKey) - IN_SESSION (hSession) - IN_HANDLE (hKey) - PROCESS_CALL ((self, hSession, hKey)) - DONE_CALL -} - -static CK_RV -log_C_DigestFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pDigest, - CK_ULONG_PTR pulDigestLen) -{ - BEGIN_CALL (DigestFinal) - IN_SESSION (hSession) - PROCESS_CALL ((self, hSession, pDigest, pulDigestLen)) - OUT_BYTE_ARRAY (pDigest, pulDigestLen) - DONE_CALL -} - -static CK_RV -log_C_SignInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey) -{ - BEGIN_CALL (SignInit) - IN_SESSION (hSession) - IN_MECHANISM (pMechanism) - IN_HANDLE (hKey) - PROCESS_CALL ((self, hSession, pMechanism, hKey)) - DONE_CALL -} - -static CK_RV -log_C_Sign (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pData, - CK_ULONG ulDataLen, - CK_BYTE_PTR pSignature, - CK_ULONG_PTR pulSignatureLen) -{ - BEGIN_CALL (Sign) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pData, ulDataLen) - PROCESS_CALL ((self, hSession, pData, ulDataLen, pSignature, pulSignatureLen)) - OUT_BYTE_ARRAY (pSignature, pulSignatureLen) - DONE_CALL -} - -static CK_RV -log_C_SignUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pPart, - CK_ULONG ulPartLen) -{ - BEGIN_CALL (SignUpdate) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pPart, ulPartLen) - PROCESS_CALL ((self, hSession, pPart, ulPartLen)) - DONE_CALL -} - -static CK_RV -log_C_SignFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pSignature, - CK_ULONG_PTR pulSignatureLen) -{ - BEGIN_CALL (SignFinal) - IN_SESSION (hSession) - PROCESS_CALL ((self, hSession, pSignature, pulSignatureLen)) - OUT_BYTE_ARRAY (pSignature, pulSignatureLen) - DONE_CALL -} - -static CK_RV -log_C_SignRecoverInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey) -{ - BEGIN_CALL (SignRecoverInit) - IN_SESSION (hSession) - IN_MECHANISM (pMechanism) - IN_HANDLE (hKey) - PROCESS_CALL ((self, hSession, pMechanism, hKey)) - DONE_CALL -} - -static CK_RV -log_C_SignRecover (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pData, - CK_ULONG ulDataLen, - CK_BYTE_PTR pSignature, - CK_ULONG_PTR pulSignatureLen) -{ - BEGIN_CALL (SignRecover) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pData, ulDataLen) - PROCESS_CALL ((self, hSession, pData, ulDataLen, pSignature, pulSignatureLen)) - OUT_BYTE_ARRAY (pSignature, pulSignatureLen) - DONE_CALL -} - -static CK_RV -log_C_VerifyInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey) -{ - BEGIN_CALL (VerifyInit); - IN_SESSION (hSession) - IN_MECHANISM (pMechanism) - IN_HANDLE (hKey) - PROCESS_CALL ((self, hSession, pMechanism, hKey)) - DONE_CALL -} - -static CK_RV -log_C_Verify (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pData, - CK_ULONG ulDataLen, - CK_BYTE_PTR pSignature, - CK_ULONG ulSignatureLen) -{ - BEGIN_CALL (Verify) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pData, ulDataLen) - IN_BYTE_ARRAY (pSignature, ulSignatureLen) - PROCESS_CALL ((self, hSession, pData, ulDataLen, pSignature, ulSignatureLen)) - DONE_CALL -} - -static CK_RV -log_C_VerifyUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pPart, - CK_ULONG ulPartLen) -{ - BEGIN_CALL (VerifyUpdate) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pPart, ulPartLen) - PROCESS_CALL ((self, hSession, pPart, ulPartLen)) - DONE_CALL -} - -static CK_RV -log_C_VerifyFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pSignature, - CK_ULONG ulSignatureLen) -{ - BEGIN_CALL (VerifyFinal) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pSignature, ulSignatureLen); - PROCESS_CALL ((self, hSession, pSignature, ulSignatureLen)) - DONE_CALL -} - -static CK_RV -log_C_VerifyRecoverInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey) -{ - BEGIN_CALL (VerifyRecoverInit) - IN_SESSION (hSession) - IN_MECHANISM (pMechanism) - IN_HANDLE (hKey) - PROCESS_CALL ((self, hSession, pMechanism, hKey)) - DONE_CALL -} - -static CK_RV -log_C_VerifyRecover (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pSignature, - CK_ULONG ulSignatureLen, - CK_BYTE_PTR pData, - CK_ULONG_PTR pulDataLen) -{ - BEGIN_CALL (VerifyRecover) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pSignature, ulSignatureLen) - PROCESS_CALL ((self, hSession, pSignature, ulSignatureLen, pData, pulDataLen)) - OUT_BYTE_ARRAY (pData, pulDataLen) - DONE_CALL -} - -static CK_RV -log_C_DigestEncryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pPart, - CK_ULONG ulPartLen, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG_PTR pulEncryptedPartLen) -{ - BEGIN_CALL (DigestEncryptUpdate); - IN_SESSION (hSession) - IN_BYTE_ARRAY (pPart, ulPartLen) - PROCESS_CALL ((self, hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen)) - OUT_BYTE_ARRAY (pEncryptedPart, pulEncryptedPartLen) - DONE_CALL -} - -static CK_RV -log_C_DecryptDigestUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG ulEncryptedPartLen, - CK_BYTE_PTR pPart, - CK_ULONG_PTR pulPartLen) -{ - BEGIN_CALL (DecryptDigestUpdate) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pEncryptedPart, ulEncryptedPartLen) - PROCESS_CALL ((self, hSession, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen)) - OUT_BYTE_ARRAY (pPart, pulPartLen) - DONE_CALL -} - -static CK_RV -log_C_SignEncryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pPart, - CK_ULONG ulPartLen, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG_PTR pulEncryptedPartLen) -{ - BEGIN_CALL (SignEncryptUpdate) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pPart, ulPartLen) - PROCESS_CALL ((self, hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen)) - OUT_BYTE_ARRAY (pEncryptedPart, pulEncryptedPartLen) - DONE_CALL -} - -static CK_RV -log_C_DecryptVerifyUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG ulEncryptedPartLen, - CK_BYTE_PTR pPart, - CK_ULONG_PTR pulPartLen) -{ - BEGIN_CALL (DecryptVerifyUpdate) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pEncryptedPart, ulEncryptedPartLen) - PROCESS_CALL ((self, hSession, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen)) - OUT_BYTE_ARRAY (pPart, pulPartLen) - DONE_CALL -} - -static CK_RV -log_C_GenerateKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount, - CK_OBJECT_HANDLE_PTR phKey) -{ - BEGIN_CALL (GenerateKey) - IN_SESSION (hSession) - IN_MECHANISM (pMechanism) - IN_ATTRIBUTE_ARRAY (pTemplate, ulCount) - PROCESS_CALL ((self, hSession, pMechanism, pTemplate, ulCount, phKey)) - OUT_HANDLE (phKey) - DONE_CALL -} - -static CK_RV -log_C_GenerateKeyPair (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_ATTRIBUTE_PTR pPublicKeyTemplate, - CK_ULONG ulPublicKeyAttributeCount, - CK_ATTRIBUTE_PTR pPrivateKeyTemplate, - CK_ULONG ulPrivateKeyAttributeCount, - CK_OBJECT_HANDLE_PTR phPublicKey, - CK_OBJECT_HANDLE_PTR phPrivateKey) -{ - BEGIN_CALL (GenerateKeyPair) - IN_SESSION (hSession) - IN_MECHANISM (pMechanism) - IN_ATTRIBUTE_ARRAY (pPublicKeyTemplate, ulPublicKeyAttributeCount) - IN_ATTRIBUTE_ARRAY (pPrivateKeyTemplate, ulPrivateKeyAttributeCount) - PROCESS_CALL ((self, hSession, pMechanism, pPublicKeyTemplate, ulPublicKeyAttributeCount, - pPrivateKeyTemplate, ulPrivateKeyAttributeCount, phPublicKey, phPrivateKey)) - OUT_HANDLE (phPublicKey) - OUT_HANDLE (phPrivateKey) - DONE_CALL -} - -static CK_RV -log_C_WrapKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hWrappingKey, - CK_OBJECT_HANDLE hKey, - CK_BYTE_PTR pWrappedKey, - CK_ULONG_PTR pulWrappedKeyLen) -{ - BEGIN_CALL (WrapKey) - IN_SESSION (hSession) - IN_MECHANISM (pMechanism) - IN_HANDLE (hWrappingKey) - IN_HANDLE (hKey) - PROCESS_CALL ((self, hSession, pMechanism, hWrappingKey, hKey, pWrappedKey, pulWrappedKeyLen)) - OUT_BYTE_ARRAY (pWrappedKey, pulWrappedKeyLen) - DONE_CALL -} - -static CK_RV -log_C_UnwrapKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hUnwrappingKey, - CK_BYTE_PTR pWrappedKey, - CK_ULONG ulWrappedKeyLen, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_OBJECT_HANDLE_PTR phKey) -{ - BEGIN_CALL (UnwrapKey) - IN_SESSION (hSession) - IN_MECHANISM (pMechanism) - IN_HANDLE (hUnwrappingKey) - IN_BYTE_ARRAY (pWrappedKey, ulWrappedKeyLen) - IN_ATTRIBUTE_ARRAY (pTemplate, ulAttributeCount) - PROCESS_CALL ((self, hSession, pMechanism, hUnwrappingKey, pWrappedKey, - ulWrappedKeyLen, pTemplate, ulAttributeCount, phKey)) - OUT_HANDLE (phKey) - DONE_CALL -} - -static CK_RV -log_C_DeriveKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hBaseKey, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_OBJECT_HANDLE_PTR phObject) -{ - BEGIN_CALL (DeriveKey) - IN_SESSION (hSession) - IN_MECHANISM (pMechanism) - IN_HANDLE (hBaseKey) - IN_ATTRIBUTE_ARRAY (pTemplate, ulAttributeCount) - PROCESS_CALL ((self, hSession, pMechanism, hBaseKey, pTemplate, ulAttributeCount, phObject)) - OUT_HANDLE (phObject) - DONE_CALL -} - -static CK_RV -log_C_SeedRandom (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pSeed, - CK_ULONG ulSeedLen) -{ - BEGIN_CALL (SeedRandom) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pSeed, ulSeedLen); - PROCESS_CALL ((self, hSession, pSeed, ulSeedLen)) - DONE_CALL -} - -static CK_RV -log_C_GenerateRandom (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pRandomData, - CK_ULONG ulRandomLen) -{ - BEGIN_CALL (GenerateRandom) - IN_SESSION (hSession) - IN_ULONG (ulRandomLen) - PROCESS_CALL ((self, hSession, pRandomData, ulRandomLen)) - OUT_BYTE_ARRAY (pRandomData, &ulRandomLen) - DONE_CALL -} - -static CK_X_FUNCTION_LIST log_functions = { - { -1, -1 }, - log_C_Initialize, - log_C_Finalize, - log_C_GetInfo, - log_C_GetSlotList, - log_C_GetSlotInfo, - log_C_GetTokenInfo, - log_C_GetMechanismList, - log_C_GetMechanismInfo, - log_C_InitToken, - log_C_InitPIN, - log_C_SetPIN, - log_C_OpenSession, - log_C_CloseSession, - log_C_CloseAllSessions, - log_C_GetSessionInfo, - log_C_GetOperationState, - log_C_SetOperationState, - log_C_Login, - log_C_Logout, - log_C_CreateObject, - log_C_CopyObject, - log_C_DestroyObject, - log_C_GetObjectSize, - log_C_GetAttributeValue, - log_C_SetAttributeValue, - log_C_FindObjectsInit, - log_C_FindObjects, - log_C_FindObjectsFinal, - log_C_EncryptInit, - log_C_Encrypt, - log_C_EncryptUpdate, - log_C_EncryptFinal, - log_C_DecryptInit, - log_C_Decrypt, - log_C_DecryptUpdate, - log_C_DecryptFinal, - log_C_DigestInit, - log_C_Digest, - log_C_DigestUpdate, - log_C_DigestKey, - log_C_DigestFinal, - log_C_SignInit, - log_C_Sign, - log_C_SignUpdate, - log_C_SignFinal, - log_C_SignRecoverInit, - log_C_SignRecover, - log_C_VerifyInit, - log_C_Verify, - log_C_VerifyUpdate, - log_C_VerifyFinal, - log_C_VerifyRecoverInit, - log_C_VerifyRecover, - log_C_DigestEncryptUpdate, - log_C_DecryptDigestUpdate, - log_C_SignEncryptUpdate, - log_C_DecryptVerifyUpdate, - log_C_GenerateKey, - log_C_GenerateKeyPair, - log_C_WrapKey, - log_C_UnwrapKey, - log_C_DeriveKey, - log_C_SeedRandom, - log_C_GenerateRandom, - log_C_WaitForSlotEvent, -}; - -void -p11_log_release (void *data) -{ - LogData *log = (LogData *)data; - - return_if_fail (data != NULL); - p11_virtual_uninit (&log->virt); - free (log); -} - -p11_virtual * -p11_log_subclass (p11_virtual *lower, - p11_destroyer destroyer) -{ - LogData *log; - - log = calloc (1, sizeof (LogData)); - return_val_if_fail (log != NULL, NULL); - - p11_virtual_init (&log->virt, &log_functions, lower, destroyer); - log->lower = &lower->funcs; - return &log->virt; -} diff --git a/p11-kit/log.h b/p11-kit/log.h deleted file mode 100644 index d8169e8..0000000 --- a/p11-kit/log.h +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * - * CONTRIBUTORS - * Stef Walter - */ - -#ifndef P11_LOG_H_ -#define P11_LOG_H_ - -#include "virtual.h" - -p11_virtual * p11_log_subclass (p11_virtual *lower, - p11_destroyer destroyer); - -void p11_log_release (void *logger); - -extern bool p11_log_force; - -extern bool p11_log_output; - -#endif /* P11_LOG_H_ */ diff --git a/p11-kit/messages.c b/p11-kit/messages.c deleted file mode 100644 index 3190fce..0000000 --- a/p11-kit/messages.c +++ /dev/null @@ -1,242 +0,0 @@ -/* - * Copyright (C) 2011 Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "pkcs11.h" -#include "p11-kit.h" - -/** - * SECTION:p11-kit-util - * @title: Utilities - * @short_description: PKCS\#11 utilities - * - * Utility functions for working with PKCS\#11. - */ - -#ifdef ENABLE_NLS -#include -#define _(x) dgettext(PACKAGE_NAME, x) -#else -#define _(x) x -#endif - -/** - * p11_kit_strerror: - * @rv: The code to get a message for. - * - * Get a message for a PKCS\#11 return value or error code. Do not - * pass CKR_OK or other such non errors to this function. - * - * Returns: The user readable and localized message. - **/ -const char* -p11_kit_strerror (CK_RV rv) -{ - switch (rv) { - - /* These are not really errors, or not current */ - case CKR_OK: - case CKR_NO_EVENT: - case CKR_FUNCTION_NOT_PARALLEL: - case CKR_SESSION_PARALLEL_NOT_SUPPORTED: - return ""; - - case CKR_CANCEL: - case CKR_FUNCTION_CANCELED: - return _("The operation was cancelled"); - - case CKR_HOST_MEMORY: - return _("Insufficient memory available"); - case CKR_SLOT_ID_INVALID: - return _("The specified slot ID is not valid"); - case CKR_GENERAL_ERROR: - return _("Internal error"); - case CKR_FUNCTION_FAILED: - return _("The operation failed"); - case CKR_ARGUMENTS_BAD: - return _("Invalid arguments"); - case CKR_NEED_TO_CREATE_THREADS: - return _("The module cannot create needed threads"); - case CKR_CANT_LOCK: - return _("The module cannot lock data properly"); - case CKR_ATTRIBUTE_READ_ONLY: - return _("The field is read-only"); - case CKR_ATTRIBUTE_SENSITIVE: - return _("The field is sensitive and cannot be revealed"); - case CKR_ATTRIBUTE_TYPE_INVALID: - return _("The field is invalid or does not exist"); - case CKR_ATTRIBUTE_VALUE_INVALID: - return _("Invalid value for field"); - case CKR_DATA_INVALID: - return _("The data is not valid or unrecognized"); - case CKR_DATA_LEN_RANGE: - return _("The data is too long"); - case CKR_DEVICE_ERROR: - return _("An error occurred on the device"); - case CKR_DEVICE_MEMORY: - return _("Insufficient memory available on the device"); - case CKR_DEVICE_REMOVED: - return _("The device was removed or unplugged"); - case CKR_ENCRYPTED_DATA_INVALID: - return _("The encrypted data is not valid or unrecognized"); - case CKR_ENCRYPTED_DATA_LEN_RANGE: - return _("The encrypted data is too long"); - case CKR_FUNCTION_NOT_SUPPORTED: - return _("This operation is not supported"); - case CKR_KEY_HANDLE_INVALID: - return _("The key is missing or invalid"); - case CKR_KEY_SIZE_RANGE: - return _("The key is the wrong size"); - case CKR_KEY_TYPE_INCONSISTENT: - return _("The key is of the wrong type"); - case CKR_KEY_NOT_NEEDED: - return _("No key is needed"); - case CKR_KEY_CHANGED: - return _("The key is different than before"); - case CKR_KEY_NEEDED: - return _("A key is needed"); - case CKR_KEY_INDIGESTIBLE: - return _("Cannot include the key in the digest"); - case CKR_KEY_FUNCTION_NOT_PERMITTED: - return _("This operation cannot be done with this key"); - case CKR_KEY_NOT_WRAPPABLE: - return _("The key cannot be wrapped"); - case CKR_KEY_UNEXTRACTABLE: - return _("Cannot export this key"); - case CKR_MECHANISM_INVALID: - return _("The crypto mechanism is invalid or unrecognized"); - case CKR_MECHANISM_PARAM_INVALID: - return _("The crypto mechanism has an invalid argument"); - case CKR_OBJECT_HANDLE_INVALID: - return _("The object is missing or invalid"); - case CKR_OPERATION_ACTIVE: - return _("Another operation is already taking place"); - case CKR_OPERATION_NOT_INITIALIZED: - return _("No operation is taking place"); - case CKR_PIN_INCORRECT: - return _("The password or PIN is incorrect"); - case CKR_PIN_INVALID: - return _("The password or PIN is invalid"); - case CKR_PIN_LEN_RANGE: - return _("The password or PIN is of an invalid length"); - case CKR_PIN_EXPIRED: - return _("The password or PIN has expired"); - case CKR_PIN_LOCKED: - return _("The password or PIN is locked"); - case CKR_SESSION_CLOSED: - return _("The session is closed"); - case CKR_SESSION_COUNT: - return _("Too many sessions are active"); - case CKR_SESSION_HANDLE_INVALID: - return _("The session is invalid"); - case CKR_SESSION_READ_ONLY: - return _("The session is read-only"); - case CKR_SESSION_EXISTS: - return _("An open session exists"); - case CKR_SESSION_READ_ONLY_EXISTS: - return _("A read-only session exists"); - case CKR_SESSION_READ_WRITE_SO_EXISTS: - return _("An administrator session exists"); - case CKR_SIGNATURE_INVALID: - return _("The signature is bad or corrupted"); - case CKR_SIGNATURE_LEN_RANGE: - return _("The signature is unrecognized or corrupted"); - case CKR_TEMPLATE_INCOMPLETE: - return _("Certain required fields are missing"); - case CKR_TEMPLATE_INCONSISTENT: - return _("Certain fields have invalid values"); - case CKR_TOKEN_NOT_PRESENT: - return _("The device is not present or unplugged"); - case CKR_TOKEN_NOT_RECOGNIZED: - return _("The device is invalid or unrecognizable"); - case CKR_TOKEN_WRITE_PROTECTED: - return _("The device is write protected"); - case CKR_UNWRAPPING_KEY_HANDLE_INVALID: - return _("Cannot import because the key is invalid"); - case CKR_UNWRAPPING_KEY_SIZE_RANGE: - return _("Cannot import because the key is of the wrong size"); - case CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT: - return _("Cannot import because the key is of the wrong type"); - case CKR_USER_ALREADY_LOGGED_IN: - return _("You are already logged in"); - case CKR_USER_NOT_LOGGED_IN: - return _("No user has logged in"); - case CKR_USER_PIN_NOT_INITIALIZED: - return _("The user's password or PIN is not set"); - case CKR_USER_TYPE_INVALID: - return _("The user is of an invalid type"); - case CKR_USER_ANOTHER_ALREADY_LOGGED_IN: - return _("Another user is already logged in"); - case CKR_USER_TOO_MANY_TYPES: - return _("Too many users of different types are logged in"); - case CKR_WRAPPED_KEY_INVALID: - return _("Cannot import an invalid key"); - case CKR_WRAPPED_KEY_LEN_RANGE: - return _("Cannot import a key of the wrong size"); - case CKR_WRAPPING_KEY_HANDLE_INVALID: - return _("Cannot export because the key is invalid"); - case CKR_WRAPPING_KEY_SIZE_RANGE: - return _("Cannot export because the key is of the wrong size"); - case CKR_WRAPPING_KEY_TYPE_INCONSISTENT: - return _("Cannot export because the key is of the wrong type"); - case CKR_RANDOM_SEED_NOT_SUPPORTED: - return _("Unable to initialize the random number generator"); - case CKR_RANDOM_NO_RNG: - return _("No random number generator available"); - case CKR_DOMAIN_PARAMS_INVALID: - return _("The crypto mechanism has an invalid parameter"); - case CKR_BUFFER_TOO_SMALL: - return _("Not enough space to store the result"); - case CKR_SAVED_STATE_INVALID: - return _("The saved state is invalid"); - case CKR_INFORMATION_SENSITIVE: - return _("The information is sensitive and cannot be revealed"); - case CKR_STATE_UNSAVEABLE: - return _("The state cannot be saved"); - case CKR_CRYPTOKI_NOT_INITIALIZED: - return _("The module has not been initialized"); - case CKR_CRYPTOKI_ALREADY_INITIALIZED: - return _("The module has already been initialized"); - case CKR_MUTEX_BAD: - return _("Cannot lock data"); - case CKR_MUTEX_NOT_LOCKED: - return _("The data cannot be locked"); - case CKR_FUNCTION_REJECTED: - return _("The request was rejected by the user"); - - default: - return _("Unknown error"); - } -} diff --git a/p11-kit/mock-module-ep.c b/p11-kit/mock-module-ep.c deleted file mode 100644 index 9ba739a..0000000 --- a/p11-kit/mock-module-ep.c +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright (c) 2012 Stefan Walter - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#define CRYPTOKI_EXPORTS 1 -#include "pkcs11.h" - -#include "mock.h" - -#ifdef OS_WIN32 -__declspec(dllexport) -#endif -CK_RV -C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) -{ - mock_module_init (); - mock_module_no_slots.C_GetFunctionList = C_GetFunctionList; - if (list == NULL) - return CKR_ARGUMENTS_BAD; - *list = &mock_module; - return CKR_OK; -} diff --git a/p11-kit/mock-module-ep2.c b/p11-kit/mock-module-ep2.c deleted file mode 100644 index ee71711..0000000 --- a/p11-kit/mock-module-ep2.c +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright (c) 2012 Stefan Walter - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#define CRYPTOKI_EXPORTS 1 -#include "pkcs11.h" - -#include "mock.h" - -#include - -#ifdef OS_WIN32 -__declspec(dllexport) -#endif -CK_RV -C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) -{ - mock_module_init (); - mock_module.C_GetFunctionList = C_GetFunctionList; - if (list == NULL) - return CKR_ARGUMENTS_BAD; - *list = &mock_module; - return CKR_OK; -} diff --git a/p11-kit/mock-module-ep3.c b/p11-kit/mock-module-ep3.c deleted file mode 100644 index 4bf403c..0000000 --- a/p11-kit/mock-module-ep3.c +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright (c) 2012 Stefan Walter - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#define CRYPTOKI_EXPORTS 1 -#include "pkcs11.h" - -#include "mock.h" -#include "test.h" - -#include - -static CK_RV -override_initialize (CK_VOID_PTR init_args) -{ - CK_C_INITIALIZE_ARGS_PTR args = init_args; - - assert_str_eq ("initialize-arg", args->pReserved); - - return mock_C_Initialize (init_args); -} - -#ifdef OS_WIN32 -__declspec(dllexport) -#endif -CK_RV -C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) -{ - mock_module_init (); - mock_module.C_GetFunctionList = C_GetFunctionList; - if (list == NULL) - return CKR_ARGUMENTS_BAD; - mock_module.C_Initialize = override_initialize; - *list = &mock_module; - return CKR_OK; -} diff --git a/p11-kit/modules.c b/p11-kit/modules.c deleted file mode 100644 index 6e15c1d..0000000 --- a/p11-kit/modules.c +++ /dev/null @@ -1,2704 +0,0 @@ -/* - * Copyright (C) 2008 Stefan Walter - * Copyright (C) 2011 Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -/* We use and define deprecated functions here */ -#define P11_KIT_NO_DEPRECATIONS -#define P11_DEBUG_FLAG P11_DEBUG_LIB - -#include "conf.h" -#include "debug.h" -#include "dict.h" -#include "library.h" -#include "log.h" -#include "message.h" -#include "modules.h" -#include "path.h" -#include "pkcs11.h" -#include "p11-kit.h" -#include "private.h" -#include "proxy.h" -#include "rpc.h" -#include "virtual.h" - -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -/** - * SECTION:p11-kit - * @title: Modules - * @short_description: Module loading and initializing - * - * PKCS\#11 modules are used by crypto libraries and applications to access - * crypto objects (like keys and certificates) and to perform crypto operations. - * - * In order for applications to behave consistently with regard to the user's - * installed PKCS\#11 modules, each module must be configured so that applications - * or libraries know that they should load it. - * - * When multiple consumers of a module (such as libraries or applications) are - * in the same process, coordination of the initialization and finalization - * of PKCS\#11 modules is required. To do this modules are managed by p11-kit. - * This means that various unsafe methods are coordinated between callers. Unmanaged - * modules are simply the raw PKCS\#11 module pointers without p11-kit getting in the - * way. It is highly recommended that the default managed behavior is used. - * - * The functions here provide support for initializing configured modules. The - * p11_kit_modules_load() function should be used to load and initialize - * the configured modules. When done, the p11_kit_modules_release() function - * should be used to release those modules and associated resources. - * - * In addition p11_kit_config_option() can be used to access other parts - * of the module configuration. - * - * If a consumer wishes to load an arbitrary PKCS\#11 module that's not - * configured use p11_kit_module_load() to do so. And use p11_kit_module_release() - * to later release it. - * - * Modules are represented by a pointer to their CK_FUNCTION_LIST - * entry points. - */ - -/** - * SECTION:p11-kit-deprecated - * @title: Deprecated - * @short_description: Deprecated functions - * - * These functions have been deprecated from p11-kit and are not recommended for - * general usage. In large part they were deprecated because they did not adequately - * insulate multiple callers of a PKCS\#11 module from another, and could not - * support the 'managed' mode needed to do this. - */ - -/** - * P11_KIT_MODULE_UNMANAGED: - * - * Module is loaded in non 'managed' mode. This is not recommended, - * disables many features, and prevents coordination between multiple - * callers of the same module. - */ - -/** - * P11_KIT_MODULE_CRITICAL: - * - * Flag to load a module in 'critical' mode. Failure to load a critical module - * will prevent all other modules from loading. A failure when loading a - * non-critical module skips that module. - */ - -typedef struct _Module { - /* - * When using managed modules, this forms the base of the - * virtual stack into which all the other modules call. This is also - * the first field in this structure so we can cast between them. - */ - p11_virtual virt; - - /* The initialize args built from configuration */ - CK_C_INITIALIZE_ARGS init_args; - int ref_count; - int init_count; - - /* Registered modules */ - char *name; - char *filename; - p11_dict *config; - bool critical; - - /* - * This is a pointer to the actual dl shared module, or perhaps - * the RPC client context. - */ - void *loaded_module; - p11_kit_destroyer loaded_destroy; - - /* Initialization, mutex must be held */ - p11_mutex_t initialize_mutex; - unsigned int initialize_called; - p11_thread_id_t initialize_thread; -} Module; - -/* - * Shared data between threads, protected by the mutex, a structure so - * we can audit thread safety easier. - */ -static struct _Shared { - p11_dict *modules; - p11_dict *unmanaged_by_funcs; - p11_dict *managed_by_closure; - p11_dict *config; -} gl = { NULL, NULL }; - -/* These are global variables to be overridden in tests */ -const char *p11_config_system_file = P11_SYSTEM_CONFIG_FILE; -const char *p11_config_user_file = P11_USER_CONFIG_FILE; -const char *p11_config_package_modules = P11_PACKAGE_CONFIG_MODULES; -const char *p11_config_system_modules = P11_SYSTEM_CONFIG_MODULES; -const char *p11_config_user_modules = P11_USER_CONFIG_MODULES; - -/* ----------------------------------------------------------------------------- - * P11-KIT FUNCTIONALITY - */ - -static CK_RV -create_mutex (CK_VOID_PTR_PTR mut) -{ - p11_mutex_t *pmutex; - - return_val_if_fail (mut != NULL, CKR_ARGUMENTS_BAD); - - pmutex = malloc (sizeof (p11_mutex_t)); - return_val_if_fail (pmutex != NULL, CKR_HOST_MEMORY); - - p11_mutex_init (pmutex); - *mut = pmutex; - return CKR_OK; -} - -static CK_RV -destroy_mutex (CK_VOID_PTR mut) -{ - p11_mutex_t *pmutex = mut; - - return_val_if_fail (mut != NULL, CKR_MUTEX_BAD); - - p11_mutex_uninit (pmutex); - free (pmutex); - return CKR_OK; -} - -static CK_RV -lock_mutex (CK_VOID_PTR mut) -{ - p11_mutex_t *pmutex = mut; - - return_val_if_fail (mut != NULL, CKR_MUTEX_BAD); - - p11_mutex_lock (pmutex); - return CKR_OK; -} - -static CK_RV -unlock_mutex (CK_VOID_PTR mut) -{ - p11_mutex_t *pmutex = mut; - - return_val_if_fail (mut != NULL, CKR_MUTEX_BAD); - - p11_mutex_unlock (pmutex); - return CKR_OK; -} - -static void -free_module_unlocked (void *data) -{ - Module *mod = data; - - assert (mod != NULL); - - /* Module must have no outstanding references */ - assert (mod->ref_count == 0); - - if (mod->init_count > 0) { - p11_debug_precond ("module unloaded without C_Finalize having been " - "called for each C_Initialize"); - } else { - assert (mod->initialize_thread == 0); - } - - if (mod->loaded_destroy) - mod->loaded_destroy (mod->loaded_module); - - p11_mutex_uninit (&mod->initialize_mutex); - p11_dict_free (mod->config); - free (mod->name); - free (mod->filename); - free (mod); -} - -static Module * -alloc_module_unlocked (void) -{ - Module *mod; - - mod = calloc (1, sizeof (Module)); - return_val_if_fail (mod != NULL, NULL); - - mod->init_args.CreateMutex = create_mutex; - mod->init_args.DestroyMutex = destroy_mutex; - mod->init_args.LockMutex = lock_mutex; - mod->init_args.UnlockMutex = unlock_mutex; - mod->init_args.flags = CKF_OS_LOCKING_OK; - p11_mutex_init (&mod->initialize_mutex); - - /* - * The default for configured modules is non-critical, but for - * modules loaded explicitly, and not from config, we treat them - * as critical. So this gets overridden for configured modules - * later when the config is loaded. - */ - mod->critical = true; - - return mod; -} - -static CK_RV -dlopen_and_get_function_list (Module *mod, - const char *path, - CK_FUNCTION_LIST **funcs) -{ - CK_C_GetFunctionList gfl; - dl_module_t dl; - char *error; - CK_RV rv; - - assert (mod != NULL); - assert (path != NULL); - assert (funcs != NULL); - - dl = p11_dl_open (path); - if (dl == NULL) { - error = p11_dl_error (); - p11_message ("couldn't load module: %s: %s", path, error); - free (error); - return CKR_GENERAL_ERROR; - } - - /* When the Module goes away, dlclose the loaded module */ - mod->loaded_destroy = (p11_kit_destroyer)p11_dl_close; - mod->loaded_module = dl; - - gfl = p11_dl_symbol (dl, "C_GetFunctionList"); - if (!gfl) { - error = p11_dl_error (); - p11_message ("couldn't find C_GetFunctionList entry point in module: %s: %s", - path, error); - free (error); - return CKR_GENERAL_ERROR; - } - - rv = gfl (funcs); - if (rv != CKR_OK) { - p11_message ("call to C_GetFunctiontList failed in module: %s: %s", - path, p11_kit_strerror (rv)); - return rv; - } - - if (p11_proxy_module_check (*funcs)) { - p11_message ("refusing to load the p11-kit-proxy.so module as a registered module"); - return CKR_FUNCTION_FAILED; - } - - p11_virtual_init (&mod->virt, &p11_virtual_base, *funcs, NULL); - p11_debug ("opened module: %s", path); - return CKR_OK; -} - -static CK_RV -load_module_from_file_inlock (const char *name, - const char *path, - Module **result) -{ - CK_FUNCTION_LIST *funcs; - char *expand = NULL; - Module *mod; - Module *prev; - CK_RV rv; - - assert (path != NULL); - assert (result != NULL); - - mod = alloc_module_unlocked (); - return_val_if_fail (mod != NULL, CKR_HOST_MEMORY); - - if (!p11_path_absolute (path)) { - p11_debug ("module path is relative, loading from: %s", P11_MODULE_PATH); - path = expand = p11_path_build (P11_MODULE_PATH, path, NULL); - return_val_if_fail (path != NULL, CKR_HOST_MEMORY); - } - - p11_debug ("loading module %s%sfrom path: %s", - name ? name : "", name ? " " : "", path); - - mod->filename = strdup (path); - - rv = dlopen_and_get_function_list (mod, path, &funcs); - free (expand); - - if (rv != CKR_OK) { - free_module_unlocked (mod); - return rv; - } - - /* Do we have a previous one like this, if so ignore load */ - prev = p11_dict_get (gl.unmanaged_by_funcs, funcs); - - /* If same module was loaded previously, just take over config */ - if (prev != NULL) { - if (!name || prev->name || prev->config) - p11_debug ("duplicate module %s, using previous", name); - free_module_unlocked (mod); - mod = prev; - - /* This takes ownership of the module */ - } else if (!p11_dict_set (gl.modules, mod, mod) || - !p11_dict_set (gl.unmanaged_by_funcs, funcs, mod)) { - return_val_if_reached (CKR_HOST_MEMORY); - } - - *result= mod; - return CKR_OK; -} - -static CK_RV -setup_module_for_remote_inlock (const char *name, - const char *remote, - Module **result) -{ - p11_rpc_transport *rpc; - Module *mod; - - p11_debug ("remoting module %s using: %s", name, remote); - - mod = alloc_module_unlocked (); - return_val_if_fail (mod != NULL, CKR_HOST_MEMORY); - - rpc = p11_rpc_transport_new (&mod->virt, remote, name); - if (rpc == NULL) { - free_module_unlocked (mod); - return CKR_DEVICE_ERROR; - } - - mod->filename = NULL; - mod->loaded_module = rpc; - mod->loaded_destroy = p11_rpc_transport_free; - - /* This takes ownership of the module */ - if (!p11_dict_set (gl.modules, mod, mod)) - return_val_if_reached (CKR_HOST_MEMORY); - - *result = mod; - return CKR_OK; -} - -static int -is_list_delimiter (char ch) -{ - return ch == ',' || isspace (ch); -} - -static bool -is_string_in_list (const char *list, - const char *string) -{ - const char *where; - - where = strstr (list, string); - if (where == NULL) - return false; - - /* Has to be at beginning/end of string, and delimiter before/after */ - if (where != list && !is_list_delimiter (*(where - 1))) - return false; - - where += strlen (string); - return (*where == '\0' || is_list_delimiter (*where)); -} - -static bool -is_module_enabled_unlocked (const char *name, - p11_dict *config) -{ - const char *progname; - const char *enable_in; - const char *disable_in; - bool enable = false; - - enable_in = p11_dict_get (config, "enable-in"); - disable_in = p11_dict_get (config, "disable-in"); - - /* Defaults to enabled if neither of these are set */ - if (!enable_in && !disable_in) - return true; - - progname = _p11_get_progname_unlocked (); - if (enable_in && disable_in) - p11_message ("module '%s' has both enable-in and disable-in options", name); - if (enable_in) - enable = (progname != NULL && is_string_in_list (enable_in, progname)); - else if (disable_in) - enable = (progname == NULL || !is_string_in_list (disable_in, progname)); - - p11_debug ("%s module '%s' running in '%s'", - enable ? "enabled" : "disabled", - name, - progname ? progname : "(null)"); - return enable; -} - -static CK_RV -take_config_and_load_module_inlock (char **name, - p11_dict **config, - bool critical) -{ - const char *filename = NULL; - const char *remote = NULL; - CK_RV rv = CKR_OK; - Module *mod; - - assert (name); - assert (*name); - assert (config); - assert (*config); - - if (!is_module_enabled_unlocked (*name, *config)) - goto out; - - remote = p11_dict_get (*config, "remote"); - if (remote == NULL) { - filename = p11_dict_get (*config, "module"); - if (filename == NULL) { - p11_debug ("no module path for module, skipping: %s", *name); - goto out; - } - } - - if (remote != NULL) { - rv = setup_module_for_remote_inlock (*name, remote, &mod); - if (rv != CKR_OK) - goto out; - - } else { - - rv = load_module_from_file_inlock (*name, filename, &mod); - if (rv != CKR_OK) - goto out; - } - - /* - * We support setting of CK_C_INITIALIZE_ARGS.pReserved from - * 'x-init-reserved' setting in the config. This only works with specific - * PKCS#11 modules, and is non-standard use of that field. - */ - mod->init_args.pReserved = p11_dict_get (*config, "x-init-reserved"); - - /* Take ownership of thes evariables */ - p11_dict_free (mod->config); - mod->config = *config; - *config = NULL; - free (mod->name); - mod->name = *name; - *name = NULL; - mod->critical = critical; - -out: - return rv; -} - -static CK_RV -load_registered_modules_unlocked (void) -{ - p11_dictiter iter; - p11_dict *configs; - void *key; - char *name; - p11_dict *config; - int mode; - CK_RV rv; - bool critical; - - if (gl.config) - return CKR_OK; - - /* Load the global configuration files */ - config = _p11_conf_load_globals (p11_config_system_file, p11_config_user_file, &mode); - if (config == NULL) - return CKR_GENERAL_ERROR; - - assert (mode != CONF_USER_INVALID); - - configs = _p11_conf_load_modules (mode, - p11_config_package_modules, - p11_config_system_modules, - p11_config_user_modules); - if (configs == NULL) { - rv = CKR_GENERAL_ERROR; - p11_dict_free (config); - return rv; - } - - assert (gl.config == NULL); - gl.config = config; - - /* - * Now go through each config and turn it into a module. As we iterate - * we steal the values of the config. - */ - p11_dict_iterate (configs, &iter); - while (p11_dict_next (&iter, &key, NULL)) { - if (!p11_dict_steal (configs, key, (void**)&name, (void**)&config)) - assert_not_reached (); - - /* Is this a critical module, should abort loading of others? */ - critical = _p11_conf_parse_boolean (p11_dict_get (config, "critical"), false); - rv = take_config_and_load_module_inlock (&name, &config, critical); - - /* - * These variables will be cleared if ownership is transeferred - * by the above function call. - */ - p11_dict_free (config); - - if (critical && rv != CKR_OK) { - p11_message ("aborting initialization because module '%s' was marked as critical", - name); - p11_dict_free (configs); - free (name); - return rv; - } - - free (name); - } - - p11_dict_free (configs); - return CKR_OK; -} - -static CK_RV -initialize_module_inlock_reentrant (Module *mod, CK_C_INITIALIZE_ARGS *init_args) -{ - CK_RV rv = CKR_OK; - p11_thread_id_t self; - - assert (mod); - - self = p11_thread_id_self (); - - if (mod->initialize_thread == self) { - p11_message ("p11-kit initialization called recursively"); - return CKR_FUNCTION_FAILED; - } - - /* - * Increase ref first, so module doesn't get freed out from - * underneath us when the mutex is unlocked below. - */ - ++mod->ref_count; - mod->initialize_thread = self; - - /* Change over to the module specific mutex */ - p11_unlock (); - p11_mutex_lock (&mod->initialize_mutex); - - if (mod->initialize_called != p11_forkid) { - p11_debug ("C_Initialize: calling"); - - /* The init_args argument takes precedence over mod->init_args */ - if (init_args == NULL) - init_args = &mod->init_args; - - rv = mod->virt.funcs.C_Initialize (&mod->virt.funcs, - init_args); - - p11_debug ("C_Initialize: result: %lu", rv); - - /* Module was initialized and C_Finalize should be called */ - if (rv == CKR_OK) - mod->initialize_called = p11_forkid; - else - mod->initialize_called = 0; - - /* Module was already initialized, we don't call C_Finalize */ - if (rv == CKR_CRYPTOKI_ALREADY_INITIALIZED) - rv = CKR_OK; - } - - p11_mutex_unlock (&mod->initialize_mutex); - p11_lock (); - - if (rv == CKR_OK) { - /* Matches the ref count in finalize_module_inlock_reentrant() */ - if (mod->init_count == 0) - mod->ref_count++; - mod->init_count++; - } - - mod->ref_count--; - mod->initialize_thread = 0; - return rv; -} - -static CK_RV -init_globals_unlocked (void) -{ - static bool once = false; - - if (!gl.modules) { - gl.modules = p11_dict_new (p11_dict_direct_hash, - p11_dict_direct_equal, - free_module_unlocked, NULL); - return_val_if_fail (gl.modules != NULL, CKR_HOST_MEMORY); - } - - if (!gl.unmanaged_by_funcs) { - gl.unmanaged_by_funcs = p11_dict_new (p11_dict_direct_hash, - p11_dict_direct_equal, - NULL, NULL); - return_val_if_fail (gl.unmanaged_by_funcs != NULL, CKR_HOST_MEMORY); - } - - if (!gl.managed_by_closure) { - gl.managed_by_closure = p11_dict_new (p11_dict_direct_hash, - p11_dict_direct_equal, - NULL, NULL); - return_val_if_fail (gl.managed_by_closure != NULL, CKR_HOST_MEMORY); - } - - if (once) - return CKR_OK; - - once = true; - - return CKR_OK; -} - -static void -free_modules_when_no_refs_unlocked (void) -{ - Module *mod; - p11_dictiter iter; - - /* Check if any modules have a ref count */ - p11_dict_iterate (gl.modules, &iter); - while (p11_dict_next (&iter, (void **)&mod, NULL)) { - if (mod->ref_count) - return; - } - - p11_dict_free (gl.unmanaged_by_funcs); - gl.unmanaged_by_funcs = NULL; - - p11_dict_free (gl.managed_by_closure); - gl.managed_by_closure = NULL; - - p11_dict_free (gl.modules); - gl.modules = NULL; - - p11_dict_free (gl.config); - gl.config = NULL; -} - -static CK_RV -finalize_module_inlock_reentrant (Module *mod) -{ - assert (mod); - - /* - * We leave module info around until all are finalized - * so we can encounter these zombie Module structures. - */ - if (mod->ref_count == 0) - return CKR_ARGUMENTS_BAD; - - if (--mod->init_count > 0) - return CKR_OK; - - /* - * Because of the mutex unlock below, we temporarily increase - * the ref count. This prevents module from being freed out - * from ounder us. - */ - - p11_unlock (); - p11_mutex_lock (&mod->initialize_mutex); - - if (mod->initialize_called == p11_forkid) { - mod->virt.funcs.C_Finalize (&mod->virt.funcs, NULL); - mod->initialize_called = 0; - } - - p11_mutex_unlock (&mod->initialize_mutex); - p11_lock (); - - /* Match the ref increment in initialize_module_inlock_reentrant() */ - mod->ref_count--; - - free_modules_when_no_refs_unlocked (); - return CKR_OK; -} - -static CK_RV -initialize_registered_inlock_reentrant (void) -{ - p11_dictiter iter; - Module *mod; - CK_RV rv; - - /* - * This is only called by deprecated code. The caller expects all - * configured and enabled modules to be initialized. - */ - - rv = init_globals_unlocked (); - if (rv != CKR_OK) - return rv; - - rv = load_registered_modules_unlocked (); - if (rv == CKR_OK) { - p11_dict_iterate (gl.unmanaged_by_funcs, &iter); - while (rv == CKR_OK && p11_dict_next (&iter, NULL, (void **)&mod)) { - - /* Skip all modules that aren't registered or enabled */ - if (mod->name == NULL || !is_module_enabled_unlocked (mod->name, mod->config)) - continue; - - rv = initialize_module_inlock_reentrant (mod, NULL); - if (rv != CKR_OK) { - if (mod->critical) { - p11_message ("initialization of critical module '%s' failed: %s", - mod->name, p11_kit_strerror (rv)); - } else { - p11_message ("skipping module '%s' whose initialization failed: %s", - mod->name, p11_kit_strerror (rv)); - rv = CKR_OK; - } - } - } - } - - return rv; -} - -static Module * -module_for_functions_inlock (CK_FUNCTION_LIST *funcs) -{ - if (p11_virtual_is_wrapper (funcs)) - return p11_dict_get (gl.managed_by_closure, funcs); - else - return p11_dict_get (gl.unmanaged_by_funcs, funcs); -} - -static CK_FUNCTION_LIST * -unmanaged_for_module_inlock (Module *mod) -{ - CK_FUNCTION_LIST *funcs; - - funcs = mod->virt.lower_module; - if (p11_dict_get (gl.unmanaged_by_funcs, funcs) == mod) - return funcs; - - return NULL; -} - -/** - * p11_kit_initialize_registered: - * - * Initialize all the registered PKCS\#11 modules. - * - * If this is the first time this function is called multiple times - * consecutively within a single process, then it merely increments an - * initialization reference count for each of these modules. - * - * Use p11_kit_finalize_registered() to finalize these registered modules once - * the caller is done with them. - * - * If this function fails, then an error message will be available via the - * p11_kit_message() function. - * - * Deprecated: Since: 0.19.0: Use p11_kit_modules_load() instead. - * - * Returns: CKR_OK if the initialization succeeded, or an error code. - */ -CK_RV -p11_kit_initialize_registered (void) -{ - CK_RV rv; - - p11_library_init_once (); - - /* WARNING: This function must be reentrant */ - p11_debug ("in"); - - p11_lock (); - - p11_message_clear (); - - /* WARNING: Reentrancy can occur here */ - rv = initialize_registered_inlock_reentrant (); - - _p11_kit_default_message (rv); - - p11_unlock (); - - /* Cleanup any partial initialization */ - if (rv != CKR_OK) - p11_kit_finalize_registered (); - - p11_debug ("out: %lu", rv); - return rv; -} - -static CK_RV -finalize_registered_inlock_reentrant (void) -{ - Module *mod; - p11_dictiter iter; - Module **to_finalize; - int i, count; - - /* - * This is only called from deprecated code. The caller expects all - * modules initialized earlier to be finalized (once). If non-critical - * modules failed to initialize, then it is not possible to completely - * guarantee the internal state. - */ - - if (!gl.modules) - return CKR_CRYPTOKI_NOT_INITIALIZED; - - /* WARNING: This function must be reentrant */ - - to_finalize = calloc (p11_dict_size (gl.unmanaged_by_funcs), sizeof (Module *)); - if (!to_finalize) - return CKR_HOST_MEMORY; - - count = 0; - p11_dict_iterate (gl.unmanaged_by_funcs, &iter); - while (p11_dict_next (&iter, NULL, (void **)&mod)) { - - /* Skip all modules that aren't registered */ - if (mod->name && mod->init_count) - to_finalize[count++] = mod; - } - - p11_debug ("finalizing %d modules", count); - - for (i = 0; i < count; ++i) { - /* WARNING: Reentrant calls can occur here */ - finalize_module_inlock_reentrant (to_finalize[i]); - } - - free (to_finalize); - - /* In case nothing loaded, free up internal memory */ - if (count == 0) - free_modules_when_no_refs_unlocked (); - - return CKR_OK; -} - -/** - * p11_kit_finalize_registered: - * - * Finalize all the registered PKCS\#11 modules. These should have been - * initialized with p11_kit_initialize_registered(). - * - * If p11_kit_initialize_registered() has been called more than once in this - * process, then this function must be called the same number of times before - * actual finalization will occur. - * - * If this function fails, then an error message will be available via the - * p11_kit_message() function. - * - * Deprecated: Since 0.19.0: Use p11_kit_modules_release() instead. - * - * Returns: CKR_OK if the finalization succeeded, or an error code. - */ - -CK_RV -p11_kit_finalize_registered (void) -{ - CK_RV rv; - - p11_library_init_once (); - - /* WARNING: This function must be reentrant */ - p11_debug ("in"); - - p11_lock (); - - p11_message_clear (); - - /* WARNING: Reentrant calls can occur here */ - rv = finalize_registered_inlock_reentrant (); - - _p11_kit_default_message (rv); - - p11_unlock (); - - p11_debug ("out: %lu", rv); - return rv; -} - -static int -compar_priority (const void *one, - const void *two) -{ - CK_FUNCTION_LIST_PTR f1 = *((CK_FUNCTION_LIST_PTR *)one); - CK_FUNCTION_LIST_PTR f2 = *((CK_FUNCTION_LIST_PTR *)two); - Module *m1, *m2; - const char *v1, *v2; - int o1, o2; - - m1 = module_for_functions_inlock (f1); - m2 = module_for_functions_inlock (f2); - assert (m1 != NULL && m2 != NULL); - - v1 = p11_dict_get (m1->config, "priority"); - v2 = p11_dict_get (m2->config, "priority"); - - o1 = atoi (v1 ? v1 : "0"); - o2 = atoi (v2 ? v2 : "0"); - - /* Priority is in descending order, highest first */ - if (o1 != o2) - return o1 > o2 ? -1 : 1; - - /* - * Otherwise use the names alphabetically in ascending order. This - * is really just to provide consistency between various loads of - * the configuration. - */ - if (m1->name == m2->name) - return 0; - if (!m1->name) - return -1; - if (!m2->name) - return 1; - return strcmp (m1->name, m2->name); -} - -static void -sort_modules_by_priority (CK_FUNCTION_LIST_PTR *modules, - int count) -{ - qsort (modules, count, sizeof (CK_FUNCTION_LIST_PTR), compar_priority); -} - -static CK_FUNCTION_LIST ** -list_registered_modules_inlock (void) -{ - CK_FUNCTION_LIST **result = NULL; - CK_FUNCTION_LIST *funcs; - Module *mod; - p11_dictiter iter; - int i = 0; - - /* - * This is only called by deprecated code. The caller expects to get - * a list of all registered enabled modules that have been initialized. - */ - - if (gl.unmanaged_by_funcs) { - result = calloc (p11_dict_size (gl.unmanaged_by_funcs) + 1, - sizeof (CK_FUNCTION_LIST *)); - return_val_if_fail (result != NULL, NULL); - - p11_dict_iterate (gl.unmanaged_by_funcs, &iter); - while (p11_dict_next (&iter, (void **)&funcs, (void **)&mod)) { - - /* - * We don't include unreferenced modules. We don't include - * modules that have been initialized but aren't in the - * registry. These have a NULL name. - * - * In addition we check again that the module isn't disabled - * using enable-in or disable-in. This is because a caller - * can change the progname we recognize the process as after - * having initialized. This is a corner case, but want to make - * sure to cover it. - */ - if (mod->ref_count && mod->name && mod->init_count && - is_module_enabled_unlocked (mod->name, mod->config)) { - result[i++] = funcs; - } - } - - sort_modules_by_priority (result, i); - } - - return result; -} - -/** - * p11_kit_registered_modules: - * - * Get a list of all the registered PKCS\#11 modules. This list will be valid - * once the p11_kit_initialize_registered() function has been called. - * - * The returned value is a NULL terminated array of - * CK_FUNCTION_LIST_PTR pointers. - * - * The returned modules are unmanaged. - * - * Deprecated: Since 0.19.0: Use p11_kit_modules_load() instead. - * - * Returns: A list of all the registered modules. Use the free() function to - * free the list. - */ -CK_FUNCTION_LIST_PTR_PTR -p11_kit_registered_modules (void) -{ - CK_FUNCTION_LIST_PTR_PTR result; - - p11_library_init_once (); - - p11_lock (); - - p11_message_clear (); - - result = list_registered_modules_inlock (); - - p11_unlock (); - - return result; -} - -/** - * p11_kit_registered_module_to_name: - * @module: pointer to a registered module - * - * Get the name of a registered PKCS\#11 module. - * - * You can use p11_kit_registered_modules() to get a list of all the registered - * modules. This name is specified by the registered module configuration. - * - * Deprecated: Since 0.19.0: Use p11_kit_module_get_name() instead. - * - * Returns: A newly allocated string containing the module name, or - * NULL if no such registered module exists. Use free() to - * free this string. - */ -char* -p11_kit_registered_module_to_name (CK_FUNCTION_LIST_PTR module) -{ - return_val_if_fail (module != NULL, NULL); - return p11_kit_module_get_name (module); -} - -/** - * p11_kit_module_get_name: - * @module: pointer to a loaded module - * - * Get the configured name of the PKCS\#11 module. - * - * Configured modules are loaded by p11_kit_modules_load(). The module - * passed to this function can be either managed or unmanaged. Non - * configured modules will return %NULL. - * - * Use free() to release the return value when you're done with it. - * - * Returns: a newly allocated string containing the module name, or - * NULL if the module is not a configured module - */ -char * -p11_kit_module_get_name (CK_FUNCTION_LIST *module) -{ - Module *mod; - char *name = NULL; - - return_val_if_fail (module != NULL, NULL); - - p11_library_init_once (); - - p11_lock (); - - p11_message_clear (); - - if (gl.modules) { - mod = module_for_functions_inlock (module); - if (mod && mod->name) - name = strdup (mod->name); - } - - p11_unlock (); - - return name; -} - -/** - * p11_kit_module_get_filename: - * @module: pointer to a loaded module - * - * Get the configured name of the PKCS\#11 module. - * - * Configured modules are loaded by p11_kit_modules_load(). The module - * passed to this function can be either managed or unmanaged. Non - * configured modules will return %NULL. - * - * Use free() to release the return value when you're done with it. - * - * Returns: a newly allocated string containing the module name, or - * NULL if the module is not a configured module - */ -char * -p11_kit_module_get_filename (CK_FUNCTION_LIST *module) -{ - Module *mod; - char *name = NULL; - - return_val_if_fail (module != NULL, NULL); - - p11_library_init_once (); - - p11_lock (); - - p11_message_clear (); - - if (gl.modules) { - mod = module_for_functions_inlock (module); - if (mod && mod->filename) - name = strdup (mod->filename); - } - - p11_unlock (); - - return name; -} - -static const char * -module_get_option_inlock (Module *mod, - const char *option) -{ - p11_dict *config; - - if (mod == NULL) - config = gl.config; - else - config = mod->config; - if (config == NULL) - return NULL; - return p11_dict_get (config, option); -} - -/** - * p11_kit_module_get_flags: - * @module: the module - * - * Get the flags for this module. - * - * The %P11_KIT_MODULE_UNMANAGED flag will be set if the module is not - * managed by p11-kit. It is a raw PKCS\#11 module function list. - * - * The %P11_KIT_MODULE_CRITICAL flag will be set if the module is configured - * to be critical, and not be skipped over if it fails to initialize or - * load. This flag is also set for modules that are not configured, but have - * been loaded in another fashion. - * - * Returns: the flags for the module - */ -int -p11_kit_module_get_flags (CK_FUNCTION_LIST *module) -{ - const char *trusted; - Module *mod; - int flags = 0; - - return_val_if_fail (module != NULL, 0); - - p11_library_init_once (); - - p11_lock (); - - p11_message_clear (); - - if (gl.modules) { - if (p11_virtual_is_wrapper (module)) { - mod = p11_dict_get (gl.managed_by_closure, module); - } else { - flags |= P11_KIT_MODULE_UNMANAGED; - mod = p11_dict_get (gl.unmanaged_by_funcs, module); - } - if (!mod || mod->critical) - flags |= P11_KIT_MODULE_CRITICAL; - if (mod) { - trusted = module_get_option_inlock (mod, "trust-policy"); - if (_p11_conf_parse_boolean (trusted, false)) - flags |= P11_KIT_MODULE_TRUSTED; - } - } - - p11_unlock (); - - return flags; -} - -/** - * p11_kit_registered_name_to_module: - * @name: name of a registered module - * - * Lookup a registered PKCS\#11 module by its name. This name is specified by - * the registered module configuration. - * - * Deprecated: Since 0.19.0: Use p11_kit_module_for_name() instead. - * - * Returns: a pointer to a PKCS\#11 module, or NULL if this name was - * not found. - */ -CK_FUNCTION_LIST_PTR -p11_kit_registered_name_to_module (const char *name) -{ - CK_FUNCTION_LIST_PTR module = NULL; - CK_FUNCTION_LIST_PTR funcs; - p11_dictiter iter; - Module *mod; - - return_val_if_fail (name != NULL, NULL); - - p11_lock (); - - p11_message_clear (); - - if (gl.modules) { - - assert (name); - - p11_dict_iterate (gl.unmanaged_by_funcs, &iter); - while (p11_dict_next (&iter, (void **)&funcs, (void **)&mod)) { - if (mod->ref_count && mod->name && strcmp (name, mod->name) == 0) { - module = funcs; - break; - } - } - } - - p11_unlock (); - - return module; -} - -/** - * p11_kit_module_for_name: - * @modules: a list of modules to look through - * @name: the name of the module to find - * - * Look through the list of @modules and return the module whose @name - * matches. - * - * Only configured modules have names. Configured modules are loaded by - * p11_kit_modules_load(). The module passed to this function can be either - * managed or unmanaged. - * - * The return value is not copied or duplicated in anyway. It is still - * 'owned' by the @modules list. - * - * Returns: the module which matches the name, or %NULL if no match. - */ -CK_FUNCTION_LIST * -p11_kit_module_for_name (CK_FUNCTION_LIST **modules, - const char *name) -{ - CK_FUNCTION_LIST *ret = NULL; - Module *mod; - int i; - - return_val_if_fail (name != NULL, NULL); - - if (!modules) - return NULL; - - p11_library_init_once (); - - p11_lock (); - - p11_message_clear (); - - for (i = 0; gl.modules && modules[i] != NULL; i++) { - mod = module_for_functions_inlock (modules[i]); - if (mod && mod->name && strcmp (mod->name, name) == 0) { - ret = modules[i]; - break; - } - } - - p11_unlock (); - - return ret; -} - -/** - * p11_kit_registered_option: - * @module: a pointer to a registered module - * @field: the name of the option to lookup. - * - * Lookup a configured option for a registered PKCS\#11 module. If a - * NULL module argument is specified, then this will lookup - * the configuration option in the global config file. - * - * Deprecated: Since 0.19.0: Use p11_kit_config_option() instead. - * - * Returns: A newly allocated string containing the option value, or - * NULL if the registered module or the option were not found. - * Use free() to free the returned string. - */ -char* -p11_kit_registered_option (CK_FUNCTION_LIST_PTR module, const char *field) -{ - Module *mod = NULL; - char *option = NULL; - const char *value; - - return_val_if_fail (field != NULL, NULL); - - p11_library_init_once (); - - p11_lock (); - - p11_message_clear (); - - if (module == NULL) - mod = NULL; - else - mod = gl.unmanaged_by_funcs ? p11_dict_get (gl.unmanaged_by_funcs, module) : NULL; - - value = module_get_option_inlock (mod, field); - if (value) - option = strdup (value); - - p11_unlock (); - - return option; -} - -/** - * p11_kit_config_option: - * @module: the module to retrieve the option for, or %NULL for global options - * @option: the option to retrieve - * - * Retrieve the value for a configured option. - * - * If @module is %NULL, then the global option with the given name will - * be retrieved. Otherwise @module should point to a configured loaded module. - * If no such @option or configured @module exists, then %NULL will be returned. - * - * Use free() to release the returned value. - * - * Returns: the option value or %NULL - */ -char * -p11_kit_config_option (CK_FUNCTION_LIST *module, - const char *option) -{ - Module *mod = NULL; - const char *value = NULL; - char *ret = NULL; - - return_val_if_fail (option != NULL, NULL); - - p11_library_init_once (); - - p11_lock (); - - p11_message_clear (); - - if (gl.modules) { - if (module != NULL) { - mod = module_for_functions_inlock (module); - if (mod == NULL) - goto cleanup; - } - - value = module_get_option_inlock (mod, option); - if (value) - ret = strdup (value); - } - - -cleanup: - p11_unlock (); - return ret; -} - -typedef struct { - p11_virtual virt; - Module *mod; - unsigned int initialized; - p11_dict *sessions; -} Managed; - -static CK_RV -managed_C_Initialize (CK_X_FUNCTION_LIST *self, - CK_VOID_PTR init_args) -{ - Managed *managed = ((Managed *)self); - p11_dict *sessions; - CK_RV rv; - - p11_debug ("in"); - p11_lock (); - - if (managed->initialized == p11_forkid) { - rv = CKR_CRYPTOKI_ALREADY_INITIALIZED; - - } else { - sessions = p11_dict_new (p11_dict_ulongptr_hash, - p11_dict_ulongptr_equal, - free, free); - if (!sessions) - rv = CKR_HOST_MEMORY; - else - rv = initialize_module_inlock_reentrant (managed->mod, init_args); - if (rv == CKR_OK) { - if (managed->sessions) - p11_dict_free (managed->sessions); - managed->sessions = sessions; - managed->initialized = p11_forkid; - } else { - p11_dict_free (sessions); - } - } - - p11_unlock (); - p11_debug ("out: %lu", rv); - - return rv; -} - -static CK_RV -managed_track_session_inlock (p11_dict *sessions, - CK_SLOT_ID slot_id, - CK_SESSION_HANDLE session) -{ - void *key; - void *value; - - key = memdup (&session, sizeof (CK_SESSION_HANDLE)); - return_val_if_fail (key != NULL, CKR_HOST_MEMORY); - - value = memdup (&slot_id, sizeof (CK_SESSION_HANDLE)); - return_val_if_fail (value != NULL, CKR_HOST_MEMORY); - - if (!p11_dict_set (sessions, key, value)) - return_val_if_reached (CKR_HOST_MEMORY); - - return CKR_OK; -} - -static void -managed_untrack_session_inlock (p11_dict *sessions, - CK_SESSION_HANDLE session) -{ - p11_dict_remove (sessions, &session); -} - -static CK_SESSION_HANDLE * -managed_steal_sessions_inlock (p11_dict *sessions, - bool matching_slot_id, - CK_SLOT_ID slot_id, - int *count) -{ - CK_SESSION_HANDLE *stolen; - CK_SESSION_HANDLE *key; - CK_SLOT_ID *value; - p11_dictiter iter; - int at, i; - - assert (sessions != NULL); - assert (count != NULL); - - stolen = calloc (p11_dict_size (sessions), sizeof (CK_SESSION_HANDLE)); - return_val_if_fail (stolen != NULL, NULL); - - at = 0; - p11_dict_iterate (sessions, &iter); - while (p11_dict_next (&iter, (void **)&key, (void **)&value)) { - if (!matching_slot_id || slot_id == *value) - stolen[at++] = *key; - } - - /* Removed them all, clear the whole array */ - if (at == p11_dict_size (sessions)) { - p11_dict_clear (sessions); - - /* Only removed some, go through and remove those */ - } else { - for (i = 0; i < at; i++) { - if (!p11_dict_remove (sessions, stolen + at)) - assert_not_reached (); - } - } - - *count = at; - return stolen; -} - -static void -managed_close_sessions (CK_X_FUNCTION_LIST *funcs, - CK_SESSION_HANDLE *stolen, - int count) -{ - CK_RV rv; - int i; - - for (i = 0; i < count; i++) { - rv = funcs->C_CloseSession (funcs, stolen[i]); - if (rv != CKR_OK) - p11_message ("couldn't close session: %s", p11_kit_strerror (rv)); - } -} - -static CK_RV -managed_C_Finalize (CK_X_FUNCTION_LIST *self, - CK_VOID_PTR reserved) -{ - Managed *managed = ((Managed *)self); - CK_SESSION_HANDLE *sessions; - int count; - CK_RV rv; - - p11_debug ("in"); - p11_lock (); - - if (managed->initialized == 0) { - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - - } else if (managed->initialized != p11_forkid) { - /* - * In theory we should be returning CKR_CRYPTOKI_NOT_INITIALIZED here - * but enough callers are not completely aware of their forking. - * So we just clean up any state we have, rather than forcing callers - * to initialize just to finalize. - */ - p11_debug ("finalizing module in wrong process, skipping C_Finalize"); - rv = CKR_OK; - - } else { - sessions = managed_steal_sessions_inlock (managed->sessions, false, 0, &count); - - if (sessions && count) { - /* WARNING: reentrancy can occur here */ - p11_unlock (); - managed_close_sessions (&managed->mod->virt.funcs, sessions, count); - p11_lock (); - } - - free (sessions); - - /* WARNING: reentrancy can occur here */ - rv = finalize_module_inlock_reentrant (managed->mod); - } - - if (rv == CKR_OK) { - managed->initialized = 0; - p11_dict_free (managed->sessions); - managed->sessions = NULL; - } - - p11_unlock (); - p11_debug ("out: %lu", rv); - - return rv; -} - -static CK_RV -managed_C_OpenSession (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_FLAGS flags, - CK_VOID_PTR application, - CK_NOTIFY notify, - CK_SESSION_HANDLE_PTR session) -{ - Managed *managed = ((Managed *)self); - CK_RV rv; - - return_val_if_fail (session != NULL, CKR_ARGUMENTS_BAD); - - self = &managed->mod->virt.funcs; - rv = self->C_OpenSession (self, slot_id, flags, application, notify, session); - - if (rv == CKR_OK) { - p11_lock (); - rv = managed_track_session_inlock (managed->sessions, slot_id, *session); - p11_unlock (); - } - - return rv; -} - -static CK_RV -managed_C_CloseSession (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session) -{ - Managed *managed = ((Managed *)self); - CK_RV rv; - - self = &managed->mod->virt.funcs; - rv = self->C_CloseSession (self, session); - - if (rv == CKR_OK) { - p11_lock (); - managed_untrack_session_inlock (managed->sessions, session); - p11_unlock (); - } - - return rv; -} - -static CK_RV -managed_C_CloseAllSessions (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id) -{ - Managed *managed = ((Managed *)self); - CK_SESSION_HANDLE *stolen; - int count; - - p11_lock (); - stolen = managed_steal_sessions_inlock (managed->sessions, true, slot_id, &count); - p11_unlock (); - - self = &managed->mod->virt.funcs; - managed_close_sessions (self, stolen, count); - if (stolen) { - free (stolen); - return CKR_OK; - } else { - return CKR_GENERAL_ERROR; - } - -} - -static void -managed_free_inlock (void *data) -{ - Managed *managed = data; - managed->mod->ref_count--; - free (managed); -} - -static p11_virtual * -managed_create_inlock (Module *mod) -{ - Managed *managed; - - managed = calloc (1, sizeof (Managed)); - return_val_if_fail (managed != NULL, NULL); - - p11_virtual_init (&managed->virt, &p11_virtual_stack, - &mod->virt, NULL); - managed->virt.funcs.C_Initialize = managed_C_Initialize; - managed->virt.funcs.C_Finalize = managed_C_Finalize; - managed->virt.funcs.C_CloseAllSessions = managed_C_CloseAllSessions; - managed->virt.funcs.C_CloseSession = managed_C_CloseSession; - managed->virt.funcs.C_OpenSession = managed_C_OpenSession; - managed->mod = mod; - mod->ref_count++; - - return &managed->virt; -} - -static bool -lookup_managed_option (Module *mod, - bool supported, - const char *option, - bool def_value) -{ - const char *string; - bool value; - - string = module_get_option_inlock (NULL, option); - if (!string) - string = module_get_option_inlock (mod, option); - if (!string) { - if (!supported) - return false; - return def_value; - } - - value = _p11_conf_parse_boolean (string, def_value); - - if (!supported && value != supported) { - if (!p11_virtual_can_wrap ()) { - /* - * This is because libffi dependency was not built. The libffi dependency - * is highly recommended and building without it results in a large loss - * of functionality. - */ - p11_message ("the '%s' option for module '%s' is not supported on this system", - option, mod->name); - } else { - /* - * This is because the module is running in unmanaged mode, so turn off the - */ - p11_message ("the '%s' option for module '%s' is only supported for managed modules", - option, mod->name); - } - return false; - } - - return value; -} - -static CK_RV -release_module_inlock_rentrant (CK_FUNCTION_LIST *module, - const char *caller_func) -{ - Module *mod; - - assert (module != NULL); - - /* See if a managed module, and finalize if so */ - if (p11_virtual_is_wrapper (module)) { - mod = p11_dict_get (gl.managed_by_closure, module); - if (mod != NULL) { - if (!p11_dict_remove (gl.managed_by_closure, module)) - assert_not_reached (); - p11_virtual_unwrap (module); - } - - /* If an unmanaged module then caller should have finalized */ - } else { - mod = p11_dict_get (gl.unmanaged_by_funcs, module); - } - - if (mod == NULL) { - p11_debug_precond ("invalid module pointer passed to %s", caller_func); - return CKR_ARGUMENTS_BAD; - } - - /* Matches the ref in prepare_module_inlock_reentrant() */ - mod->ref_count--; - return CKR_OK; -} - -CK_RV -p11_modules_release_inlock_reentrant (CK_FUNCTION_LIST **modules) -{ - CK_RV ret = CKR_OK; - CK_RV rv; - int i; - - for (i = 0; modules[i] != NULL; i++) { - rv = release_module_inlock_rentrant (modules[i], __PRETTY_FUNCTION__); - if (rv != CKR_OK) - ret = rv; - } - - free (modules); - - /* In case nothing loaded, free up internal memory */ - free_modules_when_no_refs_unlocked (); - - return ret; -} - -static CK_RV -prepare_module_inlock_reentrant (Module *mod, - int flags, - CK_FUNCTION_LIST **module) -{ - p11_destroyer destroyer; - const char *trusted; - p11_virtual *virt; - bool is_managed; - bool with_log; - - assert (module != NULL); - - if (flags & P11_KIT_MODULE_TRUSTED) { - trusted = module_get_option_inlock (mod, "trust-policy"); - if (!_p11_conf_parse_boolean (trusted, false)) - return CKR_FUNCTION_NOT_SUPPORTED; - } - - if (flags & P11_KIT_MODULE_UNMANAGED) { - is_managed = false; - with_log = false; - } else { - is_managed = lookup_managed_option (mod, p11_virtual_can_wrap (), "managed", true); - with_log = lookup_managed_option (mod, is_managed, "log-calls", false); - } - - if (is_managed) { - virt = managed_create_inlock (mod); - return_val_if_fail (virt != NULL, CKR_HOST_MEMORY); - destroyer = managed_free_inlock; - - /* Add the logger if configured */ - if (p11_log_force || with_log) { - virt = p11_log_subclass (virt, destroyer); - destroyer = p11_log_release; - } - - *module = p11_virtual_wrap (virt, destroyer); - return_val_if_fail (*module != NULL, CKR_GENERAL_ERROR); - - if (!p11_dict_set (gl.managed_by_closure, *module, mod)) - return_val_if_reached (CKR_HOST_MEMORY); - - } else { - *module = unmanaged_for_module_inlock (mod); - if (*module == NULL) - return CKR_FUNCTION_NOT_SUPPORTED; - } - - /* Matches the deref in release_module_inlock_rentrant() */ - mod->ref_count++; - return CKR_OK; -} - -CK_RV -p11_modules_load_inlock_reentrant (int flags, - CK_FUNCTION_LIST ***results) -{ - CK_FUNCTION_LIST **modules; - Module *mod; - p11_dictiter iter; - CK_RV rv; - int at; - - rv = init_globals_unlocked (); - if (rv != CKR_OK) - return rv; - - rv = load_registered_modules_unlocked (); - if (rv != CKR_OK) - return rv; - - modules = calloc (p11_dict_size (gl.modules) + 1, sizeof (CK_FUNCTION_LIST *)); - return_val_if_fail (modules != NULL, CKR_HOST_MEMORY); - - at = 0; - rv = CKR_OK; - - p11_dict_iterate (gl.modules, &iter); - while (p11_dict_next (&iter, NULL, (void **)&mod)) { - - /* - * We don't include unreferenced modules. We don't include - * modules that have been initialized but aren't in the - * registry. These have a NULL name. - * - * In addition we check again that the module isn't disabled - * using enable-in or disable-in. This is because a caller - * can change the progname we recognize the process as after - * having initialized. This is a corner case, but want to make - * sure to cover it. - */ - if (!mod->name || !is_module_enabled_unlocked (mod->name, mod->config)) - continue; - - rv = prepare_module_inlock_reentrant (mod, flags, modules + at); - if (rv == CKR_OK) - at++; - else if (rv == CKR_FUNCTION_NOT_SUPPORTED) - rv = CKR_OK; - else - break; - } - - modules[at] = NULL; - - if (rv != CKR_OK) { - p11_modules_release_inlock_reentrant (modules); - return rv; - } - - sort_modules_by_priority (modules, at); - *results = modules; - return CKR_OK; -} - -/** - * p11_kit_modules_load: - * @reserved: set to %NULL - * @flags: flags to use to load the module - * - * Load the configured PKCS\#11 modules. - * - * If @flags contains the %P11_KIT_MODULE_UNMANAGED flag, then the - * modules will be not be loaded in 'managed' mode regardless of its - * configuration. This is not recommended for general usage. - * - * If @flags contains the %P11_KIT_MODULE_CRITICAL flag then the - * modules will all be treated as 'critical', regardless of the module - * configuration. This means that a failure to load any module will - * cause this function to fail. - * - * For unmanaged modules there is no guarantee to the state of the - * modules. Other callers may be using the modules. Using unmanaged - * modules haphazardly is not recommended for this reason. Some - * modules (such as those configured with RPC) cannot be loaded in - * unmanaged mode, and will be skipped. - * - * Use p11_kit_modules_release() to release the modules returned by - * this function. - * - * If this function fails, then an error message will be available via the - * p11_kit_message() function. - * - * Returns: a null terminated list of modules represented as PKCS\#11 - * function lists, or %NULL on failure - */ -CK_FUNCTION_LIST ** -p11_kit_modules_load (const char *reserved, - int flags) -{ - CK_FUNCTION_LIST **modules; - CK_RV rv; - - /* progname attribute not implemented yet */ - return_val_if_fail (reserved == NULL, NULL); - - p11_library_init_once (); - - /* WARNING: This function must be reentrant */ - p11_debug ("in"); - - p11_lock (); - - p11_message_clear (); - - /* WARNING: Reentrancy can occur here */ - rv = p11_modules_load_inlock_reentrant (flags, &modules); - - p11_unlock (); - - if (rv != CKR_OK) - modules = NULL; - - p11_debug ("out: %s", modules ? "success" : "fail"); - return modules; -} - -/** - * p11_kit_modules_initialize: - * @modules: a %NULL terminated list of modules - * @failure_callback: called with modules that fail to initialize - * - * Initialize all the modules in the @modules list by calling their - * C_Initialize function. - * - * For managed modules the C_Initialize function - * is overridden so that multiple callers can initialize the same - * modules. In addition for managed modules multiple callers can - * initialize from different threads, and still guarantee consistent - * thread-safe behavior. - * - * For unmanaged modules if multiple callers try to initialize - * a module, then one of the calls will return - * CKR_CRYPTOKI_ALREADY_INITIALIZED according to the - * PKCS\#11 specification. In addition there are no guarantees that - * thread-safe behavior will occur if multiple callers initialize from - * different threads. - * - * When a module fails to initialize it is removed from the @modules list. - * If the @failure_callback is not %NULL then it is called with the modules that - * fail to initialize. For example, you may pass p11_kit_module_release() - * as a @failure_callback if the @modules list was loaded wit p11_kit_modules_load(). - * - * The return value will return the failure code of the last critical - * module that failed to initialize. Non-critical module failures do not affect - * the return value. If no critical modules failed to initialize then the - * return value will be CKR_OK. - * - * When modules are removed, the list will be %NULL terminated at the - * appropriate place so it can continue to be used as a modules list. - * - * This function does not accept a CK_C_INITIALIZE_ARGS argument. - * Custom initialization arguments cannot be supported when multiple consumers - * load the same module. - * - * Returns: CKR_OK or the failure code of the last critical - * module that failed to initialize. - */ -CK_RV -p11_kit_modules_initialize (CK_FUNCTION_LIST **modules, - p11_kit_destroyer failure_callback) -{ - CK_RV ret = CKR_OK; - CK_RV rv; - bool critical; - char *name; - int i, out; - - return_val_if_fail (modules != NULL, CKR_ARGUMENTS_BAD); - - for (i = 0, out = 0; modules[i] != NULL; i++, out++) { - rv = modules[i]->C_Initialize (NULL); - if (rv != CKR_OK) { - name = p11_kit_module_get_name (modules[i]); - if (name == NULL) - name = strdup ("(unknown)"); - return_val_if_fail (name != NULL, CKR_HOST_MEMORY); - critical = (p11_kit_module_get_flags (modules[i]) & P11_KIT_MODULE_CRITICAL); - p11_message ("%s: module failed to initialize%s: %s", - name, critical ? "" : ", skipping", p11_kit_strerror (rv)); - if (critical) - ret = rv; - if (failure_callback) - failure_callback (modules[i]); - out--; - free (name); - } else { - modules[out] = modules[i]; - } - } - - /* NULL terminate after above changes */ - modules[out] = NULL; - return ret; -} - -/** - * p11_kit_modules_load_and_initialize: - * @flags: flags to use to load the modules - * - * Load and initialize configured modules. - * - * If a critical module fails to load or initialize then the function will - * return NULL. Non-critical modules will be skipped - * and not included in the returned module list. - * - * Use p11_kit_modules_finalize_and_release() when you're done with the - * modules returned by this function. - * - * Returns: a NULL terminated list of modules, or - * NULL on failure - */ -CK_FUNCTION_LIST ** -p11_kit_modules_load_and_initialize (int flags) -{ - CK_FUNCTION_LIST **modules; - CK_RV rv; - - modules = p11_kit_modules_load (NULL, flags); - if (modules == NULL) - return NULL; - - rv = p11_kit_modules_initialize (modules, (p11_destroyer)p11_kit_module_release); - if (rv != CKR_OK) { - p11_kit_modules_release (modules); - modules = NULL; - } - - return modules; -} - -/** - * p11_kit_modules_finalize: - * @modules: a NULL terminated list of modules - * - * Finalize each module in the @modules list by calling its - * C_Finalize function. Regardless of failures, all - * @modules will have their C_Finalize function called. - * - * If a module returns a failure from its C_Finalize - * method it will be returned. If multiple modules fail, the last failure - * will be returned. - * - * For managed modules the C_Finalize function - * is overridden so that multiple callers can finalize the same - * modules. In addition for managed modules multiple callers can - * finalize from different threads, and still guarantee consistent - * thread-safe behavior. - * - * For unmanaged modules if multiple callers try to finalize - * a module, then one of the calls will return - * CKR_CRYPTOKI_NOT_INITIALIZED according to the - * PKCS\#11 specification. In addition there are no guarantees that - * thread-safe behavior will occur if multiple callers finalize from - * different threads. - * - * Returns: CKR_OK or the failure code of the last - * module that failed to finalize - */ -CK_RV -p11_kit_modules_finalize (CK_FUNCTION_LIST **modules) -{ - CK_RV ret = CKR_OK; - CK_RV rv; - char *name; - int i; - - return_val_if_fail (modules != NULL, CKR_ARGUMENTS_BAD); - - for (i = 0; modules[i] != NULL; i++) { - rv = modules[i]->C_Finalize (NULL); - if (rv != CKR_OK) { - name = p11_kit_module_get_name (modules[i]); - p11_message ("%s: module failed to finalize: %s", - name ? name : "(unknown)", p11_kit_strerror (rv)); - free (name); - ret = rv; - } - } - - return ret; -} - -/** - * p11_kit_modules_release: - * @modules: the modules to release - * - * Release the a set of loaded PKCS\#11 modules. - * - * The modules may be either managed or unmanaged. The array containing - * the module pointers is also freed by this function. - * - * Managed modules will not be actually released until all - * callers using them have done so. If the modules were initialized, they - * should have been finalized first. - */ -void -p11_kit_modules_release (CK_FUNCTION_LIST **modules) -{ - p11_library_init_once (); - - return_if_fail (modules != NULL); - - /* WARNING: This function must be reentrant */ - p11_debug ("in"); - - p11_lock (); - - p11_message_clear (); - p11_modules_release_inlock_reentrant (modules); - - p11_unlock (); - - p11_debug ("out"); -} - -/** - * p11_kit_modules_finalize_and_release: - * @modules: the modules to release - * - * Finalize and then release the a set of loaded PKCS\#11 modules. - * - * The modules may be either managed or unmanaged. The array containing - * the module pointers is also freed by this function. - * - * Modules are released even if their finalization returns an error code. - * Managed modules will not be actually finalized or released until all - * callers using them have done so. - * - * For managed modules the C_Finalize function - * is overridden so that multiple callers can finalize the same - * modules. In addition for managed modules multiple callers can - * finalize from different threads, and still guarantee consistent - * thread-safe behavior. - * - * For unmanaged modules if multiple callers try to finalize - * a module, then one of the calls will return - * CKR_CRYPTOKI_NOT_INITIALIZED according to the - * PKCS\#11 specification. In addition there are no guarantees that - * thread-safe behavior will occur if multiple callers initialize from - * different threads. - */ -void -p11_kit_modules_finalize_and_release (CK_FUNCTION_LIST **modules) -{ - return_if_fail (modules != NULL); - p11_kit_modules_finalize (modules); - p11_kit_modules_release (modules); -} - -/** - * p11_kit_initialize_module: - * @module: loaded module to initialize. - * - * Initialize an arbitrary PKCS\#11 module. Normally using the - * p11_kit_initialize_registered() is preferred. - * - * Using this function to initialize modules allows coordination between - * multiple users of the same module in a single process. It should be called - * on modules that have been loaded (with dlopen() for example) but not yet - * initialized. The caller should not yet have called the module's - * C_Initialize method. This function will call - * C_Initialize as necessary. - * - * Subsequent calls to this function for the same module will result in an - * initialization count being incremented for the module. It is safe (although - * usually unnecessary) to use this function on registered modules. - * - * The module must be finalized with p11_kit_finalize_module() instead of - * calling its C_Finalize method directly. - * - * This function does not accept a CK_C_INITIALIZE_ARGS argument. - * Custom initialization arguments cannot be supported when multiple consumers - * load the same module. - * - * If this function fails, then an error message will be available via the - * p11_kit_message() function. - * - * Deprecated: Since 0.19.0: Use p11_kit_module_initialize() instead. - * - * Returns: CKR_OK if the initialization was successful. - */ -CK_RV -p11_kit_initialize_module (CK_FUNCTION_LIST_PTR module) -{ - CK_FUNCTION_LIST_PTR result; - Module *mod; - int flags; - CK_RV rv; - - return_val_if_fail (module != NULL, CKR_ARGUMENTS_BAD); - - p11_library_init_once (); - - /* WARNING: This function must be reentrant for the same arguments */ - p11_debug ("in"); - - p11_lock (); - - p11_message_clear (); - - flags = P11_KIT_MODULE_CRITICAL | P11_KIT_MODULE_UNMANAGED; - rv = p11_module_load_inlock_reentrant (module, flags, &result); - - /* An unmanaged module should return the same pointer */ - assert (rv != CKR_OK || result == module); - - if (rv == CKR_OK) { - mod = p11_dict_get (gl.unmanaged_by_funcs, module); - assert (mod != NULL); - rv = initialize_module_inlock_reentrant (mod, NULL); - if (rv != CKR_OK) { - p11_message ("module initialization failed: %s", p11_kit_strerror (rv)); - p11_module_release_inlock_reentrant (module); - } - } - - p11_unlock (); - - p11_debug ("out: %lu", rv); - return rv; -} - -CK_RV -p11_module_load_inlock_reentrant (CK_FUNCTION_LIST *module, - int flags, - CK_FUNCTION_LIST **result) -{ - Module *allocated = NULL; - Module *mod; - CK_RV rv = CKR_OK; - - rv = init_globals_unlocked (); - if (rv == CKR_OK) { - - mod = p11_dict_get (gl.unmanaged_by_funcs, module); - if (mod == NULL) { - p11_debug ("allocating new module"); - allocated = mod = alloc_module_unlocked (); - return_val_if_fail (mod != NULL, CKR_HOST_MEMORY); - p11_virtual_init (&mod->virt, &p11_virtual_base, module, NULL); - } - - /* If this was newly allocated, add it to the list */ - if (allocated) { - if (!p11_dict_set (gl.modules, allocated, allocated) || - !p11_dict_set (gl.unmanaged_by_funcs, module, allocated)) - return_val_if_reached (CKR_HOST_MEMORY); - allocated = NULL; - } - - /* WARNING: Reentrancy can occur here */ - rv = prepare_module_inlock_reentrant (mod, flags, result); - - free (allocated); - } - - /* - * If initialization failed, we may need to cleanup. - * If we added this module above, then this will - * clean things up as expected. - */ - if (rv != CKR_OK) - free_modules_when_no_refs_unlocked (); - - _p11_kit_default_message (rv); - return rv; -} - -/** - * p11_kit_module_load: - * @module_path: relative or full file path of module library - * @flags: flags to use when loading the module - * - * Load an arbitrary PKCS\#11 module from a dynamic library file, and - * initialize it. Normally using the p11_kit_modules_load() function - * is preferred. - * - * A full file path or just (path/)filename relative to - * P11_MODULE_PATH are accepted. - * - * Using this function to load modules allows coordination between multiple - * callers of the same module in a single process. If @flags contains the - * %P11_KIT_MODULE_UNMANAGED flag, then the modules will be not be loaded - * in 'managed' mode and not be coordinated. This is not recommended - * for general usage. - * - * Subsequent calls to this function for the same module will result in an - * initialization count being incremented for the module. It is safe (although - * usually unnecessary) to use this function on registered modules. - * - * The module should be released with p11_kit_module_release(). - * - * If this function fails, then an error message will be available via the - * p11_kit_message() function. - * - * Returns: the loaded module PKCS\#11 functions or %NULL on failure - */ -CK_FUNCTION_LIST * -p11_kit_module_load (const char *module_path, - int flags) -{ - CK_FUNCTION_LIST *module = NULL; - CK_RV rv; - Module *mod; - - return_val_if_fail (module_path != NULL, NULL); - - p11_library_init_once (); - - /* WARNING: This function must be reentrant for the same arguments */ - p11_debug ("in: %s", module_path); - - p11_lock (); - - p11_message_clear (); - - rv = init_globals_unlocked (); - if (rv == CKR_OK) { - - rv = load_module_from_file_inlock (NULL, module_path, &mod); - if (rv == CKR_OK) { - /* WARNING: Reentrancy can occur here */ - rv = prepare_module_inlock_reentrant (mod, flags, &module); - if (rv != CKR_OK) - module = NULL; - } - } - - /* - * If initialization failed, we may need to cleanup. - * If we added this module above, then this will - * clean things up as expected. - */ - if (rv != CKR_OK) - free_modules_when_no_refs_unlocked (); - - p11_unlock (); - - p11_debug ("out: %s", module ? "success" : "fail"); - return module; - -} - -/** - * p11_kit_finalize_module: - * @module: loaded module to finalize. - * - * Finalize an arbitrary PKCS\#11 module. The module must have been initialized - * using p11_kit_initialize_module(). In most cases callers will want to use - * p11_kit_finalize_registered() instead of this function. - * - * Using this function to finalize modules allows coordination between - * multiple users of the same module in a single process. The caller should not - * call the module's C_Finalize method. This function will call - * C_Finalize as necessary. - * - * If the module was initialized more than once, then this function will - * decrement an initialization count for the module. When the count reaches zero - * the module will be truly finalized. It is safe (although usually unnecessary) - * to use this function on registered modules if (and only if) they were - * initialized using p11_kit_initialize_module() for some reason. - * - * If this function fails, then an error message will be available via the - * p11_kit_message() function. - * - * Deprecated: Since 0.19.0: Use p11_kit_module_finalize() and - * p11_kit_module_release() instead. - * - * Returns: CKR_OK if the finalization was successful. - */ -CK_RV -p11_kit_finalize_module (CK_FUNCTION_LIST *module) -{ - Module *mod; - CK_RV rv = CKR_OK; - - return_val_if_fail (module != NULL, CKR_ARGUMENTS_BAD); - - p11_library_init_once (); - - /* WARNING: This function must be reentrant for the same arguments */ - p11_debug ("in"); - - p11_lock (); - - p11_message_clear (); - - mod = gl.unmanaged_by_funcs ? p11_dict_get (gl.unmanaged_by_funcs, module) : NULL; - if (mod == NULL) { - p11_debug ("module not found"); - rv = CKR_ARGUMENTS_BAD; - } else { - /* WARNING: Rentrancy can occur here */ - rv = finalize_module_inlock_reentrant (mod); - } - - _p11_kit_default_message (rv); - - p11_unlock (); - - p11_debug ("out: %lu", rv); - return rv; -} - -/** - * p11_kit_module_initialize: - * @module: the module to initialize - * - * Initialize a PKCS\#11 module by calling its C_Initialize - * function. - * - * For managed modules the C_Initialize function - * is overridden so that multiple callers can initialize the same - * modules. In addition for managed modules multiple callers can - * initialize from different threads, and still guarantee consistent - * thread-safe behavior. - * - * For unmanaged modules if multiple callers try to initialize - * a module, then one of the calls will return - * CKR_CRYPTOKI_ALREADY_INITIALIZED according to the - * PKCS\#11 specification. In addition there are no guarantees that - * thread-safe behavior will occur if multiple callers initialize from - * different threads. - * - * This function does not accept a CK_C_INITIALIZE_ARGS argument. - * Custom initialization arguments cannot be supported when multiple consumers - * load the same module. - * - * Returns: CKR_OK or a failure code - */ -CK_RV -p11_kit_module_initialize (CK_FUNCTION_LIST *module) -{ - char *name; - CK_RV rv; - - return_val_if_fail (module != NULL, CKR_ARGUMENTS_BAD); - - rv = module->C_Initialize (NULL); - if (rv != CKR_OK) { - name = p11_kit_module_get_name (module); - p11_message ("%s: module failed to initialize: %s", - name ? name : "(unknown)", p11_kit_strerror (rv)); - free (name); - } - - return rv; -} - -/** - * p11_kit_module_finalize: - * @module: the module to finalize - * - * Finalize a PKCS\#11 module by calling its C_Finalize - * function. - * - * For managed modules the C_Finalize function - * is overridden so that multiple callers can finalize the same - * modules. In addition for managed modules multiple callers can - * finalize from different threads, and still guarantee consistent - * thread-safe behavior. - * - * For unmanaged modules if multiple callers try to finalize - * a module, then one of the calls will return - * CKR_CRYPTOKI_NOT_INITIALIZED according to the - * PKCS\#11 specification. In addition there are no guarantees that - * thread-safe behavior will occur if multiple callers finalize from - * different threads. - * - * Returns: CKR_OK or a failure code - */ -CK_RV -p11_kit_module_finalize (CK_FUNCTION_LIST *module) -{ - char *name; - CK_RV rv; - - return_val_if_fail (module != NULL, CKR_ARGUMENTS_BAD); - - rv = module->C_Finalize (NULL); - if (rv != CKR_OK) { - name = p11_kit_module_get_name (module); - p11_message ("%s: module failed to finalize: %s", - name ? name : "(unknown)", p11_kit_strerror (rv)); - free (name); - } - - return rv; - -} - - -/** - * p11_kit_module_release: - * @module: the module to release - * - * Release the a loaded PKCS\#11 modules. - * - * The module may be either managed or unmanaged. The C_Finalize - * function will be called if no other callers are using this module. - */ -void -p11_kit_module_release (CK_FUNCTION_LIST *module) -{ - return_if_fail (module != NULL); - - p11_library_init_once (); - - /* WARNING: This function must be reentrant for the same arguments */ - p11_debug ("in"); - - p11_lock (); - - p11_message_clear (); - - release_module_inlock_rentrant (module, __PRETTY_FUNCTION__); - - p11_unlock (); - - p11_debug ("out"); -} - -CK_RV -p11_module_release_inlock_reentrant (CK_FUNCTION_LIST *module) -{ - return release_module_inlock_rentrant (module, __PRETTY_FUNCTION__); -} - -/** - * p11_kit_load_initialize_module: - * @module_path: full file path of module library - * @module: location to place loaded module pointer - * - * Load an arbitrary PKCS\#11 module from a dynamic library file, and - * initialize it. Normally using the p11_kit_initialize_registered() function - * is preferred. - * - * Using this function to load and initialize modules allows coordination between - * multiple users of the same module in a single process. The caller should not - * call the module's C_Initialize method. This function will call - * C_Initialize as necessary. - * - * If a module has already been loaded, then use of this function is unnecesasry. - * Instead use the p11_kit_initialize_module() function to initialize it. - * - * Subsequent calls to this function for the same module will result in an - * initialization count being incremented for the module. It is safe (although - * usually unnecessary) to use this function on registered modules. - * - * The module must be finalized with p11_kit_finalize_module() instead of - * calling its C_Finalize method directly. - * - * This function does not accept a CK_C_INITIALIZE_ARGS argument. - * Custom initialization arguments cannot be supported when multiple consumers - * load the same module. - * - * If this function fails, then an error message will be available via the - * p11_kit_message() function. - * - * Deprecated: Since 0.19.0: Use p11_kit_module_load() instead. - * - * Returns: CKR_OK if the initialization was successful. - */ -CK_RV -p11_kit_load_initialize_module (const char *module_path, - CK_FUNCTION_LIST_PTR_PTR module) -{ - Module *mod; - CK_RV rv = CKR_OK; - - return_val_if_fail (module_path != NULL, CKR_ARGUMENTS_BAD); - return_val_if_fail (module != NULL, CKR_ARGUMENTS_BAD); - - p11_library_init_once (); - - /* WARNING: This function must be reentrant for the same arguments */ - p11_debug ("in: %s", module_path); - - p11_lock (); - - p11_message_clear (); - - rv = init_globals_unlocked (); - if (rv == CKR_OK) { - - rv = load_module_from_file_inlock (NULL, module_path, &mod); - if (rv == CKR_OK) { - - /* WARNING: Reentrancy can occur here */ - rv = initialize_module_inlock_reentrant (mod, NULL); - } - } - - if (rv == CKR_OK && module) { - *module = unmanaged_for_module_inlock (mod); - assert (*module != NULL); - } - - /* - * If initialization failed, we may need to cleanup. - * If we added this module above, then this will - * clean things up as expected. - */ - if (rv != CKR_OK) - free_modules_when_no_refs_unlocked (); - - _p11_kit_default_message (rv); - - p11_unlock (); - - p11_debug ("out: %lu", rv); - return rv; -} diff --git a/p11-kit/modules.h b/p11-kit/modules.h deleted file mode 100644 index ca8dac3..0000000 --- a/p11-kit/modules.h +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef __P11_MODULES_H__ -#define __P11_MODULES_H__ - -#include "pkcs11.h" - -CK_RV p11_modules_load_inlock_reentrant (int flags, - CK_FUNCTION_LIST_PTR **results); - -CK_RV p11_modules_release_inlock_reentrant (CK_FUNCTION_LIST_PTR *modules); - -CK_RV p11_module_load_inlock_reentrant (CK_FUNCTION_LIST_PTR module, - int flags, - CK_FUNCTION_LIST_PTR *result); - -CK_RV p11_module_release_inlock_reentrant (CK_FUNCTION_LIST_PTR module); - -#endif /* __P11_MODULES_H__ */ diff --git a/p11-kit/p11-kit-1.pc.in b/p11-kit/p11-kit-1.pc.in deleted file mode 100644 index d0d378d..0000000 --- a/p11-kit/p11-kit-1.pc.in +++ /dev/null @@ -1,22 +0,0 @@ -prefix=@prefix@ -exec_prefix=@exec_prefix@ -libdir=@libdir@ -includedir=@includedir@ -datarootdir=@datarootdir@ -datadir=@datadir@ -pkgdatadir=@datadir@/p11-kit -sysconfdir=@sysconfdir@ -p11_module_configs=@p11_package_config_modules@ -p11_module_path=@p11_module_path@ -proxy_module=@libdir@/p11-kit-proxy.so - -# This is for compatibility. Other packages were using this to determine -# the directory they should install their module configs to, so override -# this and redirect them to the new location -p11_system_config_modules=@p11_package_config_modules@ - -Name: p11-kit -Description: Library and proxy module for properly loading and sharing PKCS#11 modules. -Version: @VERSION@ -Libs: -L${libdir} -lp11-kit -Cflags: -I${includedir}/p11-kit-1 diff --git a/p11-kit/p11-kit.c b/p11-kit/p11-kit.c deleted file mode 100644 index a7b9212..0000000 --- a/p11-kit/p11-kit.c +++ /dev/null @@ -1,135 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "compat.h" -#include "debug.h" -#include "message.h" -#include "path.h" -#include "p11-kit.h" - -#include -#include -#include -#include -#include -#include -#include -#include - -#include "tool.h" - -int p11_kit_list_modules (int argc, - char *argv[]); - -int p11_kit_trust (int argc, - char *argv[]); - -int p11_kit_external (int argc, - char *argv[]); - -static const p11_tool_command commands[] = { - { "list-modules", p11_kit_list_modules, "List modules and tokens" }, - { "remote", p11_kit_external, "Run a specific PKCS#11 module remotely" }, - { P11_TOOL_FALLBACK, p11_kit_external, NULL }, - { 0, } -}; - -int -p11_kit_trust (int argc, - char *argv[]) -{ - char **args; - - args = calloc (argc + 2, sizeof (char *)); - return_val_if_fail (args != NULL, 1); - - args[0] = BINDIR "/trust"; - memcpy (args + 1, argv, sizeof (char *) * argc); - args[argc + 1] = NULL; - - execv (args[0], args); - - /* At this point we have no command */ - p11_message_err (errno, "couldn't run trust tool"); - - free (args); - return 2; -} - -int -p11_kit_external (int argc, - char *argv[]) -{ - const char *private_dir; - char *filename; - char *path; - - /* These are trust commands, send them to that tool */ - if (strcmp (argv[0], "extract") == 0) { - return p11_kit_trust (argc, argv); - } else if (strcmp (argv[0], "extract-trust") == 0) { - argv[0] = "extract-compat"; - return p11_kit_trust (argc, argv); - } - - if (asprintf (&filename, "p11-kit-%s", argv[0]) < 0) - return_val_if_reached (1); - - private_dir = secure_getenv ("P11_KIT_PRIVATEDIR"); - if (!private_dir || !private_dir[0]) - private_dir = PRIVATEDIR; - - /* Add our libexec directory to the path */ - path = p11_path_build (private_dir, filename, NULL); - return_val_if_fail (path != NULL, 1); - - argv[argc] = NULL; - execv (path, argv); - - /* At this point we have no command */ - p11_message ("'%s' is not a valid command. See 'p11-kit --help'", argv[0]); - - free (filename); - free (path); - return 2; -} - -int -main (int argc, - char *argv[]) -{ - return p11_tool_main (argc, argv, commands); -} diff --git a/p11-kit/p11-kit.h b/p11-kit/p11-kit.h deleted file mode 100644 index a266c35..0000000 --- a/p11-kit/p11-kit.h +++ /dev/null @@ -1,122 +0,0 @@ -/* - * Copyright (c) 2011 Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef __P11_KIT_H__ -#define __P11_KIT_H__ - -#include "p11-kit/pkcs11.h" - -/* - * If the caller is using the PKCS#11 GNU calling convention, then we cater - * to that here. - */ -#ifdef CRYPTOKI_GNU -typedef ck_rv_t CK_RV; -typedef struct ck_function_list* CK_FUNCTION_LIST_PTR; -typedef struct ck_function_list CK_FUNCTION_LIST; -#endif - -#include "p11-kit/deprecated.h" - -#ifdef __cplusplus -extern "C" { -#endif - -enum { - P11_KIT_MODULE_UNMANAGED = 1 << 0, - P11_KIT_MODULE_CRITICAL = 1 << 1, - P11_KIT_MODULE_TRUSTED = 1 << 2, -}; - -typedef void (* p11_kit_destroyer) (void *data); - -CK_FUNCTION_LIST ** p11_kit_modules_load (const char *reserved, - int flags); - -CK_RV p11_kit_modules_initialize (CK_FUNCTION_LIST **modules, - p11_kit_destroyer failure_callback); - -CK_FUNCTION_LIST ** p11_kit_modules_load_and_initialize (int flags); - -CK_RV p11_kit_modules_finalize (CK_FUNCTION_LIST **modules); - -void p11_kit_modules_release (CK_FUNCTION_LIST **modules); - -void p11_kit_modules_finalize_and_release (CK_FUNCTION_LIST **modules); - -CK_FUNCTION_LIST * p11_kit_module_for_name (CK_FUNCTION_LIST **modules, - const char *name); - -char * p11_kit_module_get_filename (CK_FUNCTION_LIST *module); -char * p11_kit_module_get_name (CK_FUNCTION_LIST *module); - -int p11_kit_module_get_flags (CK_FUNCTION_LIST *module); - -CK_FUNCTION_LIST * p11_kit_module_load (const char *module_path, - int flags); - -CK_RV p11_kit_module_initialize (CK_FUNCTION_LIST *module); - -CK_RV p11_kit_module_finalize (CK_FUNCTION_LIST *module); - -void p11_kit_module_release (CK_FUNCTION_LIST *module); - -char * p11_kit_config_option (CK_FUNCTION_LIST *module, - const char *option); - -const char* p11_kit_strerror (CK_RV rv); - -size_t p11_kit_space_strlen (const unsigned char *string, - size_t max_length); - -char* p11_kit_space_strdup (const unsigned char *string, - size_t max_length); - -void p11_kit_be_quiet (void); - -void p11_kit_be_loud (void); - -#ifdef P11_KIT_FUTURE_UNSTABLE_API - -void p11_kit_set_progname (const char *progname); - -#endif - -const char * p11_kit_message (void); - -#ifdef __cplusplus -} /* extern "C" */ -#endif - -#endif /* __P11_KIT_H__ */ diff --git a/p11-kit/pin.c b/p11-kit/pin.c deleted file mode 100644 index 2fca6bc..0000000 --- a/p11-kit/pin.c +++ /dev/null @@ -1,704 +0,0 @@ -/* - * Copyright (C) 2011 Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#define P11_DEBUG_FLAG P11_DEBUG_PIN -#include "debug.h" -#include "dict.h" -#include "library.h" -#include "message.h" -#include "pkcs11.h" -#include "p11-kit.h" -#include "pin.h" -#include "private.h" -#include "array.h" - -#include -#include -#include -#include -#include -#include - -/** - * SECTION:p11-kit-pin - * @title: PIN Callbacks - * @short_description: PIN Callbacks - * - * Applications can register a callback which will be called to provide a - * password associated with a given pin source. - * - * PKCS\#11 URIs can contain a 'pin-source' attribute. The value of this attribute - * is application dependent, but often references a file containing a PIN to - * use. - * - * Using these functions, an applications or libraries can register a - * callback with p11_kit_pin_register_callback() to be called when a given - * 'pin-source' attribute value is requested. The application can then prompt - * the user or retrieve a PIN for the given context. These registered - * callbacks are only relevant and valid within the current process. - * - * A fallback callback can be registered by passing the %P11_KIT_PIN_FALLBACK - * value to p11_kit_pin_register_callback(). This fallback callback will be - * called for every 'pin-source' attribute request for which no callback has been - * directly registered. - * - * To request a PIN for a given 'pin-source' attribute, use the - * p11_kit_pin_request() function. If this function returns %NULL then either - * no callbacks were registered or none of them could handle the request. - * - * If multiple callbacks are registered for the same PIN source, then they are - * called in last-registered-first-called order. They are called in turn until - * one of them can handle the request. Fallback callbacks are not called if - * a callback was registered specifically for a requested 'pin-source' attribute. - * - * PINs themselves are handled inside of P11KitPin structures. These are thread - * safe and allow the callback to specify how the PIN is stored in memory - * and freed. A callback can use p11_kit_pin_new_for_string() or related - * functions to create a PIN to be returned. - * - * For example in order to handle the following PKCS\#11 URI with a 'pin-source' - * attribute - * - * - * pkcs11:id=\%69\%95\%3e\%5c\%f4\%bd\%ec\%91;pin-source=my-application - * - * - * an application could register a callback like this: - * - * - * static P11KitPin* - * my_application_pin_callback (const char *pin_source, P11KitUri *pin_uri, - * const char *pin_description, P11KitPinFlags pin_flags, - * void *callback_data) - * { - * return p11_kit_pin_new_from_string ("pin-value"); - * } - * - * p11_kit_pin_register_callback ("my-application", my_application_pin_callback, - * NULL, NULL); - * - */ - -/** - * P11KitPinFlags: - * @P11_KIT_PIN_FLAGS_USER_LOGIN: The PIN is for a PKCS\#11 user type login. - * @P11_KIT_PIN_FLAGS_SO_LOGIN: The PIN is for a PKCS\#11 security officer type login. - * @P11_KIT_PIN_FLAGS_CONTEXT_LOGIN: The PIN is for a PKCS\#11 contect specific type login. - * @P11_KIT_PIN_FLAGS_RETRY: The PIN is being requested again, due to an invalid previous PIN. - * @P11_KIT_PIN_FLAGS_MANY_TRIES: The PIN has failed too many times, and few tries are left. - * @P11_KIT_PIN_FLAGS_FINAL_TRY: The PIN has failed too many times, and this is the last try. - * - * Flags that are passed to p11_kit_pin_request() and registered callbacks. - */ - -/** - * P11_KIT_PIN_FALLBACK: - * - * Used with p11_kit_pin_register_callback() to register a fallback callback. - * This callback will be called if no other callback is registered for a 'pin-source'. - */ - -typedef struct _PinCallback { - /* Only used/modified within the lock */ - int refs; - - /* Readonly after construct */ - p11_kit_pin_callback func; - void *user_data; - p11_kit_pin_destroy_func destroy; -} PinCallback; - -/* - * Shared data between threads, protected by the mutex, a structure so - * we can audit thread safety easier. - */ -static struct _Shared { - p11_dict *pin_sources; -} gl = { NULL }; - -static void* -ref_pin_callback (void *pointer) -{ - PinCallback *cb = pointer; - cb->refs++; - return pointer; -} - -static void -unref_pin_callback (void *pointer) -{ - PinCallback *cb = pointer; - assert (cb->refs >= 1); - - cb->refs--; - if (cb->refs == 0) { - if (cb->destroy) - (cb->destroy) (cb->user_data); - free (cb); - } -} - -static bool -register_callback_unlocked (const char *pin_source, - PinCallback *cb) -{ - p11_array *callbacks = NULL; - char *name; - - name = strdup (pin_source); - return_val_if_fail (name != NULL, false); - - if (gl.pin_sources == NULL) { - gl.pin_sources = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, - free, (p11_destroyer)p11_array_free); - return_val_if_fail (gl.pin_sources != NULL, false); - } - - if (gl.pin_sources != NULL) - callbacks = p11_dict_get (gl.pin_sources, name); - - if (callbacks == NULL) { - callbacks = p11_array_new (unref_pin_callback); - return_val_if_fail (callbacks != NULL, false); - if (!p11_dict_set (gl.pin_sources, name, callbacks)) - return_val_if_reached (false); - name = NULL; - } - - if (!p11_array_push (callbacks, cb)) - return_val_if_reached (false); - - free (name); - return true; -} - -/** - * p11_kit_pin_register_callback: - * @pin_source: the 'pin-source' attribute this this callback is for - * @callback: the callback function - * @callback_data: data that will be passed to the callback - * @callback_destroy: a function that will be called with @callback_data when - * the callback is unregistered. - * - * Register a callback to handle PIN requests for a given 'pin-source' attribute. - * If @pin_source is set to P11_KIT_PIN_FALLBACK then this will be a fallback - * callback and will be called for requests for which no other callback has - * been specifically registered. - * - * If multiple callbacks are registered for the same @pin_source value, then - * the last registered callback will be the first to be called. - * - * Returns: Returns negative if registering fails. - */ -int -p11_kit_pin_register_callback (const char *pin_source, - p11_kit_pin_callback callback, - void *callback_data, - p11_kit_pin_destroy_func callback_destroy) -{ - PinCallback *cb; - bool ret; - - return_val_if_fail (pin_source != NULL, -1); - return_val_if_fail (callback != NULL, -1); - - cb = calloc (1, sizeof (PinCallback)); - return_val_if_fail (cb != NULL, -1); - - cb->refs = 1; - cb->func = callback; - cb->user_data = callback_data; - cb->destroy = callback_destroy; - - p11_lock (); - - ret = register_callback_unlocked (pin_source, cb); - - p11_unlock (); - - return ret ? 0 : -1; -} - -/** - * p11_kit_pin_unregister_callback: - * @pin_source: the 'pin-source' attribute the callback was registered for - * @callback: the callback function that was registered - * @callback_data: data that was registered for the callback - * - * Unregister a callback that was previously registered with the - * p11_kit_pin_register_callback() function. If more than one registered - * callback matches the given arguments, then only one of those will be - * removed. - */ -void -p11_kit_pin_unregister_callback (const char *pin_source, - p11_kit_pin_callback callback, - void *callback_data) -{ - PinCallback *cb; - p11_array *callbacks; - unsigned int i; - - return_if_fail (pin_source != NULL); - return_if_fail (callback != NULL); - - p11_lock (); - - if (gl.pin_sources) { - callbacks = p11_dict_get (gl.pin_sources, pin_source); - if (callbacks) { - for (i = 0; i < callbacks->num; i++) { - cb = callbacks->elem[i]; - if (cb->func == callback && cb->user_data == callback_data) { - p11_array_remove (callbacks, i); - break; - } - } - - if (callbacks->num == 0) - p11_dict_remove (gl.pin_sources, pin_source); - } - - /* When there are no more pin sources, get rid of the hash table */ - if (p11_dict_size (gl.pin_sources) == 0) { - p11_dict_free (gl.pin_sources); - gl.pin_sources = NULL; - } - } - - p11_unlock (); -} - -/** - * p11_kit_pin_request: - * @pin_source: the 'pin-source' attribute that is being requested - * @pin_uri: a PKCS\#11 URI that the PIN is being requested for, optionally %NULL. - * @pin_description: a description of what the PIN is for, must not be %NULL. - * @pin_flags: various flags for this request - * - * Request a PIN for a given 'pin-source' attribute. The result depends on the - * registered callbacks. - * - * If not %NULL, then the @pin_uri attribute should point to the thing that the - * PIN is being requested for. In most use cases this should be a PKCS\#11 URI - * pointing to a token. - * - * The @pin_description should always be specified. It is a string describing - * what the PIN is for. For example this would be the token label, if the PIN - * is for a token. - * - * If more than one callback is registered for the @pin_source, then the latest - * registered one will be called first. If that callback does not return a - * PIN, then the next will be called in turn. - * - * If no callback is registered for @pin_source, then the fallback callbacks will - * be invoked in the same way. The fallback callbacks will not be called if any - * callback has been registered specifically for @pin_source. - * - * The PIN returned should be released with p11_kit_pin_unref(). - * - * Returns: the PIN which should be released with p11_kit_pin_unref(), or %NULL - * if no callback was registered or could proivde a PIN - */ -P11KitPin * -p11_kit_pin_request (const char *pin_source, - P11KitUri *pin_uri, - const char *pin_description, - P11KitPinFlags pin_flags) -{ - PinCallback **snapshot = NULL; - unsigned int snapshot_count = 0; - p11_array *callbacks; - P11KitPin *pin; - unsigned int i; - - return_val_if_fail (pin_source != NULL, NULL); - - p11_lock (); - - /* Find and ref the pin source data */ - if (gl.pin_sources) { - callbacks = p11_dict_get (gl.pin_sources, pin_source); - - /* If we didn't find any snapshots try the global ones */ - if (callbacks == NULL) - callbacks = p11_dict_get (gl.pin_sources, P11_KIT_PIN_FALLBACK); - - if (callbacks != NULL && callbacks->num) { - snapshot = memdup (callbacks->elem, sizeof (void *) * callbacks->num); - snapshot_count = callbacks->num; - for (i = 0; snapshot && i < snapshot_count; i++) - ref_pin_callback (snapshot[i]); - } - } - - p11_unlock (); - - if (snapshot == NULL) - return NULL; - - for (pin = NULL, i = snapshot_count; pin == NULL && i > 0; i--) { - pin = (snapshot[i - 1]->func) (pin_source, pin_uri, pin_description, pin_flags, - snapshot[i - 1]->user_data); - } - - p11_lock (); - for (i = 0; i < snapshot_count; i++) - unref_pin_callback (snapshot[i]); - free (snapshot); - p11_unlock (); - - return pin; -} - -/** - * p11_kit_pin_callback: - * @pin_source: a 'pin-source' attribute string - * @pin_uri: a PKCS\#11 URI that the PIN is for, or %NULL - * @pin_description: a descrption of what the PIN is for - * @pin_flags: flags describing the PIN request - * @callback_data: data that was provided when registering this callback - * - * Represents a PIN callback function. - * - * The various arguments are the same as the ones passed to - * p11_kit_pin_request(). The @callback_data argument was the one passed to - * p11_kit_pin_register_callback() when registering this callback. - * - * The function should return %NULL if it could not provide a PIN, either - * because of an error or a user cancellation. - * - * If a PIN is returned, it will be unreferenced by the caller. So it should be - * either newly allocated, or referenced before returning. - * - * Returns: A PIN or %NULL - */ - -/** - * p11_kit_pin_destroy_func: - * @data: the data to destroy - * - * A function called to free or cleanup @data. - */ - -/** - * p11_kit_pin_file_callback: - * @pin_source: a 'pin-source' attribute string - * @pin_uri: a PKCS\#11 URI that the PIN is for, or %NULL - * @pin_description: a descrption of what the PIN is for - * @pin_flags: flags describing the PIN request - * @callback_data: unused, should be %NULL - * - * This is a PIN callback function that looks up the 'pin-source' attribute in - * a file with that name. This can be used to enable the normal PKCS\#11 URI - * behavior described in the RFC. - * - * If @pin_flags contains the %P11_KIT_PIN_FLAGS_RETRY flag, then this - * callback will always return %NULL. This is to prevent endless loops - * where an application is expecting to interact with a prompter, but - * instead is interacting with this callback reading a file over and over. - * - * This callback fails on files larger than 4 Kilobytes. - * - * This callback is not registered by default. It may have security - * implications depending on the source of the PKCS\#11 URI and the PKCS\#11 - * in use. To register it, use code like the following: - * - * - * p11_kit_pin_register_callback (P11_KIT_PIN_FALLBACK, p11_kit_pin_file_callback, - * NULL, NULL); - * - * - * Returns: a referenced PIN with the file contents, or %NULL if the file - * could not be read - */ -P11KitPin * -p11_kit_pin_file_callback (const char *pin_source, - P11KitUri *pin_uri, - const char *pin_description, - P11KitPinFlags pin_flags, - void *callback_data) -{ - const size_t block = 1024; - unsigned char *buffer; - unsigned char *memory; - size_t used, allocated; - int error = 0; - int fd; - int res; - - return_val_if_fail (pin_source != NULL, NULL); - - /* We don't support retries */ - if (pin_flags & P11_KIT_PIN_FLAGS_RETRY) - return NULL; - - fd = open (pin_source, O_BINARY | O_RDONLY | O_CLOEXEC); - if (fd == -1) - return NULL; - - buffer = NULL; - used = 0; - allocated = 0; - - for (;;) { - if (used + block > 4096) { - error = EFBIG; - break; - } - if (used + block > allocated) { - memory = realloc (buffer, used + block); - if (memory == NULL) { - error = ENOMEM; - break; - } - buffer = memory; - allocated = used + block; - } - - res = read (fd, buffer + used, allocated - used); - if (res < 0) { - if (errno == EAGAIN) - continue; - error = errno; - break; - } else if (res == 0) { - break; - } else { - used += res; - } - } - - close (fd); - - if (error != 0) { - free (buffer); - errno = error; - return NULL; - } - - return p11_kit_pin_new_for_buffer (buffer, used, free); -} - -/** - * P11KitPin: - * - * A structure representing a PKCS\#11 PIN. There are no public fields - * visible in this structure. Use the various accessor functions. - */ -struct p11_kit_pin { - int ref_count; - unsigned char *buffer; - size_t length; - p11_kit_pin_destroy_func destroy; -}; - -/** - * p11_kit_pin_new: - * @value: the value of the PIN - * @length: the length of @value - * - * Create a new P11KitPin with the given PIN value. This function is - * usually used from within registered PIN callbacks. - * - * Exactly @length bytes from @value are used. Null terminated strings, - * or encodings are not considered. A copy of the @value will be made. - * - * Returns: The newly allocated P11KitPin, which should be freed with - * p11_kit_pin_unref() when no longer needed. - */ -P11KitPin * -p11_kit_pin_new (const unsigned char *value, size_t length) -{ - unsigned char *copy; - P11KitPin *pin; - - copy = malloc (length); - return_val_if_fail (copy != NULL, NULL); - - memcpy (copy, value, length); - pin = p11_kit_pin_new_for_buffer (copy, length, free); - return_val_if_fail (pin != NULL, NULL); - - return pin; -} - -/** - * p11_kit_pin_new_for_string: - * @value: the value of the PIN - * - * Create a new P11KitPin for the given null-terminated string, such as a - * password. This function is usually used from within registered - * PIN callbacks. - * - * The PIN will consist of the string not including the null terminator. - * String encoding is not considered. A copy of the @value will be made. - * - * Returns: The newly allocated P11KitPin, which should be freed with - * p11_kit_pin_unref() when no longer needed. - */ -P11KitPin * -p11_kit_pin_new_for_string (const char *value) -{ - return p11_kit_pin_new ((const unsigned char *)value, strlen (value)); -} - -/** - * p11_kit_pin_new_for_buffer: - * @buffer: the value of the PIN - * @length: the length of @buffer - * @destroy: if not %NULL, then called when PIN is destroyed. - * - * Create a new P11KitPin which will use @buffer for the PIN value. - * This function is usually used from within registered PIN callbacks. - * - * The buffer will not be copied. String encodings and null characters - * are not considered. - * - * When the last reference to this PIN is lost, then the @destroy callback - * function will be called passing @buffer as an argument. This allows the - * caller to use a buffer as a PIN without copying it. - * - * - * char *buffer = malloc (128); - * P11KitPin *pin; - * .... - * pin = p11_kit_pin_new_for_buffer (buffer, 128, free); - * - * - * Returns: The newly allocated P11KitPin, which should be freed with - * p11_kit_pin_unref() when no longer needed. - */ -P11KitPin * -p11_kit_pin_new_for_buffer (unsigned char *buffer, size_t length, - p11_kit_pin_destroy_func destroy) -{ - P11KitPin *pin; - - pin = calloc (1, sizeof (P11KitPin)); - return_val_if_fail (pin != NULL, NULL); - - pin->ref_count = 1; - pin->buffer = buffer; - pin->length = length; - pin->destroy = destroy; - - return pin; -} - -/** - * p11_kit_pin_get_value: - * @pin: the P11KitPin - * @length: a location to return the value length - * - * Get the PIN value from a P11KitPin. @length will be set to the - * length of the value. - * - * The value returned is owned by the P11KitPin and should not be modified. - * It remains valid as long as a reference to the PIN is held. The PIN value - * will not contain an extra null-terminator character. - * - * Returns: the value for the PIN. - */ -const unsigned char * -p11_kit_pin_get_value (P11KitPin *pin, size_t *length) -{ - if (length) - *length = pin->length; - return pin->buffer; -} - -/** - * p11_kit_pin_get_length - * @pin: the P11KitPin - * - * Get the length of the PIN value from a P11KitPin. - * - * Returns: the length of the PIN value. - */ -size_t -p11_kit_pin_get_length (P11KitPin *pin) -{ - return pin->length; -} - -/** - * p11_kit_pin_ref: - * @pin: the P11KitPin - * - * Add a reference to a P11KitPin. This should be matched with a later call - * to p11_kit_pin_unref(). As long as at least one reference is held, the PIN - * will remain valid and in memory. - * - * Returns: the @pin pointer, for convenience sake. - */ -P11KitPin * -p11_kit_pin_ref (P11KitPin *pin) -{ - p11_lock (); - - pin->ref_count++; - - p11_unlock (); - - return pin; -} - -/** - * p11_kit_pin_unref: - * @pin: the P11KitPin - * - * Remove a reference from a P11KitPin. When all references have been removed - * then the PIN will be freed and will no longer be in memory. - */ -void -p11_kit_pin_unref (P11KitPin *pin) -{ - bool last = false; - - p11_lock (); - - last = (pin->ref_count == 1); - pin->ref_count--; - - p11_unlock (); - - if (last) { - if (pin->destroy) - (pin->destroy) (pin->buffer); - free (pin); - } -} diff --git a/p11-kit/pin.h b/p11-kit/pin.h deleted file mode 100644 index 3b6806d..0000000 --- a/p11-kit/pin.h +++ /dev/null @@ -1,107 +0,0 @@ -/* - * Copyright (c) 2011 Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef P11_KIT_PIN_H -#define P11_KIT_PIN_H - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -typedef struct p11_kit_pin P11KitPin; - -typedef enum { - P11_KIT_PIN_FLAGS_USER_LOGIN = 1<<0, - P11_KIT_PIN_FLAGS_SO_LOGIN = 1<<1, - P11_KIT_PIN_FLAGS_CONTEXT_LOGIN = 1<<2, - P11_KIT_PIN_FLAGS_RETRY = 1<<3, - P11_KIT_PIN_FLAGS_MANY_TRIES = 1<<4, - P11_KIT_PIN_FLAGS_FINAL_TRY = 1<<5 -} P11KitPinFlags; - -#define P11_KIT_PIN_FALLBACK "" - -typedef void (*p11_kit_pin_destroy_func) (void *data); - -P11KitPin* p11_kit_pin_new (const unsigned char *value, - size_t length); - -P11KitPin* p11_kit_pin_new_for_string (const char *value); - -P11KitPin* p11_kit_pin_new_for_buffer (unsigned char *buffer, - size_t length, - p11_kit_pin_destroy_func destroy); - -P11KitPin* p11_kit_pin_ref (P11KitPin *pin); - -void p11_kit_pin_unref (P11KitPin *pin); - -const unsigned char * p11_kit_pin_get_value (P11KitPin *pin, - size_t *length); - -size_t p11_kit_pin_get_length (P11KitPin *pin); - -typedef P11KitPin* (*p11_kit_pin_callback) (const char *pin_source, - P11KitUri *pin_uri, - const char *pin_description, - P11KitPinFlags pin_flags, - void *callback_data); - -int p11_kit_pin_register_callback (const char *pin_source, - p11_kit_pin_callback callback, - void *callback_data, - p11_kit_pin_destroy_func callback_destroy); - -void p11_kit_pin_unregister_callback (const char *pin_source, - p11_kit_pin_callback callback, - void *callback_data); - -P11KitPin* p11_kit_pin_request (const char *pin_source, - P11KitUri *pin_uri, - const char *pin_description, - P11KitPinFlags pin_flags); - -P11KitPin* p11_kit_pin_file_callback (const char *pin_source, - P11KitUri *pin_uri, - const char *pin_description, - P11KitPinFlags pin_flags, - void *callback_data); - -#ifdef __cplusplus -} /* extern "C" */ -#endif - -#endif /* P11_KIT_URI_H */ diff --git a/p11-kit/pkcs11.conf.example.in b/p11-kit/pkcs11.conf.example.in deleted file mode 100644 index 96d0a08..0000000 --- a/p11-kit/pkcs11.conf.example.in +++ /dev/null @@ -1,9 +0,0 @@ -# This is an example @p11_system_config_file@ file. Copy it into -# place before use. - -# This setting controls whether to load user configuration from the -# @p11_user_config@ directory. Possible values: -# none: No user configuration -# merge: Merge the user config over the system configuration (default) -# only: Only user configuration, ignore system configuration -user-config: merge diff --git a/p11-kit/pkcs11.h b/p11-kit/pkcs11.h deleted file mode 100644 index 245f379..0000000 --- a/p11-kit/pkcs11.h +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat, Inc - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -/* - * This is so that we can use the path in our installed - * headers, but still have the actual file live in our common/ subdirectory. - */ - -#include "common/pkcs11.h" diff --git a/p11-kit/print-messages.c b/p11-kit/print-messages.c deleted file mode 100644 index 5870ad1..0000000 --- a/p11-kit/print-messages.c +++ /dev/null @@ -1,137 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met); - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include -#include -#include -#include - -#include "p11-kit.h" - -int -main (int argc, char *argv[]) -{ - if (argc != 1) { - fprintf (stderr, "usage: print-messages\n"); - exit (2); - } - - #define X(x) printf ("%s: %s\n", #x, p11_kit_strerror (x)) - X(CKR_CANCEL); - X(CKR_FUNCTION_CANCELED); - X(CKR_HOST_MEMORY); - X(CKR_SLOT_ID_INVALID); - X(CKR_GENERAL_ERROR); - X(CKR_FUNCTION_FAILED); - X(CKR_ARGUMENTS_BAD); - X(CKR_NEED_TO_CREATE_THREADS); - X(CKR_CANT_LOCK); - X(CKR_ATTRIBUTE_READ_ONLY); - X(CKR_ATTRIBUTE_SENSITIVE); - X(CKR_ATTRIBUTE_TYPE_INVALID); - X(CKR_ATTRIBUTE_VALUE_INVALID); - X(CKR_DATA_INVALID); - X(CKR_DATA_LEN_RANGE); - X(CKR_DEVICE_ERROR); - X(CKR_DEVICE_MEMORY); - X(CKR_DEVICE_REMOVED); - X(CKR_ENCRYPTED_DATA_INVALID); - X(CKR_ENCRYPTED_DATA_LEN_RANGE); - X(CKR_FUNCTION_NOT_SUPPORTED); - X(CKR_KEY_HANDLE_INVALID); - X(CKR_KEY_SIZE_RANGE); - X(CKR_KEY_TYPE_INCONSISTENT); - X(CKR_KEY_NOT_NEEDED); - X(CKR_KEY_CHANGED); - X(CKR_KEY_NEEDED); - X(CKR_KEY_INDIGESTIBLE); - X(CKR_KEY_FUNCTION_NOT_PERMITTED); - X(CKR_KEY_NOT_WRAPPABLE); - X(CKR_KEY_UNEXTRACTABLE); - X(CKR_MECHANISM_INVALID); - X(CKR_MECHANISM_PARAM_INVALID); - X(CKR_OBJECT_HANDLE_INVALID); - X(CKR_OPERATION_ACTIVE); - X(CKR_OPERATION_NOT_INITIALIZED); - X(CKR_PIN_INCORRECT); - X(CKR_PIN_INVALID); - X(CKR_PIN_LEN_RANGE); - X(CKR_PIN_EXPIRED); - X(CKR_PIN_LOCKED); - X(CKR_SESSION_CLOSED); - X(CKR_SESSION_COUNT); - X(CKR_SESSION_HANDLE_INVALID); - X(CKR_SESSION_READ_ONLY); - X(CKR_SESSION_EXISTS); - X(CKR_SESSION_READ_ONLY_EXISTS); - X(CKR_SESSION_READ_WRITE_SO_EXISTS); - X(CKR_SIGNATURE_INVALID); - X(CKR_SIGNATURE_LEN_RANGE); - X(CKR_TEMPLATE_INCOMPLETE); - X(CKR_TEMPLATE_INCONSISTENT); - X(CKR_TOKEN_NOT_PRESENT); - X(CKR_TOKEN_NOT_RECOGNIZED); - X(CKR_TOKEN_WRITE_PROTECTED); - X(CKR_UNWRAPPING_KEY_HANDLE_INVALID); - X(CKR_UNWRAPPING_KEY_SIZE_RANGE); - X(CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT); - X(CKR_USER_ALREADY_LOGGED_IN); - X(CKR_USER_NOT_LOGGED_IN); - X(CKR_USER_PIN_NOT_INITIALIZED); - X(CKR_USER_TYPE_INVALID); - X(CKR_USER_ANOTHER_ALREADY_LOGGED_IN); - X(CKR_USER_TOO_MANY_TYPES); - X(CKR_WRAPPED_KEY_INVALID); - X(CKR_WRAPPED_KEY_LEN_RANGE); - X(CKR_WRAPPING_KEY_HANDLE_INVALID); - X(CKR_WRAPPING_KEY_SIZE_RANGE); - X(CKR_WRAPPING_KEY_TYPE_INCONSISTENT); - X(CKR_RANDOM_SEED_NOT_SUPPORTED); - X(CKR_RANDOM_NO_RNG); - X(CKR_DOMAIN_PARAMS_INVALID); - X(CKR_BUFFER_TOO_SMALL); - X(CKR_SAVED_STATE_INVALID); - X(CKR_INFORMATION_SENSITIVE); - X(CKR_STATE_UNSAVEABLE); - X(CKR_CRYPTOKI_NOT_INITIALIZED); - X(CKR_CRYPTOKI_ALREADY_INITIALIZED); - X(CKR_MUTEX_BAD); - X(CKR_MUTEX_NOT_LOCKED); - X(CKR_FUNCTION_REJECTED); - #undef X - - return 0; -} diff --git a/p11-kit/private.h b/p11-kit/private.h deleted file mode 100644 index b363b17..0000000 --- a/p11-kit/private.h +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright (c) 2011 Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef __P11_KIT_PRIVATE_H__ -#define __P11_KIT_PRIVATE_H__ - -#include "compat.h" -#include "pkcs11.h" - -/* These are global variables to be overridden in tests */ -extern const char *p11_config_system_file; -extern const char *p11_config_user_file; -extern const char *p11_config_package_modules; -extern const char *p11_config_system_modules; -extern const char *p11_config_user_modules; - -CK_RV _p11_load_config_files_unlocked (const char *system_conf, - const char *user_conf, - int *user_mode); - -void _p11_kit_default_message (CK_RV rv); - -const char * _p11_get_progname_unlocked (void); - -void _p11_set_progname_unlocked (const char *progname); - -int p11_match_uri_module_info (CK_INFO_PTR one, - CK_INFO_PTR two); - -int p11_match_uri_slot_info (CK_SLOT_INFO_PTR one, - CK_SLOT_INFO_PTR two); - -int p11_match_uri_token_info (CK_TOKEN_INFO_PTR one, - CK_TOKEN_INFO_PTR two); - -#endif /* __P11_KIT_PRIVATE_H__ */ diff --git a/p11-kit/proxy.c b/p11-kit/proxy.c deleted file mode 100644 index c554511..0000000 --- a/p11-kit/proxy.c +++ /dev/null @@ -1,2425 +0,0 @@ -/* - * Copyright (C) 2008 Stefan Walter - * Copyright (C) 2011 Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "compat.h" -#define P11_DEBUG_FLAG P11_DEBUG_PROXY -#define CRYPTOKI_EXPORTS - -#include "debug.h" -#include "dict.h" -#include "library.h" -#include "message.h" -#include "modules.h" -#include "pkcs11.h" -#include "pkcs11x.h" -#include "p11-kit.h" -#include "private.h" -#include "proxy.h" -#include "virtual.h" - -#include -#include -#include -#include -#include -#include -#include -#include - -/* Start wrap slots slightly higher for testing */ -#define MAPPING_OFFSET 0x10 -#define FIRST_HANDLE 0x10 - -typedef struct _Mapping { - CK_SLOT_ID wrap_slot; - CK_SLOT_ID real_slot; - CK_FUNCTION_LIST_PTR funcs; -} Mapping; - -typedef struct _Session { - CK_SESSION_HANDLE wrap_session; - CK_SESSION_HANDLE real_session; - CK_SLOT_ID wrap_slot; -} Session; - -typedef struct { - int refs; - Mapping *mappings; - unsigned int n_mappings; - p11_dict *sessions; - CK_FUNCTION_LIST **inited; - unsigned int forkid; -} Proxy; - -typedef struct _State { - p11_virtual virt; - struct _State *next; - CK_FUNCTION_LIST *wrapped; - CK_ULONG last_handle; - Proxy *px; -} State; - -static CK_FUNCTION_LIST **all_modules = NULL; -static State *all_instances = NULL; -static State global = { { { { -1, -1 }, NULL, }, }, NULL, NULL, FIRST_HANDLE, NULL }; - -#define PROXY_VALID(px) ((px) && (px)->forkid == p11_forkid) -#define PROXY_FORKED(px) ((px) && (px)->forkid != p11_forkid) - -#define MANUFACTURER_ID "PKCS#11 Kit " -#define LIBRARY_DESCRIPTION "PKCS#11 Kit Proxy Module " -#define LIBRARY_VERSION_MAJOR 1 -#define LIBRARY_VERSION_MINOR 1 - -/* ----------------------------------------------------------------------------- - * PKCS#11 PROXY MODULE - */ - -static CK_RV -map_slot_unlocked (Proxy *px, - CK_SLOT_ID slot, - Mapping *mapping) -{ - assert (px != NULL); - assert (mapping != NULL); - - if (slot < MAPPING_OFFSET) - return CKR_SLOT_ID_INVALID; - slot -= MAPPING_OFFSET; - - if (slot > px->n_mappings) { - return CKR_SLOT_ID_INVALID; - } else { - assert (px->mappings); - memcpy (mapping, &px->mappings[slot], sizeof (Mapping)); - return CKR_OK; - } -} - -static CK_RV -map_slot_to_real (Proxy *px, - CK_SLOT_ID_PTR slot, - Mapping *mapping) -{ - CK_RV rv; - - assert (mapping != NULL); - - p11_lock (); - - if (!PROXY_VALID (px)) - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - else - rv = map_slot_unlocked (px, *slot, mapping); - if (rv == CKR_OK) - *slot = mapping->real_slot; - - p11_unlock (); - - return rv; -} - -static CK_RV -map_session_to_real (Proxy *px, - CK_SESSION_HANDLE_PTR handle, - Mapping *mapping, - Session *session) -{ - CK_RV rv = CKR_OK; - Session *sess; - - assert (handle != NULL); - assert (mapping != NULL); - - p11_lock (); - - if (!PROXY_VALID (px)) { - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - } else { - assert (px->sessions); - sess = p11_dict_get (px->sessions, handle); - if (sess != NULL) { - *handle = sess->real_session; - rv = map_slot_unlocked (px, sess->wrap_slot, mapping); - if (session != NULL) - memcpy (session, sess, sizeof (Session)); - } else { - rv = CKR_SESSION_HANDLE_INVALID; - } - } - - p11_unlock (); - - return rv; -} - -static void -proxy_free (Proxy *py, unsigned finalize) -{ - if (py) { - if (finalize) - p11_kit_modules_finalize (py->inited); - free (py->inited); - p11_dict_free (py->sessions); - free (py->mappings); - free (py); - } -} - -static CK_RV -proxy_C_Finalize (CK_X_FUNCTION_LIST *self, - CK_VOID_PTR reserved) -{ - Proxy *py = NULL; - State *state = (State *)self; - CK_RV rv = CKR_OK; - - p11_debug ("in"); - - /* WARNING: This function must be reentrant */ - - if (reserved) { - rv = CKR_ARGUMENTS_BAD; - - } else { - p11_lock (); - - if (!PROXY_VALID (state->px)) { - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - py = state->px; - state->px = NULL; - } else if (state->px->refs-- == 1) { - py = state->px; - state->px = NULL; - } - - p11_unlock (); - - proxy_free (py, 1); - } - - p11_debug ("out: %lu", rv); - return rv; -} - -static CK_FUNCTION_LIST ** -modules_dup (CK_FUNCTION_LIST **modules) -{ - int count = 0; - - while (modules[count] != NULL) - count++; - - return memdup (modules, sizeof (CK_FUNCTION_LIST *) * (count + 1)); -} - -static CK_RV -proxy_create (Proxy **res) -{ - CK_FUNCTION_LIST_PTR *f; - CK_FUNCTION_LIST_PTR funcs; - CK_SLOT_ID_PTR slots; - CK_ULONG i, count; - CK_RV rv = CKR_OK; - Proxy *py; - - py = calloc (1, sizeof (Proxy)); - return_val_if_fail (py != NULL, CKR_HOST_MEMORY); - - py->forkid = p11_forkid; - - py->inited = modules_dup (all_modules); - return_val_if_fail (py->inited != NULL, CKR_HOST_MEMORY); - - rv = p11_kit_modules_initialize (py->inited, NULL); - - if (rv == CKR_OK) { - for (f = py->inited; *f; ++f) { - funcs = *f; - assert (funcs != NULL); - slots = NULL; - - /* Ask module for its slots */ - rv = (funcs->C_GetSlotList) (FALSE, NULL, &count); - if (rv == CKR_OK && count) { - slots = calloc (sizeof (CK_SLOT_ID), count); - rv = (funcs->C_GetSlotList) (FALSE, slots, &count); - } - - if (rv != CKR_OK) { - free (slots); - break; - } - - return_val_if_fail (count == 0 || slots != NULL, CKR_GENERAL_ERROR); - - py->mappings = realloc (py->mappings, sizeof (Mapping) * (py->n_mappings + count)); - return_val_if_fail (py->mappings != NULL, CKR_HOST_MEMORY); - - /* And now add a mapping for each of those slots */ - for (i = 0; i < count; ++i) { - py->mappings[py->n_mappings].funcs = funcs; - py->mappings[py->n_mappings].wrap_slot = py->n_mappings + MAPPING_OFFSET; - py->mappings[py->n_mappings].real_slot = slots[i]; - ++py->n_mappings; - } - - free (slots); - } - } - - if (rv != CKR_OK) { - proxy_free (py, 1); - return rv; - } - - py->sessions = p11_dict_new (p11_dict_ulongptr_hash, p11_dict_ulongptr_equal, NULL, free); - return_val_if_fail (py->sessions != NULL, CKR_HOST_MEMORY); - py->refs = 1; - - *res = py; - return CKR_OK; -} - -static CK_RV -proxy_C_Initialize (CK_X_FUNCTION_LIST *self, - CK_VOID_PTR init_args) -{ - State *state = (State *)self; - bool initialize = false; - Proxy *py; - CK_RV rv; - - p11_library_init_once (); - - /* WARNING: This function must be reentrant */ - - p11_debug ("in"); - - p11_lock (); - - if (!PROXY_VALID (state->px)) { - unsigned call_finalize = 1; - - initialize = true; - if (PROXY_FORKED(state->px)) - call_finalize = 0; - proxy_free (state->px, call_finalize); - - state->px = NULL; - } else { - state->px->refs++; - } - - p11_unlock (); - - if (!initialize) { - p11_debug ("out: already: %lu", CKR_OK); - return CKR_OK; - } - - rv = proxy_create (&py); - if (rv != CKR_OK) { - p11_debug ("out: %lu", rv); - return rv; - } - - p11_lock (); - - if (state->px == NULL) { - state->px = py; - py = NULL; - } - - p11_unlock (); - - proxy_free (py, 1); - p11_debug ("out: 0"); - return rv; -} - -static CK_RV -proxy_C_GetInfo (CK_X_FUNCTION_LIST *self, - CK_INFO_PTR info) -{ - State *state = (State *)self; - CK_RV rv = CKR_OK; - - p11_library_init_once (); - - return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD); - - p11_lock (); - - if (!PROXY_VALID (state->px)) - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - - p11_unlock (); - - if (rv != CKR_OK) - return rv; - - memset (info, 0, sizeof (CK_INFO)); - info->cryptokiVersion.major = CRYPTOKI_VERSION_MAJOR; - info->cryptokiVersion.minor = CRYPTOKI_VERSION_MINOR; - info->libraryVersion.major = LIBRARY_VERSION_MAJOR; - info->libraryVersion.minor = LIBRARY_VERSION_MINOR; - info->flags = 0; - strncpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32); - strncpy ((char*)info->libraryDescription, LIBRARY_DESCRIPTION, 32); - return CKR_OK; -} - -static CK_RV -proxy_C_GetSlotList (CK_X_FUNCTION_LIST *self, - CK_BBOOL token_present, - CK_SLOT_ID_PTR slot_list, - CK_ULONG_PTR count) -{ - State *state = (State *)self; - CK_SLOT_INFO info; - Mapping *mapping; - CK_ULONG index; - CK_RV rv = CKR_OK; - unsigned int i; - - return_val_if_fail (count != NULL, CKR_ARGUMENTS_BAD); - - p11_lock (); - - if (!PROXY_VALID (state->px)) { - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - } else { - index = 0; - - /* Go through and build up a map */ - for (i = 0; i < state->px->n_mappings; ++i) { - mapping = &state->px->mappings[i]; - - /* Skip ones without a token if requested */ - if (token_present) { - rv = (mapping->funcs->C_GetSlotInfo) (mapping->real_slot, &info); - if (rv != CKR_OK) - break; - if (!(info.flags & CKF_TOKEN_PRESENT)) - continue; - } - - /* Fill in the slot if we can */ - if (slot_list && *count > index) - slot_list[index] = mapping->wrap_slot; - - ++index; - } - - if (slot_list && *count < index) - rv = CKR_BUFFER_TOO_SMALL; - - *count = index; - } - - p11_unlock (); - - return rv; -} - -static CK_RV -proxy_C_GetSlotInfo (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID id, - CK_SLOT_INFO_PTR info) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_slot_to_real (state->px, &id, &map); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GetSlotInfo) (id, info); -} - -static CK_RV -proxy_C_GetTokenInfo (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID id, - CK_TOKEN_INFO_PTR info) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_slot_to_real (state->px, &id, &map); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GetTokenInfo) (id, info); -} - -static CK_RV -proxy_C_GetMechanismList (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID id, - CK_MECHANISM_TYPE_PTR mechanism_list, - CK_ULONG_PTR count) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_slot_to_real (state->px, &id, &map); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GetMechanismList) (id, mechanism_list, count); -} - -static CK_RV -proxy_C_GetMechanismInfo (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID id, - CK_MECHANISM_TYPE type, - CK_MECHANISM_INFO_PTR info) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_slot_to_real (state->px, &id, &map); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GetMechanismInfo) (id, type, info); -} - -static CK_RV -proxy_C_InitToken (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID id, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len, - CK_UTF8CHAR_PTR label) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_slot_to_real (state->px, &id, &map); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_InitToken) (id, pin, pin_len, label); -} - -static CK_RV -proxy_C_WaitForSlotEvent (CK_X_FUNCTION_LIST *self, - CK_FLAGS flags, - CK_SLOT_ID_PTR slot, - CK_VOID_PTR reserved) -{ - return CKR_FUNCTION_NOT_SUPPORTED; -} - -static CK_RV -proxy_C_OpenSession (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID id, - CK_FLAGS flags, - CK_VOID_PTR user_data, - CK_NOTIFY callback, - CK_SESSION_HANDLE_PTR handle) -{ - State *state = (State *)self; - Session *sess; - Mapping map; - CK_RV rv; - - return_val_if_fail (handle != NULL, CKR_ARGUMENTS_BAD); - - rv = map_slot_to_real (state->px, &id, &map); - if (rv != CKR_OK) - return rv; - - rv = (map.funcs->C_OpenSession) (id, flags, user_data, callback, handle); - - if (rv == CKR_OK) { - p11_lock (); - - if (!PROXY_VALID (state->px)) { - /* - * The underlying module should have returned an error, so this - * code should never be reached with properly behaving modules. - * That's why we don't cleanup and close the newly opened session here - * or anything like that. - */ - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - - } else { - sess = calloc (1, sizeof (Session)); - sess->wrap_slot = map.wrap_slot; - sess->real_session = *handle; - sess->wrap_session = ++state->last_handle; /* TODO: Handle wrapping, and then collisions */ - p11_dict_set (state->px->sessions, &sess->wrap_session, sess); - *handle = sess->wrap_session; - } - - p11_unlock (); - } - - return rv; -} - -static CK_RV -proxy_C_CloseSession (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle) -{ - State *state = (State *)self; - CK_SESSION_HANDLE key; - Mapping map; - CK_RV rv; - - key = handle; - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - rv = (map.funcs->C_CloseSession) (handle); - - if (rv == CKR_OK) { - p11_lock (); - - if (state->px) - p11_dict_remove (state->px->sessions, &key); - - p11_unlock (); - } - - return rv; -} - -static CK_RV -proxy_C_CloseAllSessions (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID id) -{ - State *state = (State *)self; - CK_SESSION_HANDLE_PTR to_close; - CK_RV rv = CKR_OK; - Session *sess; - CK_ULONG i, count = 0; - p11_dictiter iter; - - p11_lock (); - - if (!PROXY_VALID (state->px)) { - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - } else { - assert (state->px->sessions != NULL); - to_close = calloc (sizeof (CK_SESSION_HANDLE), p11_dict_size (state->px->sessions)); - if (!to_close) { - rv = CKR_HOST_MEMORY; - } else { - p11_dict_iterate (state->px->sessions, &iter); - count = 0; - while (p11_dict_next (&iter, NULL, (void**)&sess)) { - if (sess->wrap_slot == id && to_close) - to_close[count++] = sess->wrap_session; - } - } - } - - p11_unlock (); - - if (rv != CKR_OK) - return rv; - - for (i = 0; i < count; ++i) - proxy_C_CloseSession (self, to_close[i]); - - free (to_close); - return CKR_OK; -} - -static CK_RV -proxy_C_GetFunctionStatus (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GetFunctionStatus) (handle); -} - -static CK_RV -proxy_C_CancelFunction (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_CancelFunction) (handle); -} - -static CK_RV -proxy_C_GetSessionInfo (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_SESSION_INFO_PTR info) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - if (info == NULL) - return CKR_ARGUMENTS_BAD; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - - rv = (map.funcs->C_GetSessionInfo) (handle, info); - if (rv == CKR_OK) - info->slotID = map.wrap_slot; - - return rv; -} - -static CK_RV -proxy_C_InitPIN (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - - return (map.funcs->C_InitPIN) (handle, pin, pin_len); -} - -static CK_RV -proxy_C_SetPIN (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_UTF8CHAR_PTR old_pin, - CK_ULONG old_pin_len, - CK_UTF8CHAR_PTR new_pin, - CK_ULONG new_pin_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - - return (map.funcs->C_SetPIN) (handle, old_pin, old_pin_len, new_pin, new_pin_len); -} - -static CK_RV -proxy_C_GetOperationState (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR operation_state, - CK_ULONG_PTR operation_state_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GetOperationState) (handle, operation_state, operation_state_len); -} - -static CK_RV -proxy_C_SetOperationState (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR operation_state, - CK_ULONG operation_state_len, - CK_OBJECT_HANDLE encryption_key, - CK_OBJECT_HANDLE authentication_key) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_SetOperationState) (handle, operation_state, operation_state_len, encryption_key, authentication_key); -} - -static CK_RV -proxy_C_Login (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_USER_TYPE user_type, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - - return (map.funcs->C_Login) (handle, user_type, pin, pin_len); -} - -static CK_RV -proxy_C_Logout (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_Logout) (handle); -} - -static CK_RV -proxy_C_CreateObject (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR new_object) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - - return (map.funcs->C_CreateObject) (handle, template, count, new_object); -} - -static CK_RV -proxy_C_CopyObject (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR new_object) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_CopyObject) (handle, object, template, count, new_object); -} - -static CK_RV -proxy_C_DestroyObject (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE object) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DestroyObject) (handle, object); -} - -static CK_RV -proxy_C_GetObjectSize (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE object, - CK_ULONG_PTR size) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GetObjectSize) (handle, object, size); -} - -static CK_RV -proxy_C_GetAttributeValue (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GetAttributeValue) (handle, object, template, count); -} - -static CK_RV -proxy_C_SetAttributeValue (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_SetAttributeValue) (handle, object, template, count); -} - -static CK_RV -proxy_C_FindObjectsInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_FindObjectsInit) (handle, template, count); -} - -static CK_RV -proxy_C_FindObjects (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE_PTR objects, - CK_ULONG max_count, - CK_ULONG_PTR count) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_FindObjects) (handle, objects, max_count, count); -} - -static CK_RV -proxy_C_FindObjectsFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_FindObjectsFinal) (handle); -} - -static CK_RV -proxy_C_EncryptInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_EncryptInit) (handle, mechanism, key); -} - -static CK_RV -proxy_C_Encrypt (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR input, - CK_ULONG input_len, - CK_BYTE_PTR encrypted_data, - CK_ULONG_PTR encrypted_data_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_Encrypt) (handle, input, input_len, encrypted_data, encrypted_data_len); -} - -static CK_RV -proxy_C_EncryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR encrypted_part, - CK_ULONG_PTR encrypted_part_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_EncryptUpdate) (handle, part, part_len, encrypted_part, encrypted_part_len); -} - -static CK_RV -proxy_C_EncryptFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR last_part, - CK_ULONG_PTR last_part_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_EncryptFinal) (handle, last_part, last_part_len); -} - -static CK_RV -proxy_C_DecryptInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DecryptInit) (handle, mechanism, key); -} - -static CK_RV -proxy_C_Decrypt (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR enc_data, - CK_ULONG enc_data_len, - CK_BYTE_PTR output, - CK_ULONG_PTR output_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_Decrypt) (handle, enc_data, enc_data_len, output, output_len); -} - -static CK_RV -proxy_C_DecryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DecryptUpdate) (handle, enc_part, enc_part_len, part, part_len); -} - -static CK_RV -proxy_C_DecryptFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR last_part, - CK_ULONG_PTR last_part_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DecryptFinal) (handle, last_part, last_part_len); -} - -static CK_RV -proxy_C_DigestInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DigestInit) (handle, mechanism); -} - -static CK_RV -proxy_C_Digest (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR input, - CK_ULONG input_len, - CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_Digest) (handle, input, input_len, digest, digest_len); -} - -static CK_RV -proxy_C_DigestUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DigestUpdate) (handle, part, part_len); -} - -static CK_RV -proxy_C_DigestKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE key) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DigestKey) (handle, key); -} - -static CK_RV -proxy_C_DigestFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DigestFinal) (handle, digest, digest_len); -} - -static CK_RV -proxy_C_SignInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_SignInit) (handle, mechanism, key); -} - -static CK_RV -proxy_C_Sign (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR input, - CK_ULONG input_len, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_Sign) (handle, input, input_len, signature, signature_len); -} - -static CK_RV -proxy_C_SignUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_SignUpdate) (handle, part, part_len); -} - -static CK_RV -proxy_C_SignFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_SignFinal) (handle, signature, signature_len); -} - -static CK_RV -proxy_C_SignRecoverInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_SignRecoverInit) (handle, mechanism, key); -} - -static CK_RV -proxy_C_SignRecover (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR input, - CK_ULONG input_len, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_SignRecover) (handle, input, input_len, signature, signature_len); -} - -static CK_RV -proxy_C_VerifyInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_VerifyInit) (handle, mechanism, key); -} - -static CK_RV -proxy_C_Verify (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR input, - CK_ULONG input_len, - CK_BYTE_PTR signature, - CK_ULONG signature_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_Verify) (handle, input, input_len, signature, signature_len); -} - -static CK_RV -proxy_C_VerifyUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_VerifyUpdate) (handle, part, part_len); -} - -static CK_RV -proxy_C_VerifyFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR signature, - CK_ULONG signature_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_VerifyFinal) (handle, signature, signature_len); -} - -static CK_RV -proxy_C_VerifyRecoverInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_VerifyRecoverInit) (handle, mechanism, key); -} - -static CK_RV -proxy_C_VerifyRecover (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR signature, - CK_ULONG signature_len, - CK_BYTE_PTR output, - CK_ULONG_PTR output_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_VerifyRecover) (handle, signature, signature_len, output, output_len); -} - -static CK_RV -proxy_C_DigestEncryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR enc_part, - CK_ULONG_PTR enc_part_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DigestEncryptUpdate) (handle, part, part_len, enc_part, enc_part_len); -} - -static CK_RV -proxy_C_DecryptDigestUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DecryptDigestUpdate) (handle, enc_part, enc_part_len, part, part_len); -} - -static CK_RV -proxy_C_SignEncryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR enc_part, - CK_ULONG_PTR enc_part_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_SignEncryptUpdate) (handle, part, part_len, enc_part, enc_part_len); -} - -static CK_RV -proxy_C_DecryptVerifyUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DecryptVerifyUpdate) (handle, enc_part, enc_part_len, part, part_len); -} - -static CK_RV -proxy_C_GenerateKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GenerateKey) (handle, mechanism, template, count, key); -} - -static CK_RV -proxy_C_GenerateKeyPair (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR pub_template, - CK_ULONG pub_count, - CK_ATTRIBUTE_PTR priv_template, - CK_ULONG priv_count, - CK_OBJECT_HANDLE_PTR pub_key, - CK_OBJECT_HANDLE_PTR priv_key) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GenerateKeyPair) (handle, mechanism, pub_template, pub_count, priv_template, priv_count, pub_key, priv_key); -} - -static CK_RV -proxy_C_WrapKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE wrapping_key, - CK_OBJECT_HANDLE key, - CK_BYTE_PTR wrapped_key, - CK_ULONG_PTR wrapped_key_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_WrapKey) (handle, mechanism, wrapping_key, key, wrapped_key, wrapped_key_len); -} - -static CK_RV -proxy_C_UnwrapKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE unwrapping_key, - CK_BYTE_PTR wrapped_key, - CK_ULONG wrapped_key_len, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_UnwrapKey) (handle, mechanism, unwrapping_key, wrapped_key, wrapped_key_len, template, count, key); -} - -static CK_RV -proxy_C_DeriveKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE base_key, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DeriveKey) (handle, mechanism, base_key, template, count, key); -} - -static CK_RV -proxy_C_SeedRandom (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR seed, - CK_ULONG seed_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_SeedRandom) (handle, seed, seed_len); -} - -static CK_RV -proxy_C_GenerateRandom (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR random_data, - CK_ULONG random_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GenerateRandom) (handle, random_data, random_len); -} - -/* -------------------------------------------------------------------- - * Global module functions - */ - -static CK_FUNCTION_LIST module_functions; - -static CK_RV -module_C_Initialize (CK_VOID_PTR init_args) -{ - return proxy_C_Initialize (&global.virt.funcs, init_args); -} - -static CK_RV -module_C_Finalize (CK_VOID_PTR reserved) -{ - return proxy_C_Finalize (&global.virt.funcs, reserved); -} - -static CK_RV -module_C_GetInfo (CK_INFO_PTR info) -{ - return proxy_C_GetInfo (&global.virt.funcs, info); -} - -static CK_RV -module_C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) -{ - return_val_if_fail (list != NULL, CKR_ARGUMENTS_BAD); - *list = &module_functions; - return CKR_OK; -} - -static CK_RV -module_C_GetSlotList (CK_BBOOL token_present, - CK_SLOT_ID_PTR slot_list, - CK_ULONG_PTR count) -{ - return proxy_C_GetSlotList (&global.virt.funcs, token_present, slot_list, count); -} - -static CK_RV -module_C_GetSlotInfo (CK_SLOT_ID id, - CK_SLOT_INFO_PTR info) -{ - return proxy_C_GetSlotInfo (&global.virt.funcs, id, info); -} - -static CK_RV -module_C_GetTokenInfo (CK_SLOT_ID id, - CK_TOKEN_INFO_PTR info) -{ - return proxy_C_GetTokenInfo (&global.virt.funcs, id, info); -} - -static CK_RV -module_C_GetMechanismList (CK_SLOT_ID id, - CK_MECHANISM_TYPE_PTR mechanism_list, - CK_ULONG_PTR count) -{ - return proxy_C_GetMechanismList (&global.virt.funcs, id, mechanism_list, count); -} - -static CK_RV -module_C_GetMechanismInfo (CK_SLOT_ID id, - CK_MECHANISM_TYPE type, - CK_MECHANISM_INFO_PTR info) -{ - return proxy_C_GetMechanismInfo (&global.virt.funcs, id, type, info); -} - -static CK_RV -module_C_InitToken (CK_SLOT_ID id, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len, - CK_UTF8CHAR_PTR label) -{ - return proxy_C_InitToken (&global.virt.funcs, id, pin, pin_len, label); -} - -static CK_RV -module_C_WaitForSlotEvent (CK_FLAGS flags, - CK_SLOT_ID_PTR slot, - CK_VOID_PTR reserved) -{ - return proxy_C_WaitForSlotEvent (&global.virt.funcs, flags, slot, reserved); -} - -static CK_RV -module_C_OpenSession (CK_SLOT_ID id, - CK_FLAGS flags, - CK_VOID_PTR user_data, - CK_NOTIFY callback, - CK_SESSION_HANDLE_PTR handle) -{ - return proxy_C_OpenSession (&global.virt.funcs, id, flags, user_data, callback, - handle); -} - -static CK_RV -module_C_CloseSession (CK_SESSION_HANDLE handle) -{ - return proxy_C_CloseSession (&global.virt.funcs, handle); -} - -static CK_RV -module_C_CloseAllSessions (CK_SLOT_ID id) -{ - return proxy_C_CloseAllSessions (&global.virt.funcs, id); -} - -static CK_RV -module_C_GetFunctionStatus (CK_SESSION_HANDLE handle) -{ - return proxy_C_GetFunctionStatus (&global.virt.funcs, handle); -} - -static CK_RV -module_C_CancelFunction (CK_SESSION_HANDLE handle) -{ - return proxy_C_CancelFunction (&global.virt.funcs, handle); -} - -static CK_RV -module_C_GetSessionInfo (CK_SESSION_HANDLE handle, - CK_SESSION_INFO_PTR info) -{ - return proxy_C_GetSessionInfo (&global.virt.funcs, handle, info); -} - -static CK_RV -module_C_InitPIN (CK_SESSION_HANDLE handle, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len) -{ - return proxy_C_InitPIN (&global.virt.funcs, handle, pin, pin_len); -} - -static CK_RV -module_C_SetPIN (CK_SESSION_HANDLE handle, - CK_UTF8CHAR_PTR old_pin, - CK_ULONG old_pin_len, - CK_UTF8CHAR_PTR new_pin, - CK_ULONG new_pin_len) -{ - return proxy_C_SetPIN (&global.virt.funcs, handle, old_pin, old_pin_len, new_pin, - new_pin_len); -} - -static CK_RV -module_C_GetOperationState (CK_SESSION_HANDLE handle, - CK_BYTE_PTR operation_state, - CK_ULONG_PTR operation_state_len) -{ - return proxy_C_GetOperationState (&global.virt.funcs, handle, operation_state, - operation_state_len); -} - -static CK_RV -module_C_SetOperationState (CK_SESSION_HANDLE handle, - CK_BYTE_PTR operation_state, - CK_ULONG operation_state_len, - CK_OBJECT_HANDLE encryption_key, - CK_OBJECT_HANDLE authentication_key) -{ - return proxy_C_SetOperationState (&global.virt.funcs, handle, operation_state, - operation_state_len, encryption_key, - authentication_key); -} - -static CK_RV -module_C_Login (CK_SESSION_HANDLE handle, - CK_USER_TYPE user_type, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len) -{ - return proxy_C_Login (&global.virt.funcs, handle, user_type, pin, pin_len); -} - -static CK_RV -module_C_Logout (CK_SESSION_HANDLE handle) -{ - return proxy_C_Logout (&global.virt.funcs, handle); -} - -static CK_RV -module_C_CreateObject (CK_SESSION_HANDLE handle, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR new_object) -{ - return proxy_C_CreateObject (&global.virt.funcs, handle, template, count, - new_object); -} - -static CK_RV -module_C_CopyObject (CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR new_object) -{ - return proxy_C_CopyObject (&global.virt.funcs, handle, object, template, count, - new_object); -} - -static CK_RV -module_C_DestroyObject (CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE object) -{ - return proxy_C_DestroyObject (&global.virt.funcs, handle, object); -} - -static CK_RV -module_C_GetObjectSize (CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE object, - CK_ULONG_PTR size) -{ - return proxy_C_GetObjectSize (&global.virt.funcs, handle, object, size); -} - -static CK_RV -module_C_GetAttributeValue (CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - return proxy_C_GetAttributeValue (&global.virt.funcs, handle, object, template, - count); -} - -static CK_RV -module_C_SetAttributeValue (CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - return proxy_C_SetAttributeValue (&global.virt.funcs, handle, object, template, - count); -} - -static CK_RV -module_C_FindObjectsInit (CK_SESSION_HANDLE handle, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - return proxy_C_FindObjectsInit (&global.virt.funcs, handle, template, count); -} - -static CK_RV -module_C_FindObjects (CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE_PTR objects, - CK_ULONG max_count, - CK_ULONG_PTR count) -{ - return proxy_C_FindObjects (&global.virt.funcs, handle, objects, max_count, count); -} - -static CK_RV -module_C_FindObjectsFinal (CK_SESSION_HANDLE handle) -{ - return proxy_C_FindObjectsFinal (&global.virt.funcs, handle); -} - -static CK_RV -module_C_EncryptInit (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return proxy_C_EncryptInit (&global.virt.funcs, handle, mechanism, key); -} - -static CK_RV -module_C_Encrypt (CK_SESSION_HANDLE handle, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR encrypted_data, - CK_ULONG_PTR encrypted_data_len) -{ - return proxy_C_Encrypt (&global.virt.funcs, handle, data, data_len, - encrypted_data, encrypted_data_len); -} - -static CK_RV -module_C_EncryptUpdate (CK_SESSION_HANDLE handle, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR encrypted_part, - CK_ULONG_PTR encrypted_part_len) -{ - return proxy_C_EncryptUpdate (&global.virt.funcs, handle, part, part_len, - encrypted_part, encrypted_part_len); -} - -static CK_RV -module_C_EncryptFinal (CK_SESSION_HANDLE handle, - CK_BYTE_PTR last_part, - CK_ULONG_PTR last_part_len) -{ - return proxy_C_EncryptFinal (&global.virt.funcs, handle, last_part, last_part_len); -} - -static CK_RV -module_C_DecryptInit (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return proxy_C_DecryptInit (&global.virt.funcs, handle, mechanism, key); -} - -static CK_RV -module_C_Decrypt (CK_SESSION_HANDLE handle, - CK_BYTE_PTR enc_data, - CK_ULONG enc_data_len, - CK_BYTE_PTR data, - CK_ULONG_PTR data_len) -{ - return proxy_C_Decrypt (&global.virt.funcs, handle, enc_data, enc_data_len, - data, data_len); -} - -static CK_RV -module_C_DecryptUpdate (CK_SESSION_HANDLE handle, - CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - return proxy_C_DecryptUpdate (&global.virt.funcs, handle, enc_part, enc_part_len, - part, part_len); -} - -static CK_RV -module_C_DecryptFinal (CK_SESSION_HANDLE handle, - CK_BYTE_PTR last_part, - CK_ULONG_PTR last_part_len) -{ - return proxy_C_DecryptFinal (&global.virt.funcs, handle, last_part, last_part_len); -} - -static CK_RV -module_C_DigestInit (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism) -{ - return proxy_C_DigestInit (&global.virt.funcs, handle, mechanism); -} - -static CK_RV -module_C_Digest (CK_SESSION_HANDLE handle, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len) -{ - return proxy_C_Digest (&global.virt.funcs, handle, data, data_len, digest, - digest_len); -} - -static CK_RV -module_C_DigestUpdate (CK_SESSION_HANDLE handle, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - return proxy_C_DigestUpdate (&global.virt.funcs, handle, part, part_len); -} - -static CK_RV -module_C_DigestKey (CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE key) -{ - return proxy_C_DigestKey (&global.virt.funcs, handle, key); -} - -static CK_RV -module_C_DigestFinal (CK_SESSION_HANDLE handle, - CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len) -{ - return proxy_C_DigestFinal (&global.virt.funcs, handle, digest, digest_len); -} - -static CK_RV -module_C_SignInit (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return proxy_C_SignInit (&global.virt.funcs, handle, mechanism, key); -} - -static CK_RV -module_C_Sign (CK_SESSION_HANDLE handle, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - return proxy_C_Sign (&global.virt.funcs, handle, data, data_len, signature, - signature_len); -} - -static CK_RV -module_C_SignUpdate (CK_SESSION_HANDLE handle, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - return proxy_C_SignUpdate (&global.virt.funcs, handle, part, part_len); -} - -static CK_RV -module_C_SignFinal (CK_SESSION_HANDLE handle, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - return proxy_C_SignFinal (&global.virt.funcs, handle, signature, signature_len); -} - -static CK_RV -module_C_SignRecoverInit (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return proxy_C_SignRecoverInit (&global.virt.funcs, handle, mechanism, key); -} - -static CK_RV -module_C_SignRecover (CK_SESSION_HANDLE handle, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - return proxy_C_SignRecover (&global.virt.funcs, handle, data, data_len, - signature, signature_len); -} - -static CK_RV -module_C_VerifyInit (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return proxy_C_VerifyInit (&global.virt.funcs, handle, mechanism, key); -} - -static CK_RV -module_C_Verify (CK_SESSION_HANDLE handle, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR signature, - CK_ULONG signature_len) -{ - return proxy_C_Verify (&global.virt.funcs, handle, data, data_len, signature, - signature_len); -} - -static CK_RV -module_C_VerifyUpdate (CK_SESSION_HANDLE handle, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - return proxy_C_VerifyUpdate (&global.virt.funcs, handle, part, part_len); -} - -static CK_RV -module_C_VerifyFinal (CK_SESSION_HANDLE handle, - CK_BYTE_PTR signature, - CK_ULONG signature_len) -{ - return proxy_C_VerifyFinal (&global.virt.funcs, handle, signature, signature_len); -} - -static CK_RV -module_C_VerifyRecoverInit (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return proxy_C_VerifyRecoverInit (&global.virt.funcs, handle, mechanism, key); -} - -static CK_RV -module_C_VerifyRecover (CK_SESSION_HANDLE handle, - CK_BYTE_PTR signature, - CK_ULONG signature_len, - CK_BYTE_PTR data, - CK_ULONG_PTR data_len) -{ - return proxy_C_VerifyRecover (&global.virt.funcs, handle, signature, signature_len, - data, data_len); -} - -static CK_RV -module_C_DigestEncryptUpdate (CK_SESSION_HANDLE handle, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR enc_part, - CK_ULONG_PTR enc_part_len) -{ - return proxy_C_DigestEncryptUpdate (&global.virt.funcs, handle, part, part_len, - enc_part, enc_part_len); -} - -static CK_RV -module_C_DecryptDigestUpdate (CK_SESSION_HANDLE handle, - CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - return proxy_C_DecryptDigestUpdate (&global.virt.funcs, handle, enc_part, - enc_part_len, part, part_len); -} - -static CK_RV -module_C_SignEncryptUpdate (CK_SESSION_HANDLE handle, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR enc_part, - CK_ULONG_PTR enc_part_len) -{ - return proxy_C_SignEncryptUpdate (&global.virt.funcs, handle, part, part_len, - enc_part, enc_part_len); -} - -static CK_RV -module_C_DecryptVerifyUpdate (CK_SESSION_HANDLE handle, - CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - return proxy_C_DecryptVerifyUpdate (&global.virt.funcs, handle, enc_part, - enc_part_len, part, part_len); -} - -static CK_RV -module_C_GenerateKey (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - return proxy_C_GenerateKey (&global.virt.funcs, handle, mechanism, template, count, - key); -} - -static CK_RV -module_C_GenerateKeyPair (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR pub_template, - CK_ULONG pub_count, - CK_ATTRIBUTE_PTR priv_template, - CK_ULONG priv_count, - CK_OBJECT_HANDLE_PTR pub_key, - CK_OBJECT_HANDLE_PTR priv_key) -{ - return proxy_C_GenerateKeyPair (&global.virt.funcs, handle, mechanism, pub_template, - pub_count, priv_template, priv_count, - pub_key, priv_key); -} - -static CK_RV -module_C_WrapKey (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE wrapping_key, - CK_OBJECT_HANDLE key, - CK_BYTE_PTR wrapped_key, - CK_ULONG_PTR wrapped_key_len) -{ - return proxy_C_WrapKey (&global.virt.funcs, handle, mechanism, wrapping_key, - key, wrapped_key, wrapped_key_len); -} - -static CK_RV -module_C_UnwrapKey (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE unwrapping_key, - CK_BYTE_PTR wrapped_key, - CK_ULONG wrapped_key_len, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - return proxy_C_UnwrapKey (&global.virt.funcs, handle, mechanism, unwrapping_key, - wrapped_key, wrapped_key_len, template, - count, key); -} - -static CK_RV -module_C_DeriveKey (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE base_key, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - return proxy_C_DeriveKey (&global.virt.funcs, handle, mechanism, base_key, - template, count, key); -} - -static CK_RV -module_C_SeedRandom (CK_SESSION_HANDLE handle, - CK_BYTE_PTR seed, - CK_ULONG seed_len) -{ - return proxy_C_SeedRandom (&global.virt.funcs, handle, seed, seed_len); -} - -static CK_RV -module_C_GenerateRandom (CK_SESSION_HANDLE handle, - CK_BYTE_PTR random_data, - CK_ULONG random_len) -{ - return proxy_C_GenerateRandom (&global.virt.funcs, handle, random_data, random_len); -} - -/* -------------------------------------------------------------------- - * MODULE ENTRY POINT - */ - -static CK_FUNCTION_LIST module_functions = { - { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, - module_C_Initialize, - module_C_Finalize, - module_C_GetInfo, - module_C_GetFunctionList, - module_C_GetSlotList, - module_C_GetSlotInfo, - module_C_GetTokenInfo, - module_C_GetMechanismList, - module_C_GetMechanismInfo, - module_C_InitToken, - module_C_InitPIN, - module_C_SetPIN, - module_C_OpenSession, - module_C_CloseSession, - module_C_CloseAllSessions, - module_C_GetSessionInfo, - module_C_GetOperationState, - module_C_SetOperationState, - module_C_Login, - module_C_Logout, - module_C_CreateObject, - module_C_CopyObject, - module_C_DestroyObject, - module_C_GetObjectSize, - module_C_GetAttributeValue, - module_C_SetAttributeValue, - module_C_FindObjectsInit, - module_C_FindObjects, - module_C_FindObjectsFinal, - module_C_EncryptInit, - module_C_Encrypt, - module_C_EncryptUpdate, - module_C_EncryptFinal, - module_C_DecryptInit, - module_C_Decrypt, - module_C_DecryptUpdate, - module_C_DecryptFinal, - module_C_DigestInit, - module_C_Digest, - module_C_DigestUpdate, - module_C_DigestKey, - module_C_DigestFinal, - module_C_SignInit, - module_C_Sign, - module_C_SignUpdate, - module_C_SignFinal, - module_C_SignRecoverInit, - module_C_SignRecover, - module_C_VerifyInit, - module_C_Verify, - module_C_VerifyUpdate, - module_C_VerifyFinal, - module_C_VerifyRecoverInit, - module_C_VerifyRecover, - module_C_DigestEncryptUpdate, - module_C_DecryptDigestUpdate, - module_C_SignEncryptUpdate, - module_C_DecryptVerifyUpdate, - module_C_GenerateKey, - module_C_GenerateKeyPair, - module_C_WrapKey, - module_C_UnwrapKey, - module_C_DeriveKey, - module_C_SeedRandom, - module_C_GenerateRandom, - module_C_GetFunctionStatus, - module_C_CancelFunction, - module_C_WaitForSlotEvent -}; - -static CK_X_FUNCTION_LIST proxy_functions = { - { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, - proxy_C_Initialize, - proxy_C_Finalize, - proxy_C_GetInfo, - proxy_C_GetSlotList, - proxy_C_GetSlotInfo, - proxy_C_GetTokenInfo, - proxy_C_GetMechanismList, - proxy_C_GetMechanismInfo, - proxy_C_InitToken, - proxy_C_InitPIN, - proxy_C_SetPIN, - proxy_C_OpenSession, - proxy_C_CloseSession, - proxy_C_CloseAllSessions, - proxy_C_GetSessionInfo, - proxy_C_GetOperationState, - proxy_C_SetOperationState, - proxy_C_Login, - proxy_C_Logout, - proxy_C_CreateObject, - proxy_C_CopyObject, - proxy_C_DestroyObject, - proxy_C_GetObjectSize, - proxy_C_GetAttributeValue, - proxy_C_SetAttributeValue, - proxy_C_FindObjectsInit, - proxy_C_FindObjects, - proxy_C_FindObjectsFinal, - proxy_C_EncryptInit, - proxy_C_Encrypt, - proxy_C_EncryptUpdate, - proxy_C_EncryptFinal, - proxy_C_DecryptInit, - proxy_C_Decrypt, - proxy_C_DecryptUpdate, - proxy_C_DecryptFinal, - proxy_C_DigestInit, - proxy_C_Digest, - proxy_C_DigestUpdate, - proxy_C_DigestKey, - proxy_C_DigestFinal, - proxy_C_SignInit, - proxy_C_Sign, - proxy_C_SignUpdate, - proxy_C_SignFinal, - proxy_C_SignRecoverInit, - proxy_C_SignRecover, - proxy_C_VerifyInit, - proxy_C_Verify, - proxy_C_VerifyUpdate, - proxy_C_VerifyFinal, - proxy_C_VerifyRecoverInit, - proxy_C_VerifyRecover, - proxy_C_DigestEncryptUpdate, - proxy_C_DecryptDigestUpdate, - proxy_C_SignEncryptUpdate, - proxy_C_DecryptVerifyUpdate, - proxy_C_GenerateKey, - proxy_C_GenerateKeyPair, - proxy_C_WrapKey, - proxy_C_UnwrapKey, - proxy_C_DeriveKey, - proxy_C_SeedRandom, - proxy_C_GenerateRandom, - proxy_C_WaitForSlotEvent, -}; - -#ifdef OS_WIN32 -__declspec(dllexport) -#endif -CK_RV -C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) -{ - CK_FUNCTION_LIST_PTR module = NULL; - CK_FUNCTION_LIST **loaded; - State *state; - CK_RV rv = CKR_OK; - - p11_library_init_once (); - p11_lock (); - - if (all_modules == NULL) { - /* WARNING: Reentrancy can occur here */ - rv = p11_modules_load_inlock_reentrant (0, &loaded); - if (rv == CKR_OK) { - if (all_modules == NULL) - all_modules = loaded; - else - p11_modules_release_inlock_reentrant (loaded); - } - } - - if (rv == CKR_OK && p11_virtual_can_wrap ()) { - state = calloc (1, sizeof (State)); - if (!state) { - rv = CKR_HOST_MEMORY; - - } else { - p11_virtual_init (&state->virt, &proxy_functions, state, NULL); - state->last_handle = FIRST_HANDLE; - - module = p11_virtual_wrap (&state->virt, free); - if (module == NULL) { - rv = CKR_GENERAL_ERROR; - - } else { - state->wrapped = module; - state->next = all_instances; - all_instances = state; - } - } - } - - if (rv == CKR_OK) { - if (module == NULL) - module = &module_functions; - - /* We use this as a check below */ - module->C_WaitForSlotEvent = module_C_WaitForSlotEvent; - *list = module; - } - - p11_unlock (); - - return rv; -} - -void -p11_proxy_module_cleanup (void) -{ - State *state, *next; - - state = all_instances; - all_instances = NULL; - - for (; state != NULL; state = next) { - next = state->next; - p11_virtual_unwrap (state->wrapped); - } - - if (all_modules) { - p11_kit_modules_release (all_modules); - all_modules = NULL; - } -} - -bool -p11_proxy_module_check (CK_FUNCTION_LIST_PTR module) -{ - return (module->C_WaitForSlotEvent == module_C_WaitForSlotEvent); -} diff --git a/p11-kit/proxy.h b/p11-kit/proxy.h deleted file mode 100644 index f3d56d7..0000000 --- a/p11-kit/proxy.h +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef __P11_PROXY_H__ -#define __P11_PROXY_H__ - -bool p11_proxy_module_check (CK_FUNCTION_LIST_PTR module); - -void p11_proxy_module_cleanup (void); - - -#endif /* __P11_PROXY_H__ */ diff --git a/p11-kit/remote.c b/p11-kit/remote.c deleted file mode 100644 index 7717277..0000000 --- a/p11-kit/remote.c +++ /dev/null @@ -1,111 +0,0 @@ -/* - * Copyright (C) 2014 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "compat.h" -#include "debug.h" -#include "message.h" -#include "p11-kit.h" -#include "remote.h" -#include "tool.h" - -#include -#include -#include -#include -#include -#include - -int -main (int argc, - char *argv[]) -{ - CK_FUNCTION_LIST *module; - int opt; - int ret; - - enum { - opt_verbose = 'v', - opt_help = 'h', - }; - - struct option options[] = { - { "verbose", no_argument, NULL, opt_verbose }, - { "help", no_argument, NULL, opt_help }, - { 0 }, - }; - - p11_tool_desc usages[] = { - { 0, "usage: p11-kit remote " }, - { 0 }, - }; - - while ((opt = p11_tool_getopt (argc, argv, options)) != -1) { - switch (opt) { - case opt_verbose: - p11_kit_be_loud (); - break; - case opt_help: - case '?': - p11_tool_usage (usages, options); - return 0; - default: - assert_not_reached (); - break; - } - } - - argc -= optind; - argv += optind; - - if (argc != 1) { - p11_message ("specify the module to remote"); - return 2; - } - - if (isatty (0)) { - p11_message ("the 'remote' tool is not meant to be run from a terminal"); - return 2; - } - - module = p11_kit_module_load (argv[0], 0); - if (module == NULL) - return 1; - - ret = p11_kit_remote_serve_module (module, 0, 1); - p11_kit_module_release (module); - - return ret; -} diff --git a/p11-kit/remote.h b/p11-kit/remote.h deleted file mode 100644 index 12cbe6d..0000000 --- a/p11-kit/remote.h +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright (c) 2014 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef __P11_KIT_REMOTE_H__ -#define __P11_KIT_REMOTE_H__ - -#include "p11-kit/p11-kit.h" - -#ifdef __cplusplus -extern "C" { -#endif - -#ifdef P11_KIT_FUTURE_UNSTABLE_API - -int p11_kit_remote_serve_module (CK_FUNCTION_LIST *module, - int in_fd, - int out_fd); - -#endif - -#ifdef __cplusplus -} /* extern "C" */ -#endif - -#endif /* __P11_KIT_REMOTE_H__ */ diff --git a/p11-kit/rpc-client.c b/p11-kit/rpc-client.c deleted file mode 100644 index c69dcfd..0000000 --- a/p11-kit/rpc-client.c +++ /dev/null @@ -1,2104 +0,0 @@ -/* - * Copyright (C) 2008 Stefan Walter - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#define P11_DEBUG_FLAG P11_DEBUG_RPC -#include "debug.h" -#include "pkcs11.h" -#include "pkcs11x.h" -#include "library.h" -#include "message.h" -#include "private.h" -#include "rpc.h" -#include "rpc-message.h" -#include "virtual.h" - -#include -#include -#include - -/* The error used by us when parsing of rpc message fails */ -#define PARSE_ERROR CKR_DEVICE_ERROR - -typedef struct { - p11_mutex_t mutex; - p11_rpc_client_vtable *vtable; - unsigned int initialized_forkid; - bool initialize_done; -} rpc_client; - -/* Allocator for call session buffers */ -static void * -log_allocator (void *pointer, - size_t size) -{ - void *result = realloc (pointer, (size_t)size); - return_val_if_fail (!size || result != NULL, NULL); - return result; -} - -static CK_RV -call_prepare (rpc_client *module, - p11_rpc_message *msg, - int call_id) -{ - p11_buffer *buffer; - - assert (module != NULL); - assert (msg != NULL); - - if (module->initialized_forkid != p11_forkid) - return CKR_CRYPTOKI_NOT_INITIALIZED; - if (!module->initialize_done) - return CKR_DEVICE_REMOVED; - - buffer = p11_rpc_buffer_new_full (64, log_allocator, free); - return_val_if_fail (buffer != NULL, CKR_GENERAL_ERROR); - - /* We use the same buffer for reading and writing */ - p11_rpc_message_init (msg, buffer, buffer); - - /* Put in the Call ID and signature */ - if (!p11_rpc_message_prep (msg, call_id, P11_RPC_REQUEST)) - return_val_if_reached (CKR_HOST_MEMORY); - - p11_debug ("prepared call: %d", call_id); - return CKR_OK; -} - -static CK_RV -call_run (rpc_client *module, - p11_rpc_message *msg) -{ - CK_RV ret = CKR_OK; - CK_ULONG ckerr; - - int call_id; - - assert (module != NULL); - assert (msg != NULL); - - /* Did building the call fail? */ - if (p11_buffer_failed (msg->output)) - return_val_if_reached (CKR_HOST_MEMORY); - - /* Make sure that the signature is valid */ - assert (p11_rpc_message_is_verified (msg)); - call_id = msg->call_id; - - /* Do the transport send and receive */ - assert (module->vtable->transport != NULL); - ret = (module->vtable->transport) (module->vtable, - msg->output, - msg->input); - - if (ret != CKR_OK) - return ret; - - if (!p11_rpc_message_parse (msg, P11_RPC_RESPONSE)) - return CKR_DEVICE_ERROR; - - /* If it's an error code then return it */ - if (msg->call_id == P11_RPC_CALL_ERROR) { - if (!p11_rpc_message_read_ulong (msg, &ckerr)) { - p11_message ("invalid rpc error response: too short"); - return CKR_DEVICE_ERROR; - } - - if (ckerr <= CKR_OK) { - p11_message ("invalid rpc error response: bad error code"); - return CKR_DEVICE_ERROR; - } - - /* An error code from the other side */ - return (CK_RV)ckerr; - } - - /* Make sure other side answered the right call */ - if (call_id != msg->call_id) { - p11_message ("invalid rpc response: call mismatch"); - return CKR_DEVICE_ERROR; - } - - assert (!p11_buffer_failed (msg->input)); - - p11_debug ("parsing response values"); - return CKR_OK; -} - -static CK_RV -call_done (rpc_client *module, - p11_rpc_message *msg, - CK_RV ret) -{ - assert (module != NULL); - assert (msg != NULL); - - /* Check for parsing errors that were not caught elsewhere */ - if (ret == CKR_OK) { - if (p11_buffer_failed (msg->input)) { - p11_message ("invalid rpc response: bad argument data"); - ret = CKR_GENERAL_ERROR; - } else { - /* Double check that the signature matched our decoding */ - assert (p11_rpc_message_is_verified (msg)); - } - } - - /* We used the same buffer for input/output, so this frees both */ - assert (msg->input == msg->output); - p11_rpc_buffer_free (msg->input); - - p11_rpc_message_clear (msg); - - return ret; -} - -/* ----------------------------------------------------------------------------- - * MODULE SPECIFIC PROTOCOL CODE - */ - -static CK_RV -proto_read_attribute_array (p11_rpc_message *msg, - CK_ATTRIBUTE_PTR arr, - CK_ULONG len) -{ - uint32_t i, num, value, type; - CK_ATTRIBUTE_PTR attr; - const unsigned char *attrval = NULL; - size_t attrlen = 0; - unsigned char validity; - CK_RV ret; - - assert (len != 0); - assert (msg != NULL); - assert (msg->input != NULL); - - /* Make sure this is in the right order */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "aA")); - - /* Get the number of items. We need this value to be correct */ - if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &num)) - return PARSE_ERROR; - - /* - * This should never happen in normal operation. It denotes a goof up - * on the other side of our RPC. We should be indicating the exact number - * of attributes to the other side. And it should respond with the same - * number. - */ - if (len != num) { - p11_message ("received an attribute array with wrong number of attributes"); - return PARSE_ERROR; - } - - ret = CKR_OK; - - /* We need to go ahead and read everything in all cases */ - for (i = 0; i < num; ++i) { - - /* The attribute type */ - p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &type); - - /* Attribute validity */ - p11_rpc_buffer_get_byte (msg->input, &msg->parsed, &validity); - - /* And the data itself */ - if (validity) { - if (p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &value) && - p11_rpc_buffer_get_byte_array (msg->input, &msg->parsed, &attrval, &attrlen)) { - if (attrval && value != attrlen) { - p11_message ("attribute length does not match attribute data"); - return PARSE_ERROR; - } - attrlen = value; - } - } - - /* Don't act on this data unless no errors */ - if (p11_buffer_failed (msg->input)) - break; - - /* Try and stuff it in the output data */ - if (arr) { - attr = &(arr[i]); - if (attr->type != type) { - p11_message ("returned attributes in invalid order"); - return PARSE_ERROR; - } - - if (validity) { - /* Just requesting the attribute size */ - if (!attr->pValue) { - attr->ulValueLen = attrlen; - - /* Wants attribute data, but too small */ - } else if (attr->ulValueLen < attrlen) { - attr->ulValueLen = attrlen; - ret = CKR_BUFFER_TOO_SMALL; - - /* Wants attribute data, value is null */ - } else if (attrval == NULL) { - attr->ulValueLen = 0; - - /* Wants attribute data, enough space */ - } else { - attr->ulValueLen = attrlen; - memcpy (attr->pValue, attrval, attrlen); - } - - /* Not a valid attribute */ - } else { - attr->ulValueLen = ((CK_ULONG)-1); - } - } - } - - if (p11_buffer_failed (msg->input)) - return PARSE_ERROR; - - /* Read in the code that goes along with these attributes */ - if (!p11_rpc_message_read_ulong (msg, &ret)) - return PARSE_ERROR; - - return ret; -} - -static CK_RV -proto_read_byte_array (p11_rpc_message *msg, - CK_BYTE_PTR arr, - CK_ULONG_PTR len, - CK_ULONG max) -{ - const unsigned char *val; - unsigned char valid; - uint32_t length; - size_t vlen; - - assert (len != NULL); - assert (msg != NULL); - assert (msg->input != NULL); - - /* Make sure this is in the right order */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "ay")); - - /* A single byte which determines whether valid or not */ - if (!p11_rpc_buffer_get_byte (msg->input, &msg->parsed, &valid)) - return PARSE_ERROR; - - /* If not valid, then just the length is encoded, this can signify CKR_BUFFER_TOO_SMALL */ - if (!valid) { - if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &length)) - return PARSE_ERROR; - - *len = length; - - if (arr) - return CKR_BUFFER_TOO_SMALL; - else - return CKR_OK; - } - - /* Get the actual bytes */ - if (!p11_rpc_buffer_get_byte_array (msg->input, &msg->parsed, &val, &vlen)) - return PARSE_ERROR; - - *len = vlen; - - /* Just asking us for size */ - if (!arr) - return CKR_OK; - - if (max < vlen) - return CKR_BUFFER_TOO_SMALL; - - /* Enough space, yay */ - memcpy (arr, val, vlen); - return CKR_OK; -} - -static CK_RV -proto_read_ulong_array (p11_rpc_message *msg, CK_ULONG_PTR arr, - CK_ULONG_PTR len, CK_ULONG max) -{ - uint32_t i, num; - uint64_t val; - unsigned char valid; - - assert (len != NULL); - assert (msg != NULL); - assert (msg->input != NULL); - - /* Make sure this is in the right order */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "au")); - - /* A single byte which determines whether valid or not */ - if (!p11_rpc_buffer_get_byte (msg->input, &msg->parsed, &valid)) - return PARSE_ERROR; - - /* Get the number of items. */ - if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &num)) - return PARSE_ERROR; - - *len = num; - - /* If not valid, then just the length is encoded, this can signify CKR_BUFFER_TOO_SMALL */ - if (!valid) { - if (arr) - return CKR_BUFFER_TOO_SMALL; - else - return CKR_OK; - } - - if (max < num) - return CKR_BUFFER_TOO_SMALL; - - /* We need to go ahead and read everything in all cases */ - for (i = 0; i < num; ++i) { - p11_rpc_buffer_get_uint64 (msg->input, &msg->parsed, &val); - if (arr) - arr[i] = (CK_ULONG)val; - } - - return p11_buffer_failed (msg->input) ? PARSE_ERROR : CKR_OK; -} - -/* Used to override the supported mechanisms in tests */ -CK_MECHANISM_TYPE *p11_rpc_mechanisms_override_supported = NULL; - -static bool -mechanism_has_sane_parameters (CK_MECHANISM_TYPE type) -{ - int i; - - /* This can be set from tests, to override default set of supported */ - if (p11_rpc_mechanisms_override_supported) { - for (i = 0; p11_rpc_mechanisms_override_supported[i] != 0; i++) { - if (p11_rpc_mechanisms_override_supported[i] == type) - return true; - } - - return false; - } - - /* This list is incomplete */ - switch (type) { - case CKM_RSA_PKCS_OAEP: - case CKM_RSA_PKCS_PSS: - return true; - default: - return false; - } -} - -static bool -mechanism_has_no_parameters (CK_MECHANISM_TYPE mech) -{ - /* This list is incomplete */ - - switch (mech) { - case CKM_RSA_PKCS_KEY_PAIR_GEN: - case CKM_RSA_X9_31_KEY_PAIR_GEN: - case CKM_RSA_PKCS: - case CKM_RSA_9796: - case CKM_RSA_X_509: - case CKM_RSA_X9_31: - case CKM_MD2_RSA_PKCS: - case CKM_MD5_RSA_PKCS: - case CKM_SHA1_RSA_PKCS: - case CKM_SHA256_RSA_PKCS: - case CKM_SHA384_RSA_PKCS: - case CKM_SHA512_RSA_PKCS: - case CKM_RIPEMD128_RSA_PKCS: - case CKM_RIPEMD160_RSA_PKCS: - case CKM_SHA1_RSA_X9_31: - case CKM_DSA_KEY_PAIR_GEN: - case CKM_DSA_PARAMETER_GEN: - case CKM_DSA: - case CKM_DSA_SHA1: - case CKM_FORTEZZA_TIMESTAMP: - case CKM_EC_KEY_PAIR_GEN: - case CKM_ECDSA: - case CKM_ECDSA_SHA1: - case CKM_DH_PKCS_KEY_PAIR_GEN: - case CKM_DH_PKCS_PARAMETER_GEN: - case CKM_X9_42_DH_KEY_PAIR_GEN: - case CKM_X9_42_DH_PARAMETER_GEN: - case CKM_KEA_KEY_PAIR_GEN: - case CKM_GENERIC_SECRET_KEY_GEN: - case CKM_RC2_KEY_GEN: - case CKM_RC4_KEY_GEN: - case CKM_RC4: - case CKM_RC5_KEY_GEN: - case CKM_AES_KEY_GEN: - case CKM_AES_ECB: - case CKM_AES_MAC: - case CKM_DES_KEY_GEN: - case CKM_DES2_KEY_GEN: - case CKM_DES3_KEY_GEN: - case CKM_CDMF_KEY_GEN: - case CKM_CAST_KEY_GEN: - case CKM_CAST3_KEY_GEN: - case CKM_CAST128_KEY_GEN: - case CKM_IDEA_KEY_GEN: - case CKM_SSL3_PRE_MASTER_KEY_GEN: - case CKM_TLS_PRE_MASTER_KEY_GEN: - case CKM_SKIPJACK_KEY_GEN: - case CKM_BATON_KEY_GEN: - case CKM_JUNIPER_KEY_GEN: - case CKM_RC2_ECB: - case CKM_DES_ECB: - case CKM_DES3_ECB: - case CKM_CDMF_ECB: - case CKM_CAST_ECB: - case CKM_CAST3_ECB: - case CKM_CAST128_ECB: - case CKM_RC5_ECB: - case CKM_IDEA_ECB: - case CKM_RC2_MAC: - case CKM_DES_MAC: - case CKM_DES3_MAC: - case CKM_CDMF_MAC: - case CKM_CAST_MAC: - case CKM_CAST3_MAC: - case CKM_RC5_MAC: - case CKM_IDEA_MAC: - case CKM_SSL3_MD5_MAC: - case CKM_SSL3_SHA1_MAC: - case CKM_SKIPJACK_WRAP: - case CKM_BATON_WRAP: - case CKM_JUNIPER_WRAP: - case CKM_MD2: - case CKM_MD2_HMAC: - case CKM_MD5: - case CKM_MD5_HMAC: - case CKM_SHA_1: - case CKM_SHA_1_HMAC: - case CKM_SHA256: - case CKM_SHA256_HMAC: - case CKM_SHA384: - case CKM_SHA384_HMAC: - case CKM_SHA512: - case CKM_SHA512_HMAC: - case CKM_FASTHASH: - case CKM_RIPEMD128: - case CKM_RIPEMD128_HMAC: - case CKM_RIPEMD160: - case CKM_RIPEMD160_HMAC: - case CKM_KEY_WRAP_LYNKS: - return true; - default: - return false; - }; -} - -static bool -mechanism_is_supported (CK_MECHANISM_TYPE mech) -{ - if (mechanism_has_no_parameters (mech) || - mechanism_has_sane_parameters (mech)) - return true; - return false; -} -static void -mechanism_list_purge (CK_MECHANISM_TYPE_PTR mechs, - CK_ULONG *n_mechs) -{ - int i; - - assert (mechs != NULL); - assert (n_mechs != NULL); - - for (i = 0; i < (int)(*n_mechs); ++i) { - if (!mechanism_is_supported (mechs[i])) { - - /* Remove the mechanism from the list */ - memmove (&mechs[i], &mechs[i + 1], - (*n_mechs - i) * sizeof (CK_MECHANISM_TYPE)); - - --(*n_mechs); - --i; - } - } -} - -static CK_RV -proto_write_mechanism (p11_rpc_message *msg, - CK_MECHANISM_PTR mech) -{ - assert (msg != NULL); - assert (mech != NULL); - assert (msg->output != NULL); - - /* Make sure this is in the right order */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "M")); - - /* The mechanism type */ - p11_rpc_buffer_add_uint32 (msg->output, mech->mechanism); - - /* - * PKCS#11 mechanism parameters are not easy to serialize. They're - * completely different for so many mechanisms, they contain - * pointers to arbitrary memory, and many callers don't initialize - * them completely or properly. - * - * We only support certain mechanisms. - * - * Also callers do yucky things like leaving parts of the structure - * pointing to garbage if they don't think it's going to be used. - */ - - if (mechanism_has_no_parameters (mech->mechanism)) - p11_rpc_buffer_add_byte_array (msg->output, NULL, 0); - else if (mechanism_has_sane_parameters (mech->mechanism)) - p11_rpc_buffer_add_byte_array (msg->output, mech->pParameter, - mech->ulParameterLen); - else - return CKR_MECHANISM_INVALID; - - return p11_buffer_failed (msg->output) ? CKR_HOST_MEMORY : CKR_OK; -} - -static CK_RV -proto_read_info (p11_rpc_message *msg, - CK_INFO_PTR info) -{ - assert (msg != NULL); - assert (info != NULL); - - if (!p11_rpc_message_read_version (msg, &info->cryptokiVersion) || - !p11_rpc_message_read_space_string (msg, info->manufacturerID, 32) || - !p11_rpc_message_read_ulong (msg, &info->flags) || - !p11_rpc_message_read_space_string (msg, info->libraryDescription, 32) || - !p11_rpc_message_read_version (msg, &info->libraryVersion)) - return PARSE_ERROR; - - return CKR_OK; -} - -static CK_RV -proto_read_slot_info (p11_rpc_message *msg, - CK_SLOT_INFO_PTR info) -{ - assert (msg != NULL); - assert (info != NULL); - - if (!p11_rpc_message_read_space_string (msg, info->slotDescription, 64) || - !p11_rpc_message_read_space_string (msg, info->manufacturerID, 32) || - !p11_rpc_message_read_ulong (msg, &info->flags) || - !p11_rpc_message_read_version (msg, &info->hardwareVersion) || - !p11_rpc_message_read_version (msg, &info->firmwareVersion)) - return PARSE_ERROR; - - return CKR_OK; -} - -static CK_RV -proto_read_token_info (p11_rpc_message *msg, - CK_TOKEN_INFO_PTR info) -{ - assert (msg != NULL); - assert (info != NULL); - - if (!p11_rpc_message_read_space_string (msg, info->label, 32) || - !p11_rpc_message_read_space_string (msg, info->manufacturerID, 32) || - !p11_rpc_message_read_space_string (msg, info->model, 16) || - !p11_rpc_message_read_space_string (msg, info->serialNumber, 16) || - !p11_rpc_message_read_ulong (msg, &info->flags) || - !p11_rpc_message_read_ulong (msg, &info->ulMaxSessionCount) || - !p11_rpc_message_read_ulong (msg, &info->ulSessionCount) || - !p11_rpc_message_read_ulong (msg, &info->ulMaxRwSessionCount) || - !p11_rpc_message_read_ulong (msg, &info->ulRwSessionCount) || - !p11_rpc_message_read_ulong (msg, &info->ulMaxPinLen) || - !p11_rpc_message_read_ulong (msg, &info->ulMinPinLen) || - !p11_rpc_message_read_ulong (msg, &info->ulTotalPublicMemory) || - !p11_rpc_message_read_ulong (msg, &info->ulFreePublicMemory) || - !p11_rpc_message_read_ulong (msg, &info->ulTotalPrivateMemory) || - !p11_rpc_message_read_ulong (msg, &info->ulFreePrivateMemory) || - !p11_rpc_message_read_version (msg, &info->hardwareVersion) || - !p11_rpc_message_read_version (msg, &info->firmwareVersion) || - !p11_rpc_message_read_space_string (msg, info->utcTime, 16)) - return PARSE_ERROR; - - return CKR_OK; -} - -static CK_RV -proto_read_mechanism_info (p11_rpc_message *msg, - CK_MECHANISM_INFO_PTR info) -{ - assert (msg != NULL); - assert (info != NULL); - - if (!p11_rpc_message_read_ulong (msg, &info->ulMinKeySize) || - !p11_rpc_message_read_ulong (msg, &info->ulMaxKeySize) || - !p11_rpc_message_read_ulong (msg, &info->flags)) - return PARSE_ERROR; - - return CKR_OK; -} - -static CK_RV -proto_read_sesssion_info (p11_rpc_message *msg, - CK_SESSION_INFO_PTR info) -{ - assert (msg != NULL); - assert (info != NULL); - - if (!p11_rpc_message_read_ulong (msg, &info->slotID) || - !p11_rpc_message_read_ulong (msg, &info->state) || - !p11_rpc_message_read_ulong (msg, &info->flags) || - !p11_rpc_message_read_ulong (msg, &info->ulDeviceError)) - return PARSE_ERROR; - - return CKR_OK; -} - -/* ------------------------------------------------------------------- - * CALL MACROS - */ - -#define BEGIN_CALL_OR(call_id, self, if_no_daemon) \ - p11_debug (#call_id ": enter"); \ - { \ - rpc_client *_mod = ((p11_virtual *)self)->lower_module; p11_rpc_message _msg; \ - CK_RV _ret = call_prepare (_mod, &_msg, P11_RPC_CALL_##call_id); \ - if (_ret == CKR_DEVICE_REMOVED) return (if_no_daemon); \ - if (_ret != CKR_OK) return _ret; - -#define PROCESS_CALL \ - _ret = call_run (_mod, &_msg); \ - if (_ret != CKR_OK) goto _cleanup; - -#define RETURN(ret) \ - _ret = ret; \ - goto _cleanup; - -#define END_CALL \ - _cleanup: \ - _ret = call_done (_mod, &_msg, _ret); \ - p11_debug ("ret: %lu", _ret); \ - return _ret; \ - } - -#define IN_BYTE(val) \ - if (!p11_rpc_message_write_byte (&_msg, val)) \ - { _ret = CKR_HOST_MEMORY; goto _cleanup; } - -#define IN_ULONG(val) \ - if (!p11_rpc_message_write_ulong (&_msg, val)) \ - { _ret = CKR_HOST_MEMORY; goto _cleanup; } - -#define IN_STRING(val) \ - if (!p11_rpc_message_write_zero_string (&_msg, val)) \ - { _ret = CKR_HOST_MEMORY; goto _cleanup; } - -#define IN_BYTE_BUFFER(arr, len) \ - if (len == NULL) \ - { _ret = CKR_ARGUMENTS_BAD; goto _cleanup; } \ - if (!p11_rpc_message_write_byte_buffer (&_msg, arr ? *len : 0)) \ - { _ret = CKR_HOST_MEMORY; goto _cleanup; } - -#define IN_BYTE_ARRAY(arr, len) \ - if (len != 0 && arr == NULL) \ - { _ret = CKR_ARGUMENTS_BAD; goto _cleanup; } \ - if (!p11_rpc_message_write_byte_array (&_msg, arr, len)) \ - { _ret = CKR_HOST_MEMORY; goto _cleanup; } - -#define IN_ULONG_BUFFER(arr, len) \ - if (len == NULL) \ - { _ret = CKR_ARGUMENTS_BAD; goto _cleanup; } \ - if (!p11_rpc_message_write_ulong_buffer (&_msg, arr ? *len : 0)) \ - { _ret = CKR_HOST_MEMORY; goto _cleanup; } - -#define IN_ULONG_ARRAY(arr, len) \ - if (len != 0 && arr == NULL) \ - { _ret = CKR_ARGUMENTS_BAD; goto _cleanup; }\ - if (!p11_rpc_message_write_ulong_array (&_msg, arr, len)) \ - { _ret = CKR_HOST_MEMORY; goto _cleanup; } - -#define IN_ATTRIBUTE_BUFFER(arr, num) \ - if (num != 0 && arr == NULL) \ - { _ret = CKR_ARGUMENTS_BAD; goto _cleanup; } \ - if (!p11_rpc_message_write_attribute_buffer (&_msg, (arr), (num))) \ - { _ret = CKR_HOST_MEMORY; goto _cleanup; } - -#define IN_ATTRIBUTE_ARRAY(arr, num) \ - if (num != 0 && arr == NULL) \ - { _ret = CKR_ARGUMENTS_BAD; goto _cleanup; } \ - if (!p11_rpc_message_write_attribute_array (&_msg, (arr), (num))) \ - { _ret = CKR_HOST_MEMORY; goto _cleanup; } - -#define IN_MECHANISM_TYPE(val) \ - if(!mechanism_is_supported (val)) \ - { _ret = CKR_MECHANISM_INVALID; goto _cleanup; } \ - if (!p11_rpc_message_write_ulong (&_msg, val)) \ - { _ret = CKR_HOST_MEMORY; goto _cleanup; } - -#define IN_MECHANISM(val) \ - if (val == NULL) \ - { _ret = CKR_ARGUMENTS_BAD; goto _cleanup; } \ - _ret = proto_write_mechanism (&_msg, val); \ - if (_ret != CKR_OK) goto _cleanup; - - - -#define OUT_ULONG(val) \ - if (val == NULL) \ - _ret = CKR_ARGUMENTS_BAD; \ - if (_ret == CKR_OK && !p11_rpc_message_read_ulong (&_msg, val)) \ - _ret = PARSE_ERROR; - -#define OUT_BYTE_ARRAY(arr, len) \ - if (len == NULL) \ - _ret = CKR_ARGUMENTS_BAD; \ - if (_ret == CKR_OK) \ - _ret = proto_read_byte_array (&_msg, (arr), (len), *(len)); - -#define OUT_ULONG_ARRAY(a, len) \ - if (len == NULL) \ - _ret = CKR_ARGUMENTS_BAD; \ - if (_ret == CKR_OK) \ - _ret = proto_read_ulong_array (&_msg, (a), (len), *(len)); - -#define OUT_ATTRIBUTE_ARRAY(arr, num) \ - if (_ret == CKR_OK) \ - _ret = proto_read_attribute_array (&_msg, (arr), (num)); - -#define OUT_INFO(info) \ - if (info == NULL) \ - _ret = CKR_ARGUMENTS_BAD; \ - if (_ret == CKR_OK) \ - _ret = proto_read_info (&_msg, info); - -#define OUT_SLOT_INFO(info) \ - if (info == NULL) \ - _ret = CKR_ARGUMENTS_BAD; \ - if (_ret == CKR_OK) \ - _ret = proto_read_slot_info (&_msg, info); - -#define OUT_TOKEN_INFO(info) \ - if (info == NULL) \ - _ret = CKR_ARGUMENTS_BAD; \ - if (_ret == CKR_OK) \ - _ret = proto_read_token_info (&_msg, info); - -#define OUT_SESSION_INFO(info) \ - if (info == NULL) \ - _ret = CKR_ARGUMENTS_BAD; \ - if (_ret == CKR_OK) \ - _ret = proto_read_sesssion_info (&_msg, info); - -#define OUT_MECHANISM_TYPE_ARRAY(arr, len) \ - if (len == NULL) \ - _ret = CKR_ARGUMENTS_BAD; \ - if (_ret == CKR_OK) \ - _ret = proto_read_ulong_array (&_msg, (arr), (len), *(len)); \ - if (_ret == CKR_OK && arr) \ - mechanism_list_purge (arr, len); - -#define OUT_MECHANISM_INFO(info) \ - if (info == NULL) \ - _ret = CKR_ARGUMENTS_BAD; \ - if (_ret == CKR_OK) \ - _ret = proto_read_mechanism_info (&_msg, info); - - -/* ------------------------------------------------------------------- - * INITIALIZATION and 'GLOBAL' CALLS - */ - -static CK_RV -rpc_C_Initialize (CK_X_FUNCTION_LIST *self, - CK_VOID_PTR init_args) -{ - rpc_client *module = ((p11_virtual *)self)->lower_module; - CK_C_INITIALIZE_ARGS_PTR args = NULL; - void *reserved = NULL; - CK_RV ret = CKR_OK; - p11_rpc_message msg; - - assert (module != NULL); - p11_debug ("C_Initialize: enter"); - - if (init_args != NULL) { - int supplied_ok; - - /* - * pReserved is either a string or NULL. Other cases - * should be rejected by the caller of this function. - */ - args = init_args; - - /* ALL supplied function pointers need to have the value either NULL or non-NULL. */ - supplied_ok = (args->CreateMutex == NULL && args->DestroyMutex == NULL && - args->LockMutex == NULL && args->UnlockMutex == NULL) || - (args->CreateMutex != NULL && args->DestroyMutex != NULL && - args->LockMutex != NULL && args->UnlockMutex != NULL); - if (!supplied_ok) { - p11_message ("invalid set of mutex calls supplied"); - return CKR_ARGUMENTS_BAD; - } - - /* - * When the CKF_OS_LOCKING_OK flag isn't set return an error. - * We must be able to use our mutex functionality. - */ - if (!(args->flags & CKF_OS_LOCKING_OK)) { - p11_message ("can't do without os locking"); - return CKR_CANT_LOCK; - } - - if (args->pReserved) - reserved = args->pReserved; - } - - p11_mutex_lock (&module->mutex); - - if (module->initialized_forkid != 0) { - /* This process has called C_Initialize already */ - if (p11_forkid == module->initialized_forkid) { - p11_message ("C_Initialize called twice for same process"); - ret = CKR_CRYPTOKI_ALREADY_INITIALIZED; - goto done; - } - } - - /* Call out to initialize client callback */ - assert (module->vtable->connect != NULL); - ret = (module->vtable->connect) (module->vtable, reserved); - - /* Successfully initialized */ - if (ret == CKR_OK) { - module->initialized_forkid = p11_forkid; - module->initialize_done = true; - - /* Server doesn't exist, initialize but don't call */ - } else if (ret == CKR_DEVICE_REMOVED) { - module->initialized_forkid = p11_forkid; - module->initialize_done = false; - ret = CKR_OK; - goto done; - - } else { - goto done; - } - - /* If we don't have read and write fds now, then initialize other side */ - ret = call_prepare (module, &msg, P11_RPC_CALL_C_Initialize); - if (ret == CKR_OK) - if (!p11_rpc_message_write_byte_array (&msg, P11_RPC_HANDSHAKE, P11_RPC_HANDSHAKE_LEN)) - ret = CKR_HOST_MEMORY; - if (ret == CKR_OK) { - if (!p11_rpc_message_write_byte (&msg, reserved != NULL)) - ret = CKR_HOST_MEMORY; - } - if (ret == CKR_OK) { - char *reserved_string = ""; - if (reserved != NULL) - reserved_string = (char *) reserved; - if (!p11_rpc_message_write_byte_array (&msg, (CK_BYTE_PTR) reserved_string, strlen (reserved_string) + 1)) - ret = CKR_HOST_MEMORY; - } - if (ret == CKR_OK) - ret = call_run (module, &msg); - call_done (module, &msg, ret); - -done: - /* If failed then unmark initialized */ - if (ret != CKR_OK && ret != CKR_CRYPTOKI_ALREADY_INITIALIZED) - module->initialized_forkid = 0; - - /* If we told our caller that we're initialized, but not really, then finalize */ - if (ret != CKR_OK && module->initialize_done) { - module->initialize_done = false; - assert (module->vtable->disconnect != NULL); - (module->vtable->disconnect) (module->vtable, reserved); - } - - p11_mutex_unlock (&module->mutex); - - p11_debug ("C_Initialize: %lu", ret); - return ret; -} - -static CK_RV -rpc_C_Finalize (CK_X_FUNCTION_LIST *self, - CK_VOID_PTR reserved) -{ - rpc_client *module = ((p11_virtual *)self)->lower_module; - CK_RV ret = CKR_OK; - p11_rpc_message msg; - - p11_debug ("C_Finalize: enter"); - return_val_if_fail (module->initialized_forkid == p11_forkid, CKR_CRYPTOKI_NOT_INITIALIZED); - return_val_if_fail (!reserved, CKR_ARGUMENTS_BAD); - - p11_mutex_lock (&module->mutex); - - if (module->initialize_done) { - ret = call_prepare (module, &msg, P11_RPC_CALL_C_Finalize); - if (ret == CKR_OK) - ret = call_run (module, &msg); - call_done (module, &msg, ret); - if (ret != CKR_OK) - p11_message ("finalizing rpc module returned an error: %lu", ret); - - module->initialize_done = false; - assert (module->vtable->disconnect != NULL); - (module->vtable->disconnect) (module->vtable, reserved); - } - - module->initialized_forkid = 0; - - p11_mutex_unlock (&module->mutex); - - p11_debug ("C_Finalize: %lu", CKR_OK); - return CKR_OK; -} - -static CK_RV -fill_stand_in_info (CK_INFO_PTR info) -{ - static CK_INFO stand_in_info = { - { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, - "p11-kit ", - 0, - "p11-kit (no connection) ", - { 1, 1 }, - }; - memcpy (info, &stand_in_info, sizeof (CK_INFO)); - return CKR_OK; - -} - -static CK_RV -rpc_C_GetInfo (CK_X_FUNCTION_LIST *self, - CK_INFO_PTR info) -{ - return_val_if_fail (info, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_GetInfo, self, fill_stand_in_info (info)); - PROCESS_CALL; - OUT_INFO (info); - END_CALL; -} - -static CK_RV -rpc_C_GetSlotList (CK_X_FUNCTION_LIST *self, - CK_BBOOL token_present, - CK_SLOT_ID_PTR slot_list, - CK_ULONG_PTR count) -{ - return_val_if_fail (count, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_GetSlotList, self, (*count = 0, CKR_OK)); - IN_BYTE (token_present); - IN_ULONG_BUFFER (slot_list, count); - PROCESS_CALL; - OUT_ULONG_ARRAY (slot_list, count); - END_CALL; -} - -static CK_RV -rpc_C_GetSlotInfo (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_SLOT_INFO_PTR info) -{ - return_val_if_fail (info, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_GetSlotInfo, self, CKR_SLOT_ID_INVALID); - IN_ULONG (slot_id); - PROCESS_CALL; - OUT_SLOT_INFO (info); - END_CALL; -} - -static CK_RV -rpc_C_GetTokenInfo (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_TOKEN_INFO_PTR info) -{ - return_val_if_fail (info, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_GetTokenInfo, self, CKR_SLOT_ID_INVALID); - IN_ULONG (slot_id); - PROCESS_CALL; - OUT_TOKEN_INFO (info); - END_CALL; -} - -static CK_RV -rpc_C_GetMechanismList (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_MECHANISM_TYPE_PTR mechanism_list, - CK_ULONG_PTR count) -{ - return_val_if_fail (count, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_GetMechanismList, self, CKR_SLOT_ID_INVALID); - IN_ULONG (slot_id); - IN_ULONG_BUFFER (mechanism_list, count); - PROCESS_CALL; - OUT_MECHANISM_TYPE_ARRAY (mechanism_list, count); - END_CALL; -} - -static CK_RV -rpc_C_GetMechanismInfo (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_MECHANISM_TYPE type, - CK_MECHANISM_INFO_PTR info) -{ - return_val_if_fail (info, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_GetMechanismInfo, self, CKR_SLOT_ID_INVALID); - IN_ULONG (slot_id); - IN_MECHANISM_TYPE (type); - PROCESS_CALL; - OUT_MECHANISM_INFO (info); - END_CALL; -} - -static CK_RV -rpc_C_InitToken (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_UTF8CHAR_PTR pin, CK_ULONG pin_len, - CK_UTF8CHAR_PTR label) -{ - BEGIN_CALL_OR (C_InitToken, self, CKR_SLOT_ID_INVALID); - IN_ULONG (slot_id); - IN_BYTE_ARRAY (pin, pin_len); - IN_STRING (label); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_WaitForSlotEvent (CK_X_FUNCTION_LIST *self, - CK_FLAGS flags, - CK_SLOT_ID_PTR slot, - CK_VOID_PTR reserved) -{ - return_val_if_fail (slot, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_WaitForSlotEvent, self, CKR_DEVICE_REMOVED); - IN_ULONG (flags); - PROCESS_CALL; - OUT_ULONG (slot); - END_CALL; -} - -static CK_RV -rpc_C_OpenSession (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_FLAGS flags, - CK_VOID_PTR user_data, - CK_NOTIFY callback, - CK_SESSION_HANDLE_PTR session) -{ - return_val_if_fail (session, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_OpenSession, self, CKR_SLOT_ID_INVALID); - IN_ULONG (slot_id); - IN_ULONG (flags); - PROCESS_CALL; - OUT_ULONG (session); - END_CALL; -} - -static CK_RV -rpc_C_CloseSession (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session) -{ - BEGIN_CALL_OR (C_CloseSession, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_CloseAllSessions (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id) -{ - BEGIN_CALL_OR (C_CloseAllSessions, self, CKR_SLOT_ID_INVALID); - IN_ULONG (slot_id); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_GetSessionInfo (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_SESSION_INFO_PTR info) -{ - return_val_if_fail (info, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_GetSessionInfo, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - PROCESS_CALL; - OUT_SESSION_INFO (info); - END_CALL; -} - -static CK_RV -rpc_C_InitPIN (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len) -{ - BEGIN_CALL_OR (C_InitPIN, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (pin, pin_len); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_SetPIN (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_UTF8CHAR_PTR old_pin, - CK_ULONG old_pin_len, - CK_UTF8CHAR_PTR new_pin, - CK_ULONG new_pin_len) -{ - BEGIN_CALL_OR (C_SetPIN, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (old_pin, old_pin_len); - IN_BYTE_ARRAY (new_pin, new_pin_len); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_GetOperationState (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR operation_state, - CK_ULONG_PTR operation_state_len) -{ - return_val_if_fail (operation_state_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_GetOperationState, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_BUFFER (operation_state, operation_state_len); - PROCESS_CALL; - OUT_BYTE_ARRAY (operation_state, operation_state_len); - END_CALL; -} - -static CK_RV -rpc_C_SetOperationState (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR operation_state, - CK_ULONG operation_state_len, - CK_OBJECT_HANDLE encryption_key, - CK_OBJECT_HANDLE authentication_key) -{ - BEGIN_CALL_OR (C_SetOperationState, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (operation_state, operation_state_len); - IN_ULONG (encryption_key); - IN_ULONG (authentication_key); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_Login (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_USER_TYPE user_type, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len) -{ - BEGIN_CALL_OR (C_Login, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_ULONG (user_type); - IN_BYTE_ARRAY (pin, pin_len); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_Logout (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session) -{ - BEGIN_CALL_OR (C_Logout, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_CreateObject (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR new_object) -{ - return_val_if_fail (new_object, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_CreateObject, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_ATTRIBUTE_ARRAY (template, count); - PROCESS_CALL; - OUT_ULONG (new_object); - END_CALL; -} - -static CK_RV -rpc_C_CopyObject (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR new_object) -{ - return_val_if_fail (new_object, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_CopyObject, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_ULONG (object); - IN_ATTRIBUTE_ARRAY (template, count); - PROCESS_CALL; - OUT_ULONG (new_object); - END_CALL; -} - - -static CK_RV -rpc_C_DestroyObject (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object) -{ - BEGIN_CALL_OR (C_DestroyObject, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_ULONG (object); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_GetObjectSize (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ULONG_PTR size) -{ - return_val_if_fail (size, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_GetObjectSize, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_ULONG (object); - PROCESS_CALL; - OUT_ULONG (size); - END_CALL; -} - -static CK_RV -rpc_C_GetAttributeValue (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - BEGIN_CALL_OR (C_GetAttributeValue, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_ULONG (object); - IN_ATTRIBUTE_BUFFER (template, count); - PROCESS_CALL; - OUT_ATTRIBUTE_ARRAY (template, count); - END_CALL; -} - -static CK_RV -rpc_C_SetAttributeValue (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - BEGIN_CALL_OR (C_SetAttributeValue, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_ULONG (object); - IN_ATTRIBUTE_ARRAY (template, count); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_FindObjectsInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - BEGIN_CALL_OR (C_FindObjectsInit, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_ATTRIBUTE_ARRAY (template, count); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_FindObjects (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE_PTR objects, - CK_ULONG max_count, - CK_ULONG_PTR count) -{ - /* HACK: To fix a stupid gcc warning */ - CK_ULONG_PTR address_of_max_count = &max_count; - - return_val_if_fail (count, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_FindObjects, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_ULONG_BUFFER (objects, address_of_max_count); - PROCESS_CALL; - *count = max_count; - OUT_ULONG_ARRAY (objects, count); - END_CALL; -} - -static CK_RV -rpc_C_FindObjectsFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session) -{ - BEGIN_CALL_OR (C_FindObjectsFinal, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_EncryptInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - BEGIN_CALL_OR (C_EncryptInit, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ULONG (key); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_Encrypt (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR encrypted_data, - CK_ULONG_PTR encrypted_data_len) -{ - return_val_if_fail (encrypted_data_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_Encrypt, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (data, data_len); - IN_BYTE_BUFFER (encrypted_data, encrypted_data_len); - PROCESS_CALL; - OUT_BYTE_ARRAY (encrypted_data, encrypted_data_len); - END_CALL; -} - -static CK_RV -rpc_C_EncryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR encrypted_part, - CK_ULONG_PTR encrypted_part_len) -{ - return_val_if_fail (encrypted_part_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_EncryptUpdate, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (part, part_len); - IN_BYTE_BUFFER (encrypted_part, encrypted_part_len); - PROCESS_CALL; - OUT_BYTE_ARRAY (encrypted_part, encrypted_part_len); - END_CALL; -} - -static CK_RV -rpc_C_EncryptFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR last_part, - CK_ULONG_PTR last_part_len) -{ - return_val_if_fail (last_part_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_EncryptFinal, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_BUFFER (last_part, last_part_len); - PROCESS_CALL; - OUT_BYTE_ARRAY (last_part, last_part_len); - END_CALL; -} - -static CK_RV -rpc_C_DecryptInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - BEGIN_CALL_OR (C_DecryptInit, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ULONG (key); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_Decrypt (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR enc_data, - CK_ULONG enc_data_len, - CK_BYTE_PTR data, - CK_ULONG_PTR data_len) -{ - return_val_if_fail (data_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_Decrypt, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (enc_data, enc_data_len); - IN_BYTE_BUFFER (data, data_len); - PROCESS_CALL; - OUT_BYTE_ARRAY (data, data_len); - END_CALL; -} - -static CK_RV -rpc_C_DecryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - return_val_if_fail (part_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_DecryptUpdate, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (enc_part, enc_part_len); - IN_BYTE_BUFFER (part, part_len); - PROCESS_CALL; - OUT_BYTE_ARRAY (part, part_len); - END_CALL; -} - -static CK_RV -rpc_C_DecryptFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR last_part, - CK_ULONG_PTR last_part_len) -{ - return_val_if_fail (last_part_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_DecryptFinal, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_BUFFER (last_part, last_part_len); - PROCESS_CALL; - OUT_BYTE_ARRAY (last_part, last_part_len); - END_CALL; -} - -static CK_RV -rpc_C_DigestInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism) -{ - BEGIN_CALL_OR (C_DigestInit, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_MECHANISM (mechanism); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_Digest (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len) -{ - return_val_if_fail (digest_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_Digest, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (data, data_len); - IN_BYTE_BUFFER (digest, digest_len); - PROCESS_CALL; - OUT_BYTE_ARRAY (digest, digest_len); - END_CALL; -} - -static CK_RV -rpc_C_DigestUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - BEGIN_CALL_OR (C_DigestUpdate, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (part, part_len); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_DigestKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE key) -{ - BEGIN_CALL_OR (C_DigestKey, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_ULONG (key); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_DigestFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len) -{ - return_val_if_fail (digest_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_DigestFinal, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_BUFFER (digest, digest_len); - PROCESS_CALL; - OUT_BYTE_ARRAY (digest, digest_len); - END_CALL; -} - -static CK_RV -rpc_C_SignInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - BEGIN_CALL_OR (C_SignInit, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ULONG (key); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_Sign (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_Sign, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (data, data_len); - IN_BYTE_BUFFER (signature, signature_len); - PROCESS_CALL; - OUT_BYTE_ARRAY (signature, signature_len); - END_CALL; -} - -static CK_RV -rpc_C_SignUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - return_val_if_fail (part_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_SignUpdate, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (part, part_len); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_SignFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_SignFinal, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_BUFFER (signature, signature_len); - PROCESS_CALL; - OUT_BYTE_ARRAY (signature, signature_len); - END_CALL; -} - -static CK_RV -rpc_C_SignRecoverInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - BEGIN_CALL_OR (C_SignRecoverInit, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ULONG (key); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_SignRecover (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR signature, CK_ULONG_PTR signature_len) -{ - return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_SignRecover, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (data, data_len); - IN_BYTE_BUFFER (signature, signature_len); - PROCESS_CALL; - OUT_BYTE_ARRAY (signature, signature_len); - END_CALL; -} - -static CK_RV -rpc_C_VerifyInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - BEGIN_CALL_OR (C_VerifyInit, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ULONG (key); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_Verify (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR signature, - CK_ULONG signature_len) -{ - BEGIN_CALL_OR (C_Verify, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (data, data_len); - IN_BYTE_ARRAY (signature, signature_len); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_VerifyUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - BEGIN_CALL_OR (C_VerifyUpdate, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (part, part_len); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_VerifyFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR signature, - CK_ULONG signature_len) -{ - BEGIN_CALL_OR (C_VerifyFinal, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (signature, signature_len); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_VerifyRecoverInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - BEGIN_CALL_OR (C_VerifyRecoverInit, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ULONG (key); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_VerifyRecover (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR signature, - CK_ULONG signature_len, - CK_BYTE_PTR data, - CK_ULONG_PTR data_len) -{ - return_val_if_fail (data_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_VerifyRecover, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (signature, signature_len); - IN_BYTE_BUFFER (data, data_len); - PROCESS_CALL; - OUT_BYTE_ARRAY (data, data_len); - END_CALL; -} - -static CK_RV -rpc_C_DigestEncryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR enc_part, - CK_ULONG_PTR enc_part_len) -{ - return_val_if_fail (enc_part_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_DigestEncryptUpdate, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (part, part_len); - IN_BYTE_BUFFER (enc_part, enc_part_len); - PROCESS_CALL; - OUT_BYTE_ARRAY (enc_part, enc_part_len); - END_CALL; -} - -static CK_RV -rpc_C_DecryptDigestUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - return_val_if_fail (part_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_DecryptDigestUpdate, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (enc_part, enc_part_len); - IN_BYTE_BUFFER (part, part_len); - PROCESS_CALL; - OUT_BYTE_ARRAY (part, part_len); - END_CALL; -} - -static CK_RV -rpc_C_SignEncryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR enc_part, - CK_ULONG_PTR enc_part_len) -{ - return_val_if_fail (enc_part_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_SignEncryptUpdate, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (part, part_len); - IN_BYTE_BUFFER (enc_part, enc_part_len); - PROCESS_CALL; - OUT_BYTE_ARRAY (enc_part, enc_part_len); - END_CALL; -} - -static CK_RV -rpc_C_DecryptVerifyUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - return_val_if_fail (part_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_DecryptVerifyUpdate, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (enc_part, enc_part_len); - IN_BYTE_BUFFER (part, part_len); - PROCESS_CALL; - OUT_BYTE_ARRAY (part, part_len); - END_CALL; -} - -static CK_RV -rpc_C_GenerateKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - BEGIN_CALL_OR (C_GenerateKey, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ATTRIBUTE_ARRAY (template, count); - PROCESS_CALL; - OUT_ULONG (key); - END_CALL; -} - -static CK_RV -rpc_C_GenerateKeyPair (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR pub_template, - CK_ULONG pub_count, - CK_ATTRIBUTE_PTR priv_template, - CK_ULONG priv_count, - CK_OBJECT_HANDLE_PTR pub_key, - CK_OBJECT_HANDLE_PTR priv_key) -{ - BEGIN_CALL_OR (C_GenerateKeyPair, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ATTRIBUTE_ARRAY (pub_template, pub_count); - IN_ATTRIBUTE_ARRAY (priv_template, priv_count); - PROCESS_CALL; - OUT_ULONG (pub_key); - OUT_ULONG (priv_key); - END_CALL; -} - -static CK_RV -rpc_C_WrapKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE wrapping_key, - CK_OBJECT_HANDLE key, - CK_BYTE_PTR wrapped_key, - CK_ULONG_PTR wrapped_key_len) -{ - return_val_if_fail (wrapped_key_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_WrapKey, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ULONG (wrapping_key); - IN_ULONG (key); - IN_BYTE_BUFFER (wrapped_key, wrapped_key_len); - PROCESS_CALL; - OUT_BYTE_ARRAY (wrapped_key, wrapped_key_len); - END_CALL; -} - -static CK_RV -rpc_C_UnwrapKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE unwrapping_key, - CK_BYTE_PTR wrapped_key, - CK_ULONG wrapped_key_len, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - BEGIN_CALL_OR (C_UnwrapKey, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ULONG (unwrapping_key); - IN_BYTE_ARRAY (wrapped_key, wrapped_key_len); - IN_ATTRIBUTE_ARRAY (template, count); - PROCESS_CALL; - OUT_ULONG (key); - END_CALL; -} - -static CK_RV -rpc_C_DeriveKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE base_key, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - BEGIN_CALL_OR (C_DeriveKey, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ULONG (base_key); - IN_ATTRIBUTE_ARRAY (template, count); - PROCESS_CALL; - OUT_ULONG (key); - END_CALL; -} - -static CK_RV -rpc_C_SeedRandom (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR seed, - CK_ULONG seed_len) -{ - BEGIN_CALL_OR (C_SeedRandom, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (seed, seed_len); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_GenerateRandom (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR random_data, - CK_ULONG random_len) -{ - CK_ULONG_PTR address = &random_len; - - BEGIN_CALL_OR (C_GenerateRandom, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_BUFFER (random_data, address); - PROCESS_CALL; - OUT_BYTE_ARRAY (random_data, address); - END_CALL; -} - -static CK_X_FUNCTION_LIST rpc_functions = { - { -1, -1 }, - rpc_C_Initialize, - rpc_C_Finalize, - rpc_C_GetInfo, - rpc_C_GetSlotList, - rpc_C_GetSlotInfo, - rpc_C_GetTokenInfo, - rpc_C_GetMechanismList, - rpc_C_GetMechanismInfo, - rpc_C_InitToken, - rpc_C_InitPIN, - rpc_C_SetPIN, - rpc_C_OpenSession, - rpc_C_CloseSession, - rpc_C_CloseAllSessions, - rpc_C_GetSessionInfo, - rpc_C_GetOperationState, - rpc_C_SetOperationState, - rpc_C_Login, - rpc_C_Logout, - rpc_C_CreateObject, - rpc_C_CopyObject, - rpc_C_DestroyObject, - rpc_C_GetObjectSize, - rpc_C_GetAttributeValue, - rpc_C_SetAttributeValue, - rpc_C_FindObjectsInit, - rpc_C_FindObjects, - rpc_C_FindObjectsFinal, - rpc_C_EncryptInit, - rpc_C_Encrypt, - rpc_C_EncryptUpdate, - rpc_C_EncryptFinal, - rpc_C_DecryptInit, - rpc_C_Decrypt, - rpc_C_DecryptUpdate, - rpc_C_DecryptFinal, - rpc_C_DigestInit, - rpc_C_Digest, - rpc_C_DigestUpdate, - rpc_C_DigestKey, - rpc_C_DigestFinal, - rpc_C_SignInit, - rpc_C_Sign, - rpc_C_SignUpdate, - rpc_C_SignFinal, - rpc_C_SignRecoverInit, - rpc_C_SignRecover, - rpc_C_VerifyInit, - rpc_C_Verify, - rpc_C_VerifyUpdate, - rpc_C_VerifyFinal, - rpc_C_VerifyRecoverInit, - rpc_C_VerifyRecover, - rpc_C_DigestEncryptUpdate, - rpc_C_DecryptDigestUpdate, - rpc_C_SignEncryptUpdate, - rpc_C_DecryptVerifyUpdate, - rpc_C_GenerateKey, - rpc_C_GenerateKeyPair, - rpc_C_WrapKey, - rpc_C_UnwrapKey, - rpc_C_DeriveKey, - rpc_C_SeedRandom, - rpc_C_GenerateRandom, - rpc_C_WaitForSlotEvent, -}; - -static void -rpc_client_free (void *data) -{ - rpc_client *client = data; - p11_mutex_uninit (&client->mutex); - free (client); -} - -bool -p11_rpc_client_init (p11_virtual *virt, - p11_rpc_client_vtable *vtable) -{ - rpc_client *client; - - p11_message_clear (); - - return_val_if_fail (vtable != NULL, false); - return_val_if_fail (vtable->connect != NULL, false); - return_val_if_fail (vtable->transport != NULL, false); - return_val_if_fail (vtable->disconnect != NULL, false); - - P11_RPC_CHECK_CALLS (); - - client = calloc (1, sizeof (rpc_client)); - return_val_if_fail (client != NULL, false); - - p11_mutex_init (&client->mutex); - client->vtable = vtable; - - p11_virtual_init (virt, &rpc_functions, client, rpc_client_free); - return true; -} diff --git a/p11-kit/rpc-message.c b/p11-kit/rpc-message.c deleted file mode 100644 index b5ac528..0000000 --- a/p11-kit/rpc-message.c +++ /dev/null @@ -1,769 +0,0 @@ -/* - * Copyright (C) 2008 Stefan Walter - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "debug.h" -#include "library.h" -#include "message.h" -#include "private.h" -#include "rpc-message.h" - -#include -#include - -void -p11_rpc_message_init (p11_rpc_message *msg, - p11_buffer *input, - p11_buffer *output) -{ - assert (input != NULL); - assert (output != NULL); - assert (output->ffree != NULL); - assert (output->frealloc != NULL); - - memset (msg, 0, sizeof (*msg)); - - msg->output = output; - msg->input = input; -} - -void -p11_rpc_message_clear (p11_rpc_message *msg) -{ - void *allocated; - void **data; - - assert (msg != NULL); - - /* Free up the extra allocated memory */ - allocated = msg->extra; - while (allocated != NULL) { - data = (void **)allocated; - - /* Pointer to the next allocation */ - allocated = *data; - assert (msg->output->ffree); - (msg->output->ffree) (data); - } - - msg->output = NULL; - msg->input = NULL; - msg->extra = NULL; -} - -void * -p11_rpc_message_alloc_extra (p11_rpc_message *msg, - size_t length) -{ - void **data; - - assert (msg != NULL); - - if (length > 0x7fffffff) - return NULL; - - assert (msg->output->frealloc != NULL); - data = (msg->output->frealloc) (NULL, sizeof (void *) + length); - if (data == NULL) - return NULL; - - /* Munch up the memory to help catch bugs */ - memset (data, 0xff, sizeof (void *) + length); - - /* Store pointer to next allocated block at beginning */ - *data = msg->extra; - msg->extra = data; - - /* Data starts after first pointer */ - return (void *)(data + 1); -} - -bool -p11_rpc_message_prep (p11_rpc_message *msg, - int call_id, - p11_rpc_message_type type) -{ - int len; - - assert (type != 0); - assert (call_id >= P11_RPC_CALL_ERROR); - assert (call_id < P11_RPC_CALL_MAX); - - p11_buffer_reset (msg->output, 0); - msg->signature = NULL; - - /* The call id and signature */ - if (type == P11_RPC_REQUEST) - msg->signature = p11_rpc_calls[call_id].request; - else if (type == P11_RPC_RESPONSE) - msg->signature = p11_rpc_calls[call_id].response; - else - assert_not_reached (); - assert (msg->signature != NULL); - msg->sigverify = msg->signature; - - msg->call_id = call_id; - msg->call_type = type; - - /* Encode the two of them */ - p11_rpc_buffer_add_uint32 (msg->output, call_id); - if (msg->signature) { - len = strlen (msg->signature); - p11_rpc_buffer_add_byte_array (msg->output, (unsigned char*)msg->signature, len); - } - - msg->parsed = 0; - return !p11_buffer_failed (msg->output); -} - -bool -p11_rpc_message_parse (p11_rpc_message *msg, - p11_rpc_message_type type) -{ - const unsigned char *val; - size_t len; - uint32_t call_id; - - assert (msg != NULL); - assert (msg->input != NULL); - - msg->parsed = 0; - - /* Pull out the call identifier */ - if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &call_id)) { - p11_message ("invalid message: couldn't read call identifier"); - return false; - } - - msg->signature = msg->sigverify = NULL; - - /* The call id and signature */ - if (call_id >= P11_RPC_CALL_MAX) { - p11_message ("invalid message: bad call id: %d", call_id); - return false; - } - if (type == P11_RPC_REQUEST) - msg->signature = p11_rpc_calls[call_id].request; - else if (type == P11_RPC_RESPONSE) - msg->signature = p11_rpc_calls[call_id].response; - else - assert_not_reached (); - assert (msg->signature != NULL); - msg->call_id = call_id; - msg->call_type = type; - msg->sigverify = msg->signature; - - /* Verify the incoming signature */ - if (!p11_rpc_buffer_get_byte_array (msg->input, &msg->parsed, &val, &len)) { - p11_message ("invalid message: couldn't read signature"); - return false; - } - - if ((strlen (msg->signature) != len) || (memcmp (val, msg->signature, len) != 0)) { - p11_message ("invalid message: signature doesn't match"); - return false; - } - - return true; -} - -bool -p11_rpc_message_verify_part (p11_rpc_message *msg, - const char* part) -{ - int len; - bool ok; - - if (!msg->sigverify) - return true; - - len = strlen (part); - ok = (strncmp (msg->sigverify, part, len) == 0); - if (ok) - msg->sigverify += len; - return ok; -} - -bool -p11_rpc_message_write_attribute_buffer (p11_rpc_message *msg, - CK_ATTRIBUTE_PTR arr, - CK_ULONG num) -{ - CK_ATTRIBUTE_PTR attr; - CK_ULONG i; - - assert (num == 0 || arr != NULL); - assert (msg != NULL); - assert (msg->output != NULL); - - /* Make sure this is in the rigth order */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "fA")); - - /* Write the number of items */ - p11_rpc_buffer_add_uint32 (msg->output, num); - - for (i = 0; i < num; ++i) { - attr = &(arr[i]); - - /* The attribute type */ - p11_rpc_buffer_add_uint32 (msg->output, attr->type); - - /* And the attribute buffer length */ - p11_rpc_buffer_add_uint32 (msg->output, attr->pValue ? attr->ulValueLen : 0); - } - - return !p11_buffer_failed (msg->output); -} - -bool -p11_rpc_message_write_attribute_array (p11_rpc_message *msg, - CK_ATTRIBUTE_PTR arr, - CK_ULONG num) -{ - CK_ULONG i; - CK_ATTRIBUTE_PTR attr; - unsigned char validity; - - assert (num == 0 || arr != NULL); - assert (msg != NULL); - assert (msg->output != NULL); - - /* Make sure this is in the rigth order */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "aA")); - - /* Write the number of items */ - p11_rpc_buffer_add_uint32 (msg->output, num); - - for (i = 0; i < num; ++i) { - attr = &(arr[i]); - - /* The attribute type */ - p11_rpc_buffer_add_uint32 (msg->output, attr->type); - - /* Write out the attribute validity */ - validity = (((CK_LONG)attr->ulValueLen) == -1) ? 0 : 1; - p11_rpc_buffer_add_byte (msg->output, validity); - - /* The attribute length and value */ - if (validity) { - p11_rpc_buffer_add_uint32 (msg->output, attr->ulValueLen); - p11_rpc_buffer_add_byte_array (msg->output, attr->pValue, attr->ulValueLen); - } - } - - return !p11_buffer_failed (msg->output); -} - -bool -p11_rpc_message_read_byte (p11_rpc_message *msg, - CK_BYTE *val) -{ - assert (msg != NULL); - assert (msg->input != NULL); - - /* Make sure this is in the right order */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "y")); - return p11_rpc_buffer_get_byte (msg->input, &msg->parsed, val); -} - -bool -p11_rpc_message_write_byte (p11_rpc_message *msg, - CK_BYTE val) -{ - assert (msg != NULL); - assert (msg->output != NULL); - - /* Make sure this is in the right order */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "y")); - p11_rpc_buffer_add_byte (msg->output, val); - return !p11_buffer_failed (msg->output); -} - -bool -p11_rpc_message_read_ulong (p11_rpc_message *msg, - CK_ULONG *val) -{ - uint64_t v; - - assert (msg != NULL); - assert (msg->input != NULL); - - /* Make sure this is in the right order */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "u")); - - if (!p11_rpc_buffer_get_uint64 (msg->input, &msg->parsed, &v)) - return false; - if (val) - *val = (CK_ULONG)v; - return true; -} - -bool -p11_rpc_message_write_ulong (p11_rpc_message *msg, - CK_ULONG val) -{ - assert (msg != NULL); - assert (msg->output != NULL); - - /* Make sure this is in the rigth order */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "u")); - p11_rpc_buffer_add_uint64 (msg->output, val); - return !p11_buffer_failed (msg->output); -} - -bool -p11_rpc_message_write_byte_buffer (p11_rpc_message *msg, - CK_ULONG count) -{ - assert (msg != NULL); - assert (msg->output != NULL); - - /* Make sure this is in the right order */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "fy")); - p11_rpc_buffer_add_uint32 (msg->output, count); - return !p11_buffer_failed (msg->output); -} - -bool -p11_rpc_message_write_byte_array (p11_rpc_message *msg, - CK_BYTE_PTR arr, - CK_ULONG num) -{ - assert (msg != NULL); - assert (msg->output != NULL); - - /* Make sure this is in the right order */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "ay")); - - /* No array, no data, just length */ - if (!arr) { - p11_rpc_buffer_add_byte (msg->output, 0); - p11_rpc_buffer_add_uint32 (msg->output, num); - } else { - p11_rpc_buffer_add_byte (msg->output, 1); - p11_rpc_buffer_add_byte_array (msg->output, arr, num); - } - - return !p11_buffer_failed (msg->output); -} - -bool -p11_rpc_message_write_ulong_buffer (p11_rpc_message *msg, - CK_ULONG count) -{ - assert (msg != NULL); - assert (msg->output != NULL); - - /* Make sure this is in the right order */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "fu")); - p11_rpc_buffer_add_uint32 (msg->output, count); - return !p11_buffer_failed (msg->output); -} - -bool -p11_rpc_message_write_ulong_array (p11_rpc_message *msg, - CK_ULONG_PTR array, - CK_ULONG n_array) -{ - CK_ULONG i; - - assert (msg != NULL); - assert (msg->output != NULL); - - /* Check that we're supposed to have this at this point */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "au")); - - /* We send a byte which determines whether there's actual data present or not */ - p11_rpc_buffer_add_byte (msg->output, array ? 1 : 0); - p11_rpc_buffer_add_uint32 (msg->output, n_array); - - /* Now send the data if valid */ - if (array) { - for (i = 0; i < n_array; ++i) - p11_rpc_buffer_add_uint64 (msg->output, array[i]); - } - - return !p11_buffer_failed (msg->output); -} - -bool -p11_rpc_message_read_version (p11_rpc_message *msg, - CK_VERSION *version) -{ - assert (msg != NULL); - assert (msg->input != NULL); - assert (version != NULL); - - /* Check that we're supposed to have this at this point */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "v")); - - return p11_rpc_buffer_get_byte (msg->input, &msg->parsed, &version->major) && - p11_rpc_buffer_get_byte (msg->input, &msg->parsed, &version->minor); -} - -bool -p11_rpc_message_write_version (p11_rpc_message *msg, - CK_VERSION *version) -{ - assert (msg != NULL); - assert (msg->output != NULL); - assert (version != NULL); - - /* Check that we're supposed to have this at this point */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "v")); - - p11_rpc_buffer_add_byte (msg->output, version->major); - p11_rpc_buffer_add_byte (msg->output, version->minor); - - return !p11_buffer_failed (msg->output); -} - -bool -p11_rpc_message_read_space_string (p11_rpc_message *msg, - CK_UTF8CHAR *buffer, - CK_ULONG length) -{ - const unsigned char *data; - size_t n_data; - - assert (msg != NULL); - assert (msg->input != NULL); - assert (buffer != NULL); - assert (length != 0); - - assert (!msg->signature || p11_rpc_message_verify_part (msg, "s")); - - if (!p11_rpc_buffer_get_byte_array (msg->input, &msg->parsed, &data, &n_data)) - return false; - - if (n_data != length) { - p11_message ("invalid length space padded string received: %d != %d", - (int)length, (int)n_data); - return false; - } - - memcpy (buffer, data, length); - return true; -} - -bool -p11_rpc_message_write_space_string (p11_rpc_message *msg, - CK_UTF8CHAR *data, - CK_ULONG length) -{ - assert (msg != NULL); - assert (msg->output != NULL); - assert (data != NULL); - assert (length != 0); - - assert (!msg->signature || p11_rpc_message_verify_part (msg, "s")); - - p11_rpc_buffer_add_byte_array (msg->output, data, length); - return !p11_buffer_failed (msg->output); -} - -bool -p11_rpc_message_write_zero_string (p11_rpc_message *msg, - CK_UTF8CHAR *string) -{ - assert (msg != NULL); - assert (msg->output != NULL); - assert (string != NULL); - - assert (!msg->signature || p11_rpc_message_verify_part (msg, "z")); - - p11_rpc_buffer_add_byte_array (msg->output, string, - string ? strlen ((char *)string) : 0); - return !p11_buffer_failed (msg->output); -} - -static void * -log_allocator (void *pointer, - size_t size) -{ - void *result = realloc (pointer, (size_t)size); - return_val_if_fail (!size || result != NULL, NULL); - return result; -} - -p11_buffer * -p11_rpc_buffer_new (size_t reserve) -{ - return p11_rpc_buffer_new_full (reserve, log_allocator, free); -} - -p11_buffer * -p11_rpc_buffer_new_full (size_t reserve, - void * (* frealloc) (void *data, size_t size), - void (* ffree) (void *data)) -{ - p11_buffer *buffer; - - buffer = calloc (1, sizeof (p11_buffer)); - return_val_if_fail (buffer != NULL, NULL); - - p11_buffer_init_full (buffer, NULL, 0, 0, frealloc, ffree); - if (!p11_buffer_reset (buffer, reserve)) - return_val_if_reached (NULL); - - return buffer; -} - -void -p11_rpc_buffer_free (p11_buffer *buf) -{ - if (buf == NULL) - return; - - p11_buffer_uninit (buf); - free (buf); -} - -void -p11_rpc_buffer_add_byte (p11_buffer *buf, - unsigned char value) -{ - p11_buffer_add (buf, &value, 1); -} - -int -p11_rpc_buffer_get_byte (p11_buffer *buf, - size_t *offset, - unsigned char *val) -{ - unsigned char *ptr; - if (buf->len < 1 || *offset > buf->len - 1) { - p11_buffer_fail (buf); - return 0; - } - ptr = (unsigned char *)buf->data + *offset; - if (val != NULL) - *val = *ptr; - *offset = *offset + 1; - return 1; -} - -void -p11_rpc_buffer_encode_uint16 (unsigned char* data, - uint16_t value) -{ - data[0] = (value >> 8) & 0xff; - data[1] = (value >> 0) & 0xff; -} - -uint16_t -p11_rpc_buffer_decode_uint16 (unsigned char* data) -{ - uint16_t value = data[0] << 8 | data[1]; - return value; -} - -void -p11_rpc_buffer_add_uint16 (p11_buffer *buffer, - uint16_t value) -{ - size_t offset = buffer->len; - if (!p11_buffer_append (buffer, 2)) - return_if_reached (); - p11_rpc_buffer_set_uint16 (buffer, offset, value); -} - -bool -p11_rpc_buffer_set_uint16 (p11_buffer *buffer, - size_t offset, - uint16_t value) -{ - unsigned char *ptr; - if (buffer->len < 2 || offset > buffer->len - 2) { - p11_buffer_fail (buffer); - return false; - } - ptr = (unsigned char *)buffer->data + offset; - p11_rpc_buffer_encode_uint16 (ptr, value); - return true; -} - -bool -p11_rpc_buffer_get_uint16 (p11_buffer *buf, - size_t *offset, - uint16_t *value) -{ - unsigned char *ptr; - if (buf->len < 2 || *offset > buf->len - 2) { - p11_buffer_fail (buf); - return false; - } - ptr = (unsigned char*)buf->data + *offset; - if (value != NULL) - *value = p11_rpc_buffer_decode_uint16 (ptr); - *offset = *offset + 2; - return true; -} - -void -p11_rpc_buffer_encode_uint32 (unsigned char* data, - uint32_t value) -{ - data[0] = (value >> 24) & 0xff; - data[1] = (value >> 16) & 0xff; - data[2] = (value >> 8) & 0xff; - data[3] = (value >> 0) & 0xff; -} - -uint32_t -p11_rpc_buffer_decode_uint32 (unsigned char* ptr) -{ - uint32_t val = ptr[0] << 24 | ptr[1] << 16 | ptr[2] << 8 | ptr[3]; - return val; -} - -void -p11_rpc_buffer_add_uint32 (p11_buffer *buffer, - uint32_t value) -{ - size_t offset = buffer->len; - if (!p11_buffer_append (buffer, 4)) - return_val_if_reached (); - p11_rpc_buffer_set_uint32 (buffer, offset, value); -} - -bool -p11_rpc_buffer_set_uint32 (p11_buffer *buffer, - size_t offset, - uint32_t value) -{ - unsigned char *ptr; - if (buffer->len < 4 || offset > buffer->len - 4) { - p11_buffer_fail (buffer); - return false; - } - ptr = (unsigned char*)buffer->data + offset; - p11_rpc_buffer_encode_uint32 (ptr, value); - return true; -} - -bool -p11_rpc_buffer_get_uint32 (p11_buffer *buf, - size_t *offset, - uint32_t *value) -{ - unsigned char *ptr; - if (buf->len < 4 || *offset > buf->len - 4) { - p11_buffer_fail (buf); - return false; - } - ptr = (unsigned char*)buf->data + *offset; - if (value != NULL) - *value = p11_rpc_buffer_decode_uint32 (ptr); - *offset = *offset + 4; - return true; -} - -void -p11_rpc_buffer_add_uint64 (p11_buffer *buffer, - uint64_t value) -{ - p11_rpc_buffer_add_uint32 (buffer, ((value >> 32) & 0xffffffff)); - p11_rpc_buffer_add_uint32 (buffer, (value & 0xffffffff)); -} - -bool -p11_rpc_buffer_get_uint64 (p11_buffer *buf, - size_t *offset, - uint64_t *value) -{ - size_t off = *offset; - uint32_t a, b; - if (!p11_rpc_buffer_get_uint32 (buf, &off, &a) || - !p11_rpc_buffer_get_uint32 (buf, &off, &b)) - return false; - if (value != NULL) - *value = ((uint64_t)a) << 32 | b; - *offset = off; - return true; -} - -void -p11_rpc_buffer_add_byte_array (p11_buffer *buffer, - const unsigned char *data, - size_t length) -{ - if (data == NULL) { - p11_rpc_buffer_add_uint32 (buffer, 0xffffffff); - return; - } else if (length >= 0x7fffffff) { - p11_buffer_fail (buffer); - return; - } - p11_rpc_buffer_add_uint32 (buffer, length); - p11_buffer_add (buffer, data, length); -} - -bool -p11_rpc_buffer_get_byte_array (p11_buffer *buf, - size_t *offset, - const unsigned char **data, - size_t *length) -{ - size_t off = *offset; - uint32_t len; - if (!p11_rpc_buffer_get_uint32 (buf, &off, &len)) - return false; - if (len == 0xffffffff) { - *offset = off; - if (data) - *data = NULL; - if (length) - *length = 0; - return true; - } else if (len >= 0x7fffffff) { - p11_buffer_fail (buf); - return false; - } - - if (buf->len < len || *offset > buf->len - len) { - p11_buffer_fail (buf); - return false; - } - - if (data) - *data = (unsigned char *)buf->data + off; - if (length) - *length = len; - *offset = off + len; - - return true; -} diff --git a/p11-kit/rpc-message.h b/p11-kit/rpc-message.h deleted file mode 100644 index 9827097..0000000 --- a/p11-kit/rpc-message.h +++ /dev/null @@ -1,370 +0,0 @@ -/* - * Copyright (C) 2008 Stefan Walter - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef _RPC_MESSAGE_H -#define _RPC_MESSAGE_H - -#include -#include -#include - -#include "buffer.h" -#include "pkcs11.h" - -/* The calls, must be in sync with array below */ -enum { - P11_RPC_CALL_ERROR = 0, - - P11_RPC_CALL_C_Initialize, - P11_RPC_CALL_C_Finalize, - P11_RPC_CALL_C_GetInfo, - P11_RPC_CALL_C_GetSlotList, - P11_RPC_CALL_C_GetSlotInfo, - P11_RPC_CALL_C_GetTokenInfo, - P11_RPC_CALL_C_GetMechanismList, - P11_RPC_CALL_C_GetMechanismInfo, - P11_RPC_CALL_C_InitToken, - P11_RPC_CALL_C_OpenSession, - P11_RPC_CALL_C_CloseSession, - P11_RPC_CALL_C_CloseAllSessions, - P11_RPC_CALL_C_GetSessionInfo, - P11_RPC_CALL_C_InitPIN, - P11_RPC_CALL_C_SetPIN, - P11_RPC_CALL_C_GetOperationState, - P11_RPC_CALL_C_SetOperationState, - P11_RPC_CALL_C_Login, - P11_RPC_CALL_C_Logout, - P11_RPC_CALL_C_CreateObject, - P11_RPC_CALL_C_CopyObject, - P11_RPC_CALL_C_DestroyObject, - P11_RPC_CALL_C_GetObjectSize, - P11_RPC_CALL_C_GetAttributeValue, - P11_RPC_CALL_C_SetAttributeValue, - P11_RPC_CALL_C_FindObjectsInit, - P11_RPC_CALL_C_FindObjects, - P11_RPC_CALL_C_FindObjectsFinal, - P11_RPC_CALL_C_EncryptInit, - P11_RPC_CALL_C_Encrypt, - P11_RPC_CALL_C_EncryptUpdate, - P11_RPC_CALL_C_EncryptFinal, - P11_RPC_CALL_C_DecryptInit, - P11_RPC_CALL_C_Decrypt, - P11_RPC_CALL_C_DecryptUpdate, - P11_RPC_CALL_C_DecryptFinal, - P11_RPC_CALL_C_DigestInit, - P11_RPC_CALL_C_Digest, - P11_RPC_CALL_C_DigestUpdate, - P11_RPC_CALL_C_DigestKey, - P11_RPC_CALL_C_DigestFinal, - P11_RPC_CALL_C_SignInit, - P11_RPC_CALL_C_Sign, - P11_RPC_CALL_C_SignUpdate, - P11_RPC_CALL_C_SignFinal, - P11_RPC_CALL_C_SignRecoverInit, - P11_RPC_CALL_C_SignRecover, - P11_RPC_CALL_C_VerifyInit, - P11_RPC_CALL_C_Verify, - P11_RPC_CALL_C_VerifyUpdate, - P11_RPC_CALL_C_VerifyFinal, - P11_RPC_CALL_C_VerifyRecoverInit, - P11_RPC_CALL_C_VerifyRecover, - P11_RPC_CALL_C_DigestEncryptUpdate, - P11_RPC_CALL_C_DecryptDigestUpdate, - P11_RPC_CALL_C_SignEncryptUpdate, - P11_RPC_CALL_C_DecryptVerifyUpdate, - P11_RPC_CALL_C_GenerateKey, - P11_RPC_CALL_C_GenerateKeyPair, - P11_RPC_CALL_C_WrapKey, - P11_RPC_CALL_C_UnwrapKey, - P11_RPC_CALL_C_DeriveKey, - P11_RPC_CALL_C_SeedRandom, - P11_RPC_CALL_C_GenerateRandom, - P11_RPC_CALL_C_WaitForSlotEvent, - - P11_RPC_CALL_MAX -}; - -typedef struct { - int call_id; - const char* name; - const char* request; - const char* response; -} p11_rpc_call; - -/* - * a_ = prefix denotes array of _ - * A = CK_ATTRIBUTE - * f_ = prefix denotes buffer for _ - * M = CK_MECHANISM - * u = CK_ULONG - * s = space padded string - * v = CK_VERSION - * y = CK_BYTE - * z = null terminated string - */ - -static const p11_rpc_call p11_rpc_calls[] = { - { P11_RPC_CALL_ERROR, "ERROR", NULL, "u" }, - { P11_RPC_CALL_C_Initialize, "C_Initialize", "ayyay", "" }, - { P11_RPC_CALL_C_Finalize, "C_Finalize", "", "" }, - { P11_RPC_CALL_C_GetInfo, "C_GetInfo", "", "vsusv" }, - { P11_RPC_CALL_C_GetSlotList, "C_GetSlotList", "yfu", "au" }, - { P11_RPC_CALL_C_GetSlotInfo, "C_GetSlotInfo", "u", "ssuvv" }, - { P11_RPC_CALL_C_GetTokenInfo, "C_GetTokenInfo", "u", "ssssuuuuuuuuuuuvvs" }, - { P11_RPC_CALL_C_GetMechanismList, "C_GetMechanismList", "ufu", "au" }, - { P11_RPC_CALL_C_GetMechanismInfo, "C_GetMechanismInfo", "uu", "uuu" }, - { P11_RPC_CALL_C_InitToken, "C_InitToken", "uayz", "" }, - { P11_RPC_CALL_C_OpenSession, "C_OpenSession", "uu", "u" }, - { P11_RPC_CALL_C_CloseSession, "C_CloseSession", "u", "" }, - { P11_RPC_CALL_C_CloseAllSessions, "C_CloseAllSessions", "u", "" }, - { P11_RPC_CALL_C_GetSessionInfo, "C_GetSessionInfo", "u", "uuuu" }, - { P11_RPC_CALL_C_InitPIN, "C_InitPIN", "uay", "" }, - { P11_RPC_CALL_C_SetPIN, "C_SetPIN", "uayay", "" }, - { P11_RPC_CALL_C_GetOperationState, "C_GetOperationState", "ufy", "ay" }, - { P11_RPC_CALL_C_SetOperationState, "C_SetOperationState", "uayuu", "" }, - { P11_RPC_CALL_C_Login, "C_Login", "uuay", "" }, - { P11_RPC_CALL_C_Logout, "C_Logout", "u", "" }, - { P11_RPC_CALL_C_CreateObject, "C_CreateObject", "uaA", "u" }, - { P11_RPC_CALL_C_CopyObject, "C_CopyObject", "uuaA", "u" }, - { P11_RPC_CALL_C_DestroyObject, "C_DestroyObject", "uu", "" }, - { P11_RPC_CALL_C_GetObjectSize, "C_GetObjectSize", "uu", "u" }, - { P11_RPC_CALL_C_GetAttributeValue, "C_GetAttributeValue", "uufA", "aAu" }, - { P11_RPC_CALL_C_SetAttributeValue, "C_SetAttributeValue", "uuaA", "" }, - { P11_RPC_CALL_C_FindObjectsInit, "C_FindObjectsInit", "uaA", "" }, - { P11_RPC_CALL_C_FindObjects, "C_FindObjects", "ufu", "au" }, - { P11_RPC_CALL_C_FindObjectsFinal, "C_FindObjectsFinal", "u", "" }, - { P11_RPC_CALL_C_EncryptInit, "C_EncryptInit", "uMu", "" }, - { P11_RPC_CALL_C_Encrypt, "C_Encrypt", "uayfy", "ay" }, - { P11_RPC_CALL_C_EncryptUpdate, "C_EncryptUpdate", "uayfy", "ay" }, - { P11_RPC_CALL_C_EncryptFinal, "C_EncryptFinal", "ufy", "ay" }, - { P11_RPC_CALL_C_DecryptInit, "C_DecryptInit", "uMu", "" }, - { P11_RPC_CALL_C_Decrypt, "C_Decrypt", "uayfy", "ay" }, - { P11_RPC_CALL_C_DecryptUpdate, "C_DecryptUpdate", "uayfy", "ay" }, - { P11_RPC_CALL_C_DecryptFinal, "C_DecryptFinal", "ufy", "ay" }, - { P11_RPC_CALL_C_DigestInit, "C_DigestInit", "uM", "" }, - { P11_RPC_CALL_C_Digest, "C_Digest", "uayfy", "ay" }, - { P11_RPC_CALL_C_DigestUpdate, "C_DigestUpdate", "uay", "" }, - { P11_RPC_CALL_C_DigestKey, "C_DigestKey", "uu", "" }, - { P11_RPC_CALL_C_DigestFinal, "C_DigestFinal", "ufy", "ay" }, - { P11_RPC_CALL_C_SignInit, "C_SignInit", "uMu", "" }, - { P11_RPC_CALL_C_Sign, "C_Sign", "uayfy", "ay" }, - { P11_RPC_CALL_C_SignUpdate, "C_SignUpdate", "uay", "" }, - { P11_RPC_CALL_C_SignFinal, "C_SignFinal", "ufy", "ay" }, - { P11_RPC_CALL_C_SignRecoverInit, "C_SignRecoverInit", "uMu", "" }, - { P11_RPC_CALL_C_SignRecover, "C_SignRecover", "uayfy", "ay" }, - { P11_RPC_CALL_C_VerifyInit, "C_VerifyInit", "uMu", "" }, - { P11_RPC_CALL_C_Verify, "C_Verify", "uayay", "" }, - { P11_RPC_CALL_C_VerifyUpdate, "C_VerifyUpdate", "uay", "" }, - { P11_RPC_CALL_C_VerifyFinal, "C_VerifyFinal", "uay", "" }, - { P11_RPC_CALL_C_VerifyRecoverInit, "C_VerifyRecoverInit", "uMu", "" }, - { P11_RPC_CALL_C_VerifyRecover, "C_VerifyRecover", "uayfy", "ay" }, - { P11_RPC_CALL_C_DigestEncryptUpdate, "C_DigestEncryptUpdate", "uayfy", "ay" }, - { P11_RPC_CALL_C_DecryptDigestUpdate, "C_DecryptDigestUpdate", "uayfy", "ay" }, - { P11_RPC_CALL_C_SignEncryptUpdate, "C_SignEncryptUpdate", "uayfy", "ay" }, - { P11_RPC_CALL_C_DecryptVerifyUpdate, "C_DecryptVerifyUpdate", "uayfy", "ay" }, - { P11_RPC_CALL_C_GenerateKey, "C_GenerateKey", "uMaA", "u" }, - { P11_RPC_CALL_C_GenerateKeyPair, "C_GenerateKeyPair", "uMaAaA", "uu" }, - { P11_RPC_CALL_C_WrapKey, "C_WrapKey", "uMuufy", "ay" }, - { P11_RPC_CALL_C_UnwrapKey, "C_UnwrapKey", "uMuayaA", "u" }, - { P11_RPC_CALL_C_DeriveKey, "C_DeriveKey", "uMuaA", "u" }, - { P11_RPC_CALL_C_SeedRandom, "C_SeedRandom", "uay", "" }, - { P11_RPC_CALL_C_GenerateRandom, "C_GenerateRandom", "ufy", "ay" }, - { P11_RPC_CALL_C_WaitForSlotEvent, "C_WaitForSlotEvent", "u", "u" }, -}; - -#ifdef _DEBUG -#define P11_RPC_CHECK_CALLS() \ - { int i; for (i = 0; i < P11_RPC_CALL_MAX; ++i) assert (p11_rpc_calls[i].call_id == i); } -#else -#define P11_RPC_CHECK_CALLS() -#endif - -#define P11_RPC_HANDSHAKE \ - ((unsigned char *)"PRIVATE-GNOME-KEYRING-PKCS11-PROTOCOL-V-1") -#define P11_RPC_HANDSHAKE_LEN \ - (strlen ((char *)P11_RPC_HANDSHAKE)) - -typedef enum _p11_rpc_message_type { - P11_RPC_REQUEST = 1, - P11_RPC_RESPONSE -} p11_rpc_message_type; - -typedef struct { - int call_id; - p11_rpc_message_type call_type; - const char *signature; - p11_buffer *input; - p11_buffer *output; - size_t parsed; - const char *sigverify; - void *extra; -} p11_rpc_message; - -void p11_rpc_message_init (p11_rpc_message *msg, - p11_buffer *input, - p11_buffer *output); - -void p11_rpc_message_clear (p11_rpc_message *msg); - -#define p11_rpc_message_is_verified(msg) (!(msg)->sigverify || (msg)->sigverify[0] == 0) - -void * p11_rpc_message_alloc_extra (p11_rpc_message *msg, - size_t length); - -bool p11_rpc_message_prep (p11_rpc_message *msg, - int call_id, - p11_rpc_message_type type); - -bool p11_rpc_message_parse (p11_rpc_message *msg, - p11_rpc_message_type type); - -bool p11_rpc_message_verify_part (p11_rpc_message *msg, - const char* part); - -bool p11_rpc_message_write_byte (p11_rpc_message *msg, - CK_BYTE val); - -bool p11_rpc_message_write_ulong (p11_rpc_message *msg, - CK_ULONG val); - -bool p11_rpc_message_write_zero_string (p11_rpc_message *msg, - CK_UTF8CHAR *string); - -bool p11_rpc_message_write_space_string (p11_rpc_message *msg, - CK_UTF8CHAR *buffer, - CK_ULONG length); - -bool p11_rpc_message_write_byte_buffer (p11_rpc_message *msg, - CK_ULONG count); - -bool p11_rpc_message_write_byte_array (p11_rpc_message *msg, - CK_BYTE_PTR arr, - CK_ULONG num); - -bool p11_rpc_message_write_ulong_buffer (p11_rpc_message *msg, - CK_ULONG count); - -bool p11_rpc_message_write_ulong_array (p11_rpc_message *msg, - CK_ULONG_PTR arr, - CK_ULONG num); - -bool p11_rpc_message_write_attribute_buffer (p11_rpc_message *msg, - CK_ATTRIBUTE_PTR arr, - CK_ULONG num); - -bool p11_rpc_message_write_attribute_array (p11_rpc_message *msg, - CK_ATTRIBUTE_PTR arr, - CK_ULONG num); - -bool p11_rpc_message_write_version (p11_rpc_message *msg, - CK_VERSION* version); - -bool p11_rpc_message_read_byte (p11_rpc_message *msg, - CK_BYTE* val); - -bool p11_rpc_message_read_ulong (p11_rpc_message *msg, - CK_ULONG* val); - -bool p11_rpc_message_read_space_string (p11_rpc_message *msg, - CK_UTF8CHAR* buffer, - CK_ULONG length); - -bool p11_rpc_message_read_version (p11_rpc_message *msg, - CK_VERSION* version); - -p11_buffer * p11_rpc_buffer_new (size_t reserve); - -p11_buffer * p11_rpc_buffer_new_full (size_t reserve, - void * (* frealloc) (void *data, size_t size), - void (* ffree) (void *data)); - -void p11_rpc_buffer_free (p11_buffer *buf); - -void p11_rpc_buffer_add_byte (p11_buffer *buf, - unsigned char value); - -int p11_rpc_buffer_get_byte (p11_buffer *buf, - size_t *offset, - unsigned char *val); - -void p11_rpc_buffer_encode_uint32 (unsigned char *data, - uint32_t value); - -uint32_t p11_rpc_buffer_decode_uint32 (unsigned char *data); - -void p11_rpc_buffer_add_uint32 (p11_buffer *buffer, - uint32_t value); - -bool p11_rpc_buffer_set_uint32 (p11_buffer *buffer, - size_t offset, - uint32_t value); - -bool p11_rpc_buffer_get_uint32 (p11_buffer *buf, - size_t *offset, - uint32_t *value); - -void p11_rpc_buffer_encode_uint16 (unsigned char *data, - uint16_t value); - -uint16_t p11_rpc_buffer_decode_uint16 (unsigned char *data); - -void p11_rpc_buffer_add_uint16 (p11_buffer *buffer, - uint16_t val); - -bool p11_rpc_buffer_set_uint16 (p11_buffer *buffer, - size_t offset, - uint16_t val); - -bool p11_rpc_buffer_get_uint16 (p11_buffer *buf, - size_t *offset, - uint16_t *val); - -void p11_rpc_buffer_add_byte_array (p11_buffer *buffer, - const unsigned char *val, - size_t len); - -bool p11_rpc_buffer_get_byte_array (p11_buffer *buf, - size_t *offset, - const unsigned char **val, - size_t *vlen); - -void p11_rpc_buffer_add_uint64 (p11_buffer *buffer, - uint64_t val); - -bool p11_rpc_buffer_get_uint64 (p11_buffer *buf, - size_t *offset, - uint64_t *val); - -#endif /* _RPC_MESSAGE_H */ diff --git a/p11-kit/rpc-server.c b/p11-kit/rpc-server.c deleted file mode 100644 index 225cc86..0000000 --- a/p11-kit/rpc-server.c +++ /dev/null @@ -1,2017 +0,0 @@ -/* - * Copyright (C) 2008 Stefan Walter - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#define P11_DEBUG_FLAG P11_DEBUG_RPC -#include "debug.h" -#include "pkcs11.h" -#include "library.h" -#include "private.h" -#include "message.h" -#include "remote.h" -#include "rpc.h" -#include "rpc-message.h" - -#include -#include -#include -#include -#include -#include -#include - -/* The error returned on protocol failures */ -#define PARSE_ERROR CKR_DEVICE_ERROR -#define PREP_ERROR CKR_DEVICE_MEMORY - -static CK_RV -proto_read_byte_buffer (p11_rpc_message *msg, - CK_BYTE_PTR *buffer, - CK_ULONG *n_buffer) -{ - uint32_t length; - - assert (msg != NULL); - assert (buffer != NULL); - assert (n_buffer != NULL); - assert (msg->input != NULL); - - /* Check that we're supposed to be reading this at this point */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "fy")); - - /* The number of ulongs there's room for on the other end */ - if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &length)) - return PARSE_ERROR; - - *n_buffer = length; - *buffer = NULL; - - /* If set to zero, then they just want the length */ - if (length == 0) - return CKR_OK; - - *buffer = p11_rpc_message_alloc_extra (msg, length * sizeof (CK_BYTE)); - if (*buffer == NULL) - return CKR_DEVICE_MEMORY; - - return CKR_OK; -} - -static CK_RV -proto_read_byte_array (p11_rpc_message *msg, - CK_BYTE_PTR *array, - CK_ULONG *n_array) -{ - const unsigned char *data; - unsigned char valid; - size_t n_data; - - assert (msg != NULL); - assert (msg->input != NULL); - - /* Check that we're supposed to have this at this point */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "ay")); - - /* Read out the byte which says whether data is present or not */ - if (!p11_rpc_buffer_get_byte (msg->input, &msg->parsed, &valid)) - return PARSE_ERROR; - - if (!valid) { - *array = NULL; - *n_array = 0; - return CKR_OK; - } - - /* Point our arguments into the buffer */ - if (!p11_rpc_buffer_get_byte_array (msg->input, &msg->parsed, &data, &n_data)) - return PARSE_ERROR; - - *array = (CK_BYTE_PTR)data; - *n_array = n_data; - return CKR_OK; -} - -static CK_RV -proto_write_byte_array (p11_rpc_message *msg, - CK_BYTE_PTR array, - CK_ULONG len, - CK_RV ret) -{ - assert (msg != NULL); - - /* - * When returning an byte array, in many cases we need to pass - * an invalid array along with a length, which signifies CKR_BUFFER_TOO_SMALL. - */ - - switch (ret) { - case CKR_BUFFER_TOO_SMALL: - array = NULL; - /* fall through */ - case CKR_OK: - break; - - /* Pass all other errors straight through */ - default: - return ret; - }; - - if (!p11_rpc_message_write_byte_array (msg, array, len)) - return PREP_ERROR; - - return CKR_OK; -} - -static CK_RV -proto_read_ulong_buffer (p11_rpc_message *msg, - CK_ULONG_PTR *buffer, - CK_ULONG *n_buffer) -{ - uint32_t length; - - assert (msg != NULL); - assert (buffer != NULL); - assert (n_buffer != NULL); - assert (msg->input != NULL); - - /* Check that we're supposed to be reading this at this point */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "fu")); - - /* The number of ulongs there's room for on the other end */ - if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &length)) - return PARSE_ERROR; - - *n_buffer = length; - *buffer = NULL; - - /* If set to zero, then they just want the length */ - if (length == 0) - return CKR_OK; - - *buffer = p11_rpc_message_alloc_extra (msg, length * sizeof (CK_ULONG)); - if (!*buffer) - return CKR_DEVICE_MEMORY; - - return CKR_OK; -} - -static CK_RV -proto_write_ulong_array (p11_rpc_message *msg, - CK_ULONG_PTR array, - CK_ULONG len, - CK_RV ret) -{ - assert (msg != NULL); - - /* - * When returning an ulong array, in many cases we need to pass - * an invalid array along with a length, which signifies CKR_BUFFER_TOO_SMALL. - */ - - switch (ret) { - case CKR_BUFFER_TOO_SMALL: - array = NULL; - /* fall through */ - case CKR_OK: - break; - - /* Pass all other errors straight through */ - default: - return ret; - }; - - if (!p11_rpc_message_write_ulong_array (msg, array, len)) - return PREP_ERROR; - - return CKR_OK; -} - -static CK_RV -proto_read_attribute_buffer (p11_rpc_message *msg, - CK_ATTRIBUTE_PTR *result, - CK_ULONG *n_result) -{ - CK_ATTRIBUTE_PTR attrs; - uint32_t n_attrs, i; - uint32_t value; - - assert (msg != NULL); - assert (result != NULL); - assert (n_result != NULL); - assert (msg->input != NULL); - - /* Make sure this is in the rigth order */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "fA")); - - /* Read the number of attributes */ - if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &n_attrs)) - return PARSE_ERROR; - - /* Allocate memory for the attribute structures */ - attrs = p11_rpc_message_alloc_extra (msg, n_attrs * sizeof (CK_ATTRIBUTE)); - if (attrs == NULL) - return CKR_DEVICE_MEMORY; - - /* Now go through and fill in each one */ - for (i = 0; i < n_attrs; ++i) { - - /* The attribute type */ - if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &value)) - return PARSE_ERROR; - - attrs[i].type = value; - - /* The number of bytes to allocate */ - if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &value)) - return PARSE_ERROR; - - if (value == 0) { - attrs[i].pValue = NULL; - attrs[i].ulValueLen = 0; - } else { - attrs[i].pValue = p11_rpc_message_alloc_extra (msg, value); - if (!attrs[i].pValue) - return CKR_DEVICE_MEMORY; - attrs[i].ulValueLen = value; - } - } - - *result = attrs; - *n_result = n_attrs; - return CKR_OK; -} - -static CK_RV -proto_read_attribute_array (p11_rpc_message *msg, - CK_ATTRIBUTE_PTR *result, - CK_ULONG *n_result) -{ - CK_ATTRIBUTE_PTR attrs; - const unsigned char *data; - unsigned char valid; - uint32_t n_attrs, i; - uint32_t value; - size_t n_data; - - assert (msg != NULL); - assert (result != NULL); - assert (n_result != NULL); - assert (msg->input != NULL); - - /* Make sure this is in the rigth order */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "aA")); - - /* Read the number of attributes */ - if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &n_attrs)) - return PARSE_ERROR; - - /* Allocate memory for the attribute structures */ - attrs = p11_rpc_message_alloc_extra (msg, n_attrs * sizeof (CK_ATTRIBUTE)); - if (attrs == NULL) - return CKR_DEVICE_MEMORY; - - /* Now go through and fill in each one */ - for (i = 0; i < n_attrs; ++i) { - - /* The attribute type */ - if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &value)) - return PARSE_ERROR; - - attrs[i].type = value; - - /* Whether this one is valid or not */ - if (!p11_rpc_buffer_get_byte (msg->input, &msg->parsed, &valid)) - return PARSE_ERROR; - - if (valid) { - if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &value)) - return PARSE_ERROR; - if (!p11_rpc_buffer_get_byte_array (msg->input, &msg->parsed, &data, &n_data)) - return PARSE_ERROR; - - if (data != NULL && n_data != value) { - p11_message ("attribute length and data do not match"); - return PARSE_ERROR; - } - - attrs[i].pValue = (CK_VOID_PTR)data; - attrs[i].ulValueLen = value; - } else { - attrs[i].pValue = NULL; - attrs[i].ulValueLen = -1; - } - } - - *result = attrs; - *n_result = n_attrs; - return CKR_OK; -} - -static CK_RV -proto_write_attribute_array (p11_rpc_message *msg, - CK_ATTRIBUTE_PTR array, - CK_ULONG len, - CK_RV ret) -{ - assert (msg != NULL); - - /* - * When returning an attribute array, certain errors aren't - * actually real errors, these are passed through to the other - * side along with the attribute array. - */ - - switch (ret) { - case CKR_ATTRIBUTE_SENSITIVE: - case CKR_ATTRIBUTE_TYPE_INVALID: - case CKR_BUFFER_TOO_SMALL: - case CKR_OK: - break; - - /* Pass all other errors straight through */ - default: - return ret; - }; - - if (!p11_rpc_message_write_attribute_array (msg, array, len) || - !p11_rpc_message_write_ulong (msg, ret)) - return PREP_ERROR; - - return CKR_OK; -} - -static CK_RV -proto_read_null_string (p11_rpc_message *msg, - CK_UTF8CHAR_PTR *val) -{ - const unsigned char *data; - size_t n_data; - - assert (msg != NULL); - assert (val != NULL); - assert (msg->input != NULL); - - /* Check that we're supposed to have this at this point */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "z")); - - if (!p11_rpc_buffer_get_byte_array (msg->input, &msg->parsed, &data, &n_data)) - return PARSE_ERROR; - - /* Allocate a block of memory for it */ - *val = p11_rpc_message_alloc_extra (msg, n_data + 1); - if (*val == NULL) - return CKR_DEVICE_MEMORY; - - memcpy (*val, data, n_data); - (*val)[n_data] = 0; - - return CKR_OK; -} - -static CK_RV -proto_read_mechanism (p11_rpc_message *msg, - CK_MECHANISM_PTR mech) -{ - const unsigned char *data; - uint32_t value; - size_t n_data; - - assert (msg != NULL); - assert (mech != NULL); - assert (msg->input != NULL); - - /* Make sure this is in the right order */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "M")); - - /* The mechanism type */ - if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &value)) - return PARSE_ERROR; - - /* The mechanism data */ - if (!p11_rpc_buffer_get_byte_array (msg->input, &msg->parsed, &data, &n_data)) - return PARSE_ERROR; - - mech->mechanism = value; - mech->pParameter = (CK_VOID_PTR)data; - mech->ulParameterLen = n_data; - return CKR_OK; -} - -static CK_RV -proto_write_info (p11_rpc_message *msg, - CK_INFO_PTR info) -{ - assert (msg != NULL); - assert (info != NULL); - - if (!p11_rpc_message_write_version (msg, &info->cryptokiVersion) || - !p11_rpc_message_write_space_string (msg, info->manufacturerID, 32) || - !p11_rpc_message_write_ulong (msg, info->flags) || - !p11_rpc_message_write_space_string (msg, info->libraryDescription, 32) || - !p11_rpc_message_write_version (msg, &info->libraryVersion)) - return PREP_ERROR; - - return CKR_OK; -} - -static CK_RV -proto_write_slot_info (p11_rpc_message *msg, - CK_SLOT_INFO_PTR info) -{ - assert (msg != NULL); - assert (info != NULL); - - if (!p11_rpc_message_write_space_string (msg, info->slotDescription, 64) || - !p11_rpc_message_write_space_string (msg, info->manufacturerID, 32) || - !p11_rpc_message_write_ulong (msg, info->flags) || - !p11_rpc_message_write_version (msg, &info->hardwareVersion) || - !p11_rpc_message_write_version (msg, &info->firmwareVersion)) - return PREP_ERROR; - - return CKR_OK; -} - -static CK_RV -proto_write_token_info (p11_rpc_message *msg, - CK_TOKEN_INFO_PTR info) -{ - assert (msg != NULL); - assert (info != NULL); - - if (!p11_rpc_message_write_space_string (msg, info->label, 32) || - !p11_rpc_message_write_space_string (msg, info->manufacturerID, 32) || - !p11_rpc_message_write_space_string (msg, info->model, 16) || - !p11_rpc_message_write_space_string (msg, info->serialNumber, 16) || - !p11_rpc_message_write_ulong (msg, info->flags) || - !p11_rpc_message_write_ulong (msg, info->ulMaxSessionCount) || - !p11_rpc_message_write_ulong (msg, info->ulSessionCount) || - !p11_rpc_message_write_ulong (msg, info->ulMaxRwSessionCount) || - !p11_rpc_message_write_ulong (msg, info->ulRwSessionCount) || - !p11_rpc_message_write_ulong (msg, info->ulMaxPinLen) || - !p11_rpc_message_write_ulong (msg, info->ulMinPinLen) || - !p11_rpc_message_write_ulong (msg, info->ulTotalPublicMemory) || - !p11_rpc_message_write_ulong (msg, info->ulFreePublicMemory) || - !p11_rpc_message_write_ulong (msg, info->ulTotalPrivateMemory) || - !p11_rpc_message_write_ulong (msg, info->ulFreePrivateMemory) || - !p11_rpc_message_write_version (msg, &info->hardwareVersion) || - !p11_rpc_message_write_version (msg, &info->firmwareVersion) || - !p11_rpc_message_write_space_string (msg, info->utcTime, 16)) - return PREP_ERROR; - - return CKR_OK; -} - -static CK_RV -proto_write_mechanism_info (p11_rpc_message *msg, - CK_MECHANISM_INFO_PTR info) -{ - assert (msg != NULL); - assert (info != NULL); - - if (!p11_rpc_message_write_ulong (msg, info->ulMinKeySize) || - !p11_rpc_message_write_ulong (msg, info->ulMaxKeySize) || - !p11_rpc_message_write_ulong (msg, info->flags)) - return PREP_ERROR; - - return CKR_OK; -} - -static CK_RV -proto_write_session_info (p11_rpc_message *msg, - CK_SESSION_INFO_PTR info) -{ - assert (msg != NULL); - assert (info != NULL); - - if (!p11_rpc_message_write_ulong (msg, info->slotID) || - !p11_rpc_message_write_ulong (msg, info->state) || - !p11_rpc_message_write_ulong (msg, info->flags) || - !p11_rpc_message_write_ulong (msg, info->ulDeviceError)) - return PREP_ERROR; - - return CKR_OK; -} - -static CK_RV -call_ready (p11_rpc_message *msg) -{ - assert (msg->output); - - /* - * Called right before invoking the actual PKCS#11 function - * Reading out of data is complete, get ready to write return values. - */ - - if (p11_buffer_failed (msg->output)) { - p11_message ("invalid request from module, probably too short"); \ - return PARSE_ERROR; - } - - assert (p11_rpc_message_is_verified (msg)); - - /* All done parsing input */ - msg->input = NULL; - - if (!p11_rpc_message_prep (msg, msg->call_id, P11_RPC_RESPONSE)) { - p11_message ("couldn't initialize rpc response"); - return CKR_DEVICE_MEMORY; - } - - return CKR_OK; -} - -/* ------------------------------------------------------------------- - * CALL MACROS - */ - -#define BEGIN_CALL(call_id) \ - p11_debug (#call_id ": enter"); \ - assert (msg != NULL); \ - assert (self != NULL); \ - { \ - CK_X_##call_id _func = self->C_##call_id; \ - CK_RV _ret = CKR_OK; \ - if (!_func) { _ret = CKR_GENERAL_ERROR; goto _cleanup; } - -#define PROCESS_CALL(args) \ - _ret = call_ready (msg); \ - if (_ret != CKR_OK) { goto _cleanup; } \ - _ret = _func args - -#define END_CALL \ - _cleanup: \ - p11_debug ("ret: %d", (int)_ret); \ - return _ret; \ - } - -#define IN_BYTE(val) \ - if (!p11_rpc_message_read_byte (msg, &val)) \ - { _ret = PARSE_ERROR; goto _cleanup; } - -#define IN_ULONG(val) \ - if (!p11_rpc_message_read_ulong (msg, &val)) \ - { _ret = PARSE_ERROR; goto _cleanup; } - -#define IN_STRING(val) \ - _ret = proto_read_null_string (msg, &val); \ - if (_ret != CKR_OK) goto _cleanup; - -#define IN_BYTE_BUFFER(buffer, buffer_len) \ - _ret = proto_read_byte_buffer (msg, &buffer, &buffer_len); \ - if (_ret != CKR_OK) goto _cleanup; - -#define IN_BYTE_ARRAY(buffer, buffer_len) \ - _ret = proto_read_byte_array (msg, &buffer, &buffer_len); \ - if (_ret != CKR_OK) goto _cleanup; - -#define IN_ULONG_BUFFER(buffer, buffer_len) \ - _ret = proto_read_ulong_buffer (msg, &buffer, &buffer_len); \ - if (_ret != CKR_OK) goto _cleanup; - -#define IN_ATTRIBUTE_BUFFER(buffer, buffer_len) \ - _ret = proto_read_attribute_buffer (msg, &buffer, &buffer_len); \ - if (_ret != CKR_OK) goto _cleanup; - -#define IN_ATTRIBUTE_ARRAY(attrs, n_attrs) \ - _ret = proto_read_attribute_array (msg, &attrs, &n_attrs); \ - if (_ret != CKR_OK) goto _cleanup; - -#define IN_MECHANISM(mech) \ - _ret = proto_read_mechanism (msg, &mech); \ - if (_ret != CKR_OK) goto _cleanup; - - -#define OUT_ULONG(val) \ - if (_ret == CKR_OK && !p11_rpc_message_write_ulong (msg, val)) \ - _ret = PREP_ERROR; - -#define OUT_BYTE_ARRAY(array, len) \ - /* Note how we filter return codes */ \ - _ret = proto_write_byte_array (msg, array, len, _ret); - -#define OUT_ULONG_ARRAY(array, len) \ - /* Note how we filter return codes */ \ - _ret = proto_write_ulong_array (msg, array, len, _ret); - -#define OUT_ATTRIBUTE_ARRAY(array, len) \ - /* Note how we filter return codes */ \ - _ret = proto_write_attribute_array (msg, array, len, _ret); - -#define OUT_INFO(val) \ - if (_ret == CKR_OK) \ - _ret = proto_write_info (msg, &val); - -#define OUT_SLOT_INFO(val) \ - if (_ret == CKR_OK) \ - _ret = proto_write_slot_info (msg, &val); - -#define OUT_TOKEN_INFO(val) \ - if (_ret == CKR_OK) \ - _ret = proto_write_token_info (msg, &val); - -#define OUT_MECHANISM_INFO(val) \ - if (_ret == CKR_OK) \ - _ret = proto_write_mechanism_info (msg, &val); - -#define OUT_SESSION_INFO(val) \ - if (_ret == CKR_OK) \ - _ret = proto_write_session_info (msg, &val); - -/* --------------------------------------------------------------------------- - * DISPATCH SPECIFIC CALLS - */ - -static CK_RV -rpc_C_Initialize (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_X_Initialize func; - CK_C_INITIALIZE_ARGS init_args; - CK_BYTE_PTR handshake; - CK_ULONG n_handshake; - CK_BYTE reserved_present = 0; - CK_BYTE_PTR reserved = NULL; - CK_ULONG n_reserved; - CK_RV ret = CKR_OK; - - p11_debug ("C_Initialize: enter"); - - assert (msg != NULL); - assert (self != NULL); - - ret = proto_read_byte_array (msg, &handshake, &n_handshake); - if (ret == CKR_OK) { - - /* Check to make sure the header matches */ - if (n_handshake != P11_RPC_HANDSHAKE_LEN || - memcmp (handshake, P11_RPC_HANDSHAKE, n_handshake) != 0) { - p11_message ("invalid handshake received from connecting module"); - ret = CKR_GENERAL_ERROR; - } - } - - if (ret == CKR_OK) { - if (!p11_rpc_message_read_byte (msg, &reserved_present)) - ret = PARSE_ERROR; - } - - if (ret == CKR_OK) { - ret = proto_read_byte_array (msg, &reserved, &n_reserved); - - assert (p11_rpc_message_is_verified (msg)); - } - - if (ret == CKR_OK) { - memset (&init_args, 0, sizeof (init_args)); - init_args.flags = CKF_OS_LOCKING_OK; - init_args.pReserved = reserved_present ? reserved : NULL; - - func = self->C_Initialize; - assert (func != NULL); - ret = (func) (self, &init_args); - - /* Empty response */ - if (ret == CKR_OK) - ret = call_ready (msg); - } - - p11_debug ("ret: %d", (int)ret); - return ret; -} - -static CK_RV -rpc_C_Finalize (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - BEGIN_CALL (Finalize); - PROCESS_CALL ((self, NULL)); - END_CALL; -} - -static CK_RV -rpc_C_GetInfo (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_INFO info; - - BEGIN_CALL (GetInfo); - PROCESS_CALL ((self, &info)); - OUT_INFO (info); - END_CALL; -} - -static CK_RV -rpc_C_GetSlotList (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_BBOOL token_present; - CK_SLOT_ID_PTR slot_list; - CK_ULONG count; - - BEGIN_CALL (GetSlotList); - IN_BYTE (token_present); - IN_ULONG_BUFFER (slot_list, count); - PROCESS_CALL ((self, token_present, slot_list, &count)); - OUT_ULONG_ARRAY (slot_list, count); - END_CALL; -} - -static CK_RV -rpc_C_GetSlotInfo (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SLOT_ID slot_id; - CK_SLOT_INFO info; - - BEGIN_CALL (GetSlotInfo); - IN_ULONG (slot_id); - PROCESS_CALL ((self, slot_id, &info)); - OUT_SLOT_INFO (info); - END_CALL; -} - -static CK_RV -rpc_C_GetTokenInfo (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SLOT_ID slot_id; - CK_TOKEN_INFO info; - - BEGIN_CALL (GetTokenInfo); - IN_ULONG (slot_id); - PROCESS_CALL ((self, slot_id, &info)); - OUT_TOKEN_INFO (info); - END_CALL; -} - -static CK_RV -rpc_C_GetMechanismList (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SLOT_ID slot_id; - CK_MECHANISM_TYPE_PTR mechanism_list; - CK_ULONG count; - - BEGIN_CALL (GetMechanismList); - IN_ULONG (slot_id); - IN_ULONG_BUFFER (mechanism_list, count); - PROCESS_CALL ((self, slot_id, mechanism_list, &count)); - OUT_ULONG_ARRAY (mechanism_list, count); - END_CALL; -} - -static CK_RV -rpc_C_GetMechanismInfo (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SLOT_ID slot_id; - CK_MECHANISM_TYPE type; - CK_MECHANISM_INFO info; - - BEGIN_CALL (GetMechanismInfo); - IN_ULONG (slot_id); - IN_ULONG (type); - PROCESS_CALL ((self, slot_id, type, &info)); - OUT_MECHANISM_INFO (info); - END_CALL; -} - -static CK_RV -rpc_C_InitToken (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SLOT_ID slot_id; - CK_UTF8CHAR_PTR pin; - CK_ULONG pin_len; - CK_UTF8CHAR_PTR label; - - BEGIN_CALL (InitToken); - IN_ULONG (slot_id); - IN_BYTE_ARRAY (pin, pin_len); - IN_STRING (label); - PROCESS_CALL ((self, slot_id, pin, pin_len, label)); - END_CALL; -} - -static CK_RV -rpc_C_WaitForSlotEvent (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_FLAGS flags; - CK_SLOT_ID slot_id; - - BEGIN_CALL (WaitForSlotEvent); - IN_ULONG (flags); - PROCESS_CALL ((self, flags, &slot_id, NULL)); - OUT_ULONG (slot_id); - END_CALL; -} - -static CK_RV -rpc_C_OpenSession (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SLOT_ID slot_id; - CK_FLAGS flags; - CK_SESSION_HANDLE session; - - BEGIN_CALL (OpenSession); - IN_ULONG (slot_id); - IN_ULONG (flags); - PROCESS_CALL ((self, slot_id, flags, NULL, NULL, &session)); - OUT_ULONG (session); - END_CALL; -} - - -static CK_RV -rpc_C_CloseSession (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - - BEGIN_CALL (CloseSession); - IN_ULONG (session); - PROCESS_CALL ((self, session)); - END_CALL; -} - -static CK_RV -rpc_C_CloseAllSessions (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SLOT_ID slot_id; - - /* Slot id becomes apartment so lower layers can tell clients apart. */ - - BEGIN_CALL (CloseAllSessions); - IN_ULONG (slot_id); - PROCESS_CALL ((self, slot_id)); - END_CALL; -} - -static CK_RV -rpc_C_GetSessionInfo (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_SESSION_INFO info; - - BEGIN_CALL (GetSessionInfo); - IN_ULONG (session); - PROCESS_CALL ((self, session, &info)); - OUT_SESSION_INFO (info); - END_CALL; -} - -static CK_RV -rpc_C_InitPIN (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_UTF8CHAR_PTR pin; - CK_ULONG pin_len; - - BEGIN_CALL (InitPIN); - IN_ULONG (session); - IN_BYTE_ARRAY (pin, pin_len); - PROCESS_CALL ((self, session, pin, pin_len)); - END_CALL; -} - -static CK_RV -rpc_C_SetPIN (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_UTF8CHAR_PTR old_pin; - CK_ULONG old_len; - CK_UTF8CHAR_PTR new_pin; - CK_ULONG new_len; - - BEGIN_CALL (SetPIN); - IN_ULONG (session); - IN_BYTE_ARRAY (old_pin, old_len); - IN_BYTE_ARRAY (new_pin, new_len); - PROCESS_CALL ((self, session, old_pin, old_len, new_pin, new_len)); - END_CALL; -} - -static CK_RV -rpc_C_GetOperationState (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR operation_state; - CK_ULONG operation_state_len; - - BEGIN_CALL (GetOperationState); - IN_ULONG (session); - IN_BYTE_BUFFER (operation_state, operation_state_len); - PROCESS_CALL ((self, session, operation_state, &operation_state_len)); - OUT_BYTE_ARRAY (operation_state, operation_state_len); - END_CALL; -} - -static CK_RV -rpc_C_SetOperationState (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR operation_state; - CK_ULONG operation_state_len; - CK_OBJECT_HANDLE encryption_key; - CK_OBJECT_HANDLE authentication_key; - - BEGIN_CALL (SetOperationState); - IN_ULONG (session); - IN_BYTE_ARRAY (operation_state, operation_state_len); - IN_ULONG (encryption_key); - IN_ULONG (authentication_key); - PROCESS_CALL ((self, session, operation_state, operation_state_len, encryption_key, authentication_key)); - END_CALL; -} - -static CK_RV -rpc_C_Login (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_USER_TYPE user_type; - CK_UTF8CHAR_PTR pin; - CK_ULONG pin_len; - - BEGIN_CALL (Login); - IN_ULONG (session); - IN_ULONG (user_type); - IN_BYTE_ARRAY (pin, pin_len); - PROCESS_CALL ((self, session, user_type, pin, pin_len)); - END_CALL; -} - -static CK_RV -rpc_C_Logout (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - - BEGIN_CALL (Logout); - IN_ULONG (session); - PROCESS_CALL ((self, session)); - END_CALL; -} - -static CK_RV -rpc_C_CreateObject (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_ATTRIBUTE_PTR template; - CK_ULONG count; - CK_OBJECT_HANDLE new_object; - - BEGIN_CALL (CreateObject); - IN_ULONG (session); - IN_ATTRIBUTE_ARRAY (template, count); - PROCESS_CALL ((self, session, template, count, &new_object)); - OUT_ULONG (new_object); - END_CALL; -} - -static CK_RV -rpc_C_CopyObject (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE object; - CK_ATTRIBUTE_PTR template; - CK_ULONG count; - CK_OBJECT_HANDLE new_object; - - BEGIN_CALL (CopyObject); - IN_ULONG (session); - IN_ULONG (object); - IN_ATTRIBUTE_ARRAY (template, count); - PROCESS_CALL ((self, session, object, template, count, &new_object)); - OUT_ULONG (new_object); - END_CALL; -} - -static CK_RV -rpc_C_DestroyObject (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE object; - - BEGIN_CALL (DestroyObject); - IN_ULONG (session); - IN_ULONG (object); - PROCESS_CALL ((self, session, object)); - END_CALL; -} - -static CK_RV -rpc_C_GetObjectSize (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE object; - CK_ULONG size; - - BEGIN_CALL (GetObjectSize); - IN_ULONG (session); - IN_ULONG (object); - PROCESS_CALL ((self, session, object, &size)); - OUT_ULONG (size); - END_CALL; -} - -static CK_RV -rpc_C_GetAttributeValue (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE object; - CK_ATTRIBUTE_PTR template; - CK_ULONG count; - - BEGIN_CALL (GetAttributeValue); - IN_ULONG (session); - IN_ULONG (object); - IN_ATTRIBUTE_BUFFER (template, count); - PROCESS_CALL ((self, session, object, template, count)); - OUT_ATTRIBUTE_ARRAY (template, count); - END_CALL; -} - -static CK_RV -rpc_C_SetAttributeValue (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE object; - CK_ATTRIBUTE_PTR template; - CK_ULONG count; - - BEGIN_CALL (SetAttributeValue); - IN_ULONG (session); - IN_ULONG (object); - IN_ATTRIBUTE_ARRAY (template, count); - PROCESS_CALL ((self, session, object, template, count)); - END_CALL; -} - -static CK_RV -rpc_C_FindObjectsInit (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_ATTRIBUTE_PTR template; - CK_ULONG count; - - BEGIN_CALL (FindObjectsInit); - IN_ULONG (session); - IN_ATTRIBUTE_ARRAY (template, count); - PROCESS_CALL ((self, session, template, count)); - END_CALL; -} - -static CK_RV -rpc_C_FindObjects (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE_PTR objects; - CK_ULONG max_object_count; - CK_ULONG object_count; - - BEGIN_CALL (FindObjects); - IN_ULONG (session); - IN_ULONG_BUFFER (objects, max_object_count); - PROCESS_CALL ((self, session, objects, max_object_count, &object_count)); - OUT_ULONG_ARRAY (objects, object_count); - END_CALL; -} - -static CK_RV -rpc_C_FindObjectsFinal (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - - BEGIN_CALL (FindObjectsFinal); - IN_ULONG (session); - PROCESS_CALL ((self, session)); - END_CALL; -} - -static CK_RV -rpc_C_EncryptInit (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; - CK_OBJECT_HANDLE key; - - BEGIN_CALL (EncryptInit); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ULONG (key); - PROCESS_CALL ((self, session, &mechanism, key)); - END_CALL; - -} - -static CK_RV -rpc_C_Encrypt (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR data; - CK_ULONG data_len; - CK_BYTE_PTR encrypted_data; - CK_ULONG encrypted_data_len; - - BEGIN_CALL (Encrypt); - IN_ULONG (session); - IN_BYTE_ARRAY (data, data_len); - IN_BYTE_BUFFER (encrypted_data, encrypted_data_len); - PROCESS_CALL ((self, session, data, data_len, encrypted_data, &encrypted_data_len)); - OUT_BYTE_ARRAY (encrypted_data, encrypted_data_len); - END_CALL; -} - -static CK_RV -rpc_C_EncryptUpdate (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR part; - CK_ULONG part_len; - CK_BYTE_PTR encrypted_part; - CK_ULONG encrypted_part_len; - - BEGIN_CALL (EncryptUpdate); - IN_ULONG (session); - IN_BYTE_ARRAY (part, part_len); - IN_BYTE_BUFFER (encrypted_part, encrypted_part_len); - PROCESS_CALL ((self, session, part, part_len, encrypted_part, &encrypted_part_len)); - OUT_BYTE_ARRAY (encrypted_part, encrypted_part_len); - END_CALL; -} - -static CK_RV -rpc_C_EncryptFinal (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR last_encrypted_part; - CK_ULONG last_encrypted_part_len; - - BEGIN_CALL (EncryptFinal); - IN_ULONG (session); - IN_BYTE_BUFFER (last_encrypted_part, last_encrypted_part_len); - PROCESS_CALL ((self, session, last_encrypted_part, &last_encrypted_part_len)); - OUT_BYTE_ARRAY (last_encrypted_part, last_encrypted_part_len); - END_CALL; -} - -static CK_RV -rpc_C_DecryptInit (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; - CK_OBJECT_HANDLE key; - - BEGIN_CALL (DecryptInit); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ULONG (key); - PROCESS_CALL ((self, session, &mechanism, key)); - END_CALL; -} - -static CK_RV -rpc_C_Decrypt (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR encrypted_data; - CK_ULONG encrypted_data_len; - CK_BYTE_PTR data; - CK_ULONG data_len; - - BEGIN_CALL (Decrypt); - IN_ULONG (session); - IN_BYTE_ARRAY (encrypted_data, encrypted_data_len); - IN_BYTE_BUFFER (data, data_len); - PROCESS_CALL ((self, session, encrypted_data, encrypted_data_len, data, &data_len)); - OUT_BYTE_ARRAY (data, data_len); - END_CALL; -} - -static CK_RV -rpc_C_DecryptUpdate (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR encrypted_part; - CK_ULONG encrypted_part_len; - CK_BYTE_PTR part; - CK_ULONG part_len; - - BEGIN_CALL (DecryptUpdate); - IN_ULONG (session); - IN_BYTE_ARRAY (encrypted_part, encrypted_part_len); - IN_BYTE_BUFFER (part, part_len); - PROCESS_CALL ((self, session, encrypted_part, encrypted_part_len, part, &part_len)); - OUT_BYTE_ARRAY (part, part_len); - END_CALL; -} - -static CK_RV -rpc_C_DecryptFinal (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR last_part; - CK_ULONG last_part_len; - - BEGIN_CALL (DecryptFinal); - IN_ULONG (session); - IN_BYTE_BUFFER (last_part, last_part_len); - PROCESS_CALL ((self, session, last_part, &last_part_len)); - OUT_BYTE_ARRAY (last_part, last_part_len); - END_CALL; -} - -static CK_RV -rpc_C_DigestInit (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; - - BEGIN_CALL (DigestInit); - IN_ULONG (session); - IN_MECHANISM (mechanism); - PROCESS_CALL ((self, session, &mechanism)); - END_CALL; -} - -static CK_RV -rpc_C_Digest (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR data; - CK_ULONG data_len; - CK_BYTE_PTR digest; - CK_ULONG digest_len; - - BEGIN_CALL (Digest); - IN_ULONG (session); - IN_BYTE_ARRAY (data, data_len); - IN_BYTE_BUFFER (digest, digest_len); - PROCESS_CALL ((self, session, data, data_len, digest, &digest_len)); - OUT_BYTE_ARRAY (digest, digest_len); - END_CALL; -} - -static CK_RV -rpc_C_DigestUpdate (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR part; - CK_ULONG part_len; - - BEGIN_CALL (DigestUpdate); - IN_ULONG (session); - IN_BYTE_ARRAY (part, part_len); - PROCESS_CALL ((self, session, part, part_len)); - END_CALL; -} - -static CK_RV -rpc_C_DigestKey (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE key; - - BEGIN_CALL (DigestKey); - IN_ULONG (session); - IN_ULONG (key); - PROCESS_CALL ((self, session, key)); - END_CALL; -} - -static CK_RV -rpc_C_DigestFinal (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR digest; - CK_ULONG digest_len; - - BEGIN_CALL (DigestFinal); - IN_ULONG (session); - IN_BYTE_BUFFER (digest, digest_len); - PROCESS_CALL ((self, session, digest, &digest_len)); - OUT_BYTE_ARRAY (digest, digest_len); - END_CALL; -} - -static CK_RV -rpc_C_SignInit (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; - CK_OBJECT_HANDLE key; - - BEGIN_CALL (SignInit); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ULONG (key); - PROCESS_CALL ((self, session, &mechanism, key)); - END_CALL; -} - -static CK_RV -rpc_C_Sign (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR part; - CK_ULONG part_len; - CK_BYTE_PTR signature; - CK_ULONG signature_len; - - BEGIN_CALL (Sign); - IN_ULONG (session); - IN_BYTE_ARRAY (part, part_len); - IN_BYTE_BUFFER (signature, signature_len); - PROCESS_CALL ((self, session, part, part_len, signature, &signature_len)); - OUT_BYTE_ARRAY (signature, signature_len); - END_CALL; - -} - -static CK_RV -rpc_C_SignUpdate (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR part; - CK_ULONG part_len; - - BEGIN_CALL (SignUpdate); - IN_ULONG (session); - IN_BYTE_ARRAY (part, part_len); - PROCESS_CALL ((self, session, part, part_len)); - END_CALL; -} - -static CK_RV -rpc_C_SignFinal (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR signature; - CK_ULONG signature_len; - - BEGIN_CALL (SignFinal); - IN_ULONG (session); - IN_BYTE_BUFFER (signature, signature_len); - PROCESS_CALL ((self, session, signature, &signature_len)); - OUT_BYTE_ARRAY (signature, signature_len); - END_CALL; -} - -static CK_RV -rpc_C_SignRecoverInit (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; - CK_OBJECT_HANDLE key; - - BEGIN_CALL (SignRecoverInit); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ULONG (key); - PROCESS_CALL ((self, session, &mechanism, key)); - END_CALL; -} - -static CK_RV -rpc_C_SignRecover (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR data; - CK_ULONG data_len; - CK_BYTE_PTR signature; - CK_ULONG signature_len; - - BEGIN_CALL (SignRecover); - IN_ULONG (session); - IN_BYTE_ARRAY (data, data_len); - IN_BYTE_BUFFER (signature, signature_len); - PROCESS_CALL ((self, session, data, data_len, signature, &signature_len)); - OUT_BYTE_ARRAY (signature, signature_len); - END_CALL; -} - -static CK_RV -rpc_C_VerifyInit (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; - CK_OBJECT_HANDLE key; - - BEGIN_CALL (VerifyInit); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ULONG (key); - PROCESS_CALL ((self, session, &mechanism, key)); - END_CALL; -} - -static CK_RV -rpc_C_Verify (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR data; - CK_ULONG data_len; - CK_BYTE_PTR signature; - CK_ULONG signature_len; - - BEGIN_CALL (Verify); - IN_ULONG (session); - IN_BYTE_ARRAY (data, data_len); - IN_BYTE_ARRAY (signature, signature_len); - PROCESS_CALL ((self, session, data, data_len, signature, signature_len)); - END_CALL; -} - -static CK_RV -rpc_C_VerifyUpdate (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR part; - CK_ULONG part_len; - - BEGIN_CALL (VerifyUpdate); - IN_ULONG (session); - IN_BYTE_ARRAY (part, part_len); - PROCESS_CALL ((self, session, part, part_len)); - END_CALL; -} - -static CK_RV -rpc_C_VerifyFinal (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR signature; - CK_ULONG signature_len; - - BEGIN_CALL (VerifyFinal); - IN_ULONG (session); - IN_BYTE_ARRAY (signature, signature_len); - PROCESS_CALL ((self, session, signature, signature_len)); - END_CALL; -} - -static CK_RV -rpc_C_VerifyRecoverInit (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; - CK_OBJECT_HANDLE key; - - BEGIN_CALL (VerifyRecoverInit); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ULONG (key); - PROCESS_CALL ((self, session, &mechanism, key)); - END_CALL; -} - -static CK_RV -rpc_C_VerifyRecover (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR signature; - CK_ULONG signature_len; - CK_BYTE_PTR data; - CK_ULONG data_len; - - BEGIN_CALL (VerifyRecover); - IN_ULONG (session); - IN_BYTE_ARRAY (signature, signature_len); - IN_BYTE_BUFFER (data, data_len); - PROCESS_CALL ((self, session, signature, signature_len, data, &data_len)); - OUT_BYTE_ARRAY (data, data_len); - END_CALL; -} - -static CK_RV -rpc_C_DigestEncryptUpdate (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR part; - CK_ULONG part_len; - CK_BYTE_PTR encrypted_part; - CK_ULONG encrypted_part_len; - - BEGIN_CALL (DigestEncryptUpdate); - IN_ULONG (session); - IN_BYTE_ARRAY (part, part_len); - IN_BYTE_BUFFER (encrypted_part, encrypted_part_len); - PROCESS_CALL ((self, session, part, part_len, encrypted_part, &encrypted_part_len)); - OUT_BYTE_ARRAY (encrypted_part, encrypted_part_len); - END_CALL; -} - -static CK_RV -rpc_C_DecryptDigestUpdate (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR encrypted_part; - CK_ULONG encrypted_part_len; - CK_BYTE_PTR part; - CK_ULONG part_len; - - BEGIN_CALL (DecryptDigestUpdate); - IN_ULONG (session); - IN_BYTE_ARRAY (encrypted_part, encrypted_part_len); - IN_BYTE_BUFFER (part, part_len); - PROCESS_CALL ((self, session, encrypted_part, encrypted_part_len, part, &part_len)); - OUT_BYTE_ARRAY (part, part_len); - END_CALL; -} - -static CK_RV -rpc_C_SignEncryptUpdate (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR part; - CK_ULONG part_len; - CK_BYTE_PTR encrypted_part; - CK_ULONG encrypted_part_len; - - BEGIN_CALL (SignEncryptUpdate); - IN_ULONG (session); - IN_BYTE_ARRAY (part, part_len); - IN_BYTE_BUFFER (encrypted_part, encrypted_part_len); - PROCESS_CALL ((self, session, part, part_len, encrypted_part, &encrypted_part_len)); - OUT_BYTE_ARRAY (encrypted_part, encrypted_part_len); - END_CALL; -} - -static CK_RV -rpc_C_DecryptVerifyUpdate (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR encrypted_part; - CK_ULONG encrypted_part_len; - CK_BYTE_PTR part; - CK_ULONG part_len; - - BEGIN_CALL (DecryptVerifyUpdate); - IN_ULONG (session); - IN_BYTE_ARRAY (encrypted_part, encrypted_part_len); - IN_BYTE_BUFFER (part, part_len); - PROCESS_CALL ((self, session, encrypted_part, encrypted_part_len, part, &part_len)); - OUT_BYTE_ARRAY (part, part_len); - END_CALL; -} - -static CK_RV -rpc_C_GenerateKey (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; - CK_ATTRIBUTE_PTR template; - CK_ULONG count; - CK_OBJECT_HANDLE key; - - BEGIN_CALL (GenerateKey); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ATTRIBUTE_ARRAY (template, count); - PROCESS_CALL ((self, session, &mechanism, template, count, &key)); - OUT_ULONG (key); - END_CALL; -} - -static CK_RV -rpc_C_GenerateKeyPair (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; - CK_ATTRIBUTE_PTR public_key_template; - CK_ULONG public_key_attribute_count; - CK_ATTRIBUTE_PTR private_key_template; - CK_ULONG private_key_attribute_count; - CK_OBJECT_HANDLE public_key; - CK_OBJECT_HANDLE private_key; - - BEGIN_CALL (GenerateKeyPair); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ATTRIBUTE_ARRAY (public_key_template, public_key_attribute_count); - IN_ATTRIBUTE_ARRAY (private_key_template, private_key_attribute_count); - PROCESS_CALL ((self, session, &mechanism, public_key_template, public_key_attribute_count, private_key_template, private_key_attribute_count, &public_key, &private_key)); - OUT_ULONG (public_key); - OUT_ULONG (private_key); - END_CALL; -} - -static CK_RV -rpc_C_WrapKey (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; - CK_OBJECT_HANDLE wrapping_key; - CK_OBJECT_HANDLE key; - CK_BYTE_PTR wrapped_key; - CK_ULONG wrapped_key_len; - - BEGIN_CALL (WrapKey); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ULONG (wrapping_key); - IN_ULONG (key); - IN_BYTE_BUFFER (wrapped_key, wrapped_key_len); - PROCESS_CALL ((self, session, &mechanism, wrapping_key, key, wrapped_key, &wrapped_key_len)); - OUT_BYTE_ARRAY (wrapped_key, wrapped_key_len); - END_CALL; -} - -static CK_RV -rpc_C_UnwrapKey (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; - CK_OBJECT_HANDLE unwrapping_key; - CK_BYTE_PTR wrapped_key; - CK_ULONG wrapped_key_len; - CK_ATTRIBUTE_PTR template; - CK_ULONG attribute_count; - CK_OBJECT_HANDLE key; - - BEGIN_CALL (UnwrapKey); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ULONG (unwrapping_key); - IN_BYTE_ARRAY (wrapped_key, wrapped_key_len); - IN_ATTRIBUTE_ARRAY (template, attribute_count); - PROCESS_CALL ((self, session, &mechanism, unwrapping_key, wrapped_key, wrapped_key_len, template, attribute_count, &key)); - OUT_ULONG (key); - END_CALL; -} - -static CK_RV -rpc_C_DeriveKey (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; - CK_OBJECT_HANDLE base_key; - CK_ATTRIBUTE_PTR template; - CK_ULONG attribute_count; - CK_OBJECT_HANDLE key; - - BEGIN_CALL (DeriveKey); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ULONG (base_key); - IN_ATTRIBUTE_ARRAY (template, attribute_count); - PROCESS_CALL ((self, session, &mechanism, base_key, template, attribute_count, &key)); - OUT_ULONG (key); - END_CALL; -} - -static CK_RV -rpc_C_SeedRandom (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR seed; - CK_ULONG seed_len; - - BEGIN_CALL (SeedRandom); - IN_ULONG (session); - IN_BYTE_ARRAY (seed, seed_len); - PROCESS_CALL ((self, session, seed, seed_len)); - END_CALL; -} - -static CK_RV -rpc_C_GenerateRandom (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR random_data; - CK_ULONG random_len; - - BEGIN_CALL (GenerateRandom); - IN_ULONG (session); - IN_BYTE_BUFFER (random_data, random_len); - PROCESS_CALL ((self, session, random_data, random_len)); - OUT_BYTE_ARRAY (random_data, random_len); - END_CALL; -} - -bool -p11_rpc_server_handle (CK_X_FUNCTION_LIST *self, - p11_buffer *request, - p11_buffer *response) -{ - p11_rpc_message msg; - CK_RV ret; - int req_id; - - return_val_if_fail (self != NULL, false); - return_val_if_fail (request != NULL, false); - return_val_if_fail (response != NULL, false); - - p11_message_clear (); - - p11_rpc_message_init (&msg, request, response); - - if (!p11_rpc_message_parse (&msg, P11_RPC_REQUEST)) { - p11_rpc_message_clear (&msg); - p11_message ("couldn't parse pkcs11 rpc message"); - return false; - } - - /* This should have been checked by the parsing code */ - assert (msg.call_id > P11_RPC_CALL_ERROR); - assert (msg.call_id < P11_RPC_CALL_MAX); - req_id = msg.call_id; - - switch(req_id) { - #define CASE_CALL(name) \ - case P11_RPC_CALL_##name: \ - ret = rpc_##name (self, &msg); \ - break; - CASE_CALL (C_Initialize) - CASE_CALL (C_Finalize) - CASE_CALL (C_GetInfo) - CASE_CALL (C_GetSlotList) - CASE_CALL (C_GetSlotInfo) - CASE_CALL (C_GetTokenInfo) - CASE_CALL (C_GetMechanismList) - CASE_CALL (C_GetMechanismInfo) - CASE_CALL (C_InitToken) - CASE_CALL (C_OpenSession) - CASE_CALL (C_CloseSession) - CASE_CALL (C_CloseAllSessions) - CASE_CALL (C_GetSessionInfo) - CASE_CALL (C_InitPIN) - CASE_CALL (C_SetPIN) - CASE_CALL (C_GetOperationState) - CASE_CALL (C_SetOperationState) - CASE_CALL (C_Login) - CASE_CALL (C_Logout) - CASE_CALL (C_CreateObject) - CASE_CALL (C_CopyObject) - CASE_CALL (C_DestroyObject) - CASE_CALL (C_GetObjectSize) - CASE_CALL (C_GetAttributeValue) - CASE_CALL (C_SetAttributeValue) - CASE_CALL (C_FindObjectsInit) - CASE_CALL (C_FindObjects) - CASE_CALL (C_FindObjectsFinal) - CASE_CALL (C_EncryptInit) - CASE_CALL (C_Encrypt) - CASE_CALL (C_EncryptUpdate) - CASE_CALL (C_EncryptFinal) - CASE_CALL (C_DecryptInit) - CASE_CALL (C_Decrypt) - CASE_CALL (C_DecryptUpdate) - CASE_CALL (C_DecryptFinal) - CASE_CALL (C_DigestInit) - CASE_CALL (C_Digest) - CASE_CALL (C_DigestUpdate) - CASE_CALL (C_DigestKey) - CASE_CALL (C_DigestFinal) - CASE_CALL (C_SignInit) - CASE_CALL (C_Sign) - CASE_CALL (C_SignUpdate) - CASE_CALL (C_SignFinal) - CASE_CALL (C_SignRecoverInit) - CASE_CALL (C_SignRecover) - CASE_CALL (C_VerifyInit) - CASE_CALL (C_Verify) - CASE_CALL (C_VerifyUpdate) - CASE_CALL (C_VerifyFinal) - CASE_CALL (C_VerifyRecoverInit) - CASE_CALL (C_VerifyRecover) - CASE_CALL (C_DigestEncryptUpdate) - CASE_CALL (C_DecryptDigestUpdate) - CASE_CALL (C_SignEncryptUpdate) - CASE_CALL (C_DecryptVerifyUpdate) - CASE_CALL (C_GenerateKey) - CASE_CALL (C_GenerateKeyPair) - CASE_CALL (C_WrapKey) - CASE_CALL (C_UnwrapKey) - CASE_CALL (C_DeriveKey) - CASE_CALL (C_SeedRandom) - CASE_CALL (C_GenerateRandom) - CASE_CALL (C_WaitForSlotEvent) - #undef CASE_CALL - default: - /* This should have been caught by the parse code */ - assert (0 && "Unchecked call"); - break; - }; - - if (p11_buffer_failed (msg.output)) { - p11_message ("out of memory error putting together message"); - p11_rpc_message_clear (&msg); - return false; - } - - /* A filled in response */ - if (ret == CKR_OK) { - - /* - * Since we're dealing with many many functions above generating - * these messages we want to make sure each of them actually - * does what it's supposed to. - */ - assert (p11_rpc_message_is_verified (&msg)); - assert (msg.call_type == P11_RPC_RESPONSE); - assert (msg.call_id == req_id); - assert (p11_rpc_calls[msg.call_id].response); - assert (strcmp (p11_rpc_calls[msg.call_id].response, msg.signature) == 0); - - /* Fill in an error respnose */ - } else { - if (!p11_rpc_message_prep (&msg, P11_RPC_CALL_ERROR, P11_RPC_RESPONSE) || - !p11_rpc_message_write_ulong (&msg, (uint32_t)ret) || - p11_buffer_failed (msg.output)) { - p11_message ("out of memory responding with error"); - p11_rpc_message_clear (&msg); - return false; - } - } - - p11_rpc_message_clear (&msg); - return true; -} - -int -p11_kit_remote_serve_module (CK_FUNCTION_LIST *module, - int in_fd, - int out_fd) -{ - p11_rpc_status status; - unsigned char version; - p11_virtual virt; - p11_buffer options; - p11_buffer buffer; - size_t state; - int ret = 1; - int code; - - return_val_if_fail (module != NULL, 1); - - p11_buffer_init (&options, 0); - p11_buffer_init (&buffer, 0); - - p11_virtual_init (&virt, &p11_virtual_base, module, NULL); - - switch (read (in_fd, &version, 1)) { - case 0: - goto out; - case 1: - if (version != 0) { - p11_message ("unspported version received: %d", (int)version); - goto out; - } - break; - default: - p11_message_err (errno, "couldn't read credential byte"); - goto out; - } - - version = 0; - switch (write (out_fd, &version, out_fd)) { - case 1: - break; - default: - p11_message_err (errno, "couldn't write credential byte"); - goto out; - } - - status = P11_RPC_OK; - while (status == P11_RPC_OK) { - state = 0; - code = 0; - - do { - status = p11_rpc_transport_read (in_fd, &state, &code, - &options, &buffer); - } while (status == P11_RPC_AGAIN); - - switch (status) { - case P11_RPC_OK: - break; - case P11_RPC_EOF: - ret = 0; - continue; - case P11_RPC_AGAIN: - assert_not_reached (); - case P11_RPC_ERROR: - p11_message_err (errno, "failed to read rpc message"); - goto out; - } - - if (!p11_rpc_server_handle (&virt.funcs, &buffer, &buffer)) { - p11_message ("unexpected error handling rpc message"); - goto out; - } - - state = 0; - options.len = 0; - do { - status = p11_rpc_transport_write (out_fd, &state, code, - &options, &buffer); - } while (status == P11_RPC_AGAIN); - - switch (status) { - case P11_RPC_OK: - break; - case P11_RPC_EOF: - case P11_RPC_AGAIN: - assert_not_reached (); - case P11_RPC_ERROR: - p11_message_err (errno, "failed to write rpc message"); - goto out; - } - } - -out: - p11_buffer_uninit (&buffer); - p11_buffer_uninit (&options); - - p11_virtual_uninit (&virt); - - return ret; -} diff --git a/p11-kit/rpc-transport.c b/p11-kit/rpc-transport.c deleted file mode 100644 index 5251e11..0000000 --- a/p11-kit/rpc-transport.c +++ /dev/null @@ -1,864 +0,0 @@ -/* - * Copyright (C) 2012 Stefan Walter - * Copyright (C) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "argv.h" -#include "compat.h" -#define P11_DEBUG_FLAG P11_DEBUG_RPC -#include "debug.h" -#include "message.h" -#include "pkcs11.h" -#include "private.h" -#include "rpc.h" -#include "rpc-message.h" - -#include - -#include -#include -#include -#include -#include -#include - -#ifdef OS_UNIX -#include -#include -#include -#include -#include -#include -#endif - -#ifdef OS_WIN32 -#include -#ifndef EWOULDBLOCK -#define EWOULDBLOCK WSAEWOULDBLOCK -#endif -#endif - -#ifndef EPROTO -#define EPROTO EIO -#endif - -typedef struct { - /* Never changes */ - int fd; - - /* Protected by the lock */ - p11_mutex_t write_lock; - int refs; - int last_code; - bool sent_creds; - - /* This data is protected by read mutex */ - p11_mutex_t read_lock; - bool read_creds; - uint32_t read_code; - uint32_t read_olen; - uint32_t read_dlen; -} rpc_socket; - -static rpc_socket * -rpc_socket_new (int fd) -{ - rpc_socket *sock; - - sock = calloc (1, sizeof (rpc_socket)); - return_val_if_fail (sock != NULL, NULL); - - sock->fd = fd; - sock->last_code = 0x10; - sock->read_creds = false; - sock->sent_creds = false; - sock->refs = 1; - - p11_mutex_init (&sock->write_lock); - p11_mutex_init (&sock->read_lock); - - return sock; -} - -#if 0 -static rpc_socket * -rpc_socket_ref (rpc_socket *sock) -{ - assert (sock != NULL); - - p11_mutex_lock (&sock->write_lock); - sock->refs++; - p11_mutex_unlock (&sock->write_lock); - - return sock; -} - -static bool -rpc_socket_is_open (rpc_socket *sock) -{ - assert (sock != NULL); - return sock->fd >= 0; -} -#endif - -static void -rpc_socket_close (rpc_socket *sock) -{ - assert (sock != NULL); - if (sock->fd != -1) - close (sock->fd); - sock->fd = -1; -} - -static void -rpc_socket_unref (rpc_socket *sock) -{ - int release = 0; - - assert (sock != NULL); - - p11_mutex_lock (&sock->write_lock); - if (--sock->refs == 0) - release = 1; - p11_mutex_unlock (&sock->write_lock); - - if (!release) - return; - - assert (sock != NULL); - assert (sock->refs == 0); - - rpc_socket_close (sock); - p11_mutex_uninit (&sock->write_lock); - p11_mutex_uninit (&sock->read_lock); -} - -static bool -write_all (int fd, - unsigned char* data, - size_t len) -{ - int r; - - while (len > 0) { - r = write (fd, data, len); - if (r == -1) { - if (errno == EPIPE) { - p11_message ("couldn't send data: closed connection"); - return false; - } else if (errno != EAGAIN && errno != EINTR) { - p11_message_err (errno, "couldn't send data"); - return false; - } - } else { - p11_debug ("wrote %d bytes", r); - data += r; - len -= r; - } - } - - return true; -} - -static bool -read_all (int fd, - unsigned char* data, - size_t len) -{ - int r; - - while (len > 0) { - r = read (fd, data, len); - if (r == 0) { - p11_message ("couldn't receive data: closed connection"); - return false; - } else if (r == -1) { - if (errno != EAGAIN && errno != EINTR) { - p11_message_err (errno, "couldn't receive data"); - return false; - } - } else { - p11_debug ("read %d bytes", r); - data += r; - len -= r; - } - } - - return true; -} - -static CK_RV -rpc_socket_write_inlock (rpc_socket *sock, - int code, - p11_buffer *options, - p11_buffer *buffer) -{ - unsigned char header[12]; - unsigned char dummy = '\0'; - - /* The socket is locked and referenced at this point */ - assert (buffer != NULL); - - /* Place holder byte, will later carry unix credentials (on some systems) */ - if (!sock->sent_creds) { - if (write_all (sock->fd, &dummy, 1) != 1) { - p11_message_err (errno, "couldn't send socket credentials"); - return CKR_DEVICE_ERROR; - } - sock->sent_creds = true; - } - - p11_rpc_buffer_encode_uint32 (header, code); - p11_rpc_buffer_encode_uint32 (header + 4, options->len); - p11_rpc_buffer_encode_uint32 (header + 8, buffer->len); - - if (!write_all (sock->fd, header, 12) || - !write_all (sock->fd, options->data, options->len) || - !write_all (sock->fd, buffer->data, buffer->len)) - return CKR_DEVICE_ERROR; - - return CKR_OK; -} - -static p11_rpc_status -write_at (int fd, - unsigned char *data, - size_t len, - size_t offset, - size_t *at) -{ - p11_rpc_status status; - ssize_t num; - size_t from; - int errn; - - assert (*at >= offset); - - if (*at >= offset + len) - return P11_RPC_OK; - - from = *at - offset; - assert (from < len); - - num = write (fd, data + from, len - from); - errn = errno; - - /* Update state */ - if (num > 0) - *at += num; - - /* Completely written out this block */ - if (num == len - from) { - p11_debug ("ok: wrote block of %d", (int)num); - status = P11_RPC_OK; - - /* Partially written out this block */ - } else if (num >= 0) { - p11_debug ("again: partial read of %d", (int)num); - status = P11_RPC_AGAIN; - - /* Didn't write out block due to transient issue */ - } else if (errn == EINTR || errn == EAGAIN || errn == EWOULDBLOCK) { - p11_debug ("again: due to %d", errn); - status = P11_RPC_AGAIN; - - /* Failure */ - } else { - p11_debug ("error: due to %d", errn); - status = P11_RPC_ERROR; - } - - errno = errn; - return status; -} - -p11_rpc_status -p11_rpc_transport_write (int fd, - size_t *state, - int call_code, - p11_buffer *options, - p11_buffer *buffer) -{ - unsigned char header[12] = { 0, }; - p11_rpc_status status; - - assert (state != NULL); - assert (options != NULL); - assert (buffer != NULL); - - if (*state < 12) { - p11_rpc_buffer_encode_uint32 (header, call_code); - p11_rpc_buffer_encode_uint32 (header + 4, options->len); - p11_rpc_buffer_encode_uint32 (header + 8, buffer->len); - } - - status = write_at (fd, header, 12, 0, state); - - if (status == P11_RPC_OK) { - status = write_at (fd, options->data, options->len, - 12, state); - } - - if (status == P11_RPC_OK) { - status = write_at (fd, buffer->data, buffer->len, - 12 + options->len, state); - } - - /* All done */ - if (status == P11_RPC_OK) - *state = 0; - - return status; -} - -static int -rpc_socket_read (rpc_socket *sock, - int *code, - p11_buffer *buffer) -{ - CK_RV ret = CKR_DEVICE_ERROR; - unsigned char header[12]; - unsigned char dummy; - fd_set rfds; - - assert (code != NULL); - assert (buffer != NULL); - - /* - * We are not in the main socket lock here, but the socket - * is referenced, and won't go away - */ - - p11_mutex_lock (&sock->read_lock); - - if (!sock->read_creds) { - if (read_all (sock->fd, &dummy, 1) != 1) { - p11_mutex_unlock (&sock->read_lock); - return CKR_DEVICE_ERROR; - } - sock->read_creds = true; - } - - for (;;) { - /* No message header has been read yet? ... read one in */ - if (sock->read_code == 0) { - if (!read_all (sock->fd, header, 12)) - break; - - /* Decode and check the message header */ - sock->read_code = p11_rpc_buffer_decode_uint32 (header); - sock->read_olen = p11_rpc_buffer_decode_uint32 (header + 4); - sock->read_dlen = p11_rpc_buffer_decode_uint32 (header + 8); - if (sock->read_code == 0) { - p11_message ("received invalid rpc header values: perhaps wrong protocol"); - break; - } - } - - /* If it's our header (or caller doesn't care), then yay! */ - if (*code == -1 || sock->read_code == *code) { - - /* We ignore the options, so read into the same as buffer */ - if (!p11_buffer_reset (buffer, sock->read_olen) || - !p11_buffer_reset (buffer, sock->read_dlen)) { - warn_if_reached (); - break; - } - - /* Read in the the options first, and then data */ - if (!read_all (sock->fd, buffer->data, sock->read_olen) || - !read_all (sock->fd, buffer->data, sock->read_dlen)) - break; - - buffer->len = sock->read_dlen; - *code = sock->read_code; - - /* Yay, we got our data, off we go */ - sock->read_code = 0; - sock->read_olen = 0; - sock->read_dlen = 0; - ret = CKR_OK; - break; - } - - /* Give another thread the chance to read data for this header */ - if (sock->read_code != 0) { - p11_debug ("received header in wrong thread"); - p11_mutex_unlock (&sock->read_lock); - - /* Used as a simple wait */ - FD_ZERO (&rfds); - FD_SET (sock->fd, &rfds); - if (select (sock->fd + 1, &rfds, NULL, NULL, NULL) < 0) - p11_message ("couldn't use select to wait on rpc socket"); - - p11_mutex_lock (&sock->read_lock); - } - } - - p11_mutex_unlock (&sock->read_lock); - return ret; -} - -static p11_rpc_status -read_at (int fd, - unsigned char *data, - size_t len, - size_t offset, - size_t *at) -{ - p11_rpc_status status; - int errn; - ssize_t num; - size_t from; - - assert (*at >= offset); - - if (*at >= offset + len) - return P11_RPC_OK; - - from = *at - offset; - assert (from < len); - - num = read (fd, data + from, len - from); - errn = errno; - - /* Update state */ - if (num > 0) - *at += num; - - /* Completely read out this block */ - if (num == len - from) { - p11_debug ("ok: read block of %d", (int)num); - status = P11_RPC_OK; - - /* Partially read out this block */ - } else if (num > 0) { - p11_debug ("again: partial read of %d", (int)num); - status = P11_RPC_AGAIN; - - /* End of file, valid if at offset zero */ - } else if (num == 0) { - if (offset == 0) { - p11_debug ("eof: read zero bytes"); - status = P11_RPC_EOF; - } else { - p11_debug ("error: early truncate"); - errn = EPROTO; - status = P11_RPC_ERROR; - } - - /* Didn't read out block due to transient issue */ - } else if (errn == EINTR || errn == EAGAIN || errn == EWOULDBLOCK) { - p11_debug ("again: due to %d", errn); - status = P11_RPC_AGAIN; - - /* Failure */ - } else { - p11_debug ("error: due to %d", errn); - status = P11_RPC_ERROR; - } - - errno = errn; - return status; -} - -p11_rpc_status -p11_rpc_transport_read (int fd, - size_t *state, - int *call_code, - p11_buffer *options, - p11_buffer *buffer) -{ - unsigned char *header; - p11_rpc_status status; - size_t len; - - assert (state != NULL); - assert (call_code != NULL); - assert (options != NULL); - assert (buffer != NULL); - - /* Reading the header, we read it into @buffer */ - if (*state < 12) { - if (!p11_buffer_reset (buffer, 12)) - return_val_if_reached (P11_RPC_ERROR); - status = read_at (fd, buffer->data, 12, 0, state); - if (status != P11_RPC_OK) - return status; - - /* Parse out the header */ - header = buffer->data; - *call_code = p11_rpc_buffer_decode_uint32 (header); - len = p11_rpc_buffer_decode_uint32 (header + 4); - if (!p11_buffer_reset (options, len)) - return_val_if_reached (P11_RPC_ERROR); - options->len = len; - len = p11_rpc_buffer_decode_uint32 (header + 8); - if (!p11_buffer_reset (buffer, len)) - return_val_if_reached (P11_RPC_ERROR); - buffer->len = len; - } - - /* At this point options has a valid len field */ - status = read_at (fd, options->data, options->len, 12, state); - if (status == P11_RPC_OK) { - status = read_at (fd, buffer->data, buffer->len, - 12 + options->len, state); - } - - if (status == P11_RPC_OK) - *state = 0; - - return status; -} - -struct _p11_rpc_transport { - p11_rpc_client_vtable vtable; - p11_destroyer destroyer; - rpc_socket *socket; - p11_buffer options; -}; - -static void -rpc_transport_disconnect (p11_rpc_client_vtable *vtable, - void *init_reserved) -{ - p11_rpc_transport *rpc = (p11_rpc_transport *)vtable; - - if (rpc->socket) { - rpc_socket_close (rpc->socket); - rpc_socket_unref (rpc->socket); - rpc->socket = NULL; - } -} - -static bool -rpc_transport_init (p11_rpc_transport *rpc, - const char *module_name, - p11_destroyer destroyer) -{ - rpc->destroyer = destroyer; - - p11_buffer_init_null (&rpc->options, 0); - p11_buffer_add (&rpc->options, module_name, -1); - return_val_if_fail (p11_buffer_ok (&rpc->options), false); - - return true; -} - -static void -rpc_transport_uninit (p11_rpc_transport *rpc) -{ - p11_buffer_uninit (&rpc->options); -} - -static CK_RV -rpc_transport_buffer (p11_rpc_client_vtable *vtable, - p11_buffer *request, - p11_buffer *response) -{ - p11_rpc_transport *rpc = (p11_rpc_transport *)vtable; - CK_RV rv = CKR_OK; - rpc_socket *sock; - int call_code; - - assert (rpc != NULL); - assert (request != NULL); - assert (response != NULL); - - sock = rpc->socket; - assert (sock != NULL); - - p11_mutex_lock (&sock->write_lock); - assert (sock->refs > 0); - sock->refs++; - - /* Get the next socket reply code */ - call_code = sock->last_code++; - - if (sock->fd == -1) - rv = CKR_DEVICE_ERROR; - if (rv == CKR_OK) - rv = rpc_socket_write_inlock (sock, call_code, &rpc->options, request); - - /* We unlock the socket mutex while reading a response */ - if (rv == CKR_OK) { - p11_mutex_unlock (&sock->write_lock); - - rv = rpc_socket_read (sock, &call_code, response); - - p11_mutex_lock (&sock->write_lock); - } - - if (rv != CKR_OK && sock->fd != -1) { - p11_message ("closing socket due to protocol failure"); - close (sock->fd); - sock->fd = -1; - } - - sock->refs--; - assert (sock->refs > 0); - p11_mutex_unlock (&sock->write_lock); - - return rv; -} - -#ifdef OS_UNIX - -typedef struct { - p11_rpc_transport base; - p11_array *argv; - pid_t pid; -} rpc_exec; - -static void -rpc_exec_wait_or_terminate (pid_t pid) -{ - bool terminated = false; - int status; - int sig; - int ret; - int i; - - - for (i = 0; i < 3 * 1000; i += 100) { - ret = waitpid (pid, &status, WNOHANG); - if (ret != 0) - break; - p11_sleep_ms (100); - } - - if (ret == 0) { - p11_message ("process %d did not exit, terminating", (int)pid); - kill (pid, SIGTERM); - terminated = true; - ret = waitpid (pid, &status, 0); - } - - if (ret < 0) { - p11_message_err (errno, "failed to wait for executed child: %d", (int)pid); - status = 0; - } else if (WIFEXITED (status)) { - status = WEXITSTATUS (status); - if (status == 0) - p11_debug ("process %d exited with status 0", (int)pid); - else - p11_message ("process %d exited with status %d", (int)pid, status); - } else if (WIFSIGNALED (status)) { - sig = WTERMSIG (status); - if (!terminated || sig != SIGTERM) - p11_message ("process %d was terminated with signal %d", (int)pid, sig); - } -} - -static void -rpc_exec_disconnect (p11_rpc_client_vtable *vtable, - void *fini_reserved) -{ - rpc_exec *rex = (rpc_exec *)vtable; - - if (rex->base.socket) - rpc_socket_close (rex->base.socket); - - if (rex->pid) - rpc_exec_wait_or_terminate (rex->pid); - rex->pid = 0; - - /* Do the common disconnect stuff */ - rpc_transport_disconnect (vtable, fini_reserved); -} - -static int -set_cloexec_on_fd (void *data, - int fd) -{ - int *max_fd = data; - if (fd >= *max_fd) - fcntl (fd, F_SETFD, FD_CLOEXEC); - return 0; -} - -static CK_RV -rpc_exec_connect (p11_rpc_client_vtable *vtable, - void *init_reserved) -{ - rpc_exec *rex = (rpc_exec *)vtable; - pid_t pid; - int max_fd; - int fds[2]; - int errn; - - p11_debug ("executing rpc transport: %s", (char *)rex->argv->elem[0]); - - if (socketpair (AF_UNIX, SOCK_STREAM, 0, fds) < 0) { - p11_message_err (errno, "failed to create pipe for remote"); - return CKR_DEVICE_ERROR; - } - - pid = fork (); - switch (pid) { - - /* Failure */ - case -1: - close (fds[0]); - close (fds[1]); - p11_message_err (errno, "failed to fork for remote"); - return CKR_DEVICE_ERROR; - - /* Child */ - case 0: - if (dup2 (fds[1], STDIN_FILENO) < 0 || - dup2 (fds[1], STDOUT_FILENO) < 0) { - errn = errno; - p11_message_err (errn, "couldn't dup file descriptors in remote child"); - _exit (errn); - } - - /* Close file descriptors, except for above on exec */ - max_fd = STDERR_FILENO + 1; - fdwalk (set_cloexec_on_fd, &max_fd); - execvp (rex->argv->elem[0], (char **)rex->argv->elem); - - errn = errno; - p11_message_err (errn, "couldn't execute program for rpc: %s", - (char *)rex->argv->elem[0]); - _exit (errn); - - /* The parent */ - default: - break; - } - - close (fds[1]); - rex->pid = pid; - rex->base.socket = rpc_socket_new (fds[0]); - return_val_if_fail (rex->base.socket != NULL, CKR_GENERAL_ERROR); - - return CKR_OK; -} - -static void -rpc_exec_free (void *data) -{ - rpc_exec *rex = data; - rpc_exec_disconnect (data, NULL); - rpc_transport_uninit (&rex->base); - p11_array_free (rex->argv); - free (rex); -} - -static void -on_argv_parsed (char *argument, - void *data) -{ - p11_array *argv = data; - - if (!p11_array_push (argv, strdup (argument))) - return_if_reached (); -} - -static p11_rpc_transport * -rpc_exec_init (const char *remote, - const char *name) -{ - p11_array *argv; - rpc_exec *rex; - - argv = p11_array_new (free); - if (!p11_argv_parse (remote, on_argv_parsed, argv) || argv->num < 1) { - p11_message ("invalid remote command line: %s", remote); - p11_array_free (argv); - return NULL; - } - - rex = calloc (1, sizeof (rpc_exec)); - return_val_if_fail (rex != NULL, NULL); - - p11_array_push (argv, NULL); - rex->argv = argv; - - rex->base.vtable.connect = rpc_exec_connect; - rex->base.vtable.disconnect = rpc_exec_disconnect; - rex->base.vtable.transport = rpc_transport_buffer; - rpc_transport_init (&rex->base, name, rpc_exec_free); - - p11_debug ("initialized rpc exec: %s", remote); - return &rex->base; -} - -#endif /* OS_UNIX */ - -p11_rpc_transport * -p11_rpc_transport_new (p11_virtual *virt, - const char *remote, - const char *name) -{ - p11_rpc_transport *rpc = NULL; - - return_val_if_fail (virt != NULL, NULL); - return_val_if_fail (remote != NULL, NULL); - return_val_if_fail (name != NULL, NULL); - -#ifdef OS_WIN32 - p11_message ("Windows not yet supported for remote"); - return NULL; -#endif - - /* This is a command we can execute */ - if (remote[0] == '|') { - rpc = rpc_exec_init (remote + 1, name); - - } else { - p11_message ("remote not supported: %s", remote); - return NULL; - } - - if (!p11_rpc_client_init (virt, &rpc->vtable)) - return_val_if_reached (NULL); - - return rpc; -} - -void -p11_rpc_transport_free (void *data) -{ - p11_rpc_transport *rpc = data; - - if (rpc != NULL) { - assert (rpc->destroyer); - (rpc->destroyer) (data); - } -} diff --git a/p11-kit/rpc.h b/p11-kit/rpc.h deleted file mode 100644 index b129e61..0000000 --- a/p11-kit/rpc.h +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright (C) 2012 Stefan Walter - * Copyright (C) 2013 Stefan Walter - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef __P11_RPC_H__ -#define __P11_RPC_H__ - -#include "pkcs11.h" -#include "buffer.h" -#include "virtual.h" - -typedef struct _p11_rpc_client_vtable p11_rpc_client_vtable; - -struct _p11_rpc_client_vtable { - void *data; - - CK_RV (* connect) (p11_rpc_client_vtable *vtable, - void *init_reserved); - - CK_RV (* transport) (p11_rpc_client_vtable *vtable, - p11_buffer *request, - p11_buffer *response); - - void (* disconnect) (p11_rpc_client_vtable *vtable, - void *fini_reserved); -}; - -bool p11_rpc_client_init (p11_virtual *virt, - p11_rpc_client_vtable *vtable); - -bool p11_rpc_server_handle (CK_X_FUNCTION_LIST *funcs, - p11_buffer *request, - p11_buffer *response); - -extern CK_MECHANISM_TYPE * p11_rpc_mechanisms_override_supported; - -typedef struct _p11_rpc_transport p11_rpc_transport; - -p11_rpc_transport * p11_rpc_transport_new (p11_virtual *virt, - const char *remote, - const char *name); - -void p11_rpc_transport_free (void *transport); - -typedef enum { - P11_RPC_OK, - P11_RPC_EOF, - P11_RPC_AGAIN, - P11_RPC_ERROR -} p11_rpc_status; - -p11_rpc_status p11_rpc_transport_read (int fd, - size_t *state, - int *call_code, - p11_buffer *options, - p11_buffer *buffer); - -p11_rpc_status p11_rpc_transport_write (int fd, - size_t *state, - int call_code, - p11_buffer *options, - p11_buffer *buffer); - -#endif /* __P11_RPC_H__ */ diff --git a/p11-kit/test-conf.c b/p11-kit/test-conf.c deleted file mode 100644 index 94b8b01..0000000 --- a/p11-kit/test-conf.c +++ /dev/null @@ -1,456 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include -#include -#include -#include - -#include "conf.h" -#include "debug.h" -#include "message.h" -#include "p11-kit.h" -#include "private.h" - -#ifdef OS_UNIX -#include -#include -#include -#endif - -static void -test_parse_conf_1 (void) -{ - p11_dict *map; - const char *value; - - map = _p11_conf_parse_file (SRCDIR "/p11-kit/fixtures/test-1.conf", NULL, 0); - assert_ptr_not_null (map); - - value = p11_dict_get (map, "key1"); - assert_str_eq ("value1", value); - - value = p11_dict_get (map, "with-colon"); - assert_str_eq ("value-of-colon", value); - - value = p11_dict_get (map, "with-whitespace"); - assert_str_eq ("value-with-whitespace", value); - - value = p11_dict_get (map, "embedded-comment"); - assert_str_eq ("this is # not a comment", value); - - p11_dict_free (map); -} - -static void -test_parse_ignore_missing (void) -{ - p11_dict *map; - - map = _p11_conf_parse_file (SRCDIR "/p11-kit/fixtures/non-existant.conf", NULL, CONF_IGNORE_MISSING); - assert_ptr_not_null (map); - - assert_num_eq (0, p11_dict_size (map)); - assert (p11_message_last () == NULL); - p11_dict_free (map); -} - -static void -test_parse_fail_missing (void) -{ - p11_dict *map; - - map = _p11_conf_parse_file (SRCDIR "/p11-kit/fixtures/non-existant.conf", NULL, 0); - assert (map == NULL); - assert_ptr_not_null (p11_message_last ()); -} - -static void -test_merge_defaults (void) -{ - p11_dict *values; - p11_dict *defaults; - - values = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, free); - defaults = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, free); - - p11_dict_set (values, strdup ("one"), strdup ("real1")); - p11_dict_set (values, strdup ("two"), strdup ("real2")); - - p11_dict_set (defaults, strdup ("two"), strdup ("default2")); - p11_dict_set (defaults, strdup ("three"), strdup ("default3")); - - if (!_p11_conf_merge_defaults (values, defaults)) - assert_not_reached (); - - p11_dict_free (defaults); - - assert_str_eq (p11_dict_get (values, "one"), "real1"); - assert_str_eq (p11_dict_get (values, "two"), "real2"); - assert_str_eq (p11_dict_get (values, "three"), "default3"); - - p11_dict_free (values); -} - -static void -test_load_globals_merge (void) -{ - int user_mode = -1; - p11_dict *config; - - p11_message_clear (); - - config = _p11_conf_load_globals (SRCDIR "/p11-kit/fixtures/test-system-merge.conf", - SRCDIR "/p11-kit/fixtures/test-user.conf", - &user_mode); - assert_ptr_not_null (config); - assert (NULL == p11_message_last ()); - assert_num_eq (CONF_USER_MERGE, user_mode); - - assert_str_eq (p11_dict_get (config, "key1"), "system1"); - assert_str_eq (p11_dict_get (config, "key2"), "user2"); - assert_str_eq (p11_dict_get (config, "key3"), "user3"); - - p11_dict_free (config); -} - -static void -test_load_globals_no_user (void) -{ - int user_mode = -1; - p11_dict *config; - - p11_message_clear (); - - config = _p11_conf_load_globals (SRCDIR "/p11-kit/fixtures/test-system-none.conf", - SRCDIR "/p11-kit/fixtures/test-user.conf", - &user_mode); - assert_ptr_not_null (config); - assert (NULL == p11_message_last ()); - assert_num_eq (CONF_USER_NONE, user_mode); - - assert_str_eq (p11_dict_get (config, "key1"), "system1"); - assert_str_eq (p11_dict_get (config, "key2"), "system2"); - assert_str_eq (p11_dict_get (config, "key3"), "system3"); - - p11_dict_free (config); -} - -static void -test_load_globals_user_sets_only (void) -{ - int user_mode = -1; - p11_dict *config; - - p11_message_clear (); - - config = _p11_conf_load_globals (SRCDIR "/p11-kit/fixtures/test-system-merge.conf", - SRCDIR "/p11-kit/fixtures/test-user-only.conf", - &user_mode); - assert_ptr_not_null (config); - assert (NULL == p11_message_last ()); - assert_num_eq (CONF_USER_ONLY, user_mode); - - assert (p11_dict_get (config, "key1") == NULL); - assert_str_eq (p11_dict_get (config, "key2"), "user2"); - assert_str_eq (p11_dict_get (config, "key3"), "user3"); - - p11_dict_free (config); -} - -static void -test_load_globals_system_sets_only (void) -{ - int user_mode = -1; - p11_dict *config; - - p11_message_clear (); - - config = _p11_conf_load_globals (SRCDIR "/p11-kit/fixtures/test-system-only.conf", - SRCDIR "/p11-kit/fixtures/test-user.conf", - &user_mode); - assert_ptr_not_null (config); - assert (NULL == p11_message_last ()); - assert_num_eq (CONF_USER_ONLY, user_mode); - - assert (p11_dict_get (config, "key1") == NULL); - assert_str_eq (p11_dict_get (config, "key2"), "user2"); - assert_str_eq (p11_dict_get (config, "key3"), "user3"); - - p11_dict_free (config); -} - -static void -test_load_globals_system_sets_invalid (void) -{ - int user_mode = -1; - p11_dict *config; - int error; - - p11_message_clear (); - - config = _p11_conf_load_globals (SRCDIR "/p11-kit/fixtures/test-system-invalid.conf", - SRCDIR "/p11-kit/fixtures/non-existant.conf", - &user_mode); - error = errno; - assert_ptr_eq (NULL, config); - assert_num_eq (EINVAL, error); - assert_ptr_not_null (p11_message_last ()); - - p11_dict_free (config); -} - -static void -test_load_globals_user_sets_invalid (void) -{ - int user_mode = -1; - p11_dict *config; - int error; - - p11_message_clear (); - - config = _p11_conf_load_globals (SRCDIR "/p11-kit/fixtures/test-system-merge.conf", - SRCDIR "/p11-kit/fixtures/test-user-invalid.conf", - &user_mode); - error = errno; - assert_ptr_eq (NULL, config); - assert_num_eq (EINVAL, error); - assert_ptr_not_null (p11_message_last ()); - - p11_dict_free (config); -} - -static bool -assert_msg_contains (const char *msg, - const char *text) -{ - return (msg && strstr (msg, text)) ? true : false; -} - -static void -test_load_modules_merge (void) -{ - p11_dict *configs; - p11_dict *config; - - p11_message_clear (); - - configs = _p11_conf_load_modules (CONF_USER_MERGE, - SRCDIR "/p11-kit/fixtures/package-modules", - SRCDIR "/p11-kit/fixtures/system-modules", - SRCDIR "/p11-kit/fixtures/user-modules"); - assert_ptr_not_null (configs); - assert (assert_msg_contains (p11_message_last (), "invalid config filename")); - - config = p11_dict_get (configs, "one"); - assert_ptr_not_null (config); - assert_str_eq ("mock-one.so", p11_dict_get (config, "module")); - assert_str_eq (p11_dict_get (config, "setting"), "user1"); - - config = p11_dict_get (configs, "two.badname"); - assert_ptr_not_null (config); - assert_str_eq ("mock-two.so", p11_dict_get (config, "module")); - assert_str_eq (p11_dict_get (config, "setting"), "system2"); - - config = p11_dict_get (configs, "three"); - assert_ptr_not_null (config); - assert_str_eq ("mock-three.so", p11_dict_get (config, "module")); - assert_str_eq (p11_dict_get (config, "setting"), "user3"); - - p11_dict_free (configs); -} - -static void -test_load_modules_user_none (void) -{ - p11_dict *configs; - p11_dict *config; - - p11_message_clear (); - - configs = _p11_conf_load_modules (CONF_USER_NONE, - SRCDIR "/p11-kit/fixtures/package-modules", - SRCDIR "/p11-kit/fixtures/system-modules", - SRCDIR "/p11-kit/fixtures/user-modules"); - assert_ptr_not_null (configs); - assert (assert_msg_contains (p11_message_last (), "invalid config filename")); - - config = p11_dict_get (configs, "one"); - assert_ptr_not_null (config); - assert_str_eq ("mock-one.so", p11_dict_get (config, "module")); - assert_str_eq (p11_dict_get (config, "setting"), "system1"); - - config = p11_dict_get (configs, "two.badname"); - assert_ptr_not_null (config); - assert_str_eq ("mock-two.so", p11_dict_get (config, "module")); - assert_str_eq (p11_dict_get (config, "setting"), "system2"); - - config = p11_dict_get (configs, "three"); - assert_ptr_eq (NULL, config); - - p11_dict_free (configs); -} - -static void -test_load_modules_user_only (void) -{ - p11_dict *configs; - p11_dict *config; - - p11_message_clear (); - - configs = _p11_conf_load_modules (CONF_USER_ONLY, - SRCDIR "/p11-kit/fixtures/package-modules", - SRCDIR "/p11-kit/fixtures/system-modules", - SRCDIR "/p11-kit/fixtures/user-modules"); - assert_ptr_not_null (configs); - assert_ptr_eq (NULL, (void *)p11_message_last ()); - - config = p11_dict_get (configs, "one"); - assert_ptr_not_null (config); - assert (p11_dict_get (config, "module") == NULL); - assert_str_eq (p11_dict_get (config, "setting"), "user1"); - - config = p11_dict_get (configs, "two.badname"); - assert_ptr_eq (NULL, config); - - config = p11_dict_get (configs, "three"); - assert_ptr_not_null (config); - assert_str_eq ("mock-three.so", p11_dict_get (config, "module")); - assert_str_eq (p11_dict_get (config, "setting"), "user3"); - - p11_dict_free (configs); -} - -static void -test_load_modules_no_user (void) -{ - p11_dict *configs; - p11_dict *config; - - p11_message_clear (); - - configs = _p11_conf_load_modules (CONF_USER_MERGE, - SRCDIR "/p11-kit/fixtures/package-modules", - SRCDIR "/p11-kit/fixtures/system-modules", - SRCDIR "/p11-kit/fixtures/non-existant"); - assert_ptr_not_null (configs); - assert (assert_msg_contains (p11_message_last (), "invalid config filename")); - - config = p11_dict_get (configs, "one"); - assert_ptr_not_null (config); - assert_str_eq ("mock-one.so", p11_dict_get (config, "module")); - assert_str_eq (p11_dict_get (config, "setting"), "system1"); - - config = p11_dict_get (configs, "two.badname"); - assert_ptr_not_null (config); - assert_str_eq ("mock-two.so", p11_dict_get (config, "module")); - assert_str_eq (p11_dict_get (config, "setting"), "system2"); - - config = p11_dict_get (configs, "three"); - assert_ptr_eq (NULL, config); - - p11_dict_free (configs); -} - -static void -test_parse_boolean (void) -{ - p11_message_quiet (); - - assert_num_eq (true, _p11_conf_parse_boolean ("yes", false)); - assert_num_eq (false, _p11_conf_parse_boolean ("no", true)); - assert_num_eq (true, _p11_conf_parse_boolean ("!!!", true)); -} - -#ifdef OS_UNIX - -static void -test_setuid (void) -{ - const char *args[] = { BUILDDIR "/frob-setuid", NULL, }; - char *path; - int ret; - - /* This is the 'number' setting set in one.module user configuration. */ - ret = p11_test_run_child (args, true); - assert_num_eq (ret, 33); - - path = p11_test_copy_setgid (args[0]); - if (path == NULL) - return; - - args[0] = path; - - /* This is the 'number' setting set in one.module system configuration. */ - ret = p11_test_run_child (args, true); - assert_num_eq (ret, 18); - - if (unlink (path) < 0) - assert_fail ("unlink failed", strerror (errno)); - free (path); -} - -#endif /* OS_UNIX */ - -int -main (int argc, - char *argv[]) -{ - p11_test (test_parse_conf_1, "/conf/test_parse_conf_1"); - p11_test (test_parse_ignore_missing, "/conf/test_parse_ignore_missing"); - p11_test (test_parse_fail_missing, "/conf/test_parse_fail_missing"); - p11_test (test_merge_defaults, "/conf/test_merge_defaults"); - p11_test (test_load_globals_merge, "/conf/test_load_globals_merge"); - p11_test (test_load_globals_no_user, "/conf/test_load_globals_no_user"); - p11_test (test_load_globals_system_sets_only, "/conf/test_load_globals_system_sets_only"); - p11_test (test_load_globals_user_sets_only, "/conf/test_load_globals_user_sets_only"); - p11_test (test_load_globals_system_sets_invalid, "/conf/test_load_globals_system_sets_invalid"); - p11_test (test_load_globals_user_sets_invalid, "/conf/test_load_globals_user_sets_invalid"); - p11_test (test_load_modules_merge, "/conf/test_load_modules_merge"); - p11_test (test_load_modules_no_user, "/conf/test_load_modules_no_user"); - p11_test (test_load_modules_user_only, "/conf/test_load_modules_user_only"); - p11_test (test_load_modules_user_none, "/conf/test_load_modules_user_none"); - p11_test (test_parse_boolean, "/conf/test_parse_boolean"); -#ifdef OS_UNIX - /* Don't run this test when under fakeroot */ - if (!getenv ("FAKED_MODE")) { - p11_test (test_setuid, "/conf/setuid"); - } -#endif - return p11_test_run (argc, argv); -} diff --git a/p11-kit/test-deprecated.c b/p11-kit/test-deprecated.c deleted file mode 100644 index c8b8001..0000000 --- a/p11-kit/test-deprecated.c +++ /dev/null @@ -1,513 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * Copyright (c) 2012 Red Hat Inc - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#define P11_KIT_NO_DEPRECATIONS - -#include "config.h" -#include "test.h" - -#include "dict.h" -#include "library.h" -#include "p11-kit.h" -#include "private.h" -#include "mock.h" - -#include - -#include -#include -#include -#include -#include -#include -#include - -static CK_FUNCTION_LIST_PTR_PTR -initialize_and_get_modules (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - CK_RV rv; - - rv = p11_kit_initialize_registered (); - assert_num_eq (CKR_OK, rv); - modules = p11_kit_registered_modules (); - assert (modules != NULL && modules[0] != NULL); - - return modules; -} - -static void -finalize_and_free_modules (CK_FUNCTION_LIST_PTR_PTR modules) -{ - CK_RV rv; - - free (modules); - rv = p11_kit_finalize_registered (); - assert_num_eq (CKR_OK, rv); - -} - -static void -test_no_duplicates (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - p11_dict *paths; - p11_dict *funcs; - char *path; - int i; - - modules = initialize_and_get_modules (); - paths = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); - funcs = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, NULL, NULL); - - /* The loaded modules should not contain duplicates */ - for (i = 0; modules[i] != NULL; i++) { - path = p11_kit_registered_option (modules[i], "module"); - - if (p11_dict_get (funcs, modules[i])) - assert_fail ("found duplicate function list pointer", NULL); - if (p11_dict_get (paths, path)) - assert_fail ("found duplicate path name", NULL); - - if (!p11_dict_set (funcs, modules[i], "")) - assert_not_reached (); - if (!p11_dict_set (paths, path, "")) - assert_not_reached (); - - free (path); - } - - p11_dict_free (paths); - p11_dict_free (funcs); - finalize_and_free_modules (modules); -} - -static CK_FUNCTION_LIST_PTR -lookup_module_with_name (CK_FUNCTION_LIST_PTR_PTR modules, - const char *name) -{ - CK_FUNCTION_LIST_PTR match = NULL; - CK_FUNCTION_LIST_PTR module; - char *module_name; - int i; - - for (i = 0; match == NULL && modules[i] != NULL; i++) { - module_name = p11_kit_registered_module_to_name (modules[i]); - assert_ptr_not_null (module_name); - if (strcmp (module_name, name) == 0) - match = modules[i]; - free (module_name); - } - - /* - * As a side effect, we should check that the results of this function - * matches the above search. - */ - module = p11_kit_registered_name_to_module (name); - if (module != match) - assert_fail ("different result from p11_kit_registered_name_to_module()", NULL); - - return match; -} - -static void -test_disable (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - - /* - * The module four should be present, as we don't match any prognames - * that it has disabled. - */ - - modules = initialize_and_get_modules (); - assert (lookup_module_with_name (modules, "four") != NULL); - finalize_and_free_modules (modules); - - /* - * The module two shouldn't have been loaded, because in its config - * file we have: - * - * disable-in: test-disable - */ - - p11_kit_set_progname ("test-disable"); - - modules = initialize_and_get_modules (); - assert (lookup_module_with_name (modules, "four") == NULL); - finalize_and_free_modules (modules); - - p11_kit_set_progname (NULL); -} - -static void -test_disable_later (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - CK_RV rv; - - /* - * The module two shouldn't be matched, because in its config - * file we have: - * - * disable-in: test-disable - */ - - rv = p11_kit_initialize_registered (); - assert_num_eq (CKR_OK, rv); - - p11_kit_set_progname ("test-disable"); - - modules = p11_kit_registered_modules (); - assert (modules != NULL && modules[0] != NULL); - - assert (lookup_module_with_name (modules, "two") == NULL); - finalize_and_free_modules (modules); - - p11_kit_set_progname (NULL); -} - -static void -test_enable (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - - /* - * The module three should not be present, as we don't match the current - * program. - */ - - modules = initialize_and_get_modules (); - assert (lookup_module_with_name (modules, "three") == NULL); - finalize_and_free_modules (modules); - - /* - * The module three should be loaded here , because in its config - * file we have: - * - * enable-in: test-enable - */ - - p11_kit_set_progname ("test-enable"); - - modules = initialize_and_get_modules (); - assert (lookup_module_with_name (modules, "three") != NULL); - finalize_and_free_modules (modules); - - p11_kit_set_progname (NULL); -} - -CK_FUNCTION_LIST module; - -#ifdef OS_UNIX - -#include - -static CK_RV -mock_C_Initialize__with_fork (CK_VOID_PTR init_args) -{ - struct timespec ts = { 0, 100 * 1000 * 1000 }; - CK_RV rv; - pid_t child; - pid_t ret; - int status; - - rv = mock_C_Initialize (init_args); - assert (rv == CKR_OK); - - /* Fork during the initialization */ - child = fork (); - if (child == 0) { - close (1); - nanosleep (&ts, NULL); - exit (66); - } - - ret = waitpid (child, &status, 0); - assert (ret == child); - assert (WIFEXITED (status)); - assert (WEXITSTATUS (status) == 66); - - return CKR_OK; -} - -static void -test_fork_initialization (void) -{ - CK_RV rv; - - assert (!mock_module_initialized ()); - - /* Build up our own function list */ - memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); - module.C_Initialize = mock_C_Initialize__with_fork; - - rv = p11_kit_initialize_module (&module); - assert (rv == CKR_OK); - - rv = p11_kit_finalize_module (&module); - assert (rv == CKR_OK); - - assert (!mock_module_initialized ()); -} - -#endif /* OS_UNIX */ - -static CK_RV -mock_C_Initialize__with_recursive (CK_VOID_PTR init_args) -{ - /* Recursively initialize, this is broken */ - return p11_kit_initialize_module (&module); -} - -static void -test_recursive_initialization (void) -{ - CK_RV rv; - - assert (!mock_module_initialized ()); - - /* Build up our own function list */ - memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); - module.C_Initialize = mock_C_Initialize__with_recursive; - - rv = p11_kit_initialize_module (&module); - assert (rv == CKR_FUNCTION_FAILED); - - assert (!mock_module_initialized ()); -} - -static p11_mutex_t race_mutex; -static int initialization_count = 0; -static int finalization_count = 0; - -static CK_RV -mock_C_Initialize__threaded_race (CK_VOID_PTR init_args) -{ - /* Atomically increment value */ - p11_mutex_lock (&race_mutex); - initialization_count += 1; - p11_mutex_unlock (&race_mutex); - - p11_sleep_ms (100); - return CKR_OK; -} - -static CK_RV -mock_C_Finalize__threaded_race (CK_VOID_PTR reserved) -{ - /* Atomically increment value */ - p11_mutex_lock (&race_mutex); - finalization_count += 1; - p11_mutex_unlock (&race_mutex); - - p11_sleep_ms (100); - return CKR_OK; -} - -static void * -initialization_thread (void *data) -{ - CK_RV rv; - - assert_str_eq (data, "thread-data"); - rv = p11_kit_initialize_module (&module); - assert (rv == CKR_OK); - - return "thread-data"; -} - -static void * -finalization_thread (void *data) -{ - CK_RV rv; - - assert_str_eq (data, "thread-data"); - rv = p11_kit_finalize_module (&module); - assert (rv == CKR_OK); - - return "thread-data"; -} - -static void -test_threaded_initialization (void) -{ - static const int num_threads = 2; - p11_thread_t threads[num_threads]; - int ret; - int i; - - assert (!mock_module_initialized ()); - - /* Build up our own function list */ - memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); - module.C_Initialize = mock_C_Initialize__threaded_race; - module.C_Finalize = mock_C_Finalize__threaded_race; - - p11_mutex_lock (&race_mutex); - initialization_count = 0; - finalization_count = 0; - p11_mutex_unlock (&race_mutex); - - for (i = 0; i < num_threads; i++) { - ret = p11_thread_create (&threads[i], initialization_thread, "thread-data"); - assert_num_eq (0, ret); - assert (threads[i] != 0); - } - - for (i = 0; i < num_threads; i++) { - ret = p11_thread_join (threads[i]); - assert_num_eq (0, ret); - threads[i] = 0; - } - - for (i = 0; i < num_threads; i++) { - ret = p11_thread_create (&threads[i], finalization_thread, "thread-data"); - assert_num_eq (0, ret); - assert (threads[i] != 0); - } - - for (i = 0; i < num_threads; i++) { - ret = p11_thread_join (threads[i]); - assert_num_eq (0, ret); - threads[i] = 0; - } - - /* C_Initialize should have been called exactly once */ - p11_mutex_lock (&race_mutex); - assert_num_eq (1, initialization_count); - assert_num_eq (1, finalization_count); - p11_mutex_unlock (&race_mutex); - - assert (!mock_module_initialized ()); -} - -static CK_RV -mock_C_Initialize__test_mutexes (CK_VOID_PTR args) -{ - CK_C_INITIALIZE_ARGS_PTR init_args; - void *mutex = NULL; - CK_RV rv; - - rv = mock_C_Initialize (NULL); - if (rv != CKR_OK) - return rv; - - assert (args != NULL); - init_args = args; - - rv = (init_args->CreateMutex) (&mutex); - assert (rv == CKR_OK); - - rv = (init_args->LockMutex) (mutex); - assert (rv == CKR_OK); - - rv = (init_args->UnlockMutex) (mutex); - assert (rv == CKR_OK); - - rv = (init_args->DestroyMutex) (mutex); - assert (rv == CKR_OK); - - return CKR_OK; -} - -static void -test_mutexes (void) -{ - CK_RV rv; - - assert (!mock_module_initialized ()); - - /* Build up our own function list */ - memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); - module.C_Initialize = mock_C_Initialize__test_mutexes; - - rv = p11_kit_initialize_module (&module); - assert (rv == CKR_OK); - - rv = p11_kit_finalize_module (&module); - assert (rv == CKR_OK); - - assert (!mock_module_initialized ()); -} - -static void -test_load_and_initialize (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_INFO info; - CK_RV rv; - int ret; - - rv = p11_kit_load_initialize_module (BUILDDIR "/.libs/mock-one" SHLEXT, &module); - assert (rv == CKR_OK); - assert (module != NULL); - - rv = (module->C_GetInfo) (&info); - assert (rv == CKR_OK); - - ret = memcmp (info.manufacturerID, "MOCK MANUFACTURER ", 32); - assert (ret == 0); - - rv = p11_kit_finalize_module (module); - assert_num_eq (rv, CKR_OK); -} - -int -main (int argc, - char *argv[]) -{ - p11_mutex_init (&race_mutex); - mock_module_init (); - p11_library_init (); - - p11_test (test_no_duplicates, "/deprecated/test_no_duplicates"); - p11_test (test_disable, "/deprecated/test_disable"); - p11_test (test_disable_later, "/deprecated/test_disable_later"); - p11_test (test_enable, "/deprecated/test_enable"); - -#ifdef OS_UNIX - p11_test (test_fork_initialization, "/deprecated/test_fork_initialization"); -#endif - - p11_test (test_recursive_initialization, "/deprecated/test_recursive_initialization"); - p11_test (test_threaded_initialization, "/deprecated/test_threaded_initialization"); - p11_test (test_mutexes, "/deprecated/test_mutexes"); - p11_test (test_load_and_initialize, "/deprecated/test_load_and_initialize"); - - p11_kit_be_quiet (); - - return p11_test_run (argc, argv); -} diff --git a/p11-kit/test-init.c b/p11-kit/test-init.c deleted file mode 100644 index c4fcecb..0000000 --- a/p11-kit/test-init.c +++ /dev/null @@ -1,420 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include - -#include "library.h" -#include "mock.h" -#include "modules.h" -#include "p11-kit.h" -#include "private.h" -#include "virtual.h" - -#include -#include -#include -#include -#include -#include - -static CK_FUNCTION_LIST module; -static p11_mutex_t race_mutex; - -#ifdef OS_UNIX - -#include - -static CK_RV -mock_C_Initialize__with_fork (CK_VOID_PTR init_args) -{ - struct timespec ts = { 0, 100 * 1000 * 1000 }; - CK_RV rv; - pid_t child; - pid_t ret; - int status; - - rv = mock_C_Initialize (init_args); - assert (rv == CKR_OK); - - /* Fork during the initialization */ - child = fork (); - if (child == 0) { - close (1); - nanosleep (&ts, NULL); - exit (66); - } - - ret = waitpid (child, &status, 0); - assert (ret == child); - assert (WIFEXITED (status)); - assert (WEXITSTATUS (status) == 66); - - return CKR_OK; -} - -static void -test_fork_initialization (void) -{ - CK_FUNCTION_LIST_PTR result; - CK_RV rv; - - mock_module_reset (); - - /* Build up our own function list */ - memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); - module.C_Initialize = mock_C_Initialize__with_fork; - - p11_lock (); - - rv = p11_module_load_inlock_reentrant (&module, 0, &result); - assert (rv == CKR_OK); - - p11_unlock (); - - rv = p11_kit_module_initialize (result); - assert (rv == CKR_OK); - - rv = p11_kit_module_finalize (result); - assert (rv == CKR_OK); - - p11_lock (); - - rv = p11_module_release_inlock_reentrant (result); - assert (rv == CKR_OK); - - p11_unlock (); -} - -#endif /* OS_UNIX */ - -static CK_FUNCTION_LIST *recursive_managed; - -static CK_RV -mock_C_Initialize__with_recursive (CK_VOID_PTR init_args) -{ - CK_RV rv; - - rv = mock_C_Initialize (init_args); - assert (rv == CKR_OK); - - return p11_kit_module_initialize (recursive_managed); -} - -static void -test_recursive_initialization (void) -{ - CK_RV rv; - - /* Build up our own function list */ - memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); - module.C_Initialize = mock_C_Initialize__with_recursive; - - p11_kit_be_quiet (); - - p11_lock (); - - rv = p11_module_load_inlock_reentrant (&module, 0, &recursive_managed); - assert (rv == CKR_OK); - - p11_unlock (); - - rv = p11_kit_module_initialize (recursive_managed); - assert_num_eq (CKR_FUNCTION_FAILED, rv); - - p11_lock (); - - rv = p11_module_release_inlock_reentrant (recursive_managed); - assert (rv == CKR_OK); - - p11_unlock (); - - p11_kit_be_loud (); -} - -static int initialization_count = 0; -static int finalization_count = 0; - -static CK_RV -mock_C_Initialize__threaded_race (CK_VOID_PTR init_args) -{ - /* Atomically increment value */ - p11_mutex_lock (&race_mutex); - initialization_count += 1; - p11_mutex_unlock (&race_mutex); - - p11_sleep_ms (100); - return CKR_OK; -} - -static CK_RV -mock_C_Finalize__threaded_race (CK_VOID_PTR reserved) -{ - /* Atomically increment value */ - p11_mutex_lock (&race_mutex); - finalization_count += 1; - p11_mutex_unlock (&race_mutex); - - p11_sleep_ms (100); - return CKR_OK; -} - -static void * -initialization_thread (void *data) -{ - CK_FUNCTION_LIST *module = data; - CK_RV rv; - - assert (module != NULL); - rv = p11_kit_module_initialize (module); - assert_num_eq (rv, CKR_OK); - - return module; -} - -static void * -finalization_thread (void *data) -{ - CK_FUNCTION_LIST *module = data; - CK_RV rv; - - assert (module != NULL); - rv = p11_kit_module_finalize (module); - assert_num_eq (rv, CKR_OK); - - return module; -} - -static void -test_threaded_initialization (void) -{ - static const int num_threads = 1; - CK_FUNCTION_LIST *data[num_threads]; - p11_thread_t threads[num_threads]; - CK_RV rv; - int ret; - int i; - - /* Build up our own function list */ - memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); - module.C_Initialize = mock_C_Initialize__threaded_race; - module.C_Finalize = mock_C_Finalize__threaded_race; - - memset (&data, 0, sizeof (data)); - - p11_mutex_lock (&race_mutex); - initialization_count = 0; - finalization_count = 0; - p11_mutex_unlock (&race_mutex); - - p11_lock (); - - for (i = 0; i < num_threads; i++) { - assert (data[i] == NULL); - rv = p11_module_load_inlock_reentrant (&module, 0, &data[i]); - assert (rv == CKR_OK); - } - - p11_unlock (); - - for (i = 0; i < num_threads; i++) { - ret = p11_thread_create (&threads[i], initialization_thread, data[i]); - assert_num_eq (0, ret); - assert (threads[i] != 0); - } - - for (i = 0; i < num_threads; i++) { - ret = p11_thread_join (threads[i]); - assert_num_eq (0, ret); - threads[i] = 0; - } - - for (i = 0; i < num_threads; i++) { - ret = p11_thread_create (&threads[i], finalization_thread, data[i]); - assert_num_eq (0, ret); - assert (threads[i] != 0); - } - - for (i = 0; i < num_threads; i++) { - ret = p11_thread_join (threads[i]); - assert_num_eq (0, ret); - threads[i] = 0; - } - - p11_lock (); - - for (i = 0; i < num_threads; i++) { - assert (data[i] != NULL); - rv = p11_module_release_inlock_reentrant (data[i]); - assert (rv == CKR_OK); - } - - p11_unlock (); - - /* C_Initialize should have been called exactly once */ - assert_num_eq (1, initialization_count); - assert_num_eq (1, finalization_count); -} - -static CK_RV -mock_C_Initialize__test_mutexes (CK_VOID_PTR args) -{ - CK_C_INITIALIZE_ARGS_PTR init_args; - void *mutex = NULL; - CK_RV rv; - - assert (args != NULL); - init_args = args; - - rv = (init_args->CreateMutex) (&mutex); - assert (rv == CKR_OK); - - rv = (init_args->LockMutex) (mutex); - assert (rv == CKR_OK); - - rv = (init_args->UnlockMutex) (mutex); - assert (rv == CKR_OK); - - rv = (init_args->DestroyMutex) (mutex); - assert (rv == CKR_OK); - - return CKR_OK; -} - -static void -test_mutexes (void) -{ - CK_FUNCTION_LIST_PTR result; - CK_RV rv; - - /* Build up our own function list */ - memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); - module.C_Initialize = mock_C_Initialize__test_mutexes; - - p11_lock (); - - rv = p11_module_load_inlock_reentrant (&module, 0, &result); - assert (rv == CKR_OK); - - rv = p11_module_release_inlock_reentrant (result); - assert (rv == CKR_OK); - - p11_unlock (); -} - -static void -test_load_and_initialize (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_INFO info; - CK_RV rv; - int ret; - - module = p11_kit_module_load (BUILDDIR "/.libs/mock-one" SHLEXT, 0); - assert (module != NULL); - - rv = p11_kit_module_initialize (module); - assert (rv == CKR_OK); - - rv = (module->C_GetInfo) (&info); - assert (rv == CKR_OK); - - ret = memcmp (info.manufacturerID, "MOCK MANUFACTURER ", 32); - assert (ret == 0); - - rv = p11_kit_module_finalize (module); - assert (rv == CKR_OK); - - p11_kit_module_release (module); -} - -static void -test_initalize_fail (void) -{ - CK_FUNCTION_LIST failer; - CK_FUNCTION_LIST *modules[3] = { &mock_module_no_slots, &failer, NULL }; - CK_RV rv; - - memcpy (&failer, &mock_module, sizeof (CK_FUNCTION_LIST)); - failer.C_Initialize = mock_C_Initialize__fails; - - mock_module_reset (); - p11_kit_be_quiet (); - - rv = p11_kit_modules_initialize (modules, NULL); - assert_num_eq (CKR_FUNCTION_FAILED, rv); - - p11_kit_be_loud (); - - /* Failed modules get removed from the list */ - assert_ptr_eq (&mock_module_no_slots, modules[0]); - assert_ptr_eq (NULL, modules[1]); - assert_ptr_eq (NULL, modules[2]); - - p11_kit_modules_finalize (modules); -} - -static void -test_finalize_fail (void) -{ - -} - -int -main (int argc, - char *argv[]) -{ - p11_mutex_init (&race_mutex); - mock_module_init (); - p11_library_init (); - - /* These only work when managed */ - if (p11_virtual_can_wrap ()) { - p11_test (test_recursive_initialization, "/init/test_recursive_initialization"); - p11_test (test_threaded_initialization, "/init/test_threaded_initialization"); - p11_test (test_mutexes, "/init/test_mutexes"); - p11_test (test_load_and_initialize, "/init/test_load_and_initialize"); - -#ifdef OS_UNIX - p11_test (test_fork_initialization, "/init/test_fork_initialization"); -#endif - } - - p11_test (test_initalize_fail, "/init/test_initalize_fail"); - p11_test (test_finalize_fail, "/init/test_finalize_fail"); - - return p11_test_run (argc, argv); -} diff --git a/p11-kit/test-iter.c b/p11-kit/test-iter.c deleted file mode 100644 index 3f5a76f..0000000 --- a/p11-kit/test-iter.c +++ /dev/null @@ -1,1512 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#define P11_KIT_FUTURE_UNSTABLE_API 1 - -#include "attrs.h" -#include "dict.h" -#include "iter.h" -#include "library.h" -#include "message.h" -#include "mock.h" - -#include -#include -#include -#include - -static CK_FUNCTION_LIST_PTR_PTR -initialize_and_get_modules (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - - p11_message_quiet (); - - modules = p11_kit_modules_load_and_initialize (0); - assert (modules != NULL && modules[0] != NULL); - - p11_message_loud (); - - return modules; -} - -static void -finalize_and_free_modules (CK_FUNCTION_LIST_PTR_PTR modules) -{ - p11_kit_modules_finalize (modules); - p11_kit_modules_release (modules); -} - -static int -has_handle (CK_ULONG *objects, - int count, - CK_ULONG handle) -{ - int i; - for (i = 0; i < count; i++) { - if (objects[i] == handle) - return 1; - } - - return 0; -} - - -static void -test_all (void) -{ - CK_OBJECT_HANDLE objects[128]; - CK_FUNCTION_LIST_PTR *modules; - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session; - CK_ULONG size; - P11KitIter *iter; - CK_RV rv; - int at; - - modules = initialize_and_get_modules (); - - iter = p11_kit_iter_new (NULL, P11_KIT_ITER_BUSY_SESSIONS); - p11_kit_iter_begin (iter, modules); - - at = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - assert (at < 128); - objects[at] = p11_kit_iter_get_object (iter); - - module = p11_kit_iter_get_module (iter); - assert_ptr_not_null (module); - - session = p11_kit_iter_get_session (iter); - assert (session != 0); - - /* Do something with the object */ - size = 0; - rv = (module->C_GetObjectSize) (session, objects[at], &size); - assert (rv == CKR_OK); - assert (size > 0); - - at++; - } - - assert (rv == CKR_CANCEL); - - /* Three modules, each with 1 slot, and 3 public objects */ - assert_num_eq (9, at); - - assert (has_handle (objects, at, MOCK_DATA_OBJECT)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX)); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static CK_RV -on_iter_callback (P11KitIter *iter, - CK_BBOOL *matches, - void *data) -{ - CK_OBJECT_HANDLE object; - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session; - CK_ULONG size; - CK_RV rv; - - assert_str_eq (data, "callback"); - - object = p11_kit_iter_get_object (iter); - if (object != MOCK_PUBLIC_KEY_CAPITALIZE && object != MOCK_PUBLIC_KEY_PREFIX) { - *matches = CK_FALSE; - return CKR_OK; - } - - module = p11_kit_iter_get_module (iter); - assert_ptr_not_null (module); - - session = p11_kit_iter_get_session (iter); - assert (session != 0); - - /* Do something with the object */ - size = 0; - rv = (module->C_GetObjectSize) (session, object, &size); - assert (rv == CKR_OK); - assert (size > 0); - - return CKR_OK; -} - -static void -test_callback (void) -{ - CK_OBJECT_HANDLE objects[128]; - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - CK_RV rv; - int at; - - modules = initialize_and_get_modules (); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_add_callback (iter, on_iter_callback, "callback", NULL); - p11_kit_iter_begin (iter, modules); - - at= 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - assert (at < 128); - objects[at] = p11_kit_iter_get_object (iter); - at++; - } - - assert (rv == CKR_CANCEL); - - /* Three modules, each with 1 slot, and 2 public keys */ - assert_num_eq (6, at); - - assert (!has_handle (objects, at, MOCK_DATA_OBJECT)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX)); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static CK_RV -on_callback_fail (P11KitIter *iter, - CK_BBOOL *matches, - void *data) -{ - return CKR_DATA_INVALID; -} - -static void -test_callback_fails (void) -{ - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - CK_RV rv; - int at; - - modules = initialize_and_get_modules (); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_add_callback (iter, on_callback_fail, "callback", NULL); - p11_kit_iter_begin (iter, modules); - - at= 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - at++; - - assert (rv == CKR_DATA_INVALID); - - /* Shouldn't have succeeded at all */ - assert_num_eq (0, at); - - p11_kit_iter_free (iter); - finalize_and_free_modules (modules); -} - -static void -on_destroy_increment (void *data) -{ - int *value = data; - (*value)++; -} - -static void -test_callback_destroyer (void) -{ - P11KitIter *iter; - int value = 1; - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_add_callback (iter, on_callback_fail, &value, on_destroy_increment); - p11_kit_iter_free (iter); - - assert_num_eq (2, value); -} - -static void -test_with_session (void) -{ - CK_OBJECT_HANDLE objects[128]; - CK_SESSION_HANDLE session; - CK_FUNCTION_LIST_PTR module; - CK_SLOT_ID slot; - P11KitIter *iter; - CK_RV rv; - int at; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert (rv == CKR_OK); - - rv = mock_C_OpenSession (MOCK_SLOT_ONE_ID, CKF_SERIAL_SESSION, NULL, NULL, &session); - assert (rv == CKR_OK); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin_with (iter, &mock_module, 0, session); - - at= 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - assert (at < 128); - objects[at] = p11_kit_iter_get_object (iter); - - slot = p11_kit_iter_get_slot (iter); - assert (slot == MOCK_SLOT_ONE_ID); - - module = p11_kit_iter_get_module (iter); - assert_ptr_eq (module, &mock_module); - - assert (session == p11_kit_iter_get_session (iter)); - at++; - } - - assert (rv == CKR_CANCEL); - - /* 1 modules, each with 1 slot, and 3 public objects */ - assert_num_eq (3, at); - - assert (has_handle (objects, at, MOCK_DATA_OBJECT)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX)); - - p11_kit_iter_free (iter); - - /* The session is still valid ... */ - rv = mock_module.C_CloseSession (session); - assert (rv == CKR_OK); - - rv = mock_module.C_Finalize (NULL); - assert (rv == CKR_OK); -} - -static void -test_with_slot (void) -{ - CK_OBJECT_HANDLE objects[128]; - CK_FUNCTION_LIST_PTR module; - CK_SLOT_ID slot; - P11KitIter *iter; - CK_RV rv; - int at; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert (rv == CKR_OK); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin_with (iter, &mock_module, MOCK_SLOT_ONE_ID, 0); - - at= 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - assert (at < 128); - objects[at] = p11_kit_iter_get_object (iter); - - slot = p11_kit_iter_get_slot (iter); - assert (slot == MOCK_SLOT_ONE_ID); - - module = p11_kit_iter_get_module (iter); - assert_ptr_eq (module, &mock_module); - at++; - } - - assert (rv == CKR_CANCEL); - - /* 1 modules, each with 1 slot, and 3 public objects */ - assert_num_eq (3, at); - - assert (has_handle (objects, at, MOCK_DATA_OBJECT)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX)); - - p11_kit_iter_free (iter); - - rv = (mock_module.C_Finalize) (NULL); - assert (rv == CKR_OK); -} - -static void -test_with_module (void) -{ - CK_OBJECT_HANDLE objects[128]; - CK_FUNCTION_LIST_PTR module; - P11KitIter *iter; - CK_RV rv; - int at; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert (rv == CKR_OK); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin_with (iter, &mock_module, 0, 0); - - at= 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - assert (at < 128); - objects[at] = p11_kit_iter_get_object (iter); - - module = p11_kit_iter_get_module (iter); - assert_ptr_eq (module, &mock_module); - at++; - } - - assert (rv == CKR_CANCEL); - - /* 1 modules, each with 1 slot, and 3 public objects */ - assert_num_eq (3, at); - - assert (has_handle (objects, at, MOCK_DATA_OBJECT)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX)); - - p11_kit_iter_free (iter); - - rv = mock_module.C_Finalize (NULL); - assert (rv == CKR_OK); -} - -static void -test_keep_session (void) -{ - CK_SESSION_HANDLE session; - P11KitIter *iter; - CK_RV rv; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert (rv == CKR_OK); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin_with (iter, &mock_module, 0, 0); - - rv = p11_kit_iter_next (iter); - assert (rv == CKR_OK); - - session = p11_kit_iter_keep_session (iter); - p11_kit_iter_free (iter); - - /* The session is still valid ... */ - rv = mock_module.C_CloseSession (session); - assert (rv == CKR_OK); - - rv = mock_module.C_Finalize (NULL); - assert (rv == CKR_OK); -} - -static void -test_unrecognized (void) -{ - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - P11KitUri *uri; - CK_RV rv; - int count; - - modules = initialize_and_get_modules (); - - uri = p11_kit_uri_new (); - p11_kit_uri_set_unrecognized (uri, 1); - iter = p11_kit_iter_new (uri, 0); - p11_kit_uri_free (uri); - - p11_kit_iter_begin (iter, modules); - - count = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - count++; - - assert (rv == CKR_CANCEL); - - /* Nothing should have matched */ - assert_num_eq (0, count); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_uri_with_type (void) -{ - CK_OBJECT_HANDLE objects[128]; - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - P11KitUri *uri; - CK_RV rv; - int at; - int ret; - - modules = initialize_and_get_modules (); - - uri = p11_kit_uri_new (); - ret = p11_kit_uri_parse ("pkcs11:object-type=public", P11_KIT_URI_FOR_OBJECT, uri); - assert_num_eq (ret, P11_KIT_URI_OK); - - iter = p11_kit_iter_new (uri, 0); - p11_kit_uri_free (uri); - - p11_kit_iter_begin (iter, modules); - - at = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - assert (at < 128); - objects[at] = p11_kit_iter_get_object (iter); - at++; - } - - assert (rv == CKR_CANCEL); - - /* Three modules, each with 1 slot, and 2 public keys */ - assert_num_eq (6, at); - - assert (!has_handle (objects, at, MOCK_DATA_OBJECT)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX)); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_set_uri (void) -{ - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - P11KitUri *uri; - CK_RV rv; - - modules = initialize_and_get_modules (); - - uri = p11_kit_uri_new (); - p11_kit_uri_set_unrecognized (uri, 1); - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_set_uri (iter, uri); - p11_kit_uri_free (uri); - - p11_kit_iter_begin (iter, modules); - - /* Nothing should have matched */ - rv = p11_kit_iter_next (iter); - assert_num_eq (rv, CKR_CANCEL); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_filter (void) -{ - CK_OBJECT_HANDLE objects[128]; - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - CK_RV rv; - int at; - - CK_BBOOL vfalse = CK_FALSE; - CK_OBJECT_CLASS public_key = CKO_PUBLIC_KEY; - CK_ATTRIBUTE attrs[] = { - { CKA_PRIVATE, &vfalse, sizeof (vfalse) }, - { CKA_CLASS, &public_key, sizeof (public_key) }, - }; - - modules = initialize_and_get_modules (); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_add_filter (iter, attrs, 2); - - p11_kit_iter_begin (iter, modules); - - at = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - assert (at < 128); - objects[at] = p11_kit_iter_get_object (iter); - at++; - } - - assert (rv == CKR_CANCEL); - - /* Three modules, each with 1 slot, and 2 public keys */ - assert_num_eq (6, at); - - assert (!has_handle (objects, at, MOCK_DATA_OBJECT)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX)); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_session_flags (void) -{ - CK_FUNCTION_LIST_PTR *modules; - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session; - CK_SESSION_INFO info; - P11KitIter *iter; - CK_RV rv; - - modules = initialize_and_get_modules (); - - iter = p11_kit_iter_new (NULL, P11_KIT_ITER_WANT_WRITABLE); - p11_kit_iter_begin (iter, modules); - - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - module = p11_kit_iter_get_module (iter); - assert_ptr_not_null (module); - - session = p11_kit_iter_get_session (iter); - assert (session != 0); - - rv = (module->C_GetSessionInfo) (session, &info); - assert (rv == CKR_OK); - - assert_num_eq (CKS_RW_PUBLIC_SESSION, info.state); - } - - assert (rv == CKR_CANCEL); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_module_match (void) -{ - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - P11KitUri *uri; - CK_RV rv; - int count; - int ret; - - modules = initialize_and_get_modules (); - - uri = p11_kit_uri_new (); - ret = p11_kit_uri_parse ("pkcs11:library-description=MOCK%20LIBRARY", P11_KIT_URI_FOR_MODULE, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - iter = p11_kit_iter_new (uri, 0); - p11_kit_uri_free (uri); - - p11_kit_iter_begin (iter, modules); - - count = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - count++; - - assert (rv == CKR_CANCEL); - - /* Three modules, each with 1 slot, and 3 public objects */ - assert_num_eq (9, count); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_module_mismatch (void) -{ - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - P11KitUri *uri; - CK_RV rv; - int count; - int ret; - - modules = initialize_and_get_modules (); - - uri = p11_kit_uri_new (); - ret = p11_kit_uri_parse ("pkcs11:library-description=blah", P11_KIT_URI_FOR_MODULE, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - iter = p11_kit_iter_new (uri, 0); - p11_kit_uri_free (uri); - - p11_kit_iter_begin (iter, modules); - - count = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - count++; - - assert (rv == CKR_CANCEL); - - /* Nothing should have matched */ - assert_num_eq (0, count); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_slot_match (void) -{ - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - P11KitUri *uri; - CK_RV rv; - int count; - int ret; - - modules = initialize_and_get_modules (); - - uri = p11_kit_uri_new (); - ret = p11_kit_uri_parse ("pkcs11:slot-manufacturer=TEST%20MANUFACTURER", P11_KIT_URI_FOR_SLOT, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - iter = p11_kit_iter_new (uri, 0); - p11_kit_uri_free (uri); - - p11_kit_iter_begin (iter, modules); - - count = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - count++; - - assert (rv == CKR_CANCEL); - - /* Three modules, each with 1 slot, and 3 public objects */ - assert_num_eq (9, count); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_slot_mismatch (void) -{ - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - P11KitUri *uri; - CK_RV rv; - int count; - int ret; - - modules = initialize_and_get_modules (); - - uri = p11_kit_uri_new (); - ret = p11_kit_uri_parse ("pkcs11:slot-manufacturer=blah", P11_KIT_URI_FOR_SLOT, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - iter = p11_kit_iter_new (uri, 0); - p11_kit_uri_free (uri); - - p11_kit_iter_begin (iter, modules); - - count = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - count++; - - assert (rv == CKR_CANCEL); - - /* Nothing should have matched */ - assert_num_eq (0, count); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_slot_match_by_id (void) -{ - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - P11KitUri *uri; - char *string; - CK_RV rv; - int count; - int ret; - - modules = initialize_and_get_modules (); - - uri = p11_kit_uri_new (); - ret = asprintf (&string, "pkcs11:slot-id=%lu", MOCK_SLOT_ONE_ID); - assert (ret > 0); - ret = p11_kit_uri_parse (string, P11_KIT_URI_FOR_SLOT, uri); - free (string); - assert_num_eq (P11_KIT_URI_OK, ret); - - iter = p11_kit_iter_new (uri, 0); - p11_kit_uri_free (uri); - - p11_kit_iter_begin (iter, modules); - - count = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - count++; - - assert (rv == CKR_CANCEL); - - /* Three modules, each with 1 slot, and 3 public objects */ - assert_num_eq (9, count); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_slot_mismatch_by_id (void) -{ - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - P11KitUri *uri; - CK_RV rv; - int count; - int ret; - - modules = initialize_and_get_modules (); - - uri = p11_kit_uri_new (); - ret = p11_kit_uri_parse ("pkcs11:slot-id=0", P11_KIT_URI_FOR_SLOT, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - iter = p11_kit_iter_new (uri, 0); - p11_kit_uri_free (uri); - - p11_kit_iter_begin (iter, modules); - - count = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - count++; - - assert (rv == CKR_CANCEL); - - /* Nothing should have matched */ - assert_num_eq (0, count); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_slot_info (void) -{ - CK_FUNCTION_LIST_PTR *modules; - CK_SLOT_INFO *info; - P11KitIter *iter; - char *string; - CK_RV rv; - - modules = initialize_and_get_modules (); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin (iter, modules); - - rv = p11_kit_iter_next (iter); - assert_num_eq (rv, CKR_OK); - - info = p11_kit_iter_get_slot_info (iter); - assert_ptr_not_null (info); - - string = p11_kit_space_strdup (info->slotDescription, - sizeof (info->slotDescription)); - assert_ptr_not_null (string); - - assert_str_eq (string, "TEST SLOT"); - - free (string); - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_token_match (void) -{ - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - P11KitUri *uri; - CK_RV rv; - int count; - int ret; - - modules = initialize_and_get_modules (); - - uri = p11_kit_uri_new (); - ret = p11_kit_uri_parse ("pkcs11:manufacturer=TEST%20MANUFACTURER", P11_KIT_URI_FOR_TOKEN, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - iter = p11_kit_iter_new (uri, 0); - p11_kit_uri_free (uri); - - p11_kit_iter_begin (iter, modules); - - count = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - count++; - - assert (rv == CKR_CANCEL); - - /* Three modules, each with 1 slot, and 3 public objects */ - assert_num_eq (9, count); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_token_mismatch (void) -{ - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - P11KitUri *uri; - CK_RV rv; - int count; - int ret; - - modules = initialize_and_get_modules (); - - uri = p11_kit_uri_new (); - ret = p11_kit_uri_parse ("pkcs11:manufacturer=blah", P11_KIT_URI_FOR_TOKEN, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - iter = p11_kit_iter_new (uri, 0); - p11_kit_uri_free (uri); - - p11_kit_iter_begin (iter, modules); - - count = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - count++; - - assert (rv == CKR_CANCEL); - - /* Nothing should have matched */ - assert_num_eq (0, count); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_token_info (void) -{ - CK_FUNCTION_LIST_PTR *modules; - CK_TOKEN_INFO *info; - P11KitIter *iter; - char *string; - CK_RV rv; - - modules = initialize_and_get_modules (); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin (iter, modules); - - rv = p11_kit_iter_next (iter); - assert_num_eq (rv, CKR_OK); - - info = p11_kit_iter_get_token (iter); - assert_ptr_not_null (info); - - string = p11_kit_space_strdup (info->label, sizeof (info->label)); - assert_ptr_not_null (string); - - assert_str_eq (string, "TEST LABEL"); - - free (string); - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_getslotlist_fail_first (void) -{ - CK_FUNCTION_LIST module; - P11KitIter *iter; - CK_RV rv; - int at; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert (rv == CKR_OK); - - memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); - module.C_GetSlotList = mock_C_GetSlotList__fail_first; - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin_with (iter, &module, 0, 0); - - at= 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - at++; - - assert (rv == CKR_VENDOR_DEFINED); - - /* Should fail on the first iteration */ - assert_num_eq (0, at); - - p11_kit_iter_free (iter); - - rv = mock_module.C_Finalize (NULL); - assert (rv == CKR_OK); -} - -static void -test_getslotlist_fail_late (void) -{ - CK_FUNCTION_LIST module; - P11KitIter *iter; - CK_RV rv; - int at; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert (rv == CKR_OK); - - memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); - module.C_GetSlotList = mock_C_GetSlotList__fail_late; - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin_with (iter, &module, 0, 0); - - at= 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - at++; - - assert (rv == CKR_VENDOR_DEFINED); - - /* Should fail on the first iteration */ - assert_num_eq (0, at); - - p11_kit_iter_free (iter); - - rv = mock_module.C_Finalize (NULL); - assert (rv == CKR_OK); -} - -static void -test_open_session_fail (void) -{ - CK_FUNCTION_LIST module; - P11KitIter *iter; - CK_RV rv; - int at; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert (rv == CKR_OK); - - memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); - module.C_OpenSession = mock_C_OpenSession__fails; - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin_with (iter, &module, 0, 0); - - at= 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - at++; - - assert (rv == CKR_DEVICE_ERROR); - - /* Should fail on the first iteration */ - assert_num_eq (0, at); - - p11_kit_iter_free (iter); - - rv = mock_module.C_Finalize (NULL); - assert (rv == CKR_OK); -} - -static void -test_find_init_fail (void) -{ - CK_FUNCTION_LIST module; - P11KitIter *iter; - CK_RV rv; - int at; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert (rv == CKR_OK); - - memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); - module.C_FindObjectsInit = mock_C_FindObjectsInit__fails; - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin_with (iter, &module, 0, 0); - - at= 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - at++; - - assert (rv == CKR_DEVICE_MEMORY); - - /* Should fail on the first iteration */ - assert_num_eq (0, at); - - p11_kit_iter_free (iter); - - rv = mock_module.C_Finalize (NULL); - assert (rv == CKR_OK); -} - -static void -test_find_objects_fail (void) -{ - CK_FUNCTION_LIST module; - P11KitIter *iter; - CK_RV rv; - int at; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert (rv == CKR_OK); - - memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); - module.C_FindObjects = mock_C_FindObjects__fails; - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin_with (iter, &module, 0, 0); - - at= 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - at++; - - assert (rv == CKR_DEVICE_REMOVED); - - /* Should fail on the first iteration */ - assert_num_eq (0, at); - - p11_kit_iter_free (iter); - - rv = mock_module.C_Finalize (NULL); - assert (rv == CKR_OK); -} - -static void -test_get_attributes (void) -{ - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - CK_OBJECT_HANDLE object; - char label[128]; - CK_ULONG klass; - CK_ULONG ulong; - CK_RV rv; - int at; - - CK_ATTRIBUTE template[] = { - { CKA_CLASS, &klass, sizeof (klass) }, - { CKA_LABEL, label, sizeof (label) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE attrs[3]; - - modules = initialize_and_get_modules (); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin (iter, modules); - - at = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - assert (sizeof (attrs) == sizeof (template)); - memcpy (&attrs, &template, sizeof (attrs)); - - rv = p11_kit_iter_get_attributes (iter, attrs, 2); - assert (rv == CKR_OK); - - object = p11_kit_iter_get_object (iter); - switch (object) { - case MOCK_DATA_OBJECT: - assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_DATA); - assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "TEST LABEL", -1)); - break; - case MOCK_PUBLIC_KEY_CAPITALIZE: - assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_PUBLIC_KEY); - assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "Public Capitalize Key", -1)); - break; - case MOCK_PUBLIC_KEY_PREFIX: - assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_PUBLIC_KEY); - assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "Public prefix key", -1)); - break; - default: - assert_fail ("Unknown object matched", NULL); - break; - } - - at++; - } - - assert (rv == CKR_CANCEL); - - /* Three modules, each with 1 slot, and 3 public objects */ - assert_num_eq (9, at); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - - - -static void -test_load_attributes (void) -{ - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - CK_ATTRIBUTE *attrs; - CK_OBJECT_HANDLE object; - CK_ULONG ulong; - CK_RV rv; - int at; - - CK_ATTRIBUTE types[] = { - { CKA_CLASS }, - { CKA_LABEL }, - }; - - modules = initialize_and_get_modules (); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin (iter, modules); - - attrs = p11_attrs_buildn (NULL, types, 2); - - at = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - rv = p11_kit_iter_load_attributes (iter, attrs, 2); - assert (rv == CKR_OK); - - object = p11_kit_iter_get_object (iter); - switch (object) { - case MOCK_DATA_OBJECT: - assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_DATA); - assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "TEST LABEL", -1)); - break; - case MOCK_PUBLIC_KEY_CAPITALIZE: - assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_PUBLIC_KEY); - assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "Public Capitalize Key", -1)); - break; - case MOCK_PUBLIC_KEY_PREFIX: - assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_PUBLIC_KEY); - assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "Public prefix key", -1)); - break; - default: - assert_fail ("Unknown object matched", NULL); - break; - } - - at++; - } - - p11_attrs_free (attrs); - - assert (rv == CKR_CANCEL); - - /* Three modules, each with 1 slot, and 3 public objects */ - assert_num_eq (9, at); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_load_attributes_none (void) -{ - CK_FUNCTION_LIST module; - P11KitIter *iter; - CK_ATTRIBUTE *attrs; - CK_RV rv; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert (rv == CKR_OK); - - memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin_with (iter, &module, 0, 0); - - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - attrs = p11_attrs_buildn (NULL, NULL, 0); - rv = p11_kit_iter_load_attributes (iter, attrs, 0); - assert (rv == CKR_OK); - p11_attrs_free (attrs); - } - - assert (rv == CKR_CANCEL); - - p11_kit_iter_free (iter); - - rv = mock_module.C_Finalize (NULL); - assert (rv == CKR_OK); -} - -static void -test_load_attributes_fail_first (void) -{ - CK_ATTRIBUTE label = { CKA_LABEL, }; - CK_FUNCTION_LIST module; - P11KitIter *iter; - CK_ATTRIBUTE *attrs; - CK_RV rv; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert (rv == CKR_OK); - - memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); - module.C_GetAttributeValue = mock_C_GetAttributeValue__fail_first; - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin_with (iter, &module, 0, 0); - - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - attrs = p11_attrs_build (NULL, &label, NULL); - rv = p11_kit_iter_load_attributes (iter, attrs, 1); - assert (rv == CKR_FUNCTION_REJECTED); - p11_attrs_free (attrs); - } - - assert (rv == CKR_CANCEL); - - p11_kit_iter_free (iter); - - rv = mock_module.C_Finalize (NULL); - assert (rv == CKR_OK); -} - -static void -test_load_attributes_fail_late (void) -{ - CK_ATTRIBUTE label = { CKA_LABEL, }; - CK_FUNCTION_LIST module; - P11KitIter *iter; - CK_ATTRIBUTE *attrs; - CK_RV rv; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert (rv == CKR_OK); - - memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); - module.C_GetAttributeValue = mock_C_GetAttributeValue__fail_late; - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin_with (iter, &module, 0, 0); - - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - attrs = p11_attrs_build (NULL, &label, NULL); - rv = p11_kit_iter_load_attributes (iter, attrs, 1); - assert (rv == CKR_FUNCTION_FAILED); - p11_attrs_free (attrs); - } - - assert (rv == CKR_CANCEL); - - p11_kit_iter_free (iter); - - rv = mock_module.C_Finalize (NULL); - assert (rv == CKR_OK); -} - -static void -test_many (void *flags) -{ - P11KitIterBehavior behavior; - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE handle; - p11_dict *seen; - P11KitIter *iter; - CK_RV rv; - int count; - int i; - - static CK_OBJECT_CLASS data = CKO_DATA; - static CK_ATTRIBUTE object[] = { - { CKA_VALUE, "blah", 4 }, - { CKA_CLASS, &data, sizeof (data) }, - { CKA_ID, "ID1", 3 }, - { CKA_INVALID }, - }; - - behavior = 0; - if (strstr (flags, "busy-sessions")) - behavior |= P11_KIT_ITER_BUSY_SESSIONS; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert_num_eq (rv, CKR_OK); - - rv = mock_C_OpenSession (MOCK_SLOT_ONE_ID, CKF_SERIAL_SESSION, NULL, NULL, &session); - assert_num_eq (rv, CKR_OK); - - for (i = 0; i < 10000; i++) - mock_module_add_object (MOCK_SLOT_ONE_ID, object); - - seen = p11_dict_new (p11_dict_ulongptr_hash, p11_dict_ulongptr_equal, free, NULL); - iter = p11_kit_iter_new (NULL, behavior); - p11_kit_iter_add_filter (iter, object, 3); - p11_kit_iter_begin_with (iter, &mock_module, 0, session); - - count = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - handle = p11_kit_iter_get_object (iter); - assert (p11_dict_get (seen, &handle) == NULL); - if (!p11_dict_set (seen, memdup (&handle, sizeof (handle)), "x")) - assert_not_reached (); - count++; - } - - assert_num_eq (rv, CKR_CANCEL); - assert_num_eq (count, 10000); - - p11_kit_iter_free (iter); - p11_dict_free (seen); - - rv = mock_module.C_Finalize (NULL); - assert (rv == CKR_OK); -} - -static void -test_destroy_object (void) -{ - CK_FUNCTION_LIST **modules; - P11KitIter *iter; - CK_OBJECT_HANDLE object; - CK_SESSION_HANDLE session; - CK_FUNCTION_LIST *module; - CK_ULONG size; - CK_RV rv; - - modules = initialize_and_get_modules (); - - iter = p11_kit_iter_new (NULL, P11_KIT_ITER_WANT_WRITABLE); - - p11_kit_iter_begin (iter, modules); - - /* Should have matched */ - rv = p11_kit_iter_next (iter); - assert_num_eq (rv, CKR_OK); - - object = p11_kit_iter_get_object (iter); - session = p11_kit_iter_get_session (iter); - module = p11_kit_iter_get_module (iter); - - rv = (module->C_GetObjectSize) (session, object, &size); - assert_num_eq (rv, CKR_OK); - - rv = p11_kit_iter_destroy_object (iter); - assert_num_eq (rv, CKR_OK); - - rv = (module->C_GetObjectSize) (session, object, &size); - assert_num_eq (rv, CKR_OBJECT_HANDLE_INVALID); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -int -main (int argc, - char *argv[]) -{ - p11_library_init (); - mock_module_init (); - - p11_test (test_all, "/iter/test_all"); - p11_test (test_unrecognized, "/iter/test_unrecognized"); - p11_test (test_uri_with_type, "/iter/test_uri_with_type"); - p11_test (test_set_uri, "/iter/set-uri"); - p11_test (test_session_flags, "/iter/test_session_flags"); - p11_test (test_callback, "/iter/test_callback"); - p11_test (test_callback_fails, "/iter/test_callback_fails"); - p11_test (test_callback_destroyer, "/iter/test_callback_destroyer"); - p11_test (test_filter, "/iter/test_filter"); - p11_test (test_with_session, "/iter/test_with_session"); - p11_test (test_with_slot, "/iter/test_with_slot"); - p11_test (test_with_module, "/iter/test_with_module"); - p11_test (test_keep_session, "/iter/test_keep_session"); - p11_test (test_token_match, "/iter/test_token_match"); - p11_test (test_token_mismatch, "/iter/test_token_mismatch"); - p11_test (test_token_info, "/iter/token-info"); - p11_test (test_slot_match, "/iter/test_slot_match"); - p11_test (test_slot_mismatch, "/iter/test_slot_mismatch"); - p11_test (test_slot_match_by_id, "/iter/test_slot_match_by_id"); - p11_test (test_slot_mismatch_by_id, "/iter/test_slot_mismatch_by_id"); - p11_test (test_slot_info, "/iter/slot-info"); - p11_test (test_module_match, "/iter/test_module_match"); - p11_test (test_module_mismatch, "/iter/test_module_mismatch"); - p11_test (test_getslotlist_fail_first, "/iter/test_getslotlist_fail_first"); - p11_test (test_getslotlist_fail_late, "/iter/test_getslotlist_fail_late"); - p11_test (test_open_session_fail, "/iter/test_open_session_fail"); - p11_test (test_find_init_fail, "/iter/test_find_init_fail"); - p11_test (test_find_objects_fail, "/iter/test_find_objects_fail"); - p11_test (test_get_attributes, "/iter/get-attributes"); - p11_test (test_load_attributes, "/iter/test_load_attributes"); - p11_test (test_load_attributes_none, "/iter/test_load_attributes_none"); - p11_test (test_load_attributes_fail_first, "/iter/test_load_attributes_fail_first"); - p11_test (test_load_attributes_fail_late, "/iter/test_load_attributes_fail_late"); - p11_testx (test_many, "", "/iter/test-many"); - p11_testx (test_many, "busy-sessions", "/iter/test-many-busy"); - p11_test (test_destroy_object, "/iter/destroy-object"); - - return p11_test_run (argc, argv); -} diff --git a/p11-kit/test-log.c b/p11-kit/test-log.c deleted file mode 100644 index e7dab70..0000000 --- a/p11-kit/test-log.c +++ /dev/null @@ -1,112 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include "dict.h" -#include "library.h" -#include "log.h" -#include "mock.h" -#include "modules.h" -#include "p11-kit.h" -#include "virtual.h" - -#include -#include -#include -#include - -static CK_FUNCTION_LIST_PTR -setup_mock_module (CK_SESSION_HANDLE *session) -{ - CK_FUNCTION_LIST_PTR module; - CK_RV rv; - - p11_lock (); - p11_log_force = true; - - rv = p11_module_load_inlock_reentrant (&mock_module, 0, &module); - assert (rv == CKR_OK); - assert_ptr_not_null (module); - assert (p11_virtual_is_wrapper (module)); - - p11_unlock (); - - rv = p11_kit_module_initialize (module); - assert (rv == CKR_OK); - - if (session) { - rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, - CKF_RW_SESSION | CKF_SERIAL_SESSION, - NULL, NULL, session); - assert (rv == CKR_OK); - } - - return module; -} - -static void -teardown_mock_module (CK_FUNCTION_LIST_PTR module) -{ - CK_RV rv; - - rv = p11_kit_module_finalize (module); - assert (rv == CKR_OK); - - p11_lock (); - - rv = p11_module_release_inlock_reentrant (module); - assert (rv == CKR_OK); - - p11_unlock (); -} - -/* Bring in all the mock module tests */ -#include "test-mock.c" - -int -main (int argc, - char *argv[]) -{ - p11_library_init (); - mock_module_init (); - - test_mock_add_tests ("/log"); - - p11_kit_be_quiet (); - p11_log_output = false; - - return p11_test_run (argc, argv); -} diff --git a/p11-kit/test-managed.c b/p11-kit/test-managed.c deleted file mode 100644 index fc673ea..0000000 --- a/p11-kit/test-managed.c +++ /dev/null @@ -1,271 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include "dict.h" -#include "library.h" -#include "mock.h" -#include "modules.h" -#include "p11-kit.h" -#include "virtual.h" - -#include -#ifdef OS_UNIX -#include -#endif -#include -#include -#include -#include - -static CK_FUNCTION_LIST_PTR -setup_mock_module (CK_SESSION_HANDLE *session) -{ - CK_FUNCTION_LIST_PTR module; - CK_RV rv; - - p11_lock (); - - rv = p11_module_load_inlock_reentrant (&mock_module, 0, &module); - assert (rv == CKR_OK); - assert_ptr_not_null (module); - assert (p11_virtual_is_wrapper (module)); - - p11_unlock (); - - rv = p11_kit_module_initialize (module); - assert (rv == CKR_OK); - - if (session) { - rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, - CKF_RW_SESSION | CKF_SERIAL_SESSION, - NULL, NULL, session); - assert (rv == CKR_OK); - } - - return module; -} - -static void -teardown_mock_module (CK_FUNCTION_LIST_PTR module) -{ - CK_RV rv; - - rv = p11_kit_module_finalize (module); - assert (rv == CKR_OK); - - p11_lock (); - - rv = p11_module_release_inlock_reentrant (module); - assert (rv == CKR_OK); - - p11_unlock (); -} - -static CK_RV -fail_C_Initialize (void *init_reserved) -{ - return CKR_FUNCTION_FAILED; -} - -static void -test_initialize_finalize (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_RV rv; - - p11_lock (); - - rv = p11_module_load_inlock_reentrant (&mock_module, 0, &module); - assert (rv == CKR_OK); - assert_ptr_not_null (module); - assert (p11_virtual_is_wrapper (module)); - - p11_unlock (); - - rv = module->C_Initialize (NULL); - assert (rv == CKR_OK); - - rv = module->C_Initialize (NULL); - assert (rv == CKR_CRYPTOKI_ALREADY_INITIALIZED); - - rv = module->C_Finalize (NULL); - assert (rv == CKR_OK); - - rv = module->C_Finalize (NULL); - assert (rv == CKR_CRYPTOKI_NOT_INITIALIZED); - - p11_lock (); - - rv = p11_module_release_inlock_reentrant (module); - assert (rv == CKR_OK); - - p11_unlock (); -} - -static void -test_initialize_fail (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_FUNCTION_LIST base; - CK_RV rv; - - memcpy (&base, &mock_module, sizeof (CK_FUNCTION_LIST)); - base.C_Initialize = fail_C_Initialize; - - p11_lock (); - - rv = p11_module_load_inlock_reentrant (&base, 0, &module); - assert (rv == CKR_OK); - - p11_unlock (); - - rv = p11_kit_module_initialize (module); - assert (rv == CKR_FUNCTION_FAILED); -} - -static void -test_separate_close_all_sessions (void) -{ - CK_FUNCTION_LIST *first; - CK_FUNCTION_LIST *second; - CK_SESSION_HANDLE s1; - CK_SESSION_HANDLE s2; - CK_SESSION_INFO info; - CK_RV rv; - - first = setup_mock_module (&s1); - second = setup_mock_module (&s2); - - rv = first->C_GetSessionInfo (s1, &info); - assert (rv == CKR_OK); - - rv = second->C_GetSessionInfo (s2, &info); - assert (rv == CKR_OK); - - first->C_CloseAllSessions (MOCK_SLOT_ONE_ID); - assert (rv == CKR_OK); - - rv = first->C_GetSessionInfo (s1, &info); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = second->C_GetSessionInfo (s2, &info); - assert (rv == CKR_OK); - - second->C_CloseAllSessions (MOCK_SLOT_ONE_ID); - assert (rv == CKR_OK); - - rv = first->C_GetSessionInfo (s1, &info); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = second->C_GetSessionInfo (s2, &info); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - teardown_mock_module (first); - teardown_mock_module (second); -} - -#ifdef OS_UNIX - -static void -test_fork_and_reinitialize (void) -{ - CK_FUNCTION_LIST *module; - CK_INFO info; - int status; - CK_RV rv; - pid_t pid; - int i; - - module = setup_mock_module (NULL); - assert_ptr_not_null (module); - - pid = fork (); - assert_num_cmp (pid, >=, 0); - - /* The child */ - if (pid == 0) { - rv = (module->C_Initialize) (NULL); - assert_num_eq (CKR_OK, rv); - - for (i = 0; i < 32; i++) { - rv = (module->C_GetInfo) (&info); - assert_num_eq (CKR_OK, rv); - } - - rv = (module->C_Finalize) (NULL); - assert_num_eq (CKR_OK, rv); - - _exit (66); - } - - for (i = 0; i < 128; i++) { - rv = (module->C_GetInfo) (&info); - assert_num_eq (CKR_OK, rv); - } - - assert_num_eq (waitpid (pid, &status, 0), pid); - assert_num_eq (WEXITSTATUS (status), 66); - - teardown_mock_module (module); -} - -#endif /* OS_UNIX */ - -/* Bring in all the mock module tests */ -#include "test-mock.c" - -int -main (int argc, - char *argv[]) -{ - mock_module_init (); - p11_library_init (); - - p11_test (test_initialize_finalize, "/managed/test_initialize_finalize"); - p11_test (test_initialize_fail, "/managed/test_initialize_fail"); - p11_test (test_separate_close_all_sessions, "/managed/test_separate_close_all_sessions"); - -#ifdef OS_UNIX - p11_test (test_fork_and_reinitialize, "/managed/fork-and-reinitialize"); -#endif - - test_mock_add_tests ("/managed"); - - p11_kit_be_quiet (); - - return p11_test_run (argc, argv); -} diff --git a/p11-kit/test-mock.c b/p11-kit/test-mock.c deleted file mode 100644 index 8454f1f..0000000 --- a/p11-kit/test-mock.c +++ /dev/null @@ -1,1685 +0,0 @@ -/* - * Copyright (c) 2012 Stefan Walter - * Copyright (c) 2012-2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "test.h" - -#include "library.h" -#include "mock.h" -#include "p11-kit.h" - -#include -#include -#include -#include - -static void -test_get_info (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_INFO info; - CK_RV rv; - - module = setup_mock_module (NULL); - - rv = (module->C_GetInfo) (&info); - assert_num_eq (rv, CKR_OK); - assert_num_eq (MOCK_INFO.cryptokiVersion.major, info.cryptokiVersion.major); - assert_num_eq (MOCK_INFO.cryptokiVersion.minor, info.cryptokiVersion.minor); - assert (memcmp (MOCK_INFO.manufacturerID, info.manufacturerID, sizeof (info.manufacturerID)) == 0); - assert_num_eq (MOCK_INFO.flags, info.flags); - assert (memcmp (MOCK_INFO.libraryDescription, info.libraryDescription, sizeof (info.libraryDescription)) == 0); - assert_num_eq (MOCK_INFO.libraryVersion.major, info.libraryVersion.major); - assert_num_eq (MOCK_INFO.libraryVersion.minor, info.libraryVersion.minor); - - teardown_mock_module (module); -} - -static void -test_get_slot_list (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SLOT_ID slot_list[8]; - CK_ULONG count = 0; - CK_RV rv; - - module = setup_mock_module (NULL); - - /* Normal module has 2 slots, one with token present */ - rv = (module->C_GetSlotList) (CK_TRUE, NULL, &count); - assert (rv == CKR_OK); - assert_num_eq (MOCK_SLOTS_PRESENT, count); - rv = (module->C_GetSlotList) (CK_FALSE, NULL, &count); - assert (rv == CKR_OK); - assert_num_eq (MOCK_SLOTS_ALL, count); - - count = 8; - rv = (module->C_GetSlotList) (CK_TRUE, slot_list, &count); - assert (rv == CKR_OK); - assert_num_eq (MOCK_SLOTS_PRESENT, count); - assert_num_eq (MOCK_SLOT_ONE_ID, slot_list[0]); - - count = 8; - rv = (module->C_GetSlotList) (CK_FALSE, slot_list, &count); - assert (rv == CKR_OK); - assert_num_eq (MOCK_SLOTS_ALL, count); - assert_num_eq (MOCK_SLOT_ONE_ID, slot_list[0]); - assert_num_eq (MOCK_SLOT_TWO_ID, slot_list[1]); - - teardown_mock_module (module); -} - -static void -test_get_slot_info (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SLOT_INFO info; - char *string; - CK_RV rv; - - module = setup_mock_module (NULL); - - rv = (module->C_GetSlotInfo) (MOCK_SLOT_ONE_ID, &info); - assert (rv == CKR_OK); - string = p11_kit_space_strdup (info.slotDescription, sizeof (info.slotDescription)); - assert_str_eq ("TEST SLOT", string); - free (string); - string = p11_kit_space_strdup (info.manufacturerID, sizeof (info.manufacturerID)); - assert_str_eq ("TEST MANUFACTURER", string); - free (string); - assert_num_eq (CKF_TOKEN_PRESENT | CKF_REMOVABLE_DEVICE, info.flags); - assert_num_eq (55, info.hardwareVersion.major); - assert_num_eq (155, info.hardwareVersion.minor); - assert_num_eq (65, info.firmwareVersion.major); - assert_num_eq (165, info.firmwareVersion.minor); - - rv = (module->C_GetSlotInfo) (MOCK_SLOT_TWO_ID, &info); - assert (rv == CKR_OK); - assert_num_eq (CKF_REMOVABLE_DEVICE, info.flags); - - rv = (module->C_GetSlotInfo) (0, &info); - assert (rv == CKR_SLOT_ID_INVALID); - - teardown_mock_module (module); -} - -static void -test_get_token_info (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_TOKEN_INFO info; - char *string; - CK_RV rv; - - module = setup_mock_module (NULL); - - rv = (module->C_GetTokenInfo) (MOCK_SLOT_ONE_ID, &info); - assert (rv == CKR_OK); - - string = p11_kit_space_strdup (info.label, sizeof (info.label)); - assert_str_eq ("TEST LABEL", string); - free (string); - string = p11_kit_space_strdup (info.manufacturerID, sizeof (info.manufacturerID)); - assert_str_eq ("TEST MANUFACTURER", string); - free (string); - string = p11_kit_space_strdup (info.model, sizeof (info.model)); - assert_str_eq ("TEST MODEL", string); - free (string); - string = p11_kit_space_strdup (info.serialNumber, sizeof (info.serialNumber)); - assert_str_eq ("TEST SERIAL", string); - free (string); - assert_num_eq (CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED | CKF_CLOCK_ON_TOKEN | CKF_TOKEN_INITIALIZED, info.flags); - assert_num_eq (1, info.ulMaxSessionCount); - assert_num_eq (2, info.ulSessionCount); - assert_num_eq (3, info.ulMaxRwSessionCount); - assert_num_eq (4, info.ulRwSessionCount); - assert_num_eq (5, info.ulMaxPinLen); - assert_num_eq (6, info.ulMinPinLen); - assert_num_eq (7, info.ulTotalPublicMemory); - assert_num_eq (8, info.ulFreePublicMemory); - assert_num_eq (9, info.ulTotalPrivateMemory); - assert_num_eq (10, info.ulFreePrivateMemory); - assert_num_eq (75, info.hardwareVersion.major); - assert_num_eq (175, info.hardwareVersion.minor); - assert_num_eq (85, info.firmwareVersion.major); - assert_num_eq (185, info.firmwareVersion.minor); - assert (memcmp (info.utcTime, "1999052509195900", sizeof (info.utcTime)) == 0); - - rv = (module->C_GetTokenInfo) (MOCK_SLOT_TWO_ID, &info); - assert (rv == CKR_TOKEN_NOT_PRESENT); - - rv = (module->C_GetTokenInfo) (0, &info); - assert (rv == CKR_SLOT_ID_INVALID); - - teardown_mock_module (module); -} - -static void -test_get_mechanism_list (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_MECHANISM_TYPE mechs[8]; - CK_ULONG count = 0; - CK_RV rv; - - module = setup_mock_module (NULL); - - rv = (module->C_GetMechanismList) (MOCK_SLOT_ONE_ID, NULL, &count); - assert (rv == CKR_OK); - assert_num_eq (2, count); - rv = (module->C_GetMechanismList) (MOCK_SLOT_TWO_ID, NULL, &count); - assert (rv == CKR_TOKEN_NOT_PRESENT); - rv = (module->C_GetMechanismList) (0, NULL, &count); - assert (rv == CKR_SLOT_ID_INVALID); - - count = 8; - rv = (module->C_GetMechanismList) (MOCK_SLOT_ONE_ID, mechs, &count); - assert (rv == CKR_OK); - assert_num_eq (2, count); - assert_num_eq (mechs[0], CKM_MOCK_CAPITALIZE); - assert_num_eq (mechs[1], CKM_MOCK_PREFIX); - - teardown_mock_module (module); -} - -static void -test_get_mechanism_info (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_MECHANISM_INFO info; - CK_RV rv; - - module = setup_mock_module (NULL); - - rv = (module->C_GetMechanismInfo) (MOCK_SLOT_ONE_ID, CKM_MOCK_CAPITALIZE, &info); - assert_num_eq (rv, CKR_OK); - assert_num_eq (512, info.ulMinKeySize); - assert_num_eq (4096, info.ulMaxKeySize); - assert_num_eq (CKF_ENCRYPT | CKF_DECRYPT, info.flags); - - rv = (module->C_GetMechanismInfo) (MOCK_SLOT_ONE_ID, CKM_MOCK_PREFIX, &info); - assert (rv == CKR_OK); - assert_num_eq (2048, info.ulMinKeySize); - assert_num_eq (2048, info.ulMaxKeySize); - assert_num_eq (CKF_SIGN | CKF_VERIFY, info.flags); - - rv = (module->C_GetMechanismInfo) (MOCK_SLOT_TWO_ID, CKM_MOCK_PREFIX, &info); - assert (rv == CKR_TOKEN_NOT_PRESENT); - rv = (module->C_GetMechanismInfo) (MOCK_SLOT_ONE_ID, 0, &info); - assert (rv == CKR_MECHANISM_INVALID); - rv = (module->C_GetMechanismInfo) (0, CKM_MOCK_PREFIX, &info); - assert (rv == CKR_SLOT_ID_INVALID); - - teardown_mock_module (module); -} - -static void -test_init_token (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_RV rv; - - module = setup_mock_module (NULL); - - rv = (module->C_InitToken) (MOCK_SLOT_ONE_ID, (CK_UTF8CHAR_PTR)"TEST PIN", 8, (CK_UTF8CHAR_PTR)"TEST LABEL"); - assert (rv == CKR_OK); - - rv = (module->C_InitToken) (MOCK_SLOT_ONE_ID, (CK_UTF8CHAR_PTR)"OTHER", 5, (CK_UTF8CHAR_PTR)"TEST LABEL"); - assert (rv == CKR_PIN_INVALID); - rv = (module->C_InitToken) (MOCK_SLOT_TWO_ID, (CK_UTF8CHAR_PTR)"TEST PIN", 8, (CK_UTF8CHAR_PTR)"TEST LABEL"); - assert (rv == CKR_TOKEN_NOT_PRESENT); - rv = (module->C_InitToken) (0, (CK_UTF8CHAR_PTR)"TEST PIN", 8, (CK_UTF8CHAR_PTR)"TEST LABEL"); - assert (rv == CKR_SLOT_ID_INVALID); - - teardown_mock_module (module); -} - -static void -test_wait_for_slot_event (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SLOT_ID slot; - CK_RV rv; - -#ifdef MOCK_SKIP_WAIT_TEST - return; -#endif - - module = setup_mock_module (NULL); - - rv = (module->C_WaitForSlotEvent) (0, &slot, NULL); - assert (rv == CKR_OK); - assert_num_eq (slot, MOCK_SLOT_TWO_ID); - - rv = (module->C_WaitForSlotEvent) (CKF_DONT_BLOCK, &slot, NULL); - assert (rv == CKR_NO_EVENT); - - teardown_mock_module (module); -} - -static void -test_open_close_session (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_RV rv; - - module = setup_mock_module (NULL); - - rv = (module->C_OpenSession) (MOCK_SLOT_TWO_ID, CKF_SERIAL_SESSION, NULL, NULL, &session); - assert (rv == CKR_TOKEN_NOT_PRESENT); - rv = (module->C_OpenSession) (0, CKF_SERIAL_SESSION, NULL, NULL, &session); - assert (rv == CKR_SLOT_ID_INVALID); - - rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_SERIAL_SESSION, NULL, NULL, &session); - assert (rv == CKR_OK); - assert (session != 0); - - rv = (module->C_CloseSession) (session); - assert (rv == CKR_OK); - - rv = (module->C_CloseSession) (session); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - teardown_mock_module (module); -} - -static void -test_close_all_sessions (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_RV rv; - - module = setup_mock_module (NULL); - - rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_SERIAL_SESSION, NULL, NULL, &session); - assert (rv == CKR_OK); - assert (session != 0); - - rv = (module->C_CloseAllSessions) (MOCK_SLOT_ONE_ID); - assert (rv == CKR_OK); - - rv = (module->C_CloseSession) (session); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - teardown_mock_module (module); -} - -static void -test_get_function_status (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_GetFunctionStatus) (session); - assert (rv == CKR_FUNCTION_NOT_PARALLEL); - - teardown_mock_module (module); -} - -static void -test_cancel_function (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_CancelFunction) (session); - assert (rv == CKR_FUNCTION_NOT_PARALLEL); - - teardown_mock_module (module); -} - -static void -test_get_session_info (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_SESSION_INFO info; - CK_RV rv; - - module = setup_mock_module (NULL); - - rv = (module->C_GetSessionInfo) (0, &info); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_SERIAL_SESSION, NULL, NULL, &session); - assert (rv == CKR_OK); - assert (session != 0); - - rv = (module->C_GetSessionInfo) (session, &info); - assert (rv == CKR_OK); - assert_num_eq (MOCK_SLOT_ONE_ID, info.slotID); - assert_num_eq (CKS_RO_PUBLIC_SESSION, info.state); - assert_num_eq (CKF_SERIAL_SESSION, info.flags); - assert_num_eq (1414, info.ulDeviceError); - - rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_RW_SESSION | CKF_SERIAL_SESSION, NULL, NULL, &session); - assert (rv == CKR_OK); - assert (session != 0); - - rv = (module->C_GetSessionInfo) (session, &info); - assert (rv == CKR_OK); - assert_num_eq (MOCK_SLOT_ONE_ID, info.slotID); - assert_num_eq (CKS_RW_PUBLIC_SESSION, info.state); - assert_num_eq (CKF_SERIAL_SESSION | CKF_RW_SESSION, info.flags); - assert_num_eq (1414, info.ulDeviceError); - - teardown_mock_module (module); -} - -static void -test_init_pin (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_InitPIN) (0, (CK_UTF8CHAR_PTR)"TEST PIN", 8); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_InitPIN) (session, (CK_UTF8CHAR_PTR)"TEST PIN", 8); - assert (rv == CKR_OK); - - rv = (module->C_InitPIN) (session, (CK_UTF8CHAR_PTR)"OTHER", 5); - assert (rv == CKR_PIN_INVALID); - - teardown_mock_module (module); -} - -static void -test_set_pin (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_SetPIN) (0, (CK_UTF8CHAR_PTR)"booo", 4, (CK_UTF8CHAR_PTR)"TEST PIN", 8); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_SetPIN) (session, (CK_UTF8CHAR_PTR)"booo", 4, (CK_UTF8CHAR_PTR)"TEST PIN", 8); - assert (rv == CKR_OK); - - rv = (module->C_SetPIN) (session, (CK_UTF8CHAR_PTR)"other", 5, (CK_UTF8CHAR_PTR)"OTHER", 5); - assert (rv == CKR_PIN_INCORRECT); - - teardown_mock_module (module); -} - -static void -test_operation_state (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_BYTE state[128]; - CK_ULONG state_len; - CK_SESSION_HANDLE session = 0; - CK_RV rv; - - module = setup_mock_module (&session); - - state_len = sizeof (state); - rv = (module->C_GetOperationState) (0, state, &state_len); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - state_len = sizeof (state); - rv = (module->C_GetOperationState) (session, state, &state_len); - assert (rv == CKR_OK); - - rv = (module->C_SetOperationState) (session, state, state_len, 355, 455); - assert (rv == CKR_OK); - - rv = (module->C_SetOperationState) (0, state, state_len, 355, 455); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - teardown_mock_module (module); -} - -static void -test_login_logout (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_Login) (0, CKU_USER, (CK_UTF8CHAR_PTR)"booo", 4); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_Login) (session, CKU_USER, (CK_UTF8CHAR_PTR)"bo", 2); - assert (rv == CKR_PIN_INCORRECT); - - rv = (module->C_Login) (session, CKU_USER, (CK_UTF8CHAR_PTR)"booo", 4); - assert (rv == CKR_OK); - - rv = (module->C_Logout) (session); - assert (rv == CKR_OK); - - rv = (module->C_Logout) (session); - assert (rv == CKR_USER_NOT_LOGGED_IN); - - teardown_mock_module (module); -} - -static void -test_get_attribute_value (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_ATTRIBUTE attrs[8]; - char label[32]; - CK_OBJECT_CLASS klass; - CK_RV rv; - - module = setup_mock_module (&session); - - attrs[0].type = CKA_CLASS; - attrs[0].pValue = &klass; - attrs[0].ulValueLen = sizeof (klass); - attrs[1].type = CKA_LABEL; - attrs[1].pValue = label; - attrs[1].ulValueLen = 2; /* too small */ - attrs[2].type = CKA_BITS_PER_PIXEL; - attrs[2].pValue = NULL; - attrs[2].ulValueLen = 0; - - rv = (module->C_GetAttributeValue) (session, MOCK_PRIVATE_KEY_CAPITALIZE, attrs, 3); - assert (rv == CKR_USER_NOT_LOGGED_IN); - - rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 2); - assert (rv == CKR_BUFFER_TOO_SMALL); - - /* Get right size */ - attrs[1].pValue = NULL; - attrs[1].ulValueLen = 0; - - rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 2); - assert (rv == CKR_OK); - - rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 3); - assert (rv == CKR_ATTRIBUTE_TYPE_INVALID); - - assert_num_eq (CKO_PUBLIC_KEY, klass); - assert_num_eq (21, attrs[1].ulValueLen); - assert_ptr_eq (NULL, attrs[1].pValue); - attrs[1].pValue = label; - attrs[1].ulValueLen = sizeof (label); - assert ((CK_ULONG)-1 == attrs[2].ulValueLen); - assert_ptr_eq (NULL, attrs[2].pValue); - - rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 3); - assert (rv == CKR_ATTRIBUTE_TYPE_INVALID); - - assert_num_eq (CKO_PUBLIC_KEY, klass); - assert_num_eq (21, attrs[1].ulValueLen); - assert_ptr_eq (label, attrs[1].pValue); - assert (memcmp (label, "Public Capitalize Key", attrs[1].ulValueLen) == 0); - assert ((CK_ULONG)-1 == attrs[2].ulValueLen); - assert_ptr_eq (NULL, attrs[2].pValue); - - teardown_mock_module (module); -} - -static void -test_set_attribute_value (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_ATTRIBUTE attrs[8]; - char label[32]; - CK_ULONG bits; - CK_RV rv; - - module = setup_mock_module (&session); - - strcpy (label, "Blahooo"); - bits = 1555; - - attrs[0].type = CKA_LABEL; - attrs[0].pValue = label; - attrs[0].ulValueLen = strlen (label); - attrs[1].type = CKA_BITS_PER_PIXEL; - attrs[1].pValue = &bits; - attrs[1].ulValueLen = sizeof (bits); - - rv = (module->C_SetAttributeValue) (session, MOCK_PRIVATE_KEY_CAPITALIZE, attrs, 2); - assert (rv == CKR_USER_NOT_LOGGED_IN); - - rv = (module->C_SetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 2); - assert (rv == CKR_OK); - - memset (label, 0, sizeof (label)); - bits = 0; - - rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 2); - assert (rv == CKR_OK); - - assert_num_eq (bits, 1555); - assert_num_eq (7, attrs[0].ulValueLen); - assert (memcmp (label, "Blahooo", attrs[0].ulValueLen) == 0); - - teardown_mock_module (module); -} - -static void -test_create_object (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_OBJECT_HANDLE object; - CK_ATTRIBUTE attrs[8]; - char label[32]; - CK_ULONG bits; - CK_RV rv; - - module = setup_mock_module (&session); - - strcpy (label, "Blahooo"); - bits = 1555; - - attrs[0].type = CKA_LABEL; - attrs[0].pValue = label; - attrs[0].ulValueLen = strlen (label); - attrs[1].type = CKA_BITS_PER_PIXEL; - attrs[1].pValue = &bits; - attrs[1].ulValueLen = sizeof (bits); - - rv = (module->C_CreateObject) (0, attrs, 2, &object); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_CreateObject) (session, attrs, 2, &object); - assert (rv == CKR_OK); - - attrs[0].ulValueLen = sizeof (label); - memset (label, 0, sizeof (label)); - bits = 0; - - rv = (module->C_GetAttributeValue) (session, object, attrs, 2); - assert (rv == CKR_OK); - - assert_num_eq (bits, 1555); - assert_num_eq (7, attrs[0].ulValueLen); - assert (memcmp (label, "Blahooo", attrs[0].ulValueLen) == 0); - - teardown_mock_module (module); -} - -static void -test_copy_object (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_OBJECT_HANDLE object; - CK_ATTRIBUTE attrs[8]; - char label[32]; - CK_ULONG bits; - CK_RV rv; - - module = setup_mock_module (&session); - - bits = 1555; - - attrs[0].type = CKA_BITS_PER_PIXEL; - attrs[0].pValue = &bits; - attrs[0].ulValueLen = sizeof (bits); - - rv = (module->C_CopyObject) (session, 1333, attrs, 1, &object); - assert (rv == CKR_OBJECT_HANDLE_INVALID); - - rv = (module->C_CopyObject) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 1, &object); - assert (rv == CKR_OK); - - attrs[1].type = CKA_LABEL; - attrs[1].pValue = label; - attrs[1].ulValueLen = sizeof (label); - bits = 0; - - rv = (module->C_GetAttributeValue) (session, object, attrs, 2); - assert (rv == CKR_OK); - - assert_num_eq (bits, 1555); - assert_num_eq (21, attrs[1].ulValueLen); - assert (memcmp (label, "Public Capitalize Key", attrs[1].ulValueLen) == 0); - - teardown_mock_module (module); -} - -static void -test_destroy_object (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_ATTRIBUTE attrs[8]; - char label[32]; - CK_RV rv; - - module = setup_mock_module (&session); - - attrs[0].type = CKA_LABEL; - attrs[0].pValue = label; - attrs[0].ulValueLen = sizeof (label); - - rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 1); - assert (rv == CKR_OK); - - rv = (module->C_DestroyObject) (0, MOCK_PUBLIC_KEY_CAPITALIZE); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_DestroyObject) (session, MOCK_PUBLIC_KEY_CAPITALIZE); - assert (rv == CKR_OK); - - rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 1); - assert (rv == CKR_OBJECT_HANDLE_INVALID); - - teardown_mock_module (module); -} - -static void -test_get_object_size (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_ULONG size; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_GetObjectSize) (session, 1333, &size); - assert (rv == CKR_OBJECT_HANDLE_INVALID); - - rv = (module->C_GetObjectSize) (session, MOCK_PUBLIC_KEY_CAPITALIZE, &size); - assert (rv == CKR_OK); - - /* The number here is the length of all attributes added up */ - assert_num_eq (sizeof (CK_ULONG) == 8 ? 44 : 36, size); - - teardown_mock_module (module); -} - -static void -test_find_objects (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_OBJECT_CLASS klass = CKO_PUBLIC_KEY; - CK_ATTRIBUTE attr = { CKA_CLASS, &klass, sizeof (klass) }; - CK_OBJECT_HANDLE objects[16]; - CK_ULONG count; - CK_ULONG i; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_FindObjectsInit) (0, &attr, 1); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_FindObjectsInit) (session, &attr, 1); - assert (rv == CKR_OK); - - rv = (module->C_FindObjects) (0, objects, 16, &count); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_FindObjects) (session, objects, 16, &count); - assert (rv == CKR_OK); - - assert (count < 16); - - /* Make sure we get the capitalize public key */ - for (i = 0; i < count; i++) { - if (objects[i] == MOCK_PUBLIC_KEY_CAPITALIZE) - break; - } - assert (i != count); - - /* Make sure we get the prefix public key */ - for (i = 0; i < count; i++) { - if (objects[i] == MOCK_PUBLIC_KEY_PREFIX) - break; - } - assert (i != count); - - /* Make sure all public keys */ - for (i = 0; i < count; i++) { - klass = (CK_ULONG)-1; - rv = (module->C_GetAttributeValue) (session, objects[i], &attr, 1); - assert (rv == CKR_OK); - assert_num_eq (CKO_PUBLIC_KEY, klass); - } - - rv = (module->C_FindObjectsFinal) (session); - assert (rv == CKR_OK); - - rv = (module->C_FindObjectsFinal) (session); - assert (rv == CKR_OPERATION_NOT_INITIALIZED); - - teardown_mock_module (module); -} - -static void -test_encrypt (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 }; - CK_BYTE data[128]; - CK_ULONG length; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_PREFIX); - assert (rv == CKR_KEY_HANDLE_INVALID); - - rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_CAPITALIZE); - assert (rv == CKR_OK); - - length = sizeof (data); - rv = (module->C_Encrypt) (0, (CK_BYTE_PTR)"blah", 4, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (data); - rv = (module->C_Encrypt) (session, (CK_BYTE_PTR)"blah", 4, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (4, length); - assert (memcmp (data, "BLAH", 4) == 0); - - rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_CAPITALIZE); - assert (rv == CKR_OK); - - length = sizeof (data); - rv = (module->C_EncryptUpdate) (0, (CK_BYTE_PTR)"blah", 4, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (data); - rv = (module->C_EncryptUpdate) (session, (CK_BYTE_PTR)"sLurm", 5, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (5, length); - assert (memcmp (data, "SLURM", 5) == 0); - - length = sizeof (data); - rv = (module->C_EncryptFinal) (0, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (data); - rv = (module->C_EncryptFinal) (session, data, &length); - assert (rv == CKR_OK); - - teardown_mock_module (module); -} - -static void -test_decrypt (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 }; - CK_BYTE data[128]; - CK_ULONG length; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); - - rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_PREFIX); - assert (rv == CKR_KEY_HANDLE_INVALID); - - rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_CAPITALIZE); - assert (rv == CKR_OK); - - length = sizeof (data); - rv = (module->C_Decrypt) (0, (CK_BYTE_PTR)"bLAH", 4, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (data); - rv = (module->C_Decrypt) (session, (CK_BYTE_PTR)"BLAh", 4, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (4, length); - assert (memcmp (data, "blah", 4) == 0); - - rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_CAPITALIZE); - assert (rv == CKR_OK); - - length = sizeof (data); - rv = (module->C_DecryptUpdate) (0, (CK_BYTE_PTR)"blah", 4, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (data); - rv = (module->C_DecryptUpdate) (session, (CK_BYTE_PTR)"sLuRM", 5, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (5, length); - assert (memcmp (data, "slurm", 5) == 0); - - length = sizeof (data); - rv = (module->C_DecryptFinal) (0, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (data); - rv = (module->C_DecryptFinal) (session, data, &length); - assert (rv == CKR_OK); - - teardown_mock_module (module); -} - -static void -test_digest (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_MECHANISM mech = { CKM_MOCK_COUNT, NULL, 0 }; - CK_BYTE digest[128]; - CK_ULONG length; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_DigestInit) (0, &mech); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_DigestInit) (session, &mech); - assert (rv == CKR_OK); - - length = sizeof (digest); - rv = (module->C_Digest) (0, (CK_BYTE_PTR)"bLAH", 4, digest, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (digest); - rv = (module->C_Digest) (session, (CK_BYTE_PTR)"BLAh", 4, digest, &length); - assert (rv == CKR_OK); - - assert_num_eq (1, length); - assert (memcmp (digest, "4", 1) == 0); - - rv = (module->C_DigestInit) (session, &mech); - assert (rv == CKR_OK); - - rv = (module->C_DigestUpdate) (0, (CK_BYTE_PTR)"blah", 4); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_DigestUpdate) (session, (CK_BYTE_PTR)"sLuRM", 5); - assert (rv == CKR_OK); - - /* Adds the the value of object handle to hash: 6 */ - assert_num_eq (6, MOCK_PUBLIC_KEY_PREFIX); - rv = (module->C_DigestKey) (session, MOCK_PUBLIC_KEY_PREFIX); - assert (rv == CKR_OK); - - rv = (module->C_DigestUpdate) (session, (CK_BYTE_PTR)"Other", 5); - assert (rv == CKR_OK); - - length = sizeof (digest); - rv = (module->C_DigestFinal) (0, digest, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (digest); - rv = (module->C_DigestFinal) (session, digest, &length); - assert (rv == CKR_OK); - - assert_num_eq (2, length); - assert (memcmp (digest, "16", 2) == 0); - - teardown_mock_module (module); -} - -static void -test_sign (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_MECHANISM mech = { CKM_MOCK_PREFIX, "prefix:", 7 }; - CK_BYTE signature[128]; - CK_ULONG length; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); - - rv = (module->C_SignInit) (0, &mech, MOCK_PRIVATE_KEY_PREFIX); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_SignInit) (session, &mech, MOCK_PRIVATE_KEY_PREFIX); - assert (rv == CKR_OK); - - rv = (module->C_Login) (session, CKU_CONTEXT_SPECIFIC, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); - - length = sizeof (signature); - rv = (module->C_Sign) (0, (CK_BYTE_PTR)"bLAH", 4, signature, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (signature); - rv = (module->C_Sign) (session, (CK_BYTE_PTR)"BLAh", 4, signature, &length); - assert (rv == CKR_OK); - - assert_num_eq (13, length); - assert (memcmp (signature, "prefix:value4", 13) == 0); - - rv = (module->C_SignInit) (session, &mech, MOCK_PRIVATE_KEY_PREFIX); - assert (rv == CKR_OK); - - rv = (module->C_Login) (session, CKU_CONTEXT_SPECIFIC, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); - - rv = (module->C_SignUpdate) (0, (CK_BYTE_PTR)"blah", 4); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_SignUpdate) (session, (CK_BYTE_PTR)"sLuRM", 5); - assert (rv == CKR_OK); - - rv = (module->C_SignUpdate) (session, (CK_BYTE_PTR)"Other", 5); - assert (rv == CKR_OK); - - length = sizeof (signature); - rv = (module->C_SignFinal) (0, signature, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (signature); - rv = (module->C_SignFinal) (session, signature, &length); - assert (rv == CKR_OK); - - assert_num_eq (14, length); - assert (memcmp (signature, "prefix:value10", 2) == 0); - - teardown_mock_module (module); -} - -static void -test_sign_recover (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_MECHANISM mech = { CKM_MOCK_PREFIX, "prefix:", 7 }; - CK_BYTE signature[128]; - CK_ULONG length; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); - - rv = (module->C_SignRecoverInit) (0, &mech, MOCK_PRIVATE_KEY_PREFIX); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_SignRecoverInit) (session, &mech, MOCK_PRIVATE_KEY_PREFIX); - assert (rv == CKR_OK); - - rv = (module->C_Login) (session, CKU_CONTEXT_SPECIFIC, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); - - length = sizeof (signature); - rv = (module->C_SignRecover) (0, (CK_BYTE_PTR)"bLAH", 4, signature, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (signature); - rv = (module->C_SignRecover) (session, (CK_BYTE_PTR)"BLAh", 4, signature, &length); - assert (rv == CKR_OK); - - assert_num_eq (16, length); - assert (memcmp (signature, "prefix:valueBLAh", 16) == 0); - - teardown_mock_module (module); -} - -static void -test_verify (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_MECHANISM mech = { CKM_MOCK_PREFIX, "prefix:", 7 }; - CK_BYTE signature[128]; - CK_ULONG length; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_VerifyInit) (0, &mech, MOCK_PUBLIC_KEY_PREFIX); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_VerifyInit) (session, &mech, MOCK_PUBLIC_KEY_PREFIX); - assert (rv == CKR_OK); - - length = 13; - memcpy (signature, "prefix:value4", length); - rv = (module->C_Verify) (0, (CK_BYTE_PTR)"bLAH", 4, signature, 5); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_Verify) (session, (CK_BYTE_PTR)"BLAh", 4, signature, length); - assert (rv == CKR_OK); - - rv = (module->C_VerifyInit) (session, &mech, MOCK_PUBLIC_KEY_PREFIX); - assert (rv == CKR_OK); - - rv = (module->C_VerifyUpdate) (0, (CK_BYTE_PTR)"blah", 4); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_VerifyUpdate) (session, (CK_BYTE_PTR)"sLuRM", 5); - assert (rv == CKR_OK); - - rv = (module->C_VerifyUpdate) (session, (CK_BYTE_PTR)"Other", 5); - assert (rv == CKR_OK); - - length = 14; - memcpy (signature, "prefix:value10", length); - - rv = (module->C_VerifyFinal) (session, signature, 5); - assert (rv == CKR_SIGNATURE_LEN_RANGE); - - rv = (module->C_VerifyFinal) (session, signature, length); - assert (rv == CKR_OK); - - teardown_mock_module (module); -} - -static void -test_verify_recover (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_MECHANISM mech = { CKM_MOCK_PREFIX, "prefix:", 7 }; - CK_BYTE data[128]; - CK_ULONG length; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_VerifyRecoverInit) (0, &mech, MOCK_PUBLIC_KEY_PREFIX); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_VerifyRecoverInit) (session, &mech, MOCK_PUBLIC_KEY_PREFIX); - assert (rv == CKR_OK); - - length = sizeof (data); - rv = (module->C_VerifyRecover) (0, (CK_BYTE_PTR)"prefix:valueBLah", 16, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (data); - rv = (module->C_VerifyRecover) (session, (CK_BYTE_PTR)"prefix:valueBLah", 16, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (4, length); - assert (memcmp (data, "BLah", 4) == 0); - - teardown_mock_module (module); -} - -static void -test_digest_encrypt (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 }; - CK_MECHANISM dmech = { CKM_MOCK_COUNT, NULL, 0 }; - CK_BYTE data[128]; - CK_ULONG length; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_CAPITALIZE); - assert (rv == CKR_OK); - - rv = (module->C_DigestInit) (session, &dmech); - assert (rv == CKR_OK); - - length = sizeof (data); - rv = (module->C_DigestEncryptUpdate) (0, (CK_BYTE_PTR)"blah", 4, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (data); - rv = (module->C_DigestEncryptUpdate) (session, (CK_BYTE_PTR)"blah", 4, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (4, length); - assert (memcmp (data, "BLAH", 4) == 0); - - length = sizeof (data); - rv = (module->C_EncryptFinal) (session, data, &length); - assert (rv == CKR_OK); - - length = sizeof (data); - rv = (module->C_DigestFinal) (session, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (1, length); - assert (memcmp (data, "4", 1) == 0); - - teardown_mock_module (module); -} - -static void -test_decrypt_digest (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 }; - CK_MECHANISM dmech = { CKM_MOCK_COUNT, NULL, 0 }; - CK_BYTE data[128]; - CK_ULONG length; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); - - rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_CAPITALIZE); - assert (rv == CKR_OK); - - rv = (module->C_DigestInit) (session, &dmech); - assert (rv == CKR_OK); - - length = sizeof (data); - rv = (module->C_DecryptDigestUpdate) (0, (CK_BYTE_PTR)"BLAH", 4, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (data); - rv = (module->C_DecryptDigestUpdate) (session, (CK_BYTE_PTR)"BLAH", 4, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (4, length); - assert (memcmp (data, "blah", 4) == 0); - - length = sizeof (data); - rv = (module->C_DecryptFinal) (session, data, &length); - assert (rv == CKR_OK); - - length = sizeof (data); - rv = (module->C_DigestFinal) (session, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (1, length); - assert (memcmp (data, "4", 1) == 0); - - teardown_mock_module (module); -} - -static void -test_sign_encrypt (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 }; - CK_MECHANISM smech = { CKM_MOCK_PREFIX, "p:", 2 }; - CK_BYTE data[128]; - CK_ULONG length; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); - - rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_CAPITALIZE); - assert (rv == CKR_OK); - - rv = (module->C_SignInit) (session, &smech, MOCK_PRIVATE_KEY_PREFIX); - assert (rv == CKR_OK); - - rv = (module->C_Login) (session, CKU_CONTEXT_SPECIFIC, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); - - length = sizeof (data); - rv = (module->C_SignEncryptUpdate) (0, (CK_BYTE_PTR)"blah", 4, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (data); - rv = (module->C_SignEncryptUpdate) (session, (CK_BYTE_PTR)"blah", 4, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (4, length); - assert (memcmp (data, "BLAH", 4) == 0); - - length = sizeof (data); - rv = (module->C_EncryptFinal) (session, data, &length); - assert (rv == CKR_OK); - - length = sizeof (data); - rv = (module->C_SignFinal) (session, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (8, length); - assert (memcmp (data, "p:value4", 1) == 0); - - teardown_mock_module (module); -} - -static void -test_decrypt_verify (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 }; - CK_MECHANISM vmech = { CKM_MOCK_PREFIX, "p:", 2 }; - CK_BYTE data[128]; - CK_ULONG length; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); - - rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_CAPITALIZE); - assert (rv == CKR_OK); - - rv = (module->C_VerifyInit) (session, &vmech, MOCK_PUBLIC_KEY_PREFIX); - assert (rv == CKR_OK); - - length = sizeof (data); - rv = (module->C_DecryptVerifyUpdate) (0, (CK_BYTE_PTR)"BLAH", 4, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (data); - rv = (module->C_DecryptVerifyUpdate) (session, (CK_BYTE_PTR)"BLAH", 4, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (4, length); - assert (memcmp (data, "blah", 4) == 0); - - length = sizeof (data); - rv = (module->C_DecryptFinal) (session, data, &length); - assert (rv == CKR_OK); - - rv = (module->C_VerifyFinal) (session, (CK_BYTE_PTR)"p:value4", 8); - assert (rv == CKR_OK); - - teardown_mock_module (module); -} - -static void -test_generate_key (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_OBJECT_HANDLE object; - CK_MECHANISM mech = { CKM_MOCK_GENERATE, NULL, 0 }; - CK_ATTRIBUTE attrs[8]; - char label[32]; - char value[64]; - CK_ULONG bits; - CK_RV rv; - - module = setup_mock_module (&session); - - strcpy (label, "Blahooo"); - bits = 1555; - - attrs[0].type = CKA_LABEL; - attrs[0].pValue = label; - attrs[0].ulValueLen = strlen (label); - attrs[1].type = CKA_BITS_PER_PIXEL; - attrs[1].pValue = &bits; - attrs[1].ulValueLen = sizeof (bits); - - rv = (module->C_GenerateKey) (session, &mech, attrs, 2, &object); - assert (rv == CKR_MECHANISM_PARAM_INVALID); - - mech.pParameter = "generate"; - mech.ulParameterLen = 9; - - rv = (module->C_GenerateKey) (session, &mech, attrs, 2, &object); - assert (rv == CKR_OK); - - attrs[0].ulValueLen = sizeof (label); - memset (label, 0, sizeof (label)); - bits = 0; - attrs[2].type = CKA_VALUE; - attrs[2].pValue = value; - attrs[2].ulValueLen = sizeof (value); - - rv = (module->C_GetAttributeValue) (session, object, attrs, 3); - assert (rv == CKR_OK); - - assert_num_eq (bits, 1555); - assert_num_eq (7, attrs[0].ulValueLen); - assert (memcmp (label, "Blahooo", attrs[0].ulValueLen) == 0); - assert_num_eq (9, attrs[2].ulValueLen); - assert (memcmp (value, "generated", attrs[2].ulValueLen) == 0); - - teardown_mock_module (module); -} - -static void -test_generate_key_pair (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_OBJECT_HANDLE pub_object; - CK_OBJECT_HANDLE priv_object; - CK_MECHANISM mech = { CKM_MOCK_GENERATE, "generated", 9 }; - CK_ATTRIBUTE pub_attrs[8]; - CK_ATTRIBUTE priv_attrs[8]; - char pub_label[32]; - char pub_value[64]; - char priv_label[32]; - char priv_value[64]; - CK_ULONG pub_bits; - CK_ULONG priv_bits; - CK_RV rv; - - module = setup_mock_module (&session); - - strcpy (pub_label, "Blahooo"); - pub_bits = 1555; - pub_attrs[0].type = CKA_LABEL; - pub_attrs[0].pValue = pub_label; - pub_attrs[0].ulValueLen = strlen (pub_label); - pub_attrs[1].type = CKA_BITS_PER_PIXEL; - pub_attrs[1].pValue = &pub_bits; - pub_attrs[1].ulValueLen = sizeof (pub_bits); - - strcpy (priv_label, "Private"); - priv_bits = 1666; - priv_attrs[0].type = CKA_LABEL; - priv_attrs[0].pValue = priv_label; - priv_attrs[0].ulValueLen = strlen (priv_label); - priv_attrs[1].type = CKA_BITS_PER_PIXEL; - priv_attrs[1].pValue = &priv_bits; - priv_attrs[1].ulValueLen = sizeof (priv_bits); - - rv = (module->C_GenerateKeyPair) (0, &mech, pub_attrs, 2, priv_attrs, 2, - &pub_object, &priv_object); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - mech.pParameter = "generate"; - mech.ulParameterLen = 9; - - rv = (module->C_GenerateKeyPair) (session, &mech, pub_attrs, 2, priv_attrs, 2, - &pub_object, &priv_object); - assert (rv == CKR_OK); - - pub_bits = 0; - pub_attrs[0].ulValueLen = sizeof (pub_label); - memset (pub_label, 0, sizeof (pub_label)); - pub_attrs[2].type = CKA_VALUE; - pub_attrs[2].pValue = pub_value; - pub_attrs[2].ulValueLen = sizeof (pub_value); - - rv = (module->C_GetAttributeValue) (session, pub_object, pub_attrs, 3); - assert (rv == CKR_OK); - - assert_num_eq (1555, pub_bits); - assert_num_eq (7, pub_attrs[0].ulValueLen); - assert (memcmp (pub_label, "Blahooo", pub_attrs[0].ulValueLen) == 0); - assert_num_eq (9, pub_attrs[2].ulValueLen); - assert (memcmp (pub_value, "generated", pub_attrs[2].ulValueLen) == 0); - - priv_bits = 0; - priv_attrs[0].ulValueLen = sizeof (priv_label); - memset (priv_label, 0, sizeof (priv_label)); - priv_attrs[2].type = CKA_VALUE; - priv_attrs[2].pValue = priv_value; - priv_attrs[2].ulValueLen = sizeof (priv_value); - - rv = (module->C_GetAttributeValue) (session, priv_object, priv_attrs, 3); - assert (rv == CKR_OK); - - assert_num_eq (1666, priv_bits); - assert_num_eq (7, priv_attrs[0].ulValueLen); - assert (memcmp (priv_label, "Private", priv_attrs[0].ulValueLen) == 0); - assert_num_eq (9, priv_attrs[2].ulValueLen); - assert (memcmp (priv_value, "generated", priv_attrs[2].ulValueLen) == 0); - - teardown_mock_module (module); -} - -static void -test_wrap_key (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_MECHANISM mech = { CKM_MOCK_WRAP, NULL, 0 }; - CK_BYTE data[128]; - CK_ULONG length; - CK_RV rv; - - module = setup_mock_module (&session); - - length = sizeof (data); - rv = (module->C_WrapKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, MOCK_PUBLIC_KEY_PREFIX, data, &length); - assert (rv == CKR_MECHANISM_PARAM_INVALID); - - mech.pParameter = "wrap"; - mech.ulParameterLen = 4; - - rv = (module->C_WrapKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, MOCK_PUBLIC_KEY_PREFIX, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (5, length); - assert (memcmp (data, "value", 5) == 0); - - teardown_mock_module (module); -} - -static void -test_unwrap_key (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_OBJECT_HANDLE object; - CK_MECHANISM mech = { CKM_MOCK_WRAP, NULL, 0 }; - CK_ATTRIBUTE attrs[8]; - char label[32]; - char value[64]; - CK_ULONG bits; - CK_RV rv; - - module = setup_mock_module (&session); - - strcpy (label, "Blahooo"); - bits = 1555; - - attrs[0].type = CKA_LABEL; - attrs[0].pValue = label; - attrs[0].ulValueLen = strlen (label); - attrs[1].type = CKA_BITS_PER_PIXEL; - attrs[1].pValue = &bits; - attrs[1].ulValueLen = sizeof (bits); - - rv = (module->C_UnwrapKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, - (CK_BYTE_PTR)"wheee", 5, attrs, 2, &object); - assert (rv == CKR_MECHANISM_PARAM_INVALID); - - mech.pParameter = "wrap"; - mech.ulParameterLen = 4; - - rv = (module->C_UnwrapKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, - (CK_BYTE_PTR)"wheee", 5, attrs, 2, &object); - assert (rv == CKR_OK); - - attrs[0].ulValueLen = sizeof (label); - memset (label, 0, sizeof (label)); - bits = 0; - attrs[2].type = CKA_VALUE; - attrs[2].pValue = value; - attrs[2].ulValueLen = sizeof (value); - - rv = (module->C_GetAttributeValue) (session, object, attrs, 3); - assert (rv == CKR_OK); - - assert_num_eq (bits, 1555); - assert_num_eq (7, attrs[0].ulValueLen); - assert (memcmp (label, "Blahooo", attrs[0].ulValueLen) == 0); - assert_num_eq (5, attrs[2].ulValueLen); - assert (memcmp (value, "wheee", attrs[2].ulValueLen) == 0); - - teardown_mock_module (module); -} - -static void -test_derive_key (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_OBJECT_HANDLE object; - CK_MECHANISM mech = { CKM_MOCK_DERIVE, NULL, 0 }; - CK_ATTRIBUTE attrs[8]; - char label[32]; - char value[64]; - CK_ULONG bits; - CK_RV rv; - - module = setup_mock_module (&session); - - strcpy (label, "Blahooo"); - bits = 1555; - - attrs[0].type = CKA_LABEL; - attrs[0].pValue = label; - attrs[0].ulValueLen = strlen (label); - attrs[1].type = CKA_BITS_PER_PIXEL; - attrs[1].pValue = &bits; - attrs[1].ulValueLen = sizeof (bits); - - rv = (module->C_DeriveKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, - attrs, 2, &object); - assert (rv == CKR_MECHANISM_PARAM_INVALID); - - mech.pParameter = "derive"; - mech.ulParameterLen = 6; - - rv = (module->C_DeriveKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, - attrs, 2, &object); - assert (rv == CKR_OK); - - attrs[0].ulValueLen = sizeof (label); - memset (label, 0, sizeof (label)); - bits = 0; - attrs[2].type = CKA_VALUE; - attrs[2].pValue = value; - attrs[2].ulValueLen = sizeof (value); - - rv = (module->C_GetAttributeValue) (session, object, attrs, 3); - assert (rv == CKR_OK); - - assert_num_eq (bits, 1555); - assert_num_eq (7, attrs[0].ulValueLen); - assert (memcmp (label, "Blahooo", attrs[0].ulValueLen) == 0); - assert_num_eq (7, attrs[2].ulValueLen); - assert (memcmp (value, "derived", attrs[2].ulValueLen) == 0); - - teardown_mock_module (module); -} - -static void -test_random (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_BYTE data[10]; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_SeedRandom) (0, (CK_BYTE_PTR)"seed", 4); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_SeedRandom) (session, (CK_BYTE_PTR)"seed", 4); - assert (rv == CKR_OK); - - rv = (module->C_GenerateRandom) (0, data, sizeof (data)); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_GenerateRandom) (session, data, sizeof (data)); - assert (rv == CKR_OK); - - assert (memcmp (data, "seedseedse", sizeof (data)) == 0); - - teardown_mock_module (module); -} - -static void -test_mock_add_tests (const char *prefix) -{ - p11_fixture (NULL, NULL); - p11_test (test_get_info, "%s/test_get_info", prefix); - p11_test (test_get_slot_list, "%s/test_get_slot_list", prefix); - p11_test (test_get_slot_info, "%s/test_get_slot_info", prefix); - p11_test (test_get_token_info, "%s/test_get_token_info", prefix); - p11_test (test_get_mechanism_list, "%s/test_get_mechanism_list", prefix); - p11_test (test_get_mechanism_info, "%s/test_get_mechanism_info", prefix); - p11_test (test_init_token, "%s/test_init_token", prefix); - p11_test (test_wait_for_slot_event, "%s/test_wait_for_slot_event", prefix); - p11_test (test_open_close_session, "%s/test_open_close_session", prefix); - p11_test (test_close_all_sessions, "%s/test_close_all_sessions", prefix); - p11_test (test_get_function_status, "%s/test_get_function_status", prefix); - p11_test (test_cancel_function, "%s/test_cancel_function", prefix); - p11_test (test_get_session_info, "%s/test_get_session_info", prefix); - p11_test (test_init_pin, "%s/test_init_pin", prefix); - p11_test (test_set_pin, "%s/test_set_pin", prefix); - p11_test (test_operation_state, "%s/test_operation_state", prefix); - p11_test (test_login_logout, "%s/test_login_logout", prefix); - p11_test (test_get_attribute_value, "%s/test_get_attribute_value", prefix); - p11_test (test_set_attribute_value, "%s/test_set_attribute_value", prefix); - p11_test (test_create_object, "%s/test_create_object", prefix); - p11_test (test_copy_object, "%s/test_copy_object", prefix); - p11_test (test_destroy_object, "%s/test_destroy_object", prefix); - p11_test (test_get_object_size, "%s/test_get_object_size", prefix); - p11_test (test_find_objects, "%s/test_find_objects", prefix); - p11_test (test_encrypt, "%s/test_encrypt", prefix); - p11_test (test_decrypt, "%s/test_decrypt", prefix); - p11_test (test_digest, "%s/test_digest", prefix); - p11_test (test_sign, "%s/test_sign", prefix); - p11_test (test_sign_recover, "%s/test_sign_recover", prefix); - p11_test (test_verify, "%s/test_verify", prefix); - p11_test (test_verify_recover, "%s/test_verify_recover", prefix); - p11_test (test_digest_encrypt, "%s/test_digest_encrypt", prefix); - p11_test (test_decrypt_digest, "%s/test_decrypt_digest", prefix); - p11_test (test_sign_encrypt, "%s/test_sign_encrypt", prefix); - p11_test (test_decrypt_verify, "%s/test_decrypt_verify", prefix); - p11_test (test_generate_key, "%s/test_generate_key", prefix); - p11_test (test_generate_key_pair, "%s/test_generate_key_pair", prefix); - p11_test (test_wrap_key, "%s/test_wrap_key", prefix); - p11_test (test_unwrap_key, "%s/test_unwrap_key", prefix); - p11_test (test_derive_key, "%s/test_derive_key", prefix); - p11_test (test_random, "%s/test_random", prefix); -} diff --git a/p11-kit/test-modules.c b/p11-kit/test-modules.c deleted file mode 100644 index 837e7ff..0000000 --- a/p11-kit/test-modules.c +++ /dev/null @@ -1,453 +0,0 @@ -/* - * Copyright (c) 2012, 2015 Red Hat Inc - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include -#include -#include -#include -#include - -#include "debug.h" -#include "library.h" -#include "p11-kit.h" -#include "private.h" -#include "dict.h" - -static CK_FUNCTION_LIST_PTR_PTR -initialize_and_get_modules (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - - modules = p11_kit_modules_load_and_initialize (0); - assert (modules != NULL && modules[0] != NULL); - - return modules; -} - -static void -finalize_and_free_modules (CK_FUNCTION_LIST_PTR_PTR modules) -{ - p11_kit_modules_finalize_and_release (modules); -} - -static void -test_no_duplicates (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - p11_dict *paths; - p11_dict *funcs; - char *path; - int i; - - modules = initialize_and_get_modules (); - paths = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); - funcs = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, NULL, NULL); - - /* The loaded modules should not contain duplicates */ - for (i = 0; modules[i] != NULL; i++) { - path = p11_kit_config_option (modules[i], "module"); - - if (p11_dict_get (funcs, modules[i])) - assert_fail ("found duplicate function list pointer", NULL); - if (p11_dict_get (paths, path)) - assert_fail ("found duplicate path name", NULL); - - if (!p11_dict_set (funcs, modules[i], "")) - assert_not_reached (); - if (!p11_dict_set (paths, path, "")) - assert_not_reached (); - - free (path); - } - - p11_dict_free (paths); - p11_dict_free (funcs); - finalize_and_free_modules (modules); -} - -static CK_FUNCTION_LIST_PTR -lookup_module_with_name (CK_FUNCTION_LIST_PTR_PTR modules, - const char *name) -{ - CK_FUNCTION_LIST_PTR match = NULL; - CK_FUNCTION_LIST_PTR module; - char *module_name; - int i; - - for (i = 0; match == NULL && modules[i] != NULL; i++) { - module_name = p11_kit_module_get_name (modules[i]); - assert_ptr_not_null (module_name); - if (strcmp (module_name, name) == 0) - match = modules[i]; - free (module_name); - } - - /* - * As a side effect, we should check that the results of this function - * matches the above search. - */ - module = p11_kit_module_for_name (modules, name); - if (module != match) - assert_fail ("different result from p11_kit_module_for_name ()", NULL); - - return match; -} - -static CK_FUNCTION_LIST_PTR -lookup_module_with_filename (CK_FUNCTION_LIST_PTR_PTR modules, - const char *name) -{ - CK_FUNCTION_LIST_PTR match = NULL; - char *module_name; - int i; - - for (i = 0; match == NULL && modules[i] != NULL; i++) { - module_name = p11_kit_module_get_filename (modules[i]); - assert_ptr_not_null (module_name); - if (strcmp (basename(module_name), name) == 0) - match = modules[i]; - free (module_name); - } - - return match; -} - -static void -test_disable (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - - /* - * The module four should be present, as we don't match any prognames - * that it has disabled. - */ - - modules = initialize_and_get_modules (); - assert (lookup_module_with_name (modules, "four") != NULL); - finalize_and_free_modules (modules); - - /* - * The module two shouldn't have been loaded, because in its config - * file we have: - * - * disable-in: test-disable - */ - - p11_kit_set_progname ("test-disable"); - - modules = initialize_and_get_modules (); - assert (lookup_module_with_name (modules, "four") == NULL); - finalize_and_free_modules (modules); - - p11_kit_set_progname (NULL); -} - -static void -test_filename (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - - /* - * The module four should be present, as we don't match any prognames - * that it has disabled. - */ - - modules = initialize_and_get_modules (); -#ifndef _WIN32 - assert (lookup_module_with_filename (modules, "mock-four.so") != NULL); -#endif - finalize_and_free_modules (modules); -} - -static void -test_disable_later (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - - /* - * The module two shouldn't be matched, because in its config - * file we have: - * - * disable-in: test-disable - */ - - p11_kit_set_progname ("test-disable"); - - modules = p11_kit_modules_load_and_initialize (0); - assert (modules != NULL && modules[0] != NULL); - - assert (lookup_module_with_name (modules, "two") == NULL); - finalize_and_free_modules (modules); - - p11_kit_set_progname (NULL); -} - -static void -test_enable (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - - /* - * The module three should not be present, as we don't match the current - * program. - */ - - modules = initialize_and_get_modules (); - assert (lookup_module_with_name (modules, "three") == NULL); - finalize_and_free_modules (modules); - - /* - * The module three should be loaded here , because in its config - * file we have: - * - * enable-in: test-enable - */ - - p11_kit_set_progname ("test-enable"); - - modules = initialize_and_get_modules (); - assert (lookup_module_with_name (modules, "three") != NULL); - finalize_and_free_modules (modules); - - p11_kit_set_progname (NULL); -} - -static void -test_priority (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - char *name; - int i; - - /* - * The expected order. - * - four is marked with a priority of 4, the highest therefore first - * - three is marked with a priority of 3, next highest - * - one and two do not have priority marked, so they default to zero - * and fallback to sorting alphabetically. 'o' comes before 't' - */ - - const char *expected[] = { "four", "three", "one", "two.badname" }; - - /* This enables module three */ - p11_kit_set_progname ("test-enable"); - - modules = initialize_and_get_modules (); - - /* The loaded modules should not contain duplicates */ - for (i = 0; modules[i] != NULL; i++) { - name = p11_kit_module_get_name (modules[i]); - assert_ptr_not_null (name); - - /* Either one of these can be loaded, as this is a duplicate module */ - if (strcmp (name, "two-duplicate") == 0) { - free (name); - name = strdup ("two.badname"); - } - - assert_str_eq (expected[i], name); - free (name); - } - - assert_num_eq (4, i); - finalize_and_free_modules (modules); -} - -static void -test_module_name (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - CK_FUNCTION_LIST_PTR module; - char *name; - - /* - * The module three should not be present, as we don't match the current - * program. - */ - - modules = initialize_and_get_modules (); - - module = p11_kit_module_for_name (modules, "one"); - assert_ptr_not_null (module); - name = p11_kit_module_get_name (module); - assert_str_eq ("one", name); - free (name); - - module = p11_kit_module_for_name (modules, "invalid"); - assert_ptr_eq (NULL, module); - - module = p11_kit_module_for_name (NULL, "one"); - assert_ptr_eq (NULL, module); - - finalize_and_free_modules (modules); -} - -static void -test_module_flags (void) -{ - CK_FUNCTION_LIST **modules; - CK_FUNCTION_LIST **unmanaged; - int flags; - - /* - * The module three should not be present, as we don't match the current - * program. - */ - - modules = initialize_and_get_modules (); - - flags = p11_kit_module_get_flags (modules[0]); - assert_num_eq (0, flags); - - unmanaged = p11_kit_modules_load (NULL, P11_KIT_MODULE_UNMANAGED); - assert (unmanaged != NULL && unmanaged[0] != NULL); - - flags = p11_kit_module_get_flags (unmanaged[0]); - assert_num_eq (P11_KIT_MODULE_UNMANAGED, flags); - - finalize_and_free_modules (modules); - p11_kit_modules_release (unmanaged); -} - -static void -test_module_trusted_only (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - char *name; - - modules = p11_kit_modules_load_and_initialize (P11_KIT_MODULE_TRUSTED); - assert_ptr_not_null (modules); - assert_ptr_not_null (modules[0]); - assert (modules[1] == NULL); - - name = p11_kit_module_get_name (modules[0]); - assert_str_eq (name, "one"); - free (name); - - assert_num_eq (p11_kit_module_get_flags (modules[0]), P11_KIT_MODULE_TRUSTED); - - finalize_and_free_modules (modules); -} - -static void -test_module_trust_flags (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - char *name; - int flags; - int i; - - modules = initialize_and_get_modules (); - assert_ptr_not_null (modules); - - for (i = 0; modules[i] != NULL; i++) { - name = p11_kit_module_get_name (modules[i]); - assert_ptr_not_null (name); - - flags = p11_kit_module_get_flags (modules[i]); - if (strcmp (name, "one") == 0) { - assert_num_eq (flags, P11_KIT_MODULE_TRUSTED); - } else { - assert_num_eq (flags, 0); - } - - free (name); - } - - finalize_and_free_modules (modules); -} - -static void -test_config_option (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - CK_FUNCTION_LIST_PTR module; - char *value; - - /* - * The module three should not be present, as we don't match the current - * program. - */ - - modules = initialize_and_get_modules (); - - value = p11_kit_config_option (NULL, "new"); - assert_str_eq ("world", value); - free (value); - - module = p11_kit_module_for_name (modules, "one"); - assert_ptr_not_null (module); - - value = p11_kit_config_option (module, "setting"); - assert_str_eq ("user1", value); - free (value); - - value = p11_kit_config_option (NULL, "invalid"); - assert_ptr_eq (NULL, value); - - value = p11_kit_config_option (module, "invalid"); - assert_ptr_eq (NULL, value); - - /* Invalid but non-NULL module pointer */ - value = p11_kit_config_option (module + 1, "setting"); - assert_ptr_eq (NULL, value); - - finalize_and_free_modules (modules); -} - -int -main (int argc, - char *argv[]) -{ - p11_library_init (); - - p11_test (test_filename, "/modules/test_filename"); - p11_test (test_no_duplicates, "/modules/test_no_duplicates"); - p11_test (test_disable, "/modules/test_disable"); - p11_test (test_disable_later, "/modules/test_disable_later"); - p11_test (test_enable, "/modules/test_enable"); - p11_test (test_priority, "/modules/test_priority"); - p11_test (test_module_name, "/modules/test_module_name"); - p11_test (test_module_flags, "/modules/test_module_flags"); - p11_test (test_config_option, "/modules/test_config_option"); - p11_test (test_module_trusted_only, "/modules/trusted-only"); - p11_test (test_module_trust_flags, "/modules/trust-flags"); - - p11_kit_be_quiet (); - - return p11_test_run (argc, argv); -} diff --git a/p11-kit/test-pin.c b/p11-kit/test-pin.c deleted file mode 100644 index 27e20c8..0000000 --- a/p11-kit/test-pin.c +++ /dev/null @@ -1,313 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include "library.h" - -#include -#include -#include -#include -#include - -#include "p11-kit/pin.h" -#include "p11-kit/private.h" - -static P11KitPin * -callback_one (const char *pin_source, P11KitUri *pin_uri, const char *pin_description, - P11KitPinFlags pin_flags, void *callback_data) -{ - int *data = callback_data; - assert (*data == 33); - return p11_kit_pin_new_for_buffer ((unsigned char*)strdup ("one"), 3, free); -} - -static P11KitPin* -callback_other (const char *pin_source, P11KitUri *pin_uri, const char *pin_description, - P11KitPinFlags pin_flags, void *callback_data) -{ - char *data = callback_data; - return p11_kit_pin_new_for_string (data); -} - -static void -destroy_data (void *callback_data) -{ - int *data = callback_data; - (*data)++; -} - -static void -test_pin_register_unregister (void) -{ - int data = 33; - - p11_kit_pin_register_callback ("/the/pin_source", callback_one, - &data, destroy_data); - - p11_kit_pin_unregister_callback ("/the/pin_source", callback_one, - &data); - - assert_num_eq (34, data); -} - -static void -test_pin_read (void) -{ - P11KitUri *uri; - P11KitPin *pin; - int data = 33; - size_t length; - const unsigned char *ptr; - - p11_kit_pin_register_callback ("/the/pin_source", callback_one, - &data, destroy_data); - - uri = p11_kit_uri_new (); - pin = p11_kit_pin_request ("/the/pin_source", uri, "The token", - P11_KIT_PIN_FLAGS_USER_LOGIN); - p11_kit_uri_free (uri); - - assert_ptr_not_null (pin); - ptr = p11_kit_pin_get_value (pin, &length); - assert_num_eq (3, length); - assert (memcmp (ptr, "one", 3) == 0); - - p11_kit_pin_unregister_callback ("/the/pin_source", callback_one, - &data); - - p11_kit_pin_unref (pin); -} - -static void -test_pin_read_no_match (void) -{ - P11KitUri *uri; - P11KitPin *pin; - - uri = p11_kit_uri_new (); - pin = p11_kit_pin_request ("/the/pin_source", uri, "The token", - P11_KIT_PIN_FLAGS_USER_LOGIN); - p11_kit_uri_free (uri); - - assert_ptr_eq (NULL, pin); -} - -static void -test_pin_register_duplicate (void) -{ - P11KitUri *uri; - P11KitPin *pin; - char *value = "secret"; - int data = 33; - size_t length; - const unsigned char *ptr; - - uri = p11_kit_uri_new (); - - p11_kit_pin_register_callback ("/the/pin_source", callback_one, - &data, destroy_data); - - p11_kit_pin_register_callback ("/the/pin_source", callback_other, - value, NULL); - - pin = p11_kit_pin_request ("/the/pin_source", uri, "The token", - P11_KIT_PIN_FLAGS_USER_LOGIN); - - assert_ptr_not_null (pin); - ptr = p11_kit_pin_get_value (pin, &length); - assert_num_eq (6, length); - assert (memcmp (ptr, "secret", length) == 0); - p11_kit_pin_unref (pin); - - p11_kit_pin_unregister_callback ("/the/pin_source", callback_other, - value); - - pin = p11_kit_pin_request ("/the/pin_source", uri, "The token", - P11_KIT_PIN_FLAGS_USER_LOGIN); - - assert_ptr_not_null (pin); - ptr = p11_kit_pin_get_value (pin, &length); - assert_num_eq (3, length); - assert (memcmp (ptr, "one", length) == 0); - p11_kit_pin_unref (pin); - - p11_kit_pin_unregister_callback ("/the/pin_source", callback_one, - &data); - - pin = p11_kit_pin_request ("/the/pin_source", uri, "The token", - P11_KIT_PIN_FLAGS_USER_LOGIN); - - assert_ptr_eq (NULL, pin); - - p11_kit_uri_free (uri); -} - -static void -test_pin_register_fallback (void) -{ - char *value = "secret"; - P11KitUri *uri; - P11KitPin *pin; - int data = 33; - size_t length; - const unsigned char *ptr; - - uri = p11_kit_uri_new (); - - p11_kit_pin_register_callback (P11_KIT_PIN_FALLBACK, callback_one, - &data, destroy_data); - - pin = p11_kit_pin_request ("/the/pin_source", uri, "The token", - P11_KIT_PIN_FLAGS_USER_LOGIN); - - assert_ptr_not_null (pin); - ptr = p11_kit_pin_get_value (pin, &length); - assert_num_eq (3, length); - assert (memcmp (ptr, "one", length) == 0); - p11_kit_pin_unref (pin); - - p11_kit_pin_register_callback ("/the/pin_source", callback_other, - value, NULL); - - pin = p11_kit_pin_request ("/the/pin_source", uri, "The token", - P11_KIT_PIN_FLAGS_USER_LOGIN); - - assert_ptr_not_null (pin); - ptr = p11_kit_pin_get_value (pin, &length); - assert_num_eq (6, length); - assert (memcmp (ptr, "secret", length) == 0); - p11_kit_pin_unref (pin); - - p11_kit_pin_unregister_callback ("/the/pin_source", callback_other, - value); - - p11_kit_pin_unregister_callback (P11_KIT_PIN_FALLBACK, callback_one, - &data); - - p11_kit_uri_free (uri); -} - -static void -test_pin_file (void) -{ - P11KitUri *uri; - P11KitPin *pin; - size_t length; - const unsigned char *ptr; - - uri = p11_kit_uri_new (); - - p11_kit_pin_register_callback (P11_KIT_PIN_FALLBACK, p11_kit_pin_file_callback, - NULL, NULL); - - pin = p11_kit_pin_request (SRCDIR "/p11-kit/fixtures/test-pinfile", uri, "The token", - P11_KIT_PIN_FLAGS_USER_LOGIN); - - assert_ptr_not_null (pin); - ptr = p11_kit_pin_get_value (pin, &length); - assert_num_eq (12, length); - assert (memcmp (ptr, "yogabbagabba", length) == 0); - p11_kit_pin_unref (pin); - - pin = p11_kit_pin_request (SRCDIR "/p11-kit/fixtures/nonexistant", uri, "The token", - P11_KIT_PIN_FLAGS_USER_LOGIN); - - assert_ptr_eq (NULL, pin); - - p11_kit_pin_unregister_callback (P11_KIT_PIN_FALLBACK, p11_kit_pin_file_callback, - NULL); - - p11_kit_uri_free (uri); -} - -static void -test_pin_file_large (void) -{ - P11KitUri *uri; - P11KitPin *pin; - int error; - - uri = p11_kit_uri_new (); - - p11_kit_pin_register_callback (P11_KIT_PIN_FALLBACK, p11_kit_pin_file_callback, - NULL, NULL); - - pin = p11_kit_pin_request (SRCDIR "/p11-kit/fixtures/test-pinfile-large", uri, "The token", - P11_KIT_PIN_FLAGS_USER_LOGIN); - - error = errno; - assert_ptr_eq (NULL, pin); - assert_num_eq (EFBIG, error); - - p11_kit_pin_unregister_callback (P11_KIT_PIN_FALLBACK, p11_kit_pin_file_callback, - NULL); - - p11_kit_uri_free (uri); -} - -static void -test_pin_ref_unref (void) -{ - P11KitPin *pin; - P11KitPin *check; - - pin = p11_kit_pin_new_for_string ("crack of lies"); - - check = p11_kit_pin_ref (pin); - assert_ptr_eq (pin, check); - - p11_kit_pin_unref (pin); - p11_kit_pin_unref (check); -} - -int -main (int argc, - char *argv[]) -{ - p11_library_init (); - - p11_test (test_pin_register_unregister, "/pin/test_pin_register_unregister"); - p11_test (test_pin_read, "/pin/test_pin_read"); - p11_test (test_pin_read_no_match, "/pin/test_pin_read_no_match"); - p11_test (test_pin_register_duplicate, "/pin/test_pin_register_duplicate"); - p11_test (test_pin_register_fallback, "/pin/test_pin_register_fallback"); - p11_test (test_pin_file, "/pin/test_pin_file"); - p11_test (test_pin_file_large, "/pin/test_pin_file_large"); - p11_test (test_pin_ref_unref, "/pin/test_pin_ref_unref"); - - return p11_test_run (argc, argv); -} diff --git a/p11-kit/test-progname.c b/p11-kit/test-progname.c deleted file mode 100644 index 76b136d..0000000 --- a/p11-kit/test-progname.c +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Copyright (c) 2012 Stefan Walter - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include "library.h" - -#include -#include -#include -#include - -#include "p11-kit/uri.h" -#include "p11-kit/p11-kit.h" -#include "p11-kit/private.h" - -static void -test_progname_default (void) -{ - const char *progname; - - progname = _p11_get_progname_unlocked (); - assert_str_eq ("test-progname", progname); -} - -static void -test_progname_set (void) -{ - const char *progname; - - p11_kit_set_progname ("love-generation"); - - progname = _p11_get_progname_unlocked (); - assert_str_eq ("love-generation", progname); - - _p11_set_progname_unlocked (NULL); - - progname = _p11_get_progname_unlocked (); - assert_str_eq ("test-progname", progname); -} - -/* Defined in util.c */ -extern char p11_my_progname[]; - -int -main (int argc, - char *argv[]) -{ - p11_library_init (); - - p11_test (test_progname_default, "/progname/test_progname_default"); - p11_test (test_progname_set, "/progname/test_progname_set"); - return p11_test_run (argc, argv); -} diff --git a/p11-kit/test-proxy.c b/p11-kit/test-proxy.c deleted file mode 100644 index 0fb270b..0000000 --- a/p11-kit/test-proxy.c +++ /dev/null @@ -1,296 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#define CRYPTOKI_EXPORTS - -#include "config.h" -#include "test.h" - -#include "library.h" -#include "mock.h" -#include "p11-kit.h" -#include "pkcs11.h" -#include "proxy.h" - -#include - -#include -#include -#include -#include -#include -#include -#include -#ifndef _WIN32 -#include -#endif - -/* This is the proxy module entry point in proxy.c, and linked to this test */ -CK_RV C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list); - -static CK_SLOT_ID mock_slot_one_id; -static CK_SLOT_ID mock_slot_two_id; -static CK_ULONG mock_slots_present; -static CK_ULONG mock_slots_all; - -static void -test_initialize_finalize (void) -{ - CK_FUNCTION_LIST_PTR proxy; - CK_RV rv; - - rv = C_GetFunctionList (&proxy); - assert (rv == CKR_OK); - - assert (p11_proxy_module_check (proxy)); - - rv = proxy->C_Initialize (NULL); - assert (rv == CKR_OK); - - rv = proxy->C_Finalize (NULL); - assert_num_eq (rv, CKR_OK); - - p11_proxy_module_cleanup (); -} - -static void -test_initialize_multiple (void) -{ - CK_FUNCTION_LIST_PTR proxy; - CK_RV rv; - - rv = C_GetFunctionList (&proxy); - assert (rv == CKR_OK); - - assert (p11_proxy_module_check (proxy)); - - rv = proxy->C_Initialize (NULL); - assert (rv == CKR_OK); - - rv = proxy->C_Initialize (NULL); - assert (rv == CKR_OK); - - rv = proxy->C_Finalize (NULL); - assert (rv == CKR_OK); - - rv = proxy->C_Finalize (NULL); - assert (rv == CKR_OK); - - rv = proxy->C_Finalize (NULL); - assert (rv == CKR_CRYPTOKI_NOT_INITIALIZED); - - p11_proxy_module_cleanup (); -} - -#ifndef _WIN32 -static void -test_deinit_after_fork (void) -{ - CK_FUNCTION_LIST_PTR proxy; - CK_RV rv; - pid_t pid; - int st; - - rv = C_GetFunctionList (&proxy); - assert (rv == CKR_OK); - - assert (p11_proxy_module_check (proxy)); - - rv = proxy->C_Initialize(NULL); - assert_num_eq (rv, CKR_OK); - - pid = fork (); - if (!pid) { - exit(0); - } - assert (pid != -1); - waitpid(pid, &st, 0); - - rv = proxy->C_Finalize (NULL); - assert_num_eq (rv, CKR_OK); - - p11_proxy_module_cleanup (); - - /* If the assertion fails, p11_kit_failed() doesn't return. So make - * sure we do all the cleanup before the (expected) failure, or it - * causes all the *later* tests to fail too! */ - if (!WIFEXITED (st) || WEXITSTATUS(st) != 0) - assert_fail("Child failed to C_Initialize() and C_Finalize()", NULL); - -} - -static void -test_initialize_child (void) -{ - CK_FUNCTION_LIST_PTR proxy; - CK_RV rv; - pid_t pid; - int st; - - rv = C_GetFunctionList (&proxy); - assert (rv == CKR_OK); - - assert (p11_proxy_module_check (proxy)); - - rv = proxy->C_Initialize(NULL); - assert_num_eq (rv, CKR_OK); - - pid = fork (); - if (!pid) { - /* The PKCS#11 Usage Guide (v2.40) advocates in §2.5.2 that - * a child should call C_Initialize() after forking, and - * then immediately C_Finalize() if it's not going to do - * anything more with the PKCS#11 token. In a multi-threaded - * program this is a violation of the POSIX standard, which - * puts strict limits on what you're allowed to do between - * fork and an eventual exec or exit. But some things (like - * pkcs11-helper and thus OpenVPN) do it anyway, and we - * need to cope... */ - - /* https://bugs.freedesktop.org/show_bug.cgi?id=90289 reports - * a deadlock when this happens. Catch it with SIGALRM... */ - alarm(1); - - rv = proxy->C_Initialize(NULL); - assert_num_eq (rv, CKR_OK); - - rv = proxy->C_Finalize (NULL); - assert_num_eq (rv, CKR_OK); - - exit(0); - } - assert (pid != -1); - waitpid(pid, &st, 0); - - rv = proxy->C_Finalize (NULL); - assert_num_eq (rv, CKR_OK); - - p11_proxy_module_cleanup (); - - /* If the assertion fails, p11_kit_failed() doesn't return. So make - * sure we do all the cleanup before the (expected) failure, or it - * causes all the *later* tests to fail too! */ - if (!WIFEXITED (st) || WEXITSTATUS(st) != 0) - assert_fail("Child failed to C_Initialize() and C_Finalize()", NULL); - -} -#endif - -static CK_FUNCTION_LIST_PTR -setup_mock_module (CK_SESSION_HANDLE *session) -{ - CK_FUNCTION_LIST_PTR proxy; - CK_SLOT_ID slots[32]; - CK_RV rv; - - rv = C_GetFunctionList (&proxy); - assert (rv == CKR_OK); - - assert (p11_proxy_module_check (proxy)); - - rv = proxy->C_Initialize (NULL); - assert (rv == CKR_OK); - - mock_slots_all = 32; - rv = proxy->C_GetSlotList (CK_FALSE, slots, &mock_slots_all); - assert (rv == CKR_OK); - assert_num_cmp (mock_slots_all, >=, 2); - - /* Assume this is the slot we want to deal with */ - mock_slot_one_id = slots[0]; - mock_slot_two_id = slots[1]; - - rv = proxy->C_GetSlotList (CK_TRUE, NULL, &mock_slots_present); - assert (rv == CKR_OK); - assert (mock_slots_present > 1); - - if (session) { - rv = (proxy->C_OpenSession) (mock_slot_one_id, - CKF_RW_SESSION | CKF_SERIAL_SESSION, - NULL, NULL, session); - assert (rv == CKR_OK); - } - - return proxy; -} - -static void -teardown_mock_module (CK_FUNCTION_LIST_PTR module) -{ - CK_RV rv; - - rv = module->C_Finalize (NULL); - assert (rv == CKR_OK); -} - -/* - * We redefine the mock module slot id so that the tests in test-mock.c - * use the proxy mapped slot id rather than the hard coded one - */ -#define MOCK_SLOT_ONE_ID mock_slot_one_id -#define MOCK_SLOT_TWO_ID mock_slot_two_id -#define MOCK_SLOTS_PRESENT mock_slots_present -#define MOCK_SLOTS_ALL mock_slots_all -#define MOCK_INFO mock_info -#define MOCK_SKIP_WAIT_TEST - -static const CK_INFO mock_info = { - { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, - "PKCS#11 Kit ", - 0, - "PKCS#11 Kit Proxy Module ", - { 1, 1 } -}; - -/* Bring in all the mock module tests */ -#include "test-mock.c" - -int -main (int argc, - char *argv[]) -{ - p11_library_init (); - p11_kit_be_quiet (); - - p11_test (test_initialize_finalize, "/proxy/initialize-finalize"); - p11_test (test_initialize_multiple, "/proxy/initialize-multiple"); -#ifndef _WIN32 - p11_test (test_deinit_after_fork, "/proxy/deinit-after-fork"); - p11_test (test_initialize_child, "/proxy/initialize-child"); -#endif - - test_mock_add_tests ("/proxy"); - - return p11_test_run (argc, argv); -} diff --git a/p11-kit/test-rpc.c b/p11-kit/test-rpc.c deleted file mode 100644 index c9f8333..0000000 --- a/p11-kit/test-rpc.c +++ /dev/null @@ -1,1061 +0,0 @@ -/* - * Copyright (c) 2012 Stefan Walter - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include "debug.h" -#include "library.h" -#include "message.h" -#include "mock.h" -#include "p11-kit.h" -#include "private.h" -#include "rpc.h" -#include "rpc-message.h" -#include "virtual.h" - -#include -#ifdef OS_UNIX -#include -#endif -#include -#include -#include -#include - -static void -test_new_free (void) -{ - p11_buffer *buf; - - buf = p11_rpc_buffer_new (0); - - assert_ptr_not_null (buf->data); - assert_num_eq (0, buf->len); - assert_num_eq (0, buf->flags); - assert (buf->size == 0); - assert_ptr_not_null (buf->ffree); - assert_ptr_not_null (buf->frealloc); - - p11_rpc_buffer_free (buf); -} - -static void -test_uint16 (void) -{ - p11_buffer buffer; - uint16_t val = 0xFFFF; - size_t next; - bool ret; - - p11_buffer_init (&buffer, 0); - - next = 0; - ret = p11_rpc_buffer_get_uint16 (&buffer, &next, &val); - assert_num_eq (false, ret); - assert_num_eq (0, next); - assert_num_eq (0xFFFF, val); - - p11_buffer_reset (&buffer, 0); - - ret = p11_rpc_buffer_set_uint16 (&buffer, 0, 0x6789); - assert_num_eq (false, ret); - - p11_buffer_reset (&buffer, 0); - - p11_buffer_add (&buffer, (unsigned char *)"padding", 7); - - p11_rpc_buffer_add_uint16 (&buffer, 0x6789); - assert_num_eq (9, buffer.len); - assert (!p11_buffer_failed (&buffer)); - - next = 7; - ret = p11_rpc_buffer_get_uint16 (&buffer, &next, &val); - assert_num_eq (true, ret); - assert_num_eq (9, next); - assert_num_eq (0x6789, val); - - p11_buffer_uninit (&buffer); -} - -static void -test_uint16_static (void) -{ - p11_buffer buf = { (unsigned char *)"pad0\x67\x89", 6, }; - uint16_t val = 0xFFFF; - size_t next; - bool ret; - - next = 4; - ret = p11_rpc_buffer_get_uint16 (&buf, &next, &val); - assert_num_eq (true, ret); - assert_num_eq (6, next); - assert_num_eq (0x6789, val); -} - -static void -test_uint32 (void) -{ - p11_buffer buffer; - uint32_t val = 0xFFFFFFFF; - size_t next; - bool ret; - - p11_buffer_init (&buffer, 0); - - next = 0; - ret = p11_rpc_buffer_get_uint32 (&buffer, &next, &val); - assert_num_eq (false, ret); - assert_num_eq (0, next); - assert_num_eq (0xFFFFFFFF, val); - - p11_buffer_reset (&buffer, 0); - - ret = p11_rpc_buffer_set_uint32 (&buffer, 0, 0x12345678); - assert_num_eq (false, ret); - - p11_buffer_reset (&buffer, 0); - - p11_buffer_add (&buffer, (unsigned char *)"padding", 7); - - p11_rpc_buffer_add_uint32 (&buffer, 0x12345678); - assert_num_eq (11, buffer.len); - assert (!p11_buffer_failed (&buffer)); - - next = 7; - ret = p11_rpc_buffer_get_uint32 (&buffer, &next, &val); - assert_num_eq (true, ret); - assert_num_eq (11, next); - assert_num_eq (0x12345678, val); - - p11_buffer_uninit (&buffer); -} - -static void -test_uint32_static (void) -{ - p11_buffer buf = { (unsigned char *)"pad0\x23\x45\x67\x89", 8, }; - uint32_t val = 0xFFFFFFFF; - size_t next; - bool ret; - - next = 4; - ret = p11_rpc_buffer_get_uint32 (&buf, &next, &val); - assert_num_eq (true, ret); - assert_num_eq (8, next); - assert_num_eq (0x23456789, val); -} - -static void -test_uint64 (void) -{ - p11_buffer buffer; - uint64_t val = 0xFFFFFFFFFFFFFFFF; - size_t next; - bool ret; - - p11_buffer_init (&buffer, 0); - - next = 0; - ret = p11_rpc_buffer_get_uint64 (&buffer, &next, &val); - assert_num_eq (0, ret); - assert_num_eq (0, next); - assert (0xFFFFFFFFFFFFFFFF == val); - - p11_buffer_reset (&buffer, 0); - - p11_buffer_add (&buffer, (unsigned char *)"padding", 7); - - p11_rpc_buffer_add_uint64 (&buffer, 0x0123456708ABCDEF); - assert_num_eq (15, buffer.len); - assert (!p11_buffer_failed (&buffer)); - - next = 7; - ret = p11_rpc_buffer_get_uint64 (&buffer, &next, &val); - assert_num_eq (true, ret); - assert_num_eq (15, next); - assert (0x0123456708ABCDEF == val); - - p11_buffer_uninit (&buffer); -} - -static void -test_uint64_static (void) -{ - p11_buffer buf = { (unsigned char *)"pad0\x89\x67\x45\x23\x11\x22\x33\x44", 12, }; - uint64_t val = 0xFFFFFFFFFFFFFFFF; - size_t next; - bool ret; - - next = 4; - ret = p11_rpc_buffer_get_uint64 (&buf, &next, &val); - assert_num_eq (true, ret); - assert_num_eq (12, next); - assert (0x8967452311223344 == val); -} - -static void -test_byte_array (void) -{ - p11_buffer buffer; - unsigned char bytes[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F }; - - const unsigned char *val; - size_t length = ~0; - size_t next; - bool ret; - - p11_buffer_init (&buffer, 0); - - /* Invalid read */ - - next = 0; - ret = p11_rpc_buffer_get_byte_array (&buffer, &next, &val, &length); - assert_num_eq (false, ret); - assert_num_eq (0, next); - assert_num_eq (~0, length); - - /* Test full array */ - - p11_buffer_reset (&buffer, 0); - p11_buffer_add (&buffer, (unsigned char *)"padding", 7); - - p11_rpc_buffer_add_byte_array (&buffer, bytes, 32); - assert_num_eq (43, buffer.len); - assert (!p11_buffer_failed (&buffer)); - - next = 7; - ret = p11_rpc_buffer_get_byte_array (&buffer, &next, &val, &length); - assert_num_eq (true, ret); - assert_num_eq (43, next); - assert_num_eq (32, length); - assert (memcmp (val, bytes, 32) == 0); - - p11_buffer_uninit (&buffer); -} - -static void -test_byte_array_null (void) -{ - p11_buffer buffer; - const unsigned char *val; - size_t length = ~0; - size_t next; - bool ret; - - p11_buffer_init (&buffer, 0); - - p11_buffer_reset (&buffer, 0); - p11_buffer_add (&buffer, (unsigned char *)"padding", 7); - - p11_rpc_buffer_add_byte_array (&buffer, NULL, 0); - assert_num_eq (11, buffer.len); - assert (!p11_buffer_failed (&buffer)); - - next = 7; - ret = p11_rpc_buffer_get_byte_array (&buffer, &next, &val, &length); - assert_num_eq (true, ret); - assert_num_eq (11, next); - assert_num_eq (0, length); - assert_ptr_eq (NULL, (void*)val); - - p11_buffer_uninit (&buffer); -} - -static void -test_byte_array_too_long (void) -{ - p11_buffer buffer; - const unsigned char *val = NULL; - size_t length = ~0; - size_t next; - bool ret; - - p11_buffer_init (&buffer, 0); - - p11_buffer_reset (&buffer, 0); - p11_buffer_add (&buffer, (unsigned char *)"padding", 7); - assert (!p11_buffer_failed (&buffer)); - - /* Passing a too short buffer here shouldn't matter, as length is checked for sanity */ - p11_rpc_buffer_add_byte_array (&buffer, (unsigned char *)"", 0x9fffffff); - assert (p11_buffer_failed (&buffer)); - - /* Force write a too long byte arary to buffer */ - p11_buffer_reset (&buffer, 0); - p11_rpc_buffer_add_uint32 (&buffer, 0x9fffffff); - - next = 0; - ret = p11_rpc_buffer_get_byte_array (&buffer, &next, &val, &length); - assert_num_eq (false, ret); - assert_num_eq (0, next); - assert_num_eq (~0, length); - assert_ptr_eq (NULL, (void*)val); - - p11_buffer_uninit (&buffer); -} - -static void -test_byte_array_static (void) -{ - unsigned char data[] = { 'p', 'a', 'd', 0x00, 0x00, 0x00, 0x00, 0x20, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F }; - p11_buffer buf = { data, 0x40, }; - const unsigned char *val; - size_t length = ~0; - size_t next; - bool ret; - - next = 4; - ret = p11_rpc_buffer_get_byte_array (&buf, &next, &val, &length); - assert_num_eq (true, ret); - assert_num_eq (40, next); - assert_num_eq (32, length); - assert (memcmp (data + 8, val, 32) == 0); -} - -static p11_virtual base; -static unsigned int rpc_initialized = 0; - -static CK_RV -rpc_initialize (p11_rpc_client_vtable *vtable, - void *init_reserved) -{ - assert_str_eq (vtable->data, "vtable-data"); - assert_num_cmp (p11_forkid, !=, rpc_initialized); - rpc_initialized = p11_forkid; - - return CKR_OK; -} - -static CK_RV -rpc_initialize_fails (p11_rpc_client_vtable *vtable, - void *init_reserved) -{ - assert_str_eq (vtable->data, "vtable-data"); - assert_num_cmp (p11_forkid, !=, rpc_initialized); - return CKR_FUNCTION_FAILED; -} - -static CK_RV -rpc_initialize_device_removed (p11_rpc_client_vtable *vtable, - void *init_reserved) -{ - assert_str_eq (vtable->data, "vtable-data"); - assert_num_cmp (p11_forkid, !=, rpc_initialized); - return CKR_DEVICE_REMOVED; -} - -static CK_RV -rpc_transport (p11_rpc_client_vtable *vtable, - p11_buffer *request, - p11_buffer *response) -{ - bool ret; - - assert_str_eq (vtable->data, "vtable-data"); - - /* Just pass directly to the server code */ - ret = p11_rpc_server_handle (&base.funcs, request, response); - assert (ret == true); - - return CKR_OK; -} - -static void -rpc_finalize (p11_rpc_client_vtable *vtable, - void *fini_reserved) -{ - assert_str_eq (vtable->data, "vtable-data"); - assert_num_cmp (p11_forkid, ==, rpc_initialized); - rpc_initialized = 0; -} - -static void -test_initialize (void) -{ - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport, rpc_finalize }; - p11_virtual mixin; - bool ret; - CK_RV rv; - - /* Build up our own function list */ - rpc_initialized = 0; - p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); - - ret = p11_rpc_client_init (&mixin, &vtable); - assert_num_eq (true, ret); - - rv = mixin.funcs.C_Initialize (&mixin.funcs, NULL); - assert (rv == CKR_OK); - assert_num_eq (p11_forkid, rpc_initialized); - - rv = mixin.funcs.C_Finalize (&mixin.funcs, NULL); - assert (rv == CKR_OK); - assert_num_cmp (p11_forkid, !=, rpc_initialized); - - p11_virtual_uninit (&mixin); -} - -static void -test_not_initialized (void) -{ - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport, rpc_finalize }; - p11_virtual mixin; - CK_INFO info; - bool ret; - CK_RV rv; - - /* Build up our own function list */ - rpc_initialized = 0; - p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); - - ret = p11_rpc_client_init (&mixin, &vtable); - assert_num_eq (true, ret); - - rv = (mixin.funcs.C_GetInfo) (&mixin.funcs, &info); - assert (rv == CKR_CRYPTOKI_NOT_INITIALIZED); - - p11_virtual_uninit (&mixin); -} - -static void -test_initialize_fails_on_client (void) -{ - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize_fails, rpc_transport, rpc_finalize }; - p11_virtual mixin; - bool ret; - CK_RV rv; - - /* Build up our own function list */ - rpc_initialized = 0; - p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); - - ret = p11_rpc_client_init (&mixin, &vtable); - assert_num_eq (true, ret); - - rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); - assert (rv == CKR_FUNCTION_FAILED); - assert_num_eq (0, rpc_initialized); - - p11_virtual_uninit (&mixin); -} - -static CK_RV -rpc_transport_fails (p11_rpc_client_vtable *vtable, - p11_buffer *request, - p11_buffer *response) -{ - return CKR_FUNCTION_REJECTED; -} - -static void -test_transport_fails (void) -{ - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_fails, rpc_finalize }; - p11_virtual mixin; - bool ret; - CK_RV rv; - - /* Build up our own function list */ - rpc_initialized = 0; - p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); - - ret = p11_rpc_client_init (&mixin, &vtable); - assert_num_eq (true, ret); - - rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); - assert (rv == CKR_FUNCTION_REJECTED); - assert_num_eq (0, rpc_initialized); - - p11_virtual_uninit (&mixin); -} - -static void -test_initialize_fails_on_server (void) -{ - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport, rpc_finalize }; - p11_virtual mixin; - bool ret; - CK_RV rv; - - /* Build up our own function list */ - p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); - base.funcs.C_Initialize = mock_X_Initialize__fails; - - ret = p11_rpc_client_init (&mixin, &vtable); - assert_num_eq (true, ret); - - rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); - assert (rv == CKR_FUNCTION_FAILED); - assert_num_eq (0, rpc_initialized); - - p11_virtual_uninit (&mixin); -} - -static CK_RV -rpc_transport_bad_parse (p11_rpc_client_vtable *vtable, - p11_buffer *request, - p11_buffer *response) -{ - int rc; - - assert_str_eq (vtable->data, "vtable-data"); - - /* Just zero bytes is an invalid message */ - rc = p11_buffer_reset (response, 2); - assert (rc >= 0); - - memset (response->data, 0, 2); - response->len = 2; - return CKR_OK; -} - -static void -test_transport_bad_parse (void) -{ - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_bad_parse, rpc_finalize }; - p11_virtual mixin; - bool ret; - CK_RV rv; - - /* Build up our own function list */ - rpc_initialized = 0; - p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); - - ret = p11_rpc_client_init (&mixin, &vtable); - assert_num_eq (true, ret); - - p11_kit_be_quiet (); - - rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); - assert (rv == CKR_DEVICE_ERROR); - assert_num_eq (0, rpc_initialized); - - p11_message_loud (); - p11_virtual_uninit (&mixin); -} - -static CK_RV -rpc_transport_short_error (p11_rpc_client_vtable *vtable, - p11_buffer *request, - p11_buffer *response) -{ - int rc; - - unsigned char data[] = { - 0x00, 0x00, 0x00, 0x00, /* RPC_CALL_ERROR */ - 0x00, 0x00, 0x00, 0x01, 0x75, /* signature 'u' */ - 0x00, 0x01, /* short error */ - }; - - assert_str_eq (vtable->data, "vtable-data"); - - rc = p11_buffer_reset (response, sizeof (data)); - assert (rc >= 0); - - memcpy (response->data, data, sizeof (data)); - response->len = sizeof (data); - return CKR_OK; -} - -static void -test_transport_short_error (void) -{ - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_short_error, rpc_finalize }; - p11_virtual mixin; - bool ret; - CK_RV rv; - - /* Build up our own function list */ - p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); - - ret = p11_rpc_client_init (&mixin, &vtable); - assert_num_eq (true, ret); - - p11_kit_be_quiet (); - - rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); - assert (rv == CKR_DEVICE_ERROR); - assert_num_eq (0, rpc_initialized); - - p11_message_loud (); - p11_virtual_uninit (&mixin); -} - -static CK_RV -rpc_transport_invalid_error (p11_rpc_client_vtable *vtable, - p11_buffer *request, - p11_buffer *response) -{ - int rc; - - unsigned char data[] = { - 0x00, 0x00, 0x00, 0x00, /* RPC_CALL_ERROR */ - 0x00, 0x00, 0x00, 0x01, 0x75, /* signature 'u' */ - 0x00, 0x00, 0x00, 0x00, /* a CKR_OK error*/ - 0x00, 0x00, 0x00, 0x00, - }; - - assert_str_eq (vtable->data, "vtable-data"); - - rc = p11_buffer_reset (response, sizeof (data)); - assert (rc >= 0); - memcpy (response->data, data, sizeof (data)); - response->len = sizeof (data); - return CKR_OK; -} - -static void -test_transport_invalid_error (void) -{ - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_invalid_error, rpc_finalize }; - p11_virtual mixin; - bool ret; - CK_RV rv; - - /* Build up our own function list */ - p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); - - ret = p11_rpc_client_init (&mixin, &vtable); - assert_num_eq (true, ret); - - p11_kit_be_quiet (); - - rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); - assert (rv == CKR_DEVICE_ERROR); - assert_num_eq (0, rpc_initialized); - - p11_message_loud (); - p11_virtual_uninit (&mixin); -} - -static CK_RV -rpc_transport_wrong_response (p11_rpc_client_vtable *vtable, - p11_buffer *request, - p11_buffer *response) -{ - int rc; - - unsigned char data[] = { - 0x00, 0x00, 0x00, 0x02, /* RPC_CALL_C_Finalize */ - 0x00, 0x00, 0x00, 0x00, /* signature '' */ - }; - - assert_str_eq (vtable->data, "vtable-data"); - - rc = p11_buffer_reset (response, sizeof (data)); - assert (rc >= 0); - memcpy (response->data, data, sizeof (data)); - response->len = sizeof (data); - return CKR_OK; -} - -static void -test_transport_wrong_response (void) -{ - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_wrong_response, rpc_finalize }; - p11_virtual mixin; - bool ret; - CK_RV rv; - - /* Build up our own function list */ - p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); - - ret = p11_rpc_client_init (&mixin, &vtable); - assert_num_eq (true, ret); - - p11_kit_be_quiet (); - - rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); - assert (rv == CKR_DEVICE_ERROR); - assert_num_eq (0, rpc_initialized); - - p11_message_loud (); - p11_virtual_uninit (&mixin); -} - -static CK_RV -rpc_transport_bad_contents (p11_rpc_client_vtable *vtable, - p11_buffer *request, - p11_buffer *response) -{ - int rc; - - unsigned char data[] = { - 0x00, 0x00, 0x00, 0x02, /* RPC_CALL_C_GetInfo */ - 0x00, 0x00, 0x00, 0x05, /* signature 'vsusv' */ - 'v', 's', 'u', 's', 'v', - 0x00, 0x00, 0x00, 0x00, /* invalid data */ - }; - - assert_str_eq (vtable->data, "vtable-data"); - - rc = p11_buffer_reset (response, sizeof (data)); - assert (rc >= 0); - memcpy (response->data, data, sizeof (data)); - response->len = sizeof (data); - return CKR_OK; -} - -static void -test_transport_bad_contents (void) -{ - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_bad_contents, rpc_finalize }; - p11_virtual mixin; - bool ret; - CK_RV rv; - - /* Build up our own function list */ - p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); - - ret = p11_rpc_client_init (&mixin, &vtable); - assert_num_eq (true, ret); - - p11_kit_be_quiet (); - - rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); - assert (rv == CKR_DEVICE_ERROR); - assert_num_eq (0, rpc_initialized); - - p11_message_loud (); - p11_virtual_uninit (&mixin); -} - -static p11_rpc_client_vtable test_normal_vtable = { - NULL, - rpc_initialize, - rpc_transport, - rpc_finalize, -}; - -static p11_rpc_client_vtable test_device_removed_vtable = { - NULL, - rpc_initialize_device_removed, - rpc_transport, - rpc_finalize, -}; - -static void -mixin_free (void *data) -{ - p11_virtual *mixin = data; - p11_virtual_uninit (mixin); - free (mixin); -} - -static CK_FUNCTION_LIST_PTR -setup_test_rpc_module (p11_rpc_client_vtable *vtable, - CK_FUNCTION_LIST *module_template, - CK_SESSION_HANDLE *session) -{ - CK_FUNCTION_LIST *rpc_module; - p11_virtual *mixin; - CK_RV rv; - - /* Build up our own function list */ - p11_virtual_init (&base, &p11_virtual_base, module_template, NULL); - - mixin = calloc (1, sizeof (p11_virtual)); - assert (mixin != NULL); - - vtable->data = "vtable-data"; - if (!p11_rpc_client_init (mixin, vtable)) - assert_not_reached (); - - rpc_module = p11_virtual_wrap (mixin, mixin_free); - assert_ptr_not_null (rpc_module); - - rv = p11_kit_module_initialize (rpc_module); - assert (rv == CKR_OK); - - if (session) { - rv = (rpc_module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_RW_SESSION | CKF_SERIAL_SESSION, - NULL, NULL, session); - assert (rv == CKR_OK); - } - - return rpc_module; -} - -static CK_FUNCTION_LIST * -setup_mock_module (CK_SESSION_HANDLE *session) -{ - return setup_test_rpc_module (&test_normal_vtable, &mock_module, session); -} - -static void -teardown_mock_module (CK_FUNCTION_LIST *rpc_module) -{ - p11_kit_module_finalize (rpc_module); - p11_virtual_unwrap (rpc_module); -} - -static void -test_get_info_stand_in (void) -{ - CK_FUNCTION_LIST_PTR rpc_module; - CK_INFO info; - CK_RV rv; - char *string; - - rpc_module = setup_test_rpc_module (&test_device_removed_vtable, - &mock_module_no_slots, NULL); - - rv = (rpc_module->C_GetInfo) (&info); - assert (rv == CKR_OK); - - assert_num_eq (CRYPTOKI_VERSION_MAJOR, info.cryptokiVersion.major); - assert_num_eq (CRYPTOKI_VERSION_MINOR, info.cryptokiVersion.minor); - string = p11_kit_space_strdup (info.manufacturerID, sizeof (info.manufacturerID)); - assert_str_eq ("p11-kit", string); - free (string); - string = p11_kit_space_strdup (info.libraryDescription, sizeof (info.libraryDescription)); - assert_str_eq ("p11-kit (no connection)", string); - free (string); - assert_num_eq (0, info.flags); - assert_num_eq (1, info.libraryVersion.major); - assert_num_eq (1, info.libraryVersion.minor); - - teardown_mock_module (rpc_module); -} - -static void -test_get_slot_list_no_device (void) -{ - CK_FUNCTION_LIST_PTR rpc_module; - CK_SLOT_ID slot_list[8]; - CK_ULONG count; - CK_RV rv; - - rpc_module = setup_test_rpc_module (&test_device_removed_vtable, - &mock_module_no_slots, NULL); - - rv = (rpc_module->C_GetSlotList) (CK_TRUE, NULL, &count); - assert (rv == CKR_OK); - assert_num_eq (0, count); - rv = (rpc_module->C_GetSlotList) (CK_FALSE, NULL, &count); - assert (rv == CKR_OK); - assert_num_eq (0, count); - - count = 8; - rv = (rpc_module->C_GetSlotList) (CK_TRUE, slot_list, &count); - assert (rv == CKR_OK); - assert_num_eq (0, count); - - count = 8; - rv = (rpc_module->C_GetSlotList) (CK_FALSE, slot_list, &count); - assert (rv == CKR_OK); - assert_num_eq (0, count); - - teardown_mock_module (rpc_module); -} - -static void * -invoke_in_thread (void *arg) -{ - CK_FUNCTION_LIST *rpc_module = arg; - CK_INFO info; - CK_RV rv; - - rv = (rpc_module->C_GetInfo) (&info); - assert_num_eq (rv, CKR_OK); - - assert (memcmp (info.manufacturerID, MOCK_INFO.manufacturerID, - sizeof (info.manufacturerID)) == 0); - - return NULL; -} - -static p11_mutex_t delay_mutex; - -static CK_RV -delayed_C_GetInfo (CK_INFO_PTR info) -{ - CK_RV rv; - - p11_sleep_ms (rand () % 100); - - p11_mutex_lock (&delay_mutex); - rv = mock_C_GetInfo (info); - p11_mutex_unlock (&delay_mutex); - - return rv; -} - -static void -test_simultaneous_functions (void) -{ - CK_FUNCTION_LIST real_module; - CK_FUNCTION_LIST *rpc_module; - const int num_threads = 128; - p11_thread_t threads[num_threads]; - int i, ret; - - p11_mutex_init (&delay_mutex); - - memcpy (&real_module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); - real_module.C_GetInfo = delayed_C_GetInfo; - - rpc_module = setup_test_rpc_module (&test_normal_vtable, - &real_module, NULL); - - /* Make the invoked function (above) wait */ - p11_mutex_lock (&delay_mutex); - - for (i = 0; i < num_threads; i++) { - ret = p11_thread_create (threads + i, invoke_in_thread, rpc_module); - assert_num_eq (0, ret); - } - - /* Let the invoked functions return */ - p11_mutex_unlock (&delay_mutex); - - for (i = 0; i < num_threads; i++) - p11_thread_join (threads[i]); - - teardown_mock_module (rpc_module); - p11_mutex_uninit (&delay_mutex); -} - -#ifdef OS_UNIX - -static void -test_fork_and_reinitialize (void) -{ - CK_FUNCTION_LIST *rpc_module; - CK_INFO info; - int status; - CK_RV rv; - pid_t pid; - int i; - - rpc_module = setup_test_rpc_module (&test_normal_vtable, - &mock_module_no_slots, NULL); - - pid = fork (); - assert_num_cmp (pid, >=, 0); - - /* The child */ - if (pid == 0) { - rv = (rpc_module->C_Initialize) (NULL); - assert_num_eq (CKR_OK, rv); - - for (i = 0; i < 32; i++) { - rv = (rpc_module->C_GetInfo) (&info); - assert_num_eq (CKR_OK, rv); - } - - rv = (rpc_module->C_Finalize) (NULL); - assert_num_eq (CKR_OK, rv); - - _exit (66); - } - - for (i = 0; i < 128; i++) { - rv = (rpc_module->C_GetInfo) (&info); - assert_num_eq (CKR_OK, rv); - } - - assert_num_eq (waitpid (pid, &status, 0), pid); - assert_num_eq (WEXITSTATUS (status), 66); - - teardown_mock_module (rpc_module); -} - -#endif /* OS_UNIX */ - -#include "test-mock.c" - -int -main (int argc, - char *argv[]) -{ - CK_MECHANISM_TYPE mechanisms[] = { - CKM_MOCK_CAPITALIZE, - CKM_MOCK_PREFIX, - CKM_MOCK_GENERATE, - CKM_MOCK_WRAP, - CKM_MOCK_DERIVE, - CKM_MOCK_COUNT, - 0, - }; - - mock_module_init (); - p11_library_init (); - - /* Override the mechanisms that the RPC mechanism will handle */ - p11_rpc_mechanisms_override_supported = mechanisms; - - p11_test (test_new_free, "/rpc/new-free"); - p11_test (test_uint16, "/rpc/uint16"); - p11_test (test_uint16_static, "/rpc/uint16-static"); - p11_test (test_uint32, "/rpc/uint32"); - p11_test (test_uint32_static, "/rpc/uint32-static"); - p11_test (test_uint64, "/rpc/uint64"); - p11_test (test_uint64_static, "/rpc/uint64-static"); - p11_test (test_byte_array, "/rpc/byte-array"); - p11_test (test_byte_array_null, "/rpc/byte-array-null"); - p11_test (test_byte_array_too_long, "/rpc/byte-array-too-long"); - p11_test (test_byte_array_static, "/rpc/byte-array-static"); - - p11_test (test_initialize_fails_on_client, "/rpc/initialize-fails-on-client"); - p11_test (test_initialize_fails_on_server, "/rpc/initialize-fails-on-server"); - p11_test (test_initialize, "/rpc/initialize"); - p11_test (test_not_initialized, "/rpc/not-initialized"); - p11_test (test_transport_fails, "/rpc/transport-fails"); - p11_test (test_transport_bad_parse, "/rpc/transport-bad-parse"); - p11_test (test_transport_short_error, "/rpc/transport-short-error"); - p11_test (test_transport_invalid_error, "/rpc/transport-invalid-error"); - p11_test (test_transport_wrong_response, "/rpc/transport-wrong-response"); - p11_test (test_transport_bad_contents, "/rpc/transport-bad-contents"); - p11_test (test_get_info_stand_in, "/rpc/get-info-stand-in"); - p11_test (test_get_slot_list_no_device, "/rpc/get-slot-list-no-device"); - p11_test (test_simultaneous_functions, "/rpc/simultaneous-functions"); - -#ifdef OS_UNIX - p11_test (test_fork_and_reinitialize, "/rpc/fork-and-reinitialize"); -#endif - - test_mock_add_tests ("/rpc"); - - return p11_test_run (argc, argv); -} diff --git a/p11-kit/test-transport.c b/p11-kit/test-transport.c deleted file mode 100644 index 227d7ce..0000000 --- a/p11-kit/test-transport.c +++ /dev/null @@ -1,318 +0,0 @@ -/* - * Copyright (c) 2012 Stefan Walter - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include "library.h" -#include "mock.h" -#include "path.h" -#include "private.h" -#include "p11-kit.h" -#include "rpc.h" - -#include -#ifdef OS_UNIX -#include -#endif -#include -#include - -struct { - char *directory; - char *user_config; - char *user_modules; -} test; - -static void -setup_remote (void *unused) -{ - const char *data; - - test.directory = p11_test_directory ("p11-test-config"); - test.user_modules = p11_path_build (test.directory, "modules", NULL); -#ifdef OS_UNIX - if (mkdir (test.user_modules, 0700) < 0) -#else - if (mkdir (test.user_modules) < 0) -#endif - assert_not_reached (); - - data = "user-config: only\n"; - test.user_config = p11_path_build (test.directory, "pkcs11.conf", NULL); - p11_test_file_write (NULL, test.user_config, data, strlen (data)); - - setenv ("P11_KIT_PRIVATEDIR", BUILDDIR, 1); - data = "remote: |" BUILDDIR "/p11-kit/p11-kit remote " BUILDDIR "/.libs/mock-two.so\n"; - p11_test_file_write (test.user_modules, "remote.module", data, strlen (data)); - data = "remote: |" BUILDDIR "/p11-kit/p11-kit remote " BUILDDIR "/.libs/mock-five.so\nx-init-reserved: initialize-arg"; - p11_test_file_write (test.user_modules, "init-arg.module", data, strlen (data)); - - p11_config_user_modules = test.user_modules; - p11_config_user_file = test.user_config; -} - -static void -teardown_remote (void *unused) -{ - p11_test_directory_delete (test.user_modules); - p11_test_directory_delete (test.directory); - - free (test.directory); - free (test.user_config); - free (test.user_modules); -} - -static CK_FUNCTION_LIST * -setup_mock_module (CK_SESSION_HANDLE *session) -{ - CK_FUNCTION_LIST **modules; - CK_FUNCTION_LIST *module; - CK_RV rv; - int i; - - setup_remote (NULL); - - modules = p11_kit_modules_load (NULL, 0); - - module = p11_kit_module_for_name (modules, "remote"); - assert (module != NULL); - - rv = p11_kit_module_initialize (module); - assert_num_eq (rv, CKR_OK); - - if (session) { - rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_RW_SESSION | CKF_SERIAL_SESSION, - NULL, NULL, session); - assert (rv == CKR_OK); - } - - /* Release all the other modules */ - for (i = 0; modules[i] != NULL; i++) { - if (modules[i] != module) - p11_kit_module_release (modules[i]); - } - - free (modules); - return module; -} - -static void -teardown_mock_module (CK_FUNCTION_LIST *module) -{ - p11_kit_module_finalize (module); - teardown_remote (NULL); -} - -static void -test_basic_exec (void) -{ - CK_FUNCTION_LIST **modules; - CK_FUNCTION_LIST *module; - CK_RV rv; - - modules = p11_kit_modules_load (NULL, 0); - - module = p11_kit_module_for_name (modules, "remote"); - assert (module != NULL); - - rv = p11_kit_module_initialize (module); - assert_num_eq (rv, CKR_OK); - - rv = p11_kit_module_finalize (module); - assert_num_eq (rv, CKR_OK); - - p11_kit_modules_release (modules); -} - -static void -test_basic_exec_with_init_arg (void) -{ - CK_FUNCTION_LIST **modules; - CK_FUNCTION_LIST *module; - CK_RV rv; - - modules = p11_kit_modules_load (NULL, 0); - - module = p11_kit_module_for_name (modules, "init-arg"); - assert (module != NULL); - - rv = p11_kit_module_initialize (module); - assert_num_eq (rv, CKR_OK); - - rv = p11_kit_module_finalize (module); - assert_num_eq (rv, CKR_OK); - - p11_kit_modules_release (modules); -} - -static void * -invoke_in_thread (void *arg) -{ - CK_FUNCTION_LIST *rpc_module = arg; - CK_INFO info; - CK_RV rv; - - rv = (rpc_module->C_GetInfo) (&info); - assert_num_eq (rv, CKR_OK); - - assert (memcmp (info.manufacturerID, MOCK_INFO.manufacturerID, - sizeof (info.manufacturerID)) == 0); - - return NULL; -} - -static void -test_simultaneous_functions (void) -{ - CK_FUNCTION_LIST **modules; - CK_FUNCTION_LIST *module; - const int num_threads = 128; - p11_thread_t threads[num_threads]; - int i, ret; - CK_RV rv; - - modules = p11_kit_modules_load (NULL, 0); - - module = p11_kit_module_for_name (modules, "remote"); - assert (module != NULL); - - rv = p11_kit_module_initialize (module); - assert_num_eq (rv, CKR_OK); - - for (i = 0; i < num_threads; i++) { - ret = p11_thread_create (threads + i, invoke_in_thread, module); - assert_num_eq (0, ret); - } - - for (i = 0; i < num_threads; i++) - p11_thread_join (threads[i]); - - rv = p11_kit_module_finalize (module); - assert_num_eq (rv, CKR_OK); - - p11_kit_modules_release (modules); -} - -#ifdef OS_UNIX - -static void -test_fork_and_reinitialize (void) -{ - CK_FUNCTION_LIST **modules; - CK_FUNCTION_LIST *module; - CK_INFO info; - int status; - CK_RV rv; - pid_t pid; - int i; - - modules = p11_kit_modules_load (NULL, 0); - - module = p11_kit_module_for_name (modules, "remote"); - assert (module != NULL); - - rv = p11_kit_module_initialize (module); - assert_num_eq (rv, CKR_OK); - - pid = fork (); - assert_num_cmp (pid, >=, 0); - - /* The child */ - if (pid == 0) { - rv = (module->C_Initialize) (NULL); - assert_num_eq (CKR_OK, rv); - - for (i = 0; i < 32; i++) { - rv = (module->C_GetInfo) (&info); - assert_num_eq (CKR_OK, rv); - } - - rv = (module->C_Finalize) (NULL); - assert_num_eq (CKR_OK, rv); - - _exit (66); - } - - for (i = 0; i < 128; i++) { - rv = (module->C_GetInfo) (&info); - assert_num_eq (CKR_OK, rv); - } - - assert_num_eq (waitpid (pid, &status, 0), pid); - assert_num_eq (WEXITSTATUS (status), 66); - - rv = p11_kit_module_finalize (module); - assert_num_eq (rv, CKR_OK); - - p11_kit_modules_release (modules); -} - -#endif /* OS_UNIX */ - -#include "test-mock.c" - -int -main (int argc, - char *argv[]) -{ - CK_MECHANISM_TYPE mechanisms[] = { - CKM_MOCK_CAPITALIZE, - CKM_MOCK_PREFIX, - CKM_MOCK_GENERATE, - CKM_MOCK_WRAP, - CKM_MOCK_DERIVE, - CKM_MOCK_COUNT, - 0, - }; - - p11_library_init (); - - /* Override the mechanisms that the RPC mechanism will handle */ - p11_rpc_mechanisms_override_supported = mechanisms; - - p11_fixture (setup_remote, teardown_remote); - p11_test (test_basic_exec, "/transport/basic"); - p11_test (test_basic_exec_with_init_arg, "/transport/init-arg"); - p11_test (test_simultaneous_functions, "/transport/simultaneous-functions"); - -#ifdef OS_UNIX - p11_test (test_fork_and_reinitialize, "/transport/fork-and-reinitialize"); -#endif - - test_mock_add_tests ("/transport"); - - return p11_test_run (argc, argv); -} diff --git a/p11-kit/test-uri.c b/p11-kit/test-uri.c deleted file mode 100644 index 1fb5081..0000000 --- a/p11-kit/test-uri.c +++ /dev/null @@ -1,1512 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include "debug.h" -#include "message.h" - -#include -#include -#include -#include - -#include "p11-kit/uri.h" -#include "p11-kit/private.h" - -static int -is_module_empty (P11KitUri *uri) -{ - CK_INFO_PTR info = p11_kit_uri_get_module_info (uri); - return (info->libraryDescription[0] == 0 && - info->manufacturerID[0] == 0 && - info->libraryVersion.major == (CK_BYTE)-1 && - info->libraryVersion.minor == (CK_BYTE)-1); -} - -static int -is_slot_empty (P11KitUri *uri) -{ - CK_SLOT_INFO_PTR slot = p11_kit_uri_get_slot_info (uri); - return (slot->slotDescription[0] == 0 && - slot->manufacturerID[0] == 0); -} - -static int -is_token_empty (P11KitUri *uri) -{ - CK_TOKEN_INFO_PTR token = p11_kit_uri_get_token_info (uri); - return (token->serialNumber[0] == 0 && - token->manufacturerID[0] == 0 && - token->label[0] == 0 && - token->model[0] == 0); -} - -static int -are_attributes_empty (P11KitUri *uri) -{ - return (p11_kit_uri_get_attribute (uri, CKA_LABEL) == NULL && - p11_kit_uri_get_attribute (uri, CKA_ID) == NULL && - p11_kit_uri_get_attribute (uri, CKA_CLASS) == NULL); -} - -static void -test_uri_parse (void) -{ - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:", P11_KIT_URI_FOR_MODULE, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - assert (is_module_empty (uri)); - assert (is_slot_empty (uri)); - assert (is_token_empty (uri)); - assert (are_attributes_empty (uri)); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_bad_scheme (void) -{ - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("http:\\example.com\test", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_BAD_SCHEME, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_with_label (void) -{ - CK_ATTRIBUTE_PTR attr; - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:object=Test%20Label", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - assert (is_module_empty (uri)); - assert (is_slot_empty (uri)); - assert (is_token_empty (uri)); - - attr = p11_kit_uri_get_attribute (uri, CKA_LABEL); - assert_ptr_not_null (attr); - assert (attr->ulValueLen == strlen ("Test Label")); - assert (memcmp (attr->pValue, "Test Label", attr->ulValueLen) == 0); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_with_label_and_klass (void) -{ - CK_ATTRIBUTE_PTR attr; - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:object=Test%20Label;object-type=cert", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - attr = p11_kit_uri_get_attribute (uri, CKA_LABEL); - assert_ptr_not_null (attr); - assert (attr->ulValueLen == strlen ("Test Label")); - assert (memcmp (attr->pValue, "Test Label", attr->ulValueLen) == 0); - - attr = p11_kit_uri_get_attribute (uri, CKA_CLASS); - assert_ptr_not_null (attr); - assert (attr->ulValueLen == sizeof (CK_OBJECT_CLASS)); - assert (*((CK_OBJECT_CLASS_PTR)attr->pValue) == CKO_CERTIFICATE); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_with_label_and_new_klass (void) -{ - CK_ATTRIBUTE_PTR attr; - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:object=Test%20Label;type=cert", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - attr = p11_kit_uri_get_attribute (uri, CKA_LABEL); - assert_ptr_not_null (attr); - assert (attr->ulValueLen == strlen ("Test Label")); - assert (memcmp (attr->pValue, "Test Label", attr->ulValueLen) == 0); - - attr = p11_kit_uri_get_attribute (uri, CKA_CLASS); - assert_ptr_not_null (attr); - assert (attr->ulValueLen == sizeof (CK_OBJECT_CLASS)); - assert (*((CK_OBJECT_CLASS_PTR)attr->pValue) == CKO_CERTIFICATE); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_with_empty_label (void) -{ - CK_ATTRIBUTE_PTR attr; - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:object=;type=cert", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - attr = p11_kit_uri_get_attribute (uri, CKA_LABEL); - assert_ptr_not_null (attr); - - p11_kit_uri_free (uri); - - /* really empty */ - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:type=cert", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - attr = p11_kit_uri_get_attribute (uri, CKA_LABEL); - assert (attr == NULL); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_with_empty_id (void) -{ - CK_ATTRIBUTE_PTR attr; - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:id=;type=cert", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - attr = p11_kit_uri_get_attribute (uri, CKA_ID); - assert_ptr_not_null (attr); - - p11_kit_uri_free (uri); - - /* really empty */ - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:type=cert", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - attr = p11_kit_uri_get_attribute (uri, CKA_ID); - assert (attr == NULL); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_with_id (void) -{ - CK_ATTRIBUTE_PTR attr; - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:id=%54%45%53%54%00", P11_KIT_URI_FOR_OBJECT, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - /* Note that there's a NULL in the attribute (end) */ - attr = p11_kit_uri_get_attribute (uri, CKA_ID); - assert_ptr_not_null (attr); - assert (attr->ulValueLen == 5); - assert (memcmp (attr->pValue, "TEST", 5) == 0); - - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_with_bad_string_encoding (void) -{ - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:object=Test%", P11_KIT_URI_FOR_OBJECT, uri); - assert_num_eq (P11_KIT_URI_BAD_ENCODING, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_with_bad_hex_encoding (void) -{ - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:object=T%xxest", P11_KIT_URI_FOR_OBJECT, uri); - assert_num_eq (P11_KIT_URI_BAD_ENCODING, ret); - - p11_kit_uri_free (uri); -} - -static bool -is_space_string (CK_UTF8CHAR_PTR string, CK_ULONG size, const char *check) -{ - size_t i, len = strlen (check); - if (len > size) - return false; - if (memcmp (string, check, len) != 0) - return false; - for (i = len; i < size; ++i) - if (string[i] != ' ') - return false; - return true; -} - -static void -test_uri_parse_with_token (void) -{ - P11KitUri *uri = NULL; - CK_TOKEN_INFO_PTR token; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:token=Token%20Label;serial=3333;model=Deluxe;manufacturer=Me", - P11_KIT_URI_FOR_TOKEN, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - token = p11_kit_uri_get_token_info (uri); - assert (is_space_string (token->label, sizeof (token->label), "Token Label")); - assert (is_space_string (token->serialNumber, sizeof (token->serialNumber), "3333")); - assert (is_space_string (token->model, sizeof (token->model), "Deluxe")); - assert (is_space_string (token->manufacturerID, sizeof (token->manufacturerID), "Me")); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_with_token_bad_encoding (void) -{ - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:token=Token%", P11_KIT_URI_FOR_TOKEN, uri); - assert_num_eq (P11_KIT_URI_BAD_ENCODING, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_with_bad_syntax (void) -{ - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:token", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_BAD_SYNTAX, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_with_spaces (void) -{ - P11KitUri *uri = NULL; - CK_INFO_PTR info; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkc\ns11: lib rary-desc\rrip \n tion =The%20Library;\n\n\nlibrary-manufacturer=\rMe", - P11_KIT_URI_FOR_MODULE, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - info = p11_kit_uri_get_module_info (uri); - - assert (is_space_string (info->manufacturerID, sizeof (info->manufacturerID), "Me")); - assert (is_space_string (info->libraryDescription, sizeof (info->libraryDescription), "The Library")); - - p11_kit_uri_free (uri); -} - - -static void -test_uri_parse_with_library (void) -{ - P11KitUri *uri = NULL; - CK_INFO_PTR info; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:library-description=The%20Library;library-manufacturer=Me", - P11_KIT_URI_FOR_MODULE, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - info = p11_kit_uri_get_module_info (uri); - - assert (is_space_string (info->manufacturerID, sizeof (info->manufacturerID), "Me")); - assert (is_space_string (info->libraryDescription, sizeof (info->libraryDescription), "The Library")); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_with_library_bad_encoding (void) -{ - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:library-description=Library%", P11_KIT_URI_FOR_MODULE, uri); - assert_num_eq (P11_KIT_URI_BAD_ENCODING, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_with_slot (void) -{ - P11KitUri *uri = NULL; - CK_SLOT_INFO_PTR slot; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:slot-description=Slot%20Description;slot-manufacturer=Me", - P11_KIT_URI_FOR_SLOT, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - slot = p11_kit_uri_get_slot_info (uri); - assert (is_space_string (slot->slotDescription, sizeof (slot->slotDescription), "Slot Description")); - assert (is_space_string (slot->manufacturerID, sizeof (slot->manufacturerID), "Me")); - - p11_kit_uri_free (uri); -} - -static void -test_uri_build_empty (void) -{ - P11KitUri *uri; - char *string; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - assert_str_eq ("pkcs11:", string); - free (string); - - p11_kit_uri_free (uri); -} - -static void -set_space_string (CK_BYTE_PTR buffer, CK_ULONG length, const char *string) -{ - size_t len = strlen (string); - assert (len <= length); - memset (buffer, ' ', length); - memcpy (buffer, string, len); -} - -static void -test_uri_build_with_token_info (void) -{ - char *string = NULL; - P11KitUri *uri; - P11KitUri *check; - CK_TOKEN_INFO_PTR token; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - token = p11_kit_uri_get_token_info (uri); - set_space_string (token->label, sizeof (token->label), "The Label"); - set_space_string (token->serialNumber, sizeof (token->serialNumber), "44444"); - set_space_string (token->manufacturerID, sizeof (token->manufacturerID), "Me"); - set_space_string (token->model, sizeof (token->model), "Deluxe"); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - assert_ptr_not_null (string); - - check = p11_kit_uri_new (); - assert_ptr_not_null (check); - - ret = p11_kit_uri_parse (string, P11_KIT_URI_FOR_TOKEN, check); - assert_num_eq (P11_KIT_URI_OK, ret); - - p11_kit_uri_match_token_info (check, p11_kit_uri_get_token_info (uri)); - - p11_kit_uri_free (uri); - p11_kit_uri_free (check); - - assert (strstr (string, "token=The%20Label") != NULL); - assert (strstr (string, "serial=44444") != NULL); - assert (strstr (string, "manufacturer=Me") != NULL); - assert (strstr (string, "model=Deluxe") != NULL); - - free (string); -} - -static void -test_uri_build_with_token_null_info (void) -{ - char *string = NULL; - P11KitUri *uri; - CK_TOKEN_INFO_PTR token; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - token = p11_kit_uri_get_token_info (uri); - set_space_string (token->label, sizeof (token->label), "The Label"); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - - assert (strstr (string, "token=The%20Label") != NULL); - assert (strstr (string, "serial=") == NULL); - - free (string); - p11_kit_uri_free (uri); -} - -static void -test_uri_build_with_token_empty_info (void) -{ - char *string = NULL; - P11KitUri *uri; - CK_TOKEN_INFO_PTR token; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - token = p11_kit_uri_get_token_info (uri); - set_space_string (token->label, sizeof (token->label), ""); - set_space_string (token->serialNumber, sizeof (token->serialNumber), ""); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - - assert (strstr (string, "token=") != NULL); - assert (strstr (string, "serial=") != NULL); - - free (string); - p11_kit_uri_free (uri); -} - -static void -test_uri_build_with_attributes (void) -{ - char *string = NULL; - P11KitUri *uri; - P11KitUri *check; - CK_OBJECT_CLASS klass; - CK_ATTRIBUTE_PTR attr; - CK_ATTRIBUTE at; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - at.type = CKA_LABEL; - at.pValue = "The Label"; - at.ulValueLen = 9; - ret = p11_kit_uri_set_attribute (uri, &at); - assert_num_eq (P11_KIT_URI_OK, ret); - - at.type = CKA_ID; - at.pValue = "HELLO"; - at.ulValueLen = 5; - ret = p11_kit_uri_set_attribute (uri, &at); - assert_num_eq (P11_KIT_URI_OK, ret); - - klass = CKO_DATA; - at.type = CKA_CLASS; - at.pValue = &klass; - at.ulValueLen = sizeof (klass); - ret = p11_kit_uri_set_attribute (uri, &at); - assert_num_eq (P11_KIT_URI_OK, ret); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - - check = p11_kit_uri_new (); - assert_ptr_not_null (check); - - ret = p11_kit_uri_parse (string, P11_KIT_URI_FOR_ANY, check); - assert_num_eq (P11_KIT_URI_OK, ret); - - attr = p11_kit_uri_get_attribute (check, CKA_LABEL); - assert_ptr_not_null (attr); - assert (attr->ulValueLen == 9); - assert (memcmp (attr->pValue, "The Label", attr->ulValueLen) == 0); - - attr = p11_kit_uri_get_attribute (check, CKA_CLASS); - assert_ptr_not_null (attr); - assert (attr->ulValueLen == sizeof (klass)); - assert (*((CK_OBJECT_CLASS_PTR)attr->pValue) == klass); - - attr = p11_kit_uri_get_attribute (check, CKA_ID); - assert_ptr_not_null (attr); - assert (attr->ulValueLen == 5); - assert (memcmp (attr->pValue, "HELLO", attr->ulValueLen) == 0); - - p11_kit_uri_free (check); - - assert (strstr (string, "object=The%20Label") != NULL); - assert (strstr (string, "type=data") != NULL); - assert (strstr (string, "id=%48%45%4c%4c%4f") != NULL); - - free (string); - p11_kit_uri_free (uri); -} - -static void -test_uri_build_with_slot_info (void) -{ - char *string = NULL; - P11KitUri *uri; - P11KitUri *check; - CK_SLOT_INFO_PTR slot; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - slot = p11_kit_uri_get_slot_info (uri); - set_space_string (slot->slotDescription, sizeof (slot->slotDescription), "The Slot Description"); - set_space_string (slot->manufacturerID, sizeof (slot->manufacturerID), "Me"); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - assert_ptr_not_null (string); - - check = p11_kit_uri_new (); - assert_ptr_not_null (check); - - ret = p11_kit_uri_parse (string, P11_KIT_URI_FOR_SLOT, check); - assert_num_eq (P11_KIT_URI_OK, ret); - - p11_kit_uri_match_slot_info (check, p11_kit_uri_get_slot_info (uri)); - - p11_kit_uri_free (uri); - p11_kit_uri_free (check); - - assert (strstr (string, "slot-description=The%20Slot%20Description") != NULL); - assert (strstr (string, "slot-manufacturer=Me") != NULL); - - free (string); -} - -static void -test_uri_parse_private_key (void) -{ - P11KitUri *uri; - CK_ATTRIBUTE_PTR attr; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:type=private", P11_KIT_URI_FOR_OBJECT, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - attr = p11_kit_uri_get_attribute (uri, CKA_CLASS); - assert_ptr_not_null (attr); - assert (attr->ulValueLen == sizeof (CK_OBJECT_CLASS)); - assert (*((CK_OBJECT_CLASS_PTR)attr->pValue) == CKO_PRIVATE_KEY); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_secret_key (void) -{ - P11KitUri *uri; - CK_ATTRIBUTE_PTR attr; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:type=secret-key", P11_KIT_URI_FOR_OBJECT, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - attr = p11_kit_uri_get_attribute (uri, CKA_CLASS); - assert_ptr_not_null (attr); - assert (attr->ulValueLen == sizeof (CK_OBJECT_CLASS)); - assert (*((CK_OBJECT_CLASS_PTR)attr->pValue) == CKO_SECRET_KEY); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_library_version (void) -{ - P11KitUri *uri; - CK_INFO_PTR info; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:library-version=2.101", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - info = p11_kit_uri_get_module_info (uri); - assert_num_eq (2, info->libraryVersion.major); - assert_num_eq (101, info->libraryVersion.minor); - - ret = p11_kit_uri_parse ("pkcs11:library-version=23", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - info = p11_kit_uri_get_module_info (uri); - assert_num_eq (23, info->libraryVersion.major); - assert_num_eq (0, info->libraryVersion.minor); - - ret = p11_kit_uri_parse ("pkcs11:library-version=23.", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri); - assert_num_eq (P11_KIT_URI_BAD_VERSION, ret); - - ret = p11_kit_uri_parse ("pkcs11:library-version=a.a", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri); - assert_num_eq (P11_KIT_URI_BAD_VERSION, ret); - - ret = p11_kit_uri_parse ("pkcs11:library-version=.23", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri); - assert_num_eq (P11_KIT_URI_BAD_VERSION, ret); - - ret = p11_kit_uri_parse ("pkcs11:library-version=1000", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri); - assert_num_eq (P11_KIT_URI_BAD_VERSION, ret); - - ret = p11_kit_uri_parse ("pkcs11:library-version=2.1000", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri); - assert_num_eq (P11_KIT_URI_BAD_VERSION, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_parse_unknown_object_type (void) -{ - P11KitUri *uri; - CK_ATTRIBUTE_PTR attr; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:type=unknown", P11_KIT_URI_FOR_OBJECT, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - attr = p11_kit_uri_get_attribute (uri, CKA_CLASS); - assert_ptr_eq (NULL, attr); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_unrecognized (void) -{ - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:x-blah=some-value", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - ret = p11_kit_uri_any_unrecognized (uri); - assert_num_eq (1, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_too_long_is_unrecognized (void) -{ - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:model=a-value-that-is-too-long-for-the-field-that-it-goes-with", - P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - ret = p11_kit_uri_any_unrecognized (uri); - assert_num_eq (1, ret); - - p11_kit_uri_free (uri); -} - - - -static void -test_uri_build_object_type_cert (void) -{ - CK_ATTRIBUTE attr; - CK_OBJECT_CLASS klass; - P11KitUri *uri; - char *string; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - klass = CKO_CERTIFICATE; - attr.type = CKA_CLASS; - attr.pValue = &klass; - attr.ulValueLen = sizeof (klass); - p11_kit_uri_set_attribute (uri, &attr); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - assert (strstr (string, "type=cert") != NULL); - - p11_kit_uri_free (uri); - free (string); -} - -static void -test_uri_build_object_type_private (void) -{ - CK_ATTRIBUTE attr; - CK_OBJECT_CLASS klass; - P11KitUri *uri; - char *string; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - klass = CKO_PRIVATE_KEY; - attr.type = CKA_CLASS; - attr.pValue = &klass; - attr.ulValueLen = sizeof (klass); - p11_kit_uri_set_attribute (uri, &attr); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - assert (strstr (string, "type=private") != NULL); - - p11_kit_uri_free (uri); - free (string); -} - -static void -test_uri_build_object_type_public (void) -{ - CK_ATTRIBUTE attr; - CK_OBJECT_CLASS klass; - P11KitUri *uri; - char *string; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - klass = CKO_PUBLIC_KEY; - attr.type = CKA_CLASS; - attr.pValue = &klass; - attr.ulValueLen = sizeof (klass); - p11_kit_uri_set_attribute (uri, &attr); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - assert (strstr (string, "type=public") != NULL); - - p11_kit_uri_free (uri); - free (string); -} - -static void -test_uri_build_object_type_secret (void) -{ - CK_ATTRIBUTE attr; - CK_OBJECT_CLASS klass; - P11KitUri *uri; - char *string; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - klass = CKO_SECRET_KEY; - attr.type = CKA_CLASS; - attr.pValue = &klass; - attr.ulValueLen = sizeof (klass); - p11_kit_uri_set_attribute (uri, &attr); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - assert (strstr (string, "type=secret-key") != NULL); - - p11_kit_uri_free (uri); - free (string); -} - -static void -test_uri_build_with_library (void) -{ - CK_INFO_PTR info; - P11KitUri *uri; - char *string; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - info = p11_kit_uri_get_module_info (uri); - set_space_string (info->libraryDescription, sizeof (info->libraryDescription), "The Description"); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - assert (strstr (string, "library-description=The%20Description") != NULL); - - p11_kit_uri_free (uri); - free (string); -} - -static void -test_uri_build_library_version (void) -{ - CK_INFO_PTR info; - P11KitUri *uri; - char *string; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - info = p11_kit_uri_get_module_info (uri); - info->libraryVersion.major = 2; - info->libraryVersion.minor = 10; - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - assert (strstr (string, "library-version=2.10") != NULL); - - p11_kit_uri_free (uri); - free (string); -} - -static void -test_uri_get_set_unrecognized (void) -{ - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_any_unrecognized (uri); - assert_num_eq (0, ret); - - p11_kit_uri_set_unrecognized (uri, 1); - - ret = p11_kit_uri_any_unrecognized (uri); - assert_num_eq (1, ret); - - p11_kit_uri_set_unrecognized (uri, 0); - - ret = p11_kit_uri_any_unrecognized (uri); - assert_num_eq (0, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_match_token (void) -{ - CK_TOKEN_INFO token; - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:model=Giselle", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - set_space_string (token.label, sizeof (token.label), "A label"); - set_space_string (token.model, sizeof (token.model), "Giselle"); - - ret = p11_kit_uri_match_token_info (uri, &token); - assert_num_eq (1, ret); - - set_space_string (token.label, sizeof (token.label), "Another label"); - - ret = p11_kit_uri_match_token_info (uri, &token); - assert_num_eq (1, ret); - - set_space_string (token.model, sizeof (token.model), "Zoolander"); - - ret = p11_kit_uri_match_token_info (uri, &token); - assert_num_eq (0, ret); - - p11_kit_uri_set_unrecognized (uri, 1); - - ret = p11_kit_uri_match_token_info (uri, &token); - assert_num_eq (0, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_match_module (void) -{ - CK_INFO info; - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:library-description=Quiet", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - set_space_string (info.libraryDescription, sizeof (info.libraryDescription), "Quiet"); - set_space_string (info.manufacturerID, sizeof (info.manufacturerID), "Someone"); - - ret = p11_kit_uri_match_module_info (uri, &info); - assert_num_eq (1, ret); - - set_space_string (info.manufacturerID, sizeof (info.manufacturerID), "Someone else"); - - ret = p11_kit_uri_match_module_info (uri, &info); - assert_num_eq (1, ret); - - set_space_string (info.libraryDescription, sizeof (info.libraryDescription), "Leise"); - - ret = p11_kit_uri_match_module_info (uri, &info); - assert_num_eq (0, ret); - - p11_kit_uri_set_unrecognized (uri, 1); - - ret = p11_kit_uri_match_module_info (uri, &info); - assert_num_eq (0, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_match_version (void) -{ - CK_INFO info; - P11KitUri *uri; - int ret; - - memset (&info, 0, sizeof (info)); - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:library-version=5.8", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - info.libraryVersion.major = 5; - info.libraryVersion.minor = 8; - - ret = p11_kit_uri_match_module_info (uri, &info); - assert_num_eq (1, ret); - - info.libraryVersion.major = 2; - info.libraryVersion.minor = 3; - - ret = p11_kit_uri_match_module_info (uri, &info); - assert_num_eq (0, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_match_attributes (void) -{ - CK_ATTRIBUTE attrs[4]; - CK_OBJECT_CLASS klass; - P11KitUri *uri; - int ret; - - attrs[0].type = CKA_ID; - attrs[0].pValue = "Blah"; - attrs[0].ulValueLen = 4; - - attrs[1].type = CKA_LABEL; - attrs[1].pValue = "Junk"; - attrs[1].ulValueLen = 4; - - attrs[2].type = CKA_COLOR; - attrs[2].pValue = "blue"; - attrs[2].ulValueLen = 4; - - klass = CKO_DATA; - attrs[3].type = CKA_CLASS; - attrs[3].pValue = &klass; - attrs[3].ulValueLen = sizeof (klass); - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:object=Fancy;id=Blah;type=data", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - ret = p11_kit_uri_match_attributes (uri, attrs, 4); - assert_num_eq (0, ret); - - attrs[1].pValue = "Fancy"; - attrs[1].ulValueLen = 5; - - ret = p11_kit_uri_match_attributes (uri, attrs, 4); - assert_num_eq (1, ret); - - p11_kit_uri_clear_attribute (uri, CKA_CLASS); - - ret = p11_kit_uri_match_attributes (uri, attrs, 4); - assert_num_eq (1, ret); - - attrs[2].pValue = "pink"; - - ret = p11_kit_uri_match_attributes (uri, attrs, 4); - assert_num_eq (1, ret); - - p11_kit_uri_set_unrecognized (uri, 1); - - ret = p11_kit_uri_match_attributes (uri, attrs, 4); - assert_num_eq (0, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_get_set_attribute (void) -{ - CK_ATTRIBUTE attr; - CK_ATTRIBUTE_PTR ptr; - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ptr = p11_kit_uri_get_attribute (uri, CKA_LABEL); - assert_ptr_eq (NULL, ptr); - - ret = p11_kit_uri_clear_attribute (uri, CKA_LABEL); - assert_num_eq (P11_KIT_URI_OK, ret); - - ret = p11_kit_uri_clear_attribute (uri, CKA_COLOR); - assert_num_eq (P11_KIT_URI_NOT_FOUND, ret); - - attr.type = CKA_LABEL; - attr.pValue = "Test"; - attr.ulValueLen = 4; - - ret = p11_kit_uri_set_attribute (uri, &attr); - assert_num_eq (P11_KIT_URI_OK, ret); - - /* We can set other attributes */ - attr.type = CKA_COLOR; - ret = p11_kit_uri_set_attribute (uri, &attr); - assert_num_eq (P11_KIT_URI_OK, ret); - - /* And get them too */ - ptr = p11_kit_uri_get_attribute (uri, CKA_COLOR); - assert_ptr_not_null (ptr); - - ptr = p11_kit_uri_get_attribute (uri, CKA_LABEL); - assert_ptr_not_null (ptr); - - assert (ptr->type == CKA_LABEL); - assert (ptr->ulValueLen == 4); - assert (memcmp (ptr->pValue, "Test", 4) == 0); - - ret = p11_kit_uri_clear_attribute (uri, CKA_LABEL); - assert_num_eq (P11_KIT_URI_OK, ret); - - ptr = p11_kit_uri_get_attribute (uri, CKA_LABEL); - assert_ptr_eq (NULL, ptr); - - p11_kit_uri_free (uri); -} - -static void -test_uri_get_set_attributes (void) -{ - CK_ATTRIBUTE_PTR attrs; - CK_OBJECT_CLASS klass; - CK_ATTRIBUTE attr; - CK_ULONG n_attrs; - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - attrs = p11_kit_uri_get_attributes (uri, &n_attrs); - assert_ptr_not_null (attrs); - assert_num_eq (0, n_attrs); - - attr.type = CKA_LABEL; - attr.pValue = "Test"; - attr.ulValueLen = 4; - - ret = p11_kit_uri_set_attribute (uri, &attr); - assert_num_eq (P11_KIT_URI_OK, ret); - - attrs = p11_kit_uri_get_attributes (uri, &n_attrs); - assert_ptr_not_null (attrs); - assert_num_eq (1, n_attrs); - assert (attrs[0].type == CKA_LABEL); - assert (attrs[0].ulValueLen == 4); - assert (memcmp (attrs[0].pValue, "Test", 4) == 0); - - attr.type = CKA_LABEL; - attr.pValue = "Kablooey"; - attr.ulValueLen = 8; - - ret = p11_kit_uri_set_attribute (uri, &attr); - assert_num_eq (P11_KIT_URI_OK, ret); - - attrs = p11_kit_uri_get_attributes (uri, &n_attrs); - assert_ptr_not_null (attrs); - assert_num_eq (1, n_attrs); - assert (attrs[0].type == CKA_LABEL); - assert (attrs[0].ulValueLen == 8); - assert (memcmp (attrs[0].pValue, "Kablooey", 8) == 0); - - klass = CKO_DATA; - attr.type = CKA_CLASS; - attr.pValue = &klass; - attr.ulValueLen = sizeof (klass); - - ret = p11_kit_uri_set_attribute (uri, &attr); - assert_num_eq (P11_KIT_URI_OK, ret); - - attrs = p11_kit_uri_get_attributes (uri, &n_attrs); - assert_ptr_not_null (attrs); - assert_num_eq (2, n_attrs); - assert (attrs[0].type == CKA_LABEL); - assert (attrs[0].ulValueLen == 8); - assert (memcmp (attrs[0].pValue, "Kablooey", 8) == 0); - assert (attrs[1].type == CKA_CLASS); - assert (attrs[1].ulValueLen == sizeof (klass)); - assert (memcmp (attrs[1].pValue, &klass, sizeof (klass)) == 0); - - ret = p11_kit_uri_clear_attribute (uri, CKA_LABEL); - assert_num_eq (P11_KIT_URI_OK, ret); - - attrs = p11_kit_uri_get_attributes (uri, &n_attrs); - assert_ptr_not_null (attrs); - assert_num_eq (1, n_attrs); - assert (attrs[0].type == CKA_CLASS); - assert (attrs[0].ulValueLen == sizeof (klass)); - assert (memcmp (attrs[0].pValue, &klass, sizeof (klass)) == 0); - - attr.type = CKA_LABEL; - attr.pValue = "Three"; - attr.ulValueLen = 5; - - ret = p11_kit_uri_set_attributes (uri, &attr, 1); - assert_num_eq (P11_KIT_URI_OK, ret); - - attrs = p11_kit_uri_get_attributes (uri, &n_attrs); - assert_ptr_not_null (attrs); - assert_num_eq (1, n_attrs); - assert (attrs[0].type == CKA_LABEL); - assert (attrs[0].ulValueLen == 5); - assert (memcmp (attrs[0].pValue, "Three", 5) == 0); - - p11_kit_uri_clear_attributes (uri); - - attrs = p11_kit_uri_get_attributes (uri, &n_attrs); - assert_ptr_not_null (attrs); - assert_num_eq (0, n_attrs); - - p11_kit_uri_free (uri); -} - -static void -test_uri_pin_source (void) -{ - P11KitUri *uri; - const char *pin_source; - char *string; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - p11_kit_uri_set_pin_source (uri, "|my-pin-source"); - - pin_source = p11_kit_uri_get_pin_source (uri); - assert_str_eq ("|my-pin-source", pin_source); - - pin_source = p11_kit_uri_get_pinfile (uri); - assert_str_eq ("|my-pin-source", pin_source); - - p11_kit_uri_set_pinfile (uri, "|my-pin-file"); - - pin_source = p11_kit_uri_get_pin_source (uri); - assert_str_eq ("|my-pin-file", pin_source); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - assert (strstr (string, "pin-source=%7cmy-pin-file") != NULL); - free (string); - - ret = p11_kit_uri_parse ("pkcs11:pin-source=blah%2Fblah", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - pin_source = p11_kit_uri_get_pin_source (uri); - assert_str_eq ("blah/blah", pin_source); - - p11_kit_uri_free (uri); -} - - -static void -test_uri_pin_value (void) -{ - P11KitUri *uri; - const char *pin_value; - char *string; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - p11_kit_uri_set_pin_value (uri, "123456"); - - pin_value = p11_kit_uri_get_pin_value (uri); - assert_str_eq ("123456", pin_value); - - p11_kit_uri_set_pin_value (uri, "1*&#%&@("); - - pin_value = p11_kit_uri_get_pin_value (uri); - assert_str_eq ("1*&#%&@(", pin_value); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - assert (strstr (string, "pkcs11:pin-value=1%2a%26%23%25%26%40%28") != NULL); - free (string); - - ret = p11_kit_uri_parse ("pkcs11:pin-value=blah%2Fblah", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - pin_value = p11_kit_uri_get_pin_value (uri); - assert_str_eq ("blah/blah", pin_value); - - p11_kit_uri_free (uri); -} - -static void -test_uri_pin_value_bad (void) -{ - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:pin-value=blahblah%2", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_BAD_ENCODING, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_slot_id (void) -{ - P11KitUri *uri; - CK_SLOT_ID slot_id; - char *string; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - p11_kit_uri_set_slot_id (uri, 12345); - - slot_id = p11_kit_uri_get_slot_id (uri); - assert_num_eq (12345, slot_id); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - assert (strstr (string, "pkcs11:slot-id=12345") != NULL); - free (string); - - ret = p11_kit_uri_parse ("pkcs11:slot-id=67890", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - slot_id = p11_kit_uri_get_slot_id (uri); - assert_num_eq (67890, slot_id); - - p11_kit_uri_free (uri); -} - -static void -test_uri_slot_id_bad (void) -{ - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:slot-id=123^456", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_BAD_SYNTAX, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_free_null (void) -{ - p11_kit_uri_free (NULL); -} - -static void -test_uri_message (void) -{ - assert (p11_kit_uri_message (P11_KIT_URI_OK) == NULL); - assert_ptr_not_null (p11_kit_uri_message (P11_KIT_URI_UNEXPECTED)); - assert_ptr_not_null (p11_kit_uri_message (-555555)); -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_uri_parse, "/uri/test_uri_parse"); - p11_test (test_uri_parse_bad_scheme, "/uri/test_uri_parse_bad_scheme"); - p11_test (test_uri_parse_with_label, "/uri/test_uri_parse_with_label"); - p11_test (test_uri_parse_with_empty_label, "/uri/test_uri_parse_with_empty_label"); - p11_test (test_uri_parse_with_empty_id, "/uri/test_uri_parse_with_empty_id"); - p11_test (test_uri_parse_with_label_and_klass, "/uri/test_uri_parse_with_label_and_klass"); - p11_test (test_uri_parse_with_label_and_new_klass, "/uri/parse-with-label-and-new-class"); - p11_test (test_uri_parse_with_id, "/uri/test_uri_parse_with_id"); - p11_test (test_uri_parse_with_bad_string_encoding, "/uri/test_uri_parse_with_bad_string_encoding"); - p11_test (test_uri_parse_with_bad_hex_encoding, "/uri/test_uri_parse_with_bad_hex_encoding"); - p11_test (test_uri_parse_with_token, "/uri/test_uri_parse_with_token"); - p11_test (test_uri_parse_with_token_bad_encoding, "/uri/test_uri_parse_with_token_bad_encoding"); - p11_test (test_uri_parse_with_bad_syntax, "/uri/test_uri_parse_with_bad_syntax"); - p11_test (test_uri_parse_with_spaces, "/uri/test_uri_parse_with_spaces"); - p11_test (test_uri_parse_with_library, "/uri/test_uri_parse_with_library"); - p11_test (test_uri_parse_with_library_bad_encoding, "/uri/test_uri_parse_with_library_bad_encoding"); - p11_test (test_uri_parse_with_slot, "/uri/test_uri_parse_with_slot"); - p11_test (test_uri_build_empty, "/uri/test_uri_build_empty"); - p11_test (test_uri_build_with_token_info, "/uri/test_uri_build_with_token_info"); - p11_test (test_uri_build_with_token_null_info, "/uri/test_uri_build_with_token_null_info"); - p11_test (test_uri_build_with_token_empty_info, "/uri/test_uri_build_with_token_empty_info"); - p11_test (test_uri_build_with_attributes, "/uri/test_uri_build_with_attributes"); - p11_test (test_uri_build_with_slot_info, "/uri/test_uri_build_with_slot_info"); - p11_test (test_uri_parse_private_key, "/uri/test_uri_parse_private_key"); - p11_test (test_uri_parse_secret_key, "/uri/test_uri_parse_secret_key"); - p11_test (test_uri_parse_library_version, "/uri/test_uri_parse_library_version"); - p11_test (test_uri_parse_parse_unknown_object_type, "/uri/test_uri_parse_parse_unknown_object_type"); - p11_test (test_uri_parse_unrecognized, "/uri/test_uri_parse_unrecognized"); - p11_test (test_uri_parse_too_long_is_unrecognized, "/uri/test_uri_parse_too_long_is_unrecognized"); - p11_test (test_uri_build_object_type_cert, "/uri/test_uri_build_object_type_cert"); - p11_test (test_uri_build_object_type_private, "/uri/test_uri_build_object_type_private"); - p11_test (test_uri_build_object_type_public, "/uri/test_uri_build_object_type_public"); - p11_test (test_uri_build_object_type_secret, "/uri/test_uri_build_object_type_secret"); - p11_test (test_uri_build_with_library, "/uri/test_uri_build_with_library"); - p11_test (test_uri_build_library_version, "/uri/test_uri_build_library_version"); - p11_test (test_uri_get_set_unrecognized, "/uri/test_uri_get_set_unrecognized"); - p11_test (test_uri_match_token, "/uri/test_uri_match_token"); - p11_test (test_uri_match_module, "/uri/test_uri_match_module"); - p11_test (test_uri_match_version, "/uri/test_uri_match_version"); - p11_test (test_uri_match_attributes, "/uri/test_uri_match_attributes"); - p11_test (test_uri_get_set_attribute, "/uri/test_uri_get_set_attribute"); - p11_test (test_uri_get_set_attributes, "/uri/test_uri_get_set_attributes"); - p11_test (test_uri_pin_source, "/uri/test_uri_pin_source"); - p11_test (test_uri_pin_value, "/uri/pin-value"); - p11_test (test_uri_pin_value_bad, "/uri/pin-value-bad"); - p11_test (test_uri_slot_id, "/uri/slot-id"); - p11_test (test_uri_slot_id_bad, "/uri/slot-id-bad"); - p11_test (test_uri_free_null, "/uri/test_uri_free_null"); - p11_test (test_uri_message, "/uri/test_uri_message"); - - return p11_test_run (argc, argv); -} diff --git a/p11-kit/test-util.c b/p11-kit/test-util.c deleted file mode 100644 index 0e579cd..0000000 --- a/p11-kit/test-util.c +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include "p11-kit.h" - -#include -#include - -static void -test_space_strlen (void) -{ - assert_num_eq (4, p11_kit_space_strlen ((const unsigned char *)"Test ", 20)); - assert_num_eq (20, p11_kit_space_strlen ((const unsigned char *)"01234567890123456789", 20)); - assert_num_eq (0, p11_kit_space_strlen ((const unsigned char *)" ", 20)); -} - -int -main (int argc, - char *argv[]) -{ - putenv ("P11_KIT_STRICT=1"); - - p11_test (test_space_strlen, "/util/space-strlen"); - return p11_test_run (argc, argv); -} diff --git a/p11-kit/test-virtual.c b/p11-kit/test-virtual.c deleted file mode 100644 index e642820..0000000 --- a/p11-kit/test-virtual.c +++ /dev/null @@ -1,171 +0,0 @@ -/* - * Copyright (c) 2012 Stefan Walter - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "library.h" -#include "p11-kit.h" -#include "private.h" -#include "virtual.h" - -#include "test.h" - -#include "mock.h" - -#include -#include -#include -#include -#include - -/* - * test-managed.c is a pretty good test of the closure code, so we - * just test a few things here. - */ - -typedef struct { - p11_virtual virt; - void *check; -} Override; - -static CK_RV -override_initialize (CK_X_FUNCTION_LIST *self, - CK_VOID_PTR args) -{ - Override *over = (Override *)self; - - assert_str_eq ("initialize-arg", args); - assert_str_eq ("overide-arg", over->check); - - /* An arbitrary error code to check */ - return CKR_NEED_TO_CREATE_THREADS; -} - -static bool test_destroyed = false; - -static void -test_destroyer (void *data) -{ - assert (data == &mock_x_module_no_slots); - assert (test_destroyed == false); - test_destroyed = true; -} - -static void -test_initialize (void) -{ - CK_FUNCTION_LIST_PTR module; - Override over = { }; - CK_RV rv; - - p11_virtual_init (&over.virt, &p11_virtual_stack, &mock_x_module_no_slots, test_destroyer); - over.virt.funcs.C_Initialize = override_initialize; - over.check = "overide-arg"; - test_destroyed = false; - - module = p11_virtual_wrap (&over.virt, (p11_destroyer)p11_virtual_uninit); - assert_ptr_not_null (module); - - rv = (module->C_Initialize) ("initialize-arg"); - assert_num_eq (CKR_NEED_TO_CREATE_THREADS, rv); - - p11_virtual_unwrap (module); - assert_num_eq (true, test_destroyed); -} - -static void -test_fall_through (void) -{ - CK_FUNCTION_LIST_PTR module; - Override over = { }; - p11_virtual base; - CK_RV rv; - - p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); - p11_virtual_init (&over.virt, &p11_virtual_stack, &base, NULL); - over.virt.funcs.C_Initialize = override_initialize; - over.check = "overide-arg"; - - module = p11_virtual_wrap (&over.virt, NULL); - assert_ptr_not_null (module); - - rv = (module->C_Initialize) ("initialize-arg"); - assert_num_eq (CKR_NEED_TO_CREATE_THREADS, rv); - - /* All other functiosn should have just fallen through */ - assert_ptr_eq (mock_module_no_slots.C_Finalize, module->C_Finalize); - - p11_virtual_unwrap (module); -} - -static void -test_get_function_list (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_FUNCTION_LIST_PTR list; - p11_virtual virt; - CK_RV rv; - - p11_virtual_init (&virt, &p11_virtual_base, &mock_module_no_slots, NULL); - module = p11_virtual_wrap (&virt, NULL); - assert_ptr_not_null (module); - - rv = (module->C_GetFunctionList) (&list); - assert_num_eq (CKR_OK, rv); - assert_ptr_eq (module, list); - - rv = (module->C_GetFunctionList) (&list); - assert_num_eq (CKR_OK, rv); - - rv = (module->C_GetFunctionList) (NULL); - assert_num_eq (CKR_ARGUMENTS_BAD, rv); - - p11_virtual_unwrap (module); -} - -int -main (int argc, - char *argv[]) -{ - mock_module_init (); - p11_library_init (); - - assert (p11_virtual_can_wrap ()); - p11_test (test_initialize, "/virtual/test_initialize"); - p11_test (test_fall_through, "/virtual/test_fall_through"); - p11_test (test_get_function_list, "/virtual/test_get_function_list"); - - return p11_test_run (argc, argv); -} diff --git a/p11-kit/uri.c b/p11-kit/uri.c deleted file mode 100644 index c64912f..0000000 --- a/p11-kit/uri.c +++ /dev/null @@ -1,1490 +0,0 @@ -/* - * Copyright (C) 2011 Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "attrs.h" -#include "buffer.h" -#define P11_DEBUG_FLAG P11_DEBUG_URI -#include "debug.h" -#include "message.h" -#include "pkcs11.h" -#include "private.h" -#include "p11-kit.h" -#include "uri.h" -#include "url.h" - -#include -#include -#include -#include -#include - -/** - * SECTION:p11-kit-uri - * @title: URIs - * @short_description: Parsing and formatting PKCS\#11 URIs - * - * PKCS\#11 URIs can be used in configuration files or applications to represent - * PKCS\#11 modules, tokens or objects. An example of a URI might be: - * - * - * pkcs11:token=The\%20Software\%20PKCS\#11\%20softtoken; - * manufacturer=Snake\%20Oil,\%20Inc.;serial=;object=my-certificate; - * model=1.0;type=cert;id=\%69\%95\%3e\%5c\%f4\%bd\%ec\%91 - * - * - * You can use p11_kit_uri_parse() to parse such a URI, and p11_kit_uri_format() - * to build one. URIs are represented by the #P11KitUri structure. You can match - * a parsed URI against PKCS\#11 tokens with p11_kit_uri_match_token_info() - * or attributes with p11_kit_uri_match_attributes(). - * - * Since URIs can represent different sorts of things, when parsing or formatting - * a URI a 'context' can be used to indicate which sort of URI is expected. - * - * URIs have an unrecognized flag. This flag is set during parsing - * if any parts of the URI are not recognized. This may be because the part is - * from a newer version of the PKCS\#11 spec or because that part was not valid - * inside of the desired context used when parsing. - */ - -/** - * P11KitUri: - * - * A structure representing a PKCS\#11 URI. There are no public fields - * visible in this structure. Use the various accessor functions. - */ - -/** - * P11KitUriType: - * @P11_KIT_URI_FOR_OBJECT: The URI represents one or more objects - * @P11_KIT_URI_FOR_TOKEN: The URI represents one or more tokens - * @P11_KIT_URI_FOR_SLOT: The URI represents one or more slots - * @P11_KIT_URI_FOR_MODULE: The URI represents one or more modules - * @P11_KIT_URI_FOR_MODULE_WITH_VERSION: The URI represents a module with - * a specific version. - * @P11_KIT_URI_FOR_OBJECT_ON_TOKEN: The URI represents one or more objects - * that are present on a specific token. - * @P11_KIT_URI_FOR_OBJECT_ON_TOKEN_AND_MODULE: The URI represents one or more - * objects that are present on a specific token, being used with a certain - * module. - * @P11_KIT_URI_FOR_ANY: The URI can represent anything - * - * A PKCS\#11 URI can represent different kinds of things. This flag is used by - * p11_kit_uri_parse() to denote in what context the URI will be used. - * - * The various types can be combined. - */ - -/** - * P11KitUriResult: - * @P11_KIT_URI_OK: Success - * @P11_KIT_URI_UNEXPECTED: Unexpected or internal system error - * @P11_KIT_URI_BAD_SCHEME: The URI had a bad scheme - * @P11_KIT_URI_BAD_ENCODING: The URI had a bad encoding - * @P11_KIT_URI_BAD_SYNTAX: The URI had a bad syntax - * @P11_KIT_URI_BAD_VERSION: The URI contained a bad version number - * @P11_KIT_URI_NOT_FOUND: A requested part of the URI was not found - * - * Error codes returned by various functions. The functions each clearly state - * which error codes they are capable of returning. - */ - -/** - * P11_KIT_URI_NO_MEMORY: - * - * Unexpected memory allocation failure result. Same as #P11_KIT_URI_UNEXPECTED. - */ - -/** - * P11_KIT_URI_SCHEME: - * - * String of URI scheme for PKCS\#11 URIs. - */ - -/** - * P11_KIT_URI_SCHEME_LEN: - * - * Length of %P11_KIT_URI_SCHEME. - */ - -struct p11_kit_uri { - bool unrecognized; - CK_INFO module; - CK_SLOT_INFO slot; - CK_TOKEN_INFO token; - CK_ATTRIBUTE *attrs; - char *pin_source; - char *pin_value; - CK_SLOT_ID slot_id; -}; - -static char * -strip_whitespace (const char *value) -{ - size_t length = strlen (value); - char *at, *pos; - char *key; - - key = malloc (length + 1); - return_val_if_fail (key != NULL, NULL); - - memcpy (key, value, length); - key[length] = '\0'; - - /* Do we have any whitespace? Strip it out. */ - if (strcspn (key, P11_URL_WHITESPACE) != length) { - for (at = key, pos = key; pos != key + length + 1; ++pos) { - if (!strchr (P11_URL_WHITESPACE, *pos)) - *(at++) = *pos; - } - *at = '\0'; - } - - return key; -} - -static bool -match_struct_string (const unsigned char *inuri, const unsigned char *real, - size_t length) -{ - assert (inuri); - assert (real); - assert (length > 0); - - /* NULL matches anything */ - if (inuri[0] == 0) - return true; - - return memcmp (inuri, real, length) == 0 ? true : false; -} - -static bool -match_struct_version (CK_VERSION_PTR inuri, CK_VERSION_PTR real) -{ - /* This matches anything */ - if (inuri->major == (CK_BYTE)-1 && inuri->minor == (CK_BYTE)-1) - return true; - - return memcmp (inuri, real, sizeof (CK_VERSION)) == 0 ? true : false; -} - -/** - * p11_kit_uri_get_module_info: - * @uri: the URI - * - * Get the CK_INFO structure associated with this URI. - * - * If this is a parsed URI, then the fields corresponding to library parts of - * the URI will be filled in. Any library URI parts that were missing will have - * their fields filled with zeros. - * - * If the caller wishes to setup information for building a URI, then relevant - * fields should be filled in. Fields that should not appear as parts in the - * resulting URI should be filled with zeros. - * - * Returns: A pointer to the CK_INFO structure. - */ -CK_INFO_PTR -p11_kit_uri_get_module_info (P11KitUri *uri) -{ - return_val_if_fail (uri != NULL, NULL); - return &uri->module; -} - -int -p11_match_uri_module_info (CK_INFO_PTR one, - CK_INFO_PTR two) -{ - return (match_struct_string (one->libraryDescription, - two->libraryDescription, - sizeof (one->libraryDescription)) && - match_struct_string (one->manufacturerID, - two->manufacturerID, - sizeof (one->manufacturerID)) && - match_struct_version (&one->libraryVersion, - &two->libraryVersion)); -} - -/** - * p11_kit_uri_match_module_info: - * @uri: the URI - * @info: the structure to match against the URI - * - * Match a CK_INFO structure against the library parts of this URI. - * - * Only the fields of the CK_INFO structure that are valid for use - * in a URI will be matched. A URI part that was not specified in the URI will - * match any value in the structure. If during the URI parsing any unrecognized - * parts were encountered then this match will fail. - * - * Returns: 1 if the URI matches, 0 if not. - */ -int -p11_kit_uri_match_module_info (P11KitUri *uri, CK_INFO_PTR info) -{ - return_val_if_fail (uri != NULL, 0); - return_val_if_fail (info != NULL, 0); - - if (uri->unrecognized) - return 0; - - return p11_match_uri_module_info (&uri->module, info); -} - -/** - * p11_kit_uri_get_slot_info: - * @uri: the URI - * - * Get the CK_SLOT_INFO structure associated with this URI. - * - * If this is a parsed URI, then the fields corresponding to slot parts of - * the URI will be filled in. Any slot URI parts that were missing will have - * their fields filled with zeros. - * - * If the caller wishes to setup information for building a URI, then relevant - * fields should be filled in. Fields that should not appear as parts in the - * resulting URI should be filled with zeros. - * - * Returns: A pointer to the CK_INFO structure. - */ -CK_SLOT_INFO_PTR -p11_kit_uri_get_slot_info (P11KitUri *uri) -{ - return_val_if_fail (uri != NULL, NULL); - return &uri->slot; -} - -int -p11_match_uri_slot_info (CK_SLOT_INFO_PTR one, - CK_SLOT_INFO_PTR two) -{ - return (match_struct_string (one->slotDescription, - two->slotDescription, - sizeof (one->slotDescription)) && - match_struct_string (one->manufacturerID, - two->manufacturerID, - sizeof (one->manufacturerID))); -} - -/** - * p11_kit_uri_match_slot_info: - * @uri: the URI - * @slot_info: the structure to match against the URI - * - * Match a CK_SLOT_INFO structure against the slot parts of this - * URI. - * - * Only the fields of the CK_SLOT_INFO structure that are valid - * for use in a URI will be matched. A URI part that was not specified in the - * URI will match any value in the structure. If during the URI parsing any - * unrecognized parts were encountered then this match will fail. - * - * Returns: 1 if the URI matches, 0 if not. - */ -int -p11_kit_uri_match_slot_info (P11KitUri *uri, CK_SLOT_INFO_PTR slot_info) -{ - return_val_if_fail (uri != NULL, 0); - return_val_if_fail (slot_info != NULL, 0); - - if (uri->unrecognized) - return 0; - - return p11_match_uri_slot_info (&uri->slot, slot_info); -} - -/** - * p11_kit_uri_get_slot_id: - * @uri: The URI - * - * Get the 'slot-id' part of the URI. - * - * Returns: The slot-id or (CK_SLOT_ID)-1 if not set. - */ -CK_SLOT_ID -p11_kit_uri_get_slot_id (P11KitUri *uri) -{ - return_val_if_fail (uri != NULL, (CK_SLOT_ID)-1); - return uri->slot_id; -} - -/** - * p11_kit_uri_set_slot_id: - * @uri: The URI - * @slot_id: The new slot-id - * - * Set the 'slot-id' part of the URI. - */ -void -p11_kit_uri_set_slot_id (P11KitUri *uri, - CK_SLOT_ID slot_id) -{ - return_if_fail (uri != NULL); - uri->slot_id = slot_id; -} - -/** - * p11_kit_uri_get_token_info: - * @uri: the URI - * - * Get the CK_TOKEN_INFO structure associated with this URI. - * - * If this is a parsed URI, then the fields corresponding to token parts of - * the URI will be filled in. Any token URI parts that were missing will have - * their fields filled with zeros. - * - * If the caller wishes to setup information for building a URI, then relevant - * fields should be filled in. Fields that should not appear as parts in the - * resulting URI should be filled with zeros. - * - * Returns: A pointer to the CK_INFO structure. - */ -CK_TOKEN_INFO_PTR -p11_kit_uri_get_token_info (P11KitUri *uri) -{ - return_val_if_fail (uri != NULL, NULL); - return &uri->token; -} - -int -p11_match_uri_token_info (CK_TOKEN_INFO_PTR one, - CK_TOKEN_INFO_PTR two) -{ - return (match_struct_string (one->label, - two->label, - sizeof (one->label)) && - match_struct_string (one->manufacturerID, - two->manufacturerID, - sizeof (one->manufacturerID)) && - match_struct_string (one->model, - two->model, - sizeof (one->model)) && - match_struct_string (one->serialNumber, - two->serialNumber, - sizeof (one->serialNumber))); -} - -/** - * p11_kit_uri_match_token_info: - * @uri: the URI - * @token_info: the structure to match against the URI - * - * Match a CK_TOKEN_INFO structure against the token parts of this - * URI. - * - * Only the fields of the CK_TOKEN_INFO structure that are valid - * for use in a URI will be matched. A URI part that was not specified in the - * URI will match any value in the structure. If during the URI parsing any - * unrecognized parts were encountered then this match will fail. - * - * Returns: 1 if the URI matches, 0 if not. - */ -int -p11_kit_uri_match_token_info (P11KitUri *uri, CK_TOKEN_INFO_PTR token_info) -{ - return_val_if_fail (uri != NULL, 0); - return_val_if_fail (token_info != NULL, 0); - - if (uri->unrecognized) - return 0; - - return p11_match_uri_token_info (&uri->token, token_info); -} - -/** - * p11_kit_uri_get_attribute: - * @uri: The URI - * @attr_type: The attribute type - * - * Get a pointer to an attribute present in this URI. - * - * Returns: A pointer to the attribute, or NULL if not present. - * The attribute is owned by the URI and should not be freed. - */ -CK_ATTRIBUTE_PTR -p11_kit_uri_get_attribute (P11KitUri *uri, CK_ATTRIBUTE_TYPE attr_type) -{ - return_val_if_fail (uri != NULL, NULL); - - if (uri->attrs == NULL) - return NULL; - - return p11_attrs_find (uri->attrs, attr_type); -} - -/** - * p11_kit_uri_set_attribute: - * @uri: The URI - * @attr: The attribute to set - * - * Set an attribute on the URI. - * - * Only attributes that map to parts in a PKCS\#11 URI will be accepted. - * - * Returns: %P11_KIT_URI_OK if the attribute was successfully set. - * %P11_KIT_URI_NOT_FOUND if the attribute was not valid for a URI. - */ -int -p11_kit_uri_set_attribute (P11KitUri *uri, CK_ATTRIBUTE_PTR attr) -{ - return_val_if_fail (uri != NULL, P11_KIT_URI_UNEXPECTED); - - uri->attrs = p11_attrs_buildn (uri->attrs, attr, 1); - return_val_if_fail (uri->attrs != NULL, P11_KIT_URI_UNEXPECTED); - - return P11_KIT_URI_OK; -} - -/** - * p11_kit_uri_clear_attribute: - * @uri: The URI - * @attr_type: The type of the attribute to clear - * - * Clear an attribute on the URI. - * - * Only attributes that map to parts in a PKCS\#11 URI will be accepted. - * - * Returns: %P11_KIT_URI_OK if the attribute was successfully cleared. - * %P11_KIT_URI_NOT_FOUND if the attribute was not valid for a URI. - */ -int -p11_kit_uri_clear_attribute (P11KitUri *uri, CK_ATTRIBUTE_TYPE attr_type) -{ - return_val_if_fail (uri != NULL, P11_KIT_URI_UNEXPECTED); - - if (attr_type != CKA_CLASS && - attr_type != CKA_LABEL && - attr_type != CKA_ID) - return P11_KIT_URI_NOT_FOUND; - - if (uri->attrs) - p11_attrs_remove (uri->attrs, attr_type); - - return P11_KIT_URI_OK; -} - -/** - * p11_kit_uri_get_attribute_types: - * @uri: The URI - * @n_attrs: A location to store the number of attributes returned. - * - * Get the attributes present in this URI. The attributes and values are - * owned by the URI. If the URI is modified, then the attributes that were - * returned from this function will not remain consistent. - * - * Returns: The attributes for this URI. These are owned by the URI. - */ -CK_ATTRIBUTE_PTR -p11_kit_uri_get_attributes (P11KitUri *uri, CK_ULONG_PTR n_attrs) -{ - static const CK_ATTRIBUTE terminator = { CKA_INVALID, NULL, 0UL }; - - return_val_if_fail (uri != NULL, NULL); - - if (!uri->attrs) { - if (n_attrs) - *n_attrs = 0; - return (CK_ATTRIBUTE_PTR)&terminator; - } - - if (n_attrs) - *n_attrs = p11_attrs_count (uri->attrs); - return uri->attrs; -} - -int -p11_kit_uri_set_attributes (P11KitUri *uri, CK_ATTRIBUTE_PTR attrs, - CK_ULONG n_attrs) -{ - CK_ULONG i; - int ret; - - return_val_if_fail (uri != NULL, P11_KIT_URI_UNEXPECTED); - - p11_kit_uri_clear_attributes (uri); - - for (i = 0; i < n_attrs; i++) { - ret = p11_kit_uri_set_attribute (uri, &attrs[i]); - if (ret != P11_KIT_URI_OK && ret != P11_KIT_URI_NOT_FOUND) - return ret; - } - - return P11_KIT_URI_OK; -} - -void -p11_kit_uri_clear_attributes (P11KitUri *uri) -{ - return_if_fail (uri != NULL); - - p11_attrs_free (uri->attrs); - uri->attrs = NULL; -} - -/** - * p11_kit_uri_match_attributes: - * @uri: The URI - * @attrs: The attributes to match - * @n_attrs: The number of attributes - * - * Match a attributes against the object parts of this URI. - * - * Only the attributes that are valid for use in a URI will be matched. A URI - * part that was not specified in the URI will match any attribute value. If - * during the URI parsing any unrecognized parts were encountered then this - * match will fail. - * - * Returns: 1 if the URI matches, 0 if not. - */ -int -p11_kit_uri_match_attributes (P11KitUri *uri, CK_ATTRIBUTE_PTR attrs, - CK_ULONG n_attrs) -{ - CK_ATTRIBUTE *attr; - CK_ULONG i; - - return_val_if_fail (uri != NULL, 0); - return_val_if_fail (attrs != NULL || n_attrs == 0, 0); - - if (uri->unrecognized) - return 0; - - for (i = 0; i < n_attrs; i++) { - if (attrs[i].type != CKA_CLASS && - attrs[i].type != CKA_LABEL && - attrs[i].type != CKA_ID) - continue; - attr = NULL; - if (uri->attrs) - attr = p11_attrs_find (uri->attrs, attrs[i].type); - if (!attr) - continue; - if (!p11_attr_equal (attr, attrs + i)) - return 0; - } - - return 1; -} - -/** - * p11_kit_uri_set_unrecognized: - * @uri: The URI - * @unrecognized: The new unregognized flag value - * - * Set the unrecognized flag on this URI. - * - * The unrecognized flag is automatically set to 1 when during parsing any part - * of the URI is unrecognized. If the unrecognized flag is set to 1, then - * matching against this URI will always fail. - */ -void -p11_kit_uri_set_unrecognized (P11KitUri *uri, int unrecognized) -{ - return_if_fail (uri != NULL); - uri->unrecognized = unrecognized ? true : false; -} - -/** - * p11_kit_uri_any_unrecognized: - * @uri: The URI - * - * Get the unrecognized flag for this URI. - * - * The unrecognized flag is automatically set to 1 when during parsing any part - * of the URI is unrecognized. If the unrecognized flag is set to 1, then - * matching against this URI will always fail. - * - * Returns: 1 if unrecognized flag is set, 0 otherwise. - */ -int -p11_kit_uri_any_unrecognized (P11KitUri *uri) -{ - return_val_if_fail (uri != NULL, 1); - return uri->unrecognized; -} - -/** - * p11_kit_uri_get_pin_value: - * @uri: The URI - * - * Get the 'pin-value' part of the URI. This is used by some applications to - * read the PIN for logging into a PKCS\#11 token. - * - * Returns: The pin-value or %NULL if not present. - */ -const char* -p11_kit_uri_get_pin_value (P11KitUri *uri) -{ - return_val_if_fail (uri != NULL, NULL); - return uri->pin_value; -} - -/** - * p11_kit_uri_set_pin_value: - * @uri: The URI - * @pin: The new pin-value - * - * Set the 'pin-value' part of the URI. This is used by some applications to - * specify the PIN for logging into a PKCS\#11 token. - */ -void -p11_kit_uri_set_pin_value (P11KitUri *uri, const char *pin) -{ - return_if_fail (uri != NULL); - free (uri->pin_value); - uri->pin_value = pin ? strdup (pin) : NULL; -} - - -/** - * p11_kit_uri_get_pin_source: - * @uri: The URI - * - * Get the 'pin-source' part of the URI. This is used by some applications to - * lookup a PIN for logging into a PKCS\#11 token. - * - * Returns: The pin-source or %NULL if not present. - */ -const char* -p11_kit_uri_get_pin_source (P11KitUri *uri) -{ - return_val_if_fail (uri != NULL, NULL); - return uri->pin_source; -} - -/** - * p11_kit_uri_get_pinfile: - * @uri: The URI - * - * Deprecated: use p11_kit_uri_get_pin_source(). - */ -const char* -p11_kit_uri_get_pinfile (P11KitUri *uri) -{ - return_val_if_fail (uri != NULL, NULL); - return p11_kit_uri_get_pin_source (uri); -} - -/** - * p11_kit_uri_set_pin_source: - * @uri: The URI - * @pin_source: The new pin-source - * - * Set the 'pin-source' part of the URI. This is used by some applications to - * lookup a PIN for logging into a PKCS\#11 token. - */ -void -p11_kit_uri_set_pin_source (P11KitUri *uri, const char *pin_source) -{ - return_if_fail (uri != NULL); - free (uri->pin_source); - uri->pin_source = pin_source ? strdup (pin_source) : NULL; -} - -/** - * p11_kit_uri_set_pinfile: - * @uri: The URI - * @pinfile: The pinfile - * - * Deprecated: use p11_kit_uri_set_pin_source(). - */ -void -p11_kit_uri_set_pinfile (P11KitUri *uri, const char *pinfile) -{ - return_if_fail (uri != NULL); - p11_kit_uri_set_pin_source (uri, pinfile); -} - -/** - * p11_kit_uri_new: - * - * Create a new blank PKCS\#11 URI. - * - * The new URI is in the right state to parse a string into. All relevant fields - * are zeroed out. Formatting this URI will produce a valid but empty URI. - * - * Returns: A newly allocated URI. This should be freed with p11_kit_uri_free(). - */ -P11KitUri* -p11_kit_uri_new (void) -{ - P11KitUri *uri; - - uri = calloc (1, sizeof (P11KitUri)); - return_val_if_fail (uri != NULL, NULL); - - /* So that it matches anything */ - uri->module.libraryVersion.major = (CK_BYTE)-1; - uri->module.libraryVersion.minor = (CK_BYTE)-1; - uri->slot_id = (CK_SLOT_ID)-1; - - return uri; -} - -static void -format_name_equals (p11_buffer *buffer, - bool *is_first, - const char *name) -{ - if (!*is_first) - p11_buffer_add (buffer, ";", 1); - p11_buffer_add (buffer, name, -1); - p11_buffer_add (buffer, "=", 1); - *is_first = false; -} - -static bool -format_raw_string (p11_buffer *buffer, - bool *is_first, - const char *name, - const char *value) -{ - /* Not set */ - if (!value) - return true; - - format_name_equals (buffer, is_first, name); - p11_buffer_add (buffer, value, -1); - - return p11_buffer_ok (buffer); -} - -static bool -format_encode_string (p11_buffer *buffer, - bool *is_first, - const char *name, - const unsigned char *value, - size_t n_value, - bool force) -{ - /* Not set */ - if (!value) - return true; - - format_name_equals (buffer, is_first, name); - p11_url_encode (value, value + n_value, force ? "" : P11_URL_VERBATIM, buffer); - - return p11_buffer_ok (buffer); -} - - -static bool -format_struct_string (p11_buffer *buffer, - bool *is_first, - const char *name, - const unsigned char *value, - size_t value_max) -{ - size_t len; - - /* Not set */ - if (!value[0]) - return true; - - len = p11_kit_space_strlen (value, value_max); - return format_encode_string (buffer, is_first, name, value, len, false); -} - -static bool -format_attribute_string (p11_buffer *buffer, - bool *is_first, - const char *name, - CK_ATTRIBUTE_PTR attr, - bool force) -{ - /* Not set */; - if (attr == NULL) - return true; - - return format_encode_string (buffer, is_first, name, - attr->pValue, attr->ulValueLen, - force); -} - -static bool -format_attribute_class (p11_buffer *buffer, - bool *is_first, - const char *name, - CK_ATTRIBUTE_PTR attr) -{ - CK_OBJECT_CLASS klass; - const char *value; - - /* Not set */; - if (attr == NULL) - return true; - - klass = *((CK_OBJECT_CLASS*)attr->pValue); - switch (klass) { - case CKO_DATA: - value = "data"; - break; - case CKO_SECRET_KEY: - value = "secret-key"; - break; - case CKO_CERTIFICATE: - value = "cert"; - break; - case CKO_PUBLIC_KEY: - value = "public"; - break; - case CKO_PRIVATE_KEY: - value = "private"; - break; - default: - return true; - } - - return format_raw_string (buffer, is_first, name, value); -} - -static bool -format_struct_version (p11_buffer *buffer, - bool *is_first, - const char *name, - CK_VERSION_PTR version) -{ - char buf[64]; - - /* Not set */ - if (version->major == (CK_BYTE)-1 && version->minor == (CK_BYTE)-1) - return true; - - snprintf (buf, sizeof (buf), "%d.%d", - (int)version->major, (int)version->minor); - return format_raw_string (buffer, is_first, name, buf); -} - -static bool -format_ulong (p11_buffer *buffer, - bool *is_first, - const char *name, - CK_ULONG value) -{ - char buf[64]; - - /* Not set */ - if (value == (CK_ULONG)-1) - return true; - - snprintf (buf, sizeof (buf), "%lu", value); - return format_raw_string (buffer, is_first, name, buf); -} - -/** - * p11_kit_uri_format: - * @uri: The URI. - * @uri_type: The type of URI that should be produced. - * @string: Location to store a newly allocated string. - * - * Format a PKCS\#11 URI into a string. - * - * Fields which are zeroed out will not be included in the resulting string. - * Attributes which are not present will also not be included. - * - * The uri_type of URI specified limits the different parts of the resulting - * URI. To format a URI containing all possible information use - * %P11_KIT_URI_FOR_ANY - * - * It's up to the caller to guarantee that the attributes set in @uri are - * those appropriate for inclusion in a URI, specifically: - * CKA_ID, CKA_LABEL - * and CKA_CLASS. The class must be one of - * CKO_DATA, CKO_SECRET_KEY, - * CKO_CERTIFICATE, CKO_PUBLIC_KEY, - * CKO_PRIVATE_KEY. - * - * The resulting string should be freed with free(). - * - * Returns: %P11_KIT_URI_OK if the URI was formatted successfully, - * %P11_KIT_URI_UNEXPECTED if the data in @uri is invalid for a URI. - */ -int -p11_kit_uri_format (P11KitUri *uri, P11KitUriType uri_type, char **string) -{ - p11_buffer buffer; - bool is_first = true; - - return_val_if_fail (uri != NULL, P11_KIT_URI_UNEXPECTED); - return_val_if_fail (string != NULL, P11_KIT_URI_UNEXPECTED); - - if (!p11_buffer_init_null (&buffer, 64)) - return_val_if_reached (P11_KIT_URI_UNEXPECTED); - - p11_buffer_add (&buffer, P11_KIT_URI_SCHEME, P11_KIT_URI_SCHEME_LEN); - p11_buffer_add (&buffer, ":", 1); - - if ((uri_type & P11_KIT_URI_FOR_MODULE) == P11_KIT_URI_FOR_MODULE) { - if (!format_struct_string (&buffer, &is_first, "library-description", - uri->module.libraryDescription, - sizeof (uri->module.libraryDescription)) || - !format_struct_string (&buffer, &is_first, "library-manufacturer", - uri->module.manufacturerID, - sizeof (uri->module.manufacturerID))) { - return_val_if_reached (P11_KIT_URI_UNEXPECTED); - } - } - - if ((uri_type & P11_KIT_URI_FOR_MODULE_WITH_VERSION) == P11_KIT_URI_FOR_MODULE_WITH_VERSION) { - if (!format_struct_version (&buffer, &is_first, "library-version", - &uri->module.libraryVersion)) { - return_val_if_reached (P11_KIT_URI_UNEXPECTED); - } - } - - if ((uri_type & P11_KIT_URI_FOR_SLOT) == P11_KIT_URI_FOR_SLOT) { - if (!format_struct_string (&buffer, &is_first, "slot-description", - uri->slot.slotDescription, - sizeof (uri->slot.slotDescription)) || - !format_struct_string (&buffer, &is_first, "slot-manufacturer", - uri->slot.manufacturerID, - sizeof (uri->slot.manufacturerID)) || - !format_ulong (&buffer, &is_first, "slot-id", - uri->slot_id)) { - return_val_if_reached (P11_KIT_URI_UNEXPECTED); - } - } - - if ((uri_type & P11_KIT_URI_FOR_TOKEN) == P11_KIT_URI_FOR_TOKEN) { - if (!format_struct_string (&buffer, &is_first, "model", - uri->token.model, - sizeof (uri->token.model)) || - !format_struct_string (&buffer, &is_first, "manufacturer", - uri->token.manufacturerID, - sizeof (uri->token.manufacturerID)) || - !format_struct_string (&buffer, &is_first, "serial", - uri->token.serialNumber, - sizeof (uri->token.serialNumber)) || - !format_struct_string (&buffer, &is_first, "token", - uri->token.label, - sizeof (uri->token.label))) { - return_val_if_reached (P11_KIT_URI_UNEXPECTED); - } - } - - if ((uri_type & P11_KIT_URI_FOR_OBJECT) == P11_KIT_URI_FOR_OBJECT) { - if (!format_attribute_string (&buffer, &is_first, "id", - p11_kit_uri_get_attribute (uri, CKA_ID), - true) || - !format_attribute_string (&buffer, &is_first, "object", - p11_kit_uri_get_attribute (uri, CKA_LABEL), - false)) { - return_val_if_reached (P11_KIT_URI_UNEXPECTED); - } - - if (!format_attribute_class (&buffer, &is_first, "type", - p11_kit_uri_get_attribute (uri, CKA_CLASS))) { - return_val_if_reached (P11_KIT_URI_UNEXPECTED); - } - } - - if (uri->pin_source) { - if (!format_encode_string (&buffer, &is_first, "pin-source", - (const unsigned char*)uri->pin_source, - strlen (uri->pin_source), 0)) { - return_val_if_reached (P11_KIT_URI_UNEXPECTED); - } - } - - if (uri->pin_value) { - if (!format_encode_string (&buffer, &is_first, "pin-value", - (const unsigned char*)uri->pin_value, - strlen (uri->pin_value), 0)) { - return_val_if_reached (P11_KIT_URI_UNEXPECTED); - } - } - - return_val_if_fail (p11_buffer_ok (&buffer), P11_KIT_URI_UNEXPECTED); - *string = p11_buffer_steal (&buffer, NULL); - return P11_KIT_URI_OK; -} - -static int -parse_string_attribute (const char *name_start, const char *name_end, - const char *start, const char *end, - P11KitUri *uri) -{ - unsigned char *value; - CK_ATTRIBUTE_TYPE type; - size_t length; - - assert (name_start <= name_end); - assert (start <= end); - - if (memcmp ("id", name_start, name_end - name_start) == 0) - type = CKA_ID; - else if (memcmp ("object", name_start, name_end - name_start) == 0) - type = CKA_LABEL; - else - return 0; - - value = p11_url_decode (start, end, P11_URL_WHITESPACE, &length); - if (value == NULL) - return P11_KIT_URI_BAD_ENCODING; - - uri->attrs = p11_attrs_take (uri->attrs, type, value, length); - return 1; -} - -static int -parse_class_attribute (const char *name_start, const char *name_end, - const char *start, const char *end, - P11KitUri *uri) -{ - CK_OBJECT_CLASS klass = 0; - CK_ATTRIBUTE attr; - - assert (name_start <= name_end); - assert (start <= end); - - if (memcmp ("objecttype", name_start, name_end - name_start) != 0 && - memcmp ("object-type", name_start, name_end - name_start) != 0 && - memcmp ("type", name_start, name_end - name_start) != 0) - return 0; - - if (memcmp ("cert", start, end - start) == 0) - klass = CKO_CERTIFICATE; - else if (memcmp ("public", start, end - start) == 0) - klass = CKO_PUBLIC_KEY; - else if (memcmp ("private", start, end - start) == 0) - klass = CKO_PRIVATE_KEY; - else if (memcmp ("secretkey", start, end - start) == 0) - klass = CKO_SECRET_KEY; - else if (memcmp ("secret-key", start, end - start) == 0) - klass = CKO_SECRET_KEY; - else if (memcmp ("data", start, end - start) == 0) - klass = CKO_DATA; - else { - uri->unrecognized = true; - return 1; - } - - attr.pValue = &klass; - attr.ulValueLen = sizeof (klass); - attr.type = CKA_CLASS; - - uri->attrs = p11_attrs_build (uri->attrs, &attr, NULL); - return 1; -} - -static int -parse_struct_info (unsigned char *where, size_t length, const char *start, - const char *end, P11KitUri *uri) -{ - unsigned char *value; - size_t value_length; - - assert (start <= end); - - value = p11_url_decode (start, end, P11_URL_WHITESPACE, &value_length); - if (value == NULL) - return P11_KIT_URI_BAD_ENCODING; - - /* Too long, shouldn't match anything */ - if (value_length > length) { - free (value); - uri->unrecognized = true; - return 1; - } - - memset (where, ' ', length); - memcpy (where, value, value_length); - - free (value); - return 1; -} - -static int -parse_token_info (const char *name_start, const char *name_end, - const char *start, const char *end, - P11KitUri *uri) -{ - unsigned char *where; - size_t length; - - assert (name_start <= name_end); - assert (start <= end); - - if (memcmp ("model", name_start, name_end - name_start) == 0) { - where = uri->token.model; - length = sizeof (uri->token.model); - } else if (memcmp ("manufacturer", name_start, name_end - name_start) == 0) { - where = uri->token.manufacturerID; - length = sizeof (uri->token.manufacturerID); - } else if (memcmp ("serial", name_start, name_end - name_start) == 0) { - where = uri->token.serialNumber; - length = sizeof (uri->token.serialNumber); - } else if (memcmp ("token", name_start, name_end - name_start) == 0) { - where = uri->token.label; - length = sizeof (uri->token.label); - } else { - return 0; - } - - return parse_struct_info (where, length, start, end, uri); -} - -static long -atoin (const char *start, const char *end) -{ - long ret = 0; - while (start != end) { - if (*start < '0' || *start > '9') - return -1; - ret *= 10; - ret += (*start - '0'); - ++start; - } - return ret; -} - -static int -parse_struct_version (const char *start, const char *end, CK_VERSION_PTR version) -{ - const char *dot; - int val; - - assert (start <= end); - - dot = memchr (start, '.', end - start); - if (!dot) - dot = end; - - if (dot == start) - return P11_KIT_URI_BAD_VERSION; - val = atoin (start, dot); - if (val < 0 || val >= 255) - return P11_KIT_URI_BAD_VERSION; - version->major = (CK_BYTE)val; - version->minor = 0; - - if (dot != end) { - if (dot + 1 == end) - return P11_KIT_URI_BAD_VERSION; - val = atoin (dot + 1, end); - if (val < 0 || val >= 255) - return P11_KIT_URI_BAD_VERSION; - version->minor = (CK_BYTE)val; - } - - return 1; -} - -static int -parse_slot_info (const char *name_start, const char *name_end, - const char *start, const char *end, - P11KitUri *uri) -{ - unsigned char *where; - size_t length; - - assert (name_start <= name_end); - assert (start <= end); - - if (memcmp ("slot-description", name_start, name_end - name_start) == 0) { - where = uri->slot.slotDescription; - length = sizeof (uri->slot.slotDescription); - } else if (memcmp ("slot-manufacturer", name_start, name_end - name_start) == 0) { - where = uri->slot.manufacturerID; - length = sizeof (uri->slot.manufacturerID); - } else { - return 0; - } - - return parse_struct_info (where, length, start, end, uri); -} - -static int -parse_slot_id (const char *name_start, const char *name_end, - const char *start, const char *end, - P11KitUri *uri) -{ - assert (name_start <= name_end); - assert (start <= end); - - if (memcmp ("slot-id", name_start, name_end - name_start) == 0) { - long val; - val = atoin (start, end); - if (val < 0) - return P11_KIT_URI_BAD_SYNTAX; - uri->slot_id = (CK_SLOT_ID)val; - return 1; - } - return 0; -} - -static int -parse_module_version_info (const char *name_start, const char *name_end, - const char *start, const char *end, - P11KitUri *uri) -{ - assert (name_start <= name_end); - assert (start <= end); - - if (memcmp ("library-version", name_start, name_end - name_start) == 0) - return parse_struct_version (start, end, - &uri->module.libraryVersion); - - return 0; -} - -static int -parse_module_info (const char *name_start, const char *name_end, - const char *start, const char *end, - P11KitUri *uri) -{ - unsigned char *where; - size_t length; - - assert (name_start <= name_end); - assert (start <= end); - - if (memcmp ("library-description", name_start, name_end - name_start) == 0) { - where = uri->module.libraryDescription; - length = sizeof (uri->module.libraryDescription); - } else if (memcmp ("library-manufacturer", name_start, name_end - name_start) == 0) { - where = uri->module.manufacturerID; - length = sizeof (uri->module.manufacturerID); - } else { - return 0; - } - - return parse_struct_info (where, length, start, end, uri); -} - -static int -parse_extra_info (const char *name_start, const char *name_end, - const char *start, const char *end, - P11KitUri *uri) -{ - unsigned char *pin_source; - - assert (name_start <= name_end); - assert (start <= end); - - if (memcmp ("pinfile", name_start, name_end - name_start) == 0 || - memcmp ("pin-source", name_start, name_end - name_start) == 0) { - pin_source = p11_url_decode (start, end, P11_URL_WHITESPACE, NULL); - if (pin_source == NULL) - return P11_KIT_URI_BAD_ENCODING; - free (uri->pin_source); - uri->pin_source = (char*)pin_source; - return 1; - } else if (memcmp ("pin-value", name_start, name_end - name_start) == 0) { - pin_source = p11_url_decode (start, end, P11_URL_WHITESPACE, NULL); - if (pin_source == NULL) - return P11_KIT_URI_BAD_ENCODING; - free (uri->pin_value); - uri->pin_value = (char*)pin_source; - return 1; - } - - return 0; -} - -/** - * p11_kit_uri_parse: - * @string: The string to parse - * @uri_type: The type of URI that is expected - * @uri: The blank URI to parse the values into - * - * Parse a PKCS\#11 URI string. - * - * PKCS\#11 URIs can represent tokens, objects or modules. The uri_type argument - * allows the caller to specify what type of URI is expected and the sorts of - * things the URI should match. %P11_KIT_URI_FOR_ANY can be used to parse a URI - * for any context. It's then up to the caller to make sense of the way that - * it is used. - * - * If the PKCS\#11 URI contains unrecognized URI parts or parts not applicable - * to the specified context, then the unrecognized flag will be set. This will - * prevent the URI from matching using the various match functions. - * - * Returns: %P11_KIT_URI_OK if the URI was parsed successfully. - * %P11_KIT_URI_BAD_SCHEME if this was not a PKCS\#11 URI. - * %P11_KIT_URI_BAD_SYNTAX if the URI syntax was bad. - * %P11_KIT_URI_BAD_VERSION if a version number was bad. - * %P11_KIT_URI_BAD_ENCODING if the URI encoding was invalid. - */ -int -p11_kit_uri_parse (const char *string, P11KitUriType uri_type, - P11KitUri *uri) -{ - const char *spos, *epos; - int ret; - size_t length; - char *allocated = NULL; - - assert (string); - assert (uri); - - /* If STRING contains any whitespace, create a copy of the - * string and strip it out */ - length = strcspn (string, P11_URL_WHITESPACE); - if (strspn (string + length, P11_URL_WHITESPACE) > 0) { - allocated = strip_whitespace (string); - return_val_if_fail (allocated != NULL, P11_KIT_URI_UNEXPECTED); - string = allocated; - } - - epos = strchr (string, ':'); - if (epos == NULL) { - free (allocated); - return P11_KIT_URI_BAD_SCHEME; - } - ret = memcmp (string, P11_KIT_URI_SCHEME, strlen (P11_KIT_URI_SCHEME)); - if (ret != 0) { - free (allocated); - return P11_KIT_URI_BAD_SCHEME; - } - - string = epos + 1; - - /* Clear everything out */ - memset (&uri->module, 0, sizeof (uri->module)); - memset (&uri->token, 0, sizeof (uri->token)); - p11_attrs_free (uri->attrs); - uri->attrs = NULL; - uri->module.libraryVersion.major = (CK_BYTE)-1; - uri->module.libraryVersion.minor = (CK_BYTE)-1; - uri->unrecognized = 0; - free (uri->pin_source); - uri->pin_source = NULL; - free (uri->pin_value); - uri->pin_value = NULL; - uri->slot_id = (CK_SLOT_ID)-1; - - for (;;) { - spos = strchr (string, ';'); - if (spos == NULL) { - spos = string + strlen (string); - assert (*spos == '\0'); - if (spos == string) - break; - } - - epos = strchr (string, '='); - if (epos == NULL || spos == string || epos == string || epos >= spos) { - free (allocated); - return P11_KIT_URI_BAD_SYNTAX; - } - - ret = 0; - if ((uri_type & P11_KIT_URI_FOR_OBJECT) == P11_KIT_URI_FOR_OBJECT) - ret = parse_string_attribute (string, epos, epos + 1, spos, uri); - if (ret == 0 && (uri_type & P11_KIT_URI_FOR_OBJECT) == P11_KIT_URI_FOR_OBJECT) - ret = parse_class_attribute (string, epos, epos + 1, spos, uri); - if (ret == 0 && (uri_type & P11_KIT_URI_FOR_TOKEN) == P11_KIT_URI_FOR_TOKEN) - ret = parse_token_info (string, epos, epos + 1, spos, uri); - if (ret == 0 && (uri_type & P11_KIT_URI_FOR_SLOT) == P11_KIT_URI_FOR_SLOT) - ret = parse_slot_info (string, epos, epos + 1, spos, uri); - if (ret == 0 && (uri_type & P11_KIT_URI_FOR_SLOT) == P11_KIT_URI_FOR_SLOT) - ret = parse_slot_id (string, epos, epos + 1, spos, uri); - if (ret == 0 && (uri_type & P11_KIT_URI_FOR_MODULE) == P11_KIT_URI_FOR_MODULE) - ret = parse_module_info (string, epos, epos + 1, spos, uri); - if (ret == 0 && (uri_type & P11_KIT_URI_FOR_MODULE_WITH_VERSION) == P11_KIT_URI_FOR_MODULE_WITH_VERSION) - ret = parse_module_version_info (string, epos, epos + 1, spos, uri); - if (ret == 0) - ret = parse_extra_info (string, epos, epos + 1, spos, uri); - - if (ret < 0) { - free (allocated); - return ret; - } - if (ret == 0) - uri->unrecognized = true; - - if (*spos == '\0') - break; - string = spos + 1; - } - - free (allocated); - return P11_KIT_URI_OK; -} - -/** - * p11_kit_uri_free: - * @uri: The URI - * - * Free a PKCS\#11 URI. - */ -void -p11_kit_uri_free (P11KitUri *uri) -{ - if (!uri) - return; - - p11_attrs_free (uri->attrs); - free (uri->pin_source); - free (uri->pin_value); - free (uri); -} - -/** - * p11_kit_uri_message: - * @code: The error code - * - * Lookup a message for the uri error code. These codes are the P11_KIT_URI_XXX - * error codes that can be returned from p11_kit_uri_parse() or - * p11_kit_uri_format(). As a special case %NULL, will be returned for - * %P11_KIT_URI_OK. - * - * Returns: The message for the error code. This string is owned by the p11-kit - * library. - */ -const char* -p11_kit_uri_message (int code) -{ - switch (code) { - case P11_KIT_URI_OK: - return NULL; - case P11_KIT_URI_UNEXPECTED: - return "Unexpected or internal system error"; - case P11_KIT_URI_BAD_SCHEME: - return "URI scheme must be 'pkcs11:'"; - case P11_KIT_URI_BAD_ENCODING: - return "URI encoding invalid or corrupted"; - case P11_KIT_URI_BAD_SYNTAX: - return "URI syntax is invalid"; - case P11_KIT_URI_BAD_VERSION: - return "URI version component is invalid"; - case P11_KIT_URI_NOT_FOUND: - return "The URI component was not found"; - default: - p11_debug ("unknown error code: %d", code); - return "Unknown error"; - } -} diff --git a/p11-kit/uri.h b/p11-kit/uri.h deleted file mode 100644 index 58f6fc9..0000000 --- a/p11-kit/uri.h +++ /dev/null @@ -1,177 +0,0 @@ -/* - * Copyright (c) 2011 Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef P11_KIT_URI_H -#define P11_KIT_URI_H - -#include "p11-kit/pkcs11.h" - -#ifdef __cplusplus -extern "C" { -#endif - -#define P11_KIT_URI_SCHEME "pkcs11" -#define P11_KIT_URI_SCHEME_LEN 6 - -typedef enum { - P11_KIT_URI_OK = 0, - P11_KIT_URI_UNEXPECTED = -1, - P11_KIT_URI_BAD_SCHEME = -2, - P11_KIT_URI_BAD_ENCODING = -3, - P11_KIT_URI_BAD_SYNTAX = -4, - P11_KIT_URI_BAD_VERSION = -5, - P11_KIT_URI_NOT_FOUND = -6, -} P11KitUriResult; - -#define P11_KIT_URI_NO_MEMORY P11_KIT_URI_UNEXPECTED - -typedef enum { - P11_KIT_URI_FOR_OBJECT = (1 << 1), - P11_KIT_URI_FOR_TOKEN = (1 << 2), - P11_KIT_URI_FOR_SLOT = (1 << 5), - P11_KIT_URI_FOR_MODULE = (1 << 3), - - P11_KIT_URI_FOR_MODULE_WITH_VERSION = - (1 << 4) | P11_KIT_URI_FOR_MODULE, - - P11_KIT_URI_FOR_OBJECT_ON_TOKEN = - P11_KIT_URI_FOR_OBJECT | P11_KIT_URI_FOR_TOKEN, - - P11_KIT_URI_FOR_OBJECT_ON_TOKEN_AND_MODULE = - P11_KIT_URI_FOR_OBJECT_ON_TOKEN | P11_KIT_URI_FOR_MODULE, - - P11_KIT_URI_FOR_ANY = 0x0000FFFF, -} P11KitUriType; - -/* - * If the caller is using the PKCS#11 GNU calling convention, then we cater - * to that here. - */ -#ifdef CRYPTOKI_GNU -typedef struct ck_info *CK_INFO_PTR; -typedef struct ck_token_info *CK_TOKEN_INFO_PTR; -typedef ck_attribute_type_t CK_ATTRIBUTE_TYPE; -typedef struct ck_attribute *CK_ATTRIBUTE_PTR; -typedef unsigned long int CK_ULONG; -typedef P11KitUriType p11_kit_uri_type_t; -typedef P11KitUriResult p11_kit_uri_result_t; -#endif - -typedef struct p11_kit_uri P11KitUri; -typedef struct p11_kit_uri p11_kit_uri; - -CK_INFO_PTR p11_kit_uri_get_module_info (P11KitUri *uri); - -int p11_kit_uri_match_module_info (P11KitUri *uri, - CK_INFO_PTR info); - -CK_SLOT_INFO_PTR p11_kit_uri_get_slot_info (P11KitUri *uri); - -int p11_kit_uri_match_slot_info (P11KitUri *uri, - CK_SLOT_INFO_PTR slot_info); - -CK_SLOT_ID p11_kit_uri_get_slot_id (P11KitUri *uri); -void p11_kit_uri_set_slot_id (P11KitUri *uri, - CK_SLOT_ID slot_id); - -CK_TOKEN_INFO_PTR p11_kit_uri_get_token_info (P11KitUri *uri); - -int p11_kit_uri_match_token_info (P11KitUri *uri, - CK_TOKEN_INFO_PTR token_info); - -CK_ATTRIBUTE_PTR p11_kit_uri_get_attribute (P11KitUri *uri, - CK_ATTRIBUTE_TYPE attr_type); - -int p11_kit_uri_set_attribute (P11KitUri *uri, - CK_ATTRIBUTE_PTR attr); - -int p11_kit_uri_clear_attribute (P11KitUri *uri, - CK_ATTRIBUTE_TYPE attr_type); - -CK_ATTRIBUTE_PTR p11_kit_uri_get_attributes (P11KitUri *uri, - CK_ULONG *n_attrs); - -int p11_kit_uri_set_attributes (P11KitUri *uri, - CK_ATTRIBUTE_PTR attrs, - CK_ULONG n_attrs); - -void p11_kit_uri_clear_attributes (P11KitUri *uri); - -int p11_kit_uri_match_attributes (P11KitUri *uri, - CK_ATTRIBUTE_PTR attrs, - CK_ULONG n_attrs); - -const char* p11_kit_uri_get_pin_value (P11KitUri *uri); - -void p11_kit_uri_set_pin_value (P11KitUri *uri, - const char *pin); - -const char* p11_kit_uri_get_pin_source (P11KitUri *uri); - -void p11_kit_uri_set_pin_source (P11KitUri *uri, - const char *pin_source); - -#ifndef P11_KIT_DISABLE_DEPRECATED - -const char* p11_kit_uri_get_pinfile (P11KitUri *uri); - -void p11_kit_uri_set_pinfile (P11KitUri *uri, - const char *pinfile); - -#endif /* P11_KIT_DISABLE_DEPRECATED */ - -void p11_kit_uri_set_unrecognized (P11KitUri *uri, - int unrecognized); - -int p11_kit_uri_any_unrecognized (P11KitUri *uri); - -P11KitUri* p11_kit_uri_new (void); - -int p11_kit_uri_format (P11KitUri *uri, - P11KitUriType uri_type, - char **string); - -int p11_kit_uri_parse (const char *string, - P11KitUriType uri_type, - P11KitUri *uri); - -void p11_kit_uri_free (P11KitUri *uri); - -const char* p11_kit_uri_message (int code); - -#ifdef __cplusplus -} /* extern "C" */ -#endif - -#endif /* P11_KIT_URI_H */ diff --git a/p11-kit/util.c b/p11-kit/util.c deleted file mode 100644 index 325d669..0000000 --- a/p11-kit/util.c +++ /dev/null @@ -1,295 +0,0 @@ -/* - * Copyright (c) 2011 Collabora Ltd - * Copyright (c) 2012 Stef Walter - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * - * CONTRIBUTORS - * Stef Walter - */ - -#include "config.h" - -#include "compat.h" -#define P11_DEBUG_FLAG P11_DEBUG_LIB -#include "debug.h" -#include "library.h" -#include "message.h" -#include "p11-kit.h" -#include "private.h" -#include "proxy.h" - -#include -#include -#include -#include -#include - -/** - * SECTION:p11-kit-future - * @title: Future - * @short_description: Future Unstable API - * - * API that is not yet stable enough to be enabled by default. In all likelihood - * this will be included in the next release. To use this API you must define a - * MACRO. See the p11-kit.h header for more details. - */ - -/** - * p11_kit_space_strlen: - * @string: Pointer to string block - * @max_length: Maximum length of string block - * - * In PKCS\#11 structures many strings are encoded in a strange way. The string - * is placed in a fixed length buffer and then padded with spaces. - * - * This function determines the actual length of the string. Since the string - * is not null-terminated you need to pass in the size of buffer as max_length. - * The string will never be longer than this buffer. - * - * - * CK_INFO info; - * size_t length; - * ... - * length = p11_kit_space_strlen (info->libraryDescription, sizeof (info->libraryDescription)); - * - * - * Returns: The length of the space padded string. - */ -size_t -p11_kit_space_strlen (const unsigned char *string, size_t max_length) -{ - size_t i = max_length; - - assert (string); - - while (i > 0 && string[i - 1] == ' ') - --i; - return i; -} - -/** - * p11_kit_space_strdup: - * @string: Pointer to string block - * @max_length: Maximum length of string block - * - * In PKCS\#11 structures many strings are encoded in a strange way. The string - * is placed in a fixed length buffer and then padded with spaces. - * - * This function copies the space padded string into a normal null-terminated - * string. The result is owned by the caller. - * - * - * CK_INFO info; - * char *description; - * ... - * description = p11_kit_space_strdup (info->libraryDescription, sizeof (info->libraryDescription)); - * - * - * Returns: The newly allocated string, or %NULL if memory could not be allocated. - */ -char* -p11_kit_space_strdup (const unsigned char *string, size_t max_length) -{ - size_t length; - char *result; - - assert (string); - - length = p11_kit_space_strlen (string, max_length); - - result = malloc (length + 1); - if (!result) - return NULL; - - memcpy (result, string, length); - result[length] = 0; - return result; -} - -/** - * p11_kit_be_quiet: - * - * Once this function is called, the p11-kit library will no longer print - * failure or warning messages to stderr. - */ -void -p11_kit_be_quiet (void) -{ - p11_lock (); - p11_message_quiet (); - p11_debug_init (); - p11_unlock (); -} - -/** - * p11_kit_be_loud: - * - * Tell the p11-kit library will print failure or warning messages to stderr. - * This is the default behavior, but can be changed using p11_kit_be_quiet(). - */ -void -p11_kit_be_loud (void) -{ - p11_lock (); - p11_message_loud (); - p11_debug_init (); - p11_unlock (); -} - -/** - * p11_kit_message: - * - * Gets the failure message for a recently called p11-kit function, which - * returned a failure code on this thread. Not all functions set this message. - * Each function that does so, will note it in its documentation. - * - * If the most recent p11-kit function did not fail, then this will return NULL. - * The string is owned by the p11-kit library and is only valid on the same - * thread that the failed function executed on. - * - * Returns: The last failure message, or %NULL. - */ -const char* -p11_kit_message (void) -{ - return p11_message_last (); -} - -void -_p11_kit_default_message (CK_RV rv) -{ - const char *msg; - - if (rv != CKR_OK) { - msg = p11_kit_strerror (rv); - p11_message_store (msg, strlen (msg)); - } -} - -/* This is the progname that we think of this process as. */ -char p11_my_progname[256] = { 0, }; - -/** - * p11_kit_set_progname: - * @progname: the program base name - * - * Set the program base name that is used by the enable-in - * and disable-in module configuration options. - * - * Normally this is automatically calculated from the program's argument list. - * You would usually call this before initializing p11-kit modules. - */ -void -p11_kit_set_progname (const char *progname) -{ - p11_library_init_once (); - - p11_lock (); - _p11_set_progname_unlocked (progname); - p11_unlock (); -} - -void -_p11_set_progname_unlocked (const char *progname) -{ - /* We can be called with NULL */ - if (progname == NULL) - progname = ""; - - strncpy (p11_my_progname, progname, sizeof (p11_my_progname)); - p11_my_progname[sizeof (p11_my_progname) - 1] = 0; -} - -const char * -_p11_get_progname_unlocked (void) -{ - if (p11_my_progname[0] == '\0') - _p11_set_progname_unlocked (getprogname ()); - if (p11_my_progname[0] == '\0') - return NULL; - return p11_my_progname; -} - -#ifdef OS_UNIX - -void _p11_kit_init (void); - -void _p11_kit_fini (void); - -#ifdef __GNUC__ -__attribute__((constructor)) -#endif -void -_p11_kit_init (void) -{ - p11_library_init_once (); -} - -#ifdef __GNUC__ -__attribute__((destructor)) -#endif -void -_p11_kit_fini (void) -{ - p11_proxy_module_cleanup (); - p11_library_uninit (); -} - -#endif /* OS_UNIX */ - -#ifdef OS_WIN32 - -BOOL WINAPI DllMain (HINSTANCE, DWORD, LPVOID); - -BOOL WINAPI -DllMain (HINSTANCE instance, - DWORD reason, - LPVOID reserved) -{ - switch (reason) { - case DLL_PROCESS_ATTACH: - p11_library_init (); - break; - case DLL_THREAD_DETACH: - p11_library_thread_cleanup (); - break; - case DLL_PROCESS_DETACH: - p11_proxy_module_cleanup (); - p11_library_uninit (); - break; - default: - break; - } - - return TRUE; -} - -#endif /* OS_WIN32 */ diff --git a/p11-kit/virtual.c b/p11-kit/virtual.c deleted file mode 100644 index bb0d845..0000000 --- a/p11-kit/virtual.c +++ /dev/null @@ -1,2975 +0,0 @@ -/* - * Copyright (C) 2008 Stefan Walter - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "compat.h" -#define P11_DEBUG_FLAG P11_DEBUG_LIB -#include "debug.h" -#include "library.h" -#include "virtual.h" - -#include -#include -#include -#include - -#ifdef WITH_FFI - -/* - * We use libffi to build closures. Note that even with libffi certain - * platforms do not support using ffi_closure. In this case FFI_CLOSURES will - * not be defined. This is checked in configure.ac - */ - -/* - * Since libffi uses shared memory to store that, releasing it - * will cause issues on any other child or parent process that relies - * on that. Don't release it. - */ -#define LIBFFI_FREE_CLOSURES 0 - -#include "ffi.h" -#ifndef FFI_CLOSURES -#error "FFI_CLOSURES should be checked in configure.ac" -#endif - -/* There are 66 functions in PKCS#11, with a maximum of 8 args */ -#define MAX_FUNCTIONS 66 -#define MAX_ARGS 10 - -typedef struct { - /* This is first so we can cast between CK_FUNCTION_LIST* and Context* */ - CK_FUNCTION_LIST bound; - - /* The PKCS#11 functions to call into */ - p11_virtual *virt; - p11_destroyer destroyer; - - /* A list of our libffi built closures, for cleanup later */ - ffi_closure *ffi_closures[MAX_FUNCTIONS]; - ffi_cif ffi_cifs[MAX_FUNCTIONS]; - int ffi_used; -} Wrapper; - -static CK_RV -short_C_GetFunctionStatus (CK_SESSION_HANDLE handle) -{ - return CKR_FUNCTION_NOT_PARALLEL; -} - -static CK_RV -short_C_CancelFunction (CK_SESSION_HANDLE handle) -{ - return CKR_FUNCTION_NOT_PARALLEL; -} - -static void -binding_C_GetFunctionList (ffi_cif *cif, - CK_RV *ret, - void* args[], - Wrapper *wrapper) -{ - CK_FUNCTION_LIST_PTR_PTR list = *(CK_FUNCTION_LIST_PTR_PTR *)args[0]; - - if (list == NULL) { - *ret = CKR_ARGUMENTS_BAD; - } else { - *list = &wrapper->bound; - *ret = CKR_OK; - } -} - -static void -binding_C_Initialize (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_Initialize (funcs, - *(CK_VOID_PTR *)args[0]); -} - -static void -binding_C_Finalize (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_Finalize (funcs, - *(CK_VOID_PTR *)args[0]); -} - -static void -binding_C_GetInfo (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_GetInfo (funcs, - *(CK_INFO_PTR *)args[0]); -} - -static void -binding_C_GetSlotList (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_GetSlotList (funcs, - *(CK_BBOOL *)args[0], - *(CK_SLOT_ID_PTR *)args[1], - *(CK_ULONG_PTR *)args[2]); -} - -static void -binding_C_GetSlotInfo (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_GetSlotInfo (funcs, - *(CK_SLOT_ID *)args[0], - *(CK_SLOT_INFO_PTR *)args[1]); -} - -static void -binding_C_GetTokenInfo (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_GetTokenInfo (funcs, - *(CK_SLOT_ID *)args[0], - *(CK_TOKEN_INFO_PTR *)args[1]); -} - -static void -binding_C_WaitForSlotEvent (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_WaitForSlotEvent (funcs, - *(CK_FLAGS *)args[0], - *(CK_SLOT_ID_PTR *)args[1], - *(CK_VOID_PTR *)args[2]); -} - -static void -binding_C_GetMechanismList (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_GetMechanismList (funcs, - *(CK_SLOT_ID *)args[0], - *(CK_MECHANISM_TYPE_PTR *)args[1], - *(CK_ULONG_PTR *)args[2]); -} - -static void -binding_C_GetMechanismInfo (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_GetMechanismInfo (funcs, - *(CK_SLOT_ID *)args[0], - *(CK_MECHANISM_TYPE *)args[1], - *(CK_MECHANISM_INFO_PTR *)args[2]); -} - -static void -binding_C_InitToken (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_InitToken (funcs, - *(CK_SLOT_ID *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2], - *(CK_BYTE_PTR *)args[3]); -} - -static void -binding_C_InitPIN (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_InitPIN (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2]); -} - -static void -binding_C_SetPIN (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_SetPIN (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2], - *(CK_BYTE_PTR *)args[3], - *(CK_ULONG *)args[4]); -} - -static void -binding_C_OpenSession (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_OpenSession (funcs, - *(CK_SLOT_ID *)args[0], - *(CK_FLAGS *)args[1], - *(CK_VOID_PTR *)args[2], - *(CK_NOTIFY *)args[3], - *(CK_SESSION_HANDLE_PTR *)args[4]); -} - -static void -binding_C_CloseSession (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_CloseSession (funcs, - *(CK_SESSION_HANDLE *)args[0]); -} - -static void -binding_C_CloseAllSessions (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_CloseAllSessions (funcs, - *(CK_SLOT_ID *)args[0]); -} - -static void -binding_C_GetSessionInfo (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_GetSessionInfo (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_SESSION_INFO_PTR *)args[1]); -} - -static void -binding_C_GetOperationState (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_GetOperationState (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG_PTR *)args[2]); -} - -static void -binding_C_SetOperationState (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_SetOperationState (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2], - *(CK_OBJECT_HANDLE *)args[3], - *(CK_OBJECT_HANDLE *)args[4]); -} - -static void -binding_C_Login (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_Login (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_USER_TYPE *)args[1], - *(CK_BYTE_PTR *)args[2], - *(CK_ULONG *)args[3]); -} - -static void -binding_C_Logout (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_Logout (funcs, - *(CK_SESSION_HANDLE *)args[0]); -} - -static void -binding_C_CreateObject (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_CreateObject (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_ATTRIBUTE_PTR *)args[1], - *(CK_ULONG *)args[2], - *(CK_OBJECT_HANDLE_PTR *)args[3]); -} - -static void -binding_C_CopyObject (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_CopyObject (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_OBJECT_HANDLE *)args[1], - *(CK_ATTRIBUTE_PTR *)args[2], - *(CK_ULONG *)args[3], - *(CK_OBJECT_HANDLE_PTR *)args[4]); -} - -static void -binding_C_DestroyObject (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_DestroyObject (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_OBJECT_HANDLE *)args[1]); -} - -static void -binding_C_GetObjectSize (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_GetObjectSize (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_OBJECT_HANDLE *)args[1], - *(CK_ULONG_PTR *)args[2]); -} - -static void -binding_C_GetAttributeValue (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_GetAttributeValue (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_OBJECT_HANDLE *)args[1], - *(CK_ATTRIBUTE_PTR *)args[2], - *(CK_ULONG *)args[3]); -} - -static void -binding_C_SetAttributeValue (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_SetAttributeValue (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_OBJECT_HANDLE *)args[1], - *(CK_ATTRIBUTE_PTR *)args[2], - *(CK_ULONG *)args[3]); -} - -static void -binding_C_FindObjectsInit (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_FindObjectsInit (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_ATTRIBUTE_PTR *)args[1], - *(CK_ULONG *)args[2]); -} - -static void -binding_C_FindObjects (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_FindObjects (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_OBJECT_HANDLE_PTR *)args[1], - *(CK_ULONG *)args[2], - *(CK_ULONG_PTR *)args[3]); -} - -static void -binding_C_FindObjectsFinal (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_FindObjectsFinal (funcs, - *(CK_SESSION_HANDLE *)args[0]); -} - -static void -binding_C_EncryptInit (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_EncryptInit (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_MECHANISM_PTR *)args[1], - *(CK_OBJECT_HANDLE *)args[2]); -} - -static void -binding_C_Encrypt (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_Encrypt (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2], - *(CK_BYTE_PTR *)args[3], - *(CK_ULONG_PTR *)args[4]); -} - -static void -binding_C_EncryptUpdate (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_EncryptUpdate (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2], - *(CK_BYTE_PTR *)args[3], - *(CK_ULONG_PTR *)args[4]); -} - -static void -binding_C_EncryptFinal (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_EncryptFinal (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG_PTR *)args[2]); -} - -static void -binding_C_DecryptInit (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_DecryptInit (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_MECHANISM_PTR *)args[1], - *(CK_OBJECT_HANDLE *)args[2]); -} - -static void -binding_C_Decrypt (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_Decrypt (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2], - *(CK_BYTE_PTR *)args[3], - *(CK_ULONG_PTR *)args[4]); -} - -static void -binding_C_DecryptUpdate (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_DecryptUpdate (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2], - *(CK_BYTE_PTR *)args[3], - *(CK_ULONG_PTR *)args[4]); -} - -static void -binding_C_DecryptFinal (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_DecryptFinal (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG_PTR *)args[2]); -} - -static void -binding_C_DigestInit (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_DigestInit (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_MECHANISM_PTR *)args[1]); -} - -static void -binding_C_Digest (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_Digest (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2], - *(CK_BYTE_PTR *)args[3], - *(CK_ULONG_PTR *)args[4]); -} - -static void -binding_C_DigestUpdate (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_DigestUpdate (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2]); -} - -static void -binding_C_DigestKey (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_DigestKey (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_OBJECT_HANDLE *)args[1]); -} - -static void -binding_C_DigestFinal (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_DigestFinal (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG_PTR *)args[2]); -} - -static void -binding_C_SignInit (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_SignInit (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_MECHANISM_PTR *)args[1], - *(CK_OBJECT_HANDLE *)args[2]); -} - -static void -binding_C_Sign (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_Sign (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2], - *(CK_BYTE_PTR *)args[3], - *(CK_ULONG_PTR *)args[4]); -} - -static void -binding_C_SignUpdate (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_SignUpdate (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2]); -} - -static void -binding_C_SignFinal (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_SignFinal (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG_PTR *)args[2]); -} - -static void -binding_C_SignRecoverInit (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_SignRecoverInit (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_MECHANISM_PTR *)args[1], - *(CK_OBJECT_HANDLE *)args[2]); -} - -static void -binding_C_SignRecover (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_SignRecover (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2], - *(CK_BYTE_PTR *)args[3], - *(CK_ULONG_PTR *)args[4]); -} - -static void -binding_C_VerifyInit (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_VerifyInit (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_MECHANISM_PTR *)args[1], - *(CK_OBJECT_HANDLE *)args[2]); -} - -static void -binding_C_Verify (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_Verify (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2], - *(CK_BYTE_PTR *)args[3], - *(CK_ULONG *)args[4]); -} - -static void -binding_C_VerifyUpdate (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_VerifyUpdate (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2]); -} - -static void -binding_C_VerifyFinal (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_VerifyFinal (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2]); -} - -static void -binding_C_VerifyRecoverInit (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_VerifyRecoverInit (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_MECHANISM_PTR *)args[1], - *(CK_OBJECT_HANDLE *)args[2]); -} - -static void -binding_C_VerifyRecover (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_VerifyRecover (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2], - *(CK_BYTE_PTR *)args[3], - *(CK_ULONG_PTR *)args[4]); -} - -static void -binding_C_DigestEncryptUpdate (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_DigestEncryptUpdate (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2], - *(CK_BYTE_PTR *)args[3], - *(CK_ULONG_PTR *)args[4]); -} - -static void -binding_C_DecryptDigestUpdate (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_DecryptDigestUpdate (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2], - *(CK_BYTE_PTR *)args[3], - *(CK_ULONG_PTR *)args[4]); -} - -static void -binding_C_SignEncryptUpdate (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_SignEncryptUpdate (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2], - *(CK_BYTE_PTR *)args[3], - *(CK_ULONG_PTR *)args[4]); -} - -static void -binding_C_DecryptVerifyUpdate (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_DecryptVerifyUpdate (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2], - *(CK_BYTE_PTR *)args[3], - *(CK_ULONG_PTR *)args[4]); -} - -static void -binding_C_GenerateKey (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_GenerateKey (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_MECHANISM_PTR *)args[1], - *(CK_ATTRIBUTE_PTR *)args[2], - *(CK_ULONG *)args[3], - *(CK_OBJECT_HANDLE_PTR *)args[4]); -} - -static void -binding_C_GenerateKeyPair (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_GenerateKeyPair (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_MECHANISM_PTR *)args[1], - *(CK_ATTRIBUTE_PTR *)args[2], - *(CK_ULONG *)args[3], - *(CK_ATTRIBUTE_PTR *)args[4], - *(CK_ULONG *)args[5], - *(CK_OBJECT_HANDLE_PTR *)args[6], - *(CK_OBJECT_HANDLE_PTR *)args[7]); -} - -static void -binding_C_WrapKey (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_WrapKey (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_MECHANISM_PTR *)args[1], - *(CK_OBJECT_HANDLE *)args[2], - *(CK_OBJECT_HANDLE *)args[3], - *(CK_BYTE_PTR *)args[4], - *(CK_ULONG_PTR *)args[5]); -} - -static void -binding_C_UnwrapKey (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_UnwrapKey (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_MECHANISM_PTR *)args[1], - *(CK_OBJECT_HANDLE *)args[2], - *(CK_BYTE_PTR *)args[3], - *(CK_ULONG *)args[4], - *(CK_ATTRIBUTE_PTR *)args[5], - *(CK_ULONG *)args[6], - *(CK_OBJECT_HANDLE_PTR *)args[7]); -} - -static void -binding_C_DeriveKey (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_DeriveKey (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_MECHANISM_PTR *)args[1], - *(CK_OBJECT_HANDLE *)args[2], - *(CK_ATTRIBUTE_PTR *)args[3], - *(CK_ULONG *)args[4], - *(CK_OBJECT_HANDLE_PTR *)args[5]); -} - -static void -binding_C_SeedRandom (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_SeedRandom (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2]); -} - -static void -binding_C_GenerateRandom (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_GenerateRandom (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2]); -} - -#endif /* WITH_FFI */ - -static CK_RV -stack_C_Initialize (CK_X_FUNCTION_LIST *self, - CK_VOID_PTR init_args) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_Initialize (funcs, init_args); -} - -static CK_RV -stack_C_Finalize (CK_X_FUNCTION_LIST *self, - CK_VOID_PTR reserved) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_Finalize (funcs, reserved); -} - -static CK_RV -stack_C_GetInfo (CK_X_FUNCTION_LIST *self, - CK_INFO_PTR info) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetInfo (funcs, info); -} - -static CK_RV -stack_C_GetSlotList (CK_X_FUNCTION_LIST *self, - CK_BBOOL token_present, - CK_SLOT_ID_PTR slot_list, - CK_ULONG_PTR count) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetSlotList (funcs, token_present, slot_list, count); -} - -static CK_RV -stack_C_GetSlotInfo (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_SLOT_INFO_PTR info) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetSlotInfo (funcs, slot_id, info); -} - -static CK_RV -stack_C_GetTokenInfo (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_TOKEN_INFO_PTR info) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetTokenInfo (funcs, slot_id, info); -} - -static CK_RV -stack_C_GetMechanismList (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_MECHANISM_TYPE_PTR mechanism_list, - CK_ULONG_PTR count) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetMechanismList (funcs, slot_id, mechanism_list, count); -} - -static CK_RV -stack_C_GetMechanismInfo (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_MECHANISM_TYPE type, - CK_MECHANISM_INFO_PTR info) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetMechanismInfo (funcs, slot_id, type, info); -} - -static CK_RV -stack_C_InitToken (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len, - CK_UTF8CHAR_PTR label) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_InitToken (funcs, slot_id, pin, pin_len, label); -} - -static CK_RV -stack_C_OpenSession (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_FLAGS flags, - CK_VOID_PTR application, - CK_NOTIFY notify, - CK_SESSION_HANDLE_PTR session) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_OpenSession (funcs, slot_id, flags, application, notify, session); -} - -static CK_RV -stack_C_CloseSession (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_CloseSession (funcs, session); -} - -static CK_RV -stack_C_CloseAllSessions (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_CloseAllSessions (funcs, slot_id); -} - -static CK_RV -stack_C_GetSessionInfo (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_SESSION_INFO_PTR info) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetSessionInfo (funcs, session, info); -} - -static CK_RV -stack_C_InitPIN (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_InitPIN (funcs, session, pin, pin_len); -} - -static CK_RV -stack_C_SetPIN (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_UTF8CHAR_PTR old_pin, - CK_ULONG old_len, - CK_UTF8CHAR_PTR new_pin, - CK_ULONG new_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SetPIN (funcs, session, old_pin, old_len, new_pin, new_len); -} - -static CK_RV -stack_C_GetOperationState (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR operation_state, - CK_ULONG_PTR operation_state_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetOperationState (funcs, session, operation_state, operation_state_len); -} - -static CK_RV -stack_C_SetOperationState (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR operation_state, - CK_ULONG operation_state_len, - CK_OBJECT_HANDLE encryption_key, - CK_OBJECT_HANDLE authentication_key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SetOperationState (funcs, session, operation_state, operation_state_len, - encryption_key, authentication_key); -} - -static CK_RV -stack_C_Login (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_USER_TYPE user_type, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_Login (funcs, session, user_type, pin, pin_len); -} - -static CK_RV -stack_C_Logout (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_Logout (funcs, session); -} - -static CK_RV -stack_C_CreateObject (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR object) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_CreateObject (funcs, session, template, count, object); -} - -static CK_RV -stack_C_CopyObject (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR new_object) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_CopyObject (funcs, session, object, template, count, new_object); -} - - -static CK_RV -stack_C_DestroyObject (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DestroyObject (funcs, session, object); -} - -static CK_RV -stack_C_GetObjectSize (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ULONG_PTR size) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetObjectSize (funcs, session, object, size); -} - -static CK_RV -stack_C_GetAttributeValue (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetAttributeValue (funcs, session, object, template, count); -} - -static CK_RV -stack_C_SetAttributeValue (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SetAttributeValue (funcs, session, object, template, count); -} - -static CK_RV -stack_C_FindObjectsInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_FindObjectsInit (funcs, session, template, count); -} - -static CK_RV -stack_C_FindObjects (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE_PTR object, - CK_ULONG max_object_count, - CK_ULONG_PTR object_count) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_FindObjects (funcs, session, object, max_object_count, object_count); -} - -static CK_RV -stack_C_FindObjectsFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_FindObjectsFinal (funcs, session); -} - -static CK_RV -stack_C_EncryptInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_EncryptInit (funcs, session, mechanism, key); -} - -static CK_RV -stack_C_Encrypt (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR input, - CK_ULONG input_len, - CK_BYTE_PTR encrypted_data, - CK_ULONG_PTR encrypted_data_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_Encrypt (funcs, session, input, input_len, - encrypted_data, encrypted_data_len); -} - -static CK_RV -stack_C_EncryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR encrypted_part, - CK_ULONG_PTR encrypted_part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_EncryptUpdate (funcs, session, part, part_len, - encrypted_part, encrypted_part_len); -} - -static CK_RV -stack_C_EncryptFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR last_encrypted_part, - CK_ULONG_PTR last_encrypted_part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_EncryptFinal (funcs, session, last_encrypted_part, - last_encrypted_part_len); -} - -static CK_RV -stack_C_DecryptInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DecryptInit (funcs, session, mechanism, key); -} - -static CK_RV -stack_C_Decrypt (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR encrypted_data, - CK_ULONG encrypted_data_len, - CK_BYTE_PTR output, - CK_ULONG_PTR output_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_Decrypt (funcs, session, encrypted_data, encrypted_data_len, - output, output_len); -} - -static CK_RV -stack_C_DecryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR encrypted_part, - CK_ULONG encrypted_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DecryptUpdate (funcs, session, encrypted_part, encrypted_part_len, - part, part_len); -} - -static CK_RV -stack_C_DecryptFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR last_part, - CK_ULONG_PTR last_part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DecryptFinal (funcs, session, last_part, last_part_len); -} - -static CK_RV -stack_C_DigestInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DigestInit (funcs, session, mechanism); -} - -static CK_RV -stack_C_Digest (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR input, - CK_ULONG input_len, - CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_Digest (funcs, session, input, input_len, digest, digest_len); -} - -static CK_RV -stack_C_DigestUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DigestUpdate (funcs, session, part, part_len); -} - -static CK_RV -stack_C_DigestKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DigestKey (funcs, session, key); -} - -static CK_RV -stack_C_DigestFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DigestFinal (funcs, session, digest, digest_len); -} - -static CK_RV -stack_C_SignInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SignInit (funcs, session, mechanism, key); -} - -static CK_RV -stack_C_Sign (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR input, - CK_ULONG input_len, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_Sign (funcs, session, input, input_len, - signature, signature_len); -} - -static CK_RV -stack_C_SignUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SignUpdate (funcs, session, part, part_len); -} - -static CK_RV -stack_C_SignFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SignFinal (funcs, session, signature, signature_len); -} - -static CK_RV -stack_C_SignRecoverInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SignRecoverInit (funcs, session, mechanism, key); -} - -static CK_RV -stack_C_SignRecover (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR input, - CK_ULONG input_len, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SignRecover (funcs, session, input, input_len, - signature, signature_len); -} - -static CK_RV -stack_C_VerifyInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_VerifyInit (funcs, session, mechanism, key); -} - -static CK_RV -stack_C_Verify (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR input, - CK_ULONG input_len, - CK_BYTE_PTR signature, - CK_ULONG signature_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_Verify (funcs, session, input, input_len, - signature, signature_len); -} - -static CK_RV -stack_C_VerifyUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_VerifyUpdate (funcs, session, part, part_len); -} - -static CK_RV -stack_C_VerifyFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR signature, - CK_ULONG signature_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_VerifyFinal (funcs, session, signature, signature_len); -} - -static CK_RV -stack_C_VerifyRecoverInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_VerifyRecoverInit (funcs, session, mechanism, key); -} - -static CK_RV -stack_C_VerifyRecover (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR signature, - CK_ULONG signature_len, - CK_BYTE_PTR input, - CK_ULONG_PTR input_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_VerifyRecover (funcs, session, signature, signature_len, - input, input_len); -} - -static CK_RV -stack_C_DigestEncryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR encrypted_part, - CK_ULONG_PTR encrypted_part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DigestEncryptUpdate (funcs, session, part, part_len, - encrypted_part, encrypted_part_len); -} - -static CK_RV -stack_C_DecryptDigestUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR encrypted_part, - CK_ULONG encrypted_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DecryptDigestUpdate (funcs, session, encrypted_part, encrypted_part_len, - part, part_len); -} - -static CK_RV -stack_C_SignEncryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR encrypted_part, - CK_ULONG_PTR encrypted_part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SignEncryptUpdate (funcs, session, part, part_len, - encrypted_part, encrypted_part_len); -} - -static CK_RV -stack_C_DecryptVerifyUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR encrypted_part, - CK_ULONG encrypted_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DecryptVerifyUpdate (funcs, session, encrypted_part, encrypted_part_len, - part, part_len); -} - -static CK_RV -stack_C_GenerateKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GenerateKey (funcs, session, mechanism, template, count, key); -} - -static CK_RV -stack_C_GenerateKeyPair (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR public_key_template, - CK_ULONG public_key_count, - CK_ATTRIBUTE_PTR private_key_template, - CK_ULONG private_key_count, - CK_OBJECT_HANDLE_PTR public_key, - CK_OBJECT_HANDLE_PTR private_key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GenerateKeyPair (funcs, session, mechanism, public_key_template, - public_key_count, private_key_template, - private_key_count, public_key, private_key); -} - -static CK_RV -stack_C_WrapKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE wrapping_key, - CK_OBJECT_HANDLE key, - CK_BYTE_PTR wrapped_key, - CK_ULONG_PTR wrapped_key_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_WrapKey (funcs, session, mechanism, wrapping_key, key, - wrapped_key, wrapped_key_len); -} - -static CK_RV -stack_C_UnwrapKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE unwrapping_key, - CK_BYTE_PTR wrapped_key, - CK_ULONG wrapped_key_len, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_UnwrapKey (funcs, session, mechanism, unwrapping_key, wrapped_key, - wrapped_key_len, template, count, key); -} - -static CK_RV -stack_C_DeriveKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE base_key, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DeriveKey (funcs, session, mechanism, base_key, template, count, key); -} - -static CK_RV -stack_C_SeedRandom (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR seed, - CK_ULONG seed_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SeedRandom (funcs, session, seed, seed_len); -} - -static CK_RV -stack_C_GenerateRandom (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR random_data, - CK_ULONG random_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GenerateRandom (funcs, session, random_data, random_len); -} - -static CK_RV -stack_C_WaitForSlotEvent (CK_X_FUNCTION_LIST *self, - CK_FLAGS flags, - CK_SLOT_ID_PTR slot_id, - CK_VOID_PTR reserved) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_WaitForSlotEvent (funcs, flags, slot_id, reserved); -} - -static CK_RV -base_C_Initialize (CK_X_FUNCTION_LIST *self, - CK_VOID_PTR init_args) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_Initialize (init_args); -} - -static CK_RV -base_C_Finalize (CK_X_FUNCTION_LIST *self, - CK_VOID_PTR reserved) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_Finalize (reserved); -} - -static CK_RV -base_C_GetInfo (CK_X_FUNCTION_LIST *self, - CK_INFO_PTR info) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetInfo (info); -} - -static CK_RV -base_C_GetSlotList (CK_X_FUNCTION_LIST *self, - CK_BBOOL token_present, - CK_SLOT_ID_PTR slot_list, - CK_ULONG_PTR count) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetSlotList (token_present, slot_list, count); -} - -static CK_RV -base_C_GetSlotInfo (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_SLOT_INFO_PTR info) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetSlotInfo (slot_id, info); -} - -static CK_RV -base_C_GetTokenInfo (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_TOKEN_INFO_PTR info) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetTokenInfo (slot_id, info); -} - -static CK_RV -base_C_GetMechanismList (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_MECHANISM_TYPE_PTR mechanism_list, - CK_ULONG_PTR count) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetMechanismList (slot_id, mechanism_list, count); -} - -static CK_RV -base_C_GetMechanismInfo (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_MECHANISM_TYPE type, - CK_MECHANISM_INFO_PTR info) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetMechanismInfo (slot_id, type, info); -} - -static CK_RV -base_C_InitToken (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len, - CK_UTF8CHAR_PTR label) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_InitToken (slot_id, pin, pin_len, label); -} - -static CK_RV -base_C_OpenSession (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_FLAGS flags, - CK_VOID_PTR application, - CK_NOTIFY notify, - CK_SESSION_HANDLE_PTR session) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_OpenSession (slot_id, flags, application, notify, session); -} - -static CK_RV -base_C_CloseSession (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_CloseSession (session); -} - -static CK_RV -base_C_CloseAllSessions (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_CloseAllSessions (slot_id); -} - -static CK_RV -base_C_GetSessionInfo (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_SESSION_INFO_PTR info) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetSessionInfo (session, info); -} - -static CK_RV -base_C_InitPIN (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_InitPIN (session, pin, pin_len); -} - -static CK_RV -base_C_SetPIN (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_UTF8CHAR_PTR old_pin, - CK_ULONG old_len, - CK_UTF8CHAR_PTR new_pin, - CK_ULONG new_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SetPIN (session, old_pin, old_len, new_pin, new_len); -} - -static CK_RV -base_C_GetOperationState (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR operation_state, - CK_ULONG_PTR operation_state_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetOperationState (session, operation_state, operation_state_len); -} - -static CK_RV -base_C_SetOperationState (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR operation_state, - CK_ULONG operation_state_len, - CK_OBJECT_HANDLE encryption_key, - CK_OBJECT_HANDLE authentication_key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SetOperationState (session, operation_state, operation_state_len, - encryption_key, authentication_key); -} - -static CK_RV -base_C_Login (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_USER_TYPE user_type, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_Login (session, user_type, pin, pin_len); -} - -static CK_RV -base_C_Logout (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_Logout (session); -} - -static CK_RV -base_C_CreateObject (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR object) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_CreateObject (session, template, count, object); -} - -static CK_RV -base_C_CopyObject (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR new_object) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_CopyObject (session, object, template, count, new_object); -} - - -static CK_RV -base_C_DestroyObject (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DestroyObject (session, object); -} - -static CK_RV -base_C_GetObjectSize (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ULONG_PTR size) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetObjectSize (session, object, size); -} - -static CK_RV -base_C_GetAttributeValue (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetAttributeValue (session, object, template, count); -} - -static CK_RV -base_C_SetAttributeValue (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SetAttributeValue (session, object, template, count); -} - -static CK_RV -base_C_FindObjectsInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_FindObjectsInit (session, template, count); -} - -static CK_RV -base_C_FindObjects (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE_PTR object, - CK_ULONG max_object_count, - CK_ULONG_PTR object_count) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_FindObjects (session, object, max_object_count, object_count); -} - -static CK_RV -base_C_FindObjectsFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_FindObjectsFinal (session); -} - -static CK_RV -base_C_EncryptInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_EncryptInit (session, mechanism, key); -} - -static CK_RV -base_C_Encrypt (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR input, - CK_ULONG input_len, - CK_BYTE_PTR encrypted_data, - CK_ULONG_PTR encrypted_data_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_Encrypt (session, input, input_len, - encrypted_data, encrypted_data_len); -} - -static CK_RV -base_C_EncryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR encrypted_part, - CK_ULONG_PTR encrypted_part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_EncryptUpdate (session, part, part_len, - encrypted_part, encrypted_part_len); -} - -static CK_RV -base_C_EncryptFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR last_encrypted_part, - CK_ULONG_PTR last_encrypted_part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_EncryptFinal (session, last_encrypted_part, - last_encrypted_part_len); -} - -static CK_RV -base_C_DecryptInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DecryptInit (session, mechanism, key); -} - -static CK_RV -base_C_Decrypt (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR encrypted_data, - CK_ULONG encrypted_data_len, - CK_BYTE_PTR output, - CK_ULONG_PTR output_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_Decrypt (session, encrypted_data, encrypted_data_len, - output, output_len); -} - -static CK_RV -base_C_DecryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR encrypted_part, - CK_ULONG encrypted_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DecryptUpdate (session, encrypted_part, encrypted_part_len, - part, part_len); -} - -static CK_RV -base_C_DecryptFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR last_part, - CK_ULONG_PTR last_part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DecryptFinal (session, last_part, last_part_len); -} - -static CK_RV -base_C_DigestInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DigestInit (session, mechanism); -} - -static CK_RV -base_C_Digest (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR input, - CK_ULONG input_len, - CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_Digest (session, input, input_len, digest, digest_len); -} - -static CK_RV -base_C_DigestUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DigestUpdate (session, part, part_len); -} - -static CK_RV -base_C_DigestKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DigestKey (session, key); -} - -static CK_RV -base_C_DigestFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DigestFinal (session, digest, digest_len); -} - -static CK_RV -base_C_SignInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SignInit (session, mechanism, key); -} - -static CK_RV -base_C_Sign (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR input, - CK_ULONG input_len, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_Sign (session, input, input_len, - signature, signature_len); -} - -static CK_RV -base_C_SignUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SignUpdate (session, part, part_len); -} - -static CK_RV -base_C_SignFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SignFinal (session, signature, signature_len); -} - -static CK_RV -base_C_SignRecoverInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SignRecoverInit (session, mechanism, key); -} - -static CK_RV -base_C_SignRecover (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR input, - CK_ULONG input_len, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SignRecover (session, input, input_len, - signature, signature_len); -} - -static CK_RV -base_C_VerifyInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_VerifyInit (session, mechanism, key); -} - -static CK_RV -base_C_Verify (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR input, - CK_ULONG input_len, - CK_BYTE_PTR signature, - CK_ULONG signature_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_Verify (session, input, input_len, - signature, signature_len); -} - -static CK_RV -base_C_VerifyUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_VerifyUpdate (session, part, part_len); -} - -static CK_RV -base_C_VerifyFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR signature, - CK_ULONG signature_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_VerifyFinal (session, signature, signature_len); -} - -static CK_RV -base_C_VerifyRecoverInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_VerifyRecoverInit (session, mechanism, key); -} - -static CK_RV -base_C_VerifyRecover (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR signature, - CK_ULONG signature_len, - CK_BYTE_PTR input, - CK_ULONG_PTR input_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_VerifyRecover (session, signature, signature_len, - input, input_len); -} - -static CK_RV -base_C_DigestEncryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR encrypted_part, - CK_ULONG_PTR encrypted_part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DigestEncryptUpdate (session, part, part_len, - encrypted_part, encrypted_part_len); -} - -static CK_RV -base_C_DecryptDigestUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR encrypted_part, - CK_ULONG encrypted_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DecryptDigestUpdate (session, encrypted_part, encrypted_part_len, - part, part_len); -} - -static CK_RV -base_C_SignEncryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR encrypted_part, - CK_ULONG_PTR encrypted_part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SignEncryptUpdate (session, part, part_len, - encrypted_part, encrypted_part_len); -} - -static CK_RV -base_C_DecryptVerifyUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR encrypted_part, - CK_ULONG encrypted_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DecryptVerifyUpdate (session, encrypted_part, encrypted_part_len, - part, part_len); -} - -static CK_RV -base_C_GenerateKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GenerateKey (session, mechanism, template, count, key); -} - -static CK_RV -base_C_GenerateKeyPair (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR public_key_template, - CK_ULONG public_key_count, - CK_ATTRIBUTE_PTR private_key_template, - CK_ULONG private_key_count, - CK_OBJECT_HANDLE_PTR public_key, - CK_OBJECT_HANDLE_PTR private_key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GenerateKeyPair (session, mechanism, public_key_template, - public_key_count, private_key_template, - private_key_count, public_key, private_key); -} - -static CK_RV -base_C_WrapKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE wrapping_key, - CK_OBJECT_HANDLE key, - CK_BYTE_PTR wrapped_key, - CK_ULONG_PTR wrapped_key_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_WrapKey (session, mechanism, wrapping_key, key, - wrapped_key, wrapped_key_len); -} - -static CK_RV -base_C_UnwrapKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE unwrapping_key, - CK_BYTE_PTR wrapped_key, - CK_ULONG wrapped_key_len, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_UnwrapKey (session, mechanism, unwrapping_key, wrapped_key, - wrapped_key_len, template, count, key); -} - -static CK_RV -base_C_DeriveKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE base_key, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DeriveKey (session, mechanism, base_key, template, count, key); -} - -static CK_RV -base_C_SeedRandom (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR seed, - CK_ULONG seed_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SeedRandom (session, seed, seed_len); -} - -static CK_RV -base_C_GenerateRandom (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR random_data, - CK_ULONG random_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GenerateRandom (session, random_data, random_len); -} - -static CK_RV -base_C_WaitForSlotEvent (CK_X_FUNCTION_LIST *self, - CK_FLAGS flags, - CK_SLOT_ID_PTR slot_id, - CK_VOID_PTR reserved) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_WaitForSlotEvent (flags, slot_id, reserved); -} - -void -p11_virtual_init (p11_virtual *virt, - CK_X_FUNCTION_LIST *funcs, - void *lower_module, - p11_destroyer lower_destroy) -{ - memcpy (virt, funcs, sizeof (CK_X_FUNCTION_LIST)); - virt->lower_module = lower_module; - virt->lower_destroy = lower_destroy; -} - -void -p11_virtual_uninit (p11_virtual *virt) -{ - if (virt->lower_destroy) - (virt->lower_destroy) (virt->lower_module); -} - -#ifdef WITH_FFI - -typedef struct { - const char *name; - void *binding_function; - void *stack_fallback; - size_t virtual_offset; - void *base_fallback; - size_t module_offset; - ffi_type *types[MAX_ARGS]; -} FunctionInfo; - -#define STRUCT_OFFSET(struct_type, member) \ - ((size_t) ((unsigned char *) &((struct_type *) 0)->member)) -#define STRUCT_MEMBER_P(struct_p, struct_offset) \ - ((void *) ((unsigned char *) (struct_p) + (long) (struct_offset))) -#define STRUCT_MEMBER(member_type, struct_p, struct_offset) \ - (*(member_type*) STRUCT_MEMBER_P ((struct_p), (struct_offset))) - -#define FUNCTION(name) \ - #name, binding_C_##name, \ - stack_C_##name, STRUCT_OFFSET (CK_X_FUNCTION_LIST, C_##name), \ - base_C_##name, STRUCT_OFFSET (CK_FUNCTION_LIST, C_##name) - -static const FunctionInfo function_info[] = { - { FUNCTION (Initialize), { &ffi_type_pointer, NULL } }, - { FUNCTION (Finalize), { &ffi_type_pointer, NULL } }, - { FUNCTION (GetInfo), { &ffi_type_pointer, NULL } }, - { FUNCTION (GetSlotList), { &ffi_type_uchar, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (GetSlotInfo), { &ffi_type_ulong, &ffi_type_pointer, NULL } }, - { FUNCTION (GetTokenInfo), { &ffi_type_ulong, &ffi_type_pointer, NULL } }, - { FUNCTION (WaitForSlotEvent), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (GetMechanismList), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (GetMechanismInfo), { &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, NULL } }, - { FUNCTION (InitToken), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, NULL } }, - { FUNCTION (InitPIN), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { FUNCTION (SetPIN), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { FUNCTION (OpenSession), { &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (CloseSession), { &ffi_type_ulong, NULL } }, - { FUNCTION (CloseAllSessions), { &ffi_type_ulong, NULL } }, - { FUNCTION (GetSessionInfo), { &ffi_type_ulong, &ffi_type_pointer, NULL } }, - { FUNCTION (GetOperationState), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (SetOperationState), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_ulong, &ffi_type_ulong, NULL } }, - { FUNCTION (Login), { &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { FUNCTION (Logout), { &ffi_type_ulong, NULL } }, - { FUNCTION (CreateObject), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, NULL } }, - { FUNCTION (CopyObject), { &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, NULL } }, - { FUNCTION (DestroyObject), { &ffi_type_ulong, &ffi_type_ulong, NULL } }, - { FUNCTION (GetObjectSize), { &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, NULL } }, - { FUNCTION (GetAttributeValue), { &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { FUNCTION (SetAttributeValue), { &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { FUNCTION (FindObjectsInit), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { FUNCTION (FindObjects), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, NULL } }, - { FUNCTION (FindObjectsFinal), { &ffi_type_ulong, NULL } }, - { FUNCTION (EncryptInit), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { FUNCTION (Encrypt), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (EncryptUpdate), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (EncryptFinal), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (DecryptInit), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { FUNCTION (Decrypt), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (DecryptUpdate), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (DecryptFinal), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (DigestInit), { &ffi_type_ulong, &ffi_type_pointer, NULL } }, - { FUNCTION (Digest), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (DigestUpdate), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { FUNCTION (DigestKey), { &ffi_type_ulong, &ffi_type_ulong, NULL } }, - { FUNCTION (DigestFinal), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (SignInit), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { FUNCTION (Sign), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (SignUpdate), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { FUNCTION (SignFinal), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (SignRecoverInit), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { FUNCTION (SignRecover), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (VerifyInit), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { FUNCTION (Verify), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { FUNCTION (VerifyUpdate), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { FUNCTION (VerifyFinal), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { FUNCTION (VerifyRecoverInit), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { FUNCTION (VerifyRecover), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (DigestEncryptUpdate), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (DecryptDigestUpdate), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (SignEncryptUpdate), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (DecryptVerifyUpdate), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (GenerateKey), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, NULL } }, - { FUNCTION (GenerateKeyPair), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (WrapKey), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (UnwrapKey), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, NULL } }, - { FUNCTION (DeriveKey), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, NULL } }, - { FUNCTION (SeedRandom), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { FUNCTION (GenerateRandom), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { 0, } -}; - -static bool -lookup_fall_through (p11_virtual *virt, - const FunctionInfo *info, - void **bound_func) -{ - void *func; - - /* - * So the basic concept here is if we have only fall-through functions - * all the way down the stack, then we can just get the actual module - * function, so that calls go right through. - */ - - func = STRUCT_MEMBER (void *, virt, info->virtual_offset); - - /* - * This is a fall-through function and the stack goes down further, so - * ask the next level down for the - */ - if (func == info->stack_fallback) { - return lookup_fall_through (virt->lower_module, info, bound_func); - - /* - * This is a fall-through function at the bottom level of the stack - * so return the function from the module. - */ - } else if (func == info->base_fallback) { - *bound_func = STRUCT_MEMBER (void *, virt->lower_module, info->module_offset); - return true; - } - - return false; -} - -static bool -bind_ffi_closure (Wrapper *wrapper, - void *binding_data, - void *binding_func, - ffi_type **args, - void **bound_func) -{ - ffi_closure *clo; - ffi_cif *cif; - int nargs = 0; - int i = 0; - int ret; - - assert (wrapper->ffi_used < MAX_FUNCTIONS); - cif = wrapper->ffi_cifs + wrapper->ffi_used; - - /* The number of arguments */ - for (i = 0, nargs = 0; args[i] != NULL; i++) - nargs++; - - assert (nargs <= MAX_ARGS); - - /* - * The failures here are unexpected conditions. There's a chance they - * might occur on other esoteric platforms, so we take a little - * extra care to print relevant debugging info, and return a status, - * so that we can get back useful debug info on platforms that we - * don't have access to. - */ - - ret = ffi_prep_cif (cif, FFI_DEFAULT_ABI, nargs, &ffi_type_ulong, args); - if (ret != FFI_OK) { - p11_debug_precond ("ffi_prep_cif failed: %d\n", ret); - return false; - } - - clo = ffi_closure_alloc (sizeof (ffi_closure), bound_func); - if (clo == NULL) { - p11_debug_precond ("ffi_closure_alloc failed\n"); - return false; - } - - ret = ffi_prep_closure_loc (clo, cif, binding_func, binding_data, *bound_func); - if (ret != FFI_OK) { - p11_debug_precond ("ffi_prep_closure_loc failed: %d\n", ret); - return false; - } - - wrapper->ffi_closures[wrapper->ffi_used] = clo; - wrapper->ffi_used++; - return true; -} - -static bool -init_wrapper_funcs (Wrapper *wrapper) -{ - static const ffi_type *get_function_list_args[] = { &ffi_type_pointer, NULL }; - const FunctionInfo *info; - CK_X_FUNCTION_LIST *over; - void **bound; - int i; - - /* Pointer to where our calls go */ - over = &wrapper->virt->funcs; - - for (i = 0; function_info[i].name != NULL; i++) { - info = function_info + i; - - /* Address to where we're placing the bound function */ - bound = &STRUCT_MEMBER (void *, &wrapper->bound, info->module_offset); - - /* - * See if we can just shoot straight through to the module function - * without wrapping at all. If all the stacked virtual modules just - * fall through, then this returns the original module function. - */ - if (!lookup_fall_through (wrapper->virt, info, bound)) { - if (!bind_ffi_closure (wrapper, over, - info->binding_function, - (ffi_type **)info->types, bound)) - return_val_if_reached (false); - } - } - - /* Always bind the C_GetFunctionList function itself */ - if (!bind_ffi_closure (wrapper, wrapper, - binding_C_GetFunctionList, - (ffi_type **)get_function_list_args, - (void **)&wrapper->bound.C_GetFunctionList)) - return_val_if_reached (false); - - /* - * These functions are used as a marker to indicate whether this is - * one of our CK_FUNCTION_LIST_PTR sets of functions or not. These - * functions are defined to always have the same standard implementation - * in PKCS#11 2.x so we don't need to call through to the base for - * these guys. - */ - wrapper->bound.C_CancelFunction = short_C_CancelFunction; - wrapper->bound.C_GetFunctionStatus = short_C_GetFunctionStatus; - - return true; -} - -#if LIBFFI_FREE_CLOSURES -static void -uninit_wrapper_funcs (Wrapper *wrapper) -{ - int i; - - for (i = 0; i < wrapper->ffi_used; i++) - ffi_closure_free (wrapper->ffi_closures[i]); -} -#endif - -CK_FUNCTION_LIST * -p11_virtual_wrap (p11_virtual *virt, - p11_destroyer destroyer) -{ - Wrapper *wrapper; - - return_val_if_fail (virt != NULL, NULL); - - wrapper = calloc (1, sizeof (Wrapper)); - return_val_if_fail (wrapper != NULL, NULL); - - wrapper->virt = virt; - wrapper->destroyer = destroyer; - wrapper->bound.version.major = CRYPTOKI_VERSION_MAJOR; - wrapper->bound.version.minor = CRYPTOKI_VERSION_MINOR; - - if (!init_wrapper_funcs (wrapper)) - return_val_if_reached (NULL); - - assert ((void *)wrapper == (void *)&wrapper->bound); - assert (p11_virtual_is_wrapper (&wrapper->bound)); - assert (wrapper->bound.C_GetFunctionList != NULL); - return &wrapper->bound; -} - -bool -p11_virtual_can_wrap (void) -{ - return TRUE; -} - -bool -p11_virtual_is_wrapper (CK_FUNCTION_LIST_PTR module) -{ - /* - * We use these functions as a marker to indicate whether this is - * one of our CK_FUNCTION_LIST_PTR sets of functions or not. These - * functions are defined to always have the same standard implementation - * in PKCS#11 2.x so we don't need to call through to the base for - * these guys. - */ - return (module->C_GetFunctionStatus == short_C_GetFunctionStatus && - module->C_CancelFunction == short_C_CancelFunction); -} - -void -p11_virtual_unwrap (CK_FUNCTION_LIST_PTR module) -{ - Wrapper *wrapper; - - return_if_fail (p11_virtual_is_wrapper (module)); - - /* The bound CK_FUNCTION_LIST_PTR sits at the front of Context */ - wrapper = (Wrapper *)module; - - /* - * Make sure that the CK_FUNCTION_LIST_PTR is invalid, and that - * p11_virtual_is_wrapper() recognizes this. This is in case the - * destroyer callback tries to do something fancy. - */ - memset (&wrapper->bound, 0xFE, sizeof (wrapper->bound)); - - if (wrapper->destroyer) - (wrapper->destroyer) (wrapper->virt); - -#if LIBFFI_FREE_CLOSURES - uninit_wrapper_funcs (wrapper); -#endif - free (wrapper); -} - -#else /* !WITH_FFI */ - -CK_FUNCTION_LIST * -p11_virtual_wrap (p11_virtual *virt, - p11_destroyer destroyer) -{ - assert_not_reached (); -} - -bool -p11_virtual_can_wrap (void) -{ - return FALSE; -} - -bool -p11_virtual_is_wrapper (CK_FUNCTION_LIST_PTR module) -{ - return FALSE; -} - -void -p11_virtual_unwrap (CK_FUNCTION_LIST_PTR module) -{ - assert_not_reached (); -} - -#endif /* !WITH_FFI */ - -CK_X_FUNCTION_LIST p11_virtual_stack = { - { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, /* version */ - stack_C_Initialize, - stack_C_Finalize, - stack_C_GetInfo, - stack_C_GetSlotList, - stack_C_GetSlotInfo, - stack_C_GetTokenInfo, - stack_C_GetMechanismList, - stack_C_GetMechanismInfo, - stack_C_InitToken, - stack_C_InitPIN, - stack_C_SetPIN, - stack_C_OpenSession, - stack_C_CloseSession, - stack_C_CloseAllSessions, - stack_C_GetSessionInfo, - stack_C_GetOperationState, - stack_C_SetOperationState, - stack_C_Login, - stack_C_Logout, - stack_C_CreateObject, - stack_C_CopyObject, - stack_C_DestroyObject, - stack_C_GetObjectSize, - stack_C_GetAttributeValue, - stack_C_SetAttributeValue, - stack_C_FindObjectsInit, - stack_C_FindObjects, - stack_C_FindObjectsFinal, - stack_C_EncryptInit, - stack_C_Encrypt, - stack_C_EncryptUpdate, - stack_C_EncryptFinal, - stack_C_DecryptInit, - stack_C_Decrypt, - stack_C_DecryptUpdate, - stack_C_DecryptFinal, - stack_C_DigestInit, - stack_C_Digest, - stack_C_DigestUpdate, - stack_C_DigestKey, - stack_C_DigestFinal, - stack_C_SignInit, - stack_C_Sign, - stack_C_SignUpdate, - stack_C_SignFinal, - stack_C_SignRecoverInit, - stack_C_SignRecover, - stack_C_VerifyInit, - stack_C_Verify, - stack_C_VerifyUpdate, - stack_C_VerifyFinal, - stack_C_VerifyRecoverInit, - stack_C_VerifyRecover, - stack_C_DigestEncryptUpdate, - stack_C_DecryptDigestUpdate, - stack_C_SignEncryptUpdate, - stack_C_DecryptVerifyUpdate, - stack_C_GenerateKey, - stack_C_GenerateKeyPair, - stack_C_WrapKey, - stack_C_UnwrapKey, - stack_C_DeriveKey, - stack_C_SeedRandom, - stack_C_GenerateRandom, - stack_C_WaitForSlotEvent -}; - -CK_X_FUNCTION_LIST p11_virtual_base = { - { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, /* version */ - base_C_Initialize, - base_C_Finalize, - base_C_GetInfo, - base_C_GetSlotList, - base_C_GetSlotInfo, - base_C_GetTokenInfo, - base_C_GetMechanismList, - base_C_GetMechanismInfo, - base_C_InitToken, - base_C_InitPIN, - base_C_SetPIN, - base_C_OpenSession, - base_C_CloseSession, - base_C_CloseAllSessions, - base_C_GetSessionInfo, - base_C_GetOperationState, - base_C_SetOperationState, - base_C_Login, - base_C_Logout, - base_C_CreateObject, - base_C_CopyObject, - base_C_DestroyObject, - base_C_GetObjectSize, - base_C_GetAttributeValue, - base_C_SetAttributeValue, - base_C_FindObjectsInit, - base_C_FindObjects, - base_C_FindObjectsFinal, - base_C_EncryptInit, - base_C_Encrypt, - base_C_EncryptUpdate, - base_C_EncryptFinal, - base_C_DecryptInit, - base_C_Decrypt, - base_C_DecryptUpdate, - base_C_DecryptFinal, - base_C_DigestInit, - base_C_Digest, - base_C_DigestUpdate, - base_C_DigestKey, - base_C_DigestFinal, - base_C_SignInit, - base_C_Sign, - base_C_SignUpdate, - base_C_SignFinal, - base_C_SignRecoverInit, - base_C_SignRecover, - base_C_VerifyInit, - base_C_Verify, - base_C_VerifyUpdate, - base_C_VerifyFinal, - base_C_VerifyRecoverInit, - base_C_VerifyRecover, - base_C_DigestEncryptUpdate, - base_C_DecryptDigestUpdate, - base_C_SignEncryptUpdate, - base_C_DecryptVerifyUpdate, - base_C_GenerateKey, - base_C_GenerateKeyPair, - base_C_WrapKey, - base_C_UnwrapKey, - base_C_DeriveKey, - base_C_SeedRandom, - base_C_GenerateRandom, - base_C_WaitForSlotEvent -}; diff --git a/p11-kit/virtual.h b/p11-kit/virtual.h deleted file mode 100644 index 97d2a7c..0000000 --- a/p11-kit/virtual.h +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat, Inc - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef __P11_VIRTUAL_H__ -#define __P11_VIRTUAL_H__ - -#include "pkcs11.h" -#include "pkcs11i.h" -#include "array.h" - -typedef struct { - CK_X_FUNCTION_LIST funcs; - void *lower_module; - p11_destroyer lower_destroy; -} p11_virtual; - -extern CK_X_FUNCTION_LIST p11_virtual_base; - -extern CK_X_FUNCTION_LIST p11_virtual_stack; - -void p11_virtual_init (p11_virtual *virt, - CK_X_FUNCTION_LIST *funcs, - void *lower_module, - p11_destroyer lower_destroy); - -void p11_virtual_uninit (p11_virtual *virt); - -bool p11_virtual_can_wrap (void); - -CK_FUNCTION_LIST * p11_virtual_wrap (p11_virtual *virt, - p11_destroyer destroyer); - -bool p11_virtual_is_wrapper (CK_FUNCTION_LIST *module); - -void p11_virtual_unwrap (CK_FUNCTION_LIST *module); - -#endif /* __P11_VIRTUAL_H__ */ diff --git a/po/LINGUAS b/po/LINGUAS deleted file mode 100644 index 3d3552a..0000000 --- a/po/LINGUAS +++ /dev/null @@ -1,71 +0,0 @@ -# Set of available languages. -ar -as -az -bg -bn_IN -ca -ca@valencia -cs -cy -da -de -el -en@boldquot -en_GB -en@quot -eo -es -eu -fa -fi -fo -fr -ga -gl -gu -he -hi -hr -hu -ia -id -it -ja -ka -kk -kn -ko -lt -lv -ml -mr -ms -nb -nl -nn -or -pa -pl -pt -pt_BR -ro -ru -sk -sl -sq -sr -sr@latin -sv -ta -te -th -tr -uk -vi -wa -zh_CN -zh_HK -zh_TW -oc -et diff --git a/po/Makevars b/po/Makevars deleted file mode 100644 index 0ae10b6..0000000 --- a/po/Makevars +++ /dev/null @@ -1,41 +0,0 @@ -# Makefile variables for PO directory in any package using GNU gettext. - -# Usually the message domain is the same as the package name. -DOMAIN = $(PACKAGE) - -# These two variables depend on the location of this directory. -subdir = po -top_builddir = .. - -# These options get passed to xgettext. -XGETTEXT_OPTIONS = --keyword=_ --keyword=N_ - -# This is the copyright holder that gets inserted into the header of the -# $(DOMAIN).pot file. Set this to the copyright holder of the surrounding -# package. (Note that the msgstr strings, extracted from the package's -# sources, belong to the copyright holder of the package.) Translators are -# expected to transfer the copyright for their translations to this person -# or entity, or to disclaim their copyright. The empty string stands for -# the public domain; in this case the translators are expected to disclaim -# their copyright. -COPYRIGHT_HOLDER = Collabora Ltd. - -# This is the email address or URL to which the translators shall report -# bugs in the untranslated strings: -# - Strings which are not entire sentences, see the maintainer guidelines -# in the GNU gettext documentation, section 'Preparing Strings'. -# - Strings which use unclear terms or require additional context to be -# understood. -# - Strings which make invalid assumptions about notation of date, time or -# money. -# - Pluralisation problems. -# - Incorrect English spelling. -# - Incorrect formatting. -# It can be your email address, or a mailing list address where translators -# can write to without being subscribed, or the URL of a web page through -# which the translators can contact you. -MSGID_BUGS_ADDRESS = - -# This is the list of locale categories, beyond LC_MESSAGES, for which the -# message catalogs shall be used. It is usually empty. -EXTRA_LOCALE_CATEGORIES = diff --git a/po/POTFILES.in b/po/POTFILES.in deleted file mode 100644 index 3e15306..0000000 --- a/po/POTFILES.in +++ /dev/null @@ -1,2 +0,0 @@ -# List of source files which contain translatable strings. -p11-kit/messages.c diff --git a/po/ar.po b/po/ar.po deleted file mode 100644 index 8978cd9..0000000 --- a/po/ar.po +++ /dev/null @@ -1,342 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2012-02-29 09:23+0000\n" -"Last-Translator: FULL NAME \n" -"Language-Team: Arabic (http://www.transifex.com/freedesktop/p11-kit/language/ar/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: ar\n" -"Plural-Forms: nplurals=6; plural=n==0 ? 0 : n==1 ? 1 : n==2 ? 2 : n%100>=3 && n%100<=10 ? 3 : n%100>=11 && n%100<=99 ? 4 : 5;\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/po/as.po b/po/as.po deleted file mode 100644 index 96e8e5c..0000000 --- a/po/as.po +++ /dev/null @@ -1,342 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2012-02-29 09:23+0000\n" -"Last-Translator: FULL NAME \n" -"Language-Team: Assamese (http://www.transifex.com/freedesktop/p11-kit/language/as/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: as\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/po/az.po b/po/az.po deleted file mode 100644 index 35a8502..0000000 --- a/po/az.po +++ /dev/null @@ -1,342 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2012-02-29 09:23+0000\n" -"Last-Translator: FULL NAME \n" -"Language-Team: Azerbaijani (http://www.transifex.com/freedesktop/p11-kit/language/az/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: az\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/po/bg.po b/po/bg.po deleted file mode 100644 index 539eaa8..0000000 --- a/po/bg.po +++ /dev/null @@ -1,342 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2013-11-20 10:27+0000\n" -"Last-Translator: Stef Walter \n" -"Language-Team: Bulgarian (http://www.transifex.com/freedesktop/p11-kit/language/bg/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: bg\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/po/bn_IN.po b/po/bn_IN.po deleted file mode 100644 index a399159..0000000 --- a/po/bn_IN.po +++ /dev/null @@ -1,342 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2012-02-29 09:23+0000\n" -"Last-Translator: FULL NAME \n" -"Language-Team: Bengali (India) (http://www.transifex.com/freedesktop/p11-kit/language/bn_IN/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: bn_IN\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/po/boldquot.sed b/po/boldquot.sed deleted file mode 100644 index 4b937aa..0000000 --- a/po/boldquot.sed +++ /dev/null @@ -1,10 +0,0 @@ -s/"\([^"]*\)"/“\1”/g -s/`\([^`']*\)'/‘\1’/g -s/ '\([^`']*\)' / ‘\1’ /g -s/ '\([^`']*\)'$/ ‘\1’/g -s/^'\([^`']*\)' /‘\1’ /g -s/“”/""/g -s/“/“/g -s/”/”/g -s/‘/‘/g -s/’/’/g diff --git a/po/ca.po b/po/ca.po deleted file mode 100644 index 6f042e6..0000000 --- a/po/ca.po +++ /dev/null @@ -1,342 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2012-02-29 09:23+0000\n" -"Last-Translator: FULL NAME \n" -"Language-Team: Catalan (http://www.transifex.com/freedesktop/p11-kit/language/ca/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: ca\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/po/ca@valencia.po b/po/ca@valencia.po deleted file mode 100644 index d429cc4..0000000 --- a/po/ca@valencia.po +++ /dev/null @@ -1,342 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2012-02-29 09:23+0000\n" -"Last-Translator: FULL NAME \n" -"Language-Team: Catalan (Valencian) (http://www.transifex.com/freedesktop/p11-kit/language/ca@valencia/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: ca@valencia\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/po/cs.po b/po/cs.po deleted file mode 100644 index 5b5bfd4..0000000 --- a/po/cs.po +++ /dev/null @@ -1,343 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -# Jozef Mlích , 2015 -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2015-07-07 06:46+0000\n" -"Last-Translator: Jozef Mlích \n" -"Language-Team: Czech (http://www.transifex.com/freedesktop/p11-kit/language/cs/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: cs\n" -"Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "Operace byla zrušena" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "Není k dispozici dostatek paměti" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "Vnitřní chyba" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "Operace selhala" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "Modul nemůže vytvořit požadované vlákna" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "Modul nemůže správně zamknout data" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "Pole je pouze pro čtení" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "Pole je citlivé a nemůže být odkryto" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "Pole je neplatné nebo neexistuje" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "Nesprávná hodnota pole" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "Data nejsou platné nebo rozpoznané" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "Data jsou příliš velká" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "Nastala chyba na zařízení" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "Na zařízení není k dispozici dostak paměti" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "Zařízení bylo odstraněno nebo odpojeno" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "Šifrovaná data nejsou platná nebo rozpoznaná" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "Šifrované data jsou příliš dlouhé" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "Operace není podporovaná" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "Klíč chybí nebo je neplatný" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "Klíč má chybnou velikost" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "Klíč má chybný typ" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "Není potřeba žádný klíč" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "Klíč je jiný než byl před tím" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "Je požadován klíč" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "S tímto klíčem nelze operaci dokončit" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "Tento klíč nelze exportovat" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "Šiforvací mechanizmus je neplatný nebo nerozpoznaný" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "Šiforvací mechanizmus má neplatný argument" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "Objekt chybí nebo je neplatný" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "Heslo nebo PIN nejsou správné" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "Heslo nebo PIN nejsou plané" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "Heslo nebo PIN mají neplatnou délku" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "Heslo nebo PIN vypršeli" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "Heslo nebo PIN jsou uzamčeny" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "Podpis je špatný nebo poškozený" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "Podpis nelze rozpoznat nebo je poškozený" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "Některé požadované pole chybí" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "Některé pole mají neplatné hodnoty" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "Zařízení není přítomno nebo je odpojeno" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "Zařízení je neplatné nebo jej není možné rozpoznat" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "Zařízení je chráněné proti zápisu" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "Není možné importovat z důvodu neplatného klíče" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "Není možné importovat z důvodu chybné velikosti klíče" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "Není možné importovat z důvodu chybného typu klíče" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "Už jste příhlášen" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "Není přihlášený žádný uživatel" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "Uživatelovo heslo nebo PIN není nastavený" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "Neplatný typ uživatele" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "Už je příhlášený jiný uživatel" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "Je přihlášeno příliš mnoho různých typů uživatelů" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "Neplatný klíč nelze importovat" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "Nelze importovat klíč o chybné velikosti" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "Nelze exportovat, protože klíč není platný" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "Nelze exportovat, protože klíč má chybnou velikost" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "Nelze exportovat, protože klíč má nesprávný typ" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "Nelze inicializovat generátor náhodných čísel" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "Není k dispozici žádný generátor náhodných čísel" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "Šiforvací mechanizmus má neplatný parametr" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "Nedostatek místa pro uložení výsledku" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "Uložený stav je neplatný" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "Informace je citlivá a nemůže být odkryta" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "Stav nemohl být uložen" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "Modul nemohl být inicializován" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "Modul již byl inicializován" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "Data nelze zamknout" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "Data nemůžou být zamknutá" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "Požadavek byl uživatelem zamítnut" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "Neznámá chyba" diff --git a/po/cy.po b/po/cy.po deleted file mode 100644 index f5e2b58..0000000 --- a/po/cy.po +++ /dev/null @@ -1,342 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2012-02-29 09:23+0000\n" -"Last-Translator: FULL NAME \n" -"Language-Team: Welsh (http://www.transifex.com/freedesktop/p11-kit/language/cy/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: cy\n" -"Plural-Forms: nplurals=4; plural=(n==1) ? 0 : (n==2) ? 1 : (n != 8 && n != 11) ? 2 : 3;\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/po/da.po b/po/da.po deleted file mode 100644 index 1f01343..0000000 --- a/po/da.po +++ /dev/null @@ -1,343 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -# Joe Hansen , 2013 -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2013-12-24 13:36+0000\n" -"Last-Translator: Joe Hansen \n" -"Language-Team: Danish (http://www.transifex.com/freedesktop/p11-kit/language/da/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: da\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "Handlingen blev afbrudt" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "Der er ikke nok hukommelse" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "Det angivne slot-id er ikke gyldigt" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "Intern fejl" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "Handlingen mislykkedes" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "Ugyldige parametre" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "Modulet kan ikke oprette krævede tråde" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "Modulet kan ikke låse data korrekt" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "Feltet er skrivebeskyttet" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "Feltet er sensitivt kan ikke afsløres" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "Feltet er ugyldigt eller findes ikke" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "Ugyldigt værdi for felt" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "Dataene er ikke gyldige eller blev ikke genkendt" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "Dataene er for lange" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "Der opstod en fejl på enheden" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "Utilstrækkelig tilgængelig hukommelse på enheden" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "Enheden blev fjernet eller frakoblet" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "De krypterede data er ikke gyldige eller blev ikke genkendt" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "De krypterede data er for lange" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "Denne handling er ikke understøttet" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "Nøglen mangler eller er ugyldig" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "Nøglen har forkert størrelse" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "Nøglen har forkert type" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "Ingen nøgle er krævet" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "Nøglen er anderledes end tidligere" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "En nøgle er krævet" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "Kan ikke inkludere nøglen i sammendraget" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "Denne handling kan ikke udføres med denne nøgle" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "Nøglen kan ikke omsluttes" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "Kan ikke eksportere denne nøgle" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "Kryptomekanismen er ugyldig eller blev ikke genkendt" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "Kryptomekanismen har en ugyldig parameter" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "Objektet mangler eller er ugyldigt" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "En anden handling foregår allerede" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "Der udføres ingen handling" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "Adgangskoden eller PIN er ikke korrekt" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "Adgangskoden eller PIN er ugyldig" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "Adgangskoden eller PIN har forkert længde" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "Adgangskoden eller PIN er udløbet" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "Adgangskoden eller PIN er låst" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "Sessionen er låst" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "For mange sessioner er aktive" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "Sessionen er ugyldig" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "Sessionen er skrivebeskyttet" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "Der findes en åben session" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "Der findes en skrivebeskyttet session" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "Der findes en administratorsession" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "Underskriften er ugyldig eller ødelagt" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "Underskriften kunne ikke genkendes eller er ødelagt" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "Bestemte krævede felter mangler" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "Bestemte felter har ugyldige værdier" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "Enheden er ikke til stede eller frakoblet" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "Enheden er ugyldig eller kan ikke genkendes" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "Enheden er skrivebeskyttet" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "Kan ikke importere da nøglen er ugyldig" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "Kan ikke importere da nøglen har forkert størrelse" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "Kan ikke importere da nøglen har forkert type" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "Du er allerede logget ind" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "Ingen bruger har logget ind" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "Brugerens adgangskode eller PIN er ikke angivet" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "Brugeren er af ugyldig type" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "En anden bruger er allerede logget ind" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "For mange brugere af forskellige typer er logget ind" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "Kan ikke importere en ugyldig nøgle" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "Kan ikke importere en nøgle med forkert størrelse" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "Kan ikke eksportere da nøglen er ugyldig" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "Kan ikke eksportere da nøglen har forkert størrelse" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "Kan ikke eksportere da nøglen har forkert type" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "Kan ikke initialisere oprettelsesprogrammet for vilkårlige tal" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "Intet oprettelsesprogram for vilkårlige tal er tilgængeligt" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "Kryptomekanismen har en ugyldig parameter" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "Ikke nok plads til at lagre resultatet" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "Den lagrede tilstand er ugyldig" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "Informationen er sensitiv og kan ikke afsløres" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "Tilstanden kan ikke gemmes" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "Modulet er ikke blevet initialiseret" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "Modulet er allerede blevet initialiseret" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "Kan ikke låse data" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "Dataene kan ikke låses" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "Forespørgslen blev afvist af brugeren" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "Ukendt fejl" diff --git a/po/de.po b/po/de.po deleted file mode 100644 index 1c728fd..0000000 --- a/po/de.po +++ /dev/null @@ -1,344 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -# Ettore Atalan , 2014 -# Mario Blättermann , 2012 -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2014-09-22 15:30+0000\n" -"Last-Translator: Ettore Atalan \n" -"Language-Team: German (http://www.transifex.com/freedesktop/p11-kit/language/de/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: de\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "Die Aktion wurde abgebrochen." - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "Nicht genügend Speicher verfügbar" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "Die angegebene Slot-Kennziffer ist ungültig." - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "Interner Fehler" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "Die Aktion ist fehlgeschlagen." - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "Ungültige Argumente" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "Das Modul kann nicht die benötigten Threads erzeugen." - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "Das Modul kann die Daten nicht ordnungsgemäß sperren." - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "Das Feld hat nur Lesezugriff." - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "Das Feld ist sensibel und kann nicht offengelegt werden." - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "Das Feld ist ungültig oder es existiert nicht." - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "Ungültiger Wert für Feld" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "Die Daten sind ungültig oder konnten nicht erkannt werden." - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "Die Daten sind zu lang." - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "Auf dem Gerät trat ein Fehler auf." - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "Auf dem Gerät ist nicht genügend Speicher verfügbar." - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "Das Gerät wurde entfernt oder abgezogen." - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "Die verschlüsselten Daten sind nicht gültig oder konnten nicht erkannt werden." - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "Die verschlüsselten Daten sind zu lang." - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "Diese Aktion wird nicht unterstützt." - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "Der Schlüssel fehlt oder ist ungültig." - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "Der Schlüssel hat die falsche Größe." - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "Der Schlüssel ist vom falschen Typ." - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "Es wird kein Schlüssel benötigt." - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "Der Schlüssel ist anders als vorher." - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "Es wird ein Schlüssel benötigt." - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "Der Schlüssel kann nicht in den Digest integriert werden." - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "Diese Aktion kann nicht mit diesem Schlüssel durchgeführt werden." - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "Der Schlüssel kann nicht eingepackt werden." - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "Dieser Schlüssel kann nicht exportiert werden." - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "Der kryptografische Mechanismus ist ungültig oder konnte nicht erkannt werden." - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "Der kryptografische Mechanismus hat ein ungültiges Argument." - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "Das Objekt fehlt oder ist ungültig." - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "Es findet bereits eine andere Aktion statt." - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "Es findet keine Aktion statt." - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "Das Passwort oder die PIN ist nicht korrekt." - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "Das Passwort oder die PIN ist ungültig." - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "Das Passwort oder die PIN hat eine ungültige Länge." - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "Das Passwort oder die PIN ist abgelaufen." - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "Das Passwort oder die PIN ist gesperrt." - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "Die Sitzung ist beendet." - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "Es sind zu viele Sitzungen aktiv." - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "Die Sitzung ist ungültig." - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "Die Sitzung hat nur Lesezugriff." - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "Es existiert eine offene Sitzung." - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "Es existiert eine Sitzung mit reinem Lesezugriff." - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "Es existiert eine Administratorsitzung." - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "Die Signatur ist falsch oder beschädigt." - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "Die Signatur wurde nicht erkannt oder ist beschädigt." - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "Einige benötigte Felder fehlen." - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "Einige Felder haben ungültige Werte." - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "Das Gerät ist nicht vorhanden oder abgezogen." - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "Das Gerät ist ungültig oder unbekannt." - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "Das Gerät ist schreibgeschützt." - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "Kann nicht importiert werden, da der Schlüssel ungültig ist" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "Kann nicht importiert werden, da der Schlüssel die falsche Größe hat" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "Kann nicht importiert werden, da der Schlüssel vom falschen Typ ist" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "Sie sind bereits angemeldet." - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "Kein Benutzer hat sich angemeldet." - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "Passwort oder PIN des Benutzers ist nicht gesetzt" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "Der Benutzer ist vom falschen Typ." - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "Ein anderer Benutzer ist bereits angemeldet." - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "Zu viele Benutzer unterschiedlicher Typen sind angemeldet." - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "Ein ungültiger Schlüssel kann nicht importiert werden." - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "Ein Schlüssel mit falscher Größe kann nicht importiert werden." - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "Kann nicht exportiert werden, da der Schlüssel ungültig ist" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "Kann nicht exportiert werden, da der Schlüssel die falsche Größe hat" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "Kann nicht exportiert werden, da der Schlüssel vom falschen Typ ist" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "Der Zufallszahlengenerator kann nicht initialisiert werden." - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "Kein Zufallszahlengenerator verfügbar" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "Der kryptografische Mechanismus hat einen ungültigen Parameter." - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "Nicht genug Platz, um das Ergebnis zu speichern" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "Der gespeicherte Status ist ungültig." - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "Die Information ist sensibel und kann nicht offengelegt werden." - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "Der Status kann nicht gespeichert werden." - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "Das Modul wurde nicht initialisiert." - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "Das Modul wurde bereits initialisiert." - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "Daten können nicht gesperrt werden" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "Die Daten können nicht gesperrt werden." - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "Der Anfrage wurde vom Benutzer abgelehnt" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "Unbekannter Fehler" diff --git a/po/el.po b/po/el.po deleted file mode 100644 index c507988..0000000 --- a/po/el.po +++ /dev/null @@ -1,343 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -# Maria Mavridou , 2014 -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2014-04-21 19:51+0000\n" -"Last-Translator: thanos \n" -"Language-Team: Greek (http://www.transifex.com/freedesktop/p11-kit/language/el/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: el\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "Η λειτουργία ακυρώθηκε" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "Ανεπαρκής διαθέσιμη μνήμη" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "H καθορισμένη ταυτότητα υποδοχής δεν είναι έγκυρη" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "Εσωτερικό σφάλμα" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "Η λειτουργία απέτυχε" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "Άκυρα ορίσματα" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "Η μονάδα δεν μπορεί να δημιουργήσει τα αναγκαία νήματα εκτέλεσης" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "Η μονάδα δεν μπορεί να κλειδώσει τα δεδομένα σωστά " - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "Το πεδίο είναι μόνο για ανάγνωση" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "Το πεδίο είναι ευαίσθητο και δεν μπορεί να αποκαλυφθεί" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "Το πεδίο δεν είναι έγκυρο ή δεν υπάρχει" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "Μη έγκυρη τιμή για το πεδίο" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "Τα δεδομένα δεν είναι έγκυρα ή δεν αναγνωρίζονται" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "Τα δεδομένα είναι πολύ μεγάλα" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "Παρουσιάστηκε σφάλμα στη συσκευή" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "Ανεπαρκής διαθέσιμη μνήμη στη συσκευή" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "Η συσκευή απομακρύνθηκε ή αποσυνδέθηκε" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "Τα κρυπτογραφημένα δεδομένα δεν είναι έγκυρα ή δεν αναγνωρίζονται" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "Τα κρυπτογραφημένα δεδομένα είναι πολύ μεγάλα" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "Δεν υποστηρίζεται αυτή η λειτουργία" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "Το κλειδί λείπει ή δεν είναι έγκυρο" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "Το κλειδί έχει λάθος μέγεθος" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "Το κλειδί είναι λάθος τύπου" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "Δεν απαιτείται κλειδί" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "Το κλειδί είναι διαφορετικό από πριν" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "Απαιτείται ένα κλειδί" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "Το κλειδί δεν μπορεί να συμπεριληφθεί στη σύνοψη" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "Αυτή η λειτουργία δεν μπορεί να γίνει με αυτό το κλειδί" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "Το κλειδί δεν μπορεί να αναδιπλωθεί" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "Το κλειδί δεν μπορεί να εξαχθεί" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "Ο κρυπτογραφικός μηχανισμός δεν είναι έγκυρος ή δεν αναγνωρίζεται" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "Ο κρυπτογραφικός μηχανισμός έχει ένα μη έγκυρο όρισμα" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "Το αντικείμενο λείπει ή δεν είναι έγκυρο" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "Μια άλλη λειτουργία ήδη πραγματοποιείται" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "Καμιά λειτουργία δεν πραγματοποιείται" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "Ο κωδικός πρόσβασης ή το PIN είναι λανθασμένο" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "Ο κωδικός πρόσβασης ή το PIN δεν είναι έγκυρο" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "Ο κωδικός πρόσβασης ή το PIN έχει μη έγκυρο μήκος" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "Ο κωδικός πρόσβασης ή το PIN έχει λήξει" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "Ο κωδικός πρόσβασης ή το PIN έχει κλειδωθεί" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "Η συνεδρία είναι κλειστή" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "Πάρα πολλές συνεδρίες είναι ενεργές" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "Η συνεδρία δεν είναι έγκυρη" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "Η συνεδρία είναι μόνο για ανάγνωση" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "Υπάρχει μια ανοιχτή συνεδρία" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "Υπάρχει μια συνεδρία μόνο για ανάγνωση" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "Υπάρχει μια συνεδρία διαχειριστή" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "Η υπογραφή είναι κακή ή κατεστραμμένη" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "Η υπογραφή δεν αναγνωρίζεται ή είναι κατεστραμμένη" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "Ορισμένα από τα απαιτούμενα πεδία λείπουν" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "Ορισμένα πεδία έχουν μη έγκυρες τιμές" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "Η συσκευή δεν υπάρχει ή έχει αποσυνδεθεί" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "Η συσκευή δεν είναι έγκυρη ή δεν αναγνωρίζεται" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "Η συσκευή έχει προστασία εγγραφής" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "Δεν είναι δυνατή η εισαγωγή, διότι το κλειδί δεν είναι έγκυρο" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "Δεν είναι δυνατή η εισαγωγή, διότι το κλειδί είναι το λάθος μεγέθους" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "Δεν είναι δυνατή η εισαγωγή, διότι το κλειδί είναι λάθος τύπου" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "Είστε ήδη συνδεδεμένος" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "Κανένας χρήστης δεν έχει συνδεθεί" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "Ο κωδικός πρόσβασης ή το PIN του χρήστη δεν έχουν οριστεί" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "Ο χρήστης είναι μη έγκυρου τύπου" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "Ένας άλλος χρήστης είναι ήδη συνδεδεμένος" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "Πάρα πολλοί χρήστες διαφόρων τύπων είναι συνδεδεμένοι" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "Δεν είναι δυνατή η εισαγωγή ενός μη έγκυρου κλειδιού" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "Δεν είναι δυνατή η εισαγωγή ενός κλειδού λάθους μεγέθους" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "Δεν είναι δυνατή η εξαγωγή διότι το κλειδί δεν είναι έγκυρο" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "Δεν είναι δυνατή η εξαγωγή διότι το κλειδί είναι λάθους μεγέθους" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "Δεν είναι δυνατή η εξαγωγή διότι το κλειδί είναι λάθος τύπου" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "Αδύνατη η αρχικοποίηση της γεννήτριας τυχαίων αριθμών" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "Δεν υπάρχει γεννήτρια τυχαίων αριθμών" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "Ο κρυπτογραφικός μηχανισμός δεν έχει έγκυρη παράμετρο" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "Δεν υπάρχει αρκετός χώρος για να αποθηκεύσετε το αποτέλεσμα" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "Η αποθηκευμένη αναφορά δεν είναι έγκυρη" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "Η πληροφορία είναι ευαίσθητη και δεν μπορεί να αποκαλυφθεί" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "Η αναφορά δεν μπορεί να σωθεί" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "Η μονάδα δεν έχει προετοιμαστεί" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "Η μονάδα έχει ήδη προετοιμαστεί" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "Δεν μπορείτε να κλειδώσετε τα δεδομένα" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "Τα δεδομένα δεν μπορούν να κλειδωθούν" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "Η αίτηση απορρίφθηκε από το χρήστη" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "Άγνωστο σφάλμα" diff --git a/po/en@boldquot.header b/po/en@boldquot.header deleted file mode 100644 index fedb6a0..0000000 --- a/po/en@boldquot.header +++ /dev/null @@ -1,25 +0,0 @@ -# All this catalog "translates" are quotation characters. -# The msgids must be ASCII and therefore cannot contain real quotation -# characters, only substitutes like grave accent (0x60), apostrophe (0x27) -# and double quote (0x22). These substitutes look strange; see -# http://www.cl.cam.ac.uk/~mgk25/ucs/quotes.html -# -# This catalog translates grave accent (0x60) and apostrophe (0x27) to -# left single quotation mark (U+2018) and right single quotation mark (U+2019). -# It also translates pairs of apostrophe (0x27) to -# left single quotation mark (U+2018) and right single quotation mark (U+2019) -# and pairs of quotation mark (0x22) to -# left double quotation mark (U+201C) and right double quotation mark (U+201D). -# -# When output to an UTF-8 terminal, the quotation characters appear perfectly. -# When output to an ISO-8859-1 terminal, the single quotation marks are -# transliterated to apostrophes (by iconv in glibc 2.2 or newer) or to -# grave/acute accent (by libiconv), and the double quotation marks are -# transliterated to 0x22. -# When output to an ASCII terminal, the single quotation marks are -# transliterated to apostrophes, and the double quotation marks are -# transliterated to 0x22. -# -# This catalog furthermore displays the text between the quotation marks in -# bold face, assuming the VT100/XTerm escape sequences. -# diff --git a/po/en@quot.header b/po/en@quot.header deleted file mode 100644 index a9647fc..0000000 --- a/po/en@quot.header +++ /dev/null @@ -1,22 +0,0 @@ -# All this catalog "translates" are quotation characters. -# The msgids must be ASCII and therefore cannot contain real quotation -# characters, only substitutes like grave accent (0x60), apostrophe (0x27) -# and double quote (0x22). These substitutes look strange; see -# http://www.cl.cam.ac.uk/~mgk25/ucs/quotes.html -# -# This catalog translates grave accent (0x60) and apostrophe (0x27) to -# left single quotation mark (U+2018) and right single quotation mark (U+2019). -# It also translates pairs of apostrophe (0x27) to -# left single quotation mark (U+2018) and right single quotation mark (U+2019) -# and pairs of quotation mark (0x22) to -# left double quotation mark (U+201C) and right double quotation mark (U+201D). -# -# When output to an UTF-8 terminal, the quotation characters appear perfectly. -# When output to an ISO-8859-1 terminal, the single quotation marks are -# transliterated to apostrophes (by iconv in glibc 2.2 or newer) or to -# grave/acute accent (by libiconv), and the double quotation marks are -# transliterated to 0x22. -# When output to an ASCII terminal, the single quotation marks are -# transliterated to apostrophes, and the double quotation marks are -# transliterated to 0x22. -# diff --git a/po/en_GB.po b/po/en_GB.po deleted file mode 100644 index c5e9281..0000000 --- a/po/en_GB.po +++ /dev/null @@ -1,343 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -# Andi Chandler , 2013 -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2013-11-20 10:27+0000\n" -"Last-Translator: Andi Chandler \n" -"Language-Team: English (United Kingdom) (http://www.transifex.com/freedesktop/p11-kit/language/en_GB/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: en_GB\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "The operation was cancelled" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "Insufficient memory available" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "The specified slot ID is not valid" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "Internal error" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "The operation failed" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "Invalid arguments" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "The module cannot create needed threads" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "The module cannot lock data properly" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "The field is read-only" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "The field is sensitive and cannot be revealed" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "The field is invalid or does not exist" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "Invalid value for field" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "The data is not valid or unrecognised" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "The data is too long" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "An error occurred on the device" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "Insufficient memory available on the device" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "The device was removed or unplugged" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "The encrypted data is not valid or unrecognised" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "The encrypted data is too long" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "This operation is not supported" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "The key is missing or invalid" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "The key is the wrong size" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "The key is of the wrong type" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "No key is needed" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "The key is different than before" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "A key is needed" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "Cannot include the key in the digest" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "This operation cannot be done with this key" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "The key cannot be wrapped" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "Cannot export this key" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "The crypto mechanism is invalid or unrecognised" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "The crypto mechanism has an invalid argument" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "The object is missing or invalid" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "Another operation is already taking place" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "No operation is taking place" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "The password or PIN is incorrect" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "The password or PIN is invalid" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "The password or PIN is of an invalid length" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "The password or PIN has expired" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "The password or PIN is locked" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "The session is closed" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "Too many sessions are active" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "The session is invalid" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "The session is read-only" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "An open session exists" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "A read-only session exists" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "An administrator session exists" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "The signature is bad or corrupted" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "The signature is unrecognised or corrupted" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "Certain required fields are missing" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "Certain fields have invalid values" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "The device is not present or unplugged" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "The device is invalid or unrecognisable" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "The device is write protected" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "Cannot import because the key is invalid" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "Cannot import because the key is of the wrong size" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "Cannot import because the key is of the wrong type" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "You are already logged in" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "No user has logged in" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "The user's password or PIN is not set" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "The user is of an invalid type" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "Another user is already logged in" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "Too many users of different types are logged in" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "Cannot import an invalid key" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "Cannot import a key of the wrong size" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "Cannot export because the key is invalid" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "Cannot export because the key is of the wrong size" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "Cannot export because the key is of the wrong type" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "Unable to initialise the random number generator" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "No random number generator available" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "The crypto mechanism has an invalid parameter" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "Not enough space to store the result" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "The saved state is invalid" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "The information is sensitive and cannot be revealed" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "The state cannot be saved" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "The module has not been initialised" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "The module has already been initialised" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "Cannot lock data" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "The data cannot be locked" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "The request was rejected by the user" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "Unknown error" diff --git a/po/eo.po b/po/eo.po deleted file mode 100644 index 8ea1ae3..0000000 --- a/po/eo.po +++ /dev/null @@ -1,343 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -# kristjan , 2012 -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2013-11-20 10:27+0000\n" -"Last-Translator: Stef Walter \n" -"Language-Team: Esperanto (http://www.transifex.com/freedesktop/p11-kit/language/eo/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: eo\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "La operacio estas nuligita" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "Ne sufiĉe da memoro estas disponebla" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "Interna eraro" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "La operacio malsukcesis" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "Nevalidaj argumentoj" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "La kampo estas nevalida aŭ ne ekzistas" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "Nevalida valoro por kampo" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "La datumo estas tro longa" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "Eraro okazis je aparato" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "Ŝlosilo estas bezonata" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "La seanco estas nevalida" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "Neniu uzanto estas ensalutita" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "Alia uzanto jam estas ensalutita" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "Nekonata eraro" diff --git a/po/es.po b/po/es.po deleted file mode 100644 index c2219b9..0000000 --- a/po/es.po +++ /dev/null @@ -1,344 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -# Adolfo Jayme Barrientos, 2012 -# Daniel Mustieles , 2012-2013 -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2013-11-20 10:27+0000\n" -"Last-Translator: Daniel Mustieles \n" -"Language-Team: Spanish (http://www.transifex.com/freedesktop/p11-kit/language/es/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: es\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "Se canceló la operación" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "No hay suficiente memoria disponible" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "El ID de la ranura especificada no es válido" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "Error interno" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "Falló la operación" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "Argumentos no válidos" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "El módulo no puede crear los hilos necesarios" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "El módulo no puede bloquear los datos correctamente" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "El campo es de solo lectura" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "El campo es sensible y no se puede revelar" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "El campo no es válido o no existe" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "Valor no válido para el campo" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "Los datos no son válidos o no se reconocen" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "Los datos son demasiado largos" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "Ha ocurrido un error en el dispositivo" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "No hay memoria suficiente disponible en el dispositivo" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "Se quitó o desconectó el dispositivo" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "Los datos cifrados no son válidos o no se reconocen" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "Los datos cifrados son demasiado largos" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "Esta operación no está soportada" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "Falta la clave o no es válida" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "El tamaño de la clave es incorrecto" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "El tipo de la clave es incorrecto" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "No se necesita ninguna clave" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "La clave no es igual que antes" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "Se necesita una clave" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "No se puede incluir la clave en el resumen" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "No se puede hacer esta operación con esta clave" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "No se puede encapsular la clave" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "No se puede exportar esta clave" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "El mecanismo de cifrado no es válido o no se ha reconocido" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "El mecanismo de cifrado tiene un argumento no válido" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "Falta el objeto o no es válido" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "Ya hay otra operación en curso" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "No hay ninguna operación en curso" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "La contraseña o el PIN son incorrectos" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "La contraseña o el PIN no son válidos" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "La contraseña o PIN tiene una longitud no válida" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "La contraseña o el PIN han expirado" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "La contraseña o el PIN están bloqueados" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "La sesión está cerrada" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "Hay demasiadas sesiones activas" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "La sesión no es válida" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "La sesión es de solo lectura" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "Existe una sesión abierta" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "Existe una sesión de solo lectura" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "Existe una sesión de administrador" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "La firma tiene errores o está dañada" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "La firma no se reconoce o está dañada" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "Faltan ciertos campos requeridos" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "Ciertos campos tienen valores no válidos" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "El dispositivo no está presente o está desconectado" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "El dispositivo no es válido o es irreconocible" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "El dispositivo está protegido contra escritura" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "No se puede importar porque la clave no es válida" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "No se puede importar porque la clave tiene un tamaño incorrecto" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "No se puede importar porque la clave es de un tipo incorrecto" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "Ya ha iniciado sesión" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "Ningún usuario ha iniciado sesión" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "La contraseña o el PIN del usuario no se han establecido" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "El usuario es de un tipo no válido" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "Ya ha iniciado sesión otro usuario" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "Han iniciado sesión demasiados usuarios de varios tipos" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "No se puede importar una clave no válida" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "No se puede importar una clave del tamaño incorrecto" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "No se puede exportar poque la clave no es válida" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "No se puede exportar porque la clave tiene un tamaño incorrecto" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "No se puede exportar porque la clave es del tipo incorrecto" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "No se puede inicializar el generador de números aleatorios" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "No hay ningún generador de números aleatorios disponible" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "El mecanismo de cifrado tiene un parámetro no válido" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "No hay espacio suficiente para guardar el resultado" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "El estado guardado no es válido" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "La información es sensible y no se puede revelar" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "No se puede guardar el estado" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "No se ha inicializado el módulo" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "Ya se ha inicializado el módulo" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "No se pueden bloquear los datos" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "No se pueden bloquear los datos" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "El usuario rechazó la solicitud" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "Error desconocido" diff --git a/po/et.po b/po/et.po deleted file mode 100644 index 5af8feb..0000000 --- a/po/et.po +++ /dev/null @@ -1,342 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2012-02-29 09:23+0000\n" -"Last-Translator: FULL NAME \n" -"Language-Team: Estonian (http://www.transifex.com/freedesktop/p11-kit/language/et/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: et\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/po/eu.po b/po/eu.po deleted file mode 100644 index 5e1c583..0000000 --- a/po/eu.po +++ /dev/null @@ -1,342 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2013-11-20 10:27+0000\n" -"Last-Translator: Stef Walter \n" -"Language-Team: Basque (http://www.transifex.com/freedesktop/p11-kit/language/eu/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: eu\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/po/fa.po b/po/fa.po deleted file mode 100644 index 7b0069e..0000000 --- a/po/fa.po +++ /dev/null @@ -1,342 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2013-11-20 10:27+0000\n" -"Last-Translator: Stef Walter \n" -"Language-Team: Persian (http://www.transifex.com/freedesktop/p11-kit/language/fa/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: fa\n" -"Plural-Forms: nplurals=1; plural=0;\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/po/fi.po b/po/fi.po deleted file mode 100644 index 98c9e4a..0000000 --- a/po/fi.po +++ /dev/null @@ -1,345 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -# Eerik Uusi-Illikainen https://launchpad.net/~ekiuusi-4, 2012 -# Jiri Grönroos , 2012-2013 -# Timo Jyrinki , 2012 -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2013-11-20 10:27+0000\n" -"Last-Translator: Jiri Grönroos \n" -"Language-Team: Finnish (http://www.transifex.com/freedesktop/p11-kit/language/fi/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: fi\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "Toiminto keskeytettiin" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "Muisti ei riitä" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "Annettu lohkotunniste ei ole kelvollinen" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "Sisäinen virhe" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "Toiminto epäonnistui" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "Virheellisiä argumentteja" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "Moduuli ei voi luoda vaadittavia säikeitä" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "Moduuli ei voi lukita tietoa kunnolla" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "Kenttä on vain luettavissa" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "Kenttä on arkaluonteinen eikä sitä voida paljastaa" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "Kenttä on virheellinen tai sitä ei ole olemassa" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "Kentän arvo on virheellinen" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "Tieto ei ole kelvollista tai sitä ei voida tunnistaa" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "Tieto on liian pitkä" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "Tapahtui virhe laitteella" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "Laitteen muistimäärä liian vähäinen" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "Laite poistettiin tai irrotettiin" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "Salattu tieto ei ole kelvollista tai sitä ei voida tunnistaa" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "Salattu tieto on liian pitkä" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "Tämä toiminto ei ole tuettu" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "Avain puuttuu tai on virheellinen" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "Avain on väärän kokoinen" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "Avain on väärää tyyppiä" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "Avainta ei vaadita" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "Avain on eri kuin aikaisempi" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "Avain vaaditaan" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "Avainta ei voi sisällyttää tiivisteeseen" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "Tätä toimintoa ei voi tehdä tällä avaimella" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "Avainta ei voi rivittää" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "Tätä avainta ei voi viedä" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "Salausmekanismi on virheellinen tai sitä ei voida tunnistaa" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "Salausmekanismissa on virheellinen argumentti" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "Kohde puuttuu tai on virheellinen" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "Toinen toiminto on jo käynnissä" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "Yhtään toimintoa ei ole käynnissä" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "Salasana tai PIN-koodi on väärä" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "Salasana tai PIN-koodi on virheellinen" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "Salasanan tai PIN-koodin pituus on virheellinen" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "Salasana tai PIN-koodi on vanhentunut" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "Salasana tai PIN-koodin on lukittu" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "Istunto on suljettu" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "Liian monta aktiivista istuntoa" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "Istunto on virheellinen" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "Istunto on vain luettavissa" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "Avoin istunto on olemassa" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "Lukutilassa oleva istunto on olemassa" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "Ylläpitäjän istunto on olemassa" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "Allekirjoitus on virheellinen tai vioittunut" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "Allekirjoitusta ei voida tunnistaa tai se on vioittunut" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "Jotkut vaadituista kentistä puuttuvat" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "Jotkin kentät sisältävät virheellisia arvoja" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "Laite ei ole saatavilla tai se on irrotettu" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "Laite on virheellinen tai sitä ei voida tunnistaa" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "Laite on kirjoitussuojattu" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "Tuonti epäonnistui koska avain on virheellinen" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "Tuonti epäonnistui koska avain on väärän kokoinen" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "Tuonti epäonnistui koska avain on väärää tyyppiä" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "Olet jo kirjautuneena sisään" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "Käyttäjiä ei ole kirjautuneena sisään" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "Käyttäjän salasanaa tai PIN-koodia ei ole asetettu" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "Käyttäjä on väärän tyyppinen" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "Toinen käyttäjä on jo kirjautunut sisään" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "Liian monta eri tyyppistä käyttäjää on kirjautuneena sisään" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "Virheellistä avainta ei voida tuoda" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "Väärän kokoista avainta ei voida tuoda" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "Vienti ei onnistu koska avain on virheellinen" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "Vienti ei onnistu koska avain on väärän kokoinen" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "Vienti ei onnistu koska avain on väärän tyyppinen" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "Satunnaislukugeneraattoria ei voida alustaa" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "Satunnaislukugeneraattoria ei ole saatavilla" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "Salausmekanismin parametri on virheellinen" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "Liian vähän tilaa tulosten tallentamiseen" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "Tallennettu tila on virheellinen" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "Tieto on luottamuksellista eikä sitä voida paljastaa" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "Tilaa ei voida tallentaa" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "Moduulia ei ole alustettu" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "Moduuli on jo alustettu" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "Tietoa ei voida lukita" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "Tietoa ei voida lukita" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "Pyyntö hylättiin käyttäjän toimesta" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "Tuntematon virhe" diff --git a/po/fo.po b/po/fo.po deleted file mode 100644 index 1e5c2ae..0000000 --- a/po/fo.po +++ /dev/null @@ -1,342 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2012-02-29 09:23+0000\n" -"Last-Translator: FULL NAME \n" -"Language-Team: Faroese (http://www.transifex.com/freedesktop/p11-kit/language/fo/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: fo\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/po/fr.po b/po/fr.po deleted file mode 100644 index b2aa2d6..0000000 --- a/po/fr.po +++ /dev/null @@ -1,344 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -# Jérôme Fenal , 2013 -# lkppo, 2013 -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2013-11-20 10:27+0000\n" -"Last-Translator: Jérôme Fenal \n" -"Language-Team: French (http://www.transifex.com/freedesktop/p11-kit/language/fr/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: fr\n" -"Plural-Forms: nplurals=2; plural=(n > 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "L'opération a été annulée" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "Mémoire disponible insuffisante" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "L'identifiant de slot indiqué est invalide" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "Erreur interne" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "L'opération a échouée" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "Arguments invalides" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "Le module ne peut créer les fils d'exécution nécessaire" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "Le module ne peut verrouiller correctement les données" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "Le champ est en lecture seule" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "Le champ est sensible et ne peut être révélé" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "Le champ est invalide ou n'existe pas" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "Valeur invalide pour le champ" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "La donnée est invalide ou non reconnue" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "Données trop longues" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "Une erreur est survenue sur le périphérique" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "Mémoire insuffisante sur le périphérique" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "Le périphérique a été supprimé ou débranché" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "Les données chiffrées sont invalides ou non reconnues" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "Les données chiffrées sont trop longues" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "L'opération n'est pas prise en charge" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "Clef manquante ou invalide" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "La longueur de la Clef est incorrecte" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "Le type de la Clef est incorrect" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "Pas de clef nécessaire" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "La clef est différente de précédemment" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "Une clef est nécessaire" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "Impossible d'inclure la clé dans le condensé" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "Cette opération est incompatible avec cette clef" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "La clé ne peut être emballée" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "La clef n'a pu être exportée" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "Le mécanisme de chiffrement est invalide ou non reconnu" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "Le mécanisme de chiffrement a un argument invalide" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "Objet manquant ou invalide" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "Une autre opération est déjà en cours" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "Aucune opération en cours" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "Le mot de passe ou le code PIN est incorrect" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "Le mot de passe ou le code PIN est invalide" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "La longueur du mot de passe ou du code PIN est incorrecte" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "c" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "Le mot de passe ou le code PIN est bloqué" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "La session est fermée" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "Trop de sessions actives" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "La session est invalide" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "La session est en lecture seule" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "Une session ouverte existe" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "Une session en lecture seule existe" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "Un administrateur de sessions existe" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "La signature est incorrecte ou corrompue" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "La signature ne peu être reconnue ou est corrompue" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "Certains champs requis sont manquants" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "Certains champs ont des valeurs invalides" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "Le périphérique est absent ou débranché" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "Le périphérique est invalide ou non reconnu" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "Le périphérique est protégé en écriture" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "Impossible d'importer car la clé est invalide" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "Impossible d'importer car la clé n'a pas la bonne taille" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "Impossible d'importer car la clé n'est pas du bon type" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "Vous êtes déjà connecté" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "Aucun utilisateur connecté" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "Le mot de passe ou l'identifiant personnel n'est pas configuré" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "L'utilisateur n'a pas le bon type" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "Un autre utilisateur est déjà connecté" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "Trop d'utilisateurs de différents types sont connectés" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "Impossible d'importer une clé invalide" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "Impossible d'importer une clé de la mauvaise taille" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "Impossible d'exporter car la clé est invalide" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "Impossible d'exporter car la clé n'a pas la bonne taille" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "Impossible d'exporter car la clé n'est pas du bon type" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "Impossible d'initialiser le générateur de nombres aléatoires" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "Aucun générateur de nombres aléatoires disponible" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "Le mécanisme de chiffrement a un paramètre invalide" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "Pas assez d'espace pour enregistrer le résultat" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "L'état enregistré est invalide" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "L'information est sensible et ne peut être révélée" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "L'état ne peut être enregistré" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "Le module n'a pas été réinitialisé" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "Le module a déjà été réinitialisé" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "impossible de verrouillé les données" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "Les données ne peuvent être verrouillées" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "La demande a été rejetée par l'utilisateur" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "Erreur inconnue" diff --git a/po/ga.po b/po/ga.po deleted file mode 100644 index 7acd071..0000000 --- a/po/ga.po +++ /dev/null @@ -1,342 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2012-02-29 09:23+0000\n" -"Last-Translator: FULL NAME \n" -"Language-Team: Irish (http://www.transifex.com/freedesktop/p11-kit/language/ga/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: ga\n" -"Plural-Forms: nplurals=5; plural=(n==1 ? 0 : n==2 ? 1 : n<7 ? 2 : n<11 ? 3 : 4);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/po/gl.po b/po/gl.po deleted file mode 100644 index 15202e2..0000000 --- a/po/gl.po +++ /dev/null @@ -1,343 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -# Fran Diéguez , 2012-2013 -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2013-11-20 10:27+0000\n" -"Last-Translator: Fran Diéguez \n" -"Language-Team: Galician (http://www.transifex.com/freedesktop/p11-kit/language/gl/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: gl\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "Cancelouse a operación" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "Non hai memoria dispoñíbel dabondo" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "O ID do slot especificado non é válido" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "Erro interno" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "Operacción fallada" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "Argumentos non válidos" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "O módulo non pode crear os fíos necesarios" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "O módulo non pode bloquear os datos correctamente" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "O campo é de só lectura" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "O campo é sensíbel e non pode ser revelado" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "O campo non é válido ou non existe" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "Valor non válido para o campo" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "O dato non é válido ou non se recoñece" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "O dato é demasiado longo" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "Produciuse un erro no dispositivo" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "A memoria dispoñíbel no dispositivo non é suficiente" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "O dispositivo foi extraído ou desconectado" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "Os datos cifrados non son válidos ou non se recoñecen" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "Os datos cifrados son demasiado longos" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "Esta operación non se admite" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "Falta a chave ou non é válida" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "A chave ten un tamaño incorrecto" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "A chave é dun tipo incorrecto" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "Non se precisa chave" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "A chave é diferente da anterior" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "Precísase unha chave" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "Non é posíbel incluir a chave no digest" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "Esta operación non pode levarse a cabo con esta chave" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "A chave non pode envolverse" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "Non é posíbel exportar esta chave" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "O mecanismo de criptografía non é válido ou non se recoñece" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "O mecanismo de criptografía ten un argumento non válido" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "O obxecto falta ou non é válido" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "Xa se esta executando outra operación" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "Non se está levando a cabo outra operación" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "O contrasinal ou PIN é incorrecto" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "O contrasinal ou PIN non é válido" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "O contrasinal ou PIN ten unha lonxitude non válida" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "O contrasinal ou PIN expirou" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "O contrasinal ou PIN está bloqueado" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "A sesión está pechada" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "Demasiadas sesións activas" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "A sesión non é válida" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "A sesión é e só lectura" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "Existe unha sesión aberta" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "Existe unha sesión de só lectura" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "Existe unha sesión de administrador" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "A sinatura é mala ou está corrompida" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "A sinatura non se recoñece ou está corrompida" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "Faltan algúns campos requiridos" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "Certos campos teñen valores non válidos" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "O dispositivo non está presente ou non está conectado" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "O dispositivo non é válido ou non está conectado" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "O dispositivo está protexido contra a escritura" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "Non é posíbel importar porque a chave non é válida" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "Non é posíbel importar a chave xa que ten un tamaño incorrecto" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "Non é posíbel importar porque a chave ten un tipo non válido" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "Xa ten unha sesión iniciada" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "Non hai usuarios coa sesión iniciada" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "O contrasinal ou PIN do usuario non está estabelecido" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "O usuario ten un tipo non válido" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "Xa hai outro usuario coa sesión iniciada" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "Hai varios usuarios de tipos diferentes coa sesión iniciada" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "Non é posíble importar unha chave non válida" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "Non é posíbel importar unha chave de tamaño incorrecto" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "Non é posíbel exportar a chave porque non é válida" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "Non é posíbel exportar a chave porque ten un tamaño incorrecto " - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "Non é posíbel exportar a chave porque é do tipo incorrecto" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "Non é posíbel inicializar o xerador de números aleatorios" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "Non hai ningún xerador de números aleatorios dispoñíbel" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "O mecanismo criptográfico ten un parámetro non válido" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "Non hai espazo dabondo para almacenar o resultado" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "O estado gardado non é válido" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "A información é sensíbel e non pode revelarse" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "Non é posíbel gardar o estado" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "O módulo non foi inicializado" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "O módulo xa foi inicializado" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "Non é posíbel bloquear os datos" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "Non é posíbel bloquear os datos" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "A solicitude foi rexeitada polo usuario" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "Erro descoñecido" diff --git a/po/gu.po b/po/gu.po deleted file mode 100644 index 144e22d..0000000 --- a/po/gu.po +++ /dev/null @@ -1,342 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2012-02-29 09:23+0000\n" -"Last-Translator: FULL NAME \n" -"Language-Team: Gujarati (http://www.transifex.com/freedesktop/p11-kit/language/gu/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: gu\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/po/he.po b/po/he.po deleted file mode 100644 index 33ccec9..0000000 --- a/po/he.po +++ /dev/null @@ -1,342 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2012-02-29 09:23+0000\n" -"Last-Translator: FULL NAME \n" -"Language-Team: Hebrew (http://www.transifex.com/freedesktop/p11-kit/language/he/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: he\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/po/hi.po b/po/hi.po deleted file mode 100644 index 0148733..0000000 --- a/po/hi.po +++ /dev/null @@ -1,342 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2012-02-29 09:23+0000\n" -"Last-Translator: FULL NAME \n" -"Language-Team: Hindi (http://www.transifex.com/freedesktop/p11-kit/language/hi/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: hi\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/po/hr.po b/po/hr.po deleted file mode 100644 index c601d44..0000000 --- a/po/hr.po +++ /dev/null @@ -1,343 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -# Tomislav Krznar , 2012 -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2013-11-20 10:27+0000\n" -"Last-Translator: Stef Walter \n" -"Language-Team: Croatian (http://www.transifex.com/freedesktop/p11-kit/language/hr/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: hr\n" -"Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "Operacija je otkazana" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "Nema dovoljno memorije" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "Identifikator navedenog utora nije ispravan" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "Interna greška" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "Operacija nije uspjela" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "Neispravni argumenti" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "Modul ne može stvoriti potrebne dretve" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "Modul ne može pravilno zaključati podatke" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "Polje ima dozvole samo za čitanje" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "Polje je osjetljivo i ne može se prikazati" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "Polje ne postoji ili nije ispravno" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "Neispravna vrijednost za polje" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "Podaci nisu prepoznati ili nisu ispravni" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "Podaci su predugački" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "Došlo je do pogreške na uređaju" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "Nema dovoljno memorije na uređaju" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "Uređaj je uklonjen" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "Kriptirani podaci nisu prepoznati ili nisu ispravni" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "Kriptirani podaci su predugački" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "Ova operacija nije podržana" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "Nema ključa ili nije ispravan" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "Ključ je pogrešne veličine" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "Ključ je pogrešne vrste" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "Ključ nije potreban" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "Ključ se razlikuje od prethodnog" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "Potreban je ključ" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "Ne mogu uključiti ključ u kontrolnu sumu" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "Ova operacija se ne može izvršiti s ovim ključem" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "Sadržaj ključa se ne može prelomiti u više redaka" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "Ne mogu izvesti ključ" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "Mehanizam kriptiranja nije prepoznat ili nije ispravan" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "Mehanizam kriptiranja ima neispravan argument" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "Nedostaje objekt ili nije ispravan" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "Već se izvršava druga operacija" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "Ne izvršava se niti jedna operacija" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "Lozinka ili PIN su pogrešni" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "Lozinka ili PIN nisu ispravni" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "Lozinka ili PIN nemaju ispravnu duljinu" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "Lozinki ili PIN-u je istekao rok trajanja" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "Lozinka ili PIN su zaključani" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "Sjednica je zatvorena" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "Previše sjednica je aktivno" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "Sjednica nije ispravna" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "Sjednica je samo za čitanje" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "Postoji otvorena sjednica" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "Postoji sjednica samo za čitanje" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "Postoji administratorska sjednica" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "Potpis je neispravan ili oštećen" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "Potpis nije prepoznat ili je oštećen" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "Nedostaju neka nužna polja" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "Neka polja imaju neispravne vrijednosti" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "Uređaj nije prisutan ili je iskopčan" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "Uređaj je neispravan ili neprepoznat" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "Uređaj ima zaštitu pisanja" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "Ne mogu uvesti zbog neispravnog ključa" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "Ne mogu uvesti zbog ključa pogrešne veličine" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "Ne mogu uvesti zbog ključa pogrešne vrste" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "Već ste prijavljeni" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "Nijedan korisnik nije prijavljen" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "Korisnička lozinka ili PIN nisu postavljeni" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "Vrsta korisnika nije ispravna" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "Drugi korisnik je već prijavljen" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "Prijavljeno je previše korisnika različitih vrsta" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "Ne mogu uvesti neispravan ključ" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "Ne mogu uvesti ključ pogrešne veličine" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "Ne mogu izvesti neispravan ključ" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "Ne mogu izvesti ključ pogrešne veličine" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "Ne mogu izvesti ključ pogrešne vrste" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "Ne mogu inicijalizirati generator slučajnih brojeva" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "Nema dostupnih generatora slučajnih brojeva" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "Mehanizam kriptiranja ima neispravan parametar" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "Nema dovoljno prostora za spremanje rezultata" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "Spremljeno stanje nije ispravno" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "Informacije su osjetljive i ne mogu se prikazati" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "Stanje se ne može spremiti" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "Modul nije inicijaliziran" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "Modul je već inicijaliziran" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "Ne mogu zaključati podatke" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "Podaci se ne mogu zaključati" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "Nepoznata greška" diff --git a/po/hu.po b/po/hu.po deleted file mode 100644 index 00acd1e..0000000 --- a/po/hu.po +++ /dev/null @@ -1,344 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -# Gabor Kelemen , 2012 -# kelemeng , 2014 -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2014-03-02 02:04+0000\n" -"Last-Translator: kelemeng \n" -"Language-Team: Hungarian (http://www.transifex.com/freedesktop/p11-kit/language/hu/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: hu\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "A művelet megszakítva" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "Nincs elég memória" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "A megadott helyazonosító nem érvényes" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "Belső hiba" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "A művelet meghiúsult" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "Érvénytelen argumentumok" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "A modul nem képes létrehozni a szükséges szálakat" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "A modul nem képes megfelelően zárolni az adatokat" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "A mező írásvédett" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "A mező adatai érzékenyek és nem fedhetők fel" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "A mező érvénytelen vagy nem létezik" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "A mező értéke érvénytelen" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "Az adat érvénytelen vagy ismeretlen" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "Az adat túl hosszú" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "Hiba történt az eszközön" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "Nem érhető el elegendő memória az eszközön" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "Az eszköz eltávolításra vagy leválasztásra került" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "A titkosított adatok érvénytelenek vagy ismeretlenek" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "A titkosított adatok túl hosszúak" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "A művelet nem támogatott" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "A kulcs hiányzik vagy érvénytelen" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "A kulcs mérete hibás" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "A kulcs nem megfelelő típusú" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "Nem szükséges kulcs" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "A kulcs megváltozott" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "Kulcs szükséges" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "A kivonatba nem vehető fel a kulcs" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "Ez a művelet nem végezhető el a kulccsal" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "A kulcs nem alakítható át" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "A kulcs nem exportálható" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "A titkosítási mód érvénytelen vagy ismeretlen" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "A titkosítási mód argumentuma érvénytelen" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "Az objektum hiányzik vagy érvénytelen" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "Már folyamatban van egy művelet" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "Nincs folyamatban művelet" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "A jelszó vagy PIN helytelen" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "A jelszó vagy PIN érvénytelen" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "A jelszó vagy PIN érvénytelen hosszúságú" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "A jelszó vagy PIN lejárt" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "A jelszó vagy PIN zárolva van" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "A munkamenet le van zárva" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "Túl sok munkamenet aktív" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "A munkamenet érvénytelen" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "A munkamenet írásvédett" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "Már létezik nyitott munkamenet" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "Már létezik írásvédett munkamenet" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "Már létezik adminisztrátori munkamenet" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "Az aláírás rossz vagy sérült" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "Az aláírás ismeretlen vagy sérült" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "Néhány szükséges mező hiányzik" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "Néhány szükséges mező értéke érvénytelen" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "Az eszköz nincs jelen vagy eltávolították" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "Az eszköz érvénytelen vagy felismerhetetlen" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "Az eszköz írásvédett" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "Nem importálható, mert a kulcs érvénytelen" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "Nem importálható, mert a kulcs hibás méretű" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "Nem importálható, mert a kulcs hibás típusú" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "Már bejelentkezett" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "Senki sem jelentkezett be" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "A felhasználó jelszava vagy PIN kódja nincs beállítva" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "A felhasználó érvénytelen típusú" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "Már bejelentkezett egy másik felhasználó" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "Túl sok eltérő típusú felhasználó jelentkezett be" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "Nem importálható érvénytelen kulcs" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "Nem importálható hibás méretű kulcs" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "Nem lehet exportálni, mert a kulcs érvénytelen" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "Nem lehet exportálni, mert a kulcs hibás méretű" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "Nem lehet exportálni, mert a kulcs hibás típusú" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "A véletlenszám-generátor nem készíthető elő" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "Nem áll rendelkezésre véletlenszám-generátor" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "A titkosítási mechanizmus egy paramétere érvénytelen" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "Nincs elég hely az eredmény tárolásához" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "A mentett állapot érvénytelen" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "Az információk érzékenyek és nem fedhetők fel" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "Az állapot nem menthető" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "A modul nincs előkészítve" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "A modul már elő lett készítve" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "Nem zárolhatók az adatok" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "Az adatok nem zárolhatók" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "A felhasználó elutasította a kérést" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "Ismeretlen hiba" diff --git a/po/ia.po b/po/ia.po deleted file mode 100644 index d86365e..0000000 --- a/po/ia.po +++ /dev/null @@ -1,342 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2013-11-20 10:27+0000\n" -"Last-Translator: Stef Walter \n" -"Language-Team: Interlingua (http://www.transifex.com/freedesktop/p11-kit/language/ia/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: ia\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/po/id.po b/po/id.po deleted file mode 100644 index 67b0c7c..0000000 --- a/po/id.po +++ /dev/null @@ -1,343 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -# Andika Triwidada , 2012-2013 -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2013-12-06 02:12+0000\n" -"Last-Translator: Andika Triwidada \n" -"Language-Team: Indonesian (http://www.transifex.com/freedesktop/p11-kit/language/id/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: id\n" -"Plural-Forms: nplurals=1; plural=0;\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "Operasi dibatalkan" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "Tak tersedia cukup memori" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "ID slot yang dinyatakan tak valid" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "Galat internal" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "Operasi gagal" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "Argumen tak valid" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "Modul tak bisa membuat thread yang diperlukan" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "Modul tak bisa mengunci data secara benar" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "Ruas hanya-baca" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "Ruas sensitif dan tak bisa diungkapkan" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "Ruas tak valid atau tak ada" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "Nilai tak valid bagi ruas" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "Data tak valid atau tak dikenali" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "Data terlalu panjang" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "Terjadi galat pada perangkat" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "Tak tersedia cukup memori pada perangkat" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "Perangkat dihapus atau dicabut" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "Data terenkripsi tak valid atau tak dikenali" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "Data terenkripsi terlalu panjang" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "Operasi ini tak didukung" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "Kunci hilang atau tak valid" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "Ukuran kunci salah" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "Jenis kunci salah" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "Tak perlu kunci" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "Kunci berbeda dengan sebelumnya" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "Perlu suatu kunci" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "Tak bisa menyertakan kunci dalam digest" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "Operasi ini tak bisa dilakukan dengan kunci ini" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "Kunci tak bisa dibungkus" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "Tak bisa mengekspor kunci ini" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "Mekanisme kripto tak valid atau tak dikenali" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "Mekanisme kripto memiliki argumen yang tak valid" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "Objek hilang atau tak valid" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "Operasi lain tengah berjalan" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "Tak ada operasi yang sedang berjalan" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "Sandi atau PIN salah" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "Sandi atau PIN tak valid" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "Panjang sandi atau PIN tak valid" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "Sandi atau PIN kadaluarsa" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "Sandi atau PIN terkunci" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "Sesi ditutup" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "Terlalu banyak sesi yang aktif" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "Sesi tak valid" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "Sesi hanya-baca" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "Ada sesi terbuka" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "Ada sesi hanya-baca" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "Ada sesi administrator" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "Tanda tangan buruk atau rusak" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "Tanda tangan tak dikenali atau rusak" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "Ruas tertentu yang diperlukan hilang" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "Ruas tertentu memiliki nilai yang tak valid" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "Perangkat tak ada atau dicabut" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "Perangkat tak valid atau tak dikenali" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "Perangkat terlindung tulis" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "Tak bisa mengimpor karena kunci tak valid" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "Tak bisa mengimpor karena ukuran kunci salah" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "Tak bisa mengimpor karena jenis kunci salah" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "Anda sudah log masuk" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "Tak ada pengguna yang log masuk" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "Sandi atau PIN pengguna belum diisi" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "Jenis pengguna tak valid" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "Pengguna lain telah log masuk" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "Terlalu banyak pengguna dengan jenis berbeda sedang log masuk" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "Tak bisa mengimpor kunci yang tak valid" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "Tak bisa mengimpor kunci salah ukuran" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "Tak bisa mengekspor karena kunci tak valid" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "Tak bisa mengekspor karena kunci salah ukuran" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "Tak bisa mengekspor karena kunci salah jenis" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "Tak bisa menginisialisasi pembangkit bilangan acak" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "Tak tersedia pembangkit bilangan acak" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "Mekanisme kripto memiliki parameter yang tak valid" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "Tak cukup ruang untuk menyimpan hasil" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "Keadaan tersimpan tak valid" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "Informasi sensitif dan tak dapat diungkapkan" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "Keadaan tak dapat disimpan" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "Modul belum diinisialisasi" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "Modul telah diinisialisasi" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "Tak bisa mengunci data" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "Data tak bisa dikunci" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "Permintaan ditolak oleh pengguna" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "Galat tak dikenal" diff --git a/po/insert-header.sin b/po/insert-header.sin deleted file mode 100644 index b26de01..0000000 --- a/po/insert-header.sin +++ /dev/null @@ -1,23 +0,0 @@ -# Sed script that inserts the file called HEADER before the header entry. -# -# At each occurrence of a line starting with "msgid ", we execute the following -# commands. At the first occurrence, insert the file. At the following -# occurrences, do nothing. The distinction between the first and the following -# occurrences is achieved by looking at the hold space. -/^msgid /{ -x -# Test if the hold space is empty. -s/m/m/ -ta -# Yes it was empty. First occurrence. Read the file. -r HEADER -# Output the file's contents by reading the next line. But don't lose the -# current line while doing this. -g -N -bb -:a -# The hold space was nonempty. Following occurrences. Do nothing. -x -:b -} diff --git a/po/it.po b/po/it.po deleted file mode 100644 index c15396e..0000000 --- a/po/it.po +++ /dev/null @@ -1,345 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -# Luca Ferretti , 2012 -# Milo Casagrande , 2013 -# Milo Casagrande , 2013 -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2013-11-20 10:27+0000\n" -"Last-Translator: Milo Casagrande \n" -"Language-Team: Italian (http://www.transifex.com/freedesktop/p11-kit/language/it/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: it\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "L'operazione è stata annullata" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "Memoria disponibile non sufficiente" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "L'ID dello slot specificato non è valido" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "Errore interno" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "L'operazione non è riuscita" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "Argomenti non validi" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "Il modulo non può creare i thread richiesti" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "Il modulo non può bloccare i dati in modo corretto" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "Il campo è a sola lettura" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "Il campo è sensibile e non può essere mostrato" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "Il campo non è valido oppure non esiste" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "Valore non valido per il campo" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "I dati sono non validi oppure non riconosciuti" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "I dati sono troppo lunghi" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "Si è verificato un errore sul dispositivo" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "Memoria disponibile sul dispositivo non sufficiente" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "Il dispositivo è stato rimosso o scollegato" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "I dati cifrati sono non validi oppure non riconosciuti" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "I dati cifrati sono troppo lunghi" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "Questa operazione non è supportata" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "La chiave manca o non è valida" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "La dimensione della chiave è errata" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "Il tipo della chiave è errato" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "Nessuna chiave richiesta" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "La chiave è diversa rispetto prima" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "È richiesta una chiave" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "Impossibile includere la chiave nel digest" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "Impossibile eseguire questa operazione con questa chiave" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "La chiave non può essere terminata" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "Impossibile esportare questa chiave" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "Il meccanismo di crittografia è non valido oppure non riconosciuto" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "Il meccanismo di crittografia presenta un argomento non valido" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "Manca l'oggetto oppure non è valido" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "Un'altra operazione è già in corso" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "Nessuna operazione in corso" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "La password o il PIN non è corretto" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "La password o il PIN non è valido" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "La password o il PIN è di lunghezza non valida" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "La password o il PIN è scaduto" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "La password o il PIN è bloccato" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "La sessione è chiusa" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "Troppe sessioni attive" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "La sessione non è valida" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "La sessione è in sola-lettura" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "Esiste già una sessione aperta" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "Esiste già una sessione in sola-lettura" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "Esiste già una sessione amministratore" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "La firma non è corretta o danneggiata" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "La firma è rovinata o non leggibile" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "Mancano alcuni campi richiesti" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "Alcuni campi presentano valori non validi" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "Il dispositivo non è presente o è scollegato" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "Il dispositivo non è valido o non è riconoscibile" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "Il dispositivo è protetto in scrittura" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "Impossibile importare poiché la chiave non è valida" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "Impossibile importare poiché la chiave è della dimensione errata" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "Impossibile importare poiché la tipologia della chiave è errata" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "Accesso già eseguito" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "Nessun utente ha effettuato l'accesso" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "La password o il PIN dell'utente non è impostato" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "L'utente è di tipo errato" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "Un altro utente ha già effettuato l'accesso" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "Troppi utenti di diversi tipi hanno eseguito l'accesso" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "Impossibile importare una chiave non valida" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "Impossibile importare una chiave della dimensione errata" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "Impossibile esportare poiché la chiave non è valida" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "Impossibile esportare poiché la chiave è della dimensione errata" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "Impossibile esportare poiché la tipologia della chiave è errata" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "Impossibile inizializzare il generatore di numeri casuali" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "Nessun generatore di numeri casuali disponibile" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "Il meccanismo di cifratura presenta un parametro non valido" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "Spazio insufficiente per salvare il risultato" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "Lo stato salvato non è valido" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "Le informazioni sono private e non possono essere mostrate" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "Impossibile salvare lo stato" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "Il modulo non è stato inizializzato" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "Il modulo è già stato inizializzato" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "Impossibile bloccare i dati" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "I dati non possono essere bloccati" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "La richiesta è stata rifiutata dall'utente" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "Errore sconosciuto" diff --git a/po/ja.po b/po/ja.po deleted file mode 100644 index 7753456..0000000 --- a/po/ja.po +++ /dev/null @@ -1,343 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -# Tomoyuki KATO , 2012-2013 -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2013-11-20 10:27+0000\n" -"Last-Translator: Tomoyuki KATO \n" -"Language-Team: Japanese (http://www.transifex.com/freedesktop/p11-kit/language/ja/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: ja\n" -"Plural-Forms: nplurals=1; plural=0;\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "操作が取り消されました" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "利用可能なメモリーが不足しています" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "指定されたスロット ID が無効です" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "内部エラー" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "操作が失敗しました" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "無効な引数" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "モジュールが必要なスレッドを作成できません" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "モジュールがデータを適切にロックできません" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "項目が読み込み専用です" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "項目は大文字小文字を区別します、明らかにできません" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "項目が無効です、または存在しません" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "項目に対する無効な値" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "データが有効ではありません、または認識されません" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "データが長すぎます" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "デバイスにおいてエラーが発生しました" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "デバイスにおいて利用可能なメモリーが不足しています" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "デバイスが削除されました、または取り外されました" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "暗号化されたデータが有効ではありません、または認識されません" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "暗号化されたデータが長すぎます" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "この操作はサポートされません" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "キーがありません、または無効です" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "キーが誤った大きさです" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "キーが誤った形式です" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "キーは必要ありません" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "キーが以前のものと異なります" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "キーが必要です" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "ダイジェストにキーを含められません" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "この操作はこのキーを用いて実行できません" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "キーをラップできません" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "このキーをエクスポートできません" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "暗号化機能が無効です、または認識されません" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "暗号化機能が無効な引数を持ちます" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "オブジェクトがありません、または無効です" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "他の操作がすでに起きています" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "発生している操作がありません" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "パスワードまたは PIN が正しくありません" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "パスワードまたは PIN が無効です" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "パスワードまたは PIN が不正な長さです" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "パスワードまたは PIN が失効しています" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "パスワードまたは PIN がロックされています" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "セッションが終了しました" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "有効なセッションが多すぎます" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "セッションが無効です" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "セッションが読み込み専用です" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "開いているセッションが存在します" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "読み込み専用のセッションが存在します" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "管理者セッションが存在します" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "署名が不正です、または破損しています" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "署名が認識できません、または破損しています" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "特定の必須項目がありません" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "特定の必須項目が無効な値を持っています" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "デバイスが存在しません、または取り外されました" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "デバイスが無効です、まあは認識されません" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "デバイスが書き込み保護されています" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "キーが無効なためインポートできません" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "キーの大きさが不正なためインポートできません" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "キーの形式が不正なためインポートできません" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "すでにログインしています" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "ログインしているユーザーはいません" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "ユーザーのパスワードまたは PIN が設定されていません" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "ユーザーが無効な種類です" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "他のユーザーがすでにログインしています" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "異なる種類の多すぎるユーザーがログインしています" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "無効なキーをインポートできません" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "不正な大きさのキーをインポートできません" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "キーが無効なためエクスポートできません" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "キーが誤った大きさのためエクスポートできません" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "キーが誤った形式のためエクスポートできません" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "乱数生成器を初期化できません" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "利用可能な乱数生成器がありません" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "暗号化機能が無効なパラメーターを持っています" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "結果を保存するために十分な領域がありません" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "保存された状態が無効です" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "情報は大文字小文字を区別しますが、明らかにできません" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "状態が保存できません" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "モジュールが初期化されませんでした" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "モジュールがすでに初期化されています" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "データをロックできません" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "データがロックできません" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "リクエストがユーザーにより拒否されました。" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "未知のエラー" diff --git a/po/ka.po b/po/ka.po deleted file mode 100644 index aae858f..0000000 --- a/po/ka.po +++ /dev/null @@ -1,343 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -# George Machitidze , 2012 -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2013-11-20 10:27+0000\n" -"Last-Translator: Stef Walter \n" -"Language-Team: Georgian (http://www.transifex.com/freedesktop/p11-kit/language/ka/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: ka\n" -"Plural-Forms: nplurals=1; plural=0;\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "ოპერაცია შეწყვეტილ იქნა" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "ხელმისაწვდომი მეხსიერება არასაკმარისია" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "მითითებული სლოტის ID არასწორია" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "შიდა შეცდომა" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "ოპერაცია ვერ განხორციელდა" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "არგუმენტები არასწორია" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "ველი მხოლოდ კითხვადია" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "ველი მგრძნობიარეა და მისი გამოტანა არ არის დაშვებული" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "ველი არასწორია ან არ არსებობს" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "ცვლადის მნიშვნელობა არასწორია" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "მონაცემები არასწორია ან ამოუცნობი" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "მონაცემები ძალიან დიდია" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "შეცდომა მოწყობილობაში" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "დაშიფრული მონაცემები არასწორია ან ამოუცნოი" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "დაშიფრული მონაცემები ძალიან დიდია" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "ოპერაცია არ არის მხარდაჭერილი" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "გასაღები არ არის ან არასწორია" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "გასაღები არასწორი ზომისაა" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "გასაღები არასწორი ტიპისაა" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "გასაღები არ არის საჭირო" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "გასაღები ძველისგან განსხვავდება" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "საჭიროა გასაღები" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "ამ გასაღების დაექსპორტება შეუძლებელია" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "ობიექტი არ არის ან არასწორია" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "პაროლი ან PIN მცდარია" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "პაროლი ან PIN არასწორია" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "სესია დაკეტილია" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "სესია არასწორია" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "სესია მხოლოდ კითხვადია" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "მონაცემების დაბლოკვა შეუძლებელია" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "უცნობი შეცდომა" diff --git a/po/kk.po b/po/kk.po deleted file mode 100644 index 55c310f..0000000 --- a/po/kk.po +++ /dev/null @@ -1,343 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -# Baurzhan Muftakhidinov , 2014 -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2014-01-13 09:01+0000\n" -"Last-Translator: Baurzhan Muftakhidinov \n" -"Language-Team: Kazakh (http://www.transifex.com/freedesktop/p11-kit/language/kk/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: kk\n" -"Plural-Forms: nplurals=1; plural=0;\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "Әрекеттен бас тартылды" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "Қолжетерлік жады жеткіліксіз" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "Ішкі қате" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "Әрекет сәтсіз аяқталды" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/po/kn.po b/po/kn.po deleted file mode 100644 index db16763..0000000 --- a/po/kn.po +++ /dev/null @@ -1,342 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2012-02-29 09:23+0000\n" -"Last-Translator: FULL NAME \n" -"Language-Team: Kannada (http://www.transifex.com/freedesktop/p11-kit/language/kn/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: kn\n" -"Plural-Forms: nplurals=1; plural=0;\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/po/ko.po b/po/ko.po deleted file mode 100644 index fd360ad..0000000 --- a/po/ko.po +++ /dev/null @@ -1,345 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -# Seong-ho Cho , 2013 -# Seong-ho Cho , 2013 -# Shinjo Park , 2012 -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2013-11-20 10:27+0000\n" -"Last-Translator: Seong-ho Cho \n" -"Language-Team: Korean (http://www.transifex.com/freedesktop/p11-kit/language/ko/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: ko\n" -"Plural-Forms: nplurals=1; plural=0;\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "작업이 취소됨" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "사용 가능한 메모리가 부족함" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "지정한 슬롯 ID가 올바르지 않음" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "내부 오류" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "작업이 실패함" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "인자가 잘못됨" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "모듈에서 필요한 스레드를 만들 수 없음" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "모듈에서 데이터를 올바르게 잠글 수 없음" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "필드가 읽기 전용임" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "필드가 민감한 정보를 포함하고 있어서 볼 수 없음" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "필드가 잘못되었거나 존재하지 않음" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "필드의 값이 잘못됨" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "데이터가 올바르지 않거나 인식되지 않음" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "데이터가 너무 김" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "장치에 오류가 발생함" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "장치에 메모리가 부족함" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "장치가 제거되었거나 연결이 해제됨" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "암호화된 데이터가 올바르지 않거나 인식되지 않음" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "암호화된 데이터가 너무 김" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "이 동작이 지원되지 않음" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "키가 없거나 올바르지 않음" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "키 크기가 잘못됨" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "키 종류가 잘못됨" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "키가 필요하지 않음" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "키가 이전과 달라짐" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "키가 필요함" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "다이제스트에 키를 포함할 수 없음" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "이 키를 사용하여 작업을 수행할 수 없음" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "키를 둘러쌀 수 없음" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "키를 내보낼 수 없음" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "암호화 방식이 잘못되었거나 인식할 수 없음" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "암호화 방식의 인자가 잘못됨" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "객체가 존재하지 않거나 잘못됨" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "다른 작업이 진행 중" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "진행 중인 작업 없음" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "암호나 PIN이 올바르지 않음" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "암호나 PIN이 잘못됨" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "암호나 PIN의 길이가 잘못됨" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "암호나 PIN이 만료됨" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "암호나 PIN이 잠김" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "세션이 닫힘" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "세션이 너무 많이 열려 있음" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "세션이 잘못됨" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "세션이 읽기 전용임" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "열린 세션이 존재함" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "읽기 전용 세션이 존재함" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "관리자 세션이 존재함" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "서명이 잘못되었거나 손상됨" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "서명이 인식되지 않았거나 손상됨" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "필요한 필드의 값이 빠졌음" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "필드의 값이 잘못됨" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "장치가 존재하지 않거나 연결이 해제됨" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "장치가 잘못되었거나 인식할 수 없음" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "장치가 쓰기 금지되어 있음" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "키가 잘못되어 가져올 수 없음" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "키 크기가 잘못되어 가져올 수 없음" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "키 종류가 잘못되어 가져올 수 없음" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "이미 로그인되어 있음" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "로그인한 사용자가 없음" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "사용자의 암호나 PIN이 설정되지 않음" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "사용자 종류가 잘못됨" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "다른 사용자가 로그인되어 있음" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "다른 종류의 사용자가 너무 많이 로그인되어 있음" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "잘못된 키를 가져올 수 없음" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "크기가 잘못된 키를 가져올 수 없음" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "잘못된 키를 내보낼 수 없음" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "크기가 잘못된 키를 내보낼 수 없음" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "종류가 잘못된 키를 내보낼 수 없음" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "난수 생성기를 초기화할 수 없음" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "난수 생성기를 사용할 수 없음" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "암호화 방식의 인자가 잘못됨" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "결과를 저장할 공간이 없음" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "저장된 상태가 잘못됨" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "민감한 정보를 노출할 수 없음" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "상태를 저장할 수 없음" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "모듈이 초기화되지 않았음" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "모듈이 이미 초기화되었음" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "데이터를 잠글 수 없음" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "데이터를 잠글 수 없음" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "사용자가 요청을 거절했습니다" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "알 수 없는 오류" diff --git a/po/lt.po b/po/lt.po deleted file mode 100644 index 0d81ef8..0000000 --- a/po/lt.po +++ /dev/null @@ -1,342 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2012-02-29 09:23+0000\n" -"Last-Translator: FULL NAME \n" -"Language-Team: Lithuanian (http://www.transifex.com/freedesktop/p11-kit/language/lt/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: lt\n" -"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && (n%100<10 || n%100>=20) ? 1 : 2);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/po/lv.po b/po/lv.po deleted file mode 100644 index 0a91eed..0000000 --- a/po/lv.po +++ /dev/null @@ -1,343 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -# Rūdolfs Mazurs , 2013 -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2013-11-20 10:27+0000\n" -"Last-Translator: Stef Walter \n" -"Language-Team: Latvian (http://www.transifex.com/freedesktop/p11-kit/language/lv/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: lv\n" -"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n != 0 ? 1 : 2);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "Darbība tika atcelta" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "Nav pietiekami daudz brīvas atmiņas" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "Norādītais slota ID nav derīgs" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "Iekšēja kļūda" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "Darbība cieta neveiksmi" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "Nederīgi parametri" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "Modulis nevar izveidot vajadzīgos pavedienus" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "Modulis nevar noslēgt datu īpašību" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "Lauks ir tikai lasāms" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "Lauks ir sensitīvs un to nevar atklāt" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "Lauks ir nederīgs vai arī neeksistē" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "Nederīga vērtība vai lauks" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "Dati nav derīgi vai arī nav atpazīti" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "Pārāk daudz datu" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "Uz ierīces gadījās kļūda" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "Uz ierīces nepietiek brīvās atmiņas" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "Ierīce tika izņemta vai atvienota" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "Šifrētie dati nav derīgi vai nav atpazīti" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "Šifrētie dati ir pārāk daudz" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "Darbība nav atbalstīta" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "Trūkst vai nav derīga atslēga" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "Atslēgai ir nepareizs izmērs" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "Atslēgai ir nepareizs tips" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "Atslēgas nav vajadzīgas" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "Atslēga ir citādāka, kā iepriekš" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "Ir nepieciešama atslēga" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "Īssavilkumā nevar iekļaut atslēgu" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "Ar šo atslēgu nevar izpildīt šo darbību" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "Atslēgu nevar ietīt" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "Nevar eksportēt šo atslēgu" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "Šifrēšanas mehānisms ir nederīgs vai nav atpazīts" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "Šifrēšanas mehānismam ir nederīgi parametri" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "Trūkst objekta, vai arī tas ir nederīgs" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "Jau notiek cita darbība" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "Pašlaik nenotiek neviena darbība" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "Parole vai PIN nav pareiza" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "Parole vai PIN nav derīga" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "Parolei vai PIN ir nederīgs garums" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "Parolei vai PIN ir beidzies termiņš" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "Parole vai PIN ir bloķēta" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "Sesija ir aizvērta" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "Ir pārāk daudz aktīvu sesiju" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "Sesija nav derīga" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "Sesija ir tikai lasāma" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "Eksistē atvērta sesija" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "Eksistē tikai lasāma sesija" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "Eksistē administratora sesija" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "Paraksts ir slikts vai bojāts" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "Paraksts ir neatpazīts vai bojāts" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "Trūkst noteikti pieprasītie lauki" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "Noteiktiem laukiem ir nederīgas vērtības" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "Ierīce nav pievienota" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "Ierīce ir nederīga vai nav atpazīta" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "Ierīcē nevar rakstīt" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "Nevar importēt, jo atslēga nav derīga" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "Nevar importēt, jo atslēgai ir nepareizs izmērs" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "Nevar importēt, jo atslēgai ir nepareizs tips" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "Jūs jau esat ierakstījies" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "Neviens lietotājs nav ierakstījies" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "Lietotāja parole vai PIN nav iestatīta" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "Lietotājam ir nederīgs tips" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "Kāds cits lietotājs jau ir ierakstījies" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "Ir ierakstījušies pārāk daudz dažādu veidu lietotāji" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "Nevar importēt nederīgu atslēgu" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "Nevar eksportēt, jo atslēgai ir nepareizs izmērs" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "Nevar eksportēt, jo atslēga ir nederīga" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "Nevar eksportēt, jo atslēgai ir nepareizs izmērs" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "Nevar eksportēt, jo atslēgai ir nepareizs tips" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "Nevar inicializēt nejaušo skaitļu ģeneratoru" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "Nav pieejams nejaušo skaitļu ģenerators" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "Šifrēšanas mehānismam ir nederīgs parametrs" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "Nepietiek vietas, lai saglabātu rezultātu" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "Saglabātais stāvoklis nav derīgs" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "Informācija ir sensitīva un to nevar atklāt" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "Stāvokli nevar saglabāt" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "Modulis nav inicializēts" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "Modulis jau ir inicializēts" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "Nevar noslēgt datus" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "Datus nevar noslēgt" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "Nezināma kļūda" diff --git a/po/ml.po b/po/ml.po deleted file mode 100644 index 2d1a3b8..0000000 --- a/po/ml.po +++ /dev/null @@ -1,342 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2012-02-29 09:23+0000\n" -"Last-Translator: FULL NAME \n" -"Language-Team: Malayalam (http://www.transifex.com/freedesktop/p11-kit/language/ml/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: ml\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/po/mr.po b/po/mr.po deleted file mode 100644 index cd2efb6..0000000 --- a/po/mr.po +++ /dev/null @@ -1,342 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2012-02-29 09:23+0000\n" -"Last-Translator: FULL NAME \n" -"Language-Team: Marathi (http://www.transifex.com/freedesktop/p11-kit/language/mr/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: mr\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/po/ms.po b/po/ms.po deleted file mode 100644 index 7c9ffa6..0000000 --- a/po/ms.po +++ /dev/null @@ -1,342 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2012-02-29 09:23+0000\n" -"Last-Translator: FULL NAME \n" -"Language-Team: Malay (http://www.transifex.com/freedesktop/p11-kit/language/ms/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: ms\n" -"Plural-Forms: nplurals=1; plural=0;\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/po/nb.po b/po/nb.po deleted file mode 100644 index ec7ecd6..0000000 --- a/po/nb.po +++ /dev/null @@ -1,342 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2012-02-29 09:23+0000\n" -"Last-Translator: FULL NAME \n" -"Language-Team: Norwegian Bokmål (http://www.transifex.com/freedesktop/p11-kit/language/nb/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: nb\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/po/nl.po b/po/nl.po deleted file mode 100644 index 0b15bd0..0000000 --- a/po/nl.po +++ /dev/null @@ -1,343 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -# Richard E. van der Luit , 2012 -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2013-11-20 10:27+0000\n" -"Last-Translator: Stef Walter \n" -"Language-Team: Dutch (http://www.transifex.com/freedesktop/p11-kit/language/nl/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: nl\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "De bewerking werd afgebroken" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "Onvoldoende geheugen beschikbaar" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "De opgegeven slot ID is niet geldig" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "Interne fout" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "De bewerking mislukte" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "Ongeldige argumenten" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "De module kan de noodzakelijke threads niet aanmaken" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "De module kan de data niet naar behoren vergrendelen" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "Het veld is alleen-lezen" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "Het veld is vertrouwelijk en kan niet worden onthuld" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "Het veld is ongeldig of bestaat niet" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "Ongeldige waarde voor veld" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "De data is niet geldig of wordt niet herkend" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "De data is te lang" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "Er trad een fout op bij het apparaat" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "Onvoldoende geheugen op het apparaat beschikbaar" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "Het apparaat werd verwijderd of afgekoppeld" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "De versleutelde data is niet geldig of wordt niet herkend" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "De versleutelde data is te lang" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "Deze bewerking wordt niet ondersteund" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "De sleutel ontbreekt of is ongeldig" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "De sleutel heeft een verkeerde grootte" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "De sleutel is van het verkeerde type" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "Er is geen sleutel nodig" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "De sleutel is anders dan voorheen" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "Er is een sleutel nodig" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "Kan geen sleutel in de digest opnemen" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "Deze bewerking kan niet met deze sleutel uitgevoerd worden" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "Sleutelwrapping niet gelukt" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "Kan deze sleutel niet exporteren" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "Het crypto mechanisme is ongeldig of wordt niet herkend" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "Het crypto mechanisme heeft een ongeldig argument" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "Het object mist of is ongeldig" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "Er wordt al een andere bewerking uitgevoerd" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "Er wordt momenteel geen bewerking uitgevoerd" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "Het wachtwoord of PIN in incorrect" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "Het wachtwoord of PIN is ongeldig" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "Het wachtwoord of PIN heeft een ongeldige lengte" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "Het wachtwoord of PIN is verlopen" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "Het wachtwoord of PIN is vergrendeld" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "De sessie is afgesloten" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "Er zijn te veel sessies actief" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "De sessie is ongeldig" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "De sessie is alleen-lezen" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "Er is een open sessie" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "Er is een alleen-lezen sessie" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "Er is een beheerder sessie" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "De handtekening is fout of gecorrumpeerd" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "De handtekening wordt niet herkend of is gecorrumpeerd" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "Sommige verplichte velden ontbreken" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "Bepaalde velden hebben ongeldige waarden" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "Het apparaat is niet aanwezig of afgekoppeld " - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "Het apparaat is ongeldig of onherkenbaar" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "Het apparaat is beveiligd tegen schrijven" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "Kan niet importeren omdat de sleutel ongeldig is" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "Kan niet importeren omdat de sleutel de verkeerde lengte heeft" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "Kan niet importeren omdat de sleutel van het verkeerde type is" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "U bent reeds ingelogd" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "Er is geen gebruiker ingelogd" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "Het wachtwoord of PIN van gebruiker is niet ingesteld" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "De gebruiker is van het verkeerde gebruikerstype" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "Er is reeds een andere gebruiker ingelogd" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "Er zijn te veel gebruikers van verschillende types ingelogd" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "Kan geen ongeldige sleutel importeren" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "Kan geen sleutel importeren van de verkeerde grootte" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "Kan niet exporteren omdat de sleutel ongeldig is" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "Kan niet exporteren omdat de sleutel de verkeerde grootte heeft" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "Kan niet exporteren omdat de sleutel van het verkeerde type is" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "Niet in staat de random-number-generator te initialiseren" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "Geen random-number-generator beschikbaar" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "Het crypto mechanisme heeft een ongeldige parameter" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "Niet genoeg ruimte om het resultaat op te slaan" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "De opgeslagen status is ongeldig " - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "De informatie is vertrouwelijk en kan niet worden onthuld" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "De status kan niet opgeslagen worden" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "De module is niet geïnitialiseerd" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "De module is reeds geïnitialiseerd" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "Kan data niet vergrendelen" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "De data kan niet vergrendeld worden" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "Onbekende fout" diff --git a/po/nn.po b/po/nn.po deleted file mode 100644 index e5d1b41..0000000 --- a/po/nn.po +++ /dev/null @@ -1,342 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2012-02-29 09:23+0000\n" -"Last-Translator: FULL NAME \n" -"Language-Team: Norwegian Nynorsk (http://www.transifex.com/freedesktop/p11-kit/language/nn/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: nn\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/po/oc.po b/po/oc.po deleted file mode 100644 index 4c595fb..0000000 --- a/po/oc.po +++ /dev/null @@ -1,342 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2012-02-29 09:23+0000\n" -"Last-Translator: FULL NAME \n" -"Language-Team: Occitan (post 1500) (http://www.transifex.com/freedesktop/p11-kit/language/oc/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: oc\n" -"Plural-Forms: nplurals=2; plural=(n > 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/po/or.po b/po/or.po deleted file mode 100644 index 82eb651..0000000 --- a/po/or.po +++ /dev/null @@ -1,342 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2012-02-29 09:23+0000\n" -"Last-Translator: FULL NAME \n" -"Language-Team: Oriya (http://www.transifex.com/freedesktop/p11-kit/language/or/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: or\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/po/pa.po b/po/pa.po deleted file mode 100644 index 0947a58..0000000 --- a/po/pa.po +++ /dev/null @@ -1,343 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -# A S Alam , 2012 -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2013-11-20 10:27+0000\n" -"Last-Translator: Stef Walter \n" -"Language-Team: Panjabi (Punjabi) (http://www.transifex.com/freedesktop/p11-kit/language/pa/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: pa\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "ਕਾਰਵਾਈ ਰੱਦ ਕੀਤੀ ਗਈ" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "ਲੋੜੀਦੀ ਮੈਮੋਰੀ ਉਪਲੱਬਧ ਨਹੀਂ" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "ਦਿੱਤੀ ਸਲਾਟ ID ਉਪਲੱਬਧ ਨਹੀਂ" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "ਅੰਦਰੂਨੀ ਗਲਤੀ" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "ਕਾਰਵਾਈ ਫੇਲ੍ਹ ਹੋਈ" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "ਗਲਤ ਆਰਗੂਮੈਂਟ" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "ਮੋਡੀਊਲ ਲੋੜੀਦੇ ਥਰਿੱਡ ਨਹੀਂ ਬਣਾ ਸਕਦਾ ਹੈ" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "ਮੋਡੀਊਲ ਲਾਕ ਡਾਟਾ ਠੀਕ ਤਰ੍ਹਾਂ ਨਹੀਂ ਕਰ ਸਕਦਾ ਹੈ" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "ਖੇਤਰ ਕੇਵਲ ਪੜ੍ਹਨ ਲਈ ਹੈ" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "ਖੇਤਰ ਗਲਤ ਹੈ ਜਾਂ ਮੌਜੂਦ ਨਹੀਂ ਹੈ" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "ਖੇਤਰ ਲਈ ਗਲਤ ਮੁੱਲ" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "ਡਾਟਾ ਗਲਤ ਹੈ ਜਾਂ ਪਛਾਣਿਆ ਨਹੀਂ ਜਾ ਸਕਦਾ" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "ਡਾਟਾ ਬਹੁਤ ਲੰਮਾ ਹੈ" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "ਜੰਤਰ ਉੱਤੇ ਗਲਤੀ ਆਈ ਹੈ" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "ਜੰਤਰ ਉੱਤੇ ਲੋੜੀਦੀ ਮੈਮੋਰੀ ਨਹੀਂ ਹੈ" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "ਜੰਤਰ ਹਟਾਇਆ ਗਿਆ ਜਾਂ ਪਲੱਗ ਕੱਢਿਆ" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "ਇੰਕ੍ਰਿਪਟ ਕੀਤਾ ਡਾਟਾ ਠੀਕ ਨਹੀਂ ਜਾਂ ਪਛਾਣ ਨਹੀਂ ਕੀਤੀ ਜਾ ਸਕੀ" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "ਇੰਕ੍ਰਿਪਟ ਕੀਤਾ ਡਾਟਾ ਬਹੁਤ ਲੰਮਾ ਹੈ" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "ਇਹ ਕਾਰਵਾਈ ਸਹਾਇਕ ਨਹੀਂ ਹੈ" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "ਕੁੰਜੀ ਮੌਜੂਦ ਨਹੀਂ ਜਾਂ ਗਲਤ ਹੈ" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "ਕੁੰਜੀ ਦਾ ਆਕਾਰ ਗਲਤ ਹੈ" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "ਕੁੰਜੀ ਦੀ ਕਿਸਮ ਗਲਤ ਹੈ" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "ਕਿਸੇ ਕੁੰਜੀ ਦੀ ਲੋੜ ਨਹੀਂ ਹੈ" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "ਕੁੰਜੀ ਪਹਿਲਾਂ ਤੋਂ ਵੱਖਰੀ ਹੈ" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "ਕੁੰਜੀ ਦੀ ਲੋੜ ਹੈ" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "ਇਹ ਕਾਰਵਾਈ ਇਸ ਕੁੰਜੀ ਨਾਲ ਨਹੀਂ ਕੀਤੀ ਜਾ ਸਕਦੀ ਹੈ" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "ਇਹ ਕੁੰਜੀ ਐਕਸਪੋਰਟ ਨਹੀਂ ਕੀਤੀ ਜਾ ਸਕਦੀ" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "ਕ੍ਰਿਪਟੂ ਢੰਗ ਗਲਤ ਜਾਂ ਬੇਪਛਾਣ ਹੈ" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "ਕ੍ਰਿਪਟੂ ਢੰਗ ਵਿੱਚ ਗਲਤ ਆਰਗੂਮੈਂਟ ਹੈ" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "ਆਬਜੈਕਟ ਗੁੰਮ ਹੈ ਜਾਂ ਗਲਤ ਹੈ" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "ਹੋਰ ਕਾਰਵਾਈ ਪਹਿਲਾਂ ਹੀ ਜਾਰੀ ਹੈ" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "ਕੋਈ ਕਾਰਵਾਈ ਜਾਰੀ ਨਹੀਂ ਹੈ" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "ਪਾਸਵਰਡ ਜਾਂ ਪਿੰਨ ਗਲਤ ਹੈ" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "ਪਾਸਵਰਡ ਜਾਂ ਪਿੰਨ ਅਵੈਧ ਹੈ" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "ਪਾਸਵਰਡ ਜਾਂ ਪਿੰਨ ਦੀ ਲੰਬਾਈ ਗਲਤ ਹੈ" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "ਪਾਸਵਰਡ ਜਾਂ ਪਿੰਨ ਦੀ ਮਿਆਦ ਪੁੱਗ ਚੁੱਕੀ ਹੈ" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "ਪਾਸਵਰਡ ਜਾਂ ਪਿੰਨ ਲਾਕ ਹੈ" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "ਸ਼ੈਸ਼ਨ ਬੰਦ ਹੈ" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "ਬਹੁਤ ਸਾਰੇ ਸ਼ੈਸ਼ਨ ਐਕਟਿਵ ਹਨ" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "ਸ਼ੈਸ਼ਨ ਗਲਤ ਹੈ" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "ਸ਼ੈਸ਼ਨ ਕੇਵਲ ਪੜ੍ਹਨ ਲਈ ਹ" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "ਖੁੱਲ੍ਹਾ ਸ਼ੈਸ਼ਨ ਮੌਜੂਦ ਹੈ" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "ਕੇਵਲ ਪੜ੍ਹਨ ਵਾਲਾ ਸ਼ੈਸ਼ਨ ਮੌਜੂਦ ਹੈ" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "ਪਰਸ਼ਾਸ਼ਕੀ ਸ਼ੈਸ਼ਨ ਮੌਜੂਦ ਹੈ" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "ਦਸਤਖਤ ਖ਼ਰਾਬ ਜਾਂ ਨਿਕਾਰਾ ਹਨ" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "ਦਸਤਖਤ ਬੇਪਛਾਣ ਜਾਂ ਨਿਕਾਰਾ ਹਨ" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "ਕੁਝ ਲੋੜੀਦੇ ਖੇਤਰ ਗੁੰਮ ਹਨ" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "ਕੁਝ ਖੇਤਰਾਂ ਵਿੱਚ ਗਲਤ ਮੁੱਲ ਹਨ" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "ਜੰਤਰ ਮੌਜੂਦ ਨਹੀਂ ਜਾਂ ਪਲੱਗ ਕੱਢਿਆ ਹੋਇਆ ਹੈ" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "ਜੰਤਰ ਗਲਤ ਜਾਂ ਬੇਪਛਾਣ ਹੈ" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "ਜੰਤਰ ਲਿਖਣ ਤੋਂ ਸੁਰੱਖਿਅਤ ਹੈ" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "ਇੰਪੋਰਟ ਨਹੀਂ ਕੀਤੀ ਜਾ ਸਕਦੀ, ਕਿਉਂਕਿ ਕੁੰਜੀ ਗਲਤ ਹੈ" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "ਇੰਪੋਰਟ ਨਹੀਂ ਕੀਤੀ ਜਾ ਸਕਦੀ, ਕਿਉਂਕਿ ਕੁੰਜੀ ਦਾ ਆਕਾਰ ਗਲਤ ਹੈ" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "ਇੰਪੋਰਟ ਨਹੀਂ ਕੀਤੀ ਜਾ ਸਕਦੀ, ਕਿਉਂਕਿ ਕੁੰਜੀ ਦੀ ਕਿਸਮ ਗਲਤ ਹੈ" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "ਤੁਸੀਂ ਪਹਿਲਾਂ ਹੀ ਲਾਗਇਨ ਹੋ" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "ਕੋਈ ਯੂਜ਼ਰ ਲਾਗਇਨ ਨਹੀਂ ਹੈ" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "ਯੂਜ਼ਰ ਦਾ ਪਾਸਵਰਡ ਜਾਂ ਪਿੰਨ ਸੈੱਟ ਨਹੀਂ ਹੈ" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "ਯੂਜ਼ਰ ਦੀ ਕਿਸਮ ਗਲਤ ਹੈ" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "ਹੋਰ ਯੂਜ਼ਰ ਪਹਿਲਾਂ ਹੀ ਲਾਗਇਨ ਹੈ" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "ਗਲਤ ਕੁੰਜੀ ਇੰਪੋਰਟ ਨਹੀਂ ਕੀਤੀ ਜਾ ਸਕਦੀ" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "ਗਲਤ ਆਕਾਰ ਦੀ ਕੁੰਜੀ ਇੰਪੋਰਟ ਨਹੀਂ ਕੀਤੀ ਜਾ ਸਕਦੀ" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "ਐਕਸਪੋਰਟ ਨਹੀਂ ਕੀਤੀ ਜਾ ਸਕਦੀ, ਕਿਉਂਕਿ ਕੁੰਜੀ ਗਲਤ ਹੈ" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "ਐਕਸਪੋਰਟ ਨਹੀਂ ਕੀਤਾ ਜਾ ਸਕਦਾ, ਕਿਉਂਕਿ ਕੁੰਜੀ ਦਾ ਆਕਾਰ ਗਲਤ ਹੈ" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "ਐਕਸਪੋਰਟ ਨਹੀਂ ਕੀਤਾ ਜਾ ਸਕਦਾ, ਕਿਉਂਕਿ ਕੁੰਜੀ ਦੀ ਗਲਤ ਕਿਸਮ ਹੈ" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "ਰੈਂਡਮ ਨੰਬਰ ਜਰਨੇਟਰ ਸ਼ੁਰੂ ਕਰਨ ਲਈ ਅਸਮਰੱਥ" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "ਕੋਈ ਰੈਂਡਮ ਨੰਬਰ ਜਰਨੇਟਰ ਉਪਲੱਬਧ ਨਹੀਂ" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "ਨਤੀਜਾ ਸਟੋਰ ਕਰਨ ਲਈ ਲੋੜੀਦੀ ਥਾਂ ਨਹੀਂ ਹੈ" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "ਸੰਭਾਲੀ ਹਾਲਤ ਗਲਤ ਹੈ" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "ਹਾਲਤ ਸੰਭਾਲੀ ਨਹੀਂ ਜਾ ਸਕਦੀ" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "ਮੋਡੀਊਲ ਸ਼ੁਰੂ ਨਹੀਂ ਕੀਤਾ ਜਾ ਸਕਦਾ" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "ਮੋਡੀਊਲ ਪਹਿਲਾਂ ਹੀ ਸ਼ੁਰੂ ਕੀਤਾ ਜਾ ਚੁੱਕਾ ਹੈ" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "ਡਾਟਾ ਲਾਕ ਨਹੀਂ ਕੀਤਾ ਜਾ ਸਕਦਾ" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "ਡਾਟਾ ਲਾਕ ਨਹੀਂ ਕੀਤਾ ਜਾ ਸਕਦਾ" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "ਅਣਜਾਣ ਗਲਤੀ" diff --git a/po/pl.po b/po/pl.po deleted file mode 100644 index f966f63..0000000 --- a/po/pl.po +++ /dev/null @@ -1,343 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -# Piotr Drąg , 2012-2013 -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2013-11-20 10:27+0000\n" -"Last-Translator: Piotr Drąg \n" -"Language-Team: Polish (http://www.transifex.com/freedesktop/p11-kit/language/pl/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: pl\n" -"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "Anulowano działanie" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "Brak wystarczającej ilości pamięci" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "Podany identyfikator gniazda jest nieprawidłowy" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "Wewnętrzny błąd" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "Działanie się nie powiodło" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "Nieprawidłowe parametry" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "Moduł nie może utworzyć wymaganych wątków" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "Moduł nie może poprawnie zablokować danych" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "Pole jest tylko do odczytu" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "Pole jest prywatne i nie może zostać ujawnione" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "Pole jest nieprawidłowe lub nie istnieje" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "Nieprawidłowa wartość dla pola" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "Dane są nieprawidłowe lub nierozpoznane" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "Dane są za długie" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "Wystąpił błąd na urządzeniu" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "Dostępna jest niewystarczająca ilość pamięci na urządzeniu" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "Urządzenie zostało usunięte lub rozłączone" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "Zaszyfrowane dane są nieprawidłowe lub nierozpoznane" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "Zaszyfrowane dane są za długie" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "To działanie nie jest obsługiwane" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "Brak klucza lub jest nieprawidłowy" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "Klucz ma błędny rozmiar" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "Klucz jest błędnego typu" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "Klucz nie jest wymagany" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "Klucz jest inny niż poprzednio" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "Wymagany jest klucz" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "Nie można dołączyć klucza w wyciągu" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "To działanie nie może zostać wykonane za pomocą tego klucza" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "Nie można opakować klucza" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "Nie można wyeksportować tego klucza" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "Mechanizm kryptograficzny jest nieprawidłowy lub nierozpoznany" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "Mechanizm kryptograficzny posiada nieprawidłowy parametr" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "Brak obiektu lub jest nieprawidłowy" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "Inne działanie jest teraz wykonywane" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "Żadne działanie nie jest wykonywane" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "Hasło lub kod PIN jest niepoprawny" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "Hasło lub kod PIN jest nieprawidłowy" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "Hasło lub kod PIN ma nieprawidłową długość" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "Hasło lub kod PIN wygasł" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "Hasło lub kod PIN jest zablokowany" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "Sesja jest zamknięta" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "Za dużo sesji jest aktywnych" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "Sesja jest nieprawidłowa" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "Sesja jest tylko do odczytu" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "Istnieje otwarta sesja" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "Istnieje sesja tylko do odczytu" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "Istnieje sesja administratora" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "Podpis jest błędny lub uszkodzony" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "Podpis jest nierozpoznany lub uszkodzony" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "Brak pewnych wymaganych pól" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "Pewne pola zawierają nieprawidłowe wartości" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "Urządzenie nie jest obecne lub jest odłączone" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "Urządzenie jest nieprawidłowe lub nierozpoznane" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "Urządzenie jest chronione przed zapisem" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "Nie można zaimportować, ponieważ klucz jest nieprawidłowy" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "Nie można zaimportować, ponieważ klucz ma błędny rozmiar" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "Nie można zaimportować, ponieważ klucz jest błędnego typu" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "Użytkownik jest już zalogowany" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "Żaden użytkownik nie jest zalogowany" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "Hasło lub kod PIN użytkownika nie jest ustawiony" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "Użytkownik jest nieprawidłowego typu" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "Inny użytkownik jest już zalogowany" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "Za dużo użytkowników różnych typów jest zalogowanych" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "Nie można zaimportować nieprawidłowego klucza" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "Nie można zaimportować klucza o błędnym rozmiarze" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "Nie można wyeksportować, ponieważ klucz jest nieprawidłowy" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "Nie można wyeksportować, ponieważ klucz ma błędny rozmiar" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "Nie można wyeksportować, ponieważ klucz jest błędnego typu" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "Nie można zainicjować generatora liczb losowych" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "Brak dostępnych generatorów liczb losowych" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "Mechanizm kryptograficzny posiada nieprawidłowy parametr" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "Brak wystarczającej ilości miejsca, by przechować wynik" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "Zapisany stan jest nieprawidłowy" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "Informacja jest prywatna i nie może zostać ujawniona" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "Nie można zapisać stanu" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "Moduł nie został zainicjowany" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "Moduł został już zainicjowany" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "Nie można zablokować danych" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "Nie można zablokować danych" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "Żądanie zostało odrzucone przez użytkownika" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "Nieznany błąd" diff --git a/po/pt.po b/po/pt.po deleted file mode 100644 index 8a2b888..0000000 --- a/po/pt.po +++ /dev/null @@ -1,342 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2012-02-29 09:23+0000\n" -"Last-Translator: FULL NAME \n" -"Language-Team: Portuguese (http://www.transifex.com/freedesktop/p11-kit/language/pt/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: pt\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/po/pt_BR.po b/po/pt_BR.po deleted file mode 100644 index c000fa0..0000000 --- a/po/pt_BR.po +++ /dev/null @@ -1,343 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -# Rafael Fontenelle , 2012-2013 -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2013-11-20 10:27+0000\n" -"Last-Translator: Rafael Fontenelle \n" -"Language-Team: Portuguese (Brazil) (http://www.transifex.com/freedesktop/p11-kit/language/pt_BR/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: pt_BR\n" -"Plural-Forms: nplurals=2; plural=(n > 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "A operação foi cancelada" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "Memória insuficiente disponível" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "O ID do slot especificado não é válido" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "Erro interno" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "A operação falhou" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "Argumentos inválidos" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "O módulo não pode criar threads necessárias" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "O módulo não pode travar os dados da forma apropriada" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "O campo é somente leitura" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "O campo é sensitivo e não pode ser revelado" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "O campo é inválido ou não existe" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "Valor inválido para o campo" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "Os dados não são válidos ou irreconhecíveis" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "Os dados são muito longos" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "Um erro ocorreu no dispositivo" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "Memória insuficiente disponível no dispositivo" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "O dispositivo foi removido ou desconectado" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "Os dados criptografados não são válidos ou são irreconhecíveis" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "Os dados criptografados são muito longos" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "A operação não é suportada" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "A chave está faltando ou é inválido" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "A chave possui tamanho incorreto" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "A chave possui tipo incorreto" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "Nenhuma chave é necessária" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "A chave é diferente da anterior" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "Uma chave é necessária" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "Falha na inclusão da chave no digest" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "Essa operação não pode ser executada com esta chave" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "A chave não pode ser ajustada" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "Não pode exportar essa chave" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "O mecanismo de criptografia é inválido ou irreconhecível" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "O mecanismo de criptografia tem um argumento inválido" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "O objeto está faltando ou inválido" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "Outra operação já está em execução" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "Nenhuma operação está em execução" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "A senha ou PIN é incorreta" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "A senha ou PIN é inválida" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "A senha ou PIN possui um comprimeto inválido" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "A senha ou PIN expirou" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "A senha ou PIN está travada" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "A sessão está fechada" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "Sessões demais estão ativas" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "A sessão é inválida" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "A sessão é somente leitura" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "Uma sessão aberta existe" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "Uma sessão somente leitura existe" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "Uma sessão de administração existe" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "A assinatura está ruim ou corrompida" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "A assinatura está irreconhecível ou corrompida" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "Certos campos necessários estão faltando" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "Certos campos possuem valores inválidos" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "O dispositivo não está presente ou está desconectado" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "O dispositivo é inválido ou irreconhecível" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "O dispositivo está protegido contra gravação" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "Não é possível importar porque a chave é inválida" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "Não é possível importar porque a chave possui tamanho incorreto" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "Não é possível importar porque a chave é do tipo incorreto" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "Você já está conectado" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "Nenhum usuário está conectado" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "A senha do usuário ou PIN não foi definida" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "O usuário é de um tipo inválido" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "Outro usuário já está conectado" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "Usuários demais de diferentes tipos estão conectados" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "Não é possível importar uma chave inválida" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "Não é possível importar uma chave do tamanho incorreto" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "Não é possível exportar porque a chave é inválida" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "Não é possível exportar porque a chave é do tamanho errado" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "Não é possível exportar porque a chave é do tipo errado" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "Não conseguiu inicializar o gerador de número aleatório" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "Nenhum gerador de número aleatório disponível" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "O mecanismo de criptografia possui um parâmetro inválido" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "Não há espaço suficiente para armazenar o resultado" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "O estado salvado é inválido" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "A informação é sensível e não pode ser revelada" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "O estado não pode ser salvado" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "O módulo não foi inicializado" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "O módulo já foi inicializado" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "Não é possível travar os dados" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "Os dados não podem ser travados" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "A requisição foi rejeitada pelo usuário" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "Erro desconhecido" diff --git a/po/quot.sed b/po/quot.sed deleted file mode 100644 index 0122c46..0000000 --- a/po/quot.sed +++ /dev/null @@ -1,6 +0,0 @@ -s/"\([^"]*\)"/“\1”/g -s/`\([^`']*\)'/‘\1’/g -s/ '\([^`']*\)' / ‘\1’ /g -s/ '\([^`']*\)'$/ ‘\1’/g -s/^'\([^`']*\)' /‘\1’ /g -s/“”/""/g diff --git a/po/remove-potcdate.sin b/po/remove-potcdate.sin deleted file mode 100644 index 2436c49..0000000 --- a/po/remove-potcdate.sin +++ /dev/null @@ -1,19 +0,0 @@ -# Sed script that remove the POT-Creation-Date line in the header entry -# from a POT file. -# -# The distinction between the first and the following occurrences of the -# pattern is achieved by looking at the hold space. -/^"POT-Creation-Date: .*"$/{ -x -# Test if the hold space is empty. -s/P/P/ -ta -# Yes it was empty. First occurrence. Remove the line. -g -d -bb -:a -# The hold space was nonempty. Following occurrences. Do nothing. -x -:b -} diff --git a/po/ro.po b/po/ro.po deleted file mode 100644 index d14c0d3..0000000 --- a/po/ro.po +++ /dev/null @@ -1,342 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2012-02-29 09:23+0000\n" -"Last-Translator: FULL NAME \n" -"Language-Team: Romanian (http://www.transifex.com/freedesktop/p11-kit/language/ro/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: ro\n" -"Plural-Forms: nplurals=3; plural=(n==1?0:(((n%100>19)||((n%100==0)&&(n!=0)))?2:1));\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/po/ru.po b/po/ru.po deleted file mode 100644 index 290b71f..0000000 --- a/po/ru.po +++ /dev/null @@ -1,345 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -# FIRST AUTHOR , 2011 -# Stas Solovey , 2013 -# Yuri Kozlov , 2014 -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2014-03-29 13:45+0000\n" -"Last-Translator: Yuri Kozlov \n" -"Language-Team: Russian (http://www.transifex.com/freedesktop/p11-kit/language/ru/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: ru\n" -"Plural-Forms: nplurals=4; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<12 || n%100>14) ? 1 : n%10==0 || (n%10>=5 && n%10<=9) || (n%100>=11 && n%100<=14)? 2 : 3);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "Действие было отменено" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "Недостаточно свободной памяти" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "Указанный идентификатор слота не действителен" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "Внутренняя ошибка" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "Сбой при выполнении операции" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "Недопустимые аргументы" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "Модуль не может создать необходимые потоки" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "Модуль не может блокировать данные должным образом" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "Поле доступно только для чтения" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "Поле содержит важную информацию и не может быть показано" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "Поле не действительно или не существует" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "Недействительное значение для поля" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "Данные неверны или не распознаны" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "Данные слишком длинные" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "На устройстве произошла ошибка" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "На устройстве недостаточно свободной памяти" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "Устройство было удалено или отключено" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "Зашифрованные данные неверны или не распознаны" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "Зашифрованные данные слишком длинные" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "Операция не поддерживается" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "Ключ отсутствует или неверен" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "Ключ имеет неправильный размер" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "Ключ имеет неправильный тип" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "Ключ не требуется" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "Ключ отличается от предыдущего" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "Необходим ключ" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "Невозможно включить ключ в каталог" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "Операция не может быть выполнена с данным ключом" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "Ключ не может быть обернут" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "Невозможно экспортировать данный ключ" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "Механизм шифрования неверен или не распознан" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "Механизм шифрования имеет неверный параметр" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "Объект отсутствует или неверен" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "В данный момент выполняется другое действие" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "В данный момент никаких других операций не проводится" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "Пароль или PIN неверен" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "Пароль или PIN недействителен" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "Пароль или PIN недопустимой длины" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "Пароль или PIN устарел" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "Пароль или PIN заблокирован" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "Сеанс закрыт" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "Слишком много активных сеансов" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "Сеанс некорректен" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "Сеанс доступен только для чтения" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "Есть открытый сеанс" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "Есть сеанс только для чтения" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "Есть административный сеанс" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "Подпись плоха или повреждена" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "Подпись не распознана или повреждена" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "Определённые необходимые поля отсутствуют" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "Некоторые поля имеют неверные значения" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "Устройство отсутствует или отключено" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "Устройство неверно или неопознаваемо" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "Устройство защищено от записи" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "Не удалось импортировать, поскольку ключ неверен" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "Не удалось импортировать, поскольку ключ неправильной длины" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "Не удалось импортировать, поскольку ключ неправильного типа" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "Вы уже вошли" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "Нет вошедших пользователей" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "Пароль пользователя, или его PIN не установлен" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "Пользователь неверного типа" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "Другой пользователь уже вошёл" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "Слишком ного пользователей различных типов вошли в систему" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "Не удалось импортировать неверный ключ" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "Не удалось импортировать ключ неверного размера" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "Не удалось экспортировать, потому что ключ неверен" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "Не удалось экспортировать, потому что ключ имеет неверный размер" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "Не удалось экспортировать, потому что ключ имеет неправильный тип" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "Не могу инициализировать генератор случайных чисел" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "Генератор случайных чисел недоступен" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "Механизм шифрования имеет неверный параметр" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "Недостаточно места для сохранения результата" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "Сохранённое состояние неверно" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "Информация засекречена и не может быть показана" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "Состояние не может быть сохранено" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "Модуль не был инициализирован" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "Модуль уже инициализирован" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "Не удалось заблокировать данные" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "Данные не могут быть заблокированы" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "Запрос отклонён пользователем" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "Неизвестная ошибка" diff --git a/po/sk.po b/po/sk.po deleted file mode 100644 index 4b8e0ac..0000000 --- a/po/sk.po +++ /dev/null @@ -1,344 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -# Dušan Kazik , 2015 -# helix84 , 2015 -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2015-10-16 08:03+0000\n" -"Last-Translator: Dušan Kazik \n" -"Language-Team: Slovak (http://www.transifex.com/freedesktop/p11-kit/language/sk/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: sk\n" -"Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "Operácia bola zrušená" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "Nie je k dispozícii dostatok pamäte" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "Uvedený ID slotu nie je platný" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "Vnútorná chyba" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "Operácia zlyhala" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "Neplatné argumenty" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "Modul nedokáže vytvoriť potrebné vlákna" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "Modul nedokáže správne zamknúť dáta" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "Pole je iba na čítanie" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "Pole je citlivé a nemožno ho odhaliť" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "Pole je neplatné alebo neexistuje" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "Neplatná hodnota poľa" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "Dáta nie sú platné alebo rozpoznané" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "Dáta sú príliš dlhé" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "Na zariadení sa vyskytla chyba" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "Na zariadení nie je k dispozícii dostatok pamäte" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "Zariadenie bolo odstránené alebo odpojené" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "Šifrované dáta nie sú platné alebo rozpoznané" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "Šifrované dáta sú príliš dlhé" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "Operácia nie je podporovaná" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "Kľúč chýba alebo je neplatný" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "Kľúč má nesprávnu veľkosť" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "Kľúč je nesprávneho typu" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "Kľúč nie je potrebný" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "Kľúč je iný ako predtým" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "Kľúč je potrebný" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "Nie je možné zahrnúť kľúč do výťahu" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "Túto operáciu nie je možné vykonať s týmto kľúčom" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "Kľúč nie je možné zabaliť" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "Tento kľúč nemožno exportovať" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "Šifrovací mechanizmus je neplatný alebo nerozpoznaný" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "Šifrovací mechanizmus má neplatný argument" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "Objekt chýba alebo je neplatný" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "Už prebieha iná operácia" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "Neprebieha žiadna operácia" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "Heslo alebo PIN je nesprávny" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "Heslo alebo PIN je neplatný" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "Heslo alebo PIN má neplatnú dĺžku" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "Heslo alebo PIN vypršalo" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "Heslo alebo PIN je zamknutý" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "Relácia je zatvorená" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "Je aktívnych príliš mnoho relácií" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "Relácia je neplatná" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "Relácia je iba na čítanie" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "Existuje otvorená relácia" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "Existuje relácia iba na čítanie" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "Existuje relácia správcu" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "Signatúra je chybná alebo poškodená" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "Signatúra je nerozpoznaná alebo poškodená" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "Chýbajú niektoré povinné polia" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "Niektoré polia majú neplatné hodnoty" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "Zariadenie nie je prítomné alebo je odpojené" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "Zariadenie je neplatné alebo sa nedá rozpoznať" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "Zariadenie je chránené proti zápisu" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "Nie je možné importovať, pretože kľúč je neplatný" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "Nie je možné importovať, pretože kľúč má nesprávnu veľkosť" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "Nie je možné importovať, pretože kľúč je nesprávneho typu" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "Už ste prihlásený" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "Nie je prihlásený žiaden používateľ" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "Heslo alebo PIN používateľa nie je nastavený" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "Používateľ je neplatného typu" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "Iný používateľ je už prihlásený" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "Je prihlásených príliš veľa používateľov rozličných typov" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "Nedá sa importovať neplatný kľúč" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "Nedá sa importovať kľúč nesprávnej veľkosti" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "Nedá sa exportovať, pretože kľúč je neplatný" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "Nedá sa exportovať, pretože kľúč je nesprávnej veľkosti" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "Nedá sa exportovať, pretože kľúč je nesprávneho typu" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "Nie je možné inicializovať generátor náhodných čísel" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "Nie je dostupný žiadny generátor náhodných čísel" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "Šifrovací mechanizmus má neplatný parameter" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "Nedostatok miesta na uloženie výsledku" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "Uložený stav je neplatný" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "Informácie sú citlivé a nemôžu byť odhalené" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "Stav sa nedá uložiť" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "Modul nebol inicializovaný" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "Modul už bol inicializovaný" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "Nedajú sa uzamknúť údaje" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "Údaje nemôžu byť uzamknuté" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "Požiadavka bola odmietnutá používateľom" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "Neznáma chyba" diff --git a/po/sl.po b/po/sl.po deleted file mode 100644 index a088b78..0000000 --- a/po/sl.po +++ /dev/null @@ -1,343 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -# Martin Srebotnjak , 2012-2013 -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2013-11-20 10:27+0000\n" -"Last-Translator: Martin Srebotnjak \n" -"Language-Team: Slovenian (http://www.transifex.com/freedesktop/p11-kit/language/sl/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: sl\n" -"Plural-Forms: nplurals=4; plural=(n%100==1 ? 0 : n%100==2 ? 1 : n%100==3 || n%100==4 ? 2 : 3);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "Operacija je bila preklicana" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "Na voljo ni dovolj pomnilnika" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "Navedeni ID mesta ni veljaven" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "Notranja napaka" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "Operacija ni uspela" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "Neveljavni argumenti" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "Modul ne more ustvariti potrebnih niti" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "Modul ne more ustrezno zakleniti podatkov" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "Polje je samo za branje" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "Polje je občutljive narave in ga ni mogoče razkriti" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "Polje ni veljavno ali ne obstaja" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "Neveljavna vrednost za polje" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "Podatki niso veljavni ali prepoznavni" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "Podatki so preobsežni" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "Na napravi je prišlo do naprave" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "Na napravi ni dovolj pomnilnika" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "Naprava je bila odstranjena ali iztaknjena" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "Šifrirani podatki niso veljavni ali prepoznavni" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "Šifrirani podatki so preobsežni" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "Ta operacija ni podprta" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "Ključ manjka ali ni veljaven" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "Ključ je napačne velikosti" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "Ključ je napačne vrste" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "Ključ ni potreben" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "Ključ se razlikuje od prejšnjega" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "Potreben je ključ" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "Ključa ni mogoče vključiti v povzetek" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "S tem ključem te operacije ni moč opraviti" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "Ključa ni mogoče ovijati" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "Tega ključa ni mogoče izvoziti" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "Šifrirni mehanizem ni veljaven ali prepoznan" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "Šifrirni mehanizem ima neveljaven argument" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "Predmet manjka ali ni veljaven" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "Poteka že druga operacija" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "Ne poteka nobena operacija" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "Geslo ali PIN ni pravilen" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "Geslo ali PIN ni veljaven" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "Geslo ali PIN ni ustrezne dolžine" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "Geslo ali PIN je potekel" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "Geslo ali PIN je zaklenjen" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "Seja je zaprta" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "Aktivnih je preveč sej" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "Seja ni veljavna" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "Seja je samo za branje" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "Obstaja odprta seja" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "Obstaja seja le za branje" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "Obstaja skrbniška seja" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "Podpis je slab ali okvarjen" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "Podpis ni razpoznaven ali je okvarjen" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "Določena obvezna polja manjkajo" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "Določena polja imajo neveljavne vrednosti" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "Naprava ni prisotna ali pa je iztaknjena" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "Naprava ni veljavna ali prepoznavna" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "Naprava je zaščitena pred pisanjem" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "Uvoz ni možen, ker je ključ neveljaven" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "Ker ključ ni ustrezne velikosti, uvoz ni mogoč" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "Ker ključ ni ustrezne vrste, uvoz ni mogoč" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "Ste že prijavljeni" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "Prijavil se ni noben uporabnik" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "Geslo ali PIN uporabnika ni nastavljen" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "Uporabnik je neveljavne vrste" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "Prijavljen je že drug uporabnik" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "Prijavljenih je preveč uporabnikov različnih vrst" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "Neveljavnega ključa ni mogoče uvoziti" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "Ključa neprimerne velikosti ni mogoče uvoziti" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "Ključa ni mogoče izvoziti, ker je neveljaven" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "Ključa ni mogoče izvoziti, ker ni ustrezne velikosti" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "Ključa ni mogoče izvoziti, ker je napačne vrste" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "Generatorja naključnih števil ni mogoče inicializirati" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "Noben generator naključnih števil ni na voljo" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "Mehanizem šifriranja ima neveljaven parameter" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "Za shranjevanje rezultata primanjkuje prostora" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "Shranjeno stanje ni veljavno" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "Podatki so občutljive narave in jih ni mogoče razkriti" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "Stanja ni mogoče shraniti" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "Modil ni bil inicializiran" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "Modul je že inicializiran" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "Podatkov ni mogoče zakleniti" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "Podatkov ni mogoče zakleniti" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "Zahtevo je zavrnil uporabnik" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "Neznana napaka" diff --git a/po/sq.po b/po/sq.po deleted file mode 100644 index 3b71e94..0000000 --- a/po/sq.po +++ /dev/null @@ -1,342 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2013-11-20 10:27+0000\n" -"Last-Translator: Stef Walter \n" -"Language-Team: Albanian (http://www.transifex.com/freedesktop/p11-kit/language/sq/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: sq\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/po/sr.po b/po/sr.po deleted file mode 100644 index a4bb0e3..0000000 --- a/po/sr.po +++ /dev/null @@ -1,343 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -# Мирослав Николић , 2013-2014 -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2014-11-22 10:52+0000\n" -"Last-Translator: Мирослав Николић \n" -"Language-Team: Serbian (http://www.transifex.com/freedesktop/p11-kit/language/sr/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: sr\n" -"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "Радња је отказана" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "Недовољно доступне меморије" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "ИБ наведеног уреза није исправан" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "Унутрашња грешка" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "Радња није успела" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "Неисправни аргументи" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "Модул не може да направи потребне нити" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "Модул не може исправно да закључа податке" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "Поље је само за читање" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "Поље је осетљиво и не може бити откривено" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "Поље је неисправно или не постоји" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "Неисправна вредност за поље" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "Подаци нису исправни или су непрепознатљиви" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "Подаци су предуги" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "Дошло је до грешке на уређају" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "Нема довољно доступне меморије на уређају" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "Уређај је уклоњен или је искључен" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "Шифровани подаци нису исправни или су непрепознатљиви" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "Шифровани подаци су предуги" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "Ова радња није подржана" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "Кључ недостаје или је неисправан" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "Кључ је погрешне величине" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "Кључ је погрешне врсте" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "Није потребан кључ" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "Кључ је другачији него раније" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "Потребан је кључ" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "Не могу да укључим кључ у одабиру" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "Ова радња не може бити обављена овим кључем" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "Кључ не може бити прекинут" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "Не могу да извезем овај кључ" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "Механизам шифровања је неисправан или непрепознатљив" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "Механизам шифровања има неисправан аргумент" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "Предмет недостаје или је неисправан" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "Друга радња је ступила на снагу" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "Ниједна радња није ступила на снагу" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "Није тачна лозинка или ПИН" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "Није исправна лозинка или ПИН" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "Лозинка или ПИН су неисправне дужине" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "Истекла је лозинка или ПИН" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "Закључана је лозинка или ПИН" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "Сесија је затворена" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "Превише радних сесија" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "Сесија је неисправна" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "Сесија је само за читање" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "Постоји отворена сесија" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "Постоји сесија само за читање" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "Постоји сесија администратора" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "Потпис је лош или оштећен" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "Потпис је непрепознатљив или оштећен" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "Недостају одређена потребна поља" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "Одређена поља имају неисправне вредности" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "Уређај није присутан или је откачен" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "Уређај је неисправан или је непрепознатљив" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "Уређај је заштићен од писања" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "Не могу да увезем јер је кључ неисправан" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "Не могу да увезем јер је кључ погрешне величине" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "Не могу да увезем јер је кључ погрешне врсте" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "Већ сте пријављени" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "Ниједан корисник није пријављен" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "Није подешена корисничка лозинка или ПИН" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "Корисник је неисправне врсте" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "Други корисник је већ пријављен" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "Пријављено је превише корисника различитих врста" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "Не могу да увезем неисправан кључ" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "Не могу да увезем кључ погрешне величине" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "Не могу да извезем јер је кључ неисправан" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "Не могу да извезем јер је кључ погрешне величине" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "Не могу да извезем јер је кључ погрешне врсте" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "Не могу да покренем ствараоца насумичног броја" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "Није доступан стваралац насумичног броја" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "Механизам шифровања има неисправан параметар" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "Недовољно места за складиштење резултата" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "Сачувано стање је неисправно" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "Подаци су осетљиви и не могу бити откривени" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "Стање не може бити сачувано" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "Модул није покренут" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "Модул је већ покренут" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "Не могу да закључам податке" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "Подаци не могу бити закључани" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "Корисник је одбио захтев" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "Непозната грешка" diff --git a/po/sr@latin.po b/po/sr@latin.po deleted file mode 100644 index 99f3e0f..0000000 --- a/po/sr@latin.po +++ /dev/null @@ -1,342 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2012-02-29 09:23+0000\n" -"Last-Translator: FULL NAME \n" -"Language-Team: Serbian (Latin) (http://www.transifex.com/freedesktop/p11-kit/language/sr@latin/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: sr@latin\n" -"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/po/sv.po b/po/sv.po deleted file mode 100644 index cf7ba4e..0000000 --- a/po/sv.po +++ /dev/null @@ -1,343 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -# Josef Andersson , 2015 -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2015-02-23 01:04+0000\n" -"Last-Translator: Josef Andersson \n" -"Language-Team: Swedish (http://www.transifex.com/freedesktop/p11-kit/language/sv/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: sv\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "Åtgärden avbröts" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "Otillräckligt med tillgängligt minne" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "Angivet plats-ID är ogiltigt" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "Internt fel" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "Åtgärden misslyckades" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "Ogiltiga argument" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "Modulen kan inte skapa behövda trådar" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "Modulen kan inte låsa data korrekt" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "Fältet är endast läsbart" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "Fältet är känsligt och kan inte avslöjas" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "Fältet är ogiltigt eller existerar inte" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "Ogiltigt värde för fält" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "Datan är ogiltig eller okänd" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "Datan är för lång" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "Ett fel uppstod i enheten" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "Otillräckligt med tillgängligt minne på enheten" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "Enheten togs bort eller matades ut" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "Den krypterade datan är ogiltig eller okänd" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "Den krypterade datan är för lång" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "Denna åtgärd stöds inte" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "Nyckeln saknas eller är ogiltig" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "Nyckeln har fel storlek" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "Nyckeln är av fel typ" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "Ingen nyckel behövs" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "Nyckeln skiljer sig mot tidigare" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "En nyckel behövs" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "Kan inte inkludera nyckeln i sammandraget" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "Åtgärden kan inte utföras med denna nyckel" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "Nyckeln kan inte paketeras" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "Kan inte exportera denna nyckel" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "Krypteringsmekanismen har ett ogiltigt argument eller är okänd" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "Krypteringsmekanismen har ett ogiltigt argument" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "Objektet saknas eller är ogiltigt" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "En annan åtgärd pågår redan" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "Ingen åtgärd pågår" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "Lösenordet eller PIN-koden stämmer inte" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "Lösenordet eller PIN-koden är ogiltig" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "Lösenordets eller PIN-kodens längd är ogiltig" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "Lösenordets eller PIN-kodens tidsgräns är passerad" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "Lösenordet eller PIN-koden är låst" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "Sessionen är stängd" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "För många aktiva sessioner" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "Sessionen är ogiltig" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "Sessionen är endast läsbar" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "En öppen session existerar" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "En endast läsbar session existerar" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "En administratörsession existerar" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "Signaturen är dålig eller korrupt" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "Signaturen är okänd eller korrupt" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "Vissa begärda fält saknas" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "Vissa fält har ogiltiga värden" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "Enheten är inte närvarande eller utmatad" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "Enheten är ogiltig eller okänd" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "Enheten är skrivskyddad" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "Kan inte importera eftersom nyckeln är ogiltig" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "Kan inte importera eftersom nyckeln har fel storlek" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "Kan inte importera eftersom nyckeln har fel typ" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "Du är redan inloggad" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "Ingen användare har loggat in" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "Användarens lösenord eller PIN-kod är inte angivet" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "Användaren är av en ogiltig typ" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "En annan användare är redan inloggad" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "För många användare av olika typer är redan inloggade" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "Kan inte importera en ogiltig nyckel" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "Kan inte importera en nyckel med fel storlek" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "Kan inte exportera eftersom nyckeln är ogiltig" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "Kan inte exportera eftersom nyckeln har fel storlek" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "Kan inte exportera eftersom nyckeln har fel typ" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "Kan inte initiera slumptalsgeneratorn" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "Ingen slumptalsgenerator tillgänglig" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "Krypteringsmekanismen har en ogiltig parameter" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "Inte tillräckligt med utrymme för att lagra resultatet" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "Det sparade tillståndet är ogiltigt" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "Informationen är känslig och kan inte avslöjas" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "Tillståndet kan inte sparas" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "Modulen har inte initierats" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "Modulen har redan initierats" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "Kan inte låsa data" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "Datan kan inte låsas" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "Begäran avvisades av användaren" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "Okänt fel" diff --git a/po/ta.po b/po/ta.po deleted file mode 100644 index f4f6033..0000000 --- a/po/ta.po +++ /dev/null @@ -1,342 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2012-02-29 09:23+0000\n" -"Last-Translator: FULL NAME \n" -"Language-Team: Tamil (http://www.transifex.com/freedesktop/p11-kit/language/ta/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: ta\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/po/te.po b/po/te.po deleted file mode 100644 index fb4b852..0000000 --- a/po/te.po +++ /dev/null @@ -1,342 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2013-11-20 10:27+0000\n" -"Last-Translator: Stef Walter \n" -"Language-Team: Telugu (http://www.transifex.com/freedesktop/p11-kit/language/te/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: te\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/po/th.po b/po/th.po deleted file mode 100644 index 96fb86c..0000000 --- a/po/th.po +++ /dev/null @@ -1,342 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2012-02-29 09:23+0000\n" -"Last-Translator: FULL NAME \n" -"Language-Team: Thai (http://www.transifex.com/freedesktop/p11-kit/language/th/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: th\n" -"Plural-Forms: nplurals=1; plural=0;\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/po/tr.po b/po/tr.po deleted file mode 100644 index dadb5b4..0000000 --- a/po/tr.po +++ /dev/null @@ -1,343 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -# Necdet Yücel , 2012 -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2014-11-12 09:33+0000\n" -"Last-Translator: Necdet Yücel \n" -"Language-Team: Turkish (http://www.transifex.com/freedesktop/p11-kit/language/tr/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: tr\n" -"Plural-Forms: nplurals=2; plural=(n > 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "İşlem iptal edildi" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "Yeterli hafıza yok" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "Belirtilen yuva kimliği geçersiz" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "İç hata" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "İşlem başarısız oldu" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "Geçersiz değişkenler" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "Modül ihtiyaç duyulan iş parçacıklarını oluşturamadı" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "Modül veriyi düzgün kilitleyemedi" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "Bu alan salt-okunur" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "Bu alan hassas olduğundan gösterilemez" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "Alan geçersiz veya mevcut değil" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "Alan için geçersiz değer" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "Veri geçersiz veya algılanamadı" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "Veri çok uzun" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "Aygıtta bir hata oluştu" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "Aygıtta yeterli hafıza yok" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "Aygıt kaldırıldı veya çıkartıldı" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "Şifrelenmiş veri geçersiz veya algılanamadı" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "Şifrelenmiş veri çok uzun" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "Bu işlem desteklenmiyor" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "Anahtar eksik veya geçersiz" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "Anahtar boyutu hatalı" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "Anahtar hatalı türde" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "Anahtar gerekli değil" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "Anahtar öncekinden farklı" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "Anahtar gerekli" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "Anahtar özete dahil edilemez" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "Bu işlem bu anahtarla gerçekleştirilemez" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "Anahtar kaydırılamaz" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "Bu anahtar dışa aktarılamaz" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "Şifreleme mekanizması geçersiz veya algılanamadı" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "Şifreleme mekanizması geçersiz bir değişken içeriyor" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "Nesne eksik veya geçersiz" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "Başka bir işlem zaten sürüyor" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "Devam eden işlem yok" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "Parola veya PIN hatalı" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "Parola veya PIN geçersiz" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "Parola veya PIN geçersiz uzunlukta" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "Parola veya PIN'in süresi geçmiş" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "Parola veya PIN kilitli" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "Oturum kapatıldı" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "Çok fazla aktif oturum var" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "Oturum geçersiz" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "Oturum salt-okunur" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "Açık bir oturum var" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "Salt okunur bir oturum var" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "Bir yönetici oturumu var" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "İmza kötü veya hatalı" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "İmza algılanamadı veya bozulmuş" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "Bazı gerekli alanlar eksik" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "Bazı alanlar geçersiz değerlere sahip" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "Aygıt bulunmuyor veya çıkartılmış" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "Aygıt geçersiz veya algılanamadı" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "Aygıt yazma korumalı" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "Anahtar geçersiz olduğundan içe aktarılamaz" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "Anahtar hatalı boyutta olduğundan içe aktarılamaz" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "Anahtar hatalı türde olduğundan içe aktarılamaz" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "Zaten oturum açtınız" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "Oturum açmış kullanıcı yok" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "Kullanıcı parolası veya PIN'i ayarlanmadı" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "Kullanıcı geçersiz türde" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "Başka bir kullanıcı zaten oturum açtı" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "Farklı türden çok fazla kullanıcı oturum açtı" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "Geçersiz bir anahtar içe aktarılamaz" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "Hatalı boyuttaki bir anahtar içe aktarılamaz" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "Anahtar geçersiz olduğundan dışa aktarılamaz" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "Anahtar hatalı boyutta olduğundan dışa aktarılamaz" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "Anahtar hatalı türde olduğundan dışa aktarılamaz" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "Rastgele sayı oluşturucuyu başlatılamadı" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "Kullanılabilir rasgele sayı oluşturucu yok" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "Şifreleme mekanizması geçersiz değişken içeriyor" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "Sonucu saklamak için yeterli alan yok" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "Kaydedilen durum geçersiz" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "Bu alan hassas olduğundan gösterilemez" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "Durum kaydedilemedi" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "Modül başlatılamadı" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "Modül zaten başlatıldı" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "Veri kilitlenemedi" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "Veri kilitlenemez" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "İstek kullanıcı tarafından reddedildi" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "Bilinmeyen hata" diff --git a/po/uk.po b/po/uk.po deleted file mode 100644 index 4348f33..0000000 --- a/po/uk.po +++ /dev/null @@ -1,343 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -# Yuri Chornoivan , 2012-2013 -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2013-11-21 13:15+0000\n" -"Last-Translator: Yuri Chornoivan \n" -"Language-Team: Ukrainian (http://www.transifex.com/freedesktop/p11-kit/language/uk/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: uk\n" -"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "Дію було скасовано" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "Недостатній об’єм пам’яті" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "Вказаний ідентифікатор слоту не є коректним" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "Внутрішня помилка" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "Не вдалося виконати дію" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "Некоректні параметри" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "Модулеві не вдалося створити потрібні потоки обробки" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "Модулеві не вдалося заблокувати дані належним чином" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "Поле є придатним лише для читання" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "Дані поля є конфіденційними, їх не можна розголошувати" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "Вказано некоректну назву поля, такого поля не існує" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "Некоректне значення поля" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "Дані є некоректними або непридатними до розпізнавання" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "Дані є занадто об’ємними" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "На пристрої сталася помилка" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "На пристрої недостатньо пам’яті" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "Пристрій було вилучено або від’єднано" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "Зашифровані дані є некоректними або непридатними до розпізнавання" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "Зашифровані дані є занадто об’ємними" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "Підтримки цієї дії не передбачено" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "Не вказано ключа або вказано некоректний ключ" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "Розмір ключа є помилковим" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "Тип ключа є помилковим" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "Ключ не потрібен" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "Значення ключа відрізняється від попереднього" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "Потрібен ключ" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "Не можна включати ключ до контрольної суми" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "Цю дію над цим ключем виконати неможливо" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "Ключ не може бути загорнуто" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "Експортування цього ключа неможливе" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "Некоректний або непридатний механізм шифрування" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "Механізмові шифрування передано некоректний аргумент" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "Не вказано об’єкт або вказано некоректний об’єкт" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "Вже виконується інша дія" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "Не виконується жодної дії" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "Помилковий пароль або PIN-код" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "Некоректний пароль або PIN-код" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "Довжина пароля або PIN-коду є некоректною" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "Строк дії пароля або PIN-коду вичерпано" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "Пароль або PIN-код заблоковано" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "Сеанс закрито" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "У активному режимі працює забагато сеансів" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "Некоректний сеанс" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "Сеанс у режимі лише читання" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "Виявлено відкритий сеанс" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "Виявлено сеанс роботи у режимі лише читання" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "Виявлено сеанс роботи від імені адміністратора" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "Помилковий або пошкоджений підпис" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "Підпис непридатний до розпізнавання або підпис пошкоджено" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "Деякі з полів, які мало бути заповнено, є порожніми" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "У деяких з полів містяться некоректні значення" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "Пристрою не виявлено або пристрій було від’єднано" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "Пристрій є некоректним або непридатним до розпізнавання" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "Пристрій захищено від запису" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "Не вдалося імпортувати, оскільки ключ є некоректним" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "Не вдалося імпортувати, оскільки ключ має помилковий розмір" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "Не вдалося імпортувати, оскільки ключ належить до помилкового типу" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "Ви вже увійшли до облікового запису" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "До системи не увійшов жоден користувач" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "Не встановлено пароль або PIN-код користувача" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "Запис користувача належить до некоректного типу" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "До системи вже увійшов інший користувач" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "До системи увійшло надто багато користувачів різних типів" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "Імпортування некоректних ключів неможливе" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "Імпортування ключів з помилковими розмірами неможливе" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "Не вдалося експортувати, оскільки ключ є некоректним" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "Не вдалося експортувати, оскільки ключ має помилковий розмір" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "Не вдалося експортувати, оскільки ключ належить до помилкового типу" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "Не вдалося ініціалізувати засіб створення псевдовипадкових чисел" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "Не виявлено жодного доступного засобу створення псевдовипадкових чисел" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "Механізмові шифрування передано некоректний параметр" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "Недостатньо простору для зберігання результату" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "Збережений стан є некоректним" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "Дані є конфіденційними, їх не можна розголошувати" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "Не вдалося зберегти стан" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "Модуль ще не було інціалізовано" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "Модуль вже було ініціалізовано" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "Не вдалося заблокувати дані" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "Не вдалося заблокувати дані" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "Користувач відмовив у задоволенні запиту" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "Невідома помилка" diff --git a/po/vi.po b/po/vi.po deleted file mode 100644 index 96cbc48..0000000 --- a/po/vi.po +++ /dev/null @@ -1,342 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2012-02-29 09:23+0000\n" -"Last-Translator: FULL NAME \n" -"Language-Team: Vietnamese (http://www.transifex.com/freedesktop/p11-kit/language/vi/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: vi\n" -"Plural-Forms: nplurals=1; plural=0;\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/po/wa.po b/po/wa.po deleted file mode 100644 index 4808597..0000000 --- a/po/wa.po +++ /dev/null @@ -1,342 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2012-02-29 09:23+0000\n" -"Last-Translator: FULL NAME \n" -"Language-Team: Walloon (http://www.transifex.com/freedesktop/p11-kit/language/wa/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: wa\n" -"Plural-Forms: nplurals=2; plural=(n > 1);\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/po/zh_CN.po b/po/zh_CN.po deleted file mode 100644 index 8fa8dea..0000000 --- a/po/zh_CN.po +++ /dev/null @@ -1,344 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -# Michael Jay Tong , 2014 -# Wylmer Wang , 2013 -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2014-08-19 02:57+0000\n" -"Last-Translator: Michael Jay Tong \n" -"Language-Team: Chinese (China) (http://www.transifex.com/freedesktop/p11-kit/language/zh_CN/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: zh_CN\n" -"Plural-Forms: nplurals=1; plural=0;\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "操作已被取消" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "可用内存不足" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "指定的槽 ID 无效" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "内部错误" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "操作失败" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "参数无效" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "该模块无法创建需要的线程" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "该模块无法正确锁定数据" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "该字段为只读" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "该字段为敏感字段,不能显示" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "该字段无效或不存在" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "字段值无效" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "数据无效或无法识别" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "数据过长" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "设备上出现了错误" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "设备上的可用空间不足" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "设备已被移除或拔出" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "加密数据无效或无法识别" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "加密数据过长" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "不支持该操作" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "密钥缺失或无效" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "密钥长度不对" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "密钥类型不对" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "无需密钥" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "密钥与之前不同" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "需要密钥" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "摘要中无法包含此密钥" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "不能对该密钥进行这一操作" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "该密钥不能折行" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "无法导出这个密钥" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "加密机制无效或无法识别" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "加密机制中有无效参数" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "对象缺失或无效" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "另一操作正在进行" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "没有正在进行的操作" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "密码或 PIN 不正确" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "密码或 PIN 无效" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "密码或 PIN 长度无效" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "密码或 PIN 已过期" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "密码或 PIN 已锁定" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "会话已关闭" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "活动会话过多" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "会话无效" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "会话为只读" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "存在一个打开的会话" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "存在一个只读的会话" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "存在一个管理员会话" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "签名有误或已损坏" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "签名无法识别或已损坏" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "缺少某些要求的字段" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "某些字段的值无效" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "设备不存在或已拔出" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "设备无效或无法识别" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "设备已写保护" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "无法导入,因为密钥无效" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "无法导入,因为密钥长度错误" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "无法导入,因为密钥类型错误" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "您已经登录" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "没有登录用户" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "用户的密码或 PIN 未设置" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "用户的类型无效" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "另一用户已经登录" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "登录了太多不同类型的用户" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "无法导入无效的密钥" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "无法导入长度不对的密钥" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "无法导出,因为密钥无效" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "无法导出,因为密钥长度不对" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "无法导出,因为密钥类型不对" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "无法初始化随机数生成器" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "没有可用的随机数生成器" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "加密机制中有无效参数" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "没有足够的空间来保存结果" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "保存的状态无效" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "该信息为敏感信息,不能显示" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "无法保存状态" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "该模块未被初始化" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "该模块已经初始化" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "无法锁定数据" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "数据无法锁定" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "请求已被用户拒绝" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "未知错误" diff --git a/po/zh_HK.po b/po/zh_HK.po deleted file mode 100644 index 00764a7..0000000 --- a/po/zh_HK.po +++ /dev/null @@ -1,342 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2013-11-20 10:27+0000\n" -"Last-Translator: Stef Walter \n" -"Language-Team: Chinese (Hong Kong) (http://www.transifex.com/freedesktop/p11-kit/language/zh_HK/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: zh_HK\n" -"Plural-Forms: nplurals=1; plural=0;\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/po/zh_TW.po b/po/zh_TW.po deleted file mode 100644 index 161e025..0000000 --- a/po/zh_TW.po +++ /dev/null @@ -1,343 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR Collabora Ltd. -# This file is distributed under the same license as the PACKAGE package. -# -# Translators: -# Walter Cheuk , 2013 -msgid "" -msgstr "" -"Project-Id-Version: p11-kit\n" -"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" -"POT-Creation-Date: 2015-02-20 21:29+0100\n" -"PO-Revision-Date: 2013-11-20 10:27+0000\n" -"Last-Translator: Walter Cheuk \n" -"Language-Team: Chinese (Taiwan) (http://www.transifex.com/freedesktop/p11-kit/language/zh_TW/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: zh_TW\n" -"Plural-Forms: nplurals=1; plural=0;\n" - -#: p11-kit/messages.c:78 -msgid "The operation was cancelled" -msgstr "" - -#: p11-kit/messages.c:81 -msgid "Insufficient memory available" -msgstr "" - -#: p11-kit/messages.c:83 -msgid "The specified slot ID is not valid" -msgstr "" - -#: p11-kit/messages.c:85 -msgid "Internal error" -msgstr "內部出錯" - -#: p11-kit/messages.c:87 -msgid "The operation failed" -msgstr "" - -#: p11-kit/messages.c:89 -msgid "Invalid arguments" -msgstr "" - -#: p11-kit/messages.c:91 -msgid "The module cannot create needed threads" -msgstr "" - -#: p11-kit/messages.c:93 -msgid "The module cannot lock data properly" -msgstr "" - -#: p11-kit/messages.c:95 -msgid "The field is read-only" -msgstr "" - -#: p11-kit/messages.c:97 -msgid "The field is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:99 -msgid "The field is invalid or does not exist" -msgstr "" - -#: p11-kit/messages.c:101 -msgid "Invalid value for field" -msgstr "" - -#: p11-kit/messages.c:103 -msgid "The data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:105 -msgid "The data is too long" -msgstr "" - -#: p11-kit/messages.c:107 -msgid "An error occurred on the device" -msgstr "" - -#: p11-kit/messages.c:109 -msgid "Insufficient memory available on the device" -msgstr "" - -#: p11-kit/messages.c:111 -msgid "The device was removed or unplugged" -msgstr "" - -#: p11-kit/messages.c:113 -msgid "The encrypted data is not valid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:115 -msgid "The encrypted data is too long" -msgstr "" - -#: p11-kit/messages.c:117 -msgid "This operation is not supported" -msgstr "" - -#: p11-kit/messages.c:119 -msgid "The key is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:121 -msgid "The key is the wrong size" -msgstr "" - -#: p11-kit/messages.c:123 -msgid "The key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:125 -msgid "No key is needed" -msgstr "" - -#: p11-kit/messages.c:127 -msgid "The key is different than before" -msgstr "" - -#: p11-kit/messages.c:129 -msgid "A key is needed" -msgstr "" - -#: p11-kit/messages.c:131 -msgid "Cannot include the key in the digest" -msgstr "" - -#: p11-kit/messages.c:133 -msgid "This operation cannot be done with this key" -msgstr "" - -#: p11-kit/messages.c:135 -msgid "The key cannot be wrapped" -msgstr "" - -#: p11-kit/messages.c:137 -msgid "Cannot export this key" -msgstr "" - -#: p11-kit/messages.c:139 -msgid "The crypto mechanism is invalid or unrecognized" -msgstr "" - -#: p11-kit/messages.c:141 -msgid "The crypto mechanism has an invalid argument" -msgstr "" - -#: p11-kit/messages.c:143 -msgid "The object is missing or invalid" -msgstr "" - -#: p11-kit/messages.c:145 -msgid "Another operation is already taking place" -msgstr "" - -#: p11-kit/messages.c:147 -msgid "No operation is taking place" -msgstr "" - -#: p11-kit/messages.c:149 -msgid "The password or PIN is incorrect" -msgstr "" - -#: p11-kit/messages.c:151 -msgid "The password or PIN is invalid" -msgstr "" - -#: p11-kit/messages.c:153 -msgid "The password or PIN is of an invalid length" -msgstr "" - -#: p11-kit/messages.c:155 -msgid "The password or PIN has expired" -msgstr "" - -#: p11-kit/messages.c:157 -msgid "The password or PIN is locked" -msgstr "" - -#: p11-kit/messages.c:159 -msgid "The session is closed" -msgstr "" - -#: p11-kit/messages.c:161 -msgid "Too many sessions are active" -msgstr "" - -#: p11-kit/messages.c:163 -msgid "The session is invalid" -msgstr "" - -#: p11-kit/messages.c:165 -msgid "The session is read-only" -msgstr "" - -#: p11-kit/messages.c:167 -msgid "An open session exists" -msgstr "" - -#: p11-kit/messages.c:169 -msgid "A read-only session exists" -msgstr "" - -#: p11-kit/messages.c:171 -msgid "An administrator session exists" -msgstr "" - -#: p11-kit/messages.c:173 -msgid "The signature is bad or corrupted" -msgstr "" - -#: p11-kit/messages.c:175 -msgid "The signature is unrecognized or corrupted" -msgstr "" - -#: p11-kit/messages.c:177 -msgid "Certain required fields are missing" -msgstr "" - -#: p11-kit/messages.c:179 -msgid "Certain fields have invalid values" -msgstr "" - -#: p11-kit/messages.c:181 -msgid "The device is not present or unplugged" -msgstr "" - -#: p11-kit/messages.c:183 -msgid "The device is invalid or unrecognizable" -msgstr "" - -#: p11-kit/messages.c:185 -msgid "The device is write protected" -msgstr "" - -#: p11-kit/messages.c:187 -msgid "Cannot import because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:189 -msgid "Cannot import because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:191 -msgid "Cannot import because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:193 -msgid "You are already logged in" -msgstr "" - -#: p11-kit/messages.c:195 -msgid "No user has logged in" -msgstr "" - -#: p11-kit/messages.c:197 -msgid "The user's password or PIN is not set" -msgstr "" - -#: p11-kit/messages.c:199 -msgid "The user is of an invalid type" -msgstr "" - -#: p11-kit/messages.c:201 -msgid "Another user is already logged in" -msgstr "" - -#: p11-kit/messages.c:203 -msgid "Too many users of different types are logged in" -msgstr "" - -#: p11-kit/messages.c:205 -msgid "Cannot import an invalid key" -msgstr "" - -#: p11-kit/messages.c:207 -msgid "Cannot import a key of the wrong size" -msgstr "" - -#: p11-kit/messages.c:209 -msgid "Cannot export because the key is invalid" -msgstr "" - -#: p11-kit/messages.c:211 -msgid "Cannot export because the key is of the wrong size" -msgstr "" - -#: p11-kit/messages.c:213 -msgid "Cannot export because the key is of the wrong type" -msgstr "" - -#: p11-kit/messages.c:215 -msgid "Unable to initialize the random number generator" -msgstr "" - -#: p11-kit/messages.c:217 -msgid "No random number generator available" -msgstr "" - -#: p11-kit/messages.c:219 -msgid "The crypto mechanism has an invalid parameter" -msgstr "" - -#: p11-kit/messages.c:221 -msgid "Not enough space to store the result" -msgstr "" - -#: p11-kit/messages.c:223 -msgid "The saved state is invalid" -msgstr "" - -#: p11-kit/messages.c:225 -msgid "The information is sensitive and cannot be revealed" -msgstr "" - -#: p11-kit/messages.c:227 -msgid "The state cannot be saved" -msgstr "" - -#: p11-kit/messages.c:229 -msgid "The module has not been initialized" -msgstr "" - -#: p11-kit/messages.c:231 -msgid "The module has already been initialized" -msgstr "" - -#: p11-kit/messages.c:233 -msgid "Cannot lock data" -msgstr "" - -#: p11-kit/messages.c:235 -msgid "The data cannot be locked" -msgstr "" - -#: p11-kit/messages.c:237 -msgid "The request was rejected by the user" -msgstr "" - -#: p11-kit/messages.c:240 -msgid "Unknown error" -msgstr "" diff --git a/trust/Makefile.am b/trust/Makefile.am deleted file mode 100644 index cc91bce..0000000 --- a/trust/Makefile.am +++ /dev/null @@ -1,295 +0,0 @@ - -noinst_LTLIBRARIES += \ - libtrust-testable.la \ - libtrust-data.la - -libtrust_data_la_SOURCES = \ - trust/asn1.c trust/asn1.h \ - trust/basic.asn trust/basic.asn.h \ - trust/base64.c trust/base64.h \ - trust/pem.c trust/pem.h \ - trust/pkix.asn trust/pkix.asn.h \ - trust/oid.c trust/oid.h \ - trust/openssl.asn trust/openssl.asn.h \ - trust/utf8.c trust/utf8.h \ - trust/x509.c trust/x509.h \ - $(NULL) - -libtrust_data_la_CFLAGS = \ - $(LIBTASN1_CFLAGS) - -libtrust_data_la_LIBADD = \ - $(LIBTASN1_LIBS) \ - $(NULL) - -TRUST_SRCS = \ - trust/builder.c trust/builder.h \ - trust/digest.c trust/digest.h \ - trust/index.c trust/index.h \ - trust/parser.c trust/parser.h \ - trust/persist.c trust/persist.h \ - trust/module.c trust/module.h \ - trust/save.c trust/save.h \ - trust/session.c trust/session.h \ - trust/token.c trust/token.h \ - trust/types.h \ - $(NULL) - -configdir = $(p11_package_config_modules) -config_DATA = trust/p11-kit-trust.module - -moduledir = $(p11_module_path) -module_LTLIBRARIES = \ - p11-kit-trust.la - -p11_kit_trust_la_CFLAGS = \ - $(LIBTASN1_CFLAGS) - -p11_kit_trust_la_LIBADD = \ - libtrust-data.la \ - libp11-library.la \ - libp11-common.la \ - $(LIBTASN1_LIBS) \ - $(HASH_LIBS) \ - $(NULL) - -p11_kit_trust_la_LDFLAGS = \ - -no-undefined -module -avoid-version \ - -version-info $(P11KIT_LT_RELEASE) \ - -export-symbols-regex 'C_GetFunctionList' \ - $(NULL) - -p11_kit_trust_la_SOURCES = $(TRUST_SRCS) - -libtrust_testable_la_LDFLAGS = \ - -no-undefined - -libtrust_testable_la_SOURCES = $(TRUST_SRCS) - -libtrust_testable_la_CFLAGS = \ - $(LIBTASN1_CFLAGS) - -libtrust_testable_la_LIBADD = \ - $(LIBTASN1_LIBS) - -bin_PROGRAMS += trust/trust - -trust_trust_LDADD = \ - libtrust-data.la \ - libp11-kit.la \ - libp11-common.la \ - libp11-tool.la \ - $(LTLIBINTL) \ - $(LIBTASN1_LIBS) \ - $(HASH_LIBS) \ - $(NULL) - -trust_trust_CFLAGS = \ - -DP11_KIT_FUTURE_UNSTABLE_API \ - $(LIBTASN1_CFLAGS) \ - $(NULL) - -trust_trust_SOURCES = \ - trust/anchor.c trust/anchor.h \ - trust/parser.c trust/parser.h \ - trust/persist.c trust/persist.h \ - trust/digest.c trust/digest.h \ - trust/enumerate.c trust/enumerate.h \ - trust/extract.c trust/extract.h \ - trust/extract-jks.c \ - trust/extract-openssl.c \ - trust/extract-pem.c \ - trust/extract-cer.c \ - trust/list.c trust/list.h \ - trust/openssl.asn trust/openssl.asn.h \ - trust/save.c trust/save.h \ - trust/trust.c \ - $(NULL) - -externaldir = $(privatedir) -external_SCRIPTS = \ - trust/trust-extract-compat - -EXTRA_DIST += \ - trust/p11-kit-trust.module - -asn: - asn1Parser -o $(srcdir)/trust/pkix.asn.h $(srcdir)/trust/pkix.asn - asn1Parser -o $(srcdir)/trust/openssl.asn.h $(srcdir)/trust/openssl.asn - asn1Parser -o $(srcdir)/trust/basic.asn.h $(srcdir)/trust/basic.asn - -# Tests ---------------------------------------------------------------- - -trust_CFLAGS = \ - $(LIBTASN1_CFLAGS) \ - $(NULL) - -trust_LIBS = \ - libtrust-testable.la \ - libtrust-data.la \ - libtrust-test.la \ - libp11-kit.la \ - libp11-library.la \ - libp11-test.la \ - libp11-common.la \ - $(LIBTASN1_LIBS) \ - $(HASH_LIBS) \ - $(NULL) - -noinst_LTLIBRARIES += \ - libtrust-test.la - -libtrust_test_la_SOURCES = \ - trust/test-trust.c trust/test-trust.h \ - trust/digest.c \ - $(NULL) - -CHECK_PROGS += \ - test-digest \ - test-asn1 \ - test-base64 \ - test-pem \ - test-oid \ - test-utf8 \ - test-x509 \ - test-persist \ - test-index \ - test-parser \ - test-builder \ - test-token \ - test-module \ - test-save \ - test-enumerate \ - test-cer \ - test-bundle \ - test-openssl \ - $(NULL) - -test_asn1_SOURCES = trust/test-asn1.c -test_asn1_LDADD = $(trust_LIBS) -test_asn1_CFLAGS = $(trust_CFLAGS) - -test_base64_SOURCES = trust/test-base64.c -test_base64_LDADD = $(trust_LIBS) -test_base64_CFLAGS = $(trust_CFLAGS) - -test_builder_SOURCES = trust/test-builder.c -test_builder_LDADD = $(trust_LIBS) -test_builder_CFLAGS = $(trust_CFLAGS) - -test_bundle_SOURCES = trust/test-bundle.c -test_bundle_LDADD = $(trust_LIBS) -test_bundle_CFLAGS = $(trust_CFLAGS) - -test_cer_SOURCES = trust/test-cer.c -test_cer_LDADD = $(trust_LIBS) -test_cer_CFLAGS = $(trust_CFLAGS) - -test_digest_SOURCES = trust/test-digest.c -test_digest_LDADD = $(trust_LIBS) -test_digest_CFLAGS = $(trust_CFLAGS) - -test_enumerate_SOURCES = trust/test-enumerate.c -test_enumerate_LDADD = $(trust_LIBS) -test_enumerate_CFLAGS = $(trust_CFLAGS) - -test_index_SOURCES = trust/test-index.c -test_index_LDADD = $(trust_LIBS) -test_index_CFLAGS = $(trust_CFLAGS) - -test_module_SOURCES = trust/test-module.c -test_module_LDADD = $(trust_LIBS) -test_module_CFLAGS = $(trust_CFLAGS) - -test_oid_SOURCES = trust/test-oid.c -test_oid_LDADD = $(trust_LIBS) -test_oid_CFLAGS = $(trust_CFLAGS) - -test_openssl_SOURCES = trust/test-openssl.c -test_openssl_LDADD = $(trust_LIBS) -test_openssl_CFLAGS = $(trust_CFLAGS) - -test_parser_SOURCES = trust/test-parser.c -test_parser_LDADD = $(trust_LIBS) -test_parser_CFLAGS = $(trust_CFLAGS) - -test_pem_SOURCES = trust/test-pem.c -test_pem_LDADD = $(trust_LIBS) - -test_persist_SOURCES = trust/test-persist.c -test_persist_LDADD = $(trust_LIBS) - -test_save_SOURCES = trust/test-save.c -test_save_LDADD = $(trust_LIBS) - -test_token_SOURCES = trust/test-token.c -test_token_LDADD = $(trust_LIBS) -test_token_CFLAGS = $(trust_CFLAGS) - -test_utf8_SOURCES = trust/test-utf8.c -test_utf8_LDADD = $(trust_LIBS) - -test_x509_SOURCES = trust/test-x509.c -test_x509_LDADD = $(trust_LIBS) -test_x509_CFLAGS = $(trust_CFLAGS) - -noinst_PROGRAMS += \ - frob-pow \ - frob-token \ - frob-nss-trust \ - frob-cert \ - frob-bc \ - frob-ku \ - frob-eku \ - frob-ext \ - frob-oid \ - $(NULL) - -frob_bc_SOURCES = trust/frob-bc.c -frob_bc_LDADD = $(trust_LIBS) -frob_bc_CFLAGS = $(trust_CFLAGS) - -frob_cert_SOURCES = trust/frob-cert.c -frob_cert_LDADD = $(trust_LIBS) -frob_cert_CFLAGS = $(trust_CFLAGS) - -frob_eku_SOURCES = trust/frob-eku.c -frob_eku_LDADD = $(trust_LIBS) -frob_eku_CFLAGS = $(trust_CFLAGS) - -frob_ext_SOURCES = trust/frob-ext.c -frob_ext_LDADD = $(trust_LIBS) -frob_ext_CFLAGS = $(trust_CFLAGS) - -frob_ku_SOURCES = trust/frob-ku.c -frob_ku_LDADD = $(trust_LIBS) -frob_ku_CFLAGS = $(trust_CFLAGS) - -frob_nss_trust_SOURCES = trust/frob-nss-trust.c -frob_nss_trust_LDADD = \ - libp11-common.la \ - libp11-kit.la \ - $(HASH_LIBS) \ - $(NULL) - -frob_oid_SOURCES = trust/frob-oid.c -frob_oid_LDADD = $(trust_LIBS) -frob_oid_CFLAGS = $(trust_CFLAGS) - -frob_pow_SOURCES = trust/frob-pow.c -frob_pow_LDADD = $(trust_LIBS) -frob_pow_CFLAGS = $(trust_CFLAGS) - -frob_token_SOURCES = trust/frob-token.c -frob_token_LDADD = $(trust_LIBS) -frob_token_CFLAGS = $(trust_CFLAGS) - -noinst_SCRIPTS += trust/test-extract - -installcheck-local: - sh $(builddir)/trust/test-extract - -EXTRA_DIST += \ - trust/input \ - trust/fixtures \ - $(NULL) diff --git a/trust/anchor.c b/trust/anchor.c deleted file mode 100644 index baa1aeb..0000000 --- a/trust/anchor.c +++ /dev/null @@ -1,660 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#define P11_DEBUG_FLAG P11_DEBUG_TOOL - -#include "anchor.h" -#include "attrs.h" -#include "debug.h" -#include "constants.h" -#include "extract.h" -#include "message.h" -#include "parser.h" -#include "tool.h" - -#include "p11-kit/iter.h" -#include "p11-kit/p11-kit.h" - -#include -#include -#include -#include -#include - -static p11_parser * -create_arg_file_parser (void) -{ - p11_parser *parser; - - parser = p11_parser_new (NULL); - return_val_if_fail (parser != NULL, NULL); - - p11_parser_formats (parser, - p11_parser_format_x509, - p11_parser_format_pem, - NULL); - - return parser; -} - -static bool -iter_match_anchor (p11_kit_iter *iter, - CK_ATTRIBUTE *attrs) -{ - CK_ATTRIBUTE *attr; - - attr = p11_attrs_find_valid (attrs, CKA_CLASS); - if (attr == NULL) - return false; - - p11_kit_iter_add_filter (iter, attr, 1); - - attr = p11_attrs_find_valid (attrs, CKA_VALUE); - if (attr == NULL) - return false; - - p11_kit_iter_add_filter (iter, attr, 1); - return true; -} - -static p11_array * -uris_or_files_to_iters (int argc, - char *argv[], - int behavior) -{ - int flags = P11_KIT_URI_FOR_OBJECT_ON_TOKEN_AND_MODULE; - p11_parser *parser = NULL; - p11_array *iters; - p11_array *parsed; - p11_kit_uri *uri; - p11_kit_iter *iter; - int ret; - int i, j; - - iters = p11_array_new ((p11_destroyer)p11_kit_iter_free); - return_val_if_fail (iters != NULL, NULL); - - for (i = 0; i < argc; i++) { - - /* A PKCS#11 URI */ - if (strncmp (argv[i], "pkcs11:", 7) == 0) { - uri = p11_kit_uri_new (); - if (p11_kit_uri_parse (argv[i], flags, uri) != P11_KIT_URI_OK) { - p11_message ("invalid PKCS#11 uri: %s", argv[i]); - p11_kit_uri_free (uri); - break; - } - - iter = p11_kit_iter_new (uri, behavior); - return_val_if_fail (iter != NULL, NULL); - p11_kit_uri_free (uri); - - if (!p11_array_push (iters, iter)) - return_val_if_reached (NULL); - - } else { - if (parser == NULL) - parser = create_arg_file_parser (); - - ret = p11_parse_file (parser, argv[i], NULL, P11_PARSE_FLAG_ANCHOR); - switch (ret) { - case P11_PARSE_SUCCESS: - p11_debug ("parsed file: %s", argv[i]); - break; - case P11_PARSE_UNRECOGNIZED: - p11_message ("unrecognized file format: %s", argv[i]); - break; - default: - p11_message ("failed to parse file: %s", argv[i]); - break; - } - - if (ret != P11_PARSE_SUCCESS) - break; - - parsed = p11_parser_parsed (parser); - for (j = 0; j < parsed->num; j++) { - iter = p11_kit_iter_new (NULL, behavior); - return_val_if_fail (iter != NULL, NULL); - - iter_match_anchor (iter, parsed->elem[j]); - if (!p11_array_push (iters, iter)) - return_val_if_reached (NULL); - } - } - } - - if (parser) - p11_parser_free (parser); - - if (argc != i) { - p11_array_free (iters); - return NULL; - } - - return iters; -} - -static p11_array * -files_to_attrs (int argc, - char *argv[]) -{ - p11_parser *parser; - p11_array *parsed; - p11_array *array; - int ret = P11_PARSE_SUCCESS; - int i, j; - - array = p11_array_new (p11_attrs_free); - return_val_if_fail (array != NULL, NULL); - - parser = create_arg_file_parser (); - return_val_if_fail (parser != NULL, NULL); - - for (i = 0; i < argc; i++) { - ret = p11_parse_file (parser, argv[i], NULL, P11_PARSE_FLAG_ANCHOR); - switch (ret) { - case P11_PARSE_SUCCESS: - p11_debug ("parsed file: %s", argv[i]); - break; - case P11_PARSE_UNRECOGNIZED: - p11_message ("unrecognized file format: %s", argv[i]); - break; - default: - p11_message ("failed to parse file: %s", argv[i]); - break; - } - - if (ret != P11_PARSE_SUCCESS) - break; - - parsed = p11_parser_parsed (parser); - for (j = 0; j < parsed->num; j++) { - if (!p11_array_push (array, parsed->elem[j])) - return_val_if_reached (NULL); - parsed->elem[j] = NULL; - } - } - - p11_parser_free (parser); - - if (ret == P11_PARSE_SUCCESS) - return array; - - p11_array_free (array); - return NULL; - -} - -static CK_SESSION_HANDLE -session_for_store_on_module (const char *name, - CK_FUNCTION_LIST *module, - bool *found_read_only) -{ - CK_SESSION_HANDLE session = 0; - CK_SLOT_ID *slots = NULL; - CK_TOKEN_INFO info; - CK_ULONG count; - CK_ULONG i; - CK_RV rv; - - rv = p11_kit_module_initialize (module); - if (rv != CKR_OK) { - p11_message ("%s: couldn't initialize: %s", name, p11_kit_message ()); - return 0UL; - } - - rv = (module->C_GetSlotList) (CK_TRUE, NULL, &count); - if (rv == CKR_OK) { - slots = calloc (count, sizeof (CK_ULONG)); - return_val_if_fail (slots != NULL, 0UL); - rv = (module->C_GetSlotList) (CK_TRUE, slots, &count); - } - if (rv != CKR_OK) { - p11_message ("%s: couldn't enumerate slots: %s", name, p11_kit_strerror (rv)); - free (slots); - return 0UL; - } - - for (i = 0; session == 0 && i < count; i++) { - rv = (module->C_GetTokenInfo) (slots[i], &info); - if (rv != CKR_OK) { - p11_message ("%s: couldn't get token info: %s", name, p11_kit_strerror (rv)); - continue; - } - - if (info.flags & CKF_WRITE_PROTECTED) { - *found_read_only = true; - continue; - } - - rv = (module->C_OpenSession) (slots[i], CKF_SERIAL_SESSION | CKF_RW_SESSION, - NULL, NULL, &session); - if (rv != CKR_OK) { - p11_message ("%s: couldn't open session: %s", name, p11_kit_strerror (rv)); - session = 0; - } - - p11_debug ("opened writable session on: %s", name); - } - - free (slots); - - if (session == 0UL) - p11_kit_module_finalize (module); - - return session; -} - -static CK_SESSION_HANDLE -session_for_store (CK_FUNCTION_LIST **module) -{ - CK_SESSION_HANDLE session = 0UL; - CK_FUNCTION_LIST **modules; - bool found_read_only = false; - char *name; - int i; - - modules = p11_kit_modules_load (NULL, P11_KIT_MODULE_TRUSTED); - if (modules == NULL) - return 0; - - for (i = 0; modules[i] != NULL; i++) { - if (session == 0UL) { - name = p11_kit_module_get_name (modules[i]); - session = session_for_store_on_module (name, modules[i], - &found_read_only); - - if (session != 0UL) { - *module = modules[i]; - modules[i] = NULL; - } - - free (name); - } - - if (modules[i]) - p11_kit_module_release (modules[i]); - } - - if (session == 0UL) { - if (found_read_only) - p11_message ("no configured writable location to store anchors"); - else - p11_message ("no configured location to store anchors"); - } - - free (modules); - return session; -} - -static bool -create_anchor (CK_FUNCTION_LIST *module, - CK_SESSION_HANDLE session, - CK_ATTRIBUTE *attrs) -{ - CK_BBOOL truev = CK_TRUE; - CK_OBJECT_HANDLE object; - char *string; - CK_RV rv; - - CK_ATTRIBUTE basics[] = { - { CKA_TOKEN, &truev, sizeof (truev) }, - { CKA_TRUSTED, &truev, sizeof (truev) }, - { CKA_INVALID, }, - }; - - attrs = p11_attrs_merge (attrs, p11_attrs_dup (basics), true); - p11_attrs_remove (attrs, CKA_MODIFIABLE); - - if (p11_debugging) { - string = p11_attrs_to_string (attrs, -1); - p11_debug ("storing: %s", string); - free (string); - } - - rv = (module->C_CreateObject) (session, attrs, - p11_attrs_count (attrs), &object); - - p11_attrs_free (attrs); - - if (rv != CKR_OK) { - p11_message ("couldn't create object: %s", p11_kit_strerror (rv)); - return false; - } - - return true; -} - -static bool -modify_anchor (CK_FUNCTION_LIST *module, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE *attrs) -{ - CK_BBOOL truev = CK_TRUE; - CK_ATTRIBUTE *changes; - CK_ATTRIBUTE *label; - char *string; - CK_RV rv; - - CK_ATTRIBUTE trusted = { CKA_TRUSTED, &truev, sizeof (truev) }; - - label = p11_attrs_find_valid (attrs, CKA_LABEL); - changes = p11_attrs_build (NULL, &trusted, label, NULL); - return_val_if_fail (attrs != NULL, FALSE); - - /* Don't need the attributes anymore */ - p11_attrs_free (attrs); - - if (p11_debugging) { - string = p11_attrs_to_string (changes, -1); - p11_debug ("setting: %s", string); - free (string); - } - - rv = (module->C_SetAttributeValue) (session, object, changes, - p11_attrs_count (changes)); - - p11_attrs_free (changes); - - if (rv != CKR_OK) { - p11_message ("couldn't create object: %s", p11_kit_strerror (rv)); - return false; - } - - return true; -} - -static CK_OBJECT_HANDLE -find_anchor (CK_FUNCTION_LIST *module, - CK_SESSION_HANDLE session, - CK_ATTRIBUTE *attrs) -{ - CK_OBJECT_HANDLE object = 0UL; - CK_ATTRIBUTE *attr; - p11_kit_iter *iter; - - attr = p11_attrs_find_valid (attrs, CKA_CLASS); - return_val_if_fail (attr != NULL, 0); - - iter = p11_kit_iter_new (NULL, 0); - return_val_if_fail (iter != NULL, 0); - - if (iter_match_anchor (iter, attrs)) { - p11_kit_iter_begin_with (iter, module, 0, session); - if (p11_kit_iter_next (iter) == CKR_OK) - object = p11_kit_iter_get_object (iter); - } - - p11_kit_iter_free (iter); - - return object; -} - -static int -anchor_store (int argc, - char *argv[], - bool *changed) -{ - CK_ATTRIBUTE *attrs; - CK_FUNCTION_LIST *module = NULL; - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE object; - p11_array *anchors; - int ret; - int i; - - anchors = files_to_attrs (argc, argv); - if (anchors == NULL) - return 1; - - if (anchors->num == 0) { - p11_message ("specify at least one anchor input file"); - p11_array_free (anchors); - return 2; - } - - session = session_for_store (&module); - if (session == 0UL) { - p11_array_free (anchors); - return 1; - } - - for (i = 0, ret = 0; i < anchors->num; i++) { - attrs = anchors->elem[i]; - anchors->elem[i] = NULL; - - object = find_anchor (module, session, attrs); - if (object == 0) { - p11_debug ("don't yet have this anchor"); - if (create_anchor (module, session, attrs)) { - *changed = true; - } else { - ret = 1; - break; - } - } else { - p11_debug ("already have this anchor"); - if (modify_anchor (module, session, object, attrs)) { - *changed = true; - } else { - ret = 1; - break; - } - } - } - - p11_array_free (anchors); - p11_kit_module_finalize (module); - p11_kit_module_release (module); - - return ret; -} - -static const char * -description_for_object_at_iter (p11_kit_iter *iter) -{ - CK_OBJECT_CLASS klass; - CK_ATTRIBUTE attrs[] = { - { CKA_CLASS, &klass, sizeof (klass) }, - { CKA_INVALID }, - }; - - const char *desc = "object"; - CK_RV rv; - - rv = p11_kit_iter_load_attributes (iter, attrs, 1); - if (rv == CKR_OK) - desc = p11_constant_nick (p11_constant_classes, klass); - - return desc; -} - -static bool -remove_all (p11_kit_iter *iter, - bool *changed) -{ - const char *desc; - CK_RV rv; - - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - desc = description_for_object_at_iter (iter); - p11_debug ("removing %s: %lu", desc, p11_kit_iter_get_object (iter)); - rv = p11_kit_iter_destroy_object (iter); - switch (rv) { - case CKR_OK: - *changed = true; - /* fall through */ - case CKR_OBJECT_HANDLE_INVALID: - continue; - case CKR_TOKEN_WRITE_PROTECTED: - case CKR_SESSION_READ_ONLY: - case CKR_ATTRIBUTE_READ_ONLY: - p11_message ("couldn't remove read-only %s", desc); - continue; - default: - p11_message ("couldn't remove %s: %s", desc, - p11_kit_strerror (rv)); - break; - } - } - - return (rv == CKR_CANCEL); -} - -static int -anchor_remove (int argc, - char *argv[], - bool *changed) -{ - CK_FUNCTION_LIST **modules; - p11_array *iters; - p11_kit_iter *iter; - int ret = 0; - int i; - - iters = uris_or_files_to_iters (argc, argv, P11_KIT_ITER_WANT_WRITABLE); - return_val_if_fail (iters != NULL, 1); - - if (iters->num == 0) { - p11_message ("at least one file or uri must be specified"); - p11_array_free (iters); - return 2; - } - - modules = p11_kit_modules_load_and_initialize (P11_KIT_MODULE_TRUSTED); - if (modules == NULL) - ret = 1; - - for (i = 0; ret == 0 && i < iters->num; i++) { - iter = iters->elem[i]; - - p11_kit_iter_begin (iter, modules); - if (!remove_all (iter, changed)) - ret = 1; - } - - p11_array_free (iters); - p11_kit_modules_finalize_and_release (modules); - - return ret; -} - -int -p11_trust_anchor (int argc, - char **argv) -{ - bool changed = false; - int action = 0; - int opt; - int ret; - - enum { - opt_verbose = 'v', - opt_quiet = 'q', - opt_help = 'h', - - opt_store = 's', - opt_remove = 'r', - }; - - struct option options[] = { - { "store", no_argument, NULL, opt_store }, - { "remove", no_argument, NULL, opt_remove }, - { "verbose", no_argument, NULL, opt_verbose }, - { "quiet", no_argument, NULL, opt_quiet }, - { "help", no_argument, NULL, opt_help }, - { 0 }, - }; - - p11_tool_desc usages[] = { - { 0, "usage: trust anchor --store ..." }, - { opt_verbose, "show verbose debug output", }, - { opt_quiet, "suppress command output", }, - { 0 }, - }; - - while ((opt = p11_tool_getopt (argc, argv, options)) != -1) { - switch (opt) { - case opt_store: - case opt_remove: - if (action == 0) { - action = opt; - } else { - p11_message ("an action was already specified"); - return 2; - } - break; - case opt_verbose: - case opt_quiet: - break; - case opt_help: - p11_tool_usage (usages, options); - return 0; - case '?': - p11_tool_usage (usages, options); - return 2; - default: - assert_not_reached (); - break; - } - }; - - argc -= optind; - argv += optind; - - if (action == 0) - action = opt_store; - - /* Store is different, and only accepts files */ - if (action == opt_store) - ret = anchor_store (argc, argv, &changed); - - else if (action == opt_remove) - ret = anchor_remove (argc, argv, &changed); - - else - assert_not_reached (); - - /* Extract the compat bundles after modification */ - if (ret == 0 && changed) { - char *args[] = { argv[0], NULL }; - ret = p11_trust_extract_compat (1, args); - } - - return ret; -} diff --git a/trust/anchor.h b/trust/anchor.h deleted file mode 100644 index 7b08682..0000000 --- a/trust/anchor.h +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#ifndef P11_ANCHOR_H_ -#define P11_ANCHOR_H_ - -int p11_trust_anchor (int argc, - char **argv); - -#endif /* P11_ANCHOR_H_ */ diff --git a/trust/asn1.c b/trust/asn1.c deleted file mode 100644 index dd1812d..0000000 --- a/trust/asn1.c +++ /dev/null @@ -1,374 +0,0 @@ -/* - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "asn1.h" -#define P11_DEBUG_FLAG P11_DEBUG_TRUST -#include "debug.h" -#include "oid.h" - -#include "openssl.asn.h" -#include "pkix.asn.h" - -#include -#include -#include - -static void -free_asn1_def (void *data) -{ - node_asn *def = data; - asn1_delete_structure (&def); -} - -struct { - const ASN1_ARRAY_TYPE* tab; - const char *prefix; - int prefix_len; -} asn1_tabs[] = { - { pkix_asn1_tab, "PKIX1.", 6 }, - { openssl_asn1_tab, "OPENSSL.", 8 }, - { NULL, }, -}; - -p11_dict * -p11_asn1_defs_load (void) -{ - char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; - node_asn *def; - p11_dict *defs; - int ret; - int i; - - defs = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, free_asn1_def); - - for (i = 0; asn1_tabs[i].tab != NULL; i++) { - - def = NULL; - ret = asn1_array2tree (asn1_tabs[i].tab, &def, message); - if (ret != ASN1_SUCCESS) { - p11_debug_precond ("failed to load %s* definitions: %s: %s\n", - asn1_tabs[i].prefix, asn1_strerror (ret), message); - return NULL; - } - - if (!p11_dict_set (defs, (void *)asn1_tabs[i].prefix, def)) - return_val_if_reached (NULL); - } - - return defs; -} - -static node_asn * -lookup_def (p11_dict *asn1_defs, - const char *struct_name) -{ - int i; - - for (i = 0; asn1_tabs[i].tab != NULL; i++) { - if (strncmp (struct_name, asn1_tabs[i].prefix, asn1_tabs[i].prefix_len) == 0) - return p11_dict_get (asn1_defs, asn1_tabs[i].prefix); - } - - p11_debug_precond ("unknown prefix for element: %s\n", struct_name); - return NULL; -} - -node_asn * -p11_asn1_create (p11_dict *asn1_defs, - const char *struct_name) -{ - node_asn *def; - node_asn *asn; - int ret; - - return_val_if_fail (asn1_defs != NULL, NULL); - - def = lookup_def (asn1_defs, struct_name); - return_val_if_fail (def != NULL, NULL); - - ret = asn1_create_element (def, struct_name, &asn); - if (ret != ASN1_SUCCESS) { - p11_debug_precond ("failed to create element %s: %s\n", - struct_name, asn1_strerror (ret)); - return NULL; - } - - return asn; -} - -node_asn * -p11_asn1_decode (p11_dict *asn1_defs, - const char *struct_name, - const unsigned char *der, - size_t der_len, - char *message) -{ - char msg[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; - node_asn *asn = NULL; - int ret; - - return_val_if_fail (asn1_defs != NULL, NULL); - - asn = p11_asn1_create (asn1_defs, struct_name); - return_val_if_fail (asn != NULL, NULL); - - /* asn1_der_decoding destroys the element if fails */ - ret = asn1_der_decoding (&asn, der, der_len, message ? message : msg); - - if (ret != ASN1_SUCCESS) { - /* If caller passed in a message buffer, assume they're logging */ - if (!message) { - p11_debug ("couldn't parse %s: %s: %s", - struct_name, asn1_strerror (ret), msg); - } - return NULL; - } - - return asn; -} - -unsigned char * -p11_asn1_encode (node_asn *asn, - size_t *der_len) -{ - char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; - unsigned char *der; - int len; - int ret; - - return_val_if_fail (der_len != NULL, NULL); - - len = 0; - ret = asn1_der_coding (asn, "", NULL, &len, message); - return_val_if_fail (ret != ASN1_SUCCESS, NULL); - - if (ret == ASN1_MEM_ERROR) { - der = malloc (len); - return_val_if_fail (der != NULL, NULL); - - ret = asn1_der_coding (asn, "", der, &len, message); - } - - if (ret != ASN1_SUCCESS) { - p11_debug_precond ("failed to encode: %s\n", message); - return NULL; - } - - if (der_len) - *der_len = len; - return der; -} - -void * -p11_asn1_read (node_asn *asn, - const char *field, - size_t *length) -{ - unsigned char *value; - int len; - int ret; - - return_val_if_fail (asn != NULL, NULL); - return_val_if_fail (field != NULL, NULL); - return_val_if_fail (length != NULL, NULL); - - len = 0; - ret = asn1_read_value (asn, field, NULL, &len); - if (ret == ASN1_ELEMENT_NOT_FOUND) - return NULL; - - return_val_if_fail (ret == ASN1_MEM_ERROR, NULL); - - value = malloc (len + 1); - return_val_if_fail (value != NULL, NULL); - - ret = asn1_read_value (asn, field, value, &len); - return_val_if_fail (ret == ASN1_SUCCESS, NULL); - - /* Courtesy zero terminated */ - value[len] = '\0'; - - *length = len; - return value; -} - -void -p11_asn1_free (void *asn) -{ - node_asn *node = asn; - if (node != NULL) - asn1_delete_structure (&node); -} - -ssize_t -p11_asn1_tlv_length (const unsigned char *data, - size_t length) -{ - unsigned char cls; - int counter = 0; - int cb, len; - unsigned long tag; - - if (asn1_get_tag_der (data, length, &cls, &cb, &tag) == ASN1_SUCCESS) { - counter += cb; - len = asn1_get_length_der (data + cb, length - cb, &cb); - counter += cb; - if (len >= 0) { - len += counter; - if (length >= len) - return len; - } - } - - return -1; -} - -typedef struct { - node_asn *node; - char *struct_name; - size_t length; -} asn1_item; - -static void -free_asn1_item (void *data) -{ - asn1_item *item = data; - free (item->struct_name); - asn1_delete_structure (&item->node); - free (item); -} - -struct _p11_asn1_cache { - p11_dict *defs; - p11_dict *items; -}; - -p11_asn1_cache * -p11_asn1_cache_new (void) -{ - p11_asn1_cache *cache; - - cache = calloc (1, sizeof (p11_asn1_cache)); - return_val_if_fail (cache != NULL, NULL); - - cache->defs = p11_asn1_defs_load (); - return_val_if_fail (cache->defs != NULL, NULL); - - cache->items = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, - NULL, free_asn1_item); - return_val_if_fail (cache->items != NULL, NULL); - - return cache; -} - -node_asn * -p11_asn1_cache_get (p11_asn1_cache *cache, - const char *struct_name, - const unsigned char *der, - size_t der_len) -{ - asn1_item *item; - - if (cache == NULL) - return NULL; - - return_val_if_fail (struct_name != NULL, NULL); - return_val_if_fail (der != NULL, NULL); - - item = p11_dict_get (cache->items, der); - if (item != NULL) { - return_val_if_fail (item->length == der_len, NULL); - return_val_if_fail (strcmp (item->struct_name, struct_name) == 0, NULL); - return item->node; - } - - return NULL; -} - -void -p11_asn1_cache_take (p11_asn1_cache *cache, - node_asn *node, - const char *struct_name, - const unsigned char *der, - size_t der_len) -{ - asn1_item *item; - - if (cache == NULL) { - asn1_delete_structure (&node); - return; - } - - return_if_fail (struct_name != NULL); - return_if_fail (der != NULL); - return_if_fail (der_len != 0); - - item = calloc (1, sizeof (asn1_item)); - return_if_fail (item != NULL); - - item->length = der_len; - item->node = node; - item->struct_name = strdup (struct_name); - return_if_fail (item->struct_name != NULL); - - if (!p11_dict_set (cache->items, (void *)der, item)) - return_if_reached (); -} - -void -p11_asn1_cache_flush (p11_asn1_cache *cache) -{ - if (cache == NULL) - return; - p11_dict_clear (cache->items); -} - -p11_dict * -p11_asn1_cache_defs (p11_asn1_cache *cache) -{ - return_val_if_fail (cache != NULL, NULL); - return cache->defs; -} - -void -p11_asn1_cache_free (p11_asn1_cache *cache) -{ - if (!cache) - return; - p11_dict_free (cache->items); - p11_dict_free (cache->defs); - free (cache); -} diff --git a/trust/asn1.h b/trust/asn1.h deleted file mode 100644 index a5f9caf..0000000 --- a/trust/asn1.h +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include - -#include "dict.h" - -#ifndef P11_ASN1_H_ -#define P11_ASN1_H_ - -typedef struct _p11_asn1_cache p11_asn1_cache; - -p11_dict * p11_asn1_defs_load (void); - -node_asn * p11_asn1_decode (p11_dict *asn1_defs, - const char *struct_name, - const unsigned char *der, - size_t der_len, - char *message); - -node_asn * p11_asn1_create (p11_dict *asn1_defs, - const char *struct_name); - -unsigned char * p11_asn1_encode (node_asn *asn, - size_t *der_len); - -void * p11_asn1_read (node_asn *asn, - const char *field, - size_t *length); - -void p11_asn1_free (void *asn); - -ssize_t p11_asn1_tlv_length (const unsigned char *data, - size_t length); - -p11_asn1_cache * p11_asn1_cache_new (void); - -p11_dict * p11_asn1_cache_defs (p11_asn1_cache *cache); - -node_asn * p11_asn1_cache_get (p11_asn1_cache *cache, - const char *struct_name, - const unsigned char *der, - size_t der_len); - -void p11_asn1_cache_take (p11_asn1_cache *cache, - node_asn *node, - const char *struct_name, - const unsigned char *der, - size_t der_len); - -void p11_asn1_cache_flush (p11_asn1_cache *cache); - -void p11_asn1_cache_free (p11_asn1_cache *cache); - -#endif /* P11_ASN1_H_ */ diff --git a/trust/base64.c b/trust/base64.c deleted file mode 100644 index a9eb966..0000000 --- a/trust/base64.c +++ /dev/null @@ -1,251 +0,0 @@ -/* - * Copyright (c) 1996, 1998 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Portions Copyright (c) 1995 by International Business Machines, Inc. - * - * International Business Machines, Inc. (hereinafter called IBM) grants - * permission under its copyrights to use, copy, modify, and distribute this - * Software with or without fee, provided that the above copyright notice and - * all paragraphs of this notice appear in all copies, and that the name of IBM - * not be used in connection with the marketing of any product incorporating - * the Software or modifications thereof, without specific, written prior - * permission. - * - * To the extent it has a right to do so, IBM grants an immunity from suit - * under its patents, if any, for the use, sale or manufacture of products to - * the extent that such products are used for performing Domain Name System - * dynamic updates in TCP/IP networks by means of the Software. No immunity is - * granted for any product per se or for any other function of any product. - * - * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A - * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL, - * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN - * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. - */ - -#include "config.h" - -#include "base64.h" - -#include -#include -#include -#include - -static const char Base64[] = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; - -static const char Pad64 = '='; - -/* skips all whitespace anywhere. - converts characters, four at a time, starting at (or after) - src from base - 64 numbers into three 8 bit bytes in the target area. - it returns the number of data bytes stored at the target, or -1 on error. - */ - -int -p11_b64_pton (const char *src, - size_t length, - unsigned char *target, - size_t targsize) -{ - int tarindex, state, ch; - char *pos; - const char *end; - - state = 0; - tarindex = 0; - end = src + length; - - /* We can't rely on the null terminator */ - #define next_char(src, end) \ - (((src) == (end)) ? '\0': *(src)++) - - while ((ch = next_char (src, end)) != '\0') { - if (isspace ((unsigned char) ch)) /* Skip whitespace anywhere. */ - continue; - - if (ch == Pad64) - break; - - pos = strchr (Base64, ch); - if (pos == 0) /* A non-base64 character. */ - return (-1); - - switch (state) { - case 0: - if (target) { - if ((size_t)tarindex >= targsize) - return (-1); - target[tarindex] = (pos - Base64) << 2; - } - state = 1; - break; - case 1: - if (target) { - if ((size_t) tarindex + 1 >= targsize) - return (-1); - target[tarindex] |= (pos - Base64) >> 4; - target[tarindex + 1] = ((pos - Base64) & 0x0f) - << 4; - } - tarindex++; - state = 2; - break; - case 2: - if (target) { - if ((size_t) tarindex + 1 >= targsize) - return (-1); - target[tarindex] |= (pos - Base64) >> 2; - target[tarindex + 1] = ((pos - Base64) & 0x03) - << 6; - } - tarindex++; - state = 3; - break; - case 3: - if (target) { - if ((size_t) tarindex >= targsize) - return (-1); - target[tarindex] |= (pos - Base64); - } - tarindex++; - state = 0; - break; - default: - abort(); - } - } - - /* - * We are done decoding Base-64 chars. Let's see if we ended - * on a byte boundary, and/or with erroneous trailing characters. - */ - - if (ch == Pad64) { /* We got a pad char. */ - ch = next_char (src, end); /* Skip it, get next. */ - switch (state) { - case 0: /* Invalid = in first position */ - case 1: /* Invalid = in second position */ - return (-1); - - case 2: /* Valid, means one byte of info */ - /* Skip any number of spaces. */ - for ((void) NULL; ch != '\0'; ch = next_char (src, end)) - if (!isspace((unsigned char) ch)) - break; - /* Make sure there is another trailing = sign. */ - if (ch != Pad64) - return (-1); - ch = next_char (src, end); /* Skip the = */ - /* Fall through to "single trailing =" case. */ - /* FALLTHROUGH */ - - case 3: /* Valid, means two bytes of info */ - /* - * We know this char is an =. Is there anything but - * whitespace after it? - */ - for ((void)NULL; src != end; ch = next_char (src, end)) - if (!isspace((unsigned char) ch)) - return (-1); - - /* - * Now make sure for cases 2 and 3 that the "extra" - * bits that slopped past the last full byte were - * zeros. If we don't check them, they become a - * subliminal channel. - */ - if (target && target[tarindex] != 0) - return (-1); - } - } else { - /* - * We ended by seeing the end of the string. Make sure we - * have no partial bytes lying around. - */ - if (state != 0) - return (-1); - } - - return (tarindex); -} - -int -p11_b64_ntop (const unsigned char *src, - size_t srclength, - char *target, - size_t targsize, - int breakl) -{ - size_t len = 0; - unsigned char input[3]; - unsigned char output[4]; - size_t i; - - while (srclength > 0) { - if (2 < srclength) { - input[0] = *src++; - input[1] = *src++; - input[2] = *src++; - srclength -= 3; - - output[0] = input[0] >> 2; - output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4); - output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6); - output[3] = input[2] & 0x3f; - - } else if (0 != srclength) { - /* Get what's left. */ - input[0] = input[1] = input[2] = '\0'; - for (i = 0; i < srclength; i++) - input[i] = *src++; - - output[0] = input[0] >> 2; - output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4); - if (srclength == 1) - output[2] = 255; - else - output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6); - output[3] = 255; - - srclength = 0; - } - - for (i = 0; i < 4; i++) { - if (breakl && len % (breakl + 1) == 0) { - assert (len + 1 < targsize); - target[len++] = '\n'; - } - - assert(output[i] == 255 || output[i] < 64); - assert (len + 1 < targsize); - - if (output[i] == 255) - target[len++] = Pad64; - else - target[len++] = Base64[output[i]]; - } - } - - assert (len < targsize); - target[len] = '\0'; /* Returned value doesn't count \0. */ - return len; -} diff --git a/trust/base64.h b/trust/base64.h deleted file mode 100644 index cc27afd..0000000 --- a/trust/base64.h +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright (c) 1996, 1998 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Portions Copyright (c) 1995 by International Business Machines, Inc. - * - * International Business Machines, Inc. (hereinafter called IBM) grants - * permission under its copyrights to use, copy, modify, and distribute this - * Software with or without fee, provided that the above copyright notice and - * all paragraphs of this notice appear in all copies, and that the name of IBM - * not be used in connection with the marketing of any product incorporating - * the Software or modifications thereof, without specific, written prior - * permission. - * - * To the extent it has a right to do so, IBM grants an immunity from suit - * under its patents, if any, for the use, sale or manufacture of products to - * the extent that such products are used for performing Domain Name System - * dynamic updates in TCP/IP networks by means of the Software. No immunity is - * granted for any product per se or for any other function of any product. - * - * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A - * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL, - * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN - * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. - */ - -#ifndef P11_BASE64_H_ -#define P11_BASE64_H_ - -#include - -int p11_b64_pton (const char *src, - size_t length, - unsigned char *target, - size_t targsize); - -int p11_b64_ntop (const unsigned char *src, - size_t srclength, - char *target, - size_t targsize, - int breakl); - -#endif /* P11_BASE64_H_ */ diff --git a/trust/basic.asn b/trust/basic.asn deleted file mode 100644 index 3c79a4b..0000000 --- a/trust/basic.asn +++ /dev/null @@ -1,12 +0,0 @@ - -BASIC { } - -DEFINITIONS EXPLICIT TAGS ::= - -BEGIN - -Any ::= ANY - -ObjectIdentifier ::= OBJECT IDENTIFIER - -END \ No newline at end of file diff --git a/trust/basic.asn.h b/trust/basic.asn.h deleted file mode 100644 index b63447b..0000000 --- a/trust/basic.asn.h +++ /dev/null @@ -1,13 +0,0 @@ -#if HAVE_CONFIG_H -# include "config.h" -#endif - -#include - -const ASN1_ARRAY_TYPE basic_asn1_tab[] = { - { "BASIC", 536872976, NULL }, - { NULL, 1073741836, NULL }, - { "Any", 1073741837, NULL }, - { "ObjectIdentifier", 12, NULL }, - { NULL, 0, NULL } -}; diff --git a/trust/builder.c b/trust/builder.c deleted file mode 100644 index e0ce370..0000000 --- a/trust/builder.c +++ /dev/null @@ -1,1872 +0,0 @@ -/* - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#define P11_DEBUG_FLAG P11_DEBUG_TRUST - -#include "array.h" -#include "asn1.h" -#include "attrs.h" -#include "builder.h" -#include "constants.h" -#include "debug.h" -#include "digest.h" -#include "index.h" -#include "message.h" -#include "oid.h" -#include "pkcs11i.h" -#include "pkcs11x.h" -#include "utf8.h" -#include "x509.h" - -#include -#include -#include - -struct _p11_builder { - p11_asn1_cache *asn1_cache; - p11_dict *asn1_defs; - int flags; -}; - -enum { - NONE = 0, - CREATE = 1 << 0, - MODIFY = 1 << 1, - REQUIRE = 1 << 2, - WANT = 1 << 3, -}; - -enum { - NORMAL_BUILD = 0, - GENERATED_CLASS = 1 << 0, -}; - -typedef struct { - int build_flags; - struct { - CK_ATTRIBUTE_TYPE type; - int flags; - bool (*validate) (p11_builder *, CK_ATTRIBUTE *); - } attrs[32]; - CK_ATTRIBUTE * (*populate) (p11_builder *, p11_index *, CK_ATTRIBUTE *); - CK_RV (*validate) (p11_builder *, CK_ATTRIBUTE *, CK_ATTRIBUTE *); -} builder_schema; - -static node_asn * -decode_or_get_asn1 (p11_builder *builder, - const char *struct_name, - const unsigned char *der, - size_t length) -{ - node_asn *node; - - node = p11_asn1_cache_get (builder->asn1_cache, struct_name, der, length); - if (node != NULL) - return node; - - node = p11_asn1_decode (builder->asn1_defs, struct_name, der, length, NULL); - if (node != NULL) - p11_asn1_cache_take (builder->asn1_cache, node, struct_name, der, length); - - return node; -} - -static unsigned char * -lookup_extension (p11_builder *builder, - p11_index *index, - CK_ATTRIBUTE *cert, - CK_ATTRIBUTE *public_key, - const unsigned char *oid, - size_t *ext_len) -{ - CK_OBJECT_CLASS klass = CKO_X_CERTIFICATE_EXTENSION; - CK_OBJECT_HANDLE obj; - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *label; - void *value; - size_t length; - node_asn *node; - - CK_ATTRIBUTE match[] = { - { CKA_PUBLIC_KEY_INFO, }, - { CKA_OBJECT_ID, (void *)oid, p11_oid_length (oid) }, - { CKA_CLASS, &klass, sizeof (klass) }, - { CKA_INVALID }, - }; - - if (public_key == NULL || public_key->type == CKA_INVALID) - public_key = p11_attrs_find_valid (cert, CKA_PUBLIC_KEY_INFO); - - /* Look for an attached certificate extension */ - if (public_key != NULL) { - memcpy (match, public_key, sizeof (CK_ATTRIBUTE)); - obj = p11_index_find (index, match, -1); - attrs = p11_index_lookup (index, obj); - if (attrs != NULL) { - value = p11_attrs_find_value (attrs, CKA_VALUE, &length); - if (value != NULL) { - node = decode_or_get_asn1 (builder, "PKIX1.Extension", value, length); - if (node == NULL) { - label = p11_attrs_find_valid (attrs, CKA_LABEL); - if (label == NULL) - label = p11_attrs_find_valid (cert, CKA_LABEL); - p11_message ("%.*s: invalid certificate extension", - label ? (int)label->ulValueLen : 7, - label ? (char *)label->pValue : "unknown"); - return NULL; - } - return p11_asn1_read (node, "extnValue", ext_len); - } - } - } - - /* Couldn't find a parsed extension, so look in the current certificate */ - value = p11_attrs_find_value (cert, CKA_VALUE, &length); - if (value != NULL) { - node = decode_or_get_asn1 (builder, "PKIX1.Certificate", value, length); - return_val_if_fail (node != NULL, NULL); - return p11_x509_find_extension (node, oid, value, length, ext_len); - } - - return NULL; -} - -static CK_OBJECT_HANDLE * -lookup_related (p11_index *index, - CK_OBJECT_CLASS klass, - CK_ATTRIBUTE *attr) -{ - CK_ATTRIBUTE match[] = { - { attr->type, attr->pValue, attr->ulValueLen }, - { CKA_CLASS, &klass, sizeof (klass) }, - { CKA_INVALID } - }; - - return p11_index_find_all (index, match, -1); -} - -p11_builder * -p11_builder_new (int flags) -{ - p11_builder *builder; - - builder = calloc (1, sizeof (p11_builder)); - return_val_if_fail (builder != NULL, NULL); - - builder->asn1_cache = p11_asn1_cache_new (); - return_val_if_fail (builder->asn1_cache, NULL); - builder->asn1_defs = p11_asn1_cache_defs (builder->asn1_cache); - - builder->flags = flags; - return builder; -} - -static int -atoin (const char *p, - int digits) -{ - int ret = 0, base = 1; - while(--digits >= 0) { - if (p[digits] < '0' || p[digits] > '9') - return -1; - ret += (p[digits] - '0') * base; - base *= 10; - } - return ret; -} - -static bool -type_bool (p11_builder *builder, - CK_ATTRIBUTE *attr) -{ - return (attr->pValue != NULL && - sizeof (CK_BBOOL) == attr->ulValueLen); -} - -static bool -type_ulong (p11_builder *builder, - CK_ATTRIBUTE *attr) -{ - return (attr->pValue != NULL && - sizeof (CK_ULONG) == attr->ulValueLen); -} - -static bool -type_utf8 (p11_builder *builder, - CK_ATTRIBUTE *attr) -{ - if (attr->ulValueLen == 0) - return true; - if (attr->pValue == NULL) - return false; - return p11_utf8_validate (attr->pValue, attr->ulValueLen); -} - -static bool -type_date (p11_builder *builder, - CK_ATTRIBUTE *attr) -{ - CK_DATE *date; - struct tm tm; - struct tm two; - - if (attr->ulValueLen == 0) - return true; - if (attr->pValue == NULL || attr->ulValueLen != sizeof (CK_DATE)) - return false; - - date = attr->pValue; - memset (&tm, 0, sizeof (tm)); - tm.tm_year = atoin ((char *)date->year, 4) - 1900; - tm.tm_mon = atoin ((char *)date->month, 2); - tm.tm_mday = atoin ((char *)date->day, 2); - - if (tm.tm_year < 0 || tm.tm_mon <= 0 || tm.tm_mday <= 0) - return false; - - memcpy (&two, &tm, sizeof (tm)); - if (mktime (&two) < 0) - return false; - - /* If mktime changed anything, then bad date */ - if (tm.tm_year != two.tm_year || - tm.tm_mon != two.tm_mon || - tm.tm_mday != two.tm_mday) - return false; - - return true; -} - -static bool -check_der_struct (p11_builder *builder, - const char *struct_name, - CK_ATTRIBUTE *attr) -{ - node_asn *asn; - - if (attr->ulValueLen == 0) - return true; - if (attr->pValue == NULL) - return false; - - asn = p11_asn1_decode (builder->asn1_defs, struct_name, - attr->pValue, attr->ulValueLen, NULL); - - if (asn == NULL) - return false; - - asn1_delete_structure (&asn); - return true; -} - -static bool -type_der_name (p11_builder *builder, - CK_ATTRIBUTE *attr) -{ - return check_der_struct (builder, "PKIX1.Name", attr); -} - -static bool -type_der_serial (p11_builder *builder, - CK_ATTRIBUTE *attr) -{ - return check_der_struct (builder, "PKIX1.CertificateSerialNumber", attr); -} - -static bool -type_der_oid (p11_builder *builder, - CK_ATTRIBUTE *attr) -{ - /* AttributeType is an OBJECT ID */ - return check_der_struct (builder, "PKIX1.AttributeType", attr); -} - -static bool -type_der_cert (p11_builder *builder, - CK_ATTRIBUTE *attr) -{ - return check_der_struct (builder, "PKIX1.Certificate", attr); -} - -static bool -type_der_key (p11_builder *builder, - CK_ATTRIBUTE *attr) -{ - return check_der_struct (builder, "PKIX1.SubjectPublicKeyInfo", attr); -} - -static bool -type_der_ext (p11_builder *builder, - CK_ATTRIBUTE *attr) -{ - return check_der_struct (builder, "PKIX1.Extension", attr); -} - -#define COMMON_ATTRS \ - { CKA_CLASS, REQUIRE | CREATE, type_ulong }, \ - { CKA_TOKEN, CREATE | WANT, type_bool }, \ - { CKA_MODIFIABLE, CREATE | WANT, type_bool }, \ - { CKA_PRIVATE, CREATE, type_bool }, \ - { CKA_LABEL, CREATE | MODIFY | WANT, type_utf8 }, \ - { CKA_X_GENERATED, CREATE }, \ - { CKA_X_ORIGIN, NONE } \ - -static CK_ATTRIBUTE * -common_populate (p11_builder *builder, - p11_index *index, - CK_ATTRIBUTE *unused) -{ - CK_BBOOL tokenv = CK_FALSE; - CK_BBOOL modifiablev = CK_TRUE; - CK_BBOOL privatev = CK_FALSE; - CK_BBOOL generatedv = CK_FALSE; - - CK_ATTRIBUTE token = { CKA_TOKEN, &tokenv, sizeof (tokenv), }; - CK_ATTRIBUTE privat = { CKA_PRIVATE, &privatev, sizeof (privatev) }; - CK_ATTRIBUTE modifiable = { CKA_MODIFIABLE, &modifiablev, sizeof (modifiablev) }; - CK_ATTRIBUTE generated = { CKA_X_GENERATED, &generatedv, sizeof (generatedv) }; - CK_ATTRIBUTE label = { CKA_LABEL, "", 0 }; - - if (builder->flags & P11_BUILDER_FLAG_TOKEN) { - tokenv = CK_TRUE; - modifiablev = CK_FALSE; - } - - return p11_attrs_build (NULL, &token, &privat, &modifiable, &label, &generated, NULL); -} - -static void -calc_check_value (const unsigned char *data, - size_t length, - CK_BYTE *check_value) -{ - unsigned char checksum[P11_DIGEST_SHA1_LEN]; - p11_digest_sha1 (checksum, data, length, NULL); - memcpy (check_value, checksum, 3); -} - -static int -century_for_two_digit_year (int year) -{ - time_t now; - struct tm tm; - int century, current; - - return_val_if_fail (year >= 0 && year <= 99, -1); - - /* Get the current year */ - now = time (NULL); - return_val_if_fail (now >= 0, -1); - if (!gmtime_r (&now, &tm)) - return_val_if_reached (-1); - - current = (tm.tm_year % 100); - century = (tm.tm_year + 1900) - current; - - /* - * Check if it's within 40 years before the - * current date. - */ - if (current < 40) { - if (year < current) - return century; - if (year > 100 - (40 - current)) - return century - 100; - } else { - if (year < current && year > (current - 40)) - return century; - } - - /* - * If it's after then adjust for overflows to - * the next century. - */ - if (year < current) - return century + 100; - else - return century; -} - -static bool -calc_date (node_asn *node, - const char *field, - CK_DATE *date) -{ - node_asn *choice; - char buf[64]; - int century; - char *sub; - int year; - int len; - int ret; - - if (!node) - return false; - - choice = asn1_find_node (node, field); - return_val_if_fail (choice != NULL, false); - - len = sizeof (buf) - 1; - ret = asn1_read_value (node, field, buf, &len); - return_val_if_fail (ret == ASN1_SUCCESS, false); - - sub = strconcat (field, ".", buf, NULL); - - /* - * So here we take a shortcut and just copy the date from the - * certificate into the CK_DATE. This doesn't take into account - * time zones. However the PKCS#11 spec does not say what timezone - * the dates are in. In the PKCS#11 value have a day resolution, - * and time zones aren't that critical. - */ - - if (strcmp (buf, "generalTime") == 0) { - len = sizeof (buf) - 1; - ret = asn1_read_value (node, sub, buf, &len); - return_val_if_fail (ret == ASN1_SUCCESS, false); - return_val_if_fail (len >= 8, false); - - /* Same as first 8 characters of date */ - memcpy (date, buf, 8); - - } else if (strcmp (buf, "utcTime") == 0) { - len = sizeof (buf) - 1; - ret = asn1_read_value (node, sub, buf, &len); - return_val_if_fail (ret == ASN1_SUCCESS, false); - return_val_if_fail (len >= 6, false); - - year = atoin (buf, 2); - return_val_if_fail (year >= 0, false); - - century = century_for_two_digit_year (year); - return_val_if_fail (century >= 0, false); - - snprintf ((char *)date->year, 3, "%02d", century); - memcpy (((char *)date) + 2, buf, 6); - - } else { - return_val_if_reached (false); - } - - free (sub); - return true; -} - -static bool -calc_element (node_asn *node, - const unsigned char *data, - size_t length, - const char *field, - CK_ATTRIBUTE *attr) -{ - int ret; - int start, end; - - if (!node) - return false; - - ret = asn1_der_decoding_startEnd (node, data, length, field, &start, &end); - return_val_if_fail (ret == ASN1_SUCCESS, false); - return_val_if_fail (end >= start, false); - - attr->pValue = (void *)(data + start); - attr->ulValueLen = (end - start) + 1; - return true; -} - -static bool -is_v1_x509_authority (p11_builder *builder, - CK_ATTRIBUTE *cert) -{ - CK_ATTRIBUTE subject; - CK_ATTRIBUTE issuer; - CK_ATTRIBUTE *value; - char buffer[16]; - node_asn *node; - int len; - int ret; - - value = p11_attrs_find_valid (cert, CKA_VALUE); - if (value == NULL) - return false; - - node = decode_or_get_asn1 (builder, "PKIX1.Certificate", - value->pValue, value->ulValueLen); - return_val_if_fail (node != NULL, false); - - len = sizeof (buffer); - ret = asn1_read_value (node, "tbsCertificate.version", buffer, &len); - - /* The default value */ - if (ret == ASN1_ELEMENT_NOT_FOUND) { - ret = ASN1_SUCCESS; - buffer[0] = 0; - len = 1; - } - - return_val_if_fail (ret == ASN1_SUCCESS, false); - - /* - * In X.509 version v1 is the integer zero. Two's complement - * integer, but zero is easy to read. - */ - if (len != 1 || buffer[0] != 0) - return false; - - /* Must be self-signed, ie: same subject and issuer */ - if (!calc_element (node, value->pValue, value->ulValueLen, "tbsCertificate.subject", &subject)) - return_val_if_reached (false); - if (!calc_element (node, value->pValue, value->ulValueLen, "tbsCertificate.issuer", &issuer)) - return_val_if_reached (false); - return p11_attr_match_value (&subject, issuer.pValue, issuer.ulValueLen); -} - -static bool -calc_certificate_category (p11_builder *builder, - p11_index *index, - CK_ATTRIBUTE *cert, - CK_ATTRIBUTE *public_key, - CK_ULONG *category) -{ - CK_ATTRIBUTE *label; - unsigned char *ext; - size_t ext_len; - bool is_ca = 0; - bool ret; - - /* - * In the PKCS#11 spec: - * 0 = unspecified (default value) - * 1 = token user - * 2 = authority - * 3 = other entity - */ - - /* See if we have a basic constraints extension */ - ext = lookup_extension (builder, index, cert, public_key, P11_OID_BASIC_CONSTRAINTS, &ext_len); - if (ext != NULL) { - ret = p11_x509_parse_basic_constraints (builder->asn1_defs, ext, ext_len, &is_ca); - free (ext); - if (!ret) { - label = p11_attrs_find_valid (cert, CKA_LABEL); - p11_message ("%.*s: invalid basic constraints certificate extension", - label ? (int)label->ulValueLen : 7, - label ? (char *)label->pValue : "unknown"); - return false; - } - - } else if (is_v1_x509_authority (builder, cert)) { - /* - * If there is no basic constraints extension, and the CA version is - * v1, and is self-signed, then we assume this is a certificate authority. - * So we add a BasicConstraints attached certificate extension - */ - is_ca = 1; - - } else if (!p11_attrs_find_valid (cert, CKA_VALUE)) { - /* - * If we have no certificate value, then this is unknown - */ - *category = 0; - return true; - - } - - *category = is_ca ? 2 : 3; - return true; -} - -static CK_ATTRIBUTE * -certificate_value_attrs (p11_builder *builder, - CK_ATTRIBUTE *attrs, - node_asn *node, - const unsigned char *der, - size_t der_len, - CK_ATTRIBUTE *public_key) -{ - unsigned char checksum[P11_DIGEST_SHA1_LEN]; - unsigned char *keyid = NULL; - size_t keyid_len; - unsigned char *ext = NULL; - size_t ext_len; - CK_BBOOL falsev = CK_FALSE; - CK_ULONG zero = 0UL; - CK_BYTE checkv[3]; - CK_DATE startv; - CK_DATE endv; - char *labelv = NULL; - - CK_ATTRIBUTE trusted = { CKA_TRUSTED, &falsev, sizeof (falsev) }; - CK_ATTRIBUTE distrusted = { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }; - CK_ATTRIBUTE url = { CKA_URL, "", 0 }; - CK_ATTRIBUTE hash_of_subject_public_key = { CKA_HASH_OF_SUBJECT_PUBLIC_KEY, checksum, sizeof (checksum) }; - CK_ATTRIBUTE hash_of_issuer_public_key = { CKA_HASH_OF_ISSUER_PUBLIC_KEY, "", 0 }; - CK_ATTRIBUTE java_midp_security_domain = { CKA_JAVA_MIDP_SECURITY_DOMAIN, &zero, sizeof (zero) }; - CK_ATTRIBUTE check_value = { CKA_CHECK_VALUE, &checkv, sizeof (checkv) }; - CK_ATTRIBUTE start_date = { CKA_START_DATE, &startv, sizeof (startv) }; - CK_ATTRIBUTE end_date = { CKA_END_DATE, &endv, sizeof (endv) }; - CK_ATTRIBUTE subject = { CKA_SUBJECT, }; - CK_ATTRIBUTE issuer = { CKA_ISSUER, "", 0 }; - CK_ATTRIBUTE serial_number = { CKA_SERIAL_NUMBER, "", 0 }; - CK_ATTRIBUTE label = { CKA_LABEL }; - CK_ATTRIBUTE id = { CKA_ID, NULL, 0 }; - - return_val_if_fail (attrs != NULL, NULL); - - if (der == NULL) - check_value.type = CKA_INVALID; - else - calc_check_value (der, der_len, checkv); - - if (!calc_date (node, "tbsCertificate.validity.notBefore", &startv)) - start_date.ulValueLen = 0; - if (!calc_date (node, "tbsCertificate.validity.notAfter", &endv)) - end_date.ulValueLen = 0; - - if (calc_element (node, der, der_len, "tbsCertificate.subjectPublicKeyInfo", public_key)) - public_key->type = CKA_PUBLIC_KEY_INFO; - else - public_key->type = CKA_INVALID; - calc_element (node, der, der_len, "tbsCertificate.issuer.rdnSequence", &issuer); - if (!calc_element (node, der, der_len, "tbsCertificate.subject.rdnSequence", &subject)) - subject.type = CKA_INVALID; - calc_element (node, der, der_len, "tbsCertificate.serialNumber", &serial_number); - - /* Try to build a keyid from an extension */ - if (node) { - ext = p11_x509_find_extension (node, P11_OID_SUBJECT_KEY_IDENTIFIER, der, der_len, &ext_len); - if (ext) { - keyid = p11_x509_parse_subject_key_identifier (builder->asn1_defs, ext, - ext_len, &keyid_len); - id.pValue = keyid; - id.ulValueLen = keyid_len; - } - } - - if (!node || !p11_x509_hash_subject_public_key (node, der, der_len, checksum)) - hash_of_subject_public_key.ulValueLen = 0; - - if (id.pValue == NULL) { - id.pValue = hash_of_subject_public_key.pValue; - id.ulValueLen = hash_of_subject_public_key.ulValueLen; - } - - if (node) { - labelv = p11_x509_lookup_dn_name (node, "tbsCertificate.subject", - der, der_len, P11_OID_CN); - if (!labelv) - labelv = p11_x509_lookup_dn_name (node, "tbsCertificate.subject", - der, der_len, P11_OID_OU); - if (!labelv) - labelv = p11_x509_lookup_dn_name (node, "tbsCertificate.subject", - der, der_len, P11_OID_O); - } - - if (labelv) { - label.pValue = labelv; - label.ulValueLen = strlen (labelv); - } else { - label.type = CKA_INVALID; - } - - attrs = p11_attrs_build (attrs, &trusted, &distrusted, &url, &hash_of_issuer_public_key, - &hash_of_subject_public_key, &java_midp_security_domain, - &check_value, &start_date, &end_date, &id, - &subject, &issuer, &serial_number, &label, public_key, - NULL); - return_val_if_fail (attrs != NULL, NULL); - - free (ext); - free (keyid); - free (labelv); - return attrs; -} - -static CK_ATTRIBUTE * -certificate_populate (p11_builder *builder, - p11_index *index, - CK_ATTRIBUTE *cert) -{ - CK_ULONG categoryv = 0UL; - CK_ATTRIBUTE *attrs = NULL; - CK_ATTRIBUTE public_key; - node_asn *node = NULL; - unsigned char *der = NULL; - size_t der_len = 0; - - CK_ATTRIBUTE category = { CKA_CERTIFICATE_CATEGORY, &categoryv, sizeof (categoryv) }; - CK_ATTRIBUTE empty_value = { CKA_VALUE, "", 0 }; - - attrs = common_populate (builder, index, cert); - return_val_if_fail (attrs != NULL, NULL); - - der = p11_attrs_find_value (cert, CKA_VALUE, &der_len); - if (der != NULL) - node = decode_or_get_asn1 (builder, "PKIX1.Certificate", der, der_len); - - attrs = certificate_value_attrs (builder, attrs, node, der, der_len, &public_key); - return_val_if_fail (attrs != NULL, NULL); - - if (!calc_certificate_category (builder, index, cert, &public_key, &categoryv)) - categoryv = 0; - - return p11_attrs_build (attrs, &category, &empty_value, NULL); -} - -static bool -have_attribute (CK_ATTRIBUTE *attrs1, - CK_ATTRIBUTE *attrs2, - CK_ATTRIBUTE_TYPE type) -{ - CK_ATTRIBUTE *attr; - - attr = p11_attrs_find (attrs1, type); - if (attr == NULL) - attr = p11_attrs_find (attrs2, type); - return attr != NULL && attr->ulValueLen > 0; -} - -static CK_RV -certificate_validate (p11_builder *builder, - CK_ATTRIBUTE *attrs, - CK_ATTRIBUTE *merge) -{ - /* - * In theory we should be validating that in the absence of CKA_VALUE - * various other fields must be set. However we do not enforce this - * because we want to be able to have certificates without a value - * but issuer and serial number, for blacklisting purposes. - */ - - if (have_attribute (attrs, merge, CKA_URL)) { - if (!have_attribute (attrs, merge, CKA_HASH_OF_SUBJECT_PUBLIC_KEY)) { - p11_message ("missing the CKA_HASH_OF_SUBJECT_PUBLIC_KEY attribute"); - return CKR_TEMPLATE_INCONSISTENT; - } - - if (!have_attribute (attrs, merge, CKA_HASH_OF_SUBJECT_PUBLIC_KEY)) { - p11_message ("missing the CKA_HASH_OF_ISSUER_PUBLIC_KEY attribute"); - return CKR_TEMPLATE_INCONSISTENT; - } - } - - return CKR_OK; -} - -const static builder_schema certificate_schema = { - NORMAL_BUILD, - { COMMON_ATTRS, - { CKA_CERTIFICATE_TYPE, REQUIRE | CREATE, type_ulong }, - { CKA_TRUSTED, CREATE | WANT, type_bool }, - { CKA_X_DISTRUSTED, CREATE | WANT, type_bool }, - { CKA_CERTIFICATE_CATEGORY, CREATE | WANT, type_ulong }, - { CKA_CHECK_VALUE, CREATE | WANT, }, - { CKA_START_DATE, CREATE | MODIFY | WANT, type_date }, - { CKA_END_DATE, CREATE | MODIFY | WANT, type_date }, - { CKA_SUBJECT, CREATE | WANT, type_der_name }, - { CKA_ID, CREATE | MODIFY | WANT }, - { CKA_ISSUER, CREATE | MODIFY | WANT, type_der_name }, - { CKA_SERIAL_NUMBER, CREATE | MODIFY | WANT, type_der_serial }, - { CKA_VALUE, CREATE, type_der_cert }, - { CKA_URL, CREATE, type_utf8 }, - { CKA_HASH_OF_SUBJECT_PUBLIC_KEY, CREATE }, - { CKA_HASH_OF_ISSUER_PUBLIC_KEY, CREATE }, - { CKA_JAVA_MIDP_SECURITY_DOMAIN, CREATE, type_ulong }, - { CKA_PUBLIC_KEY_INFO, WANT, type_der_key }, - { CKA_INVALID }, - }, certificate_populate, certificate_validate, -}; - -static CK_ATTRIBUTE * -extension_populate (p11_builder *builder, - p11_index *index, - CK_ATTRIBUTE *extension) -{ - unsigned char checksum[P11_DIGEST_SHA1_LEN]; - CK_ATTRIBUTE object_id = { CKA_INVALID }; - CK_ATTRIBUTE id = { CKA_INVALID }; - CK_ATTRIBUTE *attrs = NULL; - - void *der; - size_t len; - node_asn *asn; - - attrs = common_populate (builder, index, extension); - return_val_if_fail (attrs != NULL, NULL); - - if (!p11_attrs_find_valid (attrs, CKA_ID)) { - der = p11_attrs_find_value (extension, CKA_PUBLIC_KEY_INFO, &len); - return_val_if_fail (der != NULL, NULL); - - p11_digest_sha1 (checksum, der, len, NULL); - id.pValue = checksum; - id.ulValueLen = sizeof (checksum); - id.type = CKA_ID; - } - - /* Pull the object id out of the extension if not present */ - if (!p11_attrs_find_valid (attrs, CKA_OBJECT_ID)) { - der = p11_attrs_find_value (extension, CKA_VALUE, &len); - return_val_if_fail (der != NULL, NULL); - - asn = decode_or_get_asn1 (builder, "PKIX1.Extension", der, len); - return_val_if_fail (asn != NULL, NULL); - - if (calc_element (asn, der, len, "extnID", &object_id)) - object_id.type = CKA_OBJECT_ID; - } - - attrs = p11_attrs_build (attrs, &object_id, &id, NULL); - return_val_if_fail (attrs != NULL, NULL); - - return attrs; -} - -const static builder_schema extension_schema = { - NORMAL_BUILD, - { COMMON_ATTRS, - { CKA_VALUE, REQUIRE | CREATE, type_der_ext }, - { CKA_PUBLIC_KEY_INFO, REQUIRE | CREATE, type_der_key }, - { CKA_OBJECT_ID, CREATE | WANT, type_der_oid }, - { CKA_ID, CREATE | MODIFY }, - { CKA_INVALID }, - }, extension_populate, -}; - -static CK_ATTRIBUTE * -data_populate (p11_builder *builder, - p11_index *index, - CK_ATTRIBUTE *data) -{ - static const CK_ATTRIBUTE value = { CKA_VALUE, "", 0 }; - static const CK_ATTRIBUTE application = { CKA_APPLICATION, "", 0 }; - static const CK_ATTRIBUTE object_id = { CKA_OBJECT_ID, "", 0 }; - CK_ATTRIBUTE *attrs; - - attrs = common_populate (builder, index, data); - return_val_if_fail (attrs != NULL, NULL); - - return p11_attrs_build (attrs, &value, &application, &object_id, NULL); -} - -const static builder_schema data_schema = { - NORMAL_BUILD, - { COMMON_ATTRS, - { CKA_VALUE, CREATE | MODIFY | WANT }, - { CKA_APPLICATION, CREATE | MODIFY | WANT, type_utf8 }, - { CKA_OBJECT_ID, CREATE | MODIFY | WANT, type_der_oid }, - { CKA_INVALID }, - }, data_populate, -}; - -const static builder_schema trust_schema = { - GENERATED_CLASS, - { COMMON_ATTRS, - { CKA_CERT_SHA1_HASH, CREATE }, - { CKA_CERT_MD5_HASH, CREATE }, - { CKA_ISSUER, CREATE }, - { CKA_SUBJECT, CREATE }, - { CKA_SERIAL_NUMBER, CREATE }, - { CKA_TRUST_SERVER_AUTH, CREATE }, - { CKA_TRUST_CLIENT_AUTH, CREATE }, - { CKA_TRUST_EMAIL_PROTECTION, CREATE }, - { CKA_TRUST_CODE_SIGNING, CREATE }, - { CKA_TRUST_IPSEC_END_SYSTEM, CREATE }, - { CKA_TRUST_IPSEC_TUNNEL, CREATE }, - { CKA_TRUST_IPSEC_USER, CREATE }, - { CKA_TRUST_TIME_STAMPING, CREATE }, - { CKA_TRUST_DIGITAL_SIGNATURE, CREATE }, - { CKA_TRUST_NON_REPUDIATION, CREATE }, - { CKA_TRUST_KEY_ENCIPHERMENT, CREATE }, - { CKA_TRUST_DATA_ENCIPHERMENT, CREATE }, - { CKA_TRUST_KEY_AGREEMENT, CREATE }, - { CKA_TRUST_KEY_CERT_SIGN, CREATE }, - { CKA_TRUST_CRL_SIGN, CREATE }, - { CKA_TRUST_STEP_UP_APPROVED, CREATE }, - { CKA_ID, CREATE }, - { CKA_INVALID }, - }, common_populate -}; - -const static builder_schema assertion_schema = { - GENERATED_CLASS, - { COMMON_ATTRS, - { CKA_X_PURPOSE, REQUIRE | CREATE }, - { CKA_X_CERTIFICATE_VALUE, CREATE }, - { CKA_X_ASSERTION_TYPE, REQUIRE | CREATE }, - { CKA_ISSUER, CREATE }, - { CKA_SERIAL_NUMBER, CREATE }, - { CKA_X_PEER, CREATE }, - { CKA_ID, CREATE }, - { CKA_INVALID }, - }, common_populate -}; - -const static builder_schema builtin_schema = { - GENERATED_CLASS, - { COMMON_ATTRS, - { CKA_INVALID }, - }, common_populate -}; - -static const char * -value_name (const p11_constant *info, - CK_ATTRIBUTE_TYPE type) -{ - const char *name = p11_constant_name (info, type); - return name ? name : "unknown"; -} - -static const char * -type_name (CK_ATTRIBUTE_TYPE type) -{ - return value_name (p11_constant_types, type); -} - -static CK_RV -build_for_schema (p11_builder *builder, - p11_index *index, - const builder_schema *schema, - CK_ATTRIBUTE *attrs, - CK_ATTRIBUTE *merge, - CK_ATTRIBUTE **extra) -{ - CK_BBOOL modifiable; - CK_ATTRIBUTE *attr; - bool modifying; - bool creating; - bool populate; - bool loading; - bool found; - int flags; - int i, j; - CK_RV rv; - - populate = false; - - /* Signifies that data is being loaded */ - loading = p11_index_loading (index); - - /* Signifies that this is being created by a caller, instead of loaded */ - creating = (attrs == NULL && !loading); - - /* Item is being modified by a caller */ - modifying = (attrs != NULL && !loading); - - /* This item may not be modifiable */ - if (modifying) { - if (!p11_attrs_find_bool (attrs, CKA_MODIFIABLE, &modifiable) || !modifiable) { - p11_message ("the object is not modifiable"); - return CKR_ATTRIBUTE_READ_ONLY; - } - } - - if (creating && (builder->flags & P11_BUILDER_FLAG_TOKEN)) { - if (schema->build_flags & GENERATED_CLASS) { - p11_message ("objects of this type cannot be created"); - return CKR_TEMPLATE_INCONSISTENT; - } - } - - for (i = 0; merge[i].type != CKA_INVALID; i++) { - - /* Don't validate attribute if not changed */ - attr = p11_attrs_find (attrs, merge[i].type); - if (attr && p11_attr_equal (attr, merge + i)) - continue; - - found = false; - for (j = 0; schema->attrs[j].type != CKA_INVALID; j++) { - if (schema->attrs[j].type != merge[i].type) - continue; - - flags = schema->attrs[j].flags; - if (creating && !(flags & CREATE)) { - p11_message ("the %s attribute cannot be set", - type_name (schema->attrs[j].type)); - return CKR_ATTRIBUTE_READ_ONLY; - } - if (modifying && !(flags & MODIFY)) { - p11_message ("the %s attribute cannot be changed", - type_name (schema->attrs[j].type)); - return CKR_ATTRIBUTE_READ_ONLY; - } - if (!loading && schema->attrs[j].validate != NULL && - !schema->attrs[j].validate (builder, merge + i)) { - p11_message ("the %s attribute has an invalid value", - type_name (schema->attrs[j].type)); - return CKR_ATTRIBUTE_VALUE_INVALID; - } - found = true; - break; - } - - if (!found) { - p11_message ("the %s attribute is not valid for the object", - type_name (merge[i].type)); - return CKR_TEMPLATE_INCONSISTENT; - } - } - - if (attrs == NULL) { - for (j = 0; schema->attrs[j].type != CKA_INVALID; j++) { - flags = schema->attrs[j].flags; - found = false; - - if ((flags & REQUIRE) || (flags & WANT)) { - for (i = 0; merge[i].type != CKA_INVALID; i++) { - if (schema->attrs[j].type == merge[i].type) { - found = true; - break; - } - } - } - - if (!found) { - if (flags & REQUIRE) { - p11_message ("missing the %s attribute", - type_name (schema->attrs[j].type)); - return CKR_TEMPLATE_INCOMPLETE; - } else if (flags & WANT) { - populate = true; - } - } - } - } - - /* Validate the result, before committing to the change. */ - if (!loading && schema->validate) { - rv = (schema->validate) (builder, attrs, merge); - if (rv != CKR_OK) - return rv; - } - - if (populate && schema->populate) - *extra = schema->populate (builder, index, merge); - - return CKR_OK; -} - -CK_RV -p11_builder_build (void *bilder, - p11_index *index, - CK_ATTRIBUTE *attrs, - CK_ATTRIBUTE *merge, - CK_ATTRIBUTE **populate) -{ - p11_builder *builder = bilder; - CK_OBJECT_CLASS klass; - CK_CERTIFICATE_TYPE type; - CK_BBOOL token; - - return_val_if_fail (builder != NULL, CKR_GENERAL_ERROR); - return_val_if_fail (index != NULL, CKR_GENERAL_ERROR); - return_val_if_fail (merge != NULL, CKR_GENERAL_ERROR); - - if (!p11_attrs_find_ulong (attrs ? attrs : merge, CKA_CLASS, &klass)) { - p11_message ("no CKA_CLASS attribute found"); - return CKR_TEMPLATE_INCOMPLETE; - } - - if (!attrs && p11_attrs_find_bool (merge, CKA_TOKEN, &token)) { - if (token != ((builder->flags & P11_BUILDER_FLAG_TOKEN) ? CK_TRUE : CK_FALSE)) { - p11_message ("cannot create a %s object", token ? "token" : "non-token"); - return CKR_TEMPLATE_INCONSISTENT; - } - } - - switch (klass) { - case CKO_CERTIFICATE: - if (!p11_attrs_find_ulong (attrs ? attrs : merge, CKA_CERTIFICATE_TYPE, &type)) { - p11_message ("missing %s on object", type_name (CKA_CERTIFICATE_TYPE)); - return CKR_TEMPLATE_INCOMPLETE; - } else if (type == CKC_X_509) { - return build_for_schema (builder, index, &certificate_schema, attrs, merge, populate); - } else { - p11_message ("%s unsupported %s", value_name (p11_constant_certs, type), - type_name (CKA_CERTIFICATE_TYPE)); - return CKR_TEMPLATE_INCONSISTENT; - } - - case CKO_X_CERTIFICATE_EXTENSION: - return build_for_schema (builder, index, &extension_schema, attrs, merge, populate); - - case CKO_DATA: - return build_for_schema (builder, index, &data_schema, attrs, merge, populate); - - case CKO_NSS_TRUST: - return build_for_schema (builder, index, &trust_schema, attrs, merge, populate); - - case CKO_NSS_BUILTIN_ROOT_LIST: - return build_for_schema (builder, index, &builtin_schema, attrs, merge, populate); - - case CKO_X_TRUST_ASSERTION: - return build_for_schema (builder, index, &assertion_schema, attrs, merge, populate); - - default: - p11_message ("%s unsupported object class", - value_name (p11_constant_classes, klass)); - return CKR_TEMPLATE_INCONSISTENT; - } -} - -void -p11_builder_free (p11_builder *builder) -{ - return_if_fail (builder != NULL); - - p11_asn1_cache_free (builder->asn1_cache); - free (builder); -} - -p11_asn1_cache * -p11_builder_get_cache (p11_builder *builder) -{ - return_val_if_fail (builder != NULL, NULL); - return builder->asn1_cache; -} - -static CK_ATTRIBUTE * -build_trust_object_ku (p11_builder *builder, - p11_index *index, - CK_ATTRIBUTE *cert, - CK_ATTRIBUTE *object, - CK_TRUST present) -{ - unsigned char *data = NULL; - unsigned int ku = 0; - size_t length; - CK_TRUST defawlt; - CK_ULONG i; - - struct { - CK_ATTRIBUTE_TYPE type; - unsigned int ku; - } ku_attribute_map[] = { - { CKA_TRUST_DIGITAL_SIGNATURE, P11_KU_DIGITAL_SIGNATURE }, - { CKA_TRUST_NON_REPUDIATION, P11_KU_NON_REPUDIATION }, - { CKA_TRUST_KEY_ENCIPHERMENT, P11_KU_KEY_ENCIPHERMENT }, - { CKA_TRUST_DATA_ENCIPHERMENT, P11_KU_DATA_ENCIPHERMENT }, - { CKA_TRUST_KEY_AGREEMENT, P11_KU_KEY_AGREEMENT }, - { CKA_TRUST_KEY_CERT_SIGN, P11_KU_KEY_CERT_SIGN }, - { CKA_TRUST_CRL_SIGN, P11_KU_CRL_SIGN }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE attrs[sizeof (ku_attribute_map)]; - - defawlt = present; - - /* If blacklisted, don't even bother looking at extensions */ - if (present != CKT_NSS_NOT_TRUSTED) - data = lookup_extension (builder, index, cert, NULL, P11_OID_KEY_USAGE, &length); - - if (data) { - /* - * If the certificate extension was missing, then *all* key - * usages are to be set. If the extension was invalid, then - * fail safe to none of the key usages. - */ - defawlt = CKT_NSS_TRUST_UNKNOWN; - - if (!p11_x509_parse_key_usage (builder->asn1_defs, data, length, &ku)) - p11_message ("invalid key usage certificate extension"); - free (data); - } - - for (i = 0; ku_attribute_map[i].type != CKA_INVALID; i++) { - attrs[i].type = ku_attribute_map[i].type; - if (data && (ku & ku_attribute_map[i].ku) == ku_attribute_map[i].ku) { - attrs[i].pValue = &present; - attrs[i].ulValueLen = sizeof (present); - } else { - attrs[i].pValue = &defawlt; - attrs[i].ulValueLen = sizeof (defawlt); - } - } - - return p11_attrs_buildn (object, attrs, i); -} - -static bool -strv_to_dict (const char **array, - p11_dict **dict) -{ - int i; - - if (!array) { - *dict = NULL; - return true; - } - - *dict = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); - return_val_if_fail (*dict != NULL, false); - - for (i = 0; array[i] != NULL; i++) { - if (!p11_dict_set (*dict, (void *)array[i], (void *)array[i])) - return_val_if_reached (false); - } - - return true; -} - -static CK_ATTRIBUTE * -build_trust_object_eku (CK_ATTRIBUTE *object, - CK_TRUST allow, - const char **purposes, - const char **rejects) -{ - p11_dict *dict_purp; - p11_dict *dict_rej; - CK_TRUST neutral; - CK_TRUST disallow; - CK_ULONG i; - - struct { - CK_ATTRIBUTE_TYPE type; - const char *oid; - } eku_attribute_map[] = { - { CKA_TRUST_SERVER_AUTH, P11_OID_SERVER_AUTH_STR }, - { CKA_TRUST_CLIENT_AUTH, P11_OID_CLIENT_AUTH_STR }, - { CKA_TRUST_CODE_SIGNING, P11_OID_CODE_SIGNING_STR }, - { CKA_TRUST_EMAIL_PROTECTION, P11_OID_EMAIL_PROTECTION_STR }, - { CKA_TRUST_IPSEC_END_SYSTEM, P11_OID_IPSEC_END_SYSTEM_STR }, - { CKA_TRUST_IPSEC_TUNNEL, P11_OID_IPSEC_TUNNEL_STR }, - { CKA_TRUST_IPSEC_USER, P11_OID_IPSEC_USER_STR }, - { CKA_TRUST_TIME_STAMPING, P11_OID_TIME_STAMPING_STR }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE attrs[sizeof (eku_attribute_map)]; - - if (!strv_to_dict (purposes, &dict_purp) || - !strv_to_dict (rejects, &dict_rej)) - return_val_if_reached (NULL); - - /* The neutral value is set if an purpose is not present */ - if (allow == CKT_NSS_NOT_TRUSTED) - neutral = CKT_NSS_NOT_TRUSTED; - - /* If anything explicitly set, then neutral is unknown */ - else if (purposes || rejects) - neutral = CKT_NSS_TRUST_UNKNOWN; - - /* Otherwise neutral will allow any purpose */ - else - neutral = allow; - - /* The value set if a purpose is explicitly rejected */ - disallow = CKT_NSS_NOT_TRUSTED; - - for (i = 0; eku_attribute_map[i].type != CKA_INVALID; i++) { - attrs[i].type = eku_attribute_map[i].type; - if (dict_rej && p11_dict_get (dict_rej, eku_attribute_map[i].oid)) { - attrs[i].pValue = &disallow; - attrs[i].ulValueLen = sizeof (disallow); - } else if (dict_purp && p11_dict_get (dict_purp, eku_attribute_map[i].oid)) { - attrs[i].pValue = &allow; - attrs[i].ulValueLen = sizeof (allow); - } else { - attrs[i].pValue = &neutral; - attrs[i].ulValueLen = sizeof (neutral); - } - } - - p11_dict_free (dict_purp); - p11_dict_free (dict_rej); - - return p11_attrs_buildn (object, attrs, i); -} - -static void -replace_nss_trust_object (p11_builder *builder, - p11_index *index, - CK_ATTRIBUTE *cert, - CK_BBOOL trust, - CK_BBOOL distrust, - CK_BBOOL authority, - const char **purposes, - const char **rejects) -{ - CK_ATTRIBUTE *attrs = NULL; - CK_ATTRIBUTE *match = NULL; - CK_TRUST allow; - CK_RV rv; - - CK_OBJECT_CLASS klassv = CKO_NSS_TRUST; - CK_BYTE sha1v[P11_DIGEST_SHA1_LEN]; - CK_BYTE md5v[P11_DIGEST_MD5_LEN]; - CK_BBOOL generatedv = CK_FALSE; - CK_BBOOL falsev = CK_FALSE; - - CK_ATTRIBUTE klass = { CKA_CLASS, &klassv, sizeof (klassv) }; - CK_ATTRIBUTE modifiable = { CKA_MODIFIABLE, &falsev, sizeof (falsev) }; - CK_ATTRIBUTE generated = { CKA_X_GENERATED, &generatedv, sizeof (generatedv) }; - CK_ATTRIBUTE invalid = { CKA_INVALID, }; - - CK_ATTRIBUTE md5_hash = { CKA_CERT_MD5_HASH, md5v, sizeof (md5v) }; - CK_ATTRIBUTE sha1_hash = { CKA_CERT_SHA1_HASH, sha1v, sizeof (sha1v) }; - - CK_ATTRIBUTE step_up_approved = { CKA_TRUST_STEP_UP_APPROVED, &falsev, sizeof (falsev) }; - - CK_ATTRIBUTE_PTR label; - CK_ATTRIBUTE_PTR id; - CK_ATTRIBUTE_PTR subject; - CK_ATTRIBUTE_PTR issuer; - CK_ATTRIBUTE_PTR serial_number; - - p11_array *array; - void *value; - size_t length; - - issuer = p11_attrs_find_valid (cert, CKA_ISSUER); - serial_number = p11_attrs_find_valid (cert, CKA_SERIAL_NUMBER); - value = p11_attrs_find_value (cert, CKA_VALUE, &length); - - if (!issuer && !serial_number && !value) { - p11_debug ("can't generate nss trust object for certificate without issuer+serial or value"); - return; - } - - if (value == NULL) { - md5_hash.type = CKA_INVALID; - sha1_hash.type = CKA_INVALID; - } else { - p11_digest_md5 (md5v, value, length, NULL); - p11_digest_sha1 (sha1v, value, length, NULL); - } - if (!issuer) - issuer = &invalid; - if (!serial_number) - serial_number = &invalid; - - match = p11_attrs_build (NULL, issuer, serial_number, &sha1_hash, - &generated, &klass, NULL); - return_if_fail (match != NULL); - - /* If we find a non-generated object, then don't generate */ - if (p11_index_find (index, match, -1)) { - p11_debug ("not generating nss trust object because one already exists"); - attrs = NULL; - - } else { - generatedv = CK_TRUE; - match = p11_attrs_build (match, &generated, NULL); - return_if_fail (match != NULL); - - /* Copy all of the following attributes from certificate */ - id = p11_attrs_find_valid (cert, CKA_ID); - if (id == NULL) - id = &invalid; - subject = p11_attrs_find_valid (cert, CKA_SUBJECT); - if (subject == NULL) - subject = &invalid; - label = p11_attrs_find_valid (cert, CKA_LABEL); - if (label == NULL) - label = &invalid; - - attrs = p11_attrs_dup (match); - return_if_fail (attrs != NULL); - - attrs = p11_attrs_build (attrs, &klass, &modifiable, id, label, - subject, issuer, serial_number, - &md5_hash, &sha1_hash, &step_up_approved, NULL); - return_if_fail (attrs != NULL); - - /* Calculate the default allow trust */ - if (distrust) - allow = CKT_NSS_NOT_TRUSTED; - else if (trust && authority) - allow = CKT_NSS_TRUSTED_DELEGATOR; - else if (trust) - allow = CKT_NSS_TRUSTED; - else - allow = CKT_NSS_TRUST_UNKNOWN; - - attrs = build_trust_object_ku (builder, index, cert, attrs, allow); - return_if_fail (attrs != NULL); - - attrs = build_trust_object_eku (attrs, allow, purposes, rejects); - return_if_fail (attrs != NULL); - } - - /* Replace related generated object with this new one */ - array = p11_array_new (NULL); - p11_array_push (array, attrs); - rv = p11_index_replace_all (index, match, CKA_INVALID, array); - return_if_fail (rv == CKR_OK); - p11_array_free (array); - - p11_attrs_free (match); -} - -static void -build_assertions (p11_array *array, - CK_ATTRIBUTE *cert, - CK_X_ASSERTION_TYPE type, - const char **oids) -{ - CK_OBJECT_CLASS assertion = CKO_X_TRUST_ASSERTION; - CK_BBOOL truev = CK_TRUE; - CK_BBOOL falsev = CK_FALSE; - - CK_ATTRIBUTE klass = { CKA_CLASS, &assertion, sizeof (assertion) }; - CK_ATTRIBUTE private = { CKA_PRIVATE, &falsev, sizeof (falsev) }; - CK_ATTRIBUTE modifiable = { CKA_MODIFIABLE, &falsev, sizeof (falsev) }; - CK_ATTRIBUTE assertion_type = { CKA_X_ASSERTION_TYPE, &type, sizeof (type) }; - CK_ATTRIBUTE autogen = { CKA_X_GENERATED, &truev, sizeof (truev) }; - CK_ATTRIBUTE purpose = { CKA_X_PURPOSE, }; - CK_ATTRIBUTE invalid = { CKA_INVALID, }; - CK_ATTRIBUTE certificate_value = { CKA_X_CERTIFICATE_VALUE, }; - - CK_ATTRIBUTE *issuer; - CK_ATTRIBUTE *serial; - CK_ATTRIBUTE *value; - CK_ATTRIBUTE *label; - CK_ATTRIBUTE *id; - CK_ATTRIBUTE *attrs; - int i; - - if (type == CKT_X_DISTRUSTED_CERTIFICATE) { - certificate_value.type = CKA_INVALID; - issuer = p11_attrs_find_valid (cert, CKA_ISSUER); - serial = p11_attrs_find_valid (cert, CKA_SERIAL_NUMBER); - - if (!issuer || !serial) { - p11_debug ("not building negative trust assertion for certificate without serial or issuer"); - return; - } - - } else { - issuer = &invalid; - serial = &invalid; - value = p11_attrs_find_valid (cert, CKA_VALUE); - - if (value == NULL) { - p11_debug ("not building positive trust assertion for certificate without value"); - return; - } - - certificate_value.pValue = value->pValue; - certificate_value.ulValueLen = value->ulValueLen; - } - - label = p11_attrs_find (cert, CKA_LABEL); - if (label == NULL) - label = &invalid; - id = p11_attrs_find (cert, CKA_ID); - if (id == NULL) - id = &invalid; - - for (i = 0; oids[i] != NULL; i++) { - purpose.pValue = (void *)oids[i]; - purpose.ulValueLen = strlen (oids[i]); - - attrs = p11_attrs_build (NULL, &klass, &private, &modifiable, - id, label, &assertion_type, &purpose, - issuer, serial, &certificate_value, &autogen, NULL); - return_if_fail (attrs != NULL); - - if (!p11_array_push (array, attrs)) - return_if_reached (); - } -} - -static void -build_trust_assertions (p11_array *positives, - p11_array *negatives, - CK_ATTRIBUTE *cert, - CK_BBOOL trust, - CK_BBOOL distrust, - CK_BBOOL authority, - const char **purposes, - const char **rejects) -{ - const char *all_purposes[] = { - P11_OID_SERVER_AUTH_STR, - P11_OID_CLIENT_AUTH_STR, - P11_OID_CODE_SIGNING_STR, - P11_OID_EMAIL_PROTECTION_STR, - P11_OID_IPSEC_END_SYSTEM_STR, - P11_OID_IPSEC_TUNNEL_STR, - P11_OID_IPSEC_USER_STR, - P11_OID_TIME_STAMPING_STR, - NULL, - }; - - /* Build assertions for anything that's explicitly rejected */ - if (rejects && negatives) { - build_assertions (negatives, cert, CKT_X_DISTRUSTED_CERTIFICATE, rejects); - } - - if (distrust && negatives) { - /* - * Trust assertions are defficient in that they don't blacklist a certificate - * for any purposes. So we just have to go wild and write out a bunch of - * assertions for all our known purposes. - */ - build_assertions (negatives, cert, CKT_X_DISTRUSTED_CERTIFICATE, all_purposes); - } - - /* - * TODO: Build pinned certificate assertions. That is, trusted - * certificates where not an authority. - */ - - if (trust && authority && positives) { - if (purposes) { - /* If purposes explicitly set, then anchor for those purposes */ - build_assertions (positives, cert, CKT_X_ANCHORED_CERTIFICATE, purposes); - } else { - /* If purposes not-explicitly set, then anchor for all known */ - build_assertions (positives, cert, CKT_X_ANCHORED_CERTIFICATE, all_purposes); - } - } -} - -static void -replace_trust_assertions (p11_builder *builder, - p11_index *index, - CK_ATTRIBUTE *cert, - CK_BBOOL trust, - CK_BBOOL distrust, - CK_BBOOL authority, - const char **purposes, - const char **rejects) -{ - CK_OBJECT_CLASS assertion = CKO_X_TRUST_ASSERTION; - CK_BBOOL generated = CK_TRUE; - p11_array *positives = NULL; - p11_array *negatives = NULL; - CK_ATTRIBUTE *value; - CK_ATTRIBUTE *issuer; - CK_ATTRIBUTE *serial; - CK_RV rv; - - CK_ATTRIBUTE match_positive[] = { - { CKA_X_CERTIFICATE_VALUE, }, - { CKA_CLASS, &assertion, sizeof (assertion) }, - { CKA_X_GENERATED, &generated, sizeof (generated) }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE match_negative[] = { - { CKA_ISSUER, }, - { CKA_SERIAL_NUMBER, }, - { CKA_CLASS, &assertion, sizeof (assertion) }, - { CKA_X_GENERATED, &generated, sizeof (generated) }, - { CKA_INVALID } - }; - - value = p11_attrs_find_valid (cert, CKA_VALUE); - if (value) { - positives = p11_array_new (NULL); - match_positive[0].pValue = value->pValue; - match_positive[0].ulValueLen = value->ulValueLen; - } - - issuer = p11_attrs_find_valid (cert, CKA_ISSUER); - serial = p11_attrs_find_valid (cert, CKA_SERIAL_NUMBER); - if (issuer && serial) { - negatives = p11_array_new (NULL); - memcpy (match_negative + 0, issuer, sizeof (CK_ATTRIBUTE)); - memcpy (match_negative + 1, serial, sizeof (CK_ATTRIBUTE)); - } - - build_trust_assertions (positives, negatives, cert, trust, distrust, - authority, purposes, rejects); - - if (positives) { - rv = p11_index_replace_all (index, match_positive, CKA_X_PURPOSE, positives); - return_if_fail (rv == CKR_OK); - p11_array_free (positives); - } - - if (negatives) { - rv = p11_index_replace_all (index, match_negative, CKA_X_PURPOSE, negatives); - return_if_fail (rv == CKR_OK); - p11_array_free (negatives); - } -} - -static void -remove_trust_and_assertions (p11_builder *builder, - p11_index *index, - CK_ATTRIBUTE *attrs) -{ - replace_nss_trust_object (builder, index, attrs, - CK_FALSE, CK_FALSE, CK_FALSE, - NULL, NULL); - replace_trust_assertions (builder, index, attrs, - CK_FALSE, CK_FALSE, CK_FALSE, - NULL, NULL); -} - -static void -replace_trust_and_assertions (p11_builder *builder, - p11_index *index, - CK_ATTRIBUTE *cert) -{ - CK_BBOOL trust = CK_FALSE; - CK_BBOOL distrust = CK_FALSE; - CK_BBOOL authority = CK_FALSE; - p11_array *purposes = NULL; - p11_array *rejects = NULL; - const char **purposev; - const char **rejectv; - CK_ULONG category; - unsigned char *ext; - size_t ext_len; - - /* - * We look up all this information in advance, since it's used - * by the various adapter objects, and we don't have to parse - * it multiple times. - */ - - if (!p11_attrs_find_bool (cert, CKA_TRUSTED, &trust)) - trust = CK_FALSE; - if (!p11_attrs_find_bool (cert, CKA_X_DISTRUSTED, &distrust)) - distrust = CK_FALSE; - if (p11_attrs_find_ulong (cert, CKA_CERTIFICATE_CATEGORY, &category) && category == 2) - authority = CK_TRUE; - - if (!distrust) { - ext = lookup_extension (builder, index, cert, NULL, P11_OID_EXTENDED_KEY_USAGE, &ext_len); - if (ext != NULL) { - purposes = p11_x509_parse_extended_key_usage (builder->asn1_defs, ext, ext_len); - if (purposes == NULL) - p11_message ("invalid extended key usage certificate extension"); - free (ext); - } - - ext = lookup_extension (builder, index, cert, NULL, P11_OID_OPENSSL_REJECT, &ext_len); - if (ext != NULL) { - rejects = p11_x509_parse_extended_key_usage (builder->asn1_defs, ext, ext_len); - if (rejects == NULL) - p11_message ("invalid reject key usage certificate extension"); - free (ext); - } - } - - /* null-terminate these arrays and use as strv's */ - purposev = rejectv = NULL; - if (rejects) { - if (!p11_array_push (rejects, NULL)) - return_if_reached (); - rejectv = (const char **)rejects->elem; - } - if (purposes) { - if (!p11_array_push (purposes, NULL)) - return_if_reached (); - purposev = (const char **)purposes->elem; - } - - replace_nss_trust_object (builder, index, cert, trust, distrust, - authority, purposev, rejectv); - replace_trust_assertions (builder, index, cert, trust, distrust, - authority, purposev, rejectv); - - p11_array_free (purposes); - p11_array_free (rejects); -} - -static void -replace_compat_for_cert (p11_builder *builder, - p11_index *index, - CK_OBJECT_HANDLE handle, - CK_ATTRIBUTE *attrs) -{ - static const CK_OBJECT_CLASS certificate = CKO_CERTIFICATE; - static const CK_CERTIFICATE_TYPE x509 = CKC_X_509; - CK_ATTRIBUTE *value; - - CK_ATTRIBUTE match[] = { - { CKA_VALUE, }, - { CKA_CLASS, (void *)&certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, (void *)&x509, sizeof (x509) }, - { CKA_INVALID } - }; - - /* - * If this certificate is going away, then find duplicate. In this - * case all the trust assertions are recalculated with this new - * certificate in mind. - */ - if (handle == 0) { - value = p11_attrs_find_valid (attrs, CKA_VALUE); - if (value != NULL) { - match[0].pValue = value->pValue; - match[0].ulValueLen = value->ulValueLen; - handle = p11_index_find (index, match, -1); - } - if (handle != 0) - attrs = p11_index_lookup (index, handle); - } - - if (handle == 0) - remove_trust_and_assertions (builder, index, attrs); - else - replace_trust_and_assertions (builder, index, attrs); -} - -static void -replace_compat_for_ext (p11_builder *builder, - p11_index *index, - CK_OBJECT_HANDLE handle, - CK_ATTRIBUTE *attrs) -{ - - CK_OBJECT_HANDLE *handles; - CK_ATTRIBUTE *public_key; - int i; - - public_key = p11_attrs_find_valid (attrs, CKA_PUBLIC_KEY_INFO); - if (public_key == NULL) - return; - - handles = lookup_related (index, CKO_CERTIFICATE, public_key); - for (i = 0; handles && handles[i] != 0; i++) { - attrs = p11_index_lookup (index, handles[i]); - replace_trust_and_assertions (builder, index, attrs); - } - free (handles); -} - -static void -update_related_category (p11_builder *builder, - p11_index *index, - CK_OBJECT_HANDLE handle, - CK_ATTRIBUTE *attrs) -{ - CK_OBJECT_HANDLE *handles; - CK_ULONG categoryv = 0UL; - CK_ATTRIBUTE *update; - CK_ATTRIBUTE *cert; - CK_ATTRIBUTE *public_key; - CK_RV rv; - int i; - - CK_ATTRIBUTE category[] = { - { CKA_CERTIFICATE_CATEGORY, &categoryv, sizeof (categoryv) }, - { CKA_INVALID, }, - }; - - public_key = p11_attrs_find_valid (attrs, CKA_PUBLIC_KEY_INFO); - if (public_key == NULL) - return; - - /* Find all other objects with this handle */ - handles = lookup_related (index, CKO_CERTIFICATE, public_key); - - for (i = 0; handles && handles[i] != 0; i++) { - cert = p11_index_lookup (index, handle); - - if (calc_certificate_category (builder, index, cert, public_key, &categoryv)) { - update = p11_attrs_build (NULL, &category, NULL); - rv = p11_index_update (index, handles[i], update); - return_if_fail (rv == CKR_OK); - } - } - - free (handles); -} - -void -p11_builder_changed (void *bilder, - p11_index *index, - CK_OBJECT_HANDLE handle, - CK_ATTRIBUTE *attrs) -{ - static const CK_OBJECT_CLASS certificate = CKO_CERTIFICATE; - static const CK_OBJECT_CLASS extension = CKO_X_CERTIFICATE_EXTENSION; - static const CK_CERTIFICATE_TYPE x509 = CKC_X_509; - - static const CK_ATTRIBUTE match_cert[] = { - { CKA_CLASS, (void *)&certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, (void *)&x509, sizeof (x509) }, - { CKA_INVALID } - }; - - static const CK_ATTRIBUTE match_eku[] = { - { CKA_CLASS, (void *)&extension, sizeof (extension) }, - { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, - sizeof (P11_OID_EXTENDED_KEY_USAGE) }, - { CKA_INVALID } - }; - - static const CK_ATTRIBUTE match_ku[] = { - { CKA_CLASS, (void *)&extension, sizeof (extension) }, - { CKA_OBJECT_ID, (void *)P11_OID_KEY_USAGE, - sizeof (P11_OID_KEY_USAGE) }, - { CKA_INVALID } - }; - - static const CK_ATTRIBUTE match_bc[] = { - { CKA_CLASS, (void *)&extension, sizeof (extension) }, - { CKA_OBJECT_ID, (void *)P11_OID_BASIC_CONSTRAINTS, - sizeof (P11_OID_BASIC_CONSTRAINTS) }, - { CKA_INVALID } - }; - - p11_builder *builder = bilder; - - return_if_fail (builder != NULL); - return_if_fail (index != NULL); - return_if_fail (attrs != NULL); - - /* - * Treat these operations as loading, not modifying/creating, so we get - * around many of the rules that govern object creation - */ - p11_index_load (index); - - /* A certificate */ - if (p11_attrs_match (attrs, match_cert)) { - replace_compat_for_cert (builder, index, handle, attrs); - - /* An ExtendedKeyUsage extension */ - } else if (p11_attrs_match (attrs, match_eku) || - p11_attrs_match (attrs, match_ku)) { - replace_compat_for_ext (builder, index, handle, attrs); - - /* A BasicConstraints extension */ - } else if (p11_attrs_match (attrs, match_bc)) { - update_related_category (builder, index, handle, attrs); - } - - p11_index_finish (index); -} diff --git a/trust/builder.h b/trust/builder.h deleted file mode 100644 index ba130e1..0000000 --- a/trust/builder.h +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef P11_BUILDER_H_ -#define P11_BUILDER_H_ - -#include "asn1.h" -#include "dict.h" -#include "index.h" -#include "pkcs11.h" - -enum { - P11_BUILDER_FLAG_NONE = 0, - P11_BUILDER_FLAG_TOKEN = 1 << 1, -}; - -typedef struct _p11_builder p11_builder; - -p11_builder * p11_builder_new (int flags); - -void p11_builder_free (p11_builder *builder); - -CK_RV p11_builder_build (void *builder, - p11_index *index, - CK_ATTRIBUTE *attrs, - CK_ATTRIBUTE *merge, - CK_ATTRIBUTE **populate); - -void p11_builder_changed (void *builder, - p11_index *index, - CK_OBJECT_HANDLE handle, - CK_ATTRIBUTE *attrs); - -p11_asn1_cache * p11_builder_get_cache (p11_builder *builder); - -#endif /* P11_BUILDER_H_ */ diff --git a/trust/digest.c b/trust/digest.c deleted file mode 100644 index 5cac83a..0000000 --- a/trust/digest.c +++ /dev/null @@ -1,632 +0,0 @@ -/* - * Copyright (C) 2004, 2005, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH - * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE - * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -/*! \file - * SHA-1 in C - * \author By Steve Reid - * 100% Public Domain - * \verbatim - * Test Vectors - * "abc" - * A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D - * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" - * 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 - * A million repetitions of "a" - * 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F - * \endverbatim - */ - -#include "config.h" - -#include "digest.h" - -#include -#include -#include -#include - -#ifdef WITH_FREEBL - -/* - * NSS freebl3 has awkward headers not provided by appropriate packages - * in many cases. So put these defines here inline. freebl3 seems completely - * undocumented anyway. If you think this is a hack, then you guessed right. - * - * If you want a stable p11-kit without worries, use the builtin SHA1 and MD5 - * implementations. They're not used for crypto anyway. If you need p11-kit to - * tick the "doesn't implement own crypto" checkbox, then the you're signing - * up for this hack. - */ - -typedef enum { - HASH_AlgMD5 = 2, - HASH_AlgSHA1 = 3, -} HASH_HashType; - -typedef struct NSSLOWInitContextStr NSSLOWInitContext; -typedef struct NSSLOWHASHContextStr NSSLOWHASHContext; - -NSSLOWInitContext *NSSLOW_Init(void); -NSSLOWHASHContext *NSSLOWHASH_NewContext( - NSSLOWInitContext *initContext, - HASH_HashType hashType); -void NSSLOWHASH_Begin(NSSLOWHASHContext *context); -void NSSLOWHASH_Update(NSSLOWHASHContext *context, - const unsigned char *buf, - unsigned int len); -void NSSLOWHASH_End(NSSLOWHASHContext *context, - unsigned char *buf, - unsigned int *ret, unsigned int len); -void NSSLOWHASH_Destroy(NSSLOWHASHContext *context); - -#endif /* WITH_FREEBL3 */ - -#define SHA1_BLOCK_LENGTH 64U - -typedef struct { - uint32_t state[5]; - uint32_t count[2]; - unsigned char buffer[SHA1_BLOCK_LENGTH]; -} sha1_t; - -#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) - -/*@{*/ -/*! - * blk0() and blk() perform the initial expand. - * I got the idea of expanding during the round function from SSLeay - */ -#if !defined(WORDS_BIGENDIAN) -# define blk0(i) \ - (block->l[i] = (rol(block->l[i], 24) & 0xFF00FF00) \ - | (rol(block->l[i], 8) & 0x00FF00FF)) -#else -# define blk0(i) block->l[i] -#endif -#define blk(i) \ - (block->l[i & 15] = rol(block->l[(i + 13) & 15] \ - ^ block->l[(i + 8) & 15] \ - ^ block->l[(i + 2) & 15] \ - ^ block->l[i & 15], 1)) - -/*@}*/ -/*@{*/ -/*! - * (R0+R1), R2, R3, R4 are the different operations (rounds) used in SHA1 - */ -#define R0(v,w,x,y,z,i) \ - z += ((w & (x ^ y)) ^ y) + blk0(i) + 0x5A827999 + rol(v, 5); \ - w = rol(w, 30); -#define R1(v,w,x,y,z,i) \ - z += ((w & (x ^ y)) ^ y) + blk(i) + 0x5A827999 + rol(v, 5); \ - w = rol(w, 30); -#define R2(v,w,x,y,z,i) \ - z += (w ^ x ^ y) + blk(i) + 0x6ED9EBA1 + rol(v, 5); \ - w = rol(w, 30); -#define R3(v,w,x,y,z,i) \ - z += (((w | x) & y) | (w & x)) + blk(i) + 0x8F1BBCDC + rol(v, 5); \ - w = rol(w, 30); -#define R4(v,w,x,y,z,i) \ - z += (w ^ x ^ y) + blk(i) + 0xCA62C1D6 + rol(v, 5); \ - w = rol(w, 30); - -/*@}*/ - -typedef union { - unsigned char c[64]; - unsigned int l[16]; -} CHAR64LONG16; - -/*! - * Hash a single 512-bit block. This is the core of the algorithm. - */ -static void -transform_sha1 (uint32_t state[5], - const unsigned char buffer[64]) -{ - uint32_t a, b, c, d, e; - CHAR64LONG16 *block; - CHAR64LONG16 workspace; - - assert (buffer != NULL); - assert (state != NULL); - - block = &workspace; - (void)memcpy(block, buffer, 64); - - /* Copy context->state[] to working vars */ - a = state[0]; - b = state[1]; - c = state[2]; - d = state[3]; - e = state[4]; - - /* 4 rounds of 20 operations each. Loop unrolled. */ - R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); - R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); - R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); - R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); - R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); - R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); - R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); - R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); - R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); - R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); - R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); - R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); - R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); - R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); - R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); - R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); - R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); - R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); - R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); - R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); - - /* Add the working vars back into context.state[] */ - state[0] += a; - state[1] += b; - state[2] += c; - state[3] += d; - state[4] += e; - - /* Wipe variables */ - a = b = c = d = e = 0; - /* Avoid compiler warnings - POST(a); POST(b); POST(c); POST(d); POST(e); - */ -} - - -/*! - * isc_sha1_init - Initialize new context - */ -static void -sha1_init (sha1_t *context) -{ - assert (context != NULL); - - /* SHA1 initialization constants */ - context->state[0] = 0x67452301; - context->state[1] = 0xEFCDAB89; - context->state[2] = 0x98BADCFE; - context->state[3] = 0x10325476; - context->state[4] = 0xC3D2E1F0; - context->count[0] = 0; - context->count[1] = 0; -} - -static void -sha1_invalidate (sha1_t *context) -{ - memset (context, 0, sizeof (sha1_t)); -} - -/*! - * Run your data through this. - */ -static void -sha1_update(sha1_t *context, - const unsigned char *data, - unsigned int len) -{ - unsigned int i, j; - - assert (context != 0); - assert (data != 0); - - j = context->count[0]; - if ((context->count[0] += len << 3) < j) - context->count[1] += (len >> 29) + 1; - j = (j >> 3) & 63; - if ((j + len) > 63) { - (void)memcpy(&context->buffer[j], data, (i = 64 - j)); - transform_sha1 (context->state, context->buffer); - for (; i + 63 < len; i += 64) - transform_sha1 (context->state, &data[i]); - j = 0; - } else { - i = 0; - } - - (void)memcpy(&context->buffer[j], &data[i], len - i); -} - - -/*! - * Add padding and return the message digest. - */ - -static const unsigned char final_200 = 128; -static const unsigned char final_0 = 0; - -static void -sha1_final (sha1_t *context, - unsigned char *digest) -{ - unsigned int i; - unsigned char finalcount[8]; - - assert (digest != 0); - assert (context != 0); - - for (i = 0; i < 8; i++) { - /* Endian independent */ - finalcount[i] = (unsigned char) - ((context->count[(i >= 4 ? 0 : 1)] - >> ((3 - (i & 3)) * 8)) & 255); - } - - sha1_update(context, &final_200, 1); - while ((context->count[0] & 504) != 448) - sha1_update(context, &final_0, 1); - /* The next Update should cause a transform_sha1() */ - sha1_update(context, finalcount, 8); - - if (digest) { - for (i = 0; i < 20; i++) - digest[i] = (unsigned char) - ((context->state[i >> 2] - >> ((3 - (i & 3)) * 8)) & 255); - } - - memset (context, 0, sizeof (sha1_t)); -} - -#ifdef WITH_FREEBL - -static bool -nss_slow_hash (HASH_HashType type, - unsigned char *hash, - unsigned int hash_len, - const void *input, - size_t length, - va_list va) -{ - NSSLOWHASHContext *ctx; - unsigned int len; - - ctx = NSSLOWHASH_NewContext(NSSLOW_Init (), type); - if (ctx == NULL) - return false; - - NSSLOWHASH_Begin (ctx); - while (input != NULL) { - NSSLOWHASH_Update (ctx, input, length); - input = va_arg (va, const void *); - if (input) - length = va_arg (va, size_t); - } - NSSLOWHASH_End (ctx, hash, &len, hash_len); - assert (len == hash_len); - NSSLOWHASH_Destroy (ctx); - return true; -} - -#endif /* WITH_FREEBL */ - -void -p11_digest_sha1 (unsigned char *hash, - const void *input, - size_t length, - ...) -{ - va_list va; - sha1_t sha1; - -#ifdef WITH_FREEBL - bool ret; - - va_start (va, length); - ret = nss_slow_hash (HASH_AlgSHA1, hash, P11_DIGEST_SHA1_LEN, input, length, va); - va_end (va); - - if (ret) - return; -#endif - - sha1_init (&sha1); - - va_start (va, length); - while (input != NULL) { - sha1_update (&sha1, input, length); - input = va_arg (va, const void *); - if (input) - length = va_arg (va, size_t); - } - va_end (va); - - sha1_final (&sha1, hash); - sha1_invalidate (&sha1); -} - - -/*! \file - * This code implements the MD5 message-digest algorithm. - * The algorithm is due to Ron Rivest. This code was - * written by Colin Plumb in 1993, no copyright is claimed. - * This code is in the public domain; do with it what you wish. - * - * Equivalent code is available from RSA Data Security, Inc. - * This code has been tested against that, and is equivalent, - * except that you don't need to include two pages of legalese - * with every copy. - * - * To compute the message digest of a chunk of bytes, declare an - * MD5Context structure, pass it to MD5Init, call MD5Update as - * needed on buffers full of bytes, and then call MD5Final, which - * will fill a supplied 16-byte array with the digest. - */ - -typedef struct { - uint32_t buf[4]; - uint32_t bytes[2]; - uint32_t in[16]; -} md5_t; - -static void -byteSwap (uint32_t *buf, - unsigned words) -{ - unsigned char *p = (unsigned char *)buf; - - do { - *buf++ = (uint32_t)((unsigned)p[3] << 8 | p[2]) << 16 | - ((unsigned)p[1] << 8 | p[0]); - p += 4; - } while (--words); -} - -/*! - * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious - * initialization constants. - */ -static void -md5_init(md5_t *ctx) -{ - ctx->buf[0] = 0x67452301; - ctx->buf[1] = 0xefcdab89; - ctx->buf[2] = 0x98badcfe; - ctx->buf[3] = 0x10325476; - - ctx->bytes[0] = 0; - ctx->bytes[1] = 0; -} - -static void -md5_invalidate(md5_t *ctx) -{ - memset(ctx, 0, sizeof(md5_t)); -} - -/*@{*/ -/*! The four core functions - F1 is optimized somewhat */ - -/* #define F1(x, y, z) (x & y | ~x & z) */ -#define F1(x, y, z) (z ^ (x & (y ^ z))) -#define F2(x, y, z) F1(z, x, y) -#define F3(x, y, z) (x ^ y ^ z) -#define F4(x, y, z) (y ^ (x | ~z)) -/*@}*/ - -/*! This is the central step in the MD5 algorithm. */ -#define MD5STEP(f,w,x,y,z,in,s) \ - (w += f(x,y,z) + in, w = (w<>(32-s)) + x) - -/*! - * The core of the MD5 algorithm, this alters an existing MD5 hash to - * reflect the addition of 16 longwords of new data. MD5Update blocks - * the data and converts bytes into longwords for this routine. - */ -static void -transform_md5 (uint32_t buf[4], - uint32_t const in[16]) -{ - register uint32_t a, b, c, d; - - a = buf[0]; - b = buf[1]; - c = buf[2]; - d = buf[3]; - - MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7); - MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12); - MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17); - MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22); - MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7); - MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12); - MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17); - MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22); - MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7); - MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12); - MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17); - MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22); - MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7); - MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12); - MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17); - MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22); - - MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5); - MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9); - MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14); - MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20); - MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5); - MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9); - MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14); - MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20); - MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5); - MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9); - MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14); - MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20); - MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5); - MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9); - MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14); - MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20); - - MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4); - MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11); - MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16); - MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23); - MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4); - MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11); - MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16); - MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23); - MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4); - MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11); - MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16); - MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23); - MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4); - MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11); - MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16); - MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23); - - MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6); - MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10); - MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15); - MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21); - MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6); - MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10); - MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15); - MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21); - MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6); - MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10); - MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15); - MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21); - MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6); - MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10); - MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15); - MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21); - - buf[0] += a; - buf[1] += b; - buf[2] += c; - buf[3] += d; -} - -/*! - * Update context to reflect the concatenation of another buffer full - * of bytes. - */ -static void -md5_update (md5_t *ctx, - const unsigned char *buf, - unsigned int len) -{ - uint32_t t; - - /* Update byte count */ - - t = ctx->bytes[0]; - if ((ctx->bytes[0] = t + len) < t) - ctx->bytes[1]++; /* Carry from low to high */ - - t = 64 - (t & 0x3f); /* Space available in ctx->in (at least 1) */ - if (t > len) { - memcpy((unsigned char *)ctx->in + 64 - t, buf, len); - return; - } - /* First chunk is an odd size */ - memcpy((unsigned char *)ctx->in + 64 - t, buf, t); - byteSwap(ctx->in, 16); - transform_md5 (ctx->buf, ctx->in); - buf += t; - len -= t; - - /* Process data in 64-byte chunks */ - while (len >= 64) { - memcpy(ctx->in, buf, 64); - byteSwap(ctx->in, 16); - transform_md5(ctx->buf, ctx->in); - buf += 64; - len -= 64; - } - - /* Handle any remaining bytes of data. */ - memcpy(ctx->in, buf, len); -} - -/*! - * Final wrapup - pad to 64-byte boundary with the bit pattern - * 1 0* (64-bit count of bits processed, MSB-first) - */ -static void -md5_final(md5_t *ctx, - unsigned char *digest) -{ - int count = ctx->bytes[0] & 0x3f; /* Number of bytes in ctx->in */ - unsigned char *p = (unsigned char *)ctx->in + count; - - /* Set the first char of padding to 0x80. There is always room. */ - *p++ = 0x80; - - /* Bytes of padding needed to make 56 bytes (-8..55) */ - count = 56 - 1 - count; - - if (count < 0) { /* Padding forces an extra block */ - memset(p, 0, count + 8); - byteSwap(ctx->in, 16); - transform_md5(ctx->buf, ctx->in); - p = (unsigned char *)ctx->in; - count = 56; - } - memset(p, 0, count); - byteSwap(ctx->in, 14); - - /* Append length in bits and transform */ - ctx->in[14] = ctx->bytes[0] << 3; - ctx->in[15] = ctx->bytes[1] << 3 | ctx->bytes[0] >> 29; - transform_md5(ctx->buf, ctx->in); - - byteSwap(ctx->buf, 4); - memcpy(digest, ctx->buf, 16); - memset(ctx, 0, sizeof(md5_t)); /* In case it's sensitive */ -} - -void -p11_digest_md5 (unsigned char *hash, - const void *input, - size_t length, - ...) -{ - va_list va; - md5_t md5; - -#ifdef WITH_FREEBL - bool ret; - - va_start (va, length); - ret = nss_slow_hash (HASH_AlgMD5, hash, P11_DIGEST_MD5_LEN, input, length, va); - va_end (va); - - if (ret) - return; -#endif - - md5_init (&md5); - - va_start (va, length); - while (input) { - md5_update (&md5, input, length); - input = va_arg (va, const void *); - if (input) - length = va_arg (va, size_t); - } - va_end (va); - - md5_final (&md5, hash); - md5_invalidate (&md5); -} diff --git a/trust/digest.h b/trust/digest.h deleted file mode 100644 index 82d48fe..0000000 --- a/trust/digest.h +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef P11_DIGEST_H_ -#define P11_DIGEST_H_ - -#include "compat.h" - -/* - * The SHA-1 and MD5 digests here are used for checksums in legacy - * protocols. We don't use them in cryptographic contexts at all. - * These particular algorithms would be poor choices for that. - */ - -#define P11_DIGEST_MD5_LEN 16 - -void p11_digest_md5 (unsigned char *hash, - const void *input, - size_t length, - ...) GNUC_NULL_TERMINATED; - -#define P11_DIGEST_SHA1_LEN 20 - -void p11_digest_sha1 (unsigned char *hash, - const void *input, - size_t length, - ...) GNUC_NULL_TERMINATED; - -#endif /* P11_DIGEST_H_ */ diff --git a/trust/enumerate.c b/trust/enumerate.c deleted file mode 100644 index dd3da3a..0000000 --- a/trust/enumerate.c +++ /dev/null @@ -1,743 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#define P11_DEBUG_FLAG P11_DEBUG_TOOL - -#include "attrs.h" -#include "debug.h" -#include "oid.h" -#include "dict.h" -#include "extract.h" -#include "message.h" -#include "path.h" -#include "pkcs11.h" -#include "pkcs11x.h" -#include "x509.h" - -#include -#include - -static bool -load_attached_extension (p11_dict *attached, - p11_dict *asn1_defs, - const unsigned char *der, - size_t len) -{ - char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; - node_asn *ext; - char *oid; - int length; - int start; - int end; - int ret; - - ext = p11_asn1_decode (asn1_defs, "PKIX1.Extension", der, len, message); - if (ext == NULL) { - p11_message ("couldn't parse attached certificate extension: %s", message); - return false; - } - - ret = asn1_der_decoding_startEnd (ext, der, len, "extnID", &start, &end); - return_val_if_fail (ret == ASN1_SUCCESS, false); - - /* Make sure it's a straightforward oid with certain assumptions */ - length = (end - start) + 1; - if (!p11_oid_simple (der + start, length)) { - p11_debug ("strange complex certificate extension object id"); - return false; - } - - oid = memdup (der + start, length); - return_val_if_fail (oid != NULL, false); - - if (!p11_dict_set (attached, oid, ext)) - return_val_if_reached (false); - - return true; -} - -static p11_dict * -load_attached_extensions (p11_enumerate *ex, - CK_ATTRIBUTE *spki) -{ - CK_OBJECT_CLASS extension = CKO_X_CERTIFICATE_EXTENSION; - CK_ATTRIBUTE *attrs; - P11KitIter *iter; - CK_RV rv = CKR_OK; - p11_dict *attached; - - CK_ATTRIBUTE match[] = { - { CKA_CLASS, &extension, sizeof (extension) }, - { CKA_PUBLIC_KEY_INFO, spki->pValue, spki->ulValueLen }, - }; - - CK_ATTRIBUTE template[] = { - { CKA_VALUE, }, - }; - - attached = p11_dict_new (p11_oid_hash, p11_oid_equal, - free, p11_asn1_free); - - /* No ID to use, just short circuit */ - if (!spki->pValue || !spki->ulValueLen) - return attached; - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_add_filter (iter, match, 2); - p11_kit_iter_begin_with (iter, p11_kit_iter_get_module (ex->iter), - 0, p11_kit_iter_get_session (ex->iter)); - - while (rv == CKR_OK) { - rv = p11_kit_iter_next (iter); - if (rv == CKR_OK) { - attrs = p11_attrs_buildn (NULL, template, 1); - rv = p11_kit_iter_load_attributes (iter, attrs, 1); - if (rv == CKR_OK) { - if (!load_attached_extension (attached, ex->asn1_defs, - attrs[0].pValue, - attrs[0].ulValueLen)) { - rv = CKR_GENERAL_ERROR; - } - } - p11_attrs_free (attrs); - } - } - - if (rv != CKR_OK && rv != CKR_CANCEL) { - p11_message ("couldn't load attached extensions for certificate: %s", p11_kit_strerror (rv)); - p11_dict_free (attached); - attached = NULL; - } - - p11_kit_iter_free (iter); - return attached; -} - -static bool -extract_purposes (p11_enumerate *ex) -{ - node_asn *ext = NULL; - unsigned char *value = NULL; - size_t length; - - if (ex->attached) { - ext = p11_dict_get (ex->attached, P11_OID_EXTENDED_KEY_USAGE); - if (ext != NULL) { - value = p11_asn1_read (ext, "extnValue", &length); - return_val_if_fail (value != NULL, false); - } - } - - if (value == NULL && ex->cert_asn) { - value = p11_x509_find_extension (ex->cert_asn, P11_OID_EXTENDED_KEY_USAGE, - ex->cert_der, ex->cert_len, &length); - } - - /* No such extension, match anything */ - if (value == NULL) - return true; - - ex->purposes = p11_x509_parse_extended_key_usage (ex->asn1_defs, value, length); - - free (value); - return ex->purposes != NULL; -} - -static bool -check_trust_flags (p11_enumerate *ex) -{ - CK_BBOOL trusted; - CK_BBOOL distrusted; - int flags = 0; - - /* If no extract trust flags, then just continue */ - if (!(ex->flags & (P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST))) - return true; - - /* Is this a blacklisted directly? */ - if (p11_attrs_find_bool (ex->attrs, CKA_X_DISTRUSTED, &distrusted) && distrusted) - flags = P11_ENUMERATE_BLACKLIST; - - /* Is it blacklisted elsewhere? then prevent it from being an anchor */ - else if (p11_dict_get (ex->blacklist_public_key, ex->attrs) || - p11_dict_get (ex->blacklist_issuer_serial, ex->attrs)) - flags = 0; - - /* Otherwise it might be an anchor? */ - else if (p11_attrs_find_bool (ex->attrs, CKA_TRUSTED, &trusted) && trusted) - flags = P11_ENUMERATE_ANCHORS; - - /* Any of the flags can match */ - if (flags & ex->flags) - return true; - - return false; -} - -static bool -extract_certificate (p11_enumerate *ex) -{ - char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; - CK_ATTRIBUTE *attr; - - CK_ULONG type; - - /* Don't even bother with not X.509 certificates */ - if (!p11_attrs_find_ulong (ex->attrs, CKA_CERTIFICATE_TYPE, &type)) - type = (CK_ULONG)-1; - if (type != CKC_X_509) { - p11_debug ("skipping non X.509 certificate"); - return false; - } - - attr = p11_attrs_find_valid (ex->attrs, CKA_VALUE); - if (!attr || !attr->pValue) { - p11_debug ("skipping certificate without a value"); - return false; - } - - /* - * If collapsing and have already seen this certificate, and shouldn't - * process it even again during this extract procedure. - */ - if (ex->flags & P11_ENUMERATE_COLLAPSE) { - if (!ex->already_seen) { - ex->already_seen = p11_dict_new (p11_attr_hash, p11_attr_equal, - p11_attrs_free, NULL); - return_val_if_fail (ex->already_seen != NULL, true); - } - - if (p11_dict_get (ex->already_seen, attr)) - return false; - } - - if (!check_trust_flags (ex)) { - p11_debug ("skipping certificate that doesn't match trust flags"); - return false; - } - - if (ex->already_seen) { - if (!p11_dict_set (ex->already_seen, - p11_attrs_build (NULL, attr, NULL), "x")) - return_val_if_reached (true); - } - - ex->cert_der = attr->pValue; - ex->cert_len = attr->ulValueLen; - ex->cert_asn = p11_asn1_decode (ex->asn1_defs, "PKIX1.Certificate", - ex->cert_der, ex->cert_len, message); - - if (!ex->cert_asn) { - p11_message ("couldn't parse certificate: %s", message); - return false; - } - - return true; -} - -static bool -extract_info (p11_enumerate *ex) -{ - CK_ATTRIBUTE *attr; - CK_RV rv; - - static const CK_ATTRIBUTE attr_types[] = { - { CKA_ID, }, - { CKA_CLASS, }, - { CKA_CERTIFICATE_TYPE, }, - { CKA_LABEL, }, - { CKA_VALUE, }, - { CKA_SUBJECT, }, - { CKA_ISSUER, }, - { CKA_SERIAL_NUMBER, }, - { CKA_TRUSTED, }, - { CKA_CERTIFICATE_CATEGORY }, - { CKA_X_DISTRUSTED }, - { CKA_PUBLIC_KEY_INFO }, - { CKA_INVALID, }, - }; - - ex->attrs = p11_attrs_dup (attr_types); - rv = p11_kit_iter_load_attributes (ex->iter, ex->attrs, p11_attrs_count (ex->attrs)); - - /* The attributes couldn't be loaded */ - if (rv != CKR_OK && rv != CKR_ATTRIBUTE_TYPE_INVALID && rv != CKR_ATTRIBUTE_SENSITIVE) { - p11_message ("couldn't load attributes: %s", p11_kit_strerror (rv)); - return false; - } - - /* No class attribute, very strange, just skip */ - if (!p11_attrs_find_ulong (ex->attrs, CKA_CLASS, &ex->klass)) - return false; - - /* If a certificate then */ - if (ex->klass != CKO_CERTIFICATE) { - p11_message ("skipping non-certificate object"); - return false; - } - - if (!extract_certificate (ex)) - return false; - - attr = p11_attrs_find_valid (ex->attrs, CKA_PUBLIC_KEY_INFO); - if (attr) { - ex->attached = load_attached_extensions (ex, attr); - if (!ex->attached) - return false; - } - - if (!extract_purposes (ex)) - return false; - - return true; -} - -static void -extract_clear (p11_enumerate *ex) -{ - ex->klass = (CK_ULONG)-1; - - p11_attrs_free (ex->attrs); - ex->attrs = NULL; - - asn1_delete_structure (&ex->cert_asn); - ex->cert_der = NULL; - ex->cert_len = 0; - - p11_dict_free (ex->attached); - ex->attached = NULL; - - p11_array_free (ex->purposes); - ex->purposes = NULL; -} - -static CK_RV -on_iterate_load_filter (p11_kit_iter *iter, - CK_BBOOL *matches, - void *data) -{ - p11_enumerate *ex = data; - int i; - - extract_clear (ex); - - /* Try to load the certificate and extensions */ - if (!extract_info (ex)) { - *matches = CK_FALSE; - return CKR_OK; - } - - /* - * Limit to certain purposes. Note that the lack of purposes noted - * on the certificate means they match any purpose. This is the - * behavior of the ExtendedKeyUsage extension. - */ - if (ex->limit_to_purposes && ex->purposes) { - *matches = CK_FALSE; - for (i = 0; i < ex->purposes->num; i++) { - if (p11_dict_get (ex->limit_to_purposes, ex->purposes->elem[i])) { - *matches = CK_TRUE; - break; - } - } - } - - return CKR_OK; -} - -/* - * Various skip lookup tables, used for blacklists and collapsing - * duplicate entries. - * - * The dict hash/lookup callbacks are special cased - * so we can just pass in full attribute lists for lookup and only match - * the attributes we're interested in. - * - * Note that both p11_attr_hash and p11_attr_equal are NULL safe. - */ - -static bool -public_key_equal (const void *one, - const void *two) -{ - return p11_attr_equal (p11_attrs_find_valid ((CK_ATTRIBUTE *)one, CKA_PUBLIC_KEY_INFO), - p11_attrs_find_valid ((CK_ATTRIBUTE *)two, CKA_PUBLIC_KEY_INFO)); -} - -static unsigned int -public_key_hash (const void *data) -{ - return p11_attr_hash (p11_attrs_find_valid ((CK_ATTRIBUTE *)data, CKA_PUBLIC_KEY_INFO)); -} - -static bool -issuer_serial_equal (const void *one, - const void *two) -{ - return p11_attr_equal (p11_attrs_find_valid ((CK_ATTRIBUTE *)one, CKA_ISSUER), - p11_attrs_find_valid ((CK_ATTRIBUTE *)two, CKA_ISSUER)) && - p11_attr_equal (p11_attrs_find_valid ((CK_ATTRIBUTE *)one, CKA_SERIAL_NUMBER), - p11_attrs_find_valid ((CK_ATTRIBUTE *)two, CKA_SERIAL_NUMBER)); -} - -static unsigned int -issuer_serial_hash (const void *data) -{ - return p11_attr_hash (p11_attrs_find_valid ((CK_ATTRIBUTE *)data, CKA_ISSUER)) ^ - p11_attr_hash (p11_attrs_find_valid ((CK_ATTRIBUTE *)data, CKA_SERIAL_NUMBER)); -} - -static bool -blacklist_load (p11_enumerate *ex) -{ - p11_kit_iter *iter; - CK_BBOOL distrusted = CK_TRUE; - CK_RV rv = CKR_OK; - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *key; - CK_ATTRIBUTE *serial; - CK_ATTRIBUTE *issuer; - CK_ATTRIBUTE *public_key; - - CK_ATTRIBUTE match[] = { - { CKA_X_DISTRUSTED, &distrusted, sizeof (distrusted) }, - }; - - CK_ATTRIBUTE template[] = { - { CKA_SERIAL_NUMBER, }, - { CKA_PUBLIC_KEY_INFO, }, - { CKA_ISSUER, }, - }; - - iter = p11_kit_iter_new (ex->uri, 0); - p11_kit_iter_add_filter (iter, match, 1); - p11_kit_iter_begin (iter, ex->modules); - - attrs = p11_attrs_buildn (NULL, template, 3); - - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - - /* - * Fail "safe" in that first failure doesn't cause ignoring - * the remainder of the blacklist. - */ - rv = p11_kit_iter_load_attributes (iter, attrs, 3); - if (rv != CKR_OK) { - p11_message ("couldn't load blacklist: %s", p11_kit_strerror (rv)); - continue; - } - - /* A blacklisted item with an issuer and serial number */ - issuer = p11_attrs_find_valid (attrs, CKA_ISSUER); - serial = p11_attrs_find_valid (attrs, CKA_SERIAL_NUMBER); - if (issuer != NULL && serial != NULL) { - key = p11_attrs_build (NULL, issuer, serial, NULL); - if (!key || !p11_dict_set (ex->blacklist_issuer_serial, key, "x")) - return_val_if_reached (false); - } - - /* A blacklisted item with a public key */ - public_key = p11_attrs_find_valid (attrs, CKA_PUBLIC_KEY_INFO); - if (public_key != NULL) { - key = p11_attrs_build (NULL, public_key, NULL); - if (!public_key || !p11_dict_set (ex->blacklist_public_key, key, "x")) - return_val_if_reached (false); - } - } - - p11_attrs_free (attrs); - p11_kit_iter_free (iter); - - if (rv == CKR_CANCEL) - return true; - - p11_message ("couldn't load blacklist: %s", p11_kit_strerror (rv)); - return false; -} - -void -p11_enumerate_init (p11_enumerate *ex) -{ - memset (ex, 0, sizeof (p11_enumerate)); - ex->asn1_defs = p11_asn1_defs_load (); - return_if_fail (ex->asn1_defs != NULL); - - ex->iter = p11_kit_iter_new (NULL, 0); - return_if_fail (ex->iter != NULL); - - ex->blacklist_public_key = p11_dict_new (public_key_hash, public_key_equal, - p11_attrs_free, NULL); - return_if_fail (ex->blacklist_public_key); - - ex->blacklist_issuer_serial = p11_dict_new (issuer_serial_hash, issuer_serial_equal, - p11_attrs_free, NULL); - return_if_fail (ex->blacklist_issuer_serial); - - p11_kit_iter_add_callback (ex->iter, on_iterate_load_filter, ex, NULL); -} - -void -p11_enumerate_cleanup (p11_enumerate *ex) -{ - extract_clear (ex); - - p11_dict_free (ex->limit_to_purposes); - ex->limit_to_purposes = NULL; - - p11_dict_free (ex->already_seen); - ex->already_seen = NULL; - p11_dict_free (ex->blacklist_public_key); - ex->blacklist_public_key = NULL; - p11_dict_free (ex->blacklist_issuer_serial); - ex->blacklist_issuer_serial = NULL; - - p11_dict_free (ex->asn1_defs); - ex->asn1_defs = NULL; - - p11_kit_iter_free (ex->iter); - ex->iter = NULL; - - if (ex->modules) { - p11_kit_modules_finalize_and_release (ex->modules); - ex->modules = NULL; - } - - if (ex->uri) { - p11_kit_uri_free (ex->uri); - ex->uri = NULL; - } -} - -bool -p11_enumerate_opt_filter (p11_enumerate *ex, - const char *option) -{ - CK_ATTRIBUTE *attrs; - int ret; - - CK_OBJECT_CLASS vcertificate = CKO_CERTIFICATE; - CK_ULONG vauthority = 2; - CK_CERTIFICATE_TYPE vx509 = CKC_X_509; - - CK_ATTRIBUTE certificate = { CKA_CLASS, &vcertificate, sizeof (vcertificate) }; - CK_ATTRIBUTE authority = { CKA_CERTIFICATE_CATEGORY, &vauthority, sizeof (vauthority) }; - CK_ATTRIBUTE x509= { CKA_CERTIFICATE_TYPE, &vx509, sizeof (vx509) }; - - if (strncmp (option, "pkcs11:", 7) == 0) { - if (ex->uri != NULL) { - p11_message ("a PKCS#11 URI has already been specified"); - return false; - } - - ex->uri = p11_kit_uri_new (); - ret = p11_kit_uri_parse (option, P11_KIT_URI_FOR_OBJECT_ON_TOKEN_AND_MODULE, ex->uri); - if (ret != P11_KIT_URI_OK) { - p11_message ("couldn't parse pkcs11 uri filter: %s", option); - return false; - } - - if (p11_kit_uri_any_unrecognized (ex->uri)) - p11_message ("uri contained unrecognized components, nothing will be extracted"); - - p11_kit_iter_set_uri (ex->iter, ex->uri); - ex->num_filters++; - return true; - } - - if (strcmp (option, "ca-anchors") == 0) { - attrs = p11_attrs_build (NULL, &certificate, &authority, &x509, NULL); - ex->flags |= P11_ENUMERATE_ANCHORS | P11_ENUMERATE_COLLAPSE; - - } else if (strcmp (option, "trust-policy") == 0) { - attrs = p11_attrs_build (NULL, &certificate, &x509, NULL); - ex->flags |= P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST | P11_ENUMERATE_COLLAPSE; - - } else if (strcmp (option, "blacklist") == 0) { - attrs = p11_attrs_build (NULL, &certificate, &x509, NULL); - ex->flags |= P11_ENUMERATE_BLACKLIST | P11_ENUMERATE_COLLAPSE; - - } else if (strcmp (option, "certificates") == 0) { - attrs = p11_attrs_build (NULL, &certificate, &x509, NULL); - ex->flags |= P11_ENUMERATE_COLLAPSE; - - } else { - p11_message ("unsupported or unrecognized filter: %s", option); - return false; - } - - p11_kit_iter_add_filter (ex->iter, attrs, p11_attrs_count (attrs)); - ex->num_filters++; - return true; -} - -static int -is_valid_oid_rough (const char *string) -{ - size_t len; - - len = strlen (string); - - /* Rough check if a valid OID */ - return (strspn (string, "0123456789.") == len && - !strstr (string, "..") && string[0] != '\0' && string[0] != '.' && - string[len - 1] != '.'); -} - -bool -p11_enumerate_opt_purpose (p11_enumerate *ex, - const char *option) -{ - const char *oid; - char *value; - - if (strcmp (option, "server-auth") == 0) { - oid = P11_OID_SERVER_AUTH_STR; - } else if (strcmp (option, "client-auth") == 0) { - oid = P11_OID_CLIENT_AUTH_STR; - } else if (strcmp (option, "email-protection") == 0 || strcmp (option, "email") == 0) { - oid = P11_OID_EMAIL_PROTECTION_STR; - } else if (strcmp (option, "code-signing") == 0) { - oid = P11_OID_CODE_SIGNING_STR; - } else if (strcmp (option, "ipsec-end-system") == 0) { - oid = P11_OID_IPSEC_END_SYSTEM_STR; - } else if (strcmp (option, "ipsec-tunnel") == 0) { - oid = P11_OID_IPSEC_TUNNEL_STR; - } else if (strcmp (option, "ipsec-user") == 0) { - oid = P11_OID_IPSEC_USER_STR; - } else if (strcmp (option, "time-stamping") == 0) { - oid = P11_OID_TIME_STAMPING_STR; - } else if (is_valid_oid_rough (option)) { - oid = option; - } else { - p11_message ("unsupported or unregonized purpose: %s", option); - return false; - } - - if (!ex->limit_to_purposes) { - ex->limit_to_purposes = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, NULL); - return_val_if_fail (ex->limit_to_purposes != NULL, false); - } - - value = strdup (oid); - return_val_if_fail (value != NULL, false); - if (!p11_dict_set (ex->limit_to_purposes, value, value)) - return_val_if_reached (false); - - return true; -} - -bool -p11_enumerate_ready (p11_enumerate *ex, - const char *def_filter) -{ - if (def_filter && ex->num_filters == 0) { - if (!p11_enumerate_opt_filter (ex, def_filter)) - return_val_if_reached (false); - } - - /* - * We only "believe" the CKA_TRUSTED and CKA_X_DISTRUSTED attributes - * we get from modules explicitly marked as containing trust-policy. - */ - if (!ex->modules) - ex->modules = p11_kit_modules_load_and_initialize (P11_KIT_MODULE_TRUSTED); - if (!ex->modules) - return false; - if (ex->modules[0] == NULL) - p11_message ("no modules containing trust policy are registered"); - - /* - * If loading anchors, then the caller expects that the blacklist is - * "applied" and any anchors on the blacklist are taken out. This is - * for compatibility with software that does not support blacklists. - */ - if (ex->flags & P11_ENUMERATE_ANCHORS) { - if (!blacklist_load (ex)) - return false; - } - - p11_kit_iter_begin (ex->iter, ex->modules); - return true; -} - -static char * -extract_label (p11_enumerate *ex) -{ - CK_ATTRIBUTE *attr; - - /* Look for a label and just use that */ - attr = p11_attrs_find_valid (ex->attrs, CKA_LABEL); - if (attr && attr->pValue && attr->ulValueLen) - return strndup (attr->pValue, attr->ulValueLen); - - /* For extracting certificates */ - if (ex->klass == CKO_CERTIFICATE) - return strdup ("certificate"); - - return strdup ("unknown"); -} - -char * -p11_enumerate_filename (p11_enumerate *ex) -{ - char *label; - - label = extract_label (ex); - return_val_if_fail (label != NULL, NULL); - - p11_path_canon (label); - return label; -} - -char * -p11_enumerate_comment (p11_enumerate *ex, - bool first) -{ - char *comment; - char *label; - - if (!(ex->flags & P11_EXTRACT_COMMENT)) - return NULL; - - label = extract_label (ex); - if (!asprintf (&comment, "%s# %s\n", - first ? "" : "\n", - label ? label : "")) - return_val_if_reached (NULL); - - free (label); - return comment; -} diff --git a/trust/enumerate.h b/trust/enumerate.h deleted file mode 100644 index 411820a..0000000 --- a/trust/enumerate.h +++ /dev/null @@ -1,107 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#ifndef P11_ENUMERATE_H_ -#define P11_ENUMERATE_H_ - -#include "array.h" -#include "asn1.h" -#include "dict.h" - -#include "p11-kit/iter.h" -#include "p11-kit/pkcs11.h" - -enum { - /* These overlap with the flags in save.h, so start higher */ - P11_ENUMERATE_ANCHORS = 1 << 21, - P11_ENUMERATE_BLACKLIST = 1 << 22, - P11_ENUMERATE_COLLAPSE = 1 << 23, -}; - -typedef struct { - CK_FUNCTION_LIST **modules; - p11_kit_iter *iter; - p11_kit_uri *uri; - - p11_dict *asn1_defs; - p11_dict *limit_to_purposes; - p11_dict *already_seen; - int num_filters; - int flags; - - p11_dict *blacklist_issuer_serial; - p11_dict *blacklist_public_key; - - /* - * Stuff below is parsed info for the current iteration. - * Currently this information is generally all relevant - * just for certificates. - */ - - CK_OBJECT_CLASS klass; - CK_ATTRIBUTE *attrs; - - /* Pre-parsed data for certificates */ - node_asn *cert_asn; - const unsigned char *cert_der; - size_t cert_len; - - /* DER OID -> CK_ATTRIBUTE list */ - p11_dict *attached; - - /* Set of OID purposes as strings */ - p11_array *purposes; -} p11_enumerate; - -char * p11_enumerate_filename (p11_enumerate *ex); - -char * p11_enumerate_comment (p11_enumerate *ex, - bool first); - -void p11_enumerate_init (p11_enumerate *ex); - -bool p11_enumerate_opt_filter (p11_enumerate *ex, - const char *option); - -bool p11_enumerate_opt_purpose (p11_enumerate *ex, - const char *option); - -bool p11_enumerate_ready (p11_enumerate *ex, - const char *def_filter); - -void p11_enumerate_cleanup (p11_enumerate *ex); - -#endif /* P11_ENUMERATE_H_ */ diff --git a/trust/extract-cer.c b/trust/extract-cer.c deleted file mode 100644 index b59be80..0000000 --- a/trust/extract-cer.c +++ /dev/null @@ -1,116 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "compat.h" -#include "debug.h" -#include "extract.h" -#include "message.h" -#include "save.h" - -#include - -bool -p11_extract_x509_file (p11_enumerate *ex, - const char *destination) -{ - bool found = false; - p11_save_file *file; - CK_RV rv; - - while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) { - if (found) { - p11_message ("multiple certificates found but could only write one to file"); - break; - } - - file = p11_save_open_file (destination, NULL, ex->flags); - if (!p11_save_write_and_finish (file, ex->cert_der, ex->cert_len)) - return false; - - /* Wrote something */ - found = true; - } - - if (rv != CKR_OK && rv != CKR_CANCEL) { - p11_message ("failed to find certificates: %s", p11_kit_strerror (rv)); - return false; - - /* Remember that an empty DER file is not a valid file, so complain if nothing */ - } else if (!found) { - p11_message ("no certificate found"); - return false; - } - - return true; -} - -bool -p11_extract_x509_directory (p11_enumerate *ex, - const char *destination) -{ - p11_save_file *file; - p11_save_dir *dir; - char *filename; - CK_RV rv; - bool ret; - - dir = p11_save_open_directory (destination, ex->flags); - if (dir == NULL) - return false; - - while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) { - filename = p11_enumerate_filename (ex); - return_val_if_fail (filename != NULL, -1); - - file = p11_save_open_file_in (dir, filename, ".cer"); - free (filename); - - if (!p11_save_write_and_finish (file, ex->cert_der, ex->cert_len)) { - p11_save_finish_directory (dir, false); - return false; - } - } - - if (rv != CKR_OK && rv != CKR_CANCEL) { - p11_message ("failed to find certificates: %s", p11_kit_strerror (rv)); - ret = false; - } else { - ret = true; - } - - p11_save_finish_directory (dir, ret); - return ret; -} diff --git a/trust/extract-jks.c b/trust/extract-jks.c deleted file mode 100644 index b409046..0000000 --- a/trust/extract-jks.c +++ /dev/null @@ -1,330 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "attrs.h" -#include "buffer.h" -#include "compat.h" -#include "debug.h" -#include "extract.h" -#include "digest.h" -#include "message.h" -#include "save.h" - -#include -#include -#include -#include -#include - -static void -encode_msb_short (unsigned char *data, - int16_t value) -{ - uint16_t v; - - /* At this point we only support positive numbers */ - assert (value >= 0); - assert (value < INT16_MAX); - - v = (uint16_t)value; - data[0] = (v >> 8) & 0xff; - data[1] = (v >> 0) & 0xff; -} - -static void -encode_msb_int (unsigned char *data, - int32_t value) -{ - uint32_t v; - - /* At this point we only support positive numbers */ - assert (value >= 0); - assert (value < INT32_MAX); - - v = (uint32_t)value; - data[0] = (v >> 24) & 0xff; - data[1] = (v >> 16) & 0xff; - data[2] = (v >> 8) & 0xff; - data[3] = (v >> 0) & 0xff; -} - -static void -encode_msb_long (unsigned char *data, - int64_t value) -{ - uint64_t v; - - /* At this point we only support positive numbers */ - assert (value >= 0); - assert (value < INT64_MAX); - - v = (uint64_t)value; - data[0] = (v >> 56) & 0xff; - data[1] = (v >> 48) & 0xff; - data[2] = (v >> 40) & 0xff; - data[3] = (v >> 32) & 0xff; - data[4] = (v >> 24) & 0xff; - data[5] = (v >> 16) & 0xff; - data[6] = (v >> 8) & 0xff; - data[7] = (v >> 0) & 0xff; -} - -static void -add_msb_int (p11_buffer *buffer, - int32_t value) -{ - unsigned char *data = p11_buffer_append (buffer, 4); - return_if_fail (data != NULL); - encode_msb_int (data, value); -} - -static void -add_msb_long (p11_buffer *buffer, - int64_t value) -{ - unsigned char *data = p11_buffer_append (buffer, 8); - return_if_fail (data != NULL); - encode_msb_long (data, value); -} - -static void -add_string (p11_buffer *buffer, - const char *string, - size_t length) -{ - unsigned char *data; - - if (length > INT16_MAX) { - p11_message ("truncating long string"); - length = INT16_MAX; - } - - data = p11_buffer_append (buffer, 2); - return_if_fail (data != NULL); - encode_msb_short (data, length); - p11_buffer_add (buffer, string, length); -} - -static void -convert_alias (const char *input, - size_t length, - p11_buffer *buf) -{ - char ch; - size_t i; - - /* - * Java requires that the aliases are 'converted'. For the basic java - * cacerts key store this is lower case. We just do this for ASCII, since - * we don't want to have to bring in unicode case rules. Since we're - * screwing around, we also take out spaces, to make these look like - * java aliases. - */ - - for (i = 0; i < length; i++) { - ch = input[i]; - if (!isspace (ch) && (ch & 0x80) == 0) { - ch = tolower (ch); - p11_buffer_add (buf, &ch, 1); - } - } -} - -static bool -add_alias (p11_buffer *buffer, - p11_dict *aliases, - CK_ATTRIBUTE *label) -{ - const char *input; - size_t input_len; - size_t length; - p11_buffer buf; - char num[32]; - char *alias; - int i; - - p11_buffer_init_null (&buf, 64); - - if (label && label->pValue) { - input = label->pValue; - input_len = label->ulValueLen; - } else { - input = "unlabeled"; - input_len = strlen (input); - } - - convert_alias (input, input_len, &buf); - - for (i = 0; i < INT32_MAX; i++) { - if (i > 0) { - snprintf (num, sizeof (num), "-%d", i); - p11_buffer_add (&buf, num, -1); - } - - return_val_if_fail (p11_buffer_ok (&buf), false); - if (!p11_dict_get (aliases, buf.data)) { - alias = p11_buffer_steal (&buf, &length); - if (!p11_dict_set (aliases, alias, alias)) - return_val_if_reached (false); - add_string (buffer, alias, length); - return true; - } - - p11_buffer_reset (&buf, 0); - } - - return false; -} - -static bool -prepare_jks_buffer (p11_enumerate *ex, - p11_buffer *buffer) -{ - const unsigned char magic[] = { 0xfe, 0xed, 0xfe, 0xed }; - const int version = 2; - size_t count_at; - unsigned char *digest; - CK_ATTRIBUTE *label; - p11_dict *aliases; - size_t length; - int64_t now; - int count; - CK_RV rv; - - enum { - private_key = 1, - trusted_cert = 2, - }; - - /* - * Documented in the java sources in the file: - * src/share/classes/sun/security/provider/JavaKeyStore.java - */ - - p11_buffer_add (buffer, magic, sizeof (magic)); - add_msb_int (buffer, version); - count_at = buffer->len; - p11_buffer_append (buffer, 4); - count = 0; - - /* - * We use the current time for each entry. Java expects the time - * when this was this certificate was added to the keystore, however - * we don't have that information. Java uses time in milliseconds - */ - now = time (NULL); - return_val_if_fail (now > 0, false); - now *= 1000; /* seconds to milliseconds */ - - /* - * The aliases in the output file need to be unique. We use a hash - * table to guarantee this. - */ - aliases = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, NULL); - return_val_if_fail (aliases != NULL, false); - - /* For every certificate */ - while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) { - count++; - - /* The type of entry */ - add_msb_int (buffer, trusted_cert); - - /* The alias */ - label = p11_attrs_find_valid (ex->attrs, CKA_LABEL); - if (!add_alias (buffer, aliases, label)) { - p11_message ("could not generate a certificate alias name"); - p11_dict_free (aliases); - return false; - } - - /* The creation date: current time */ - add_msb_long (buffer, now); - - /* The type of the certificate */ - add_string (buffer, "X.509", 5); - - /* The DER encoding of the certificate */ - add_msb_int (buffer, ex->cert_len); - p11_buffer_add (buffer, ex->cert_der, ex->cert_len); - } - - p11_dict_free (aliases); - - if (rv != CKR_OK && rv != CKR_CANCEL) { - p11_message ("failed to find certificates: %s", p11_kit_strerror (rv)); - return false; - } - - /* Place the count in the right place */ - encode_msb_int ((unsigned char *)buffer->data + count_at, count); - - /* - * Java keystore reinvents HMAC and uses it to try and "secure" the - * cacerts. We fill this in and use the default "changeit" string - * as the password for this keyed digest. - */ - length = buffer->len; - digest = p11_buffer_append (buffer, P11_DIGEST_SHA1_LEN); - return_val_if_fail (digest != NULL, false); - p11_digest_sha1 (digest, - "\000c\000h\000a\000n\000g\000e\000i\000t", (size_t)16, /* default password */ - "Mighty Aphrodite", (size_t)16, /* go figure */ - buffer->data, length, - NULL); - - return_val_if_fail (p11_buffer_ok (buffer), false); - return true; -} - -bool -p11_extract_jks_cacerts (p11_enumerate *ex, - const char *destination) -{ - p11_buffer buffer; - p11_save_file *file; - bool ret; - - p11_buffer_init (&buffer, 1024 * 10); - ret = prepare_jks_buffer (ex, &buffer); - if (ret) { - file = p11_save_open_file (destination, NULL, ex->flags); - ret = p11_save_write_and_finish (file, buffer.data, buffer.len); - } - - p11_buffer_uninit (&buffer); - return ret; -} diff --git a/trust/extract-openssl.c b/trust/extract-openssl.c deleted file mode 100644 index 3271339..0000000 --- a/trust/extract-openssl.c +++ /dev/null @@ -1,696 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "asn1.h" -#include "attrs.h" -#include "buffer.h" -#include "compat.h" -#include "debug.h" -#include "dict.h" -#include "digest.h" -#include "extract.h" -#include "message.h" -#include "oid.h" -#include "path.h" -#include "pem.h" -#include "pkcs11.h" -#include "pkcs11x.h" -#include "save.h" -#include "utf8.h" -#include "x509.h" - -#include -#include -#include -#include - -/* These functions are declared with a global scope for testing */ - -void p11_openssl_canon_string (char *str, - size_t *len); - -bool p11_openssl_canon_string_der (p11_buffer *der); - -bool p11_openssl_canon_name_der (p11_dict *asn1_defs, - p11_buffer *der); - -static p11_array * -empty_usages (void) -{ - return p11_array_new (free); -} - -static bool -known_usages (p11_array *oids) -{ - char *string; - int i; - - static const char *const strings[] = { - P11_OID_SERVER_AUTH_STR, - P11_OID_CLIENT_AUTH_STR, - P11_OID_CODE_SIGNING_STR, - P11_OID_EMAIL_PROTECTION_STR, - P11_OID_IPSEC_END_SYSTEM_STR, - P11_OID_IPSEC_TUNNEL_STR, - P11_OID_IPSEC_USER_STR, - P11_OID_TIME_STAMPING_STR, - NULL, - }; - - for (i = 0; strings[i] != NULL; i++) { - string = strdup (strings[i]); - return_val_if_fail (string != NULL, false); - if (!p11_array_push (oids, string)) - return_val_if_reached (false); - } - - return true; -} - -static bool -load_usage_ext (p11_enumerate *ex, - const unsigned char *ext_oid, - p11_array **oids) -{ - unsigned char *value; - node_asn *ext = NULL; - size_t length; - - if (ex->attached) - ext = p11_dict_get (ex->attached, ext_oid); - if (ext == NULL) { - *oids = NULL; - return true; - } - - value = p11_asn1_read (ext, "extnValue", &length); - return_val_if_fail (value != NULL, false); - - *oids = p11_x509_parse_extended_key_usage (ex->asn1_defs, value, length); - return_val_if_fail (*oids != NULL, false); - - free (value); - return true; -} - -static bool -write_usages (node_asn *asn, - const char *field, - p11_array *oids) -{ - char *last; - int ret; - int i; - - /* - * No oids? Then doing this will make the entire optional - * field go away - */ - if (oids == NULL) { - ret = asn1_write_value (asn, field, NULL, 0); - return_val_if_fail (ret == ASN1_SUCCESS, false); - - } else { - if (asprintf (&last, "%s.?LAST", field) < 0) - return_val_if_reached (false); - for (i = 0; i < oids->num; i++) { - ret = asn1_write_value (asn, field, "NEW", 1); - return_val_if_fail (ret == ASN1_SUCCESS, false); - ret = asn1_write_value (asn, last, oids->elem[i], -1); - return_val_if_fail (ret == ASN1_SUCCESS, false); - } - - free (last); - } - - return true; -} - -static bool -write_trust_and_rejects (p11_enumerate *ex, - node_asn *asn) -{ - p11_array *trusts = NULL; - p11_array *rejects = NULL; - CK_BBOOL trust; - CK_BBOOL distrust; - - if (!p11_attrs_find_bool (ex->attrs, CKA_TRUSTED, &trust)) - trust = CK_FALSE; - if (!p11_attrs_find_bool (ex->attrs, CKA_X_DISTRUSTED, &distrust)) - distrust = CK_FALSE; - - if (!load_usage_ext (ex, P11_OID_OPENSSL_REJECT, &rejects)) - return_val_if_reached (false); - - if (distrust) { - - /* - * If this is on the blacklist then, make sure we have - * an empty trusts field and add as many things to rejects - * as possible. - */ - trusts = NULL; - - if (!rejects) - rejects = empty_usages (); - if (!known_usages (rejects)) - return_val_if_reached (false); - return_val_if_fail (rejects != NULL, false); - - } else if (trust) { - - /* - * If this is an anchor, then try and guarantee that there - * are some trust anchors. - */ - - if (!load_usage_ext (ex, P11_OID_EXTENDED_KEY_USAGE, &trusts)) - return_val_if_reached (false); - - } else { - - /* - * This is not an anchor, always put an empty trusts - * section, with possible rejects, loaded above - */ - - trusts = empty_usages (); - } - - if (!write_usages (asn, "trust", trusts) || - !write_usages (asn, "reject", rejects)) - return_val_if_reached (false); - - p11_array_free (trusts); - p11_array_free (rejects); - return true; -} - -static bool -write_keyid (p11_enumerate *ex, - node_asn *asn) -{ - unsigned char *value = NULL; - node_asn *ext = NULL; - size_t length = 0; - int ret; - - if (ex->attached) - ext = p11_dict_get (ex->attached, P11_OID_SUBJECT_KEY_IDENTIFIER); - if (ext != NULL) { - value = p11_asn1_read (ext, "extnValue", &length); - return_val_if_fail (value != NULL, false); - } - - ret = asn1_write_value (asn, "keyid", value, length); - return_val_if_fail (ret == ASN1_SUCCESS, false); - free (value); - - return true; -} - -static bool -write_alias (p11_enumerate *ex, - node_asn *asn) -{ - CK_ATTRIBUTE *label; - int ret; - - label = p11_attrs_find_valid (ex->attrs, CKA_LABEL); - if (label == NULL) { - ret = asn1_write_value (asn, "alias", NULL, 0); - return_val_if_fail (ret == ASN1_SUCCESS, false); - } else { - ret = asn1_write_value (asn, "alias", label->pValue, label->ulValueLen); - return_val_if_fail (ret == ASN1_SUCCESS, false); - } - - return true; -} - -static bool -write_other (p11_enumerate *ex, - node_asn *asn) -{ - int ret; - - ret = asn1_write_value (asn, "other", NULL, 0); - return_val_if_fail (ret == ASN1_SUCCESS, false); - - return true; -} - -static bool -prepare_pem_contents (p11_enumerate *ex, - p11_buffer *buffer) -{ - char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; - unsigned char *der; - node_asn *asn; - size_t offset; - int ret; - int len; - - p11_buffer_add (buffer, ex->cert_der, ex->cert_len); - - asn = p11_asn1_create (ex->asn1_defs, "OPENSSL.CertAux"); - return_val_if_fail (asn != NULL, false); - - if (!write_trust_and_rejects (ex, asn) || - !write_alias (ex, asn) || - !write_keyid (ex, asn) || - !write_other (ex, asn)) - return_val_if_reached (false); - - len = 0; - offset = buffer->len; - - ret = asn1_der_coding (asn, "", NULL, &len, message); - return_val_if_fail (ret == ASN1_MEM_ERROR, false); - - der = p11_buffer_append (buffer, len); - return_val_if_fail (der != NULL, false); - - ret = asn1_der_coding (asn, "", der, &len, message); - return_val_if_fail (ret == ASN1_SUCCESS, false); - - buffer->len = offset + len; - asn1_delete_structure (&asn); - return true; -} - -bool -p11_extract_openssl_bundle (p11_enumerate *ex, - const char *destination) -{ - p11_save_file *file; - p11_buffer output; - p11_buffer buf; - char *comment; - bool ret = true; - bool first; - CK_RV rv; - - file = p11_save_open_file (destination, NULL, ex->flags); - if (!file) - return false; - - first = true; - p11_buffer_init (&output, 0); - while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) { - p11_buffer_init (&buf, 1024); - if (!p11_buffer_reset (&output, 2048)) - return_val_if_reached (false); - - if (prepare_pem_contents (ex, &buf)) { - if (!p11_pem_write (buf.data, buf.len, "TRUSTED CERTIFICATE", &output)) - return_val_if_reached (false); - - comment = p11_enumerate_comment (ex, first); - first = false; - - ret = p11_save_write (file, comment, -1) && - p11_save_write (file, output.data, output.len); - - free (comment); - } - - p11_buffer_uninit (&buf); - - if (!ret) - break; - } - - p11_buffer_uninit (&output); - - if (rv != CKR_OK && rv != CKR_CANCEL) { - p11_message ("failed to find certificates: %s", p11_kit_strerror (rv)); - ret = false; - } - - /* - * This will produce an empty file (which is a valid PEM bundle) if no - * certificates were found. - */ - - if (!p11_save_finish_file (file, NULL, ret)) - ret = false; - return ret; -} - -void -p11_openssl_canon_string (char *str, - size_t *len) -{ - bool nsp; - bool sp; - char *in; - char *out; - char *end; - - /* - * Now that the string is UTF-8 here we convert the string to the - * OpenSSL canonical form. This is a bit odd and openssl specific. - * Basically they ignore any char over 127, do ascii tolower() stuff - * and collapse spaces based on isspace(). - */ - - for (in = out = str, end = out + *len, sp = false, nsp = false; in < end; in++) { - if (*in & 0x80 || !isspace (*in)) { - /* If there has been a space, then add one */ - if (sp) - *out++ = ' '; - *out++ = (*in & 0x80) ? *in : tolower (*in); - sp = false; - nsp = true; - /* If there has been a non-space, then note we should get one */ - } else if (nsp) { - nsp = false; - sp = true; - } - } - - if (out < end) - out[0] = 0; - *len = out - str; -} - -bool -p11_openssl_canon_string_der (p11_buffer *der) -{ - char *string; - size_t length; - int output_len; - int len_len; - bool unknown_string; - unsigned char *output; - int len; - - string = p11_x509_parse_directory_string (der->data, der->len, &unknown_string, &length); - - /* Just pass through all the non-string types */ - if (string == NULL) - return unknown_string; - - p11_openssl_canon_string (string, &length); - - asn1_length_der (length, NULL, &len_len); - output_len = 1 + len_len + length; - - if (!p11_buffer_reset (der, output_len)) - return_val_if_reached (false); - - output = der->data; - der->len = output_len; - - output[0] = 12; /* UTF8String */ - len = output_len - 1; - asn1_octet_der ((unsigned char *)string, length, output + 1, &len); - assert (len == output_len - 1); - - free (string); - return true; -} - -bool -p11_openssl_canon_name_der (p11_dict *asn1_defs, - p11_buffer *der) -{ - p11_buffer value; - char outer[64]; - char field[64]; - node_asn *name; - void *at; - int value_len; - bool failed; - size_t offset; - int ret; - int num; - int len; - int i, j; - - name = p11_asn1_decode (asn1_defs, "PKIX1.Name", der->data, der->len, NULL); - return_val_if_fail (name != NULL, false); - - ret = asn1_number_of_elements (name, "rdnSequence", &num); - return_val_if_fail (ret == ASN1_SUCCESS, false); - - p11_buffer_init (&value, 0); - p11_buffer_reset (der, 0); - - for (i = 1, failed = false; !failed && i < num + 1; i++) { - snprintf (outer, sizeof (outer), "rdnSequence.?%d", i); - for (j = 1; !failed; j++) { - snprintf (field, sizeof (field), "%s.?%d.value", outer, j); - - value_len = 0; - ret = asn1_read_value (name, field, NULL, &value_len); - if (ret == ASN1_ELEMENT_NOT_FOUND) - break; - - return_val_if_fail (ret == ASN1_MEM_ERROR, false); - - if (!p11_buffer_reset (&value, value_len)) - return_val_if_reached (false); - - ret = asn1_read_value (name, field, value.data, &value_len); - return_val_if_fail (ret == ASN1_SUCCESS, false); - value.len = value_len; - - if (p11_openssl_canon_string_der (&value)) { - ret = asn1_write_value (name, field, value.data, value.len); - return_val_if_fail (ret == ASN1_SUCCESS, false); - } else { - failed = true; - } - } - - /* - * Yes the OpenSSL canon strangeness, is a concatenation - * of all the RelativeDistinguishedName DER encodings, without - * an outside wrapper. - */ - if (!failed) { - len = -1; - ret = asn1_der_coding (name, outer, NULL, &len, NULL); - return_val_if_fail (ret == ASN1_MEM_ERROR, false); - - offset = der->len; - at = p11_buffer_append (der, len); - return_val_if_fail (at != NULL, false); - - ret = asn1_der_coding (name, outer, at, &len, NULL); - return_val_if_fail (ret == ASN1_SUCCESS, false); - der->len = offset + len; - } - } - - asn1_delete_structure (&name); - p11_buffer_uninit (&value); - return !failed; -} - -#ifdef OS_UNIX - -static char * -symlink_for_subject_hash (p11_enumerate *ex) -{ - unsigned char md[P11_DIGEST_SHA1_LEN]; - p11_buffer der; - CK_ATTRIBUTE *subject; - unsigned long hash; - char *linkname = NULL; - - subject = p11_attrs_find_valid (ex->attrs, CKA_SUBJECT); - if (!subject || !subject->pValue || !subject->ulValueLen) - return NULL; - - p11_buffer_init_full (&der, memdup (subject->pValue, subject->ulValueLen), - subject->ulValueLen, 0, realloc, free); - return_val_if_fail (der.data != NULL, NULL); - - if (p11_openssl_canon_name_der (ex->asn1_defs, &der)) { - p11_digest_sha1 (md, der.data, der.len, NULL); - - hash = ( - ((unsigned long)md[0] ) | ((unsigned long)md[1] << 8L) | - ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) - ) & 0xffffffffL; - - if (asprintf (&linkname, "%08lx", hash) < 0) - return_val_if_reached (NULL); - } - - p11_buffer_uninit (&der); - return linkname; -} - -static char * -symlink_for_subject_old_hash (p11_enumerate *ex) -{ - unsigned char md[P11_DIGEST_MD5_LEN]; - CK_ATTRIBUTE *subject; - unsigned long hash; - char *linkname; - - subject = p11_attrs_find_valid (ex->attrs, CKA_SUBJECT); - if (!subject) - return NULL; - - p11_digest_md5 (md, subject->pValue, (size_t)subject->ulValueLen, NULL); - - hash = ( - ((unsigned long)md[0] ) | ((unsigned long)md[1] << 8L) | - ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) - ) & 0xffffffffL; - - if (asprintf (&linkname, "%08lx", hash) < 0) - return_val_if_reached (NULL); - - return linkname; -} - -#endif /* OS_UNIX */ - -/* - * The OpenSSL style c_rehash stuff - * - * Different versions of openssl build these hashes differently - * so output both of them. Shouldn't cause confusion, because - * multiple certificates can hash to the same link anyway, - * and this is the reason for the trailing number after the dot. - * - * The trailing number is incremented p11_save_symlink_in() if it - * conflicts with something we've already written out. - * - * On Windows no symlinks. - */ -bool -p11_openssl_symlink (p11_enumerate *ex, - p11_save_dir *dir, - const char *filename) -{ - bool ret = true; -#ifdef OS_UNIX - char *linkname; - - linkname = symlink_for_subject_hash (ex); - if (linkname) { - ret = p11_save_symlink_in (dir, linkname, ".0", filename); - free (linkname); - } - - if (ret) { - linkname = symlink_for_subject_old_hash (ex); - if (linkname) { - ret = p11_save_symlink_in (dir, linkname, ".0", filename); - free (linkname); - } - } -#endif /* OS_UNIX */ - return ret; -} - -bool -p11_extract_openssl_directory (p11_enumerate *ex, - const char *destination) -{ - char *filename; - p11_save_file *file; - p11_save_dir *dir; - p11_buffer output; - p11_buffer buf; - bool ret = true; - char *path; - char *name; - CK_RV rv; - - dir = p11_save_open_directory (destination, ex->flags); - if (dir == NULL) - return false; - - p11_buffer_init (&buf, 0); - p11_buffer_init (&output, 0); - - while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) { - if (!p11_buffer_reset (&buf, 1024)) - return_val_if_reached (false); - if (!p11_buffer_reset (&output, 2048)) - return_val_if_reached (false); - - if (prepare_pem_contents (ex, &buf)) { - if (!p11_pem_write (buf.data, buf.len, "TRUSTED CERTIFICATE", &output)) - return_val_if_reached (false); - - name = p11_enumerate_filename (ex); - return_val_if_fail (name != NULL, false); - - filename = NULL; - path = NULL; - ret = false; - - file = p11_save_open_file_in (dir, name, ".pem"); - if (file != NULL) { - ret = p11_save_write (file, output.data, output.len); - if (!p11_save_finish_file (file, &path, ret)) - ret = false; - if (ret) - filename = p11_path_base (path); - } - ret = p11_openssl_symlink(ex, dir, filename); - - free (filename); - free (path); - free (name); - } - - if (!ret) - break; - } - - p11_buffer_uninit (&buf); - p11_buffer_uninit (&output); - - if (rv != CKR_OK && rv != CKR_CANCEL) { - p11_message ("failed to find certificates: %s", p11_kit_strerror (rv)); - ret = false; - } - - p11_save_finish_directory (dir, ret); - return ret; -} diff --git a/trust/extract-pem.c b/trust/extract-pem.c deleted file mode 100644 index a32d032..0000000 --- a/trust/extract-pem.c +++ /dev/null @@ -1,178 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#define P11_DEBUG_FLAG P11_DEBUG_TOOL - -#include "compat.h" -#include "debug.h" -#include "extract.h" -#include "message.h" -#include "path.h" -#include "pem.h" -#include "save.h" - -#include - -bool -p11_extract_pem_bundle (p11_enumerate *ex, - const char *destination) -{ - char *comment; - p11_buffer buf; - p11_save_file *file; - bool ret = true; - bool first = true; - CK_RV rv; - - file = p11_save_open_file (destination, NULL, ex->flags); - if (!file) - return false; - - p11_buffer_init (&buf, 0); - while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) { - if (!p11_buffer_reset (&buf, 2048)) - return_val_if_reached (false); - - if (!p11_pem_write (ex->cert_der, ex->cert_len, "CERTIFICATE", &buf)) - return_val_if_reached (false); - - comment = p11_enumerate_comment (ex, first); - first = false; - - ret = p11_save_write (file, comment, -1) && - p11_save_write (file, buf.data, buf.len); - - free (comment); - - if (!ret) - break; - } - - p11_buffer_uninit (&buf); - - if (rv != CKR_OK && rv != CKR_CANCEL) { - p11_message ("failed to find certificates: %s", p11_kit_strerror (rv)); - ret = false; - } - - /* - * This will produce an empty file (which is a valid PEM bundle) if no - * certificates were found. - */ - - if (!p11_save_finish_file (file, NULL, ret)) - ret = false; - - return ret; -} - -static bool -extract_pem_directory (p11_enumerate *ex, - const char *destination, - bool hash) -{ - p11_save_file *file; - p11_save_dir *dir; - p11_buffer buf; - bool ret = true; - char *filename; - char *path; - char *name; - CK_RV rv; - - dir = p11_save_open_directory (destination, ex->flags); - if (dir == NULL) - return false; - - p11_buffer_init (&buf, 0); - while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) { - if (!p11_buffer_reset (&buf, 2048)) - return_val_if_reached (false); - - if (!p11_pem_write (ex->cert_der, ex->cert_len, "CERTIFICATE", &buf)) - return_val_if_reached (false); - - name = p11_enumerate_filename (ex); - return_val_if_fail (name != NULL, false); - - path = NULL; - - file = p11_save_open_file_in (dir, name, ".pem"); - ret = p11_save_write (file, buf.data, buf.len); - - if (!p11_save_finish_file (file, &path, ret)) - ret = false; - - if (ret && hash) { - filename = p11_path_base (path); - ret = p11_openssl_symlink(ex, dir, filename); - free (filename); - } - - free (path); - free (name); - if (!ret) - break; - } - - p11_buffer_uninit (&buf); - - if (rv != CKR_OK && rv != CKR_CANCEL) { - p11_message ("failed to find certificates: %s", p11_kit_strerror (rv)); - ret = false; - } - - p11_save_finish_directory (dir, ret); - return ret; -} - -bool -p11_extract_pem_directory (p11_enumerate *ex, - const char *destination) -{ - bool ret = true; - ret = extract_pem_directory (ex, destination, false); - return ret; -} - -bool -p11_extract_pem_directory_hash (p11_enumerate *ex, - const char *destination) -{ - bool ret = true; - ret = extract_pem_directory (ex, destination, true); - return ret; -} diff --git a/trust/extract.c b/trust/extract.c deleted file mode 100644 index 80b5e72..0000000 --- a/trust/extract.c +++ /dev/null @@ -1,322 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "attrs.h" -#include "compat.h" -#include "debug.h" -#include "extract.h" -#include "message.h" -#include "oid.h" -#include "path.h" -#include "pkcs11x.h" -#include "save.h" -#include "tool.h" -#include "digest.h" - -#include "p11-kit/iter.h" -#include "p11-kit/pkcs11.h" - -#include -#include -#include -#include -#include -#include -#include -#include - -static bool -format_argument (const char *optarg, - p11_extract_func *func) -{ - int i; - - /* - * Certain formats do not support expressive trust information. - * So the caller should limit the supported purposes when asking - * for trust information. - */ - - static const struct { - const char *format; - p11_extract_func func; - } formats[] = { - { "x509-file", p11_extract_x509_file, }, - { "x509-directory", p11_extract_x509_directory, }, - { "pem-bundle", p11_extract_pem_bundle, }, - { "pem-directory", p11_extract_pem_directory }, - { "pem-directory-hash", p11_extract_pem_directory_hash }, - { "java-cacerts", p11_extract_jks_cacerts }, - { "openssl-bundle", p11_extract_openssl_bundle }, - { "openssl-directory", p11_extract_openssl_directory }, - { NULL }, - }; - - if (*func != NULL) { - p11_message ("a format was already specified"); - return false; - } - - for (i = 0; formats[i].format != NULL; i++) { - if (strcmp (optarg, formats[i].format) == 0) { - *func = formats[i].func; - break; - } - } - - if (*func == NULL) { - p11_message ("unsupported or unrecognized format: %s", optarg); - return false; - } - - return true; -} - -static bool -validate_filter_and_format (p11_enumerate *ex, - p11_extract_func func) -{ - int i; - - /* - * These are the extract functions that contain purpose information. - * If we're being asked to export anchors, and the extract function does - * not support, and the caller has not specified a purpose, then add a - * default purpose to limit to. - */ - - static p11_extract_func supports_trust_policy[] = { - p11_extract_openssl_bundle, - p11_extract_openssl_directory, - NULL - }; - - for (i = 0; supports_trust_policy[i] != NULL; i++) { - if (func == supports_trust_policy[i]) - return true; - } - - if ((ex->flags & P11_ENUMERATE_ANCHORS) && - (ex->flags & P11_ENUMERATE_BLACKLIST)) { - /* - * If we're extracting *both* anchors and blacklist, then we must have - * a format that can represent the different types of information. - */ - - p11_message ("format does not support trust policy"); - return false; - - } else if (ex->flags & P11_ENUMERATE_ANCHORS) { - - /* - * If we're extracting anchors, then we must have either limited the - * purposes, or have a format that can represent multiple purposes. - */ - - if (!ex->limit_to_purposes) { - p11_message ("format does not support multiple purposes, defaulting to 'server-auth'"); - p11_enumerate_opt_purpose (ex, "server-auth"); - } - } - - return true; -} - -int -p11_trust_extract (int argc, - char **argv) -{ - p11_extract_func format = NULL; - p11_enumerate ex; - int opt = 0; - int ret; - - enum { - opt_overwrite = 'f', - opt_verbose = 'v', - opt_quiet = 'q', - opt_help = 'h', - opt_filter = 1000, - opt_purpose, - opt_format, - opt_comment, - }; - - struct option options[] = { - { "filter", required_argument, NULL, opt_filter }, - { "format", required_argument, NULL, opt_format }, - { "purpose", required_argument, NULL, opt_purpose }, - { "overwrite", no_argument, NULL, opt_overwrite }, - { "comment", no_argument, NULL, opt_comment }, - { "verbose", no_argument, NULL, opt_verbose }, - { "quiet", no_argument, NULL, opt_quiet }, - { "help", no_argument, NULL, opt_help }, - { 0 }, - }; - - p11_tool_desc usages[] = { - { 0, "usage: trust extract --format= " }, - { opt_filter, - "filter of what to export\n" - " ca-anchors certificate anchors (default)\n" - " blacklist blacklisted certificates\n" - " trust-policy anchors and blacklist\n" - " certificates all certificates\n" - " pkcs11:object=xx a PKCS#11 URI", - "what", - }, - { opt_format, - "format to extract to\n" - " x509-file DER X.509 certificate file\n" - " x509-directory directory of X.509 certificates\n" - " pem-bundle file containing multiple PEM blocks\n" - " pem-directory directory of PEM files\n" - " pem-directory-hash directory of PEM files with hash links\n" - " openssl-bundle OpenSSL specific PEM bundle\n" - " openssl-directory directory of OpenSSL specific files\n" - " java-cacerts java keystore cacerts file", - "type" - }, - { opt_purpose, - "limit to certificates usable for the purpose\n" - " server-auth for authenticating servers\n" - " client-auth for authenticating clients\n" - " email for email protection\n" - " code-signing for authenticating signed code\n" - " 1.2.3.4.5... an arbitrary object id", - "usage" - }, - { opt_overwrite, "overwrite output file or directory" }, - { opt_comment, "add comments to bundles if possible" }, - { opt_verbose, "show verbose debug output", }, - { opt_quiet, "suppress command output", }, - { 0 }, - }; - - p11_enumerate_init (&ex); - - while ((opt = p11_tool_getopt (argc, argv, options)) != -1) { - switch (opt) { - case opt_verbose: - case opt_quiet: - break; - - case opt_overwrite: - ex.flags |= P11_SAVE_OVERWRITE; - break; - case opt_comment: - ex.flags |= P11_EXTRACT_COMMENT; - break; - case opt_filter: - if (!p11_enumerate_opt_filter (&ex, optarg)) - exit (2); - break; - case opt_purpose: - if (!p11_enumerate_opt_purpose (&ex, optarg)) - exit (2); - break; - case opt_format: - if (!format_argument (optarg, &format)) - exit (2); - break; - case 'h': - p11_tool_usage (usages, options); - exit (0); - case '?': - exit (2); - default: - assert_not_reached (); - break; - } - } - - argc -= optind; - argv += optind; - - if (argc != 1) { - p11_message ("specify one destination file or directory"); - exit (2); - } - - if (!format) { - p11_message ("no output format specified"); - exit (2); - } - - if (!validate_filter_and_format (&ex, format)) - exit (1); - - if (!p11_enumerate_ready (&ex, "ca-anchors")) - exit (1); - - ret = (format) (&ex, argv[0]) ? 0 : 1; - - p11_enumerate_cleanup (&ex); - return ret; -} - -int -p11_trust_extract_compat (int argc, - char *argv[]) -{ - char *path = NULL; - int error; - - argv[argc] = NULL; - - /* - * For compatibility with people who deployed p11-kit 0.18.x - * before trust stuff was put into its own branch. - */ - path = p11_path_build (PRIVATEDIR, "p11-kit-extract-trust", NULL); - return_val_if_fail (path != NULL, 1); - execv (path, argv); - error = errno; - - if (error == ENOENT) { - free (path); - path = p11_path_build (PRIVATEDIR, "trust-extract-compat", NULL); - return_val_if_fail (path != NULL, 1); - execv (path, argv); - error = errno; - } - - /* At this point we have no command */ - p11_message_err (error, "could not run %s command", path); - - free (path); - return 2; -} diff --git a/trust/extract.h b/trust/extract.h deleted file mode 100644 index 2664ba0..0000000 --- a/trust/extract.h +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#ifndef P11_EXTRACT_H_ -#define P11_EXTRACT_H_ - -#include "enumerate.h" -#include "pkcs11.h" -#include "save.h" - -enum { - /* These overlap with the flags in save.h, so start higher */ - P11_EXTRACT_COMMENT = 1 << 10, -}; - -typedef bool (* p11_extract_func) (p11_enumerate *ex, - const char *destination); - -bool p11_extract_x509_file (p11_enumerate *ex, - const char *destination); - -bool p11_extract_x509_directory (p11_enumerate *ex, - const char *destination); - -bool p11_extract_pem_bundle (p11_enumerate *ex, - const char *destination); - -bool p11_extract_pem_directory (p11_enumerate *ex, - const char *destination); - -bool p11_extract_pem_directory_hash (p11_enumerate *ex, - const char *destination); - -bool p11_extract_jks_cacerts (p11_enumerate *ex, - const char *destination); - -bool p11_extract_openssl_bundle (p11_enumerate *ex, - const char *destination); - -bool p11_extract_openssl_directory (p11_enumerate *ex, - const char *destination); - -int p11_trust_extract (int argc, - char **argv); - -int p11_trust_extract_compat (int argc, - char *argv[]); - -/* from extract-openssl.c but also used in extract-pem.c */ -bool p11_openssl_symlink (p11_enumerate *ex, - p11_save_dir *dir, - const char *filename); -#endif /* P11_EXTRACT_H_ */ diff --git a/trust/fixtures/cacert-ca.der b/trust/fixtures/cacert-ca.der deleted file mode 100644 index 719b0ff..0000000 Binary files a/trust/fixtures/cacert-ca.der and /dev/null differ diff --git a/trust/fixtures/cacert3-distrust-all.pem b/trust/fixtures/cacert3-distrust-all.pem deleted file mode 100644 index ce5d887..0000000 --- a/trust/fixtures/cacert3-distrust-all.pem +++ /dev/null @@ -1,44 +0,0 @@ ------BEGIN TRUSTED CERTIFICATE----- -MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv -b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ -Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y -dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU -MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 -Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a -iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 -aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C -jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia -pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 -FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt -XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL -oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 -R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp -rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ -LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA -BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow -gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV -BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG -A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS -c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH -AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr -BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB -MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y -Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj -ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 -b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D -QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc -7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH -Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 -D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 -VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a -lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW -Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt -hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz -0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn -ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT -d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 -4GGSt/M3mMS+lqO3ijBSoFAGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMG -CCsGAQUFBwMEBggrBgEFBQcDBQYIKwYBBQUHAwYGCCsGAQUFBwMHBggrBgEFBQcD -CA== ------END TRUSTED CERTIFICATE----- diff --git a/trust/fixtures/cacert3-distrusted-all.pem b/trust/fixtures/cacert3-distrusted-all.pem deleted file mode 100644 index 4a04a39..0000000 --- a/trust/fixtures/cacert3-distrusted-all.pem +++ /dev/null @@ -1,43 +0,0 @@ ------BEGIN TRUSTED CERTIFICATE----- -MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv -b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ -Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y -dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU -MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 -Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a -iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 -aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C -jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia -pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 -FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt -XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL -oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 -R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp -rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ -LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA -BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow -gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV -BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG -A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS -c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH -AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr -BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB -MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y -Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj -ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 -b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D -QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc -7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH -Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 -D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 -VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a -lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW -Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt -hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz -0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn -ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT -d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 -4GGSt/M3mMS+lqO3ijBIoEYGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMG -CCsGAQUFBwMFBggrBgEFBQcDBgYIKwYBBQUHAwcGCCsGAQUFBwMI ------END TRUSTED CERTIFICATE----- diff --git a/trust/fixtures/cacert3-not-trusted.pem b/trust/fixtures/cacert3-not-trusted.pem deleted file mode 100644 index eaa2e54..0000000 --- a/trust/fixtures/cacert3-not-trusted.pem +++ /dev/null @@ -1,42 +0,0 @@ ------BEGIN TRUSTED CERTIFICATE----- -MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv -b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ -Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y -dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU -MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 -Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a -iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 -aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C -jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia -pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 -FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt -XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL -oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 -R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp -rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ -LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA -BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow -gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV -BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG -A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS -c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH -AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr -BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB -MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y -Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj -ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 -b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D -QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc -7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH -Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 -D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 -VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a -lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW -Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt -hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz -0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn -ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT -d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 -4GGSt/M3mMS+lqO3ijACMAA= ------END TRUSTED CERTIFICATE----- diff --git a/trust/fixtures/cacert3-trusted-alias.pem b/trust/fixtures/cacert3-trusted-alias.pem deleted file mode 100644 index 44601ea..0000000 --- a/trust/fixtures/cacert3-trusted-alias.pem +++ /dev/null @@ -1,42 +0,0 @@ ------BEGIN TRUSTED CERTIFICATE----- -MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv -b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ -Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y -dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU -MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 -Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a -iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 -aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C -jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia -pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 -FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt -XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL -oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 -R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp -rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ -LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA -BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow -gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV -BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG -A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS -c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH -AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr -BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB -MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y -Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj -ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 -b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D -QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc -7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH -Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 -D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 -VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a -lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW -Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt -hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz -0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn -ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT -d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 -4GGSt/M3mMS+lqO3ijAODAxDdXN0b20gTGFiZWw= ------END TRUSTED CERTIFICATE----- diff --git a/trust/fixtures/cacert3-trusted-keyid.pem b/trust/fixtures/cacert3-trusted-keyid.pem deleted file mode 100644 index e652733..0000000 --- a/trust/fixtures/cacert3-trusted-keyid.pem +++ /dev/null @@ -1,42 +0,0 @@ ------BEGIN TRUSTED CERTIFICATE----- -MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv -b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ -Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y -dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU -MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 -Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a -iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 -aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C -jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia -pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 -FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt -XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL -oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 -R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp -rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ -LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA -BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow -gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV -BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG -A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS -c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH -AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr -BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB -MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y -Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj -ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 -b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D -QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc -7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH -Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 -D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 -VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a -lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW -Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt -hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz -0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn -ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT -d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 -4GGSt/M3mMS+lqO3ijAJBAcAAQIDBAUG ------END TRUSTED CERTIFICATE----- diff --git a/trust/fixtures/cacert3-trusted-server-alias.pem b/trust/fixtures/cacert3-trusted-server-alias.pem deleted file mode 100644 index 55593ec..0000000 --- a/trust/fixtures/cacert3-trusted-server-alias.pem +++ /dev/null @@ -1,43 +0,0 @@ ------BEGIN TRUSTED CERTIFICATE----- -MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv -b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ -Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y -dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU -MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 -Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a -iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 -aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C -jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia -pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 -FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt -XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL -oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 -R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp -rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ -LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA -BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow -gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV -BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG -A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS -c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH -AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr -BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB -MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y -Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj -ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 -b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D -QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc -7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH -Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 -D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 -VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a -lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW -Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt -hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz -0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn -ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT -d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 -4GGSt/M3mMS+lqO3ijAmMAoGCCsGAQUFBwMBoAoGCCsGAQUFBwMEDAxDdXN0b20g -TGFiZWw= ------END TRUSTED CERTIFICATE----- diff --git a/trust/fixtures/cacert3-trusted.pem b/trust/fixtures/cacert3-trusted.pem deleted file mode 100644 index 55593ec..0000000 --- a/trust/fixtures/cacert3-trusted.pem +++ /dev/null @@ -1,43 +0,0 @@ ------BEGIN TRUSTED CERTIFICATE----- -MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv -b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ -Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y -dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU -MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 -Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a -iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 -aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C -jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia -pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 -FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt -XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL -oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 -R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp -rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ -LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA -BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow -gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV -BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG -A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS -c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH -AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr -BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB -MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y -Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj -ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 -b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D -QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc -7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH -Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 -D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 -VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a -lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW -Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt -hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz -0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn -ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT -d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 -4GGSt/M3mMS+lqO3ijAmMAoGCCsGAQUFBwMBoAoGCCsGAQUFBwMEDAxDdXN0b20g -TGFiZWw= ------END TRUSTED CERTIFICATE----- diff --git a/trust/fixtures/cacert3-twice.pem b/trust/fixtures/cacert3-twice.pem deleted file mode 100644 index c73202d..0000000 --- a/trust/fixtures/cacert3-twice.pem +++ /dev/null @@ -1,84 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv -b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ -Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y -dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU -MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 -Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a -iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 -aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C -jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia -pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 -FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt -XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL -oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 -R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp -rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ -LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA -BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow -gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV -BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG -A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS -c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH -AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr -BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB -MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y -Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj -ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 -b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D -QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc -7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH -Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 -D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 -VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a -lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW -Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt -hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz -0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn -ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT -d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 -4GGSt/M3mMS+lqO3ig== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv -b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ -Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y -dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU -MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 -Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a -iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 -aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C -jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia -pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 -FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt -XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL -oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 -R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp -rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ -LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA -BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow -gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV -BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG -A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS -c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH -AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr -BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB -MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y -Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj -ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 -b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D -QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc -7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH -Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 -D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 -VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a -lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW -Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt -hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz -0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn -ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT -d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 -4GGSt/M3mMS+lqO3ig== ------END CERTIFICATE----- diff --git a/trust/fixtures/cacert3.der b/trust/fixtures/cacert3.der deleted file mode 100644 index 56f8c88..0000000 Binary files a/trust/fixtures/cacert3.der and /dev/null differ diff --git a/trust/fixtures/cacert3.pem b/trust/fixtures/cacert3.pem deleted file mode 100644 index 087ca0e..0000000 --- a/trust/fixtures/cacert3.pem +++ /dev/null @@ -1,42 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv -b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ -Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y -dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU -MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 -Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a -iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 -aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C -jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia -pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 -FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt -XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL -oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 -R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp -rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ -LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA -BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow -gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV -BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG -A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS -c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH -AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr -BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB -MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y -Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj -ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 -b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D -QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc -7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH -Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 -D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 -VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a -lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW -Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt -hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz -0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn -ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT -d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 -4GGSt/M3mMS+lqO3ig== ------END CERTIFICATE----- diff --git a/trust/fixtures/distrusted.pem b/trust/fixtures/distrusted.pem deleted file mode 100644 index 8de6ff0..0000000 --- a/trust/fixtures/distrusted.pem +++ /dev/null @@ -1,23 +0,0 @@ ------BEGIN TRUSTED CERTIFICATE----- -MIIDsDCCAxmgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMCVVMx -FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYD -VQQKEw1SZWQgSGF0LCBJbmMuMQswCQYDVQQLEwJJUzEWMBQGA1UEAxMNUmVkIEhh -dCBJUyBDQTEmMCQGCSqGSIb3DQEJARYXc3lzYWRtaW4tcmR1QHJlZGhhdC5jb20w -HhcNMDkwOTE2MTg0NTI1WhcNMTkwOTE0MTg0NTI1WjCBnTELMAkGA1UEBhMCVVMx -FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYD -VQQKEw1SZWQgSGF0LCBJbmMuMQswCQYDVQQLEwJJUzEWMBQGA1UEAxMNUmVkIEhh -dCBJUyBDQTEmMCQGCSqGSIb3DQEJARYXc3lzYWRtaW4tcmR1QHJlZGhhdC5jb20w -gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN/HDWGiL8BarUWDIjNC6uxCXqYN -QkwcmhILX+cl+YuDDArFL1pYVrith228gF3dSUU5X7kIOmPkkjNheRkbnas61X+n -i3+KWvbX3q+h5VMxKX2cA1U+R3jLuXqYjF+N2gkPyPvxeoDuEncKAItw+mK/r+4L -WBb5nFzek7hP3017AgMBAAGjgf0wgfowHQYDVR0OBBYEFA2sGXDtBKdeeKv+i6g0 -6yEmwVY1MIHKBgNVHSMEgcIwgb+AFA2sGXDtBKdeeKv+i6g06yEmwVY1oYGjpIGg -MIGdMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExEDAOBgNV -BAcTB1JhbGVpZ2gxFjAUBgNVBAoTDVJlZCBIYXQsIEluYy4xCzAJBgNVBAsTAklT -MRYwFAYDVQQDEw1SZWQgSGF0IElTIENBMSYwJAYJKoZIhvcNAQkBFhdzeXNhZG1p -bi1yZHVAcmVkaGF0LmNvbYIBATAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA -A4GBAFBgO5y3JcPXH/goumNBW7rr8m9EFZmQyK5gT1Ljv5qaCSZwxkAomhriv04p -mb1y8yjrK5OY3WwgaRaAWRHp4/hn2HWaRvx3S+gwLM7p8V1pWnbSFJOXF3kbuC41 -voMIMqAFfHKidKN/yrjJg/1ahIjSt11lMUvRJ4TNT+pk5VnBMB+gCgYIKwYBBQUH -AwIMEVJlZCBIYXQgSXMgdGhlIENB ------END TRUSTED CERTIFICATE----- diff --git a/trust/fixtures/empty-file b/trust/fixtures/empty-file deleted file mode 100644 index e69de29..0000000 diff --git a/trust/fixtures/multiple.pem b/trust/fixtures/multiple.pem deleted file mode 100644 index d3e1775..0000000 --- a/trust/fixtures/multiple.pem +++ /dev/null @@ -1,58 +0,0 @@ ------BEGIN TRUSTED CERTIFICATE----- -MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv -b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ -Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y -dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU -MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 -Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a -iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 -aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C -jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia -pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 -FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt -XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL -oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 -R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp -rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ -LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA -BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow -gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV -BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG -A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS -c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH -AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr -BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB -MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y -Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj -ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 -b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D -QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc -7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH -Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 -D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 -VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a -lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW -Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt -hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz -0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn -ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT -d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 -4GGSt/M3mMS+lqO3ijAmMAoGCCsGAQUFBwMBoAoGCCsGAQUFBwMEDAxDdXN0b20g -TGFiZWw= ------END TRUSTED CERTIFICATE----- ------BEGIN TRUSTED CERTIFICATE----- -MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG -A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz -cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2 -MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV -BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt -YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN -ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f -zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi -TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G -CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW -NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV -Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb -MA4MDEN1c3RvbSBMYWJlbA== ------END TRUSTED CERTIFICATE----- diff --git a/trust/fixtures/openssl-trust-no-trust.pem b/trust/fixtures/openssl-trust-no-trust.pem deleted file mode 100644 index 07e3917..0000000 --- a/trust/fixtures/openssl-trust-no-trust.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN TRUSTED CERTIFICATE----- -MIIEmTCCA4GgAwIBAgIQXSBhjowOuTRAk7mx2GOVtjANBgkqhkiG9w0BAQUFADBv -MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk -ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF -eHRlcm5hbCBDQSBSb290MB4XDTE0MDgwNTAwMDAwMFoXDTE1MTEwMTIzNTk1OVow -fzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug -Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSowKAYDVQQDEyFV -U0VSVHJ1c3QgTGVnYWN5IFNlY3VyZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQDZTSA65ikwhvLphol2NE5oH5ZE99H51oJOpjie7stb -4Y4uvfJXgP3JP/yQc0S8j7tXW+UtHxQwdTb1f7zPVvR/gf+ukc3Y0mrLl/n3zZBq -RS3Eu6SFE2hXX+8puirK6vXMpASbY80A6/3tjd0jxnseVx02fx8Img1h21pscQJT -KML6jf2ru7PxjXRL3729zAaTYwmVwhB6nSWQMp0BwjlTsOAVa8fXdOWkIpvklP+E -kfstsxlDLZMPnBIJ5Ge5J3oyrXoqzEFYwG5ZX+44KxcinIn6buflVzX0Wu2SlZMt -+cwkP6UcPSe9IgNzzPXK86n03P7P6dBc0A+rh/yD/cipAgMBAAGjggEfMIIBGzAf -BgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73gJMtUGjAdBgNVHQ4EFgQUr6RAr58W -/qsx/fvVl4v1kaMkhhYwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8C -AQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBkGA1UdIAQSMBAwDgYM -KwYBBAGyMQECAQMEMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRy -dXN0LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQp -MCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZI -hvcNAQEFBQADggEBAISuLWg4EWyDUWLAkcKYvMY7+qXFvTsJ5m5gbzADhiIasovz -xs4euxt54BYUTdKaBUv/j+zwKCnqKgQdPa8REtVJmFBCn2FmOrZAmQQMaxAy6ffP -hlhPLc3TrH7oW2qDfA2gnFxQNnUNbX5Ct9+m3JBcbyNOlx3zInW/AzXmXX/H+Zss -h/aO1iWWWZ3P6hAe727qWpt3GDTMgXevmofCCuXlnhOVU729SRqldhL23PKRt+ka -4bxNPZVxffiNfD4DT1Pt/lL9yl+T4RoBGwK3c066Zul4i1D+EcvRZ9AiT3fqzRQV -QK5mXegufx6Ib1V51rl+47X9kaDA8iaHSy+d9aA= ------END TRUSTED CERTIFICATE----- diff --git a/trust/fixtures/redhat-ca.der b/trust/fixtures/redhat-ca.der deleted file mode 100644 index affae24..0000000 Binary files a/trust/fixtures/redhat-ca.der and /dev/null differ diff --git a/trust/fixtures/self-signed-with-eku.der b/trust/fixtures/self-signed-with-eku.der deleted file mode 100644 index 33e0760..0000000 Binary files a/trust/fixtures/self-signed-with-eku.der and /dev/null differ diff --git a/trust/fixtures/self-signed-with-ku.der b/trust/fixtures/self-signed-with-ku.der deleted file mode 100644 index 51bb227..0000000 Binary files a/trust/fixtures/self-signed-with-ku.der and /dev/null differ diff --git a/trust/fixtures/simple-string b/trust/fixtures/simple-string deleted file mode 100644 index be13474..0000000 --- a/trust/fixtures/simple-string +++ /dev/null @@ -1 +0,0 @@ -The simple string is hairy \ No newline at end of file diff --git a/trust/fixtures/testing-server.der b/trust/fixtures/testing-server.der deleted file mode 100644 index cf2de65..0000000 Binary files a/trust/fixtures/testing-server.der and /dev/null differ diff --git a/trust/fixtures/thawte.pem b/trust/fixtures/thawte.pem deleted file mode 100644 index 34af29e..0000000 --- a/trust/fixtures/thawte.pem +++ /dev/null @@ -1,25 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCB -rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf -Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw -MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV -BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0wODA0MDIwMDAwMDBa -Fw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3Rl -LCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9u -MTgwNgYDVQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXpl -ZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcz -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsr8nLPvb2FvdeHsbnndm -gcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2AtP0LMqmsywCPLLEHd5N/8 -YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC+BsUa0Lf -b1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS9 -9irY7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2S -zhkGcuYMXDhpxwTWvGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUk -OQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV -HQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJKoZIhvcNAQELBQADggEBABpA -2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweKA3rD6z8KLFIW -oCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu -t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7c -KUGRIjxpp7sC8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fM -m7v/OeZWYdMKp8RcTGB7BXcmer/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZu -MdRAGmI0Nj81Aa6sY6A= ------END CERTIFICATE----- diff --git a/trust/fixtures/unrecognized-file.txt b/trust/fixtures/unrecognized-file.txt deleted file mode 100644 index 4d5bac3..0000000 --- a/trust/fixtures/unrecognized-file.txt +++ /dev/null @@ -1 +0,0 @@ -# This file is not recognized by the parser \ No newline at end of file diff --git a/trust/fixtures/verisign-v1.der b/trust/fixtures/verisign-v1.der deleted file mode 100644 index bcd5ebb..0000000 Binary files a/trust/fixtures/verisign-v1.der and /dev/null differ diff --git a/trust/fixtures/verisign-v1.pem b/trust/fixtures/verisign-v1.pem deleted file mode 100644 index ace4da5..0000000 --- a/trust/fixtures/verisign-v1.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN TRUSTED CERTIFICATE----- -MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG -A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz -cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2 -MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV -BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt -YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN -ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f -zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi -TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G -CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW -NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV -Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb -MA4MDEN1c3RvbSBMYWJlbA== ------END TRUSTED CERTIFICATE----- diff --git a/trust/frob-bc.c b/trust/frob-bc.c deleted file mode 100644 index 41fbc58..0000000 --- a/trust/frob-bc.c +++ /dev/null @@ -1,102 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "compat.h" - -#include - -#include -#include -#include -#include - -#include "pkix.asn.h" - -#define err_if_fail(ret, msg) \ - do { if ((ret) != ASN1_SUCCESS) { \ - fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \ - exit (1); \ - } } while (0) - -int -main (int argc, - char *argv[]) -{ - char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; - node_asn *definitions = NULL; - node_asn *ext = NULL; - char *buf; - int len; - int ret; - - ret = asn1_array2tree (pkix_asn1_tab, &definitions, message); - if (ret != ASN1_SUCCESS) { - fprintf (stderr, "definitions: %s\n", message); - return 1; - } - - ret = asn1_create_element (definitions, "PKIX1.BasicConstraints", &ext); - err_if_fail (ret, "BasicConstraints"); - - if (argc > 1) { - ret = asn1_write_value (ext, "cA", argv[1], 1); - err_if_fail (ret, "cA"); - } - - ret = asn1_write_value (ext, "pathLenConstraint", NULL, 0); - err_if_fail (ret, "pathLenConstraint"); - - len = 0; - ret = asn1_der_coding (ext, "", NULL, &len, message); - assert (ret == ASN1_MEM_ERROR); - - buf = malloc (len); - assert (buf != NULL); - ret = asn1_der_coding (ext, "", buf, &len, message); - if (ret != ASN1_SUCCESS) { - fprintf (stderr, "asn1_der_coding: %s\n", message); - free (buf); - return 1; - } - - fwrite (buf, 1, len, stdout); - fflush (stdout); - - free (buf); - asn1_delete_structure (&ext); - asn1_delete_structure (&definitions); - - return 0; -} diff --git a/trust/frob-cert.c b/trust/frob-cert.c deleted file mode 100644 index c1bc45c..0000000 --- a/trust/frob-cert.c +++ /dev/null @@ -1,134 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "compat.h" - -#include - -#include -#include - -#include -#include -#include -#include -#include -#include - -#include "pkix.asn.h" - -#define err_if_fail(ret, msg) \ - do { if ((ret) != ASN1_SUCCESS) { \ - fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \ - exit (1); \ - } } while (0) - -static ssize_t -tlv_length (const unsigned char *data, - size_t length) -{ - unsigned char cls; - int counter = 0; - int cb, len; - unsigned long tag; - - if (asn1_get_tag_der (data, length, &cls, &cb, &tag) == ASN1_SUCCESS) { - counter += cb; - len = asn1_get_length_der (data + cb, length - cb, &cb); - counter += cb; - if (len >= 0) { - len += counter; - if (length >= len) - return len; - } - } - - return -1; -} - -int -main (int argc, - char *argv[]) -{ - char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; - node_asn *definitions = NULL; - node_asn *cert = NULL; - p11_mmap *map; - void *data; - size_t size; - int start, end; - ssize_t len; - int ret; - - if (argc != 4) { - fprintf (stderr, "usage: frob-cert struct field filename\n"); - return 2; - } - - ret = asn1_array2tree (pkix_asn1_tab, &definitions, message); - if (ret != ASN1_SUCCESS) { - fprintf (stderr, "definitions: %s\n", message); - return 1; - } - - ret = asn1_create_element (definitions, argv[1], &cert); - err_if_fail (ret, "Certificate"); - - map = p11_mmap_open (argv[3], NULL, &data, &size); - if (map == NULL) { - fprintf (stderr, "couldn't open file: %s\n", argv[3]); - return 1; - } - - ret = asn1_der_decoding (&cert, data, size, message); - err_if_fail (ret, message); - - ret = asn1_der_decoding_startEnd (cert, data, size, argv[2], &start, &end); - err_if_fail (ret, "asn1_der_decoding_startEnd"); - - len = tlv_length ((unsigned char *)data + start, size - start); - assert (len >= 0); - - fprintf (stderr, "%lu %d %d %ld\n", (unsigned long)size, start, end, (long)len); - fwrite ((unsigned char *)data + start, 1, len, stdout); - fflush (stdout); - - p11_mmap_close (map); - - asn1_delete_structure (&cert); - asn1_delete_structure (&definitions); - - return 0; -} diff --git a/trust/frob-eku.c b/trust/frob-eku.c deleted file mode 100644 index f467b36..0000000 --- a/trust/frob-eku.c +++ /dev/null @@ -1,103 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "compat.h" - -#include - -#include -#include -#include -#include - -#include "pkix.asn.h" - -#define err_if_fail(ret, msg) \ - do { if ((ret) != ASN1_SUCCESS) { \ - fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \ - exit (1); \ - } } while (0) - -int -main (int argc, - char *argv[]) -{ - char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; - node_asn *definitions = NULL; - node_asn *ekus = NULL; - char *buf; - int len; - int ret; - int i; - - ret = asn1_array2tree (pkix_asn1_tab, &definitions, message); - if (ret != ASN1_SUCCESS) { - fprintf (stderr, "definitions: %s\n", message); - return 1; - } - - ret = asn1_create_element (definitions, "PKIX1.ExtKeyUsageSyntax", &ekus); - err_if_fail (ret, "ExtKeyUsageSyntax"); - - for (i = 1; i < argc; i++) { - ret = asn1_write_value (ekus, "", "NEW", 1); - err_if_fail (ret, "NEW"); - - ret = asn1_write_value (ekus, "?LAST", argv[i], strlen (argv[i])); - err_if_fail (ret, "asn1_write_value"); - } - - len = 0; - ret = asn1_der_coding (ekus, "", NULL, &len, message); - assert (ret == ASN1_MEM_ERROR); - - buf = malloc (len); - assert (buf != NULL); - ret = asn1_der_coding (ekus, "", buf, &len, message); - if (ret != ASN1_SUCCESS) { - fprintf (stderr, "asn1_der_coding: %s\n", message); - free (buf); - return 1; - } - - fwrite (buf, 1, len, stdout); - fflush (stdout); - - free (buf); - asn1_delete_structure (&ekus); - asn1_delete_structure (&definitions); - - return 0; -} diff --git a/trust/frob-ext.c b/trust/frob-ext.c deleted file mode 100644 index 2017205..0000000 --- a/trust/frob-ext.c +++ /dev/null @@ -1,119 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "compat.h" - -#include - -#include -#include -#include -#include - -#include "pkix.asn.h" - -#define err_if_fail(ret, msg) \ - do { if ((ret) != ASN1_SUCCESS) { \ - fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \ - exit (1); \ - } } while (0) - -int -main (int argc, - char *argv[]) -{ - char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; - node_asn *definitions = NULL; - node_asn *ext = NULL; - unsigned char input[1024]; - char *buf; - size_t size; - int len; - int ret; - - if (argc == 1 || argc > 3) { - fprintf (stderr, "usage: frob-ext 1.2.3 TRUE\n"); - return 2; - } - - size = fread (input, 1, sizeof (input), stdin); - if (ferror (stdin) || !feof (stdin)) { - fprintf (stderr, "bad input\n"); - return 1; - } - - ret = asn1_array2tree (pkix_asn1_tab, &definitions, message); - if (ret != ASN1_SUCCESS) { - fprintf (stderr, "definitions: %s\n", message); - return 1; - } - - - ret = asn1_create_element (definitions, "PKIX1.Extension", &ext); - err_if_fail (ret, "Extension"); - - ret = asn1_write_value (ext, "extnID", argv[1], 1); - err_if_fail (ret, "extnID"); - - if (argc == 3) { - ret = asn1_write_value (ext, "critical", argv[2], 1); - err_if_fail (ret, "critical"); - } - - ret = asn1_write_value (ext, "extnValue", input, size); - err_if_fail (ret, "extnValue"); - - len = 0; - ret = asn1_der_coding (ext, "", NULL, &len, message); - assert (ret == ASN1_MEM_ERROR); - - buf = malloc (len); - assert (buf != NULL); - ret = asn1_der_coding (ext, "", buf, &len, message); - if (ret != ASN1_SUCCESS) { - fprintf (stderr, "asn1_der_coding: %s\n", message); - free (buf); - return 1; - } - - fwrite (buf, 1, len, stdout); - fflush (stdout); - - free (buf); - asn1_delete_structure (&ext); - asn1_delete_structure (&definitions); - - return 0; -} diff --git a/trust/frob-ku.c b/trust/frob-ku.c deleted file mode 100644 index 99ac217..0000000 --- a/trust/frob-ku.c +++ /dev/null @@ -1,126 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "compat.h" - -#include "oid.h" - -#include - -#include -#include -#include -#include - -#include "pkix.asn.h" - -#define err_if_fail(ret, msg) \ - do { if ((ret) != ASN1_SUCCESS) { \ - fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \ - exit (1); \ - } } while (0) - -int -main (int argc, - char *argv[]) -{ - char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; - node_asn *definitions = NULL; - node_asn *ku = NULL; - unsigned int usage = 0; - char bits[2]; - char *buf; - int len; - int ret; - int i; - - for (i = 1; i < argc; i++) { - if (strcmp (argv[i], "digital-signature") == 0) - usage |= P11_KU_DIGITAL_SIGNATURE; - else if (strcmp (argv[i], "non-repudiation") == 0) - usage |= P11_KU_NON_REPUDIATION; - else if (strcmp (argv[i], "key-encipherment") == 0) - usage |= P11_KU_KEY_ENCIPHERMENT; - else if (strcmp (argv[i], "data-encipherment") == 0) - usage |= P11_KU_DATA_ENCIPHERMENT; - else if (strcmp (argv[i], "key-agreement") == 0) - usage |= P11_KU_KEY_AGREEMENT; - else if (strcmp (argv[i], "key-cert-sign") == 0) - usage |= P11_KU_KEY_CERT_SIGN; - else if (strcmp (argv[i], "crl-sign") == 0) - usage |= P11_KU_CRL_SIGN; - else { - fprintf (stderr, "unsupported or unknown key usage: %s\n", argv[i]); - return 2; - } - } - - ret = asn1_array2tree (pkix_asn1_tab, &definitions, message); - if (ret != ASN1_SUCCESS) { - fprintf (stderr, "definitions: %s\n", message); - return 1; - } - - ret = asn1_create_element (definitions, "PKIX1.KeyUsage", &ku); - err_if_fail (ret, "KeyUsage"); - - bits[0] = usage & 0xff; - bits[1] = (usage >> 8) & 0xff; - - ret = asn1_write_value (ku, "", bits, 9); - err_if_fail (ret, "asn1_write_value"); - - len = 0; - ret = asn1_der_coding (ku, "", NULL, &len, message); - assert (ret == ASN1_MEM_ERROR); - - buf = malloc (len); - assert (buf != NULL); - ret = asn1_der_coding (ku, "", buf, &len, message); - if (ret != ASN1_SUCCESS) { - fprintf (stderr, "asn1_der_coding: %s\n", message); - free (buf); - return 1; - } - - fwrite (buf, 1, len, stdout); - fflush (stdout); - free (buf); - - asn1_delete_structure (&ku); - asn1_delete_structure (&definitions); - - return 0; -} diff --git a/trust/frob-multi-init.c b/trust/frob-multi-init.c deleted file mode 100644 index d966540..0000000 --- a/trust/frob-multi-init.c +++ /dev/null @@ -1,69 +0,0 @@ -/* - * gcc -Wall -o frob-multi-init $(pkg-config p11-kit-1 --cflags --libs) -ldl frob-multi-init.c - */ - -#include -#include -#include - -#include - -#define TRUST_SO "/usr/lib64/pkcs11/p11-kit-trust.so" - -int -main (void) -{ - CK_C_INITIALIZE_ARGS args = - { NULL, NULL, NULL, NULL, CKF_OS_LOCKING_OK, NULL, }; - CK_C_GetFunctionList C_GetFunctionList; - CK_SESSION_HANDLE session; - CK_FUNCTION_LIST *module; - CK_SLOT_ID slots[8]; - CK_SESSION_INFO info; - CK_ULONG count; - CK_RV rv; - void *dl; - - dl = dlopen (TRUST_SO, RTLD_LOCAL | RTLD_NOW); - if (dl == NULL) - fprintf (stderr, "%s\n", dlerror()); - assert (dl != NULL); - - C_GetFunctionList = dlsym (dl, "C_GetFunctionList"); - assert (C_GetFunctionList != NULL); - - rv = C_GetFunctionList (&module); - assert (rv == CKR_OK); - assert (module != NULL); - - rv = module->C_Initialize (&args); - assert (rv == CKR_OK); - - count = 8; - rv = module->C_GetSlotList (CK_TRUE, slots, &count); - assert (rv == CKR_OK); - assert (count > 1); - - rv = module->C_OpenSession (slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - assert (rv == CKR_OK); - - rv = module->C_GetSessionInfo (session, &info); - assert (rv == CKR_OK); - - rv = p11_kit_initialize_registered (); - assert (rv == CKR_OK); - - rv = module->C_GetSessionInfo (session, &info); - if (rv == CKR_OK) { - printf ("no reinitialization bug\n"); - return 0; - - } else if (rv == CKR_SESSION_HANDLE_INVALID) { - printf ("reinitialization bug present\n"); - return 1; - - } else { - printf ("another error: %lu\n", rv); - return 1; - } -} diff --git a/trust/frob-nss-trust.c b/trust/frob-nss-trust.c deleted file mode 100644 index fd69573..0000000 --- a/trust/frob-nss-trust.c +++ /dev/null @@ -1,221 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "compat.h" -#include "attrs.h" -#include "debug.h" -#include "pkcs11x.h" - -#include "p11-kit/iter.h" -#include "p11-kit/p11-kit.h" - -#include -#include -#include - -static void -dump_object (P11KitIter *iter, - CK_ATTRIBUTE *attrs) -{ - CK_ATTRIBUTE label = { CKA_LABEL, }; - CK_ATTRIBUTE *attr; - char *string; - char *name; - CK_RV rv; - - attr = p11_attrs_find_valid (attrs, CKA_LABEL); - if (!attr) { - rv = p11_kit_iter_load_attributes (iter, &label, 1); - if (rv == CKR_OK) - attr = &label; - } - - if (attr) - name = strndup (attr->pValue, attr->ulValueLen); - else - name = strdup ("unknown"); - - string = p11_attrs_to_string (attrs, -1); - printf ("\"%s\" = %s\n", name, string); - free (string); - - free (label.pValue); - free (name); -} - -static int -dump_trust_module (const char *path) -{ - CK_FUNCTION_LIST *module; - CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST; - CK_ATTRIBUTE match = - { CKA_CLASS, &nss_trust, sizeof (nss_trust) }; - P11KitIter *iter; - CK_ATTRIBUTE *attrs; - CK_RV rv; - - CK_ATTRIBUTE template[] = { - { CKA_CLASS,}, - { CKA_LABEL, }, - { CKA_CERT_MD5_HASH, }, - { CKA_CERT_SHA1_HASH }, - { CKA_ISSUER, }, - { CKA_SERIAL_NUMBER, }, - { CKA_TRUST_SERVER_AUTH, }, - { CKA_TRUST_EMAIL_PROTECTION, }, - { CKA_TRUST_CODE_SIGNING, }, - { CKA_TRUST_STEP_UP_APPROVED, }, - { CKA_INVALID, } - }; - - CK_ULONG count = p11_attrs_count (template); - - module = p11_kit_module_load (path, 0); - return_val_if_fail (module != NULL, 1); - - rv = p11_kit_module_initialize (module); - return_val_if_fail (rv == CKR_OK, 1); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_add_filter (iter, &match, 1); - p11_kit_iter_begin_with (iter, module, 0, 0); - - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - attrs = p11_attrs_dup (template); - rv = p11_kit_iter_load_attributes (iter, attrs, count); - return_val_if_fail (rv == CKR_OK || rv == CKR_ATTRIBUTE_VALUE_INVALID, 1); - p11_attrs_purge (attrs); - dump_object (iter, attrs); - p11_attrs_free (attrs); - } - - return_val_if_fail (rv == CKR_CANCEL, 1); - - p11_kit_module_finalize (module); - p11_kit_module_release (module); - - return 0; -} - -static int -compare_trust_modules (const char *path1, - const char *path2) -{ - CK_FUNCTION_LIST *module1; - CK_FUNCTION_LIST *module2; - CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST; - CK_ATTRIBUTE match = - { CKA_CLASS, &nss_trust, sizeof (nss_trust) }; - P11KitIter *iter; - P11KitIter *iter2; - CK_ATTRIBUTE *check; - CK_RV rv; - - CK_ATTRIBUTE template[] = { - { CKA_CLASS, }, - { CKA_ISSUER, }, - { CKA_SERIAL_NUMBER, }, - { CKA_CERT_MD5_HASH, }, - { CKA_CERT_SHA1_HASH }, - { CKA_TRUST_SERVER_AUTH, }, - { CKA_TRUST_EMAIL_PROTECTION, }, - { CKA_TRUST_CODE_SIGNING, }, - { CKA_TRUST_STEP_UP_APPROVED, }, - { CKA_INVALID, } - }; - - module1 = p11_kit_module_load (path1, 0); - return_val_if_fail (module1 != NULL, 1); - - rv = p11_kit_module_initialize (module1); - return_val_if_fail (rv == CKR_OK, 1); - - module2 = p11_kit_module_load (path2, 0); - return_val_if_fail (module2 != NULL, 1); - - rv = p11_kit_module_initialize (module2); - return_val_if_fail (rv == CKR_OK, 1); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_add_filter (iter, &match, 1); - p11_kit_iter_begin_with (iter, module1, 0, 0); - - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - check = p11_attrs_dup (template); - - rv = p11_kit_iter_load_attributes (iter, check, p11_attrs_count (check)); - return_val_if_fail (rv == CKR_OK || rv == CKR_ATTRIBUTE_TYPE_INVALID, 1); - - /* Go through and remove anything not found */ - p11_attrs_purge (check); - - /* Check that this object exists */ - iter2 = p11_kit_iter_new (NULL, 0); - p11_kit_iter_add_filter (iter2, check, p11_attrs_count (check)); - p11_kit_iter_begin_with (iter2, module2, 0, 0); - rv = p11_kit_iter_next (iter2); - p11_kit_iter_free (iter2); - - if (rv != CKR_OK) - dump_object (iter, check); - - p11_attrs_free (check); - } - - return_val_if_fail (rv == CKR_CANCEL, 1); - p11_kit_module_finalize (module1); - p11_kit_module_release (module1); - - p11_kit_module_finalize (module2); - p11_kit_module_release (module2); - - return 0; -} - -int -main (int argc, - char *argv[]) -{ - if (argc == 2) { - return dump_trust_module (argv[1]); - } else if (argc == 3) { - return compare_trust_modules (argv[1], argv[2]); - } else { - fprintf (stderr, "usage: frob-nss-trust module\n"); - fprintf (stderr, " frob-nss-trust module1 module2\n"); - return 2; - } -} diff --git a/trust/frob-oid.c b/trust/frob-oid.c deleted file mode 100644 index 5a2499a..0000000 --- a/trust/frob-oid.c +++ /dev/null @@ -1,102 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "compat.h" - -#include - -#include -#include -#include -#include - -#include "pkix.asn.h" - -#define err_if_fail(ret, msg) \ - do { if ((ret) != ASN1_SUCCESS) { \ - fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \ - exit (1); \ - } } while (0) -int -main (int argc, - char *argv[]) -{ - char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; - node_asn *definitions = NULL; - node_asn *oid = NULL; - char *buf; - int len; - int ret; - - if (argc != 2) { - fprintf (stderr, "usage: frob-oid 1.1.1\n"); - return 2; - } - - ret = asn1_array2tree (pkix_asn1_tab, &definitions, message); - if (ret != ASN1_SUCCESS) { - fprintf (stderr, "definitions: %s\n", message); - return 1; - } - - /* AttributeType is a OBJECT IDENTIFIER */ - ret = asn1_create_element (definitions, "PKIX1.AttributeType", &oid); - err_if_fail (ret, "AttributeType"); - - ret = asn1_write_value (oid, "", argv[1], strlen (argv[1])); - err_if_fail (ret, "asn1_write_value"); - - len = 0; - ret = asn1_der_coding (oid, "", NULL, &len, message); - assert (ret == ASN1_MEM_ERROR); - - buf = malloc (len); - assert (buf != NULL); - ret = asn1_der_coding (oid, "", buf, &len, message); - if (ret != ASN1_SUCCESS) { - fprintf (stderr, "asn1_der_coding: %s\n", message); - free (buf); - return 1; - } - - fwrite (buf, 1, len, stdout); - fflush (stdout); - free (buf); - - asn1_delete_structure (&oid); - asn1_delete_structure (&definitions); - - return 0; -} diff --git a/trust/frob-pow.c b/trust/frob-pow.c deleted file mode 100644 index f029b2a..0000000 --- a/trust/frob-pow.c +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include - -static unsigned int -nearest_pow_2 (int num) -{ - unsigned int n = num ? 1 : 0; - while (n < num && n > 0) - n <<= 1; - return n; -} - -int -main (void) -{ - int i; - - for (i = 0; i < 40; i++) - printf ("nearest_pow_2 (%d) == %u\n", i, nearest_pow_2 (i)); - - return 0; -} diff --git a/trust/frob-token.c b/trust/frob-token.c deleted file mode 100644 index 5d57ec1..0000000 --- a/trust/frob-token.c +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "compat.h" - -#include - -#include "token.h" - -int -main (int argc, - char *argv[]) -{ - p11_token *token; - p11_index *index; - int count; - - if (argc != 2) { - fprintf (stderr, "usage: frob-token path\n"); - return 2; - } - - token = p11_token_new (1, argv[1], "Label"); - count = p11_token_load (token); - - printf ("%d files loaded\n", count); - index = p11_token_index (token); - printf ("%d objects loaded\n", p11_index_size (index)); - - p11_token_free (token); - return 0; -} diff --git a/trust/index.c b/trust/index.c deleted file mode 100644 index f4b6b4b..0000000 --- a/trust/index.c +++ /dev/null @@ -1,912 +0,0 @@ -/* - * Copyright (C) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "compat.h" - -#define P11_DEBUG_FLAG P11_DEBUG_TRUST - -#include "attrs.h" -#include "debug.h" -#include "dict.h" -#include "index.h" -#include "module.h" - -#include -#include -#include - -/* - * The number of buckets we use for indexing, should end up as roughly - * equal to the expected number of unique attribute values * 0.75, - * prime if possible. Currently we don't expand the index, so this is - * just a good guess for general usage. - */ -#define NUM_BUCKETS 7919 - -/* - * The number of indexes to use when trying to find a matching object. - */ -#define MAX_SELECT 3 - -typedef struct { - CK_OBJECT_HANDLE *elem; - int num; -} index_bucket; - -struct _p11_index { - /* The list of objects by handle */ - p11_dict *objects; - - /* Used for indexing */ - index_bucket *buckets; - - /* Data passed to callbacks */ - void *data; - - /* Called to build an new/modified object */ - p11_index_build_cb build; - - /* Called after each object ready to be stored */ - p11_index_store_cb store; - - /* Called after an object has been removed */ - p11_index_remove_cb remove; - - /* Called after objects change */ - p11_index_notify_cb notify; - - /* Used for queueing changes, when in a batch */ - p11_dict *changes; - bool notifying; -}; - -typedef struct { - CK_OBJECT_HANDLE handle; - CK_ATTRIBUTE *attrs; -} index_object; - -static void -free_object (void *data) -{ - index_object *obj = data; - p11_attrs_free (obj->attrs); - free (obj); -} - -static CK_RV -default_build (void *data, - p11_index *index, - CK_ATTRIBUTE *attrs, - CK_ATTRIBUTE *merge, - CK_ATTRIBUTE **populate) -{ - return CKR_OK; -} - -static CK_RV -default_store (void *data, - p11_index *index, - CK_OBJECT_HANDLE handle, - CK_ATTRIBUTE **attrs) -{ - return CKR_OK; -} - -static void -default_notify (void *data, - p11_index *index, - CK_OBJECT_HANDLE handle, - CK_ATTRIBUTE *attrs) -{ - -} - -static CK_RV -default_remove (void *data, - p11_index *index, - CK_ATTRIBUTE *attrs) -{ - return CKR_OK; -} - -p11_index * -p11_index_new (p11_index_build_cb build, - p11_index_store_cb store, - p11_index_remove_cb remove, - p11_index_notify_cb notify, - void *data) -{ - p11_index *index; - - index = calloc (1, sizeof (p11_index)); - return_val_if_fail (index != NULL, NULL); - - if (build == NULL) - build = default_build; - if (store == NULL) - store = default_store; - if (notify == NULL) - notify = default_notify; - if (remove == NULL) - remove = default_remove; - - index->build = build; - index->store = store; - index->notify = notify; - index->remove = remove; - index->data = data; - - index->objects = p11_dict_new (p11_dict_ulongptr_hash, - p11_dict_ulongptr_equal, - NULL, free_object); - return_val_if_fail (index->objects != NULL, NULL); - - index->buckets = calloc (NUM_BUCKETS, sizeof (index_bucket)); - return_val_if_fail (index->buckets != NULL, NULL); - - return index; -} - -void -p11_index_free (p11_index *index) -{ - int i; - - return_if_fail (index != NULL); - - p11_dict_free (index->objects); - p11_dict_free (index->changes); - for (i = 0; i < NUM_BUCKETS; i++) - free (index->buckets[i].elem); - free (index->buckets); - free (index); -} - -int -p11_index_size (p11_index *index) -{ - return_val_if_fail (index != NULL, -1); - return p11_dict_size (index->objects); -} - -static bool -is_indexable (p11_index *index, - CK_ATTRIBUTE_TYPE type) -{ - switch (type) { - case CKA_CLASS: - case CKA_VALUE: - case CKA_OBJECT_ID: - case CKA_ID: - case CKA_X_ORIGIN: - return true; - } - - return false; -} - -static unsigned int -alloc_size (int num) -{ - unsigned int n = num ? 1 : 0; - while (n < num && n > 0) - n <<= 1; - return n; -} - -static int -binary_search (CK_OBJECT_HANDLE *elem, - int low, - int high, - CK_OBJECT_HANDLE handle) -{ - int mid; - - if (low == high) - return low; - - mid = low + ((high - low) / 2); - if (handle > elem[mid]) - return binary_search (elem, mid + 1, high, handle); - else if (handle < elem[mid]) - return binary_search (elem, low, mid, handle); - - return mid; -} - - -static void -bucket_insert (index_bucket *bucket, - CK_OBJECT_HANDLE handle) -{ - unsigned int alloc; - int at = 0; - - if (bucket->elem) { - at = binary_search (bucket->elem, 0, bucket->num, handle); - if (at < bucket->num && bucket->elem[at] == handle) - return; - } - - alloc = alloc_size (bucket->num); - if (bucket->num + 1 > alloc) { - alloc = alloc ? alloc * 2 : 1; - return_if_fail (alloc != 0); - bucket->elem = realloc (bucket->elem, alloc * sizeof (CK_OBJECT_HANDLE)); - } - - return_if_fail (bucket->elem != NULL); - memmove (bucket->elem + at + 1, bucket->elem + at, - (bucket->num - at) * sizeof (CK_OBJECT_HANDLE)); - bucket->elem[at] = handle; - bucket->num++; -} - -static bool -bucket_push (index_bucket *bucket, - CK_OBJECT_HANDLE handle) -{ - unsigned int alloc; - - alloc = alloc_size (bucket->num); - if (bucket->num + 1 > alloc) { - alloc = alloc ? alloc * 2 : 1; - return_val_if_fail (alloc != 0, false); - bucket->elem = realloc (bucket->elem, alloc * sizeof (CK_OBJECT_HANDLE)); - } - - return_val_if_fail (bucket->elem != NULL, false); - bucket->elem[bucket->num++] = handle; - return true; -} - -static void -index_hash (p11_index *index, - index_object *obj) -{ - unsigned int hash; - int i; - - for (i = 0; !p11_attrs_terminator (obj->attrs + i); i++) { - if (is_indexable (index, obj->attrs[i].type)) { - hash = p11_attr_hash (obj->attrs + i); - bucket_insert (index->buckets + (hash % NUM_BUCKETS), obj->handle); - } - } -} - -static void -merge_attrs (CK_ATTRIBUTE *output, - CK_ULONG *noutput, - CK_ATTRIBUTE *merge, - CK_ULONG nmerge, - p11_array *to_free) -{ - CK_ULONG i; - - for (i = 0; i < nmerge; i++) { - /* Already have this attribute? */ - if (p11_attrs_findn (output, *noutput, merge[i].type)) { - p11_array_push (to_free, merge[i].pValue); - - } else { - memcpy (output + *noutput, merge + i, sizeof (CK_ATTRIBUTE)); - (*noutput)++; - } - } - - /* Freeing the array itself */ - p11_array_push (to_free, merge); -} - -static CK_RV -index_build (p11_index *index, - CK_OBJECT_HANDLE handle, - CK_ATTRIBUTE **attrs, - CK_ATTRIBUTE *merge) -{ - CK_ATTRIBUTE *extra = NULL; - CK_ATTRIBUTE *built; - p11_array *stack = NULL; - CK_ULONG count; - CK_ULONG nattrs; - CK_ULONG nmerge; - CK_ULONG nextra; - CK_RV rv; - int i; - - rv = index->build (index->data, index, *attrs, merge, &extra); - if (rv != CKR_OK) - return rv; - - /* Short circuit when nothing to merge */ - if (*attrs == NULL && extra == NULL) { - built = merge; - stack = NULL; - - } else { - stack = p11_array_new (NULL); - nattrs = p11_attrs_count (*attrs); - nmerge = p11_attrs_count (merge); - nextra = p11_attrs_count (extra); - - /* Make a shallow copy of the combined attributes for validation */ - built = calloc (nmerge + nattrs + nextra + 1, sizeof (CK_ATTRIBUTE)); - return_val_if_fail (built != NULL, CKR_GENERAL_ERROR); - - count = nmerge; - memcpy (built, merge, sizeof (CK_ATTRIBUTE) * nmerge); - p11_array_push (stack, merge); - merge_attrs (built, &count, *attrs, nattrs, stack); - merge_attrs (built, &count, extra, nextra, stack); - - /* The terminator attribute */ - built[count].type = CKA_INVALID; - assert (p11_attrs_terminator (built + count)); - } - - rv = index->store (index->data, index, handle, &built); - - if (rv == CKR_OK) { - for (i = 0; stack && i < stack->num; i++) - free (stack->elem[i]); - *attrs = built; - } else { - p11_attrs_free (extra); - free (built); - } - - p11_array_free (stack); - return rv; -} - -static void -call_notify (p11_index *index, - CK_OBJECT_HANDLE handle, - CK_ATTRIBUTE *attrs) -{ - assert (index->notify); - - /* When attrs is NULL, means this is a modify */ - if (attrs == NULL) { - attrs = p11_index_lookup (index, handle); - if (attrs == NULL) - return; - - /* Otherwise a remove operation, handle not valid anymore */ - } else { - handle = 0; - } - - index->notifying = true; - index->notify (index->data, index, handle, attrs); - index->notifying = false; -} - -static void -index_notify (p11_index *index, - CK_OBJECT_HANDLE handle, - CK_ATTRIBUTE *removed) -{ - index_object *obj; - - if (!index->notify || index->notifying) { - p11_attrs_free (removed); - - } else if (!index->changes) { - call_notify (index, handle, removed); - p11_attrs_free (removed); - - } else { - obj = calloc (1, sizeof (index_object)); - return_if_fail (obj != NULL); - - obj->handle = handle; - obj->attrs = removed; - if (!p11_dict_set (index->changes, &obj->handle, obj)) - return_if_reached (); - } -} - -void -p11_index_load (p11_index *index) -{ - return_if_fail (index != NULL); - - if (index->changes) - return; - - index->changes = p11_dict_new (p11_dict_ulongptr_hash, - p11_dict_ulongptr_equal, - NULL, free_object); - return_if_fail (index->changes != NULL); -} - -void -p11_index_finish (p11_index *index) -{ - p11_dict *changes; - index_object *obj; - p11_dictiter iter; - - return_if_fail (index != NULL); - - if (!index->changes) - return; - - changes = index->changes; - index->changes = NULL; - - p11_dict_iterate (changes, &iter); - while (p11_dict_next (&iter, NULL, (void **)&obj)) { - index_notify (index, obj->handle, obj->attrs); - obj->attrs = NULL; - } - - p11_dict_free (changes); -} - -bool -p11_index_loading (p11_index *index) -{ - return_val_if_fail (index != NULL, false); - return index->changes ? true : false; -} - -CK_RV -p11_index_take (p11_index *index, - CK_ATTRIBUTE *attrs, - CK_OBJECT_HANDLE *handle) -{ - index_object *obj; - CK_RV rv; - - return_val_if_fail (index != NULL, CKR_GENERAL_ERROR); - return_val_if_fail (attrs != NULL, CKR_GENERAL_ERROR); - - obj = calloc (1, sizeof (index_object)); - return_val_if_fail (obj != NULL, CKR_HOST_MEMORY); - - obj->handle = p11_module_next_id (); - - rv = index_build (index, obj->handle, &obj->attrs, attrs); - if (rv != CKR_OK) { - p11_attrs_free (attrs); - free (obj); - return rv; - } - - return_val_if_fail (obj->attrs != NULL, CKR_GENERAL_ERROR); - - if (!p11_dict_set (index->objects, &obj->handle, obj)) - return_val_if_reached (CKR_HOST_MEMORY); - - index_hash (index, obj); - - if (handle) - *handle = obj->handle; - - index_notify (index, obj->handle, NULL); - return CKR_OK; -} - -CK_RV -p11_index_add (p11_index *index, - CK_ATTRIBUTE *attrs, - CK_ULONG count, - CK_OBJECT_HANDLE *handle) -{ - CK_ATTRIBUTE *copy; - - return_val_if_fail (index != NULL, CKR_GENERAL_ERROR); - return_val_if_fail (attrs == NULL || count > 0, CKR_ARGUMENTS_BAD); - - copy = p11_attrs_buildn (NULL, attrs, count); - return_val_if_fail (copy != NULL, CKR_HOST_MEMORY); - - return p11_index_take (index, copy, handle); -} - -CK_RV -p11_index_update (p11_index *index, - CK_OBJECT_HANDLE handle, - CK_ATTRIBUTE *update) -{ - index_object *obj; - CK_RV rv; - - return_val_if_fail (index != NULL, CKR_GENERAL_ERROR); - return_val_if_fail (update != NULL, CKR_GENERAL_ERROR); - - obj = p11_dict_get (index->objects, &handle); - if (obj == NULL) { - p11_attrs_free (update); - return CKR_OBJECT_HANDLE_INVALID; - } - - rv = index_build (index, obj->handle, &obj->attrs, update); - if (rv != CKR_OK) { - p11_attrs_free (update); - return rv; - } - - index_hash (index, obj); - index_notify (index, obj->handle, NULL); - - return CKR_OK; -} - -CK_RV -p11_index_set (p11_index *index, - CK_OBJECT_HANDLE handle, - CK_ATTRIBUTE *attrs, - CK_ULONG count) -{ - CK_ATTRIBUTE *update; - index_object *obj; - - return_val_if_fail (index != NULL, CKR_GENERAL_ERROR); - - obj = p11_dict_get (index->objects, &handle); - if (obj == NULL) - return CKR_OBJECT_HANDLE_INVALID; - - update = p11_attrs_buildn (NULL, attrs, count); - return_val_if_fail (update != NULL, CKR_HOST_MEMORY); - - return p11_index_update (index, handle, update); -} - -CK_RV -p11_index_remove (p11_index *index, - CK_OBJECT_HANDLE handle) -{ - index_object *obj; - CK_RV rv; - - return_val_if_fail (index != NULL, CKR_GENERAL_ERROR); - - if (!p11_dict_steal (index->objects, &handle, NULL, (void **)&obj)) - return CKR_OBJECT_HANDLE_INVALID; - - rv = (index->remove) (index->data, index, obj->attrs); - - /* If the writer failed the remove, then add it back */ - if (rv != CKR_OK) { - if (!p11_dict_set (index->objects, &obj->handle, obj)) - return_val_if_reached (CKR_HOST_MEMORY); - return rv; - } - - /* This takes ownership of the attributes */ - index_notify (index, handle, obj->attrs); - obj->attrs = NULL; - free_object (obj); - - return CKR_OK; -} - -static CK_RV -index_replacev (p11_index *index, - CK_OBJECT_HANDLE *handles, - CK_ATTRIBUTE_TYPE key, - CK_ATTRIBUTE **replace, - CK_ULONG replacen) -{ - index_object *obj; - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *attr; - bool handled = false; - CK_RV rv; - int i, j; - - for (i = 0; handles && handles[i] != 0; i++) { - obj = p11_dict_get (index->objects, handles + i); - if (obj == NULL) - continue; - - handled = false; - attr = p11_attrs_find (obj->attrs, key); - - /* The match doesn't have the key, so remove it */ - if (attr != NULL) { - for (j = 0; j < replacen; j++) { - if (!replace[j]) - continue; - if (p11_attrs_matchn (replace[j], attr, 1)) { - attrs = NULL; - rv = index_build (index, obj->handle, &attrs, replace[j]); - if (rv != CKR_OK) - return rv; - p11_attrs_free (obj->attrs); - obj->attrs = attrs; - replace[j] = NULL; - handled = true; - index_hash (index, obj); - index_notify (index, obj->handle, NULL); - break; - } - } - } - - if (!handled) { - rv = p11_index_remove (index, handles[i]); - if (rv != CKR_OK) - return rv; - } - } - - for (j = 0; j < replacen; j++) { - if (!replace[j]) - continue; - attrs = replace[j]; - replace[j] = NULL; - rv = p11_index_take (index, attrs, NULL); - if (rv != CKR_OK) - return rv; - } - - return CKR_OK; -} - -CK_RV -p11_index_replace (p11_index *index, - CK_OBJECT_HANDLE handle, - CK_ATTRIBUTE *replace) -{ - CK_OBJECT_HANDLE handles[] = { handle, 0 }; - return_val_if_fail (index != NULL, CKR_GENERAL_ERROR); - return index_replacev (index, handles, CKA_INVALID, - &replace, replace ? 1 : 0); -} - -CK_RV -p11_index_replace_all (p11_index *index, - CK_ATTRIBUTE *match, - CK_ATTRIBUTE_TYPE key, - p11_array *replace) -{ - CK_OBJECT_HANDLE *handles; - CK_RV rv; - int i; - - return_val_if_fail (index != NULL, CKR_GENERAL_ERROR); - - handles = p11_index_find_all (index, match, -1); - - rv = index_replacev (index, handles, key, - replace ? (CK_ATTRIBUTE **)replace->elem : NULL, - replace ? replace->num : 0); - - if (rv == CKR_OK) { - if (replace) - p11_array_clear (replace); - } else { - for (i = 0; replace && i < replace->num; i++) { - if (!replace->elem[i]) { - p11_array_remove (replace, i); - i--; - } - } - } - - free (handles); - return rv; -} - -CK_ATTRIBUTE * -p11_index_lookup (p11_index *index, - CK_OBJECT_HANDLE handle) -{ - index_object *obj; - - return_val_if_fail (index != NULL, NULL); - - if (handle == CK_INVALID_HANDLE) - return NULL; - - obj = p11_dict_get (index->objects, &handle); - return obj ? obj->attrs : NULL; -} - -typedef bool (* index_sink) (p11_index *index, - index_object *obj, - CK_ATTRIBUTE *match, - CK_ULONG count, - void *data); - -static void -index_select (p11_index *index, - CK_ATTRIBUTE *match, - CK_ULONG count, - index_sink sink, - void *data) -{ - index_bucket *selected[MAX_SELECT]; - CK_OBJECT_HANDLE handle; - index_object *obj; - unsigned int hash; - p11_dictiter iter; - CK_ULONG n; - int num, at; - int i, j; - - /* First look for any matching buckets */ - for (n = 0, num = 0; n < count && num < MAX_SELECT; n++) { - if (is_indexable (index, match[n].type)) { - hash = p11_attr_hash (match + n); - selected[num] = index->buckets + (hash % NUM_BUCKETS); - - /* If any index is empty, then obviously no match */ - if (!selected[num]->num) - return; - - num++; - } - } - - /* Fall back on selecting all the items, if no index */ - if (num == 0) { - p11_dict_iterate (index->objects, &iter); - while (p11_dict_next (&iter, NULL, (void *)&obj)) { - if (!sink (index, obj, match, count, data)) - return; - } - return; - } - - for (i = 0; i < selected[0]->num; i++) { - /* A candidate match from first bucket */ - handle = selected[0]->elem[i]; - - /* Check if the candidate is in other buckets */ - for (j = 1; j < num; j++) { - assert (selected[j]->elem); /* checked above */ - at = binary_search (selected[j]->elem, 0, selected[j]->num, handle); - if (at >= selected[j]->num || selected[j]->elem[at] != handle) { - handle = 0; - break; - } - } - - /* Matched all the buckets, now actually match attrs */ - if (handle != 0) { - obj = p11_dict_get (index->objects, &handle); - if (obj != NULL) { - if (!sink (index, obj, match, count, data)) - return; - } - } - } -} - -static bool -sink_one_match (p11_index *index, - index_object *obj, - CK_ATTRIBUTE *match, - CK_ULONG count, - void *data) -{ - CK_OBJECT_HANDLE *result = data; - - if (p11_attrs_matchn (obj->attrs, match, count)) { - *result = obj->handle; - return false; - } - - return true; -} - -CK_OBJECT_HANDLE -p11_index_find (p11_index *index, - CK_ATTRIBUTE *match, - int count) -{ - CK_OBJECT_HANDLE handle = 0UL; - - return_val_if_fail (index != NULL, 0UL); - - if (count < 0) - count = p11_attrs_count (match); - - index_select (index, match, count, sink_one_match, &handle); - return handle; -} - -static bool -sink_if_match (p11_index *index, - index_object *obj, - CK_ATTRIBUTE *match, - CK_ULONG count, - void *data) -{ - index_bucket *handles = data; - - if (p11_attrs_matchn (obj->attrs, match, count)) - bucket_push (handles, obj->handle); - return true; -} - -CK_OBJECT_HANDLE * -p11_index_find_all (p11_index *index, - CK_ATTRIBUTE *match, - int count) -{ - index_bucket handles = { NULL, 0 }; - - return_val_if_fail (index != NULL, NULL); - - if (count < 0) - count = p11_attrs_count (match); - - index_select (index, match, count, sink_if_match, &handles); - - /* Null terminate */ - bucket_push (&handles, 0UL); - return handles.elem; -} - -static bool -sink_any (p11_index *index, - index_object *obj, - CK_ATTRIBUTE *match, - CK_ULONG count, - void *data) -{ - index_bucket *handles = data; - bucket_push (handles, obj->handle); - return true; -} - -CK_OBJECT_HANDLE * -p11_index_snapshot (p11_index *index, - p11_index *base, - CK_ATTRIBUTE *attrs, - CK_ULONG count) -{ - index_bucket handles = { NULL, 0 }; - - return_val_if_fail (index != NULL, NULL); - - if (count < (CK_ULONG)0UL) - count = p11_attrs_count (attrs); - - index_select (index, attrs, count, sink_any, &handles); - if (base) - index_select (base, attrs, count, sink_any, &handles); - - /* Null terminate */ - bucket_push (&handles, 0UL); - return handles.elem; -} diff --git a/trust/index.h b/trust/index.h deleted file mode 100644 index 3ae24a1..0000000 --- a/trust/index.h +++ /dev/null @@ -1,127 +0,0 @@ -/* - * Copyright (C) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef P11_INDEX_H_ -#define P11_INDEX_H_ - -#include "array.h" -#include "compat.h" -#include "pkcs11.h" -#include "types.h" - -typedef struct _p11_index p11_index; - -typedef CK_RV (* p11_index_build_cb) (void *data, - p11_index *index, - CK_ATTRIBUTE *attrs, - CK_ATTRIBUTE *merge, - CK_ATTRIBUTE **populate); - -typedef CK_RV (* p11_index_store_cb) (void *data, - p11_index *index, - CK_OBJECT_HANDLE handle, - CK_ATTRIBUTE **attrs); - -typedef CK_RV (* p11_index_remove_cb) (void *data, - p11_index *index, - CK_ATTRIBUTE *attrs); - -typedef void (* p11_index_notify_cb) (void *data, - p11_index *index, - CK_OBJECT_HANDLE handle, - CK_ATTRIBUTE *attrs); - -p11_index * p11_index_new (p11_index_build_cb build, - p11_index_store_cb store, - p11_index_remove_cb remove, - p11_index_notify_cb notify, - void *data); - -void p11_index_free (p11_index *index); - -int p11_index_size (p11_index *index); - -void p11_index_load (p11_index *index); - -void p11_index_finish (p11_index *index); - -bool p11_index_loading (p11_index *index); - -CK_RV p11_index_take (p11_index *index, - CK_ATTRIBUTE *attrs, - CK_OBJECT_HANDLE *handle); - -CK_RV p11_index_add (p11_index *index, - CK_ATTRIBUTE *attrs, - CK_ULONG count, - CK_OBJECT_HANDLE *handle); - -CK_RV p11_index_set (p11_index *index, - CK_OBJECT_HANDLE handle, - CK_ATTRIBUTE *attrs, - CK_ULONG count); - -CK_RV p11_index_update (p11_index *index, - CK_OBJECT_HANDLE handle, - CK_ATTRIBUTE *attrs); - -CK_RV p11_index_replace (p11_index *index, - CK_OBJECT_HANDLE handle, - CK_ATTRIBUTE *replace); - -CK_RV p11_index_replace_all (p11_index *index, - CK_ATTRIBUTE *match, - CK_ATTRIBUTE_TYPE key, - p11_array *replace); - -CK_RV p11_index_remove (p11_index *index, - CK_OBJECT_HANDLE handle); - -CK_ATTRIBUTE * p11_index_lookup (p11_index *index, - CK_OBJECT_HANDLE handle); - -CK_OBJECT_HANDLE p11_index_find (p11_index *index, - CK_ATTRIBUTE *match, - int count); - -CK_OBJECT_HANDLE * p11_index_find_all (p11_index *index, - CK_ATTRIBUTE *match, - int count); - -CK_OBJECT_HANDLE * p11_index_snapshot (p11_index *index, - p11_index *base, - CK_ATTRIBUTE *attrs, - CK_ULONG count); - -#endif /* P11_INDEX_H_ */ diff --git a/trust/input/anchors/cacert3.der b/trust/input/anchors/cacert3.der deleted file mode 100644 index 56f8c88..0000000 Binary files a/trust/input/anchors/cacert3.der and /dev/null differ diff --git a/trust/input/anchors/testing-ca.der b/trust/input/anchors/testing-ca.der deleted file mode 100644 index d3f70ea..0000000 Binary files a/trust/input/anchors/testing-ca.der and /dev/null differ diff --git a/trust/input/blacklist/self-server.der b/trust/input/blacklist/self-server.der deleted file mode 100644 index 68fe9af..0000000 Binary files a/trust/input/blacklist/self-server.der and /dev/null differ diff --git a/trust/input/cacert-ca.der b/trust/input/cacert-ca.der deleted file mode 100644 index 719b0ff..0000000 Binary files a/trust/input/cacert-ca.der and /dev/null differ diff --git a/trust/input/distrusted.pem b/trust/input/distrusted.pem deleted file mode 100644 index 8de6ff0..0000000 --- a/trust/input/distrusted.pem +++ /dev/null @@ -1,23 +0,0 @@ ------BEGIN TRUSTED CERTIFICATE----- -MIIDsDCCAxmgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMCVVMx -FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYD -VQQKEw1SZWQgSGF0LCBJbmMuMQswCQYDVQQLEwJJUzEWMBQGA1UEAxMNUmVkIEhh -dCBJUyBDQTEmMCQGCSqGSIb3DQEJARYXc3lzYWRtaW4tcmR1QHJlZGhhdC5jb20w -HhcNMDkwOTE2MTg0NTI1WhcNMTkwOTE0MTg0NTI1WjCBnTELMAkGA1UEBhMCVVMx -FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYD -VQQKEw1SZWQgSGF0LCBJbmMuMQswCQYDVQQLEwJJUzEWMBQGA1UEAxMNUmVkIEhh -dCBJUyBDQTEmMCQGCSqGSIb3DQEJARYXc3lzYWRtaW4tcmR1QHJlZGhhdC5jb20w -gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN/HDWGiL8BarUWDIjNC6uxCXqYN -QkwcmhILX+cl+YuDDArFL1pYVrith228gF3dSUU5X7kIOmPkkjNheRkbnas61X+n -i3+KWvbX3q+h5VMxKX2cA1U+R3jLuXqYjF+N2gkPyPvxeoDuEncKAItw+mK/r+4L -WBb5nFzek7hP3017AgMBAAGjgf0wgfowHQYDVR0OBBYEFA2sGXDtBKdeeKv+i6g0 -6yEmwVY1MIHKBgNVHSMEgcIwgb+AFA2sGXDtBKdeeKv+i6g06yEmwVY1oYGjpIGg -MIGdMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExEDAOBgNV -BAcTB1JhbGVpZ2gxFjAUBgNVBAoTDVJlZCBIYXQsIEluYy4xCzAJBgNVBAsTAklT -MRYwFAYDVQQDEw1SZWQgSGF0IElTIENBMSYwJAYJKoZIhvcNAQkBFhdzeXNhZG1p -bi1yZHVAcmVkaGF0LmNvbYIBATAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA -A4GBAFBgO5y3JcPXH/goumNBW7rr8m9EFZmQyK5gT1Ljv5qaCSZwxkAomhriv04p -mb1y8yjrK5OY3WwgaRaAWRHp4/hn2HWaRvx3S+gwLM7p8V1pWnbSFJOXF3kbuC41 -voMIMqAFfHKidKN/yrjJg/1ahIjSt11lMUvRJ4TNT+pk5VnBMB+gCgYIKwYBBQUH -AwIMEVJlZCBIYXQgSXMgdGhlIENB ------END TRUSTED CERTIFICATE----- diff --git a/trust/input/verisign-v1.p11-kit b/trust/input/verisign-v1.p11-kit deleted file mode 100644 index eaa080d..0000000 --- a/trust/input/verisign-v1.p11-kit +++ /dev/null @@ -1,17 +0,0 @@ -[p11-kit-object-v1] -trusted: true - ------BEGIN CERTIFICATE----- -MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG -A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz -cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2 -MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV -BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt -YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN -ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f -zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi -TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G -CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW -NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV -Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb ------END CERTIFICATE----- diff --git a/trust/list.c b/trust/list.c deleted file mode 100644 index 12120e5..0000000 --- a/trust/list.c +++ /dev/null @@ -1,260 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#define P11_DEBUG_FLAG P11_DEBUG_TOOL - -#include "attrs.h" -#include "constants.h" -#include "debug.h" -#include "enumerate.h" -#include "list.h" -#include "message.h" -#include "pkcs11x.h" -#include "tool.h" -#include "url.h" - -#include "p11-kit/iter.h" - -#include -#include -#include - -static char * -format_uri (p11_enumerate *ex, - int flags) -{ - CK_ATTRIBUTE *attr; - p11_kit_uri *uri; - char *string; - - uri = p11_kit_uri_new (); - - memcpy (p11_kit_uri_get_token_info (uri), - p11_kit_iter_get_token (ex->iter), - sizeof (CK_TOKEN_INFO)); - - attr = p11_attrs_find (ex->attrs, CKA_CLASS); - if (attr != NULL) - p11_kit_uri_set_attribute (uri, attr); - attr = p11_attrs_find (ex->attrs, CKA_ID); - if (attr != NULL) - p11_kit_uri_set_attribute (uri, attr); - - if (p11_kit_uri_format (uri, flags, &string) != P11_KIT_URI_OK) - string = NULL; - - p11_kit_uri_free (uri); - return string; -} - -static bool -list_iterate (p11_enumerate *ex, - bool details) -{ - unsigned char *bytes; - CK_OBJECT_HANDLE object; - CK_ATTRIBUTE *attr; - CK_ULONG klass; - CK_ULONG category; - CK_BBOOL val; - p11_buffer buf; - CK_RV rv; - const char *nick; - char *string; - int flags; - - flags = P11_KIT_URI_FOR_OBJECT; - if (details) - flags |= P11_KIT_URI_FOR_OBJECT_ON_TOKEN; - - while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) { - if (p11_debugging) { - object = p11_kit_iter_get_object (ex->iter); - p11_debug ("handle: %lu", object); - - string = p11_attrs_to_string (ex->attrs, -1); - p11_debug ("attrs: %s", string); - free (string); - } - - string = format_uri (ex, flags); - if (string == NULL) { - p11_message ("skipping object, couldn't build uri"); - continue; - } - - printf ("%s\n", string); - free (string); - - if (p11_attrs_find_ulong (ex->attrs, CKA_CLASS, &klass)) { - nick = p11_constant_nick (p11_constant_classes, klass); - if (nick != NULL) - printf (" type: %s\n", nick); - } - - attr = p11_attrs_find_valid (ex->attrs, CKA_LABEL); - if (attr && attr->pValue && attr->ulValueLen) { - string = strndup (attr->pValue, attr->ulValueLen); - printf (" label: %s\n", string); - free (string); - } - - if (p11_attrs_find_bool (ex->attrs, CKA_X_DISTRUSTED, &val) && val) - printf (" trust: blacklisted\n"); - else if (p11_attrs_find_bool (ex->attrs, CKA_TRUSTED, &val) && val) - printf (" trust: anchor\n"); - else - printf (" trust: unspecified\n"); - - if (p11_attrs_find_ulong (ex->attrs, CKA_CERTIFICATE_CATEGORY, &category)) { - nick = p11_constant_nick (p11_constant_categories, category); - if (nick != NULL) - printf (" category: %s\n", nick); - } - - if (details) { - attr = p11_attrs_find_valid (ex->attrs, CKA_PUBLIC_KEY_INFO); - if (attr) { - p11_buffer_init (&buf, 1024); - bytes = attr->pValue; - p11_url_encode (bytes, bytes + attr->ulValueLen, "", &buf); - printf (" public-key-info: %.*s\n", (int)buf.len, (char *)buf.data); - p11_buffer_uninit (&buf); - } - } - - printf ("\n"); - } - - return (rv == CKR_CANCEL); -} - -int -p11_trust_list (int argc, - char **argv) -{ - p11_enumerate ex; - bool details = false; - int opt = 0; - int ret; - - enum { - opt_verbose = 'v', - opt_quiet = 'q', - opt_help = 'h', - opt_filter = 1000, - opt_purpose, - opt_details, - }; - - struct option options[] = { - { "filter", required_argument, NULL, opt_filter }, - { "purpose", required_argument, NULL, opt_purpose }, - { "details", no_argument, NULL, opt_details }, - { "verbose", no_argument, NULL, opt_verbose }, - { "quiet", no_argument, NULL, opt_quiet }, - { "help", no_argument, NULL, opt_help }, - { 0 }, - }; - - p11_tool_desc usages[] = { - { 0, "usage: trust list --filter=" }, - { opt_filter, - "filter of what to export\n" - " ca-anchors certificate anchors\n" - " blacklist blacklisted certificates\n" - " trust-policy anchors and blacklist (default)\n" - " certificates all certificates\n" - " pkcs11:object=xx a PKCS#11 URI", - "what", - }, - { opt_purpose, - "limit to certificates usable for the purpose\n" - " server-auth for authenticating servers\n" - " client-auth for authenticating clients\n" - " email for email protection\n" - " code-signing for authenticating signed code\n" - " 1.2.3.4.5... an arbitrary object id", - "usage" - }, - { opt_verbose, "show verbose debug output", }, - { opt_quiet, "suppress command output", }, - { 0 }, - }; - - p11_enumerate_init (&ex); - - while ((opt = p11_tool_getopt (argc, argv, options)) != -1) { - switch (opt) { - case opt_verbose: - case opt_quiet: - break; - - case opt_filter: - if (!p11_enumerate_opt_filter (&ex, optarg)) - exit (2); - break; - case opt_purpose: - if (!p11_enumerate_opt_purpose (&ex, optarg)) - exit (2); - break; - case opt_details: - details = true; - break; - case 'h': - p11_tool_usage (usages, options); - exit (0); - case '?': - exit (2); - default: - assert_not_reached (); - break; - } - } - - if (argc - optind != 0) { - p11_message ("extra arguments passed to command"); - exit (2); - } - - if (!p11_enumerate_ready (&ex, "trust-policy")) - exit (1); - - ret = list_iterate (&ex, details) ? 0 : 1; - - p11_enumerate_cleanup (&ex); - return ret; -} diff --git a/trust/list.h b/trust/list.h deleted file mode 100644 index ea3cd08..0000000 --- a/trust/list.h +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#ifndef P11_LIST_H_ -#define P11_LIST_H_ - -int p11_trust_list (int argc, - char **argv); - -#endif /* P11_LIST_H_ */ diff --git a/trust/module.c b/trust/module.c deleted file mode 100644 index 7fce465..0000000 --- a/trust/module.c +++ /dev/null @@ -1,1837 +0,0 @@ -/* - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#define CRYPTOKI_EXPORTS - -#include "argv.h" -#include "array.h" -#include "attrs.h" -#define P11_DEBUG_FLAG P11_DEBUG_TRUST -#include "debug.h" -#include "dict.h" -#include "library.h" -#include "message.h" -#include "module.h" -#include "parser.h" -#include "path.h" -#include "pkcs11.h" -#include "pkcs11x.h" -#include "session.h" -#include "token.h" - -#include -#include -#include -#include - -#define MANUFACTURER_ID "PKCS#11 Kit " -#define LIBRARY_DESCRIPTION "PKCS#11 Kit Trust Module " -#define TOKEN_MODEL "p11-kit-trust " -#define TOKEN_SERIAL_NUMBER "1 " - -/* Initial slot id: non-zero and non-one */ -#define BASE_SLOT_ID 18UL - -static struct _Shared { - int initialized; - p11_dict *sessions; - p11_array *tokens; - char *paths; -} gl = { 0, NULL, NULL, NULL }; - -/* Used during FindObjects */ -typedef struct _FindObjects { - CK_ATTRIBUTE *match; - CK_OBJECT_HANDLE *snapshot; - CK_ULONG iterator; -} FindObjects; - -static CK_FUNCTION_LIST sys_function_list; - -static void -find_objects_free (void *data) -{ - FindObjects *find = data; - p11_attrs_free (find->match); - free (find->snapshot); - free (find); -} - -static CK_RV -lookup_session (CK_SESSION_HANDLE handle, - p11_session **session) -{ - p11_session *sess; - - if (!gl.sessions) - return CKR_CRYPTOKI_NOT_INITIALIZED; - - sess = p11_dict_get (gl.sessions, &handle); - if (!sess) - return CKR_SESSION_HANDLE_INVALID; - - if (sess && session) - *session = sess; - return CKR_OK; -} - -static CK_ATTRIBUTE * -lookup_object_inlock (p11_session *session, - CK_OBJECT_HANDLE handle, - p11_index **index) -{ - CK_ATTRIBUTE *attrs; - - assert (session != NULL); - - attrs = p11_index_lookup (session->index, handle); - if (attrs) { - if (index) - *index = session->index; - return attrs; - } - - attrs = p11_index_lookup (p11_token_index (session->token), handle); - if (attrs) { - if (index) - *index = p11_token_index (session->token); - return attrs; - } - - return NULL; -} - -static CK_RV -check_index_writable (p11_session *session, - p11_index *index) -{ - if (index == p11_token_index (session->token)) { - if (!p11_token_is_writable (session->token)) - return CKR_TOKEN_WRITE_PROTECTED; - else if (!session->read_write) - return CKR_SESSION_READ_ONLY; - } - - return CKR_OK; -} - -static CK_RV -lookup_slot_inlock (CK_SLOT_ID id, - p11_token **token) -{ - /* - * These are invalid inputs, that well behaved callers should - * not produce, so have them fail precondations - */ - - return_val_if_fail (gl.tokens != NULL, - CKR_CRYPTOKI_NOT_INITIALIZED); - - return_val_if_fail (id >= BASE_SLOT_ID && id - BASE_SLOT_ID < gl.tokens->num, - CKR_SLOT_ID_INVALID); - - if (token) - *token = gl.tokens->elem[id - BASE_SLOT_ID]; - return CKR_OK; -} - -static bool -check_slot (CK_SLOT_ID id) -{ - bool ret; - - p11_lock (); - ret = lookup_slot_inlock (id, NULL) == CKR_OK; - p11_unlock (); - - return ret; -} - -static bool -create_tokens_inlock (p11_array *tokens, - const char *paths) -{ - /* - * TRANSLATORS: These label strings are used in PKCS#11 URIs and - * unfortunately cannot be marked translatable. If localization is - * desired they should be translated in GUI applications. These - * strings will not change arbitrarily. - */ - - struct { - const char *prefix; - const char *label; - } labels[] = { - { "~/", "User Trust" }, - { DATA_DIR, "Default Trust" }, - { SYSCONFDIR, "System Trust" }, - { NULL }, - }; - - p11_token *token; - p11_token *check; - CK_SLOT_ID slot; - const char *path; - const char *label; - char *alloc; - char *remaining; - char *base; - char *pos; - int i; - - p11_debug ("using paths: %s", paths); - - alloc = remaining = strdup (paths); - return_val_if_fail (remaining != NULL, false); - - while (remaining) { - path = remaining; - pos = strchr (remaining, P11_PATH_SEP_C); - if (pos == NULL) { - remaining = NULL; - } else { - pos[0] = '\0'; - remaining = pos + 1; - } - - if (path[0] != '\0') { - /* The slot for the new token */ - slot = BASE_SLOT_ID + tokens->num; - - label = NULL; - base = NULL; - - /* Claim the various labels based on prefix */ - for (i = 0; label == NULL && labels[i].prefix != NULL; i++) { - if (strncmp (path, labels[i].prefix, strlen (labels[i].prefix)) == 0) { - label = labels[i].label; - labels[i].label = NULL; - } - } - - /* Didn't find a label above, then make one based on the path */ - if (!label) { - label = base = p11_path_base (path); - return_val_if_fail (base != NULL, false); - } - - token = p11_token_new (slot, path, label); - return_val_if_fail (token != NULL, false); - - if (!p11_array_push (tokens, token)) - return_val_if_reached (false); - - free (base); - assert (lookup_slot_inlock (slot, &check) == CKR_OK && check == token); - } - } - - free (alloc); - return true; -} - -static void -parse_argument (char *arg, - void *unused) -{ - char *value; - - value = arg + strcspn (arg, ":="); - if (!*value) - value = NULL; - else - *(value++) = 0; - - if (strcmp (arg, "paths") == 0) { - free (gl.paths); - gl.paths = value ? strdup (value) : NULL; - - } else { - p11_message ("unrecognized module argument: %s", arg); - } -} - -static CK_RV -sys_C_Finalize (CK_VOID_PTR reserved) -{ - CK_RV rv = CKR_OK; - - p11_debug ("in"); - - /* WARNING: This function must be reentrant */ - - if (reserved) { - rv = CKR_ARGUMENTS_BAD; - - } else { - p11_lock (); - - if (gl.initialized == 0) { - p11_debug ("trust module is not initialized"); - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - - } else if (gl.initialized == 1) { - p11_debug ("doing finalization"); - - free (gl.paths); - gl.paths = NULL; - - p11_dict_free (gl.sessions); - gl.sessions = NULL; - - p11_array_free (gl.tokens); - gl.tokens = NULL; - - rv = CKR_OK; - gl.initialized = 0; - - } else { - gl.initialized--; - p11_debug ("trust module still initialized %d times", gl.initialized); - } - - p11_unlock (); - } - - p11_debug ("out: 0x%lx", rv); - return rv; -} - -static CK_RV -sys_C_Initialize (CK_VOID_PTR init_args) -{ - static const CK_C_INITIALIZE_ARGS def_args = - { NULL, NULL, NULL, NULL, CKF_OS_LOCKING_OK, NULL, }; - const CK_C_INITIALIZE_ARGS *args = NULL; - int supplied_ok; - CK_RV rv; - - p11_library_init_once (); - - /* WARNING: This function must be reentrant */ - - p11_debug ("in"); - - p11_lock (); - - rv = CKR_OK; - - args = init_args; - if (args == NULL) - args = &def_args; - - /* ALL supplied function pointers need to have the value either NULL or non-NULL. */ - supplied_ok = (args->CreateMutex == NULL && args->DestroyMutex == NULL && - args->LockMutex == NULL && args->UnlockMutex == NULL) || - (args->CreateMutex != NULL && args->DestroyMutex != NULL && - args->LockMutex != NULL && args->UnlockMutex != NULL); - if (!supplied_ok) { - p11_message ("invalid set of mutex calls supplied"); - rv = CKR_ARGUMENTS_BAD; - } - - /* - * When the CKF_OS_LOCKING_OK flag isn't set return an error. - * We must be able to use our pthread functionality. - */ - if (!(args->flags & CKF_OS_LOCKING_OK)) { - p11_message ("can't do without os locking"); - rv = CKR_CANT_LOCK; - } - - if (rv == CKR_OK && gl.initialized != 0) { - p11_debug ("trust module already initialized %d times", - gl.initialized); - - /* - * We support setting the socket path and other arguments from from the - * pReserved pointer, similar to how NSS PKCS#11 components are initialized. - */ - } else if (rv == CKR_OK) { - p11_debug ("doing initialization"); - - if (args->pReserved) - p11_argv_parse ((const char*)args->pReserved, parse_argument, NULL); - - gl.sessions = p11_dict_new (p11_dict_ulongptr_hash, - p11_dict_ulongptr_equal, - NULL, p11_session_free); - - gl.tokens = p11_array_new ((p11_destroyer)p11_token_free); - if (gl.tokens && !create_tokens_inlock (gl.tokens, gl.paths ? gl.paths : TRUST_PATHS)) - gl.tokens = NULL; - - if (gl.sessions == NULL || gl.tokens == NULL) { - warn_if_reached (); - rv = CKR_GENERAL_ERROR; - } - } - - gl.initialized++; - - p11_unlock (); - - if (rv != CKR_OK) - sys_C_Finalize (NULL); - - p11_debug ("out: 0x%lx", rv); - return rv; -} - -static CK_RV -sys_C_GetInfo (CK_INFO_PTR info) -{ - CK_RV rv = CKR_OK; - - p11_library_init_once (); - - p11_debug ("in"); - - return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD); - - p11_lock (); - - if (!gl.sessions) - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - - p11_unlock (); - - if (rv == CKR_OK) { - memset (info, 0, sizeof (*info)); - info->cryptokiVersion.major = CRYPTOKI_VERSION_MAJOR; - info->cryptokiVersion.minor = CRYPTOKI_VERSION_MINOR; - info->libraryVersion.major = PACKAGE_MAJOR; - info->libraryVersion.minor = PACKAGE_MINOR; - info->flags = 0; - strncpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32); - strncpy ((char*)info->libraryDescription, LIBRARY_DESCRIPTION, 32); - } - - p11_debug ("out: 0x%lx", rv); - - return rv; -} - -static CK_RV -sys_C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) -{ - /* Can be called before C_Initialize */ - return_val_if_fail (list != NULL, CKR_ARGUMENTS_BAD); - - *list = &sys_function_list; - return CKR_OK; -} - -static CK_RV -sys_C_GetSlotList (CK_BBOOL token_present, - CK_SLOT_ID_PTR slot_list, - CK_ULONG_PTR count) -{ - CK_RV rv = CKR_OK; - int i; - - return_val_if_fail (count != NULL, CKR_ARGUMENTS_BAD); - - p11_debug ("in"); - - p11_lock (); - - if (!gl.sessions) - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - - p11_unlock (); - - if (rv != CKR_OK) { - /* already failed */ - - } else if (!slot_list) { - *count = gl.tokens->num; - rv = CKR_OK; - - } else if (*count < gl.tokens->num) { - *count = gl.tokens->num; - rv = CKR_BUFFER_TOO_SMALL; - - } else { - for (i = 0; i < gl.tokens->num; i++) - slot_list[i] = BASE_SLOT_ID + i; - *count = gl.tokens->num; - rv = CKR_OK; - } - - p11_debug ("out: 0x%lx", rv); - - return rv; -} - -static CK_RV -sys_C_GetSlotInfo (CK_SLOT_ID id, - CK_SLOT_INFO_PTR info) -{ - CK_RV rv = CKR_OK; - p11_token *token; - const char *path; - size_t length; - - return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD); - - p11_debug ("in"); - p11_lock (); - - rv = lookup_slot_inlock (id, &token); - if (rv == CKR_OK) { - memset (info, 0, sizeof (*info)); - info->firmwareVersion.major = 0; - info->firmwareVersion.minor = 0; - info->hardwareVersion.major = PACKAGE_MAJOR; - info->hardwareVersion.minor = PACKAGE_MINOR; - info->flags = CKF_TOKEN_PRESENT; - strncpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32); - - /* If too long, copy the first 64 characters into buffer */ - path = p11_token_get_path (token); - length = strlen (path); - if (length > sizeof (info->slotDescription)) - length = sizeof (info->slotDescription); - memset (info->slotDescription, ' ', sizeof (info->slotDescription)); - memcpy (info->slotDescription, path, length); - } - - p11_unlock (); - p11_debug ("out: 0x%lx", rv); - - return rv; -} - -static CK_RV -sys_C_GetTokenInfo (CK_SLOT_ID id, - CK_TOKEN_INFO_PTR info) -{ - CK_RV rv = CKR_OK; - p11_token *token; - const char *label; - size_t length; - - return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD); - - p11_debug ("in"); - - p11_lock (); - - rv = lookup_slot_inlock (id, &token); - if (rv == CKR_OK) { - memset (info, 0, sizeof (*info)); - info->firmwareVersion.major = 0; - info->firmwareVersion.minor = 0; - info->hardwareVersion.major = PACKAGE_MAJOR; - info->hardwareVersion.minor = PACKAGE_MINOR; - info->flags = CKF_TOKEN_INITIALIZED; - strncpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32); - strncpy ((char*)info->model, TOKEN_MODEL, 16); - strncpy ((char*)info->serialNumber, TOKEN_SERIAL_NUMBER, 16); - info->ulMaxSessionCount = CK_EFFECTIVELY_INFINITE; - info->ulSessionCount = CK_UNAVAILABLE_INFORMATION; - info->ulMaxRwSessionCount = 0; - info->ulRwSessionCount = CK_UNAVAILABLE_INFORMATION; - info->ulMaxPinLen = 0; - info->ulMinPinLen = 0; - info->ulTotalPublicMemory = CK_UNAVAILABLE_INFORMATION; - info->ulFreePublicMemory = CK_UNAVAILABLE_INFORMATION; - info->ulTotalPrivateMemory = CK_UNAVAILABLE_INFORMATION; - info->ulFreePrivateMemory = CK_UNAVAILABLE_INFORMATION; - - /* If too long, copy the first 32 characters into buffer */ - label = p11_token_get_label (token); - length = strlen (label); - if (length > sizeof (info->label)) - length = sizeof (info->label); - memset (info->label, ' ', sizeof (info->label)); - memcpy (info->label, label, length); - - if (!p11_token_is_writable (token)) - info->flags |= CKF_WRITE_PROTECTED; - } - - p11_unlock (); - p11_debug ("out: 0x%lx", rv); - - return rv; -} - -static CK_RV -sys_C_GetMechanismList (CK_SLOT_ID id, - CK_MECHANISM_TYPE_PTR mechanism_list, - CK_ULONG_PTR count) -{ - CK_RV rv = CKR_OK; - - return_val_if_fail (count != NULL, CKR_ARGUMENTS_BAD); - - p11_debug ("in"); - - *count = 0; - - p11_debug ("out: 0x%lx", rv); - return rv; -} - -static CK_RV -sys_C_GetMechanismInfo (CK_SLOT_ID id, - CK_MECHANISM_TYPE type, - CK_MECHANISM_INFO_PTR info) -{ - return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD); - return_val_if_fail (check_slot (id), CKR_SLOT_ID_INVALID); - return_val_if_reached (CKR_MECHANISM_INVALID); -} - -static CK_RV -sys_C_InitToken (CK_SLOT_ID id, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len, - CK_UTF8CHAR_PTR label) -{ - p11_debug ("not supported"); - return CKR_FUNCTION_NOT_SUPPORTED; -} - -static CK_RV -sys_C_WaitForSlotEvent (CK_FLAGS flags, - CK_SLOT_ID_PTR slot, - CK_VOID_PTR reserved) -{ - p11_debug ("not supported"); - return CKR_FUNCTION_NOT_SUPPORTED; -} - -static CK_RV -sys_C_OpenSession (CK_SLOT_ID id, - CK_FLAGS flags, - CK_VOID_PTR user_data, - CK_NOTIFY callback, - CK_SESSION_HANDLE_PTR handle) -{ - p11_session *session; - p11_token *token; - CK_RV rv = CKR_OK; - - return_val_if_fail (check_slot (id), CKR_SLOT_ID_INVALID); - return_val_if_fail (handle != NULL, CKR_ARGUMENTS_BAD); - - p11_debug ("in"); - - p11_lock (); - - rv = lookup_slot_inlock (id, &token); - if (rv != CKR_OK) { - /* fail below */; - - } else if (!(flags & CKF_SERIAL_SESSION)) { - rv = CKR_SESSION_PARALLEL_NOT_SUPPORTED; - - } else if ((flags & CKF_RW_SESSION) && - !p11_token_is_writable (token)) { - rv = CKR_TOKEN_WRITE_PROTECTED; - - } else { - session = p11_session_new (token); - if (p11_dict_set (gl.sessions, &session->handle, session)) { - rv = CKR_OK; - if (flags & CKF_RW_SESSION) - session->read_write = true; - *handle = session->handle; - p11_debug ("session: %lu", *handle); - } else { - warn_if_reached (); - rv = CKR_GENERAL_ERROR; - } - } - - p11_unlock (); - - p11_debug ("out: 0x%lx", rv); - - return rv; -} - -static CK_RV -sys_C_CloseSession (CK_SESSION_HANDLE handle) -{ - CK_RV rv = CKR_OK; - - p11_debug ("in"); - - p11_lock (); - - if (!gl.sessions) { - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - - } else if (p11_dict_remove (gl.sessions, &handle)) { - rv = CKR_OK; - - } else { - rv = CKR_SESSION_HANDLE_INVALID; - } - - p11_unlock (); - - p11_debug ("out: 0x%lx", rv); - - return rv; -} - -static CK_RV -sys_C_CloseAllSessions (CK_SLOT_ID id) -{ - CK_SESSION_HANDLE *handle; - p11_session *session; - p11_token *token; - p11_dictiter iter; - CK_RV rv; - - p11_debug ("in"); - - p11_lock (); - - rv = lookup_slot_inlock (id, &token); - if (rv == CKR_OK) { - p11_dict_iterate (gl.sessions, &iter); - while (p11_dict_next (&iter, (void **)&handle, (void **)&session)) { - if (session->token == token) - p11_dict_remove (gl.sessions, handle); - } - } - - p11_unlock (); - - p11_debug ("out: 0x%lx", rv); - - return rv; -} - -static CK_RV -sys_C_GetFunctionStatus (CK_SESSION_HANDLE handle) -{ - return CKR_SESSION_PARALLEL_NOT_SUPPORTED; -} - -static CK_RV -sys_C_CancelFunction (CK_SESSION_HANDLE handle) -{ - return CKR_SESSION_PARALLEL_NOT_SUPPORTED; -} - -static CK_RV -sys_C_GetSessionInfo (CK_SESSION_HANDLE handle, - CK_SESSION_INFO_PTR info) -{ - p11_session *session; - CK_RV rv; - - return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD); - - p11_debug ("in"); - - p11_lock (); - - rv = lookup_session (handle, &session); - if (rv == CKR_OK) { - info->flags = CKF_SERIAL_SESSION; - info->state = CKS_RO_PUBLIC_SESSION; - info->slotID = p11_token_get_slot (session->token); - info->ulDeviceError = 0; - } - - - p11_unlock (); - - p11_debug ("out: 0x%lx", rv); - - return rv; -} - -static CK_RV -sys_C_InitPIN (CK_SESSION_HANDLE handle, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len) -{ - p11_debug ("not supported"); - return CKR_FUNCTION_NOT_SUPPORTED; -} - -static CK_RV -sys_C_SetPIN (CK_SESSION_HANDLE handle, - CK_UTF8CHAR_PTR old_pin, - CK_ULONG old_pin_len, - CK_UTF8CHAR_PTR new_pin, - CK_ULONG new_pin_len) -{ - p11_debug ("not supported"); - return CKR_FUNCTION_NOT_SUPPORTED; -} - -static CK_RV -sys_C_GetOperationState (CK_SESSION_HANDLE handle, - CK_BYTE_PTR operation_state, - CK_ULONG_PTR operation_state_len) -{ - p11_debug ("not supported"); - return CKR_FUNCTION_NOT_SUPPORTED; -} - -static CK_RV -sys_C_SetOperationState (CK_SESSION_HANDLE handle, - CK_BYTE_PTR operation_state, - CK_ULONG operation_state_len, - CK_OBJECT_HANDLE encryption_key, - CK_OBJECT_HANDLE authentication_key) -{ - p11_debug ("not supported"); - return CKR_FUNCTION_NOT_SUPPORTED; -} - -static CK_RV -sys_C_Login (CK_SESSION_HANDLE handle, - CK_USER_TYPE user_type, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len) -{ - CK_RV rv; - - p11_debug ("in"); - - p11_lock (); - - rv = lookup_session (handle, NULL); - if (rv == CKR_OK) - rv = CKR_USER_TYPE_INVALID; - - p11_unlock (); - - p11_debug ("out: 0x%lx", rv); - - return rv; -} - -static CK_RV -sys_C_Logout (CK_SESSION_HANDLE handle) -{ - CK_RV rv; - - p11_debug ("in"); - - p11_lock (); - - rv = lookup_session (handle, NULL); - if (rv == CKR_OK) - rv = CKR_USER_NOT_LOGGED_IN; - - p11_unlock (); - - p11_debug ("out: 0x%lx", rv); - - return rv; -} - -static CK_RV -sys_C_CreateObject (CK_SESSION_HANDLE handle, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR new_object) -{ - p11_session *session; - p11_index *index; - CK_BBOOL val; - CK_RV rv; - - return_val_if_fail (new_object != NULL, CKR_ARGUMENTS_BAD); - - p11_debug ("in"); - - p11_lock (); - - rv = lookup_session (handle, &session); - if (rv == CKR_OK) { - if (p11_attrs_findn_bool (template, count, CKA_TOKEN, &val) && val) - index = p11_token_index (session->token); - else - index = session->index; - rv = check_index_writable (session, index); - } - - if (rv == CKR_OK) - rv = p11_index_add (index, template, count, new_object); - - p11_unlock (); - - p11_debug ("out: 0x%lx", rv); - - return rv; -} - -static CK_RV -sys_C_CopyObject (CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR new_object) -{ - CK_BBOOL vfalse = CK_FALSE; - CK_ATTRIBUTE token = { CKA_TOKEN, &vfalse, sizeof (vfalse) }; - p11_session *session; - CK_ATTRIBUTE *original; - CK_ATTRIBUTE *attrs; - p11_index *index; - CK_BBOOL val; - CK_RV rv; - - return_val_if_fail (new_object != NULL, CKR_ARGUMENTS_BAD); - - p11_debug ("in"); - - p11_lock (); - - rv = lookup_session (handle, &session); - if (rv == CKR_OK) { - original = lookup_object_inlock (session, object, &index); - if (original == NULL) - rv = CKR_OBJECT_HANDLE_INVALID; - } - - if (rv == CKR_OK) { - if (p11_attrs_findn_bool (template, count, CKA_TOKEN, &val)) - index = val ? p11_token_index (session->token) : session->index; - rv = check_index_writable (session, index); - } - - if (rv == CKR_OK) { - attrs = p11_attrs_dup (original); - attrs = p11_attrs_buildn (attrs, template, count); - attrs = p11_attrs_build (attrs, &token, NULL); - rv = p11_index_take (index, attrs, new_object); - } - - p11_unlock (); - - p11_debug ("out: 0x%lx", rv); - - return rv; -} - -static CK_RV -sys_C_DestroyObject (CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE object) -{ - p11_session *session; - CK_ATTRIBUTE *attrs; - p11_index *index; - CK_BBOOL val; - CK_RV rv; - - p11_debug ("in"); - - p11_lock (); - - rv = lookup_session (handle, &session); - if (rv == CKR_OK) { - attrs = lookup_object_inlock (session, object, &index); - if (attrs == NULL) - rv = CKR_OBJECT_HANDLE_INVALID; - else - rv = check_index_writable (session, index); - - if (rv == CKR_OK && p11_attrs_find_bool (attrs, CKA_MODIFIABLE, &val) && !val) { - /* TODO: This should be replaced with CKR_ACTION_PROHIBITED */ - rv = CKR_ATTRIBUTE_READ_ONLY; - } - - if (rv == CKR_OK) - rv = p11_index_remove (index, object); - } - - p11_unlock (); - - p11_debug ("out: 0x%lx", rv); - - return rv; -} - -static CK_RV -sys_C_GetObjectSize (CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE object, - CK_ULONG_PTR size) -{ - p11_session *session; - CK_RV rv; - - return_val_if_fail (size != NULL, CKR_ARGUMENTS_BAD); - - p11_debug ("in"); - - p11_lock (); - - rv = lookup_session (handle, &session); - if (rv == CKR_OK) { - if (lookup_object_inlock (session, object, NULL)) { - *size = CK_UNAVAILABLE_INFORMATION; - rv = CKR_OK; - } else { - rv = CKR_OBJECT_HANDLE_INVALID; - } - } - - p11_unlock (); - - p11_debug ("out: 0x%lx", rv); - - return rv; -} - -static CK_RV -sys_C_GetAttributeValue (CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *result; - CK_ATTRIBUTE *attr; - p11_session *session; - char *string; - CK_ULONG i; - CK_RV rv; - - p11_debug ("in: %lu, %lu", handle, object); - - p11_lock (); - - rv = lookup_session (handle, &session); - if (rv == CKR_OK) { - attrs = lookup_object_inlock (session, object, NULL); - if (attrs == NULL) - rv = CKR_OBJECT_HANDLE_INVALID; - } - - if (rv == CKR_OK) { - for (i = 0; i < count; i++) { - result = template + i; - attr = p11_attrs_find (attrs, result->type); - if (!attr) { - result->ulValueLen = (CK_ULONG)-1; - rv = CKR_ATTRIBUTE_TYPE_INVALID; - continue; - } - - if (!result->pValue) { - result->ulValueLen = attr->ulValueLen; - continue; - } - - if (result->ulValueLen >= attr->ulValueLen) { - memcpy (result->pValue, attr->pValue, attr->ulValueLen); - result->ulValueLen = attr->ulValueLen; - continue; - } - - result->ulValueLen = (CK_ULONG)-1; - rv = CKR_BUFFER_TOO_SMALL; - } - } - - p11_unlock (); - - if (p11_debugging) { - string = p11_attrs_to_string (template, count); - p11_debug ("out: 0x%lx %s", rv, string); - free (string); - } - - return rv; -} - -static CK_RV -sys_C_SetAttributeValue (CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - p11_session *session; - CK_ATTRIBUTE *attrs; - p11_index *index; - CK_BBOOL val; - CK_RV rv; - - p11_debug ("in"); - - p11_lock (); - - rv = lookup_session (handle, &session); - if (rv == CKR_OK) { - attrs = lookup_object_inlock (session, object, &index); - if (attrs == NULL) { - rv = CKR_OBJECT_HANDLE_INVALID; - } else if (p11_attrs_find_bool (attrs, CKA_MODIFIABLE, &val) && !val) { - /* TODO: This should be replaced with CKR_ACTION_PROHIBITED */ - rv = CKR_ATTRIBUTE_READ_ONLY; - } - - if (rv == CKR_OK) - rv = check_index_writable (session, index); - - /* Reload the item if applicable */ - if (rv == CKR_OK && index == p11_token_index (session->token)) { - if (p11_token_reload (session->token, attrs)) { - attrs = p11_index_lookup (index, object); - if (p11_attrs_find_bool (attrs, CKA_MODIFIABLE, &val) && !val) { - /* TODO: This should be replaced with CKR_ACTION_PROHIBITED */ - rv = CKR_ATTRIBUTE_READ_ONLY; - } - } - } - - if (rv == CKR_OK) - rv = p11_index_set (index, object, template, count); - } - - p11_unlock (); - - p11_debug ("out: 0x%lx", rv); - - return rv; -} - -static CK_RV -sys_C_FindObjectsInit (CK_SESSION_HANDLE handle, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - p11_index *indices[2] = { NULL, NULL }; - CK_BBOOL want_token_objects; - CK_BBOOL want_session_objects; - CK_BBOOL token; - FindObjects *find; - p11_session *session; - char *string; - CK_RV rv; - int n = 0; - - if (p11_debugging) { - string = p11_attrs_to_string (template, count); - p11_debug ("in: %lu, %s", handle, string); - free (string); - } - - p11_lock (); - - /* Are we searching for token objects? */ - if (p11_attrs_findn_bool (template, count, CKA_TOKEN, &token)) { - want_token_objects = token; - want_session_objects = !token; - } else { - want_token_objects = CK_TRUE; - want_session_objects = CK_TRUE; - } - - rv = lookup_session (handle, &session); - - /* Refresh from disk if this session hasn't yet */ - if (rv == CKR_OK) { - if (want_session_objects) - indices[n++] = session->index; - if (want_token_objects) { - if (!session->loaded) - p11_token_load (session->token); - session->loaded = CK_TRUE; - indices[n++] = p11_token_index (session->token); - } - - find = calloc (1, sizeof (FindObjects)); - warn_if_fail (find != NULL); - - /* Make a snapshot of what we're matching */ - if (find) { - find->match = p11_attrs_buildn (NULL, template, count); - warn_if_fail (find->match != NULL); - - /* Build a session snapshot of all objects */ - find->iterator = 0; - find->snapshot = p11_index_snapshot (indices[0], indices[1], template, count); - warn_if_fail (find->snapshot != NULL); - } - - if (!find || !find->snapshot || !find->match) - rv = CKR_HOST_MEMORY; - else - p11_session_set_operation (session, find_objects_free, find); - } - - p11_unlock (); - - p11_debug ("out: 0x%lx", rv); - - return rv; -} - -static bool -match_for_broken_nss_serial_number_lookups (CK_ATTRIBUTE *attr, - CK_ATTRIBUTE *match) -{ - unsigned char der[32]; - unsigned char *val_val; - size_t der_len; - size_t val_len; - int len_len; - - if (!match->pValue || !match->ulValueLen || - match->ulValueLen == CKA_INVALID || - attr->ulValueLen == CKA_INVALID) - return false; - - der_len = sizeof (der); - der[0] = ASN1_TAG_INTEGER | ASN1_CLASS_UNIVERSAL; - len_len = der_len - 1; - asn1_length_der (match->ulValueLen, der + 1, &len_len); - assert (len_len < (der_len - 1)); - der_len = 1 + len_len; - - val_val = attr->pValue; - val_len = attr->ulValueLen; - - if (der_len + match->ulValueLen != val_len) - return false; - - if (memcmp (der, val_val, der_len) != 0 || - memcmp (match->pValue, val_val + der_len, match->ulValueLen) != 0) - return false; - - p11_debug ("worked around serial number lookup that's not DER encoded"); - return true; -} - -static bool -find_objects_match (CK_ATTRIBUTE *attrs, - CK_ATTRIBUTE *match) -{ - CK_OBJECT_CLASS klass; - CK_ATTRIBUTE *attr; - - for (; !p11_attrs_terminator (match); match++) { - attr = p11_attrs_find ((CK_ATTRIBUTE *)attrs, match->type); - if (!attr) - return false; - if (p11_attr_equal (attr, match)) - continue; - - /* - * WORKAROUND: NSS calls us asking for CKA_SERIAL_NUMBER items that are - * not DER encoded. It shouldn't be doing this. We never return any certificate - * serial numbers that are not DER encoded. - * - * So work around the issue here while the NSS guys fix this issue. - * This code should be removed in future versions. - */ - - if (attr->type == CKA_SERIAL_NUMBER && - p11_attrs_find_ulong (attrs, CKA_CLASS, &klass) && - klass == CKO_NSS_TRUST) { - if (match_for_broken_nss_serial_number_lookups (attr, match)) - continue; - } - - return false; - } - - return true; -} - -static CK_RV -sys_C_FindObjects (CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE_PTR objects, - CK_ULONG max_count, - CK_ULONG_PTR count) -{ - CK_OBJECT_HANDLE object; - CK_ATTRIBUTE *attrs; - FindObjects *find = NULL; - p11_session *session; - CK_ULONG matched; - p11_index *index; - CK_RV rv; - - return_val_if_fail (count != NULL, CKR_ARGUMENTS_BAD); - - p11_debug ("in: %lu, %lu", handle, max_count); - - p11_lock (); - - rv = lookup_session (handle, &session); - if (rv == CKR_OK) { - if (session->cleanup != find_objects_free) - rv = CKR_OPERATION_NOT_INITIALIZED; - find = session->operation; - } - - if (rv == CKR_OK) { - matched = 0; - while (matched < max_count) { - object = find->snapshot[find->iterator]; - if (!object) - break; - - find->iterator++; - - attrs = lookup_object_inlock (session, object, &index); - if (attrs == NULL) - continue; - - if (find_objects_match (attrs, find->match)) { - objects[matched] = object; - matched++; - } - } - - *count = matched; - } - - p11_unlock (); - - p11_debug ("out: 0x%lx, %lu", handle, *count); - - return rv; -} - -static CK_RV -sys_C_FindObjectsFinal (CK_SESSION_HANDLE handle) -{ - p11_session *session; - CK_RV rv; - - p11_debug ("in"); - - p11_lock (); - - rv = lookup_session (handle, &session); - if (rv == CKR_OK) { - if (session->cleanup != find_objects_free) - rv = CKR_OPERATION_NOT_INITIALIZED; - else - p11_session_set_operation (session, NULL, NULL); - } - - p11_unlock (); - - p11_debug ("out: 0x%lx", rv); - - return rv; -} - -static CK_RV -sys_C_EncryptInit (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return_val_if_reached (CKR_MECHANISM_INVALID); -} - -static CK_RV -sys_C_Encrypt (CK_SESSION_HANDLE handle, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR encrypted_data, - CK_ULONG_PTR encrypted_data_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_EncryptUpdate (CK_SESSION_HANDLE handle, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR encrypted_part, - CK_ULONG_PTR encrypted_part_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_EncryptFinal (CK_SESSION_HANDLE handle, - CK_BYTE_PTR last_part, - CK_ULONG_PTR last_part_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_DecryptInit (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return_val_if_reached (CKR_MECHANISM_INVALID); -} - -static CK_RV -sys_C_Decrypt (CK_SESSION_HANDLE handle, - CK_BYTE_PTR enc_data, - CK_ULONG enc_data_len, - CK_BYTE_PTR data, - CK_ULONG_PTR data_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_DecryptUpdate (CK_SESSION_HANDLE handle, - CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_DecryptFinal (CK_SESSION_HANDLE handle, - CK_BYTE_PTR last_part, - CK_ULONG_PTR last_part_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_DigestInit (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism) -{ - return_val_if_reached (CKR_MECHANISM_INVALID); -} - -static CK_RV -sys_C_Digest (CK_SESSION_HANDLE handle, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_DigestUpdate (CK_SESSION_HANDLE handle, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_DigestKey (CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE key) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_DigestFinal (CK_SESSION_HANDLE handle, - CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_SignInit (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return_val_if_reached (CKR_MECHANISM_INVALID); -} - -static CK_RV -sys_C_Sign (CK_SESSION_HANDLE handle, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_SignUpdate (CK_SESSION_HANDLE handle, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_SignFinal (CK_SESSION_HANDLE handle, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_SignRecoverInit (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return_val_if_reached (CKR_MECHANISM_INVALID); -} - -static CK_RV -sys_C_SignRecover (CK_SESSION_HANDLE handle, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_VerifyInit (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return_val_if_reached (CKR_MECHANISM_INVALID); -} - -static CK_RV -sys_C_Verify (CK_SESSION_HANDLE handle, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR signature, - CK_ULONG signature_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_VerifyUpdate (CK_SESSION_HANDLE handle, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_VerifyFinal (CK_SESSION_HANDLE handle, - CK_BYTE_PTR signature, - CK_ULONG signature_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_VerifyRecoverInit (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return_val_if_reached (CKR_MECHANISM_INVALID); -} - -static CK_RV -sys_C_VerifyRecover (CK_SESSION_HANDLE handle, - CK_BYTE_PTR signature, - CK_ULONG signature_len, - CK_BYTE_PTR data, - CK_ULONG_PTR data_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_DigestEncryptUpdate (CK_SESSION_HANDLE handle, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR enc_part, - CK_ULONG_PTR enc_part_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_DecryptDigestUpdate (CK_SESSION_HANDLE handle, - CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_SignEncryptUpdate (CK_SESSION_HANDLE handle, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR enc_part, - CK_ULONG_PTR enc_part_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_DecryptVerifyUpdate (CK_SESSION_HANDLE handle, - CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_GenerateKey (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - return_val_if_reached (CKR_MECHANISM_INVALID); -} - -static CK_RV -sys_C_GenerateKeyPair (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR pub_template, - CK_ULONG pub_count, - CK_ATTRIBUTE_PTR priv_template, - CK_ULONG priv_count, - CK_OBJECT_HANDLE_PTR pub_key, - CK_OBJECT_HANDLE_PTR priv_key) -{ - return_val_if_reached (CKR_MECHANISM_INVALID); -} - -static CK_RV -sys_C_WrapKey (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE wrapping_key, - CK_OBJECT_HANDLE key, - CK_BYTE_PTR wrapped_key, - CK_ULONG_PTR wrapped_key_len) -{ - return_val_if_reached (CKR_MECHANISM_INVALID); -} - -static CK_RV -sys_C_UnwrapKey (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE unwrapping_key, - CK_BYTE_PTR wrapped_key, - CK_ULONG wrapped_key_len, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - return_val_if_reached (CKR_MECHANISM_INVALID); -} - -static CK_RV -sys_C_DeriveKey (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE base_key, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - return_val_if_reached (CKR_MECHANISM_INVALID); -} - -static CK_RV -sys_C_SeedRandom (CK_SESSION_HANDLE handle, - CK_BYTE_PTR seed, - CK_ULONG seed_len) -{ - return_val_if_reached (CKR_RANDOM_NO_RNG); -} - -static CK_RV -sys_C_GenerateRandom (CK_SESSION_HANDLE handle, - CK_BYTE_PTR random_data, - CK_ULONG random_len) -{ - return_val_if_reached (CKR_RANDOM_NO_RNG); -} - -/* -------------------------------------------------------------------- - * MODULE ENTRY POINT - */ - -static CK_FUNCTION_LIST sys_function_list = { - { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, /* version */ - sys_C_Initialize, - sys_C_Finalize, - sys_C_GetInfo, - sys_C_GetFunctionList, - sys_C_GetSlotList, - sys_C_GetSlotInfo, - sys_C_GetTokenInfo, - sys_C_GetMechanismList, - sys_C_GetMechanismInfo, - sys_C_InitToken, - sys_C_InitPIN, - sys_C_SetPIN, - sys_C_OpenSession, - sys_C_CloseSession, - sys_C_CloseAllSessions, - sys_C_GetSessionInfo, - sys_C_GetOperationState, - sys_C_SetOperationState, - sys_C_Login, - sys_C_Logout, - sys_C_CreateObject, - sys_C_CopyObject, - sys_C_DestroyObject, - sys_C_GetObjectSize, - sys_C_GetAttributeValue, - sys_C_SetAttributeValue, - sys_C_FindObjectsInit, - sys_C_FindObjects, - sys_C_FindObjectsFinal, - sys_C_EncryptInit, - sys_C_Encrypt, - sys_C_EncryptUpdate, - sys_C_EncryptFinal, - sys_C_DecryptInit, - sys_C_Decrypt, - sys_C_DecryptUpdate, - sys_C_DecryptFinal, - sys_C_DigestInit, - sys_C_Digest, - sys_C_DigestUpdate, - sys_C_DigestKey, - sys_C_DigestFinal, - sys_C_SignInit, - sys_C_Sign, - sys_C_SignUpdate, - sys_C_SignFinal, - sys_C_SignRecoverInit, - sys_C_SignRecover, - sys_C_VerifyInit, - sys_C_Verify, - sys_C_VerifyUpdate, - sys_C_VerifyFinal, - sys_C_VerifyRecoverInit, - sys_C_VerifyRecover, - sys_C_DigestEncryptUpdate, - sys_C_DecryptDigestUpdate, - sys_C_SignEncryptUpdate, - sys_C_DecryptVerifyUpdate, - sys_C_GenerateKey, - sys_C_GenerateKeyPair, - sys_C_WrapKey, - sys_C_UnwrapKey, - sys_C_DeriveKey, - sys_C_SeedRandom, - sys_C_GenerateRandom, - sys_C_GetFunctionStatus, - sys_C_CancelFunction, - sys_C_WaitForSlotEvent -}; - -#ifdef OS_WIN32 -__declspec(dllexport) -#endif - -CK_RV -C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) -{ - p11_library_init_once (); - return sys_C_GetFunctionList (list); -} - -CK_ULONG -p11_module_next_id (void) -{ - static CK_ULONG unique = 0x10; - return (unique)++; -} - -#ifdef OS_UNIX - -void p11_trust_module_init (void); - -void p11_trust_module_fini (void); - -#ifdef __GNUC__ -__attribute__((constructor)) -#endif -void -p11_trust_module_init (void) -{ - p11_library_init_once (); -} - -#ifdef __GNUC__ -__attribute__((destructor)) -#endif -void -p11_trust_module_fini (void) -{ - p11_library_uninit (); -} - -#endif /* OS_UNIX */ - -#ifdef OS_WIN32 - -BOOL WINAPI DllMain (HINSTANCE, DWORD, LPVOID); - -BOOL WINAPI -DllMain (HINSTANCE instance, - DWORD reason, - LPVOID reserved) -{ - switch (reason) { - case DLL_PROCESS_ATTACH: - p11_library_init (); - break; - case DLL_THREAD_DETACH: - p11_library_thread_cleanup (); - break; - case DLL_PROCESS_DETACH: - p11_library_uninit (); - break; - default: - break; - } - - return TRUE; -} - -#endif /* OS_WIN32 */ diff --git a/trust/module.h b/trust/module.h deleted file mode 100644 index 13b928a..0000000 --- a/trust/module.h +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "pkcs11.h" - -#ifndef P11_MODULE_H_ -#define P11_MODULE_H_ - -CK_ULONG p11_module_next_id (void); - -#endif /* P11_MODULE_H_ */ diff --git a/trust/oid.c b/trust/oid.c deleted file mode 100644 index dff4148..0000000 --- a/trust/oid.c +++ /dev/null @@ -1,96 +0,0 @@ -/* - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "hash.h" -#include "oid.h" - -#include -#include -#include -#include - -/* - * We deal with OIDs a lot in their DER form. These have the - * advantage of having the length encoded in their second byte, - * at least for all the OIDs we're interested in. - * - * The goal here is to avoid carrying around extra length - * information about DER encoded OIDs. - */ - -bool -p11_oid_simple (const unsigned char *oid, - int len) -{ - return (oid != NULL && - len > 3 && /* minimum length */ - oid[0] == 0x06 && /* simple encoding */ - (oid[1] & 128) == 0 && /* short form length */ - (size_t)oid[1] == len - 2); /* matches length */ -} - -unsigned int -p11_oid_hash (const void *oid) -{ - uint32_t hash; - int len; - - len = p11_oid_length (oid); - p11_hash_murmur3 (&hash, oid, len, NULL); - return hash; -} - -bool -p11_oid_equal (const void *oid_one, - const void *oid_two) -{ - int len_one; - int len_two; - - len_one = p11_oid_length (oid_one); - len_two = p11_oid_length (oid_two); - - return (len_one == len_two && - memcmp (oid_one, oid_two, len_one) == 0); -} - -int -p11_oid_length (const unsigned char *oid) -{ - assert (oid[0] == 0x06); - assert ((oid[1] & 128) == 0); - return (int)oid[1] + 2; -} diff --git a/trust/oid.h b/trust/oid.h deleted file mode 100644 index cf510fe..0000000 --- a/trust/oid.h +++ /dev/null @@ -1,236 +0,0 @@ -/* - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef P11_OIDS_H_ -#define P11_OIDS_H_ - -#include "compat.h" - -bool p11_oid_simple (const unsigned char *oid, - int len); - -unsigned int p11_oid_hash (const void *oid); - -bool p11_oid_equal (const void *oid_one, - const void *oid_two); - -int p11_oid_length (const unsigned char *oid); - -/* - * 2.5.4.3: CN or commonName - */ -static const unsigned char P11_OID_CN[] = - { 0x06, 0x03, 0x55, 0x04, 0x03, }; - -/* - * 2.5.4.10: O or organization - */ -static const unsigned char P11_OID_O[] = - { 0x06, 0x03, 0x55, 0x04, 0x0a, }; - -/* - * 2.5.4.11: OU or organizationalUnit - */ -static const unsigned char P11_OID_OU[] = - { 0x06, 0x03, 0x55, 0x04, 0x0b, }; - -/* - * Our support of certificate extensions and so on is not limited to what is - * listed here. This is simply the OIDs used by the parsing code that generates - * backwards compatible PKCS#11 objects for NSS and the like. - */ - -/* - * 2.5.29.14: SubjectKeyIdentifier - */ -static const unsigned char P11_OID_SUBJECT_KEY_IDENTIFIER[] = - { 0x06, 0x03, 0x55, 0x1d, 0x0e }; -static const char P11_OID_SUBJECT_KEY_IDENTIFIER_STR[] = "2.5.29.14"; - -/* - * 2.5.29.15: KeyUsage - * - * Defined in RFC 5280 - */ -static const unsigned char P11_OID_KEY_USAGE[] = - { 0x06, 0x03, 0x55, 0x1d, 0x0f }; -static const char P11_OID_KEY_USAGE_STR[] = { "2.5.29.15" }; - -enum { - P11_KU_DIGITAL_SIGNATURE = 128, - P11_KU_NON_REPUDIATION = 64, - P11_KU_KEY_ENCIPHERMENT = 32, - P11_KU_DATA_ENCIPHERMENT = 16, - P11_KU_KEY_AGREEMENT = 8, - P11_KU_KEY_CERT_SIGN = 4, - P11_KU_CRL_SIGN = 2, - P11_KU_ENCIPHER_ONLY = 1, - P11_KU_DECIPHER_ONLY = 32768, -}; - -/* - * 2.5.29.19: BasicConstraints - * - * Defined in RFC 5280 - */ -static const unsigned char P11_OID_BASIC_CONSTRAINTS[] = - { 0x06, 0x03, 0x55, 0x1d, 0x13 }; -static const char P11_OID_BASIC_CONSTRAINTS_STR[] = "2.5.29.19"; - -/* - * 2.5.29.37: ExtendedKeyUsage - * - * Defined in RFC 5280 - */ -static const unsigned char P11_OID_EXTENDED_KEY_USAGE[] = - { 0x06, 0x03, 0x55, 0x1d, 0x25 }; -static const char P11_OID_EXTENDED_KEY_USAGE_STR[] = "2.5.29.37"; - -/* - * 1.3.6.1.4.1.3319.6.10.1: OpenSSL reject extension - * - * An internally defined certificate extension. - * - * OpenSSL contains a list of OID extended key usages to reject. - * The normal X.509 model is to only *include* the extended key - * usages that are to be allowed (ie: a whitelist). It's not clear - * exactly how valid and useful the reject per extended key usage - * model is. - * - * However in order to parse openssl trust policy information and - * be able to write it back out in the same way, we define a custom - * certificate extension to store it. - * - * It is not expected (or supported) for others outside of p11-kit - * to read this information at this point. - * - * This extension is never marked critical. It is not necessary to - * respect information in this certificate extension given that the - * ExtendedKeyUsage extension carries the same information as a - * whitelist. - */ -static const unsigned char P11_OID_OPENSSL_REJECT[] = - { 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x99, 0x77, 0x06, 0x0a, 0x01 }; -static const char P11_OID_OPENSSL_REJECT_STR[] = "1.3.6.1.4.1.3319.6.10.1"; - -/* - * 1.3.6.1.5.5.7.3.1: Server Auth - * - * Defined in RFC 5280 - */ -static const unsigned char P11_OID_SERVER_AUTH[] = - { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01 }; -static const char P11_OID_SERVER_AUTH_STR[] = "1.3.6.1.5.5.7.3.1"; - -/* - * 1.3.6.1.5.5.7.3.2: Client Auth - * - * Defined in RFC 5280 - */ -static const unsigned char P11_OID_CLIENT_AUTH[] = - { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02 }; -static const char P11_OID_CLIENT_AUTH_STR[] = "1.3.6.1.5.5.7.3.2"; - -/* - * 1.3.6.1.5.5.7.3.3: Code Signing - * - * Defined in RFC 5280 - */ -static const unsigned char P11_OID_CODE_SIGNING[] = - { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x03 }; -static const char P11_OID_CODE_SIGNING_STR[] = "1.3.6.1.5.5.7.3.3"; - -/* - * 1.3.6.1.5.5.7.3.4: Email Protection - * - * Defined in RFC 5280 - */ -static const unsigned char P11_OID_EMAIL_PROTECTION[] = - { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x04 }; -static const char P11_OID_EMAIL_PROTECTION_STR[] = "1.3.6.1.5.5.7.3.4"; - -/* - * 1.3.6.1.5.5.7.3.5: IPSec End System - * - * Defined in RFC 2459 - */ -static const unsigned char P11_OID_IPSEC_END_SYSTEM[] = - { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x05 }; -static const char P11_OID_IPSEC_END_SYSTEM_STR[] = "1.3.6.1.5.5.7.3.5"; - -/* - * 1.3.6.1.5.5.7.3.6: IPSec Tunnel - * - * Defined in RFC 2459 - */ -static const unsigned char P11_OID_IPSEC_TUNNEL[] = - { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x06 }; -static const char P11_OID_IPSEC_TUNNEL_STR[] = "1.3.6.1.5.5.7.3.6"; - -/* - * 1.3.6.1.5.5.7.3.7: IPSec User - * - * Defined in RFC 2459 - */ -static const unsigned char P11_OID_IPSEC_USER[] = - { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x07 }; -static const char P11_OID_IPSEC_USER_STR[] = "1.3.6.1.5.5.7.3.7"; - -/* - * 1.3.6.1.5.5.7.3.8: Time Stamping - * - * Defined in RFC 2459 - */ -static const unsigned char P11_OID_TIME_STAMPING[] = - { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x08 }; -static const char P11_OID_TIME_STAMPING_STR[] = "1.3.6.1.5.5.7.3.8"; -/* - * 1.3.6.1.4.1.3319.6.10.16: Reserved key purpose - * - * An internally defined reserved/dummy key purpose - * - * This is used with ExtendedKeyUsage certificate extensions to - * be a place holder when no other purposes are defined. - * - * In theory such a certificate should be blacklisted. But in reality - * many implementations use such empty sets of purposes. RFC 5280 requires - * at least one purpose in an ExtendedKeyUsage. - * - * Obviously this purpose should never be checked against. - */ -static const unsigned char P11_OID_RESERVED_PURPOSE[] = - { 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x99, 0x77, 0x06, 0x0a, 0x10 }; -static const char P11_OID_RESERVED_PURPOSE_STR[] = "1.3.6.1.4.1.3319.6.10.16"; - -#endif diff --git a/trust/openssl.asn b/trust/openssl.asn deleted file mode 100644 index c1f452b..0000000 --- a/trust/openssl.asn +++ /dev/null @@ -1,28 +0,0 @@ - -OPENSSL { } - -DEFINITIONS IMPLICIT TAGS ::= - -BEGIN - --- This module contains structures specific to OpenSSL - -CertAux ::= SEQUENCE { - trust SEQUENCE OF OBJECT IDENTIFIER OPTIONAL, - reject [0] SEQUENCE OF OBJECT IDENTIFIER OPTIONAL, - alias UTF8String OPTIONAL, - keyid OCTET STRING OPTIONAL, - other [1] SEQUENCE OF AlgorithmIdentifier OPTIONAL -} - --- Dependencies brought in from other modules - -AlgorithmIdentifier ::= SEQUENCE { - algorithm OBJECT IDENTIFIER, - parameters ANY DEFINED BY algorithm OPTIONAL -} - -UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING - -- The content of this type conforms to RFC 2279. - -END diff --git a/trust/openssl.asn.h b/trust/openssl.asn.h deleted file mode 100644 index 4e6b240..0000000 --- a/trust/openssl.asn.h +++ /dev/null @@ -1,28 +0,0 @@ -#if HAVE_CONFIG_H -# include "config.h" -#endif - -#include - -const ASN1_ARRAY_TYPE openssl_asn1_tab[] = { - { "OPENSSL", 536875024, NULL }, - { NULL, 1073741836, NULL }, - { "CertAux", 1610612741, NULL }, - { "trust", 1610629131, NULL }, - { NULL, 12, NULL }, - { "reject", 1610637323, NULL }, - { NULL, 1073745928, "0"}, - { NULL, 12, NULL }, - { "alias", 1073758210, "UTF8String"}, - { "keyid", 1073758215, NULL }, - { "other", 536895499, NULL }, - { NULL, 1073745928, "1"}, - { NULL, 2, "AlgorithmIdentifier"}, - { "AlgorithmIdentifier", 1610612741, NULL }, - { "algorithm", 1073741836, NULL }, - { "parameters", 541081613, NULL }, - { "algorithm", 1, NULL }, - { "UTF8String", 536879111, NULL }, - { NULL, 4360, "12"}, - { NULL, 0, NULL } -}; diff --git a/trust/p11-kit-trust.module b/trust/p11-kit-trust.module deleted file mode 100644 index 2f53ef6..0000000 --- a/trust/p11-kit-trust.module +++ /dev/null @@ -1,17 +0,0 @@ -# See pkcs11.conf(5) to understand this file - -# This is a module config for the 'included' p11-kit trust module -module: p11-kit-trust.so - -# This setting affects the order that trust policy and other information -# is looked up when going across various modules. Other trust policy modules -# need to specify the priority where they slot into things. -priority: 1 - -# Mark this module as a viable source of trust policy information -trust-policy: yes - -# This is for drop-in compatibility with glib-networking and gcr. Those -# projects used this non-standard attribute to denote slots to use to -# retrieve trust information. -x-trust-lookup: pkcs11:library-description=PKCS%2311%20Kit%20Trust%20Module diff --git a/trust/parser.c b/trust/parser.c deleted file mode 100644 index 41513d4..0000000 --- a/trust/parser.c +++ /dev/null @@ -1,762 +0,0 @@ -/* - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "array.h" -#include "asn1.h" -#include "attrs.h" -#define P11_DEBUG_FLAG P11_DEBUG_TRUST -#include "debug.h" -#include "dict.h" -#include "digest.h" -#include "message.h" -#include "module.h" -#include "oid.h" -#include "parser.h" -#include "path.h" -#include "pem.h" -#include "pkcs11x.h" -#include "persist.h" -#include "x509.h" - -#include - -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -struct _p11_parser { - p11_asn1_cache *asn1_cache; - p11_dict *asn1_defs; - bool asn1_owned; - p11_persist *persist; - char *basename; - p11_array *parsed; - p11_array *formats; - int flags; -}; - -#define ID_LENGTH P11_DIGEST_SHA1_LEN - -typedef int (* parser_func) (p11_parser *parser, - const unsigned char *data, - size_t length); - -static CK_ATTRIBUTE * -populate_trust (p11_parser *parser, - CK_ATTRIBUTE *attrs) -{ - CK_BBOOL trustedv; - CK_BBOOL distrustv; - - CK_ATTRIBUTE trusted = { CKA_TRUSTED, &trustedv, sizeof (trustedv) }; - CK_ATTRIBUTE distrust = { CKA_X_DISTRUSTED, &distrustv, sizeof (distrustv) }; - - /* - * If we're are parsing an anchor location, then warn about any ditsrusted - * certificates there, but don't go ahead and automatically make them - * trusted anchors. - */ - if (parser->flags & P11_PARSE_FLAG_ANCHOR) { - if (p11_attrs_find_bool (attrs, CKA_X_DISTRUSTED, &distrustv) && distrustv) { - p11_message ("certificate with distrust in location for anchors: %s", parser->basename); - return attrs; - - } - - trustedv = CK_TRUE; - distrustv = CK_FALSE; - - /* - * If we're parsing a blacklist location, then force all certificates to - * be blacklisted, regardless of whether they contain anchor information. - */ - } else if (parser->flags & P11_PARSE_FLAG_BLACKLIST) { - if (p11_attrs_find_bool (attrs, CKA_TRUSTED, &trustedv) && trustedv) - p11_message ("overriding trust for anchor in blacklist: %s", parser->basename); - - trustedv = CK_FALSE; - distrustv = CK_TRUE; - - /* - * If the location doesn't have a flag, then fill in trust attributes - * if they are missing: neither an anchor or blacklist. - */ - } else { - trustedv = CK_FALSE; - distrustv = CK_FALSE; - - if (p11_attrs_find_valid (attrs, CKA_TRUSTED)) - trusted.type = CKA_INVALID; - if (p11_attrs_find_valid (attrs, CKA_X_DISTRUSTED)) - distrust.type = CKA_INVALID; - } - - return p11_attrs_build (attrs, &trusted, &distrust, NULL); -} - -static void -sink_object (p11_parser *parser, - CK_ATTRIBUTE *attrs) -{ - CK_OBJECT_CLASS klass; - - if (p11_attrs_find_ulong (attrs, CKA_CLASS, &klass) && - klass == CKO_CERTIFICATE) { - attrs = populate_trust (parser, attrs); - return_if_fail (attrs != NULL); - } - - if (!p11_array_push (parser->parsed, attrs)) - return_if_reached (); -} - -static CK_ATTRIBUTE * -certificate_attrs (p11_parser *parser, - const unsigned char *der, - size_t der_len) -{ - CK_OBJECT_CLASS klassv = CKO_CERTIFICATE; - CK_CERTIFICATE_TYPE x509 = CKC_X_509; - CK_BBOOL modifiablev = CK_FALSE; - - CK_ATTRIBUTE modifiable = { CKA_MODIFIABLE, &modifiablev, sizeof (modifiablev) }; - CK_ATTRIBUTE klass = { CKA_CLASS, &klassv, sizeof (klassv) }; - CK_ATTRIBUTE certificate_type = { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }; - CK_ATTRIBUTE value = { CKA_VALUE, (void *)der, der_len }; - - return p11_attrs_build (NULL, &klass, &modifiable, &certificate_type, &value, NULL); -} - -int -p11_parser_format_x509 (p11_parser *parser, - const unsigned char *data, - size_t length) -{ - char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *value; - node_asn *cert; - - cert = p11_asn1_decode (parser->asn1_defs, "PKIX1.Certificate", data, length, message); - if (cert == NULL) - return P11_PARSE_UNRECOGNIZED; - - attrs = certificate_attrs (parser, data, length); - return_val_if_fail (attrs != NULL, P11_PARSE_FAILURE); - - value = p11_attrs_find_valid (attrs, CKA_VALUE); - return_val_if_fail (value != NULL, P11_PARSE_FAILURE); - p11_asn1_cache_take (parser->asn1_cache, cert, "PKIX1.Certificate", - value->pValue, value->ulValueLen); - - sink_object (parser, attrs); - return P11_PARSE_SUCCESS; -} - -static CK_ATTRIBUTE * -extension_attrs (p11_parser *parser, - CK_ATTRIBUTE *public_key_info, - const char *oid_str, - const unsigned char *oid_der, - bool critical, - const unsigned char *value, - int length) -{ - CK_OBJECT_CLASS klassv = CKO_X_CERTIFICATE_EXTENSION; - CK_BBOOL modifiablev = CK_FALSE; - - CK_ATTRIBUTE klass = { CKA_CLASS, &klassv, sizeof (klassv) }; - CK_ATTRIBUTE modifiable = { CKA_MODIFIABLE, &modifiablev, sizeof (modifiablev) }; - CK_ATTRIBUTE oid = { CKA_OBJECT_ID, (void *)oid_der, p11_oid_length (oid_der) }; - - CK_ATTRIBUTE *attrs; - node_asn *dest; - unsigned char *der; - size_t len; - int ret; - - attrs = p11_attrs_build (NULL, public_key_info, &klass, &modifiable, &oid, NULL); - return_val_if_fail (attrs != NULL, NULL); - - dest = p11_asn1_create (parser->asn1_defs, "PKIX1.Extension"); - return_val_if_fail (dest != NULL, NULL); - - ret = asn1_write_value (dest, "extnID", oid_str, 1); - return_val_if_fail (ret == ASN1_SUCCESS, NULL); - - if (critical) - ret = asn1_write_value (dest, "critical", "TRUE", 1); - return_val_if_fail (ret == ASN1_SUCCESS, NULL); - - ret = asn1_write_value (dest, "extnValue", value, length); - return_val_if_fail (ret == ASN1_SUCCESS, NULL); - - der = p11_asn1_encode (dest, &len); - return_val_if_fail (der != NULL, NULL); - - attrs = p11_attrs_take (attrs, CKA_VALUE, der, len); - return_val_if_fail (attrs != NULL, NULL); - - /* An opmitization so that the builder can get at this without parsing */ - p11_asn1_cache_take (parser->asn1_cache, dest, "PKIX1.Extension", der, len); - return attrs; -} - -static CK_ATTRIBUTE * -attached_attrs (p11_parser *parser, - CK_ATTRIBUTE *public_key_info, - const char *oid_str, - const unsigned char *oid_der, - bool critical, - node_asn *ext) -{ - CK_ATTRIBUTE *attrs; - unsigned char *der; - size_t len; - - der = p11_asn1_encode (ext, &len); - return_val_if_fail (der != NULL, NULL); - - attrs = extension_attrs (parser, public_key_info, oid_str, oid_der, - critical, der, len); - return_val_if_fail (attrs != NULL, NULL); - - free (der); - return attrs; -} - -static p11_dict * -load_seq_of_oid_str (node_asn *node, - const char *seqof) -{ - p11_dict *oids; - char field[128]; - char *oid; - size_t len; - int i; - - oids = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, NULL); - - for (i = 1; ; i++) { - if (snprintf (field, sizeof (field), "%s.?%u", seqof, i) < 0) - return_val_if_reached (NULL); - - oid = p11_asn1_read (node, field, &len); - if (oid == NULL) - break; - - if (!p11_dict_set (oids, oid, oid)) - return_val_if_reached (NULL); - } - - return oids; -} - -static CK_ATTRIBUTE * -attached_eku_attrs (p11_parser *parser, - CK_ATTRIBUTE *public_key_info, - const char *oid_str, - const unsigned char *oid_der, - bool critical, - p11_dict *oid_strs) -{ - CK_ATTRIBUTE *attrs; - p11_dictiter iter; - node_asn *dest; - int count = 0; - void *value; - int ret; - - dest = p11_asn1_create (parser->asn1_defs, "PKIX1.ExtKeyUsageSyntax"); - return_val_if_fail (dest != NULL, NULL); - - p11_dict_iterate (oid_strs, &iter); - while (p11_dict_next (&iter, NULL, &value)) { - ret = asn1_write_value (dest, "", "NEW", 1); - return_val_if_fail (ret == ASN1_SUCCESS, NULL); - - ret = asn1_write_value (dest, "?LAST", value, -1); - return_val_if_fail (ret == ASN1_SUCCESS, NULL); - - count++; - } - - /* - * If no oids have been written, then we have to put in a reserved - * value, due to the way that ExtendedKeyUsage is defined in RFC 5280. - * There must be at least one purpose. This is important since *not* - * having an ExtendedKeyUsage is very different than having one without - * certain usages. - * - * We account for this in p11_parse_extended_key_usage(). However for - * most callers this should not matter, as they only check whether a - * given purpose is present, and don't make assumptions about ones - * that they don't know about. - */ - - if (count == 0) { - ret = asn1_write_value (dest, "", "NEW", 1); - return_val_if_fail (ret == ASN1_SUCCESS, NULL); - - ret = asn1_write_value (dest, "?LAST", P11_OID_RESERVED_PURPOSE_STR, -1); - return_val_if_fail (ret == ASN1_SUCCESS, NULL); - } - - - attrs = attached_attrs (parser, public_key_info, oid_str, oid_der, critical, dest); - asn1_delete_structure (&dest); - - return attrs; -} - -static CK_ATTRIBUTE * -build_openssl_extensions (p11_parser *parser, - CK_ATTRIBUTE *cert, - CK_ATTRIBUTE *public_key_info, - node_asn *aux, - const unsigned char *aux_der, - size_t aux_len) -{ - CK_BBOOL trusted = CK_FALSE; - CK_BBOOL distrust = CK_FALSE; - - CK_ATTRIBUTE trust_attrs[] = { - { CKA_TRUSTED, &trusted, sizeof (trusted) }, - { CKA_X_DISTRUSTED, &distrust, sizeof (distrust) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - p11_dict *trust = NULL; - p11_dict *reject = NULL; - p11_dictiter iter; - void *key; - int start; - int end; - int ret; - int num; - - /* - * This will load an empty list if there is no OPTIONAL trust field. - * OpenSSL assumes that for a TRUSTED CERTIFICATE a missing trust field - * is identical to untrusted for all purposes. - * - * This is different from ExtendedKeyUsage, where a missing certificate - * extension means that it is trusted for all purposes. - */ - trust = load_seq_of_oid_str (aux, "trust"); - - ret = asn1_number_of_elements (aux, "reject", &num); - return_val_if_fail (ret == ASN1_SUCCESS || ret == ASN1_ELEMENT_NOT_FOUND, NULL); - if (ret == ASN1_SUCCESS) - reject = load_seq_of_oid_str (aux, "reject"); - - /* Remove all rejected oids from the trust set */ - if (trust && reject) { - p11_dict_iterate (reject, &iter); - while (p11_dict_next (&iter, &key, NULL)) - p11_dict_remove (trust, key); - } - - /* - * The trust field (or lack of it) becomes a standard ExtKeyUsageSyntax. - * - * critical: require that this is enforced - */ - - if (trust) { - attrs = attached_eku_attrs (parser, public_key_info, - P11_OID_EXTENDED_KEY_USAGE_STR, - P11_OID_EXTENDED_KEY_USAGE, - true, trust); - return_val_if_fail (attrs != NULL, NULL); - sink_object (parser, attrs); - } - - /* - * For the reject field we use a custom defined extension. We track this - * for completeness, although the above ExtendedKeyUsage extension handles - * this data fine. See oid.h for more details. It uses ExtKeyUsageSyntax structure. - * - * non-critical: non-standard, and also covered by trusts - */ - - if (reject && p11_dict_size (reject) > 0) { - attrs = attached_eku_attrs (parser, public_key_info, - P11_OID_OPENSSL_REJECT_STR, - P11_OID_OPENSSL_REJECT, - false, reject); - return_val_if_fail (attrs != NULL, NULL); - sink_object (parser, attrs); - } - - /* - * OpenSSL model blacklists as anchors with all purposes being removed/rejected, - * we account for that here. If there is an ExtendedKeyUsage without any - * useful purposes, then treat like a blacklist. - */ - if (trust && p11_dict_size (trust) == 0) { - trusted = CK_FALSE; - distrust = CK_TRUE; - - /* - * Otherwise a 'TRUSTED CERTIFICATE' in an input directory is enough to - * mark this as a trusted certificate. - */ - } else if (trust && p11_dict_size (trust) > 0) { - trusted = CK_TRUE; - distrust = CK_FALSE; - } - - /* - * OpenSSL model blacklists as anchors with all purposes being removed/rejected, - * we account for that here. If there is an ExtendedKeyUsage without any - * useful purposes, then treat like a blacklist. - */ - - cert = p11_attrs_merge (cert, p11_attrs_dup (trust_attrs), true); - return_val_if_fail (cert != NULL, NULL); - - p11_dict_free (trust); - p11_dict_free (reject); - - /* - * For the keyid field we use the SubjectKeyIdentifier extension. It - * is already in the correct form, an OCTET STRING. - * - * non-critical: as recommended in RFC 5280 - */ - - ret = asn1_der_decoding_startEnd (aux, aux_der, aux_len, "keyid", &start, &end); - return_val_if_fail (ret == ASN1_SUCCESS || ret == ASN1_ELEMENT_NOT_FOUND, NULL); - - if (ret == ASN1_SUCCESS) { - attrs = extension_attrs (parser, public_key_info, - P11_OID_SUBJECT_KEY_IDENTIFIER_STR, - P11_OID_SUBJECT_KEY_IDENTIFIER, - false, aux_der + start, (end - start) + 1); - return_val_if_fail (attrs != NULL, NULL); - sink_object (parser, attrs); - } - - - return cert; -} - -static int -parse_openssl_trusted_certificate (p11_parser *parser, - const unsigned char *data, - size_t length) -{ - char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE public_key_info = { CKA_PUBLIC_KEY_INFO }; - CK_ATTRIBUTE *value; - char *label = NULL; - node_asn *cert; - node_asn *aux = NULL; - ssize_t cert_len; - size_t len; - int start; - int end; - int ret; - - /* - * This OpenSSL format is weird. It's just two DER structures - * placed end to end without any wrapping SEQ. So calculate the - * length of the first DER TLV we see and try to parse that as - * the X.509 certificate. - */ - - cert_len = p11_asn1_tlv_length (data, length); - if (cert_len <= 0) - return P11_PARSE_UNRECOGNIZED; - - cert = p11_asn1_decode (parser->asn1_defs, "PKIX1.Certificate", data, cert_len, message); - if (cert == NULL) - return P11_PARSE_UNRECOGNIZED; - - /* OpenSSL sometimes outputs TRUSTED CERTIFICATE format without the CertAux supplement */ - if (cert_len < length) { - aux = p11_asn1_decode (parser->asn1_defs, "OPENSSL.CertAux", data + cert_len, - length - cert_len, message); - if (aux == NULL) { - asn1_delete_structure (&cert); - return P11_PARSE_UNRECOGNIZED; - } - } - - attrs = certificate_attrs (parser, data, cert_len); - return_val_if_fail (attrs != NULL, P11_PARSE_FAILURE); - - /* Cache the parsed certificate ASN.1 for later use by the builder */ - value = p11_attrs_find_valid (attrs, CKA_VALUE); - return_val_if_fail (value != NULL, P11_PARSE_FAILURE); - - /* Pull out the subject public key info */ - ret = asn1_der_decoding_startEnd (cert, data, cert_len, - "tbsCertificate.subjectPublicKeyInfo", &start, &end); - return_val_if_fail (ret == ASN1_SUCCESS, P11_PARSE_FAILURE); - - public_key_info.pValue = (char *)data + start; - public_key_info.ulValueLen = (end - start) + 1; - - p11_asn1_cache_take (parser->asn1_cache, cert, "PKIX1.Certificate", - value->pValue, value->ulValueLen); - - /* Pull the label out of the CertAux */ - if (aux) { - len = 0; - label = p11_asn1_read (aux, "alias", &len); - if (label != NULL) { - attrs = p11_attrs_take (attrs, CKA_LABEL, label, strlen (label)); - return_val_if_fail (attrs != NULL, P11_PARSE_FAILURE); - } - - attrs = build_openssl_extensions (parser, attrs, &public_key_info, aux, - data + cert_len, length - cert_len); - return_val_if_fail (attrs != NULL, P11_PARSE_FAILURE); - } - - sink_object (parser, attrs); - asn1_delete_structure (&aux); - - return P11_PARSE_SUCCESS; -} - -static void -on_pem_block (const char *type, - const unsigned char *contents, - size_t length, - void *user_data) -{ - p11_parser *parser = user_data; - int ret; - - if (strcmp (type, "CERTIFICATE") == 0) { - ret = p11_parser_format_x509 (parser, contents, length); - - } else if (strcmp (type, "TRUSTED CERTIFICATE") == 0) { - ret = parse_openssl_trusted_certificate (parser, contents, length); - - } else { - p11_debug ("Saw unsupported or unrecognized PEM block of type %s", type); - ret = P11_PARSE_SUCCESS; - } - - if (ret != P11_PARSE_SUCCESS) - p11_message ("Couldn't parse PEM block of type %s", type); -} - -int -p11_parser_format_pem (p11_parser *parser, - const unsigned char *data, - size_t length) -{ - int num; - - num = p11_pem_parse ((const char *)data, length, on_pem_block, parser); - - if (num == 0) - return P11_PARSE_UNRECOGNIZED; - - return P11_PARSE_SUCCESS; -} - -int -p11_parser_format_persist (p11_parser *parser, - const unsigned char *data, - size_t length) -{ - CK_BBOOL modifiablev = CK_TRUE; - CK_ATTRIBUTE *attrs; - p11_array *objects; - bool ret; - int i; - - CK_ATTRIBUTE modifiable = { CKA_MODIFIABLE, &modifiablev, sizeof (modifiablev) }; - - if (!p11_persist_magic (data, length)) - return P11_PARSE_UNRECOGNIZED; - - if (!parser->persist) { - parser->persist = p11_persist_new (); - return_val_if_fail (parser->persist != NULL, P11_PARSE_UNRECOGNIZED); - } - - objects = p11_array_new (NULL); - return_val_if_fail (objects != NULL, P11_PARSE_FAILURE); - - ret = p11_persist_read (parser->persist, parser->basename, data, length, objects); - if (ret) { - for (i = 0; i < objects->num; i++) { - attrs = p11_attrs_build (objects->elem[i], &modifiable, NULL); - sink_object (parser, attrs); - } - } - - p11_array_free (objects); - return ret ? P11_PARSE_SUCCESS : P11_PARSE_FAILURE; -} - -p11_parser * -p11_parser_new (p11_asn1_cache *asn1_cache) -{ - p11_parser parser = { 0, }; - - if (asn1_cache == NULL) { - parser.asn1_owned = true; - parser.asn1_defs = p11_asn1_defs_load (); - } else { - parser.asn1_defs = p11_asn1_cache_defs (asn1_cache); - parser.asn1_cache = asn1_cache; - parser.asn1_owned = false; - } - - parser.parsed = p11_array_new (p11_attrs_free); - return_val_if_fail (parser.parsed != NULL, NULL); - - return memdup (&parser, sizeof (parser)); -} - -void -p11_parser_free (p11_parser *parser) -{ - return_if_fail (parser != NULL); - p11_persist_free (parser->persist); - p11_array_free (parser->parsed); - p11_array_free (parser->formats); - if (parser->asn1_owned) - p11_dict_free (parser->asn1_defs); - free (parser); -} - -p11_array * -p11_parser_parsed (p11_parser *parser) -{ - return_val_if_fail (parser != NULL, NULL); - return parser->parsed; -} - -void -p11_parser_formats (p11_parser *parser, - ...) -{ - p11_array *formats; - parser_func func; - va_list va; - - formats = p11_array_new (NULL); - return_if_fail (formats != NULL); - - va_start (va, parser); - for (;;) { - func = va_arg (va, parser_func); - if (func == NULL) - break; - if (!p11_array_push (formats, func)) - return_if_reached (); - } - va_end (va); - - p11_array_free (parser->formats); - parser->formats = formats; -} - -int -p11_parse_memory (p11_parser *parser, - const char *filename, - int flags, - const unsigned char *data, - size_t length) -{ - int ret = P11_PARSE_UNRECOGNIZED; - char *base; - int i; - - return_val_if_fail (parser != NULL, P11_PARSE_FAILURE); - return_val_if_fail (filename != NULL, P11_PARSE_FAILURE); - return_val_if_fail (parser->formats != NULL, P11_PARSE_FAILURE); - - p11_array_clear (parser->parsed); - base = p11_path_base (filename); - parser->basename = base; - parser->flags = flags; - - for (i = 0; ret == P11_PARSE_UNRECOGNIZED && i < parser->formats->num; i++) - ret = ((parser_func)parser->formats->elem[i]) (parser, data, length); - - p11_asn1_cache_flush (parser->asn1_cache); - - free (base); - parser->basename = NULL; - parser->flags = 0; - - return ret; -} - -int -p11_parse_file (p11_parser *parser, - const char *filename, - struct stat *sb, - int flags) -{ - p11_mmap *map; - void *data; - size_t size; - int ret; - - return_val_if_fail (parser != NULL, P11_PARSE_FAILURE); - return_val_if_fail (filename != NULL, P11_PARSE_FAILURE); - - map = p11_mmap_open (filename, sb, &data, &size); - if (map == NULL) { - p11_message_err (errno, "couldn't open and map file: %s", filename); - return P11_PARSE_FAILURE; - } - - ret = p11_parse_memory (parser, filename, flags, data, size); - - p11_mmap_close (map); - return ret; -} diff --git a/trust/parser.h b/trust/parser.h deleted file mode 100644 index b177844..0000000 --- a/trust/parser.h +++ /dev/null @@ -1,89 +0,0 @@ -/* - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "asn1.h" -#include "array.h" -#include "compat.h" -#include "dict.h" - -#ifndef P11_PARSER_H_ -#define P11_PARSER_H_ - -enum { - P11_PARSE_FLAG_NONE = 0, - P11_PARSE_FLAG_ANCHOR = 1 << 0, - P11_PARSE_FLAG_BLACKLIST = 1 << 1, -}; - -enum { - P11_PARSE_FAILURE = -1, - P11_PARSE_UNRECOGNIZED = 0, - P11_PARSE_SUCCESS = 1, -}; - -typedef struct _p11_parser p11_parser; - -p11_parser * p11_parser_new (p11_asn1_cache *asn1_cache); - -void p11_parser_free (p11_parser *parser); - -int p11_parse_memory (p11_parser *parser, - const char *filename, - int flags, - const unsigned char *data, - size_t length); - -int p11_parse_file (p11_parser *parser, - const char *filename, - struct stat *sb, - int flags); - -p11_array * p11_parser_parsed (p11_parser *parser); - -void p11_parser_formats (p11_parser *parser, - ...) GNUC_NULL_TERMINATED; - -int p11_parser_format_persist (p11_parser *parser, - const unsigned char *data, - size_t length); - -int p11_parser_format_pem (p11_parser *parser, - const unsigned char *data, - size_t length); - -int p11_parser_format_x509 (p11_parser *parser, - const unsigned char *data, - size_t length); - -#endif /* P11_PARSER_H_ */ diff --git a/trust/pem.c b/trust/pem.c deleted file mode 100644 index ce4f554..0000000 --- a/trust/pem.c +++ /dev/null @@ -1,288 +0,0 @@ -/* - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "compat.h" -#include "base64.h" -#include "buffer.h" -#include "debug.h" -#include "pem.h" - -#include -#include -#include -#include - -#define ARMOR_SUFF "-----" -#define ARMOR_SUFF_L 5 -#define ARMOR_PREF_BEGIN "-----BEGIN " -#define ARMOR_PREF_BEGIN_L 11 -#define ARMOR_PREF_END "-----END " -#define ARMOR_PREF_END_L 9 - -enum { - NONE = 0, - TRUSTED_CERTIFICATE, - CERTIFICATE -}; - -static const char * -pem_find_begin (const char *data, - size_t n_data, - char **type) -{ - const char *pref, *suff; - - /* Look for a prefix */ - pref = strnstr ((char *)data, ARMOR_PREF_BEGIN, n_data); - if (!pref) - return NULL; - - n_data -= (pref - data) + ARMOR_PREF_BEGIN_L; - data = pref + ARMOR_PREF_BEGIN_L; - - /* Look for the end of that begin */ - suff = strnstr ((char *)data, ARMOR_SUFF, n_data); - if (!suff) - return NULL; - - /* Make sure on the same line */ - if (memchr (pref, '\n', suff - pref)) - return NULL; - - if (type) { - pref += ARMOR_PREF_BEGIN_L; - assert (suff > pref); - *type = strndup (pref, suff - pref); - return_val_if_fail (*type != NULL, NULL); - } - - /* The byte after this ---BEGIN--- */ - return suff + ARMOR_SUFF_L; -} - -static const char * -pem_find_end (const char *data, - size_t n_data, - const char *type) -{ - const char *pref; - size_t n_type; - - /* Look for a prefix */ - pref = strnstr (data, ARMOR_PREF_END, n_data); - if (!pref) - return NULL; - - n_data -= (pref - data) + ARMOR_PREF_END_L; - data = pref + ARMOR_PREF_END_L; - - /* Next comes the type string */ - n_type = strlen (type); - if (n_type > n_data || strncmp ((char *)data, type, n_type) != 0) - return NULL; - - n_data -= n_type; - data += n_type; - - /* Next comes the suffix */ - if (ARMOR_SUFF_L > n_data || strncmp ((char *)data, ARMOR_SUFF, ARMOR_SUFF_L) != 0) - return NULL; - - /* The end of the data */ - return pref; -} - -static unsigned char * -pem_parse_block (const char *data, - size_t n_data, - size_t *n_decoded) -{ - const char *x, *hbeg, *hend; - const char *p, *end; - unsigned char *decoded; - size_t length; - int ret; - - assert (data != NULL); - assert (n_data != 0); - assert (n_decoded != NULL); - - p = data; - end = p + n_data; - - hbeg = hend = NULL; - - /* Try and find a pair of blank lines with only white space between */ - while (hend == NULL) { - x = memchr (p, '\n', end - p); - if (!x) - break; - ++x; - while (isspace (*x)) { - /* Found a second line, with only spaces between */ - if (*x == '\n') { - hbeg = data; - hend = x; - break; - /* Found a space between two lines */ - } else { - ++x; - } - } - - /* Try next line */ - p = x; - } - - /* Headers found? */ - if (hbeg && hend) { - data = hend; - n_data = end - data; - } - - length = (n_data * 3) / 4 + 1; - decoded = malloc (length); - return_val_if_fail (decoded != NULL, 0); - - ret = p11_b64_pton (data, n_data, decoded, length); - if (ret < 0) { - free (decoded); - return NULL; - } - - /* No need to parse headers for our use cases */ - - *n_decoded = ret; - return decoded; -} - -unsigned int -p11_pem_parse (const char *data, - size_t n_data, - p11_pem_sink sink, - void *user_data) -{ - const char *beg, *end; - unsigned int nfound = 0; - unsigned char *decoded = NULL; - size_t n_decoded = 0; - char *type; - - assert (data != NULL); - - while (n_data > 0) { - - /* This returns the first character after the PEM BEGIN header */ - beg = pem_find_begin (data, n_data, &type); - if (beg == NULL) - break; - - assert (type != NULL); - - /* This returns the character position before the PEM END header */ - end = pem_find_end (beg, n_data - (beg - data), type); - if (end == NULL) { - free (type); - break; - } - - if (beg != end) { - decoded = pem_parse_block (beg, end - beg, &n_decoded); - if (decoded) { - if (sink != NULL) - (sink) (type, decoded, n_decoded, user_data); - ++nfound; - free (decoded); - } - } - - free (type); - - /* Try for another block */ - end += ARMOR_SUFF_L; - n_data -= (const char *)end - (const char *)data; - data = end; - } - - return nfound; -} - -bool -p11_pem_write (const unsigned char *contents, - size_t length, - const char *type, - p11_buffer *buf) -{ - size_t estimate; - size_t prefix; - char *target; - int len; - - return_val_if_fail (contents || !length, false); - return_val_if_fail (type, false); - return_val_if_fail (buf, false); - - /* Estimate from base64 data. Algorithm from Glib reference */ - estimate = length * 4 / 3 + 7; - estimate += estimate / 64 + 1; - - p11_buffer_add (buf, ARMOR_PREF_BEGIN, ARMOR_PREF_BEGIN_L); - p11_buffer_add (buf, type, -1); - p11_buffer_add (buf, ARMOR_SUFF, ARMOR_SUFF_L); - - prefix = buf->len; - target = p11_buffer_append (buf, estimate); - return_val_if_fail (target != NULL, NULL); - - /* - * OpenSSL is absolutely certain that it wants its PEM base64 - * lines to be 64 characters in len. - */ - - len = p11_b64_ntop (contents, length, target, estimate, 64); - - assert (len > 0); - assert (len <= estimate); - buf->len = prefix + len; - - p11_buffer_add (buf, "\n", 1); - p11_buffer_add (buf, ARMOR_PREF_END, ARMOR_PREF_END_L); - p11_buffer_add (buf, type, -1); - p11_buffer_add (buf, ARMOR_SUFF, ARMOR_SUFF_L); - p11_buffer_add (buf, "\n", 1); - - return p11_buffer_ok (buf); -} diff --git a/trust/pem.h b/trust/pem.h deleted file mode 100644 index 7e4ce63..0000000 --- a/trust/pem.h +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef P11_PEM_H_ -#define P11_PEM_H_ - -#include "buffer.h" -#include "compat.h" - -#include - -typedef void (*p11_pem_sink) (const char *type, - const unsigned char *contents, - size_t length, - void *user_data); - -unsigned int p11_pem_parse (const char *input, - size_t length, - p11_pem_sink sink, - void *user_data); - -bool p11_pem_write (const unsigned char *contents, - size_t length, - const char *type, - p11_buffer *buf); - -#endif /* P11_PEM_H_ */ diff --git a/trust/persist.c b/trust/persist.c deleted file mode 100644 index ae76342..0000000 --- a/trust/persist.c +++ /dev/null @@ -1,768 +0,0 @@ -/* - * Copyright (C) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "asn1.h" -#include "attrs.h" -#include "constants.h" -#include "debug.h" -#include "lexer.h" -#include "message.h" -#include "pem.h" -#include "persist.h" -#include "pkcs11.h" -#include "pkcs11i.h" -#include "pkcs11x.h" -#include "types.h" -#include "url.h" - -#include "basic.asn.h" - -#include - -#include -#include -#include - -#define PERSIST_HEADER "p11-kit-object-v1" - -struct _p11_persist { - p11_dict *constants; - node_asn *asn1_defs; -}; - -bool -p11_persist_magic (const unsigned char *data, - size_t length) -{ - return (strnstr ((char *)data, "[" PERSIST_HEADER "]", length) != NULL); -} - -p11_persist * -p11_persist_new (void) -{ - p11_persist *persist; - - persist = calloc (1, sizeof (p11_persist)); - return_val_if_fail (persist != NULL, NULL); - - persist->constants = p11_constant_reverse (true); - return_val_if_fail (persist->constants != NULL, NULL); - - return persist; -} - -void -p11_persist_free (p11_persist *persist) -{ - if (!persist) - return; - p11_dict_free (persist->constants); - asn1_delete_structure (&persist->asn1_defs); - free (persist); -} - -struct constant { - CK_ULONG value; - const char *string; -}; - -static bool -parse_string (p11_lexer *lexer, - CK_ATTRIBUTE *attr) -{ - const char *value; - const char *end; - size_t length; - unsigned char *data; - - value = lexer->tok.field.value; - end = value + strlen (value); - - /* Not a string/binary value */ - if (value == end || value[0] != '\"' || *(end - 1) != '\"') - return false; - - /* Note that we don't skip whitespace when decoding, as you might in other URLs */ - data = p11_url_decode (value + 1, end - 1, "", &length); - if (data == NULL) { - p11_lexer_msg(lexer, "bad encoding of attribute value"); - return false; - } - - attr->pValue = data; - attr->ulValueLen = length; - return true; -} - -static void -format_string (CK_ATTRIBUTE *attr, - p11_buffer *buf) -{ - const unsigned char *value; - - assert (attr->ulValueLen != CK_UNAVAILABLE_INFORMATION); - - p11_buffer_add (buf, "\"", 1); - value = attr->pValue; - p11_url_encode (value, value + attr->ulValueLen, P11_URL_VERBATIM, buf); - p11_buffer_add (buf, "\"", 1); -} - -static bool -parse_bool (p11_lexer *lexer, - CK_ATTRIBUTE *attr) -{ - const char *value = lexer->tok.field.value; - CK_BBOOL boolean; - - if (strcmp (value, "true") == 0) { - boolean = CK_TRUE; - - } else if (strcmp (value, "false") == 0) { - boolean = CK_FALSE; - - } else { - /* Not a valid boolean value */ - return false; - } - - attr->pValue = memdup (&boolean, sizeof (boolean)); - return_val_if_fail (attr != NULL, FALSE); - attr->ulValueLen = sizeof (boolean); - return true; -} - -static bool -format_bool (CK_ATTRIBUTE *attr, - p11_buffer *buf) -{ - const CK_BBOOL *value; - - if (attr->ulValueLen != sizeof (CK_BBOOL)) - return false; - - switch (attr->type) { - case CKA_TOKEN: - case CKA_PRIVATE: - case CKA_TRUSTED: - case CKA_SENSITIVE: - case CKA_ENCRYPT: - case CKA_DECRYPT: - case CKA_WRAP: - case CKA_UNWRAP: - case CKA_SIGN: - case CKA_SIGN_RECOVER: - case CKA_VERIFY: - case CKA_VERIFY_RECOVER: - case CKA_DERIVE: - case CKA_EXTRACTABLE: - case CKA_LOCAL: - case CKA_NEVER_EXTRACTABLE: - case CKA_ALWAYS_SENSITIVE: - case CKA_MODIFIABLE: - case CKA_SECONDARY_AUTH: - case CKA_ALWAYS_AUTHENTICATE: - case CKA_WRAP_WITH_TRUSTED: - case CKA_RESET_ON_INIT: - case CKA_HAS_RESET: - case CKA_COLOR: - case CKA_X_DISTRUSTED: - break; - default: - return false; - } - - value = attr->pValue; - if (*value == CK_TRUE) - p11_buffer_add (buf, "true", -1); - else if (*value == CK_FALSE) - p11_buffer_add (buf, "false", -1); - else - return false; - - return true; -} - -static bool -parse_ulong (p11_lexer *lexer, - CK_ATTRIBUTE *attr) -{ - unsigned long value; - char *end; - - end = NULL; - value = strtoul (lexer->tok.field.value, &end, 10); - - /* Not a valid number value */ - if (!end || *end != '\0') - return false; - - attr->pValue = memdup (&value, sizeof (CK_ULONG)); - return_val_if_fail (attr->pValue != NULL, false); - attr->ulValueLen = sizeof (CK_ULONG); - return true; -} - -static bool -format_ulong (CK_ATTRIBUTE *attr, - p11_buffer *buf) -{ - char string[sizeof (CK_ULONG) * 4]; - const CK_ULONG *value; - - if (attr->ulValueLen != sizeof (CK_ULONG)) - return false; - - switch (attr->type) { - case CKA_CERTIFICATE_CATEGORY: - case CKA_CERTIFICATE_TYPE: - case CKA_CLASS: - case CKA_JAVA_MIDP_SECURITY_DOMAIN: - case CKA_KEY_GEN_MECHANISM: - case CKA_KEY_TYPE: - case CKA_MECHANISM_TYPE: - case CKA_MODULUS_BITS: - case CKA_PRIME_BITS: - case CKA_SUB_PRIME_BITS: - case CKA_VALUE_BITS: - case CKA_VALUE_LEN: - case CKA_TRUST_DIGITAL_SIGNATURE: - case CKA_TRUST_NON_REPUDIATION: - case CKA_TRUST_KEY_ENCIPHERMENT: - case CKA_TRUST_DATA_ENCIPHERMENT: - case CKA_TRUST_KEY_AGREEMENT: - case CKA_TRUST_KEY_CERT_SIGN: - case CKA_TRUST_CRL_SIGN: - case CKA_TRUST_SERVER_AUTH: - case CKA_TRUST_CLIENT_AUTH: - case CKA_TRUST_CODE_SIGNING: - case CKA_TRUST_EMAIL_PROTECTION: - case CKA_TRUST_IPSEC_END_SYSTEM: - case CKA_TRUST_IPSEC_TUNNEL: - case CKA_TRUST_IPSEC_USER: - case CKA_TRUST_TIME_STAMPING: - case CKA_TRUST_STEP_UP_APPROVED: - case CKA_X_ASSERTION_TYPE: - case CKA_AUTH_PIN_FLAGS: - case CKA_HW_FEATURE_TYPE: - case CKA_PIXEL_X: - case CKA_PIXEL_Y: - case CKA_RESOLUTION: - case CKA_CHAR_ROWS: - case CKA_CHAR_COLUMNS: - case CKA_BITS_PER_PIXEL: - break; - default: - return false; - } - - value = attr->pValue; - snprintf (string, sizeof (string), "%lu", *value); - - p11_buffer_add (buf, string, -1); - return true; -} - -static bool -parse_constant (p11_persist *persist, - p11_lexer *lexer, - CK_ATTRIBUTE *attr) -{ - CK_ULONG value; - - value = p11_constant_resolve (persist->constants, lexer->tok.field.value); - - /* Not a valid constant */ - if (value == CKA_INVALID) - return false; - - attr->pValue = memdup (&value, sizeof (CK_ULONG)); - return_val_if_fail (attr->pValue != NULL, false); - attr->ulValueLen = sizeof (CK_ULONG); - return true; -} - -static bool -format_constant (CK_ATTRIBUTE *attr, - p11_buffer *buf) -{ - const p11_constant *table; - const CK_ULONG *value; - const char *nick; - - if (attr->ulValueLen != sizeof (CK_ULONG)) - return false; - - switch (attr->type) { - case CKA_TRUST_DIGITAL_SIGNATURE: - case CKA_TRUST_NON_REPUDIATION: - case CKA_TRUST_KEY_ENCIPHERMENT: - case CKA_TRUST_DATA_ENCIPHERMENT: - case CKA_TRUST_KEY_AGREEMENT: - case CKA_TRUST_KEY_CERT_SIGN: - case CKA_TRUST_CRL_SIGN: - case CKA_TRUST_SERVER_AUTH: - case CKA_TRUST_CLIENT_AUTH: - case CKA_TRUST_CODE_SIGNING: - case CKA_TRUST_EMAIL_PROTECTION: - case CKA_TRUST_IPSEC_END_SYSTEM: - case CKA_TRUST_IPSEC_TUNNEL: - case CKA_TRUST_IPSEC_USER: - case CKA_TRUST_TIME_STAMPING: - table = p11_constant_trusts; - break; - case CKA_CLASS: - table = p11_constant_classes; - break; - case CKA_CERTIFICATE_TYPE: - table = p11_constant_certs; - break; - case CKA_KEY_TYPE: - table = p11_constant_keys; - break; - case CKA_X_ASSERTION_TYPE: - table = p11_constant_asserts; - break; - case CKA_CERTIFICATE_CATEGORY: - table = p11_constant_categories; - break; - case CKA_KEY_GEN_MECHANISM: - case CKA_MECHANISM_TYPE: - table = p11_constant_mechanisms; - break; - default: - table = NULL; - }; - - if (!table) - return false; - - value = attr->pValue; - nick = p11_constant_nick (table, *value); - - if (!nick) - return false; - - p11_buffer_add (buf, nick, -1); - return true; -} - -static bool -parse_oid (p11_persist *persist, - p11_lexer *lexer, - CK_ATTRIBUTE *attr) -{ - char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; - node_asn *asn; - size_t length; - char *value; - int ret; - - value = lexer->tok.field.value; - length = strlen (value); - - /* Not an OID value? */ - if (length < 4 || - strchr (value, '.') == NULL || - strspn (value, "0123456790.") != length || - strstr (value, "..") != NULL || - value[0] == '.' || value[0] == '0' || - value[length - 1] == '.' || - strchr (value, '.') == strrchr (value, '.')) { - return false; - } - - if (!persist->asn1_defs) { - ret = asn1_array2tree (basic_asn1_tab, &persist->asn1_defs, message); - if (ret != ASN1_SUCCESS) { - p11_debug_precond ("failed to load BASIC definitions: %s: %s\n", - asn1_strerror (ret), message); - return false; - } - } - - ret = asn1_create_element (persist->asn1_defs, "BASIC.ObjectIdentifier", &asn); - if (ret != ASN1_SUCCESS) { - p11_debug_precond ("failed to create ObjectIdentifier element: %s\n", - asn1_strerror (ret)); - return false; - } - - ret = asn1_write_value (asn, "", value, 1); - if (ret == ASN1_VALUE_NOT_VALID) { - p11_lexer_msg (lexer, "invalid oid value"); - asn1_delete_structure (&asn); - return false; - } - return_val_if_fail (ret == ASN1_SUCCESS, false); - - attr->pValue = p11_asn1_encode (asn, &length); - return_val_if_fail (attr->pValue != NULL, false); - attr->ulValueLen = length; - - asn1_delete_structure (&asn); - return true; -} - -static bool -format_oid (p11_persist *persist, - CK_ATTRIBUTE *attr, - p11_buffer *buf) -{ - char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; - node_asn *asn; - char *data; - size_t len; - int ret; - - if (attr->type != CKA_OBJECT_ID || attr->ulValueLen == 0) - return false; - - if (!persist->asn1_defs) { - ret = asn1_array2tree (basic_asn1_tab, &persist->asn1_defs, message); - if (ret != ASN1_SUCCESS) { - p11_debug_precond ("failed to load BASIC definitions: %s: %s\n", - asn1_strerror (ret), message); - return false; - } - } - - ret = asn1_create_element (persist->asn1_defs, "BASIC.ObjectIdentifier", &asn); - if (ret != ASN1_SUCCESS) { - p11_debug_precond ("failed to create ObjectIdentifier element: %s\n", - asn1_strerror (ret)); - return false; - } - - ret = asn1_der_decoding (&asn, attr->pValue, attr->ulValueLen, message); - if (ret != ASN1_SUCCESS) { - p11_message ("invalid oid value: %s", message); - return false; - } - - data = p11_asn1_read (asn, "", &len); - return_val_if_fail (data != NULL, false); - - asn1_delete_structure (&asn); - - p11_buffer_add (buf, data, len - 1); - free (data); - - return true; -} - -static bool -parse_value (p11_persist *persist, - p11_lexer *lexer, - CK_ATTRIBUTE *attr) -{ - return parse_constant (persist, lexer, attr) || - parse_string (lexer, attr) || - parse_bool (lexer, attr) || - parse_ulong (lexer, attr) || - parse_oid (persist, lexer, attr); -} - -static void -format_value (p11_persist *persist, - CK_ATTRIBUTE *attr, - p11_buffer *buf) -{ - assert (attr->ulValueLen != CK_UNAVAILABLE_INFORMATION); - - if (format_bool (attr, buf) || - format_constant (attr, buf) || - format_ulong (attr, buf) || - format_oid (persist, attr, buf)) - return; - - /* Everything else as string */ - format_string (attr, buf); -} - -static bool -field_to_attribute (p11_persist *persist, - p11_lexer *lexer, - CK_ATTRIBUTE **attrs) -{ - CK_ATTRIBUTE attr = { 0, }; - char *end; - - end = NULL; - attr.type = strtoul (lexer->tok.field.name, &end, 10); - - /* Not a valid number value, probably a constant */ - if (!end || *end != '\0') { - attr.type = p11_constant_resolve (persist->constants, lexer->tok.field.name); - if (attr.type == CKA_INVALID || !p11_constant_name (p11_constant_types, attr.type)) { - p11_lexer_msg (lexer, "invalid or unsupported attribute"); - return false; - } - } - - if (!parse_value (persist, lexer, &attr)) { - p11_lexer_msg (lexer, "invalid value"); - return false; - } - - *attrs = p11_attrs_take (*attrs, attr.type, - attr.pValue, attr.ulValueLen); - return true; -} - -static CK_ATTRIBUTE * -certificate_to_attributes (const unsigned char *der, - size_t length) -{ - CK_OBJECT_CLASS klassv = CKO_CERTIFICATE; - CK_CERTIFICATE_TYPE x509 = CKC_X_509; - - CK_ATTRIBUTE klass = { CKA_CLASS, &klassv, sizeof (klassv) }; - CK_ATTRIBUTE certificate_type = { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }; - CK_ATTRIBUTE value = { CKA_VALUE, (void *)der, length }; - - return p11_attrs_build (NULL, &klass, &certificate_type, &value, NULL); -} - -static CK_ATTRIBUTE * -public_key_to_attributes (const unsigned char *der, - size_t length) -{ - /* Eventually we might choose to contribute a class here ... */ - CK_ATTRIBUTE public_key = { CKA_PUBLIC_KEY_INFO, (void *)der, length }; - return p11_attrs_build (NULL, &public_key, NULL); -} - -typedef struct { - p11_lexer *lexer; - CK_ATTRIBUTE *attrs; - bool result; -} parse_block; - -static void -on_pem_block (const char *type, - const unsigned char *contents, - size_t length, - void *user_data) -{ - parse_block *pb = user_data; - CK_ATTRIBUTE *attrs; - - if (strcmp (type, "CERTIFICATE") == 0) { - attrs = certificate_to_attributes (contents, length); - pb->attrs = p11_attrs_merge (pb->attrs, attrs, false); - pb->result = true; - - } else if (strcmp (type, "PUBLIC KEY") == 0) { - attrs = public_key_to_attributes (contents, length); - pb->attrs = p11_attrs_merge (pb->attrs, attrs, false); - pb->result = true; - - } else { - p11_lexer_msg (pb->lexer, "unsupported pem block in store"); - pb->result = false; - } -} - -static bool -pem_to_attributes (p11_lexer *lexer, - CK_ATTRIBUTE **attrs) -{ - parse_block pb = { lexer, *attrs, false }; - unsigned int count; - - count = p11_pem_parse (lexer->tok.pem.begin, - lexer->tok.pem.length, - on_pem_block, &pb); - - if (count == 0) { - p11_lexer_msg (lexer, "invalid pem block"); - return false; - } - - /* The lexer should have only matched one block */ - return_val_if_fail (count == 1, false); - *attrs = pb.attrs; - return pb.result; -} - -bool -p11_persist_read (p11_persist *persist, - const char *filename, - const unsigned char *data, - size_t length, - p11_array *objects) -{ - p11_lexer lexer; - CK_ATTRIBUTE *attrs; - bool failed; - bool skip; - - return_val_if_fail (persist != NULL, false); - return_val_if_fail (objects != NULL, false); - - skip = false; - attrs = NULL; - failed = false; - - p11_lexer_init (&lexer, filename, (const char *)data, length); - while (p11_lexer_next (&lexer, &failed)) { - switch (lexer.tok_type) { - case TOK_SECTION: - if (attrs && !p11_array_push (objects, attrs)) - return_val_if_reached (false); - attrs = NULL; - if (strcmp (lexer.tok.section.name, PERSIST_HEADER) != 0) { - p11_lexer_msg (&lexer, "unrecognized or invalid section header"); - skip = true; - } else { - attrs = p11_attrs_build (NULL, NULL); - return_val_if_fail (attrs != NULL, false); - skip = false; - } - failed = false; - break; - case TOK_FIELD: - if (skip) { - failed = false; - } else if (!attrs) { - p11_lexer_msg (&lexer, "attribute before p11-kit section header"); - failed = true; - } else { - failed = !field_to_attribute (persist, &lexer, &attrs); - } - break; - case TOK_PEM: - if (skip) { - failed = false; - } else if (!attrs) { - p11_lexer_msg (&lexer, "pem block before p11-kit section header"); - failed = true; - } else { - failed = !pem_to_attributes (&lexer, &attrs); - } - break; - } - - if (failed) - break; - } - - if (attrs && !p11_array_push (objects, attrs)) - return_val_if_reached (false); - attrs = NULL; - - p11_lexer_done (&lexer); - return !failed; -} - -static CK_ATTRIBUTE * -find_certificate_value (CK_ATTRIBUTE *attrs) -{ - CK_OBJECT_CLASS klass; - CK_CERTIFICATE_TYPE type; - - if (!p11_attrs_find_ulong (attrs, CKA_CLASS, &klass) || - klass != CKO_CERTIFICATE) - return NULL; - if (!p11_attrs_find_ulong (attrs, CKA_CERTIFICATE_TYPE, &type) || - type != CKC_X_509) - return NULL; - return p11_attrs_find_valid (attrs, CKA_VALUE); -} - -bool -p11_persist_write (p11_persist *persist, - CK_ATTRIBUTE *attrs, - p11_buffer *buf) -{ - char string[sizeof (CK_ULONG) * 4]; - CK_ATTRIBUTE *cert_value; - CK_ATTRIBUTE *spki_value; - const char *nick; - int i; - - cert_value = find_certificate_value (attrs); - spki_value = p11_attrs_find_valid (attrs, CKA_PUBLIC_KEY_INFO); - - p11_buffer_add (buf, "[" PERSIST_HEADER "]\n", -1); - - for (i = 0; !p11_attrs_terminator (attrs + i); i++) { - - /* These are written later? */ - if (cert_value != NULL && - (attrs[i].type == CKA_CLASS || - attrs[i].type == CKA_CERTIFICATE_TYPE || - attrs[i].type == CKA_VALUE)) - continue; - - /* These are written later? */ - if (spki_value != NULL && - attrs[i].type == CKA_PUBLIC_KEY_INFO) - continue; - - /* These are never written */ - if (attrs[i].type == CKA_TOKEN || - attrs[i].type == CKA_X_ORIGIN || - attrs[i].type == CKA_X_GENERATED) - continue; - - if (attrs[i].ulValueLen == CK_UNAVAILABLE_INFORMATION) - continue; - - nick = p11_constant_nick (p11_constant_types, attrs[i].type); - if (nick == NULL) { - snprintf (string, sizeof (string), "%lu", attrs[i].type); - nick = string; - } - - p11_buffer_add (buf, nick, -1); - p11_buffer_add (buf, ": ", 2); - format_value (persist, attrs + i, buf); - p11_buffer_add (buf, "\n", 1); - } - - if (cert_value != NULL) { - if (!p11_pem_write (cert_value->pValue, cert_value->ulValueLen, "CERTIFICATE", buf)) - return_val_if_reached (false); - } else if (spki_value != NULL) { - if (!p11_pem_write (spki_value->pValue, spki_value->ulValueLen, "PUBLIC KEY", buf)) - return_val_if_reached (false); - } - - p11_buffer_add (buf, "\n", 1); - return p11_buffer_ok (buf); -} diff --git a/trust/persist.h b/trust/persist.h deleted file mode 100644 index 0ef142c..0000000 --- a/trust/persist.h +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright (C) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef P11_PERSIST_H_ -#define P11_PERSIST_H_ - -#include "array.h" -#include "compat.h" -#include "dict.h" - -#include - -typedef struct _p11_persist p11_persist; - -p11_persist * p11_persist_new (void); - -bool p11_persist_magic (const unsigned char *data, - size_t length); - -bool p11_persist_read (p11_persist *persist, - const char *filename, - const unsigned char *data, - size_t length, - p11_array *objects); - -bool p11_persist_write (p11_persist *persist, - CK_ATTRIBUTE *object, - p11_buffer *buf); - -void p11_persist_free (p11_persist *persist); - -#endif /* P11_PERSIST_H_ */ diff --git a/trust/pkix.asn b/trust/pkix.asn deleted file mode 100644 index 38bb028..0000000 --- a/trust/pkix.asn +++ /dev/null @@ -1,566 +0,0 @@ - -PKIX1 { } - -DEFINITIONS IMPLICIT TAGS ::= - -BEGIN - --- This contains both PKIX1Implicit88 and RFC2630 ASN.1 modules. - -id-pkix OBJECT IDENTIFIER ::= - { iso(1) identified-organization(3) dod(6) internet(1) - security(5) mechanisms(5) pkix(7) } - --- ISO arc for standard certificate and CRL extensions - --- authority key identifier OID and syntax - -AuthorityKeyIdentifier ::= SEQUENCE { - keyIdentifier [0] KeyIdentifier OPTIONAL, - authorityCertIssuer [1] GeneralNames OPTIONAL, - authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } - -- authorityCertIssuer and authorityCertSerialNumber shall both - -- be present or both be absgent - -KeyIdentifier ::= OCTET STRING - --- subject key identifier OID and syntax - -SubjectKeyIdentifier ::= KeyIdentifier - --- key usage extension OID and syntax - -KeyUsage ::= BIT STRING - --- Directory string type -- - -DirectoryString ::= CHOICE { - teletexString TeletexString (SIZE (1..MAX)), - printableString PrintableString (SIZE (1..MAX)), - universalString UniversalString (SIZE (1..MAX)), - utf8String UTF8String (SIZE (1..MAX)), - bmpString BMPString (SIZE(1..MAX)), - -- IA5String is added here to handle old UID encoded as ia5String -- - -- See tests/userid/ for more information. It shouldn't be here, -- - -- so if it causes problems, considering dropping it. -- - ia5String IA5String (SIZE(1..MAX)) } - -SubjectAltName ::= GeneralNames - -GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName - -GeneralName ::= CHOICE { - otherName [0] AnotherName, - rfc822Name [1] IA5String, - dNSName [2] IA5String, - x400Address [3] ANY, --- Changed to work with the libtasn1 parser. - directoryName [4] EXPLICIT RDNSequence, --Name, - ediPartyName [5] ANY, --EDIPartyName replaced by ANY to save memory - uniformResourceIdentifier [6] IA5String, - iPAddress [7] OCTET STRING, - registeredID [8] OBJECT IDENTIFIER } - --- AnotherName replaces OTHER-NAME ::= TYPE-IDENTIFIER, as --- TYPE-IDENTIFIER is not supported in the '88 ASN.1 syntax - -AnotherName ::= SEQUENCE { - type-id OBJECT IDENTIFIER, - value [0] EXPLICIT ANY DEFINED BY type-id } - --- issuer alternative name extension OID and syntax - -IssuerAltName ::= GeneralNames - --- basic constraints extension OID and syntax - -BasicConstraints ::= SEQUENCE { - cA BOOLEAN DEFAULT FALSE, - pathLenConstraint INTEGER (0..MAX) OPTIONAL } - --- CRL distribution points extension OID and syntax - -CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint - -DistributionPoint ::= SEQUENCE { - distributionPoint [0] EXPLICIT DistributionPointName OPTIONAL, - reasons [1] ReasonFlags OPTIONAL, - cRLIssuer [2] GeneralNames OPTIONAL -} - -DistributionPointName ::= CHOICE { - fullName [0] GeneralNames, - nameRelativeToCRLIssuer [1] RelativeDistinguishedName -} - -ReasonFlags ::= BIT STRING - --- extended key usage extension OID and syntax - -ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId - -KeyPurposeId ::= OBJECT IDENTIFIER - --- CRL number extension OID and syntax - -CRLNumber ::= INTEGER (0..MAX) - --- certificate issuer CRL entry extension OID and syntax - -CertificateIssuer ::= GeneralNames - --- -------------------------------------- --- EXPLICIT --- -------------------------------------- - --- UNIVERSAL Types defined in '93 and '98 ASN.1 --- but required by this specification - -NumericString ::= [UNIVERSAL 18] IMPLICIT OCTET STRING - -IA5String ::= [UNIVERSAL 22] IMPLICIT OCTET STRING - -TeletexString ::= [UNIVERSAL 20] IMPLICIT OCTET STRING - -PrintableString ::= [UNIVERSAL 19] IMPLICIT OCTET STRING - -UniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING - -- UniversalString is defined in ASN.1:1993 - -BMPString ::= [UNIVERSAL 30] IMPLICIT OCTET STRING - -- BMPString is the subtype of UniversalString and models - -- the Basic Multilingual Plane of ISO/IEC/ITU 10646-1 - -UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING - -- The content of this type conforms to RFC 2279. - - --- attribute data types -- - -Attribute ::= SEQUENCE { - type AttributeType, - values SET OF AttributeValue - -- at least one value is required -- -} - -AttributeType ::= OBJECT IDENTIFIER - -AttributeValue ::= ANY DEFINED BY type - -AttributeTypeAndValue ::= SEQUENCE { - type AttributeType, - value AttributeValue } - --- suggested naming attributes: Definition of the following --- information object set may be augmented to meet local --- requirements. Note that deleting members of the set may --- prevent interoperability with conforming implementations. --- presented in pairs: the AttributeType followed by the --- type definition for the corresponding AttributeValue - --- Arc for standard naming attributes -id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} - --- Attributes of type NameDirectoryString - --- gnutls: Note that the Object ID (id-at*) is being set just before the --- actual definition. This is done in order for asn1_find_structure_from_oid --- to work (locate structure from OID). --- Maybe this is inefficient and memory consuming. Should we replace with --- a table that maps OIDs to structures? - -PostalAddress ::= SEQUENCE OF DirectoryString - - -- Legacy attributes - -emailAddress AttributeType ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 1 } - -Pkcs9email ::= IA5String (SIZE (1..ub-emailaddress-length)) - --- naming data types -- - -Name ::= CHOICE { -- only one possibility for now -- - rdnSequence RDNSequence } - -RDNSequence ::= SEQUENCE OF RelativeDistinguishedName - -DistinguishedName ::= RDNSequence - -RelativeDistinguishedName ::= - SET SIZE (1 .. MAX) OF AttributeTypeAndValue - - - --- -------------------------------------------------------- --- certificate and CRL specific structures begin here --- -------------------------------------------------------- - -Certificate ::= SEQUENCE { - tbsCertificate TBSCertificate, - signatureAlgorithm AlgorithmIdentifier, - signature BIT STRING } - -TBSCertificate ::= SEQUENCE { - version [0] EXPLICIT Version DEFAULT v1, - serialNumber CertificateSerialNumber, - signature AlgorithmIdentifier, - issuer Name, - validity Validity, - subject Name, - subjectPublicKeyInfo SubjectPublicKeyInfo, - issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, - -- If present, version shall be v2 or v3 - subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, - -- If present, version shall be v2 or v3 - extensions [3] EXPLICIT Extensions OPTIONAL - -- If present, version shall be v3 -- -} - -Version ::= INTEGER { v1(0), v2(1), v3(2) } - -CertificateSerialNumber ::= INTEGER - -Validity ::= SEQUENCE { - notBefore Time, - notAfter Time } - -Time ::= CHOICE { - utcTime UTCTime, - generalTime GeneralizedTime } - -UniqueIdentifier ::= BIT STRING - -SubjectPublicKeyInfo ::= SEQUENCE { - algorithm AlgorithmIdentifier, - subjectPublicKey BIT STRING } - -Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension - -Extension ::= SEQUENCE { - extnID OBJECT IDENTIFIER, - critical BOOLEAN DEFAULT FALSE, - extnValue OCTET STRING } - - --- ------------------------------------------ --- CRL structures --- ------------------------------------------ - -CertificateList ::= SEQUENCE { - tbsCertList TBSCertList, - signatureAlgorithm AlgorithmIdentifier, - signature BIT STRING } - -TBSCertList ::= SEQUENCE { - version Version OPTIONAL, - -- if present, shall be v2 - signature AlgorithmIdentifier, - issuer Name, - thisUpdate Time, - nextUpdate Time OPTIONAL, - revokedCertificates SEQUENCE OF SEQUENCE { - userCertificate CertificateSerialNumber, - revocationDate Time, - crlEntryExtensions Extensions OPTIONAL - -- if present, shall be v2 - } OPTIONAL, - crlExtensions [0] EXPLICIT Extensions OPTIONAL - -- if present, shall be v2 -- -} - --- Version, Time, CertificateSerialNumber, and Extensions were --- defined earlier for use in the certificate structure - -AlgorithmIdentifier ::= SEQUENCE { - algorithm OBJECT IDENTIFIER, - parameters ANY DEFINED BY algorithm OPTIONAL } - -- contains a value of the type - -- registered for use with the - -- algorithm object identifier value - --- Algorithm OIDs and parameter structures - -Dss-Sig-Value ::= SEQUENCE { - r INTEGER, - s INTEGER -} - -DomainParameters ::= SEQUENCE { - p INTEGER, -- odd prime, p=jq +1 - g INTEGER, -- generator, g - q INTEGER, -- factor of p-1 - j INTEGER OPTIONAL, -- subgroup factor, j>= 2 - validationParms ValidationParms OPTIONAL } - -ValidationParms ::= SEQUENCE { - seed BIT STRING, - pgenCounter INTEGER } - -Dss-Parms ::= SEQUENCE { - p INTEGER, - q INTEGER, - g INTEGER } - --- x400 address syntax starts here --- OR Names - -CountryName ::= [APPLICATION 1] CHOICE { - x121-dcc-code NumericString - (SIZE (ub-country-name-numeric-length)), - iso-3166-alpha2-code PrintableString - (SIZE (ub-country-name-alpha-length)) } - -OrganizationName ::= PrintableString - (SIZE (1..ub-organization-name-length)) --- see also teletex-organization-name - -NumericUserIdentifier ::= NumericString - (SIZE (1..ub-numeric-user-id-length)) - --- see also teletex-personal-name - -OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units) - OF OrganizationalUnitName --- see also teletex-organizational-unit-names - -OrganizationalUnitName ::= PrintableString (SIZE - (1..ub-organizational-unit-name-length)) - --- Extension types and attribute values --- - -CommonName ::= PrintableString - --- END of PKIX1Implicit88 - - --- BEGIN of RFC2630 - --- Cryptographic Message Syntax - -pkcs-7-ContentInfo ::= SEQUENCE { - contentType pkcs-7-ContentType, - content [0] EXPLICIT ANY DEFINED BY contentType } - -pkcs-7-DigestInfo ::= SEQUENCE { - digestAlgorithm pkcs-7-DigestAlgorithmIdentifier, - digest pkcs-7-Digest -} - -pkcs-7-Digest ::= OCTET STRING - -pkcs-7-ContentType ::= OBJECT IDENTIFIER - -pkcs-7-SignedData ::= SEQUENCE { - version pkcs-7-CMSVersion, - digestAlgorithms pkcs-7-DigestAlgorithmIdentifiers, - encapContentInfo pkcs-7-EncapsulatedContentInfo, - certificates [0] IMPLICIT pkcs-7-CertificateSet OPTIONAL, - crls [1] IMPLICIT pkcs-7-CertificateRevocationLists OPTIONAL, - signerInfos pkcs-7-SignerInfos -} - -pkcs-7-CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4) } - -pkcs-7-DigestAlgorithmIdentifiers ::= SET OF pkcs-7-DigestAlgorithmIdentifier - -pkcs-7-DigestAlgorithmIdentifier ::= AlgorithmIdentifier - -pkcs-7-EncapsulatedContentInfo ::= SEQUENCE { - eContentType pkcs-7-ContentType, - eContent [0] EXPLICIT OCTET STRING OPTIONAL } - --- We don't use CertificateList here since we only want --- to read the raw data. -pkcs-7-CertificateRevocationLists ::= SET OF ANY - -pkcs-7-CertificateChoices ::= CHOICE { --- Although the paper uses Certificate type, we --- don't use it since, we don't need to parse it. --- We only need to read and store it. - certificate ANY -} - -pkcs-7-CertificateSet ::= SET OF pkcs-7-CertificateChoices - -pkcs-7-SignerInfos ::= SET OF ANY -- this is not correct but we don't use it - -- anyway - - --- BEGIN of RFC2986 - --- Certificate requests -pkcs-10-CertificationRequestInfo ::= SEQUENCE { - version INTEGER { v1(0) }, - subject Name, - subjectPKInfo SubjectPublicKeyInfo, - attributes [0] Attributes -} - -Attributes ::= SET OF Attribute - -pkcs-10-CertificationRequest ::= SEQUENCE { - certificationRequestInfo pkcs-10-CertificationRequestInfo, - signatureAlgorithm AlgorithmIdentifier, - signature BIT STRING -} - --- stuff from PKCS#9 - -pkcs-9-at-challengePassword OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 7} - -pkcs-9-challengePassword ::= CHOICE { - printableString PrintableString, - utf8String UTF8String } - -pkcs-9-localKeyId ::= OCTET STRING - --- PKCS #8 stuff - --- Private-key information syntax - -pkcs-8-PrivateKeyInfo ::= SEQUENCE { - version pkcs-8-Version, - privateKeyAlgorithm AlgorithmIdentifier, - privateKey pkcs-8-PrivateKey, - attributes [0] Attributes OPTIONAL } - -pkcs-8-Version ::= INTEGER {v1(0)} - -pkcs-8-PrivateKey ::= OCTET STRING - -pkcs-8-Attributes ::= SET OF Attribute - --- Encrypted private-key information syntax - -pkcs-8-EncryptedPrivateKeyInfo ::= SEQUENCE { - encryptionAlgorithm AlgorithmIdentifier, - encryptedData pkcs-8-EncryptedData -} - -pkcs-8-EncryptedData ::= OCTET STRING - --- PKCS #5 stuff - -pkcs-5-des-EDE3-CBC-params ::= OCTET STRING (SIZE(8)) -pkcs-5-aes128-CBC-params ::= OCTET STRING (SIZE(16)) -pkcs-5-aes192-CBC-params ::= OCTET STRING (SIZE(16)) -pkcs-5-aes256-CBC-params ::= OCTET STRING (SIZE(16)) - -pkcs-5-PBES2-params ::= SEQUENCE { - keyDerivationFunc AlgorithmIdentifier, - encryptionScheme AlgorithmIdentifier } - --- PBKDF2 - --- pkcs-5-algid-hmacWithSHA1 AlgorithmIdentifier ::= --- {algorithm pkcs-5-id-hmacWithSHA1, parameters NULL : NULL} - -pkcs-5-PBKDF2-params ::= SEQUENCE { - salt CHOICE { - specified OCTET STRING, - otherSource AlgorithmIdentifier - }, - iterationCount INTEGER (1..MAX), - keyLength INTEGER (1..MAX) OPTIONAL, - prf AlgorithmIdentifier OPTIONAL -- DEFAULT pkcs-5-id-hmacWithSHA1 -} - --- PKCS #12 stuff - -pkcs-12-PFX ::= SEQUENCE { - version INTEGER {v3(3)}, - authSafe pkcs-7-ContentInfo, - macData pkcs-12-MacData OPTIONAL -} - -pkcs-12-PbeParams ::= SEQUENCE { - salt OCTET STRING, - iterations INTEGER -} - -pkcs-12-MacData ::= SEQUENCE { - mac pkcs-7-DigestInfo, - macSalt OCTET STRING, - iterations INTEGER DEFAULT 1 --- Note: The default is for historical reasons and its use is --- deprecated. A higher value, like 1024 is recommended. -} - -pkcs-12-AuthenticatedSafe ::= SEQUENCE OF pkcs-7-ContentInfo - -- Data if unencrypted - -- EncryptedData if password-encrypted - -- EnvelopedData if public key-encrypted - -pkcs-12-SafeContents ::= SEQUENCE OF pkcs-12-SafeBag - -pkcs-12-SafeBag ::= SEQUENCE { - bagId OBJECT IDENTIFIER, - bagValue [0] EXPLICIT ANY DEFINED BY badId, - bagAttributes SET OF pkcs-12-PKCS12Attribute OPTIONAL -} - --- Bag types - -pkcs-12-KeyBag ::= pkcs-8-PrivateKeyInfo - --- Shrouded KeyBag - -pkcs-12-PKCS8ShroudedKeyBag ::= pkcs-8-EncryptedPrivateKeyInfo - --- CertBag - -pkcs-12-CertBag ::= SEQUENCE { - certId OBJECT IDENTIFIER, - certValue [0] EXPLICIT ANY DEFINED BY certId -} - --- x509Certificate BAG-TYPE ::= {OCTET STRING IDENTIFIED BY {pkcs-9-certTypes 1}} --- DER-encoded X.509 certificate stored in OCTET STRING - -pkcs-12-CRLBag ::= SEQUENCE { - crlId OBJECT IDENTIFIER, - crlValue [0] EXPLICIT ANY DEFINED BY crlId -} - -pkcs-12-SecretBag ::= SEQUENCE { - secretTypeId OBJECT IDENTIFIER, - secretValue [0] EXPLICIT ANY DEFINED BY secretTypeId -} - --- x509CRL BAG-TYPE ::= {OCTET STRING IDENTIFIED BY {pkcs-9-crlTypes 1}} --- DER-encoded X.509 CRL stored in OCTET STRING - -pkcs-12-PKCS12Attribute ::= Attribute - --- PKCS #7 stuff (needed in PKCS 12) - -pkcs-7-Data ::= OCTET STRING - -pkcs-7-EncryptedData ::= SEQUENCE { - version pkcs-7-CMSVersion, - encryptedContentInfo pkcs-7-EncryptedContentInfo, - unprotectedAttrs [1] IMPLICIT pkcs-7-UnprotectedAttributes OPTIONAL } - -pkcs-7-EncryptedContentInfo ::= SEQUENCE { - contentType pkcs-7-ContentType, - contentEncryptionAlgorithm pkcs-7-ContentEncryptionAlgorithmIdentifier, - encryptedContent [0] IMPLICIT pkcs-7-EncryptedContent OPTIONAL } - -pkcs-7-ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier - -pkcs-7-EncryptedContent ::= OCTET STRING - -pkcs-7-UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute - --- rfc3820 - -ProxyCertInfo ::= SEQUENCE { - pCPathLenConstraint INTEGER (0..MAX) OPTIONAL, - proxyPolicy ProxyPolicy } - -ProxyPolicy ::= SEQUENCE { - policyLanguage OBJECT IDENTIFIER, - policy OCTET STRING OPTIONAL } - -END diff --git a/trust/pkix.asn.h b/trust/pkix.asn.h deleted file mode 100644 index d5d5cc4..0000000 --- a/trust/pkix.asn.h +++ /dev/null @@ -1,408 +0,0 @@ -#if HAVE_CONFIG_H -# include "config.h" -#endif - -#include - -const ASN1_ARRAY_TYPE pkix_asn1_tab[] = { - { "PKIX1", 536875024, NULL }, - { NULL, 1073741836, NULL }, - { "id-pkix", 1879048204, NULL }, - { "iso", 1073741825, "1"}, - { "identified-organization", 1073741825, "3"}, - { "dod", 1073741825, "6"}, - { "internet", 1073741825, "1"}, - { "security", 1073741825, "5"}, - { "mechanisms", 1073741825, "5"}, - { "pkix", 1, "7"}, - { "AuthorityKeyIdentifier", 1610612741, NULL }, - { "keyIdentifier", 1610637314, "KeyIdentifier"}, - { NULL, 4104, "0"}, - { "authorityCertIssuer", 1610637314, "GeneralNames"}, - { NULL, 4104, "1"}, - { "authorityCertSerialNumber", 536895490, "CertificateSerialNumber"}, - { NULL, 4104, "2"}, - { "KeyIdentifier", 1073741831, NULL }, - { "SubjectKeyIdentifier", 1073741826, "KeyIdentifier"}, - { "KeyUsage", 1073741830, NULL }, - { "DirectoryString", 1610612754, NULL }, - { "teletexString", 1612709890, "TeletexString"}, - { "MAX", 524298, "1"}, - { "printableString", 1612709890, "PrintableString"}, - { "MAX", 524298, "1"}, - { "universalString", 1612709890, "UniversalString"}, - { "MAX", 524298, "1"}, - { "utf8String", 1612709890, "UTF8String"}, - { "MAX", 524298, "1"}, - { "bmpString", 1612709890, "BMPString"}, - { "MAX", 524298, "1"}, - { "ia5String", 538968066, "IA5String"}, - { "MAX", 524298, "1"}, - { "SubjectAltName", 1073741826, "GeneralNames"}, - { "GeneralNames", 1612709899, NULL }, - { "MAX", 1074266122, "1"}, - { NULL, 2, "GeneralName"}, - { "GeneralName", 1610612754, NULL }, - { "otherName", 1610620930, "AnotherName"}, - { NULL, 4104, "0"}, - { "rfc822Name", 1610620930, "IA5String"}, - { NULL, 4104, "1"}, - { "dNSName", 1610620930, "IA5String"}, - { NULL, 4104, "2"}, - { "x400Address", 1610620941, NULL }, - { NULL, 4104, "3"}, - { "directoryName", 1610620930, "RDNSequence"}, - { NULL, 2056, "4"}, - { "ediPartyName", 1610620941, NULL }, - { NULL, 4104, "5"}, - { "uniformResourceIdentifier", 1610620930, "IA5String"}, - { NULL, 4104, "6"}, - { "iPAddress", 1610620935, NULL }, - { NULL, 4104, "7"}, - { "registeredID", 536879116, NULL }, - { NULL, 4104, "8"}, - { "AnotherName", 1610612741, NULL }, - { "type-id", 1073741836, NULL }, - { "value", 541073421, NULL }, - { NULL, 1073743880, "0"}, - { "type-id", 1, NULL }, - { "IssuerAltName", 1073741826, "GeneralNames"}, - { "BasicConstraints", 1610612741, NULL }, - { "cA", 1610645508, NULL }, - { NULL, 131081, NULL }, - { "pathLenConstraint", 537411587, NULL }, - { "0", 10, "MAX"}, - { "CRLDistributionPoints", 1612709899, NULL }, - { "MAX", 1074266122, "1"}, - { NULL, 2, "DistributionPoint"}, - { "DistributionPoint", 1610612741, NULL }, - { "distributionPoint", 1610637314, "DistributionPointName"}, - { NULL, 2056, "0"}, - { "reasons", 1610637314, "ReasonFlags"}, - { NULL, 4104, "1"}, - { "cRLIssuer", 536895490, "GeneralNames"}, - { NULL, 4104, "2"}, - { "DistributionPointName", 1610612754, NULL }, - { "fullName", 1610620930, "GeneralNames"}, - { NULL, 4104, "0"}, - { "nameRelativeToCRLIssuer", 536879106, "RelativeDistinguishedName"}, - { NULL, 4104, "1"}, - { "ReasonFlags", 1073741830, NULL }, - { "ExtKeyUsageSyntax", 1612709899, NULL }, - { "MAX", 1074266122, "1"}, - { NULL, 2, "KeyPurposeId"}, - { "KeyPurposeId", 1073741836, NULL }, - { "CRLNumber", 1611137027, NULL }, - { "0", 10, "MAX"}, - { "CertificateIssuer", 1073741826, "GeneralNames"}, - { "NumericString", 1610620935, NULL }, - { NULL, 4360, "18"}, - { "IA5String", 1610620935, NULL }, - { NULL, 4360, "22"}, - { "TeletexString", 1610620935, NULL }, - { NULL, 4360, "20"}, - { "PrintableString", 1610620935, NULL }, - { NULL, 4360, "19"}, - { "UniversalString", 1610620935, NULL }, - { NULL, 4360, "28"}, - { "BMPString", 1610620935, NULL }, - { NULL, 4360, "30"}, - { "UTF8String", 1610620935, NULL }, - { NULL, 4360, "12"}, - { "Attribute", 1610612741, NULL }, - { "type", 1073741826, "AttributeType"}, - { "values", 536870927, NULL }, - { NULL, 2, "AttributeValue"}, - { "AttributeType", 1073741836, NULL }, - { "AttributeValue", 1614807053, NULL }, - { "type", 1, NULL }, - { "AttributeTypeAndValue", 1610612741, NULL }, - { "type", 1073741826, "AttributeType"}, - { "value", 2, "AttributeValue"}, - { "id-at", 1879048204, NULL }, - { "joint-iso-ccitt", 1073741825, "2"}, - { "ds", 1073741825, "5"}, - { NULL, 1, "4"}, - { "PostalAddress", 1610612747, NULL }, - { NULL, 2, "DirectoryString"}, - { "emailAddress", 1880096780, "AttributeType"}, - { "iso", 1073741825, "1"}, - { "member-body", 1073741825, "2"}, - { "us", 1073741825, "840"}, - { "rsadsi", 1073741825, "113549"}, - { "pkcs", 1073741825, "1"}, - { NULL, 1073741825, "9"}, - { NULL, 1, "1"}, - { "Pkcs9email", 1612709890, "IA5String"}, - { "ub-emailaddress-length", 524298, "1"}, - { "Name", 1610612754, NULL }, - { "rdnSequence", 2, "RDNSequence"}, - { "RDNSequence", 1610612747, NULL }, - { NULL, 2, "RelativeDistinguishedName"}, - { "DistinguishedName", 1073741826, "RDNSequence"}, - { "RelativeDistinguishedName", 1612709903, NULL }, - { "MAX", 1074266122, "1"}, - { NULL, 2, "AttributeTypeAndValue"}, - { "Certificate", 1610612741, NULL }, - { "tbsCertificate", 1073741826, "TBSCertificate"}, - { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"}, - { "signature", 6, NULL }, - { "TBSCertificate", 1610612741, NULL }, - { "version", 1610653698, "Version"}, - { NULL, 1073741833, "v1"}, - { NULL, 2056, "0"}, - { "serialNumber", 1073741826, "CertificateSerialNumber"}, - { "signature", 1073741826, "AlgorithmIdentifier"}, - { "issuer", 1073741826, "Name"}, - { "validity", 1073741826, "Validity"}, - { "subject", 1073741826, "Name"}, - { "subjectPublicKeyInfo", 1073741826, "SubjectPublicKeyInfo"}, - { "issuerUniqueID", 1610637314, "UniqueIdentifier"}, - { NULL, 4104, "1"}, - { "subjectUniqueID", 1610637314, "UniqueIdentifier"}, - { NULL, 4104, "2"}, - { "extensions", 536895490, "Extensions"}, - { NULL, 2056, "3"}, - { "Version", 1610874883, NULL }, - { "v1", 1073741825, "0"}, - { "v2", 1073741825, "1"}, - { "v3", 1, "2"}, - { "CertificateSerialNumber", 1073741827, NULL }, - { "Validity", 1610612741, NULL }, - { "notBefore", 1073741826, "Time"}, - { "notAfter", 2, "Time"}, - { "Time", 1610612754, NULL }, - { "utcTime", 1090519057, NULL }, - { "generalTime", 8388625, NULL }, - { "UniqueIdentifier", 1073741830, NULL }, - { "SubjectPublicKeyInfo", 1610612741, NULL }, - { "algorithm", 1073741826, "AlgorithmIdentifier"}, - { "subjectPublicKey", 6, NULL }, - { "Extensions", 1612709899, NULL }, - { "MAX", 1074266122, "1"}, - { NULL, 2, "Extension"}, - { "Extension", 1610612741, NULL }, - { "extnID", 1073741836, NULL }, - { "critical", 1610645508, NULL }, - { NULL, 131081, NULL }, - { "extnValue", 7, NULL }, - { "CertificateList", 1610612741, NULL }, - { "tbsCertList", 1073741826, "TBSCertList"}, - { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"}, - { "signature", 6, NULL }, - { "TBSCertList", 1610612741, NULL }, - { "version", 1073758210, "Version"}, - { "signature", 1073741826, "AlgorithmIdentifier"}, - { "issuer", 1073741826, "Name"}, - { "thisUpdate", 1073741826, "Time"}, - { "nextUpdate", 1073758210, "Time"}, - { "revokedCertificates", 1610629131, NULL }, - { NULL, 536870917, NULL }, - { "userCertificate", 1073741826, "CertificateSerialNumber"}, - { "revocationDate", 1073741826, "Time"}, - { "crlEntryExtensions", 16386, "Extensions"}, - { "crlExtensions", 536895490, "Extensions"}, - { NULL, 2056, "0"}, - { "AlgorithmIdentifier", 1610612741, NULL }, - { "algorithm", 1073741836, NULL }, - { "parameters", 541081613, NULL }, - { "algorithm", 1, NULL }, - { "Dss-Sig-Value", 1610612741, NULL }, - { "r", 1073741827, NULL }, - { "s", 3, NULL }, - { "DomainParameters", 1610612741, NULL }, - { "p", 1073741827, NULL }, - { "g", 1073741827, NULL }, - { "q", 1073741827, NULL }, - { "j", 1073758211, NULL }, - { "validationParms", 16386, "ValidationParms"}, - { "ValidationParms", 1610612741, NULL }, - { "seed", 1073741830, NULL }, - { "pgenCounter", 3, NULL }, - { "Dss-Parms", 1610612741, NULL }, - { "p", 1073741827, NULL }, - { "q", 1073741827, NULL }, - { "g", 3, NULL }, - { "CountryName", 1610620946, NULL }, - { NULL, 1073746952, "1"}, - { "x121-dcc-code", 1612709890, "NumericString"}, - { NULL, 1048586, "ub-country-name-numeric-length"}, - { "iso-3166-alpha2-code", 538968066, "PrintableString"}, - { NULL, 1048586, "ub-country-name-alpha-length"}, - { "OrganizationName", 1612709890, "PrintableString"}, - { "ub-organization-name-length", 524298, "1"}, - { "NumericUserIdentifier", 1612709890, "NumericString"}, - { "ub-numeric-user-id-length", 524298, "1"}, - { "OrganizationalUnitNames", 1612709899, NULL }, - { "ub-organizational-units", 1074266122, "1"}, - { NULL, 2, "OrganizationalUnitName"}, - { "OrganizationalUnitName", 1612709890, "PrintableString"}, - { "ub-organizational-unit-name-length", 524298, "1"}, - { "CommonName", 1073741826, "PrintableString"}, - { "pkcs-7-ContentInfo", 1610612741, NULL }, - { "contentType", 1073741826, "pkcs-7-ContentType"}, - { "content", 541073421, NULL }, - { NULL, 1073743880, "0"}, - { "contentType", 1, NULL }, - { "pkcs-7-DigestInfo", 1610612741, NULL }, - { "digestAlgorithm", 1073741826, "pkcs-7-DigestAlgorithmIdentifier"}, - { "digest", 2, "pkcs-7-Digest"}, - { "pkcs-7-Digest", 1073741831, NULL }, - { "pkcs-7-ContentType", 1073741836, NULL }, - { "pkcs-7-SignedData", 1610612741, NULL }, - { "version", 1073741826, "pkcs-7-CMSVersion"}, - { "digestAlgorithms", 1073741826, "pkcs-7-DigestAlgorithmIdentifiers"}, - { "encapContentInfo", 1073741826, "pkcs-7-EncapsulatedContentInfo"}, - { "certificates", 1610637314, "pkcs-7-CertificateSet"}, - { NULL, 4104, "0"}, - { "crls", 1610637314, "pkcs-7-CertificateRevocationLists"}, - { NULL, 4104, "1"}, - { "signerInfos", 2, "pkcs-7-SignerInfos"}, - { "pkcs-7-CMSVersion", 1610874883, NULL }, - { "v0", 1073741825, "0"}, - { "v1", 1073741825, "1"}, - { "v2", 1073741825, "2"}, - { "v3", 1073741825, "3"}, - { "v4", 1, "4"}, - { "pkcs-7-DigestAlgorithmIdentifiers", 1610612751, NULL }, - { NULL, 2, "pkcs-7-DigestAlgorithmIdentifier"}, - { "pkcs-7-DigestAlgorithmIdentifier", 1073741826, "AlgorithmIdentifier"}, - { "pkcs-7-EncapsulatedContentInfo", 1610612741, NULL }, - { "eContentType", 1073741826, "pkcs-7-ContentType"}, - { "eContent", 536895495, NULL }, - { NULL, 2056, "0"}, - { "pkcs-7-CertificateRevocationLists", 1610612751, NULL }, - { NULL, 13, NULL }, - { "pkcs-7-CertificateChoices", 1610612754, NULL }, - { "certificate", 13, NULL }, - { "pkcs-7-CertificateSet", 1610612751, NULL }, - { NULL, 2, "pkcs-7-CertificateChoices"}, - { "pkcs-7-SignerInfos", 1610612751, NULL }, - { NULL, 13, NULL }, - { "pkcs-10-CertificationRequestInfo", 1610612741, NULL }, - { "version", 1610874883, NULL }, - { "v1", 1, "0"}, - { "subject", 1073741826, "Name"}, - { "subjectPKInfo", 1073741826, "SubjectPublicKeyInfo"}, - { "attributes", 536879106, "Attributes"}, - { NULL, 4104, "0"}, - { "Attributes", 1610612751, NULL }, - { NULL, 2, "Attribute"}, - { "pkcs-10-CertificationRequest", 1610612741, NULL }, - { "certificationRequestInfo", 1073741826, "pkcs-10-CertificationRequestInfo"}, - { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"}, - { "signature", 6, NULL }, - { "pkcs-9-at-challengePassword", 1879048204, NULL }, - { "iso", 1073741825, "1"}, - { "member-body", 1073741825, "2"}, - { "us", 1073741825, "840"}, - { "rsadsi", 1073741825, "113549"}, - { "pkcs", 1073741825, "1"}, - { NULL, 1073741825, "9"}, - { NULL, 1, "7"}, - { "pkcs-9-challengePassword", 1610612754, NULL }, - { "printableString", 1073741826, "PrintableString"}, - { "utf8String", 2, "UTF8String"}, - { "pkcs-9-localKeyId", 1073741831, NULL }, - { "pkcs-8-PrivateKeyInfo", 1610612741, NULL }, - { "version", 1073741826, "pkcs-8-Version"}, - { "privateKeyAlgorithm", 1073741826, "AlgorithmIdentifier"}, - { "privateKey", 1073741826, "pkcs-8-PrivateKey"}, - { "attributes", 536895490, "Attributes"}, - { NULL, 4104, "0"}, - { "pkcs-8-Version", 1610874883, NULL }, - { "v1", 1, "0"}, - { "pkcs-8-PrivateKey", 1073741831, NULL }, - { "pkcs-8-Attributes", 1610612751, NULL }, - { NULL, 2, "Attribute"}, - { "pkcs-8-EncryptedPrivateKeyInfo", 1610612741, NULL }, - { "encryptionAlgorithm", 1073741826, "AlgorithmIdentifier"}, - { "encryptedData", 2, "pkcs-8-EncryptedData"}, - { "pkcs-8-EncryptedData", 1073741831, NULL }, - { "pkcs-5-des-EDE3-CBC-params", 1612709895, NULL }, - { NULL, 1048586, "8"}, - { "pkcs-5-aes128-CBC-params", 1612709895, NULL }, - { NULL, 1048586, "16"}, - { "pkcs-5-aes192-CBC-params", 1612709895, NULL }, - { NULL, 1048586, "16"}, - { "pkcs-5-aes256-CBC-params", 1612709895, NULL }, - { NULL, 1048586, "16"}, - { "pkcs-5-PBES2-params", 1610612741, NULL }, - { "keyDerivationFunc", 1073741826, "AlgorithmIdentifier"}, - { "encryptionScheme", 2, "AlgorithmIdentifier"}, - { "pkcs-5-PBKDF2-params", 1610612741, NULL }, - { "salt", 1610612754, NULL }, - { "specified", 1073741831, NULL }, - { "otherSource", 2, "AlgorithmIdentifier"}, - { "iterationCount", 1611137027, NULL }, - { "1", 10, "MAX"}, - { "keyLength", 1611153411, NULL }, - { "1", 10, "MAX"}, - { "prf", 16386, "AlgorithmIdentifier"}, - { "pkcs-12-PFX", 1610612741, NULL }, - { "version", 1610874883, NULL }, - { "v3", 1, "3"}, - { "authSafe", 1073741826, "pkcs-7-ContentInfo"}, - { "macData", 16386, "pkcs-12-MacData"}, - { "pkcs-12-PbeParams", 1610612741, NULL }, - { "salt", 1073741831, NULL }, - { "iterations", 3, NULL }, - { "pkcs-12-MacData", 1610612741, NULL }, - { "mac", 1073741826, "pkcs-7-DigestInfo"}, - { "macSalt", 1073741831, NULL }, - { "iterations", 536903683, NULL }, - { NULL, 9, "1"}, - { "pkcs-12-AuthenticatedSafe", 1610612747, NULL }, - { NULL, 2, "pkcs-7-ContentInfo"}, - { "pkcs-12-SafeContents", 1610612747, NULL }, - { NULL, 2, "pkcs-12-SafeBag"}, - { "pkcs-12-SafeBag", 1610612741, NULL }, - { "bagId", 1073741836, NULL }, - { "bagValue", 1614815245, NULL }, - { NULL, 1073743880, "0"}, - { "badId", 1, NULL }, - { "bagAttributes", 536887311, NULL }, - { NULL, 2, "pkcs-12-PKCS12Attribute"}, - { "pkcs-12-KeyBag", 1073741826, "pkcs-8-PrivateKeyInfo"}, - { "pkcs-12-PKCS8ShroudedKeyBag", 1073741826, "pkcs-8-EncryptedPrivateKeyInfo"}, - { "pkcs-12-CertBag", 1610612741, NULL }, - { "certId", 1073741836, NULL }, - { "certValue", 541073421, NULL }, - { NULL, 1073743880, "0"}, - { "certId", 1, NULL }, - { "pkcs-12-CRLBag", 1610612741, NULL }, - { "crlId", 1073741836, NULL }, - { "crlValue", 541073421, NULL }, - { NULL, 1073743880, "0"}, - { "crlId", 1, NULL }, - { "pkcs-12-SecretBag", 1610612741, NULL }, - { "secretTypeId", 1073741836, NULL }, - { "secretValue", 541073421, NULL }, - { NULL, 1073743880, "0"}, - { "secretTypeId", 1, NULL }, - { "pkcs-12-PKCS12Attribute", 1073741826, "Attribute"}, - { "pkcs-7-Data", 1073741831, NULL }, - { "pkcs-7-EncryptedData", 1610612741, NULL }, - { "version", 1073741826, "pkcs-7-CMSVersion"}, - { "encryptedContentInfo", 1073741826, "pkcs-7-EncryptedContentInfo"}, - { "unprotectedAttrs", 536895490, "pkcs-7-UnprotectedAttributes"}, - { NULL, 4104, "1"}, - { "pkcs-7-EncryptedContentInfo", 1610612741, NULL }, - { "contentType", 1073741826, "pkcs-7-ContentType"}, - { "contentEncryptionAlgorithm", 1073741826, "pkcs-7-ContentEncryptionAlgorithmIdentifier"}, - { "encryptedContent", 536895490, "pkcs-7-EncryptedContent"}, - { NULL, 4104, "0"}, - { "pkcs-7-ContentEncryptionAlgorithmIdentifier", 1073741826, "AlgorithmIdentifier"}, - { "pkcs-7-EncryptedContent", 1073741831, NULL }, - { "pkcs-7-UnprotectedAttributes", 1612709903, NULL }, - { "MAX", 1074266122, "1"}, - { NULL, 2, "Attribute"}, - { "ProxyCertInfo", 1610612741, NULL }, - { "pCPathLenConstraint", 1611153411, NULL }, - { "0", 10, "MAX"}, - { "proxyPolicy", 2, "ProxyPolicy"}, - { "ProxyPolicy", 536870917, NULL }, - { "policyLanguage", 1073741836, NULL }, - { "policy", 16391, NULL }, - { NULL, 0, NULL } -}; diff --git a/trust/save.c b/trust/save.c deleted file mode 100644 index 66c9050..0000000 --- a/trust/save.c +++ /dev/null @@ -1,593 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "buffer.h" -#include "debug.h" -#include "dict.h" -#include "message.h" -#include "save.h" - -#include - -#include -#include -#include -#include -#include -#include -#include - -struct _p11_save_file { - char *bare; - char *extension; - char *temp; - int fd; - int flags; -}; - -struct _p11_save_dir { - p11_dict *cache; - char *path; - int flags; -}; - -static char * make_unique_name (const char *bare, - const char *extension, - int (*check) (void *, char *), - void *data); - -bool -p11_save_write_and_finish (p11_save_file *file, - const void *data, - ssize_t length) -{ - bool ret; - - if (!file) - return false; - - ret = p11_save_write (file, data, length); - if (!p11_save_finish_file (file, NULL, ret)) - ret = false; - - return ret; -} - -p11_save_file * -p11_save_open_file (const char *path, - const char *extension, - int flags) -{ - p11_save_file *file; - char *temp; - int fd; - - return_val_if_fail (path != NULL, NULL); - - if (extension == NULL) - extension = ""; - - if (asprintf (&temp, "%s%s.XXXXXX", path, extension) < 0) - return_val_if_reached (NULL); - - fd = mkstemp (temp); - if (fd < 0) { - p11_message_err (errno, "couldn't create file: %s%s", path, extension); - free (temp); - return NULL; - } - - file = calloc (1, sizeof (p11_save_file)); - return_val_if_fail (file != NULL, NULL); - file->temp = temp; - file->bare = strdup (path); - return_val_if_fail (file->bare != NULL, NULL); - file->extension = strdup (extension); - return_val_if_fail (file->extension != NULL, NULL); - file->flags = flags; - file->fd = fd; - - return file; -} - -bool -p11_save_write (p11_save_file *file, - const void *data, - ssize_t length) -{ - const unsigned char *buf = data; - ssize_t written = 0; - ssize_t res; - - if (!file) - return false; - - /* Automatically calculate length */ - if (length < 0) { - if (!data) - return true; - length = strlen (data); - } - - while (written < length) { - res = write (file->fd, buf + written, length - written); - if (res <= 0) { - if (errno == EAGAIN || errno == EINTR) - continue; - p11_message_err (errno, "couldn't write to file: %s", file->temp); - return false; - } else { - written += res; - } - } - - return true; -} - -static void -filo_free (p11_save_file *file) -{ - free (file->temp); - free (file->bare); - free (file->extension); - free (file); -} - -#ifdef OS_UNIX - -static int -on_unique_try_link (void *data, - char *path) -{ - p11_save_file *file = data; - - if (link (file->temp, path) < 0) { - if (errno == EEXIST) - return 0; /* Continue trying other names */ - p11_message_err (errno, "couldn't complete writing of file: %s", path); - return -1; - } - - return 1; /* All done */ -} - -#else /* OS_WIN32 */ - -static int -on_unique_try_rename (void *data, - char *path) -{ - p11_save_file *file = data; - - if (rename (file->temp, path) < 0) { - if (errno == EEXIST) - return 0; /* Continue trying other names */ - p11_message ("couldn't complete writing of file: %s", path); - return -1; - } - - return 1; /* All done */ -} - -#endif /* OS_WIN32 */ - -bool -p11_save_finish_file (p11_save_file *file, - char **path_out, - bool commit) -{ - bool ret = true; - char *path; - - if (!file) - return false; - - if (!commit) { - close (file->fd); - unlink (file->temp); - filo_free (file); - return true; - } - - if (asprintf (&path, "%s%s", file->bare, file->extension) < 0) - return_val_if_reached (false); - - if (close (file->fd) < 0) { - p11_message_err (errno, "couldn't write file: %s", file->temp); - ret = false; - -#ifdef OS_UNIX - /* Set the mode of the file, readable by everyone, but not writable */ - } else if (chmod (file->temp, S_IRUSR | S_IRGRP | S_IROTH) < 0) { - p11_message_err (errno, "couldn't set file permissions: %s", file->temp); - ret = false; - - /* Atomically rename the tempfile over the filename */ - } else if (file->flags & P11_SAVE_OVERWRITE) { - if (rename (file->temp, path) < 0) { - p11_message_err (errno, "couldn't complete writing file: %s", path); - ret = false; - } else { - unlink (file->temp); - } - - /* Create a unique name if requested unique file name */ - } else if (file->flags & P11_SAVE_UNIQUE) { - free (path); - path = make_unique_name (file->bare, file->extension, - on_unique_try_link, file); - if (!path) - ret = false; - unlink (file->temp); - - /* When not overwriting, link will fail if filename exists. */ - } else { - if (link (file->temp, path) < 0) { - p11_message_err (errno, "couldn't complete writing of file: %s", path); - ret = false; - } - unlink (file->temp); - -#else /* OS_WIN32 */ - - /* Windows does not do atomic renames, so delete original file first */ - } else { - /* Create a unique name if requested unique file name */ - if (file->flags & P11_SAVE_UNIQUE) { - free (path); - path = make_unique_name (file->bare, file->extension, - on_unique_try_rename, file); - if (!path) - ret = false; - - } else if ((file->flags & P11_SAVE_OVERWRITE) && - unlink (path) < 0 && errno != ENOENT) { - p11_message_err (errno, "couldn't remove original file: %s", path); - ret = false; - } - - if (ret == true && - rename (file->temp, path) < 0) { - p11_message_err (errno, "couldn't complete writing file: %s", path); - ret = false; - } - - unlink (file->temp); - -#endif /* OS_WIN32 */ - } - - if (ret && path_out) { - *path_out = path; - path = NULL; - } - - free (path); - filo_free (file); - return ret; -} - -p11_save_dir * -p11_save_open_directory (const char *path, - int flags) -{ -#ifdef OS_UNIX - struct stat sb; -#endif - p11_save_dir *dir; - - return_val_if_fail (path != NULL, NULL); - -#ifdef OS_UNIX - /* We update the permissions when we finish writing */ - if (mkdir (path, S_IRWXU) < 0) { -#else /* OS_WIN32 */ - if (mkdir (path) < 0) { -#endif - /* Some random error, report it */ - if (errno != EEXIST) { - p11_message_err (errno, "couldn't create directory: %s", path); - - /* The directory exists and we're not overwriting */ - } else if (!(flags & P11_SAVE_OVERWRITE)) { - p11_message ("directory already exists: %s", path); - return NULL; - } -#ifdef OS_UNIX - /* - * If the directory exists on unix, we may have restricted - * the directory permissions to read-only. We have to change - * them back to writable in order for things to work. - */ - if (stat (path, &sb) >= 0) { - if ((sb.st_mode & S_IRWXU) != S_IRWXU && - chmod (path, S_IRWXU | sb.st_mode) < 0) { - p11_message_err (errno, "couldn't make directory writable: %s", path); - return NULL; - } - } -#endif /* OS_UNIX */ - } - - dir = calloc (1, sizeof (p11_save_dir)); - return_val_if_fail (dir != NULL, NULL); - - dir->path = strdup (path); - return_val_if_fail (dir->path != NULL, NULL); - - dir->cache = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, NULL); - return_val_if_fail (dir->cache != NULL, NULL); - - dir->flags = flags; - return dir; -} - -static char * -make_unique_name (const char *bare, - const char *extension, - int (*check) (void *, char *), - void *data) -{ - char unique[16]; - p11_buffer buf; - int ret; - int i; - - assert (bare != NULL); - assert (check != NULL); - - p11_buffer_init_null (&buf, 0); - - for (i = 0; true; i++) { - - p11_buffer_reset (&buf, 64); - - switch (i) { - - /* - * For the first iteration, just build the filename as - * provided by the caller. - */ - case 0: - p11_buffer_add (&buf, bare, -1); - break; - - /* - * On later iterations we try to add a numeric .N suffix - * before the extension, so the resulting file might look - * like filename.1.ext. - * - * As a special case if the extension is already '.0' then - * just just keep incerementing that. - */ - case 1: - if (extension && strcmp (extension, ".0") == 0) - extension = NULL; - /* fall through */ - - default: - p11_buffer_add (&buf, bare, -1); - snprintf (unique, sizeof (unique), ".%d", i); - p11_buffer_add (&buf, unique, -1); - break; - } - - if (extension) - p11_buffer_add (&buf, extension, -1); - - return_val_if_fail (p11_buffer_ok (&buf), NULL); - - ret = check (data, buf.data); - if (ret < 0) - return NULL; - else if (ret > 0) - return p11_buffer_steal (&buf, NULL); - } - - assert_not_reached (); -} - -static int -on_unique_check_dir (void *data, - char *name) -{ - p11_save_dir *dir = data; - - if (!p11_dict_get (dir->cache, name)) - return 1; - - return 0; /* Keep looking */ -} - -p11_save_file * -p11_save_open_file_in (p11_save_dir *dir, - const char *basename, - const char *extension) -{ - p11_save_file *file = NULL; - char *name; - char *path; - - return_val_if_fail (dir != NULL, NULL); - return_val_if_fail (basename != NULL, NULL); - - name = make_unique_name (basename, extension, on_unique_check_dir, dir); - return_val_if_fail (name != NULL, NULL); - - if (asprintf (&path, "%s/%s", dir->path, name) < 0) - return_val_if_reached (NULL); - - file = p11_save_open_file (path, NULL, dir->flags); - - if (file) { - if (!p11_dict_set (dir->cache, name, name)) - return_val_if_reached (NULL); - name = NULL; - } - - free (name); - free (path); - - return file; -} - -#ifdef OS_UNIX - -bool -p11_save_symlink_in (p11_save_dir *dir, - const char *linkname, - const char *extension, - const char *destination) -{ - char *name; - char *path; - bool ret; - - return_val_if_fail (dir != NULL, false); - return_val_if_fail (linkname != NULL, false); - return_val_if_fail (destination != NULL, false); - - name = make_unique_name (linkname, extension, on_unique_check_dir, dir); - return_val_if_fail (name != NULL, false); - - if (asprintf (&path, "%s/%s", dir->path, name) < 0) - return_val_if_reached (false); - - unlink (path); - - if (symlink (destination, path) < 0) { - p11_message_err (errno, "couldn't create symlink: %s", path); - ret = false; - } else { - if (!p11_dict_set (dir->cache, name, name)) - return_val_if_reached (false); - name = NULL; - ret = true; - } - - free (path); - free (name); - - return ret; -} - -#endif /* OS_UNIX */ - -static bool -cleanup_directory (const char *directory, - p11_dict *cache) -{ - struct dirent *dp; - struct stat st; - p11_dict *remove; - p11_dictiter iter; - char *path; - DIR *dir; - bool ret; - - /* First we load all the modules */ - dir = opendir (directory); - if (!dir) { - p11_message_err (errno, "couldn't list directory: %s", directory); - return false; - } - - remove = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, NULL); - - while ((dp = readdir (dir)) != NULL) { - if (p11_dict_get (cache, dp->d_name)) - continue; - - if (asprintf (&path, "%s/%s", directory, dp->d_name) < 0) - return_val_if_reached (false); - - - if (stat (path, &st) >= 0 && !S_ISDIR (st.st_mode)) { - if (!p11_dict_set (remove, path, path)) - return_val_if_reached (false); - } else { - free (path); - } - } - - closedir (dir); - - ret = true; - - /* Remove all the files still in the cache */ - p11_dict_iterate (remove, &iter); - while (p11_dict_next (&iter, (void **)&path, NULL)) { - if (unlink (path) < 0 && errno != ENOENT) { - p11_message_err (errno, "couldn't remove file: %s", path); - ret = false; - break; - } - } - - p11_dict_free (remove); - - return ret; -} - -bool -p11_save_finish_directory (p11_save_dir *dir, - bool commit) -{ - bool ret = true; - - if (!dir) - return false; - - if (commit) { - if (dir->flags & P11_SAVE_OVERWRITE) - ret = cleanup_directory (dir->path, dir->cache); - -#ifdef OS_UNIX - /* Try to set the mode of the directory to readable */ - if (ret && chmod (dir->path, S_IRUSR | S_IXUSR | S_IRGRP | - S_IXGRP | S_IROTH | S_IXOTH) < 0) { - p11_message_err (errno, "couldn't set directory permissions: %s", dir->path); - ret = false; - } -#endif /* OS_UNIX */ - } - - p11_dict_free (dir->cache); - free (dir->path); - free (dir); - - return ret; -} diff --git a/trust/save.h b/trust/save.h deleted file mode 100644 index 81f1044..0000000 --- a/trust/save.h +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef P11_SAVE_H_ -#define P11_SAVE_H_ - -#include "compat.h" - -enum { - P11_SAVE_OVERWRITE = 1 << 0, - P11_SAVE_UNIQUE = 1 << 1, -}; - -typedef struct _p11_save_file p11_save_file; -typedef struct _p11_save_dir p11_save_dir; - -p11_save_file * p11_save_open_file (const char *path, - const char *extension, - int flags); - -bool p11_save_write (p11_save_file *file, - const void *data, - ssize_t length); - -bool p11_save_write_and_finish (p11_save_file *file, - const void *data, - ssize_t length); - -bool p11_save_finish_file (p11_save_file *file, - char **path, - bool commit); - -const char * p11_save_file_name (p11_save_file *file); - -p11_save_dir * p11_save_open_directory (const char *path, - int flags); - -p11_save_file * p11_save_open_file_in (p11_save_dir *directory, - const char *basename, - const char *extension); - -#ifdef OS_UNIX - -bool p11_save_symlink_in (p11_save_dir *dir, - const char *linkname, - const char *extension, - const char *destination); - -#endif /* OS_UNIX */ - -bool p11_save_finish_directory (p11_save_dir *dir, - bool commit); - -#endif /* P11_SAVE_H_ */ diff --git a/trust/session.c b/trust/session.c deleted file mode 100644 index b93a5c3..0000000 --- a/trust/session.c +++ /dev/null @@ -1,97 +0,0 @@ -/* - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "attrs.h" -#define P11_DEBUG_FLAG P11_DEBUG_TRUST -#include "debug.h" -#include "dict.h" -#include "message.h" -#include "pkcs11.h" -#include "module.h" -#include "session.h" - -#include -#include -#include -#include - -p11_session * -p11_session_new (p11_token *token) -{ - p11_session *session; - - session = calloc (1, sizeof (p11_session)); - return_val_if_fail (session != NULL, NULL); - - session->handle = p11_module_next_id (); - - session->builder = p11_builder_new (P11_BUILDER_FLAG_NONE); - return_val_if_fail (session->builder, NULL); - - session->index = p11_index_new (p11_builder_build, NULL, NULL, - p11_builder_changed, - session->builder); - return_val_if_fail (session->index != NULL, NULL); - - session->token = token; - - return session; -} - -void -p11_session_free (void *data) -{ - p11_session *session = data; - - p11_session_set_operation (session, NULL, NULL); - p11_builder_free (session->builder); - p11_index_free (session->index); - - free (session); -} - -void -p11_session_set_operation (p11_session *session, - p11_session_cleanup cleanup, - void *operation) -{ - assert (session != NULL); - - if (session->cleanup) - (session->cleanup) (session->operation); - session->cleanup = cleanup; - session->operation = operation; -} diff --git a/trust/session.h b/trust/session.h deleted file mode 100644 index ec394b1..0000000 --- a/trust/session.h +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "builder.h" -#include "index.h" -#include "pkcs11.h" -#include "token.h" - -#ifndef P11_SESSION_H_ -#define P11_SESSION_H_ - -typedef void (* p11_session_cleanup) (void *data); - -typedef struct { - CK_SESSION_HANDLE handle; - p11_index *index; - p11_builder *builder; - p11_token *token; - CK_BBOOL loaded; - bool read_write; - - /* Used by various operations */ - p11_session_cleanup cleanup; - void *operation; -} p11_session; - -p11_session * p11_session_new (p11_token *token); - -void p11_session_free (void *data); - -void p11_session_set_operation (p11_session *session, - p11_session_cleanup cleanup, - void *operation); - -#endif /* P11_SESSION_H_ */ diff --git a/trust/test-asn1.c b/trust/test-asn1.c deleted file mode 100644 index df75dfd..0000000 --- a/trust/test-asn1.c +++ /dev/null @@ -1,164 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include "asn1.h" -#include "debug.h" -#include "oid.h" -#include "x509.h" - -#include -#include -#include - -struct { - p11_dict *asn1_defs; -} test; - -static void -setup (void *unused) -{ - test.asn1_defs = p11_asn1_defs_load (); - assert_ptr_not_null (test.asn1_defs); -} - -static void -teardown (void *unused) -{ - p11_dict_free (test.asn1_defs); - memset (&test, 0, sizeof (test)); -} - -static void -test_tlv_length (void) -{ - struct { - const char *der; - size_t der_len; - int expected; - } tlv_lengths[] = { - { "\x01\x01\x00", 3, 3 }, - { "\x01\x01\x00\x01\x02", 5, 3 }, - { "\x01\x05\x00", 3, -1 }, - { NULL } - }; - - int length; - int i; - - for (i = 0; tlv_lengths[i].der != NULL; i++) { - length = p11_asn1_tlv_length ((const unsigned char *)tlv_lengths[i].der, tlv_lengths[i].der_len); - assert_num_eq (tlv_lengths[i].expected, length); - } -} - -static const unsigned char test_eku_server_and_client[] = { - 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, - 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, -}; - -static void -test_asn1_cache (void) -{ - p11_asn1_cache *cache; - p11_dict *defs; - node_asn *asn; - node_asn *check; - - cache = p11_asn1_cache_new (); - assert_ptr_not_null (cache); - - defs = p11_asn1_cache_defs (cache); - assert_ptr_not_null (defs); - - asn = p11_asn1_decode (defs, "PKIX1.ExtKeyUsageSyntax", - test_eku_server_and_client, - sizeof (test_eku_server_and_client), NULL); - assert_ptr_not_null (defs); - - /* Place the parsed data in the cache */ - p11_asn1_cache_take (cache, asn, "PKIX1.ExtKeyUsageSyntax", - test_eku_server_and_client, - sizeof (test_eku_server_and_client)); - - /* Get it back out */ - check = p11_asn1_cache_get (cache, "PKIX1.ExtKeyUsageSyntax", - test_eku_server_and_client, - sizeof (test_eku_server_and_client)); - assert_ptr_eq (asn, check); - - /* Flush should remove it */ - p11_asn1_cache_flush (cache); - check = p11_asn1_cache_get (cache, "PKIX1.ExtKeyUsageSyntax", - test_eku_server_and_client, - sizeof (test_eku_server_and_client)); - assert_ptr_eq (NULL, check); - - p11_asn1_cache_free (cache); -} - -static void -test_asn1_free (void) -{ - p11_dict *defs; - node_asn *asn; - - defs = p11_asn1_defs_load (); - assert_ptr_not_null (defs); - - asn = p11_asn1_decode (defs, "PKIX1.ExtKeyUsageSyntax", - test_eku_server_and_client, - sizeof (test_eku_server_and_client), NULL); - assert_ptr_not_null (asn); - - p11_asn1_free (asn); - p11_asn1_free (NULL); - p11_dict_free (defs); -} - -int -main (int argc, - char *argv[]) -{ - p11_fixture (setup, teardown); - p11_test (test_tlv_length, "/asn1/tlv_length"); - - p11_fixture (NULL, NULL); - p11_test (test_asn1_cache, "/asn1/asn1_cache"); - p11_test (test_asn1_free, "/asn1/free"); - - return p11_test_run (argc, argv); -} diff --git a/trust/test-base64.c b/trust/test-base64.c deleted file mode 100644 index ce303e8..0000000 --- a/trust/test-base64.c +++ /dev/null @@ -1,204 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include "base64.h" -#include "debug.h" -#include "message.h" - -#include -#include -#include -#include - -static void -check_decode_msg (const char *file, - int line, - const char *function, - const char *input, - ssize_t input_len, - const unsigned char *expected, - ssize_t expected_len) -{ - unsigned char decoded[8192]; - int length; - - if (input_len < 0) - input_len = strlen (input); - if (expected_len < 0) - expected_len = strlen ((char *)expected); - length = p11_b64_pton (input, input_len, decoded, sizeof (decoded)); - - if (expected == NULL) { - if (length >= 0) - p11_test_fail (file, line, function, "decoding should have failed"); - - } else { - if (length < 0) - p11_test_fail (file, line, function, "decoding failed"); - if (expected_len != length) - p11_test_fail (file, line, function, "wrong length: (%lu != %lu)", - (unsigned long)expected_len, (unsigned long)length); - if (memcmp (decoded, expected, length) != 0) - p11_test_fail (file, line, function, "decoded wrong"); - } -} - -#define check_decode_success(input, input_len, expected, expected_len) \ - check_decode_msg (__FILE__, __LINE__, __FUNCTION__, input, input_len, expected, expected_len) - -#define check_decode_failure(input, input_len) \ - check_decode_msg (__FILE__, __LINE__, __FUNCTION__, input, input_len, NULL, 0) - -static void -test_decode_simple (void) -{ - check_decode_success ("", 0, (unsigned char *)"", 0); - check_decode_success ("MQ==", 0, (unsigned char *)"1", 0); - check_decode_success ("YmxhaAo=", -1, (unsigned char *)"blah\n", -1); - check_decode_success ("bGVlbGEK", -1, (unsigned char *)"leela\n", -1); - check_decode_success ("bGVlbG9vCg==", -1, (unsigned char *)"leeloo\n", -1); -} - -static void -test_decode_thawte (void) -{ - const char *input = - "MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCB" - "rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf" - "Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw" - "MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV" - "BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0wODA0MDIwMDAwMDBa" - "Fw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3Rl" - "LCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9u" - "MTgwNgYDVQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXpl" - "ZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcz" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsr8nLPvb2FvdeHsbnndm" - "gcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2AtP0LMqmsywCPLLEHd5N/8" - "YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC+BsUa0Lf" - "b1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS9" - "9irY7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2S" - "zhkGcuYMXDhpxwTWvGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUk" - "OQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV" - "HQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJKoZIhvcNAQELBQADggEBABpA" - "2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweKA3rD6z8KLFIW" - "oCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu" - "t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7c" - "KUGRIjxpp7sC8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fM" - "m7v/OeZWYdMKp8RcTGB7BXcmer/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZu" - "MdRAGmI0Nj81Aa6sY6A="; - - const unsigned char output[] = { - 0x30, 0x82, 0x04, 0x2a, 0x30, 0x82, 0x03, 0x12, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x60, - 0x01, 0x97, 0xb7, 0x46, 0xa7, 0xea, 0xb4, 0xb4, 0x9a, 0xd6, 0x4b, 0x2f, 0xf7, 0x90, 0xfb, 0x30, - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, - 0xae, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x15, - 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, - 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1f, - 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x20, 0x44, 0x69, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x31, - 0x38, 0x30, 0x36, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2f, 0x28, 0x63, 0x29, 0x20, 0x32, 0x30, - 0x30, 0x38, 0x20, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x20, - 0x2d, 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, - 0x20, 0x75, 0x73, 0x65, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x31, 0x24, 0x30, 0x22, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x1b, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x50, 0x72, 0x69, 0x6d, 0x61, - 0x72, 0x79, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x47, 0x33, 0x30, - 0x1e, 0x17, 0x0d, 0x30, 0x38, 0x30, 0x34, 0x30, 0x32, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, - 0x17, 0x0d, 0x33, 0x37, 0x31, 0x32, 0x30, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, - 0x81, 0xae, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, - 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, - 0x1f, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x53, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x20, 0x44, 0x69, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, - 0x31, 0x38, 0x30, 0x36, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2f, 0x28, 0x63, 0x29, 0x20, 0x32, - 0x30, 0x30, 0x38, 0x20, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, - 0x20, 0x2d, 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, - 0x64, 0x20, 0x75, 0x73, 0x65, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x31, 0x24, 0x30, 0x22, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x13, 0x1b, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x50, 0x72, 0x69, 0x6d, - 0x61, 0x72, 0x79, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x47, 0x33, - 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, - 0x00, 0xb2, 0xbf, 0x27, 0x2c, 0xfb, 0xdb, 0xd8, 0x5b, 0xdd, 0x78, 0x7b, 0x1b, 0x9e, 0x77, 0x66, - 0x81, 0xcb, 0x3e, 0xbc, 0x7c, 0xae, 0xf3, 0xa6, 0x27, 0x9a, 0x34, 0xa3, 0x68, 0x31, 0x71, 0x38, - 0x33, 0x62, 0xe4, 0xf3, 0x71, 0x66, 0x79, 0xb1, 0xa9, 0x65, 0xa3, 0xa5, 0x8b, 0xd5, 0x8f, 0x60, - 0x2d, 0x3f, 0x42, 0xcc, 0xaa, 0x6b, 0x32, 0xc0, 0x23, 0xcb, 0x2c, 0x41, 0xdd, 0xe4, 0xdf, 0xfc, - 0x61, 0x9c, 0xe2, 0x73, 0xb2, 0x22, 0x95, 0x11, 0x43, 0x18, 0x5f, 0xc4, 0xb6, 0x1f, 0x57, 0x6c, - 0x0a, 0x05, 0x58, 0x22, 0xc8, 0x36, 0x4c, 0x3a, 0x7c, 0xa5, 0xd1, 0xcf, 0x86, 0xaf, 0x88, 0xa7, - 0x44, 0x02, 0x13, 0x74, 0x71, 0x73, 0x0a, 0x42, 0x59, 0x02, 0xf8, 0x1b, 0x14, 0x6b, 0x42, 0xdf, - 0x6f, 0x5f, 0xba, 0x6b, 0x82, 0xa2, 0x9d, 0x5b, 0xe7, 0x4a, 0xbd, 0x1e, 0x01, 0x72, 0xdb, 0x4b, - 0x74, 0xe8, 0x3b, 0x7f, 0x7f, 0x7d, 0x1f, 0x04, 0xb4, 0x26, 0x9b, 0xe0, 0xb4, 0x5a, 0xac, 0x47, - 0x3d, 0x55, 0xb8, 0xd7, 0xb0, 0x26, 0x52, 0x28, 0x01, 0x31, 0x40, 0x66, 0xd8, 0xd9, 0x24, 0xbd, - 0xf6, 0x2a, 0xd8, 0xec, 0x21, 0x49, 0x5c, 0x9b, 0xf6, 0x7a, 0xe9, 0x7f, 0x55, 0x35, 0x7e, 0x96, - 0x6b, 0x8d, 0x93, 0x93, 0x27, 0xcb, 0x92, 0xbb, 0xea, 0xac, 0x40, 0xc0, 0x9f, 0xc2, 0xf8, 0x80, - 0xcf, 0x5d, 0xf4, 0x5a, 0xdc, 0xce, 0x74, 0x86, 0xa6, 0x3e, 0x6c, 0x0b, 0x53, 0xca, 0xbd, 0x92, - 0xce, 0x19, 0x06, 0x72, 0xe6, 0x0c, 0x5c, 0x38, 0x69, 0xc7, 0x04, 0xd6, 0xbc, 0x6c, 0xce, 0x5b, - 0xf6, 0xf7, 0x68, 0x9c, 0xdc, 0x25, 0x15, 0x48, 0x88, 0xa1, 0xe9, 0xa9, 0xf8, 0x98, 0x9c, 0xe0, - 0xf3, 0xd5, 0x31, 0x28, 0x61, 0x11, 0x6c, 0x67, 0x96, 0x8d, 0x39, 0x99, 0xcb, 0xc2, 0x45, 0x24, - 0x39, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x42, 0x30, 0x40, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, - 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, - 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x1d, 0x06, 0x03, 0x55, - 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xad, 0x6c, 0xaa, 0x94, 0x60, 0x9c, 0xed, 0xe4, 0xff, 0xfa, - 0x3e, 0x0a, 0x74, 0x2b, 0x63, 0x03, 0xf7, 0xb6, 0x59, 0xbf, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x1a, 0x40, - 0xd8, 0x95, 0x65, 0xac, 0x09, 0x92, 0x89, 0xc6, 0x39, 0xf4, 0x10, 0xe5, 0xa9, 0x0e, 0x66, 0x53, - 0x5d, 0x78, 0xde, 0xfa, 0x24, 0x91, 0xbb, 0xe7, 0x44, 0x51, 0xdf, 0xc6, 0x16, 0x34, 0x0a, 0xef, - 0x6a, 0x44, 0x51, 0xea, 0x2b, 0x07, 0x8a, 0x03, 0x7a, 0xc3, 0xeb, 0x3f, 0x0a, 0x2c, 0x52, 0x16, - 0xa0, 0x2b, 0x43, 0xb9, 0x25, 0x90, 0x3f, 0x70, 0xa9, 0x33, 0x25, 0x6d, 0x45, 0x1a, 0x28, 0x3b, - 0x27, 0xcf, 0xaa, 0xc3, 0x29, 0x42, 0x1b, 0xdf, 0x3b, 0x4c, 0xc0, 0x33, 0x34, 0x5b, 0x41, 0x88, - 0xbf, 0x6b, 0x2b, 0x65, 0xaf, 0x28, 0xef, 0xb2, 0xf5, 0xc3, 0xaa, 0x66, 0xce, 0x7b, 0x56, 0xee, - 0xb7, 0xc8, 0xcb, 0x67, 0xc1, 0xc9, 0x9c, 0x1a, 0x18, 0xb8, 0xc4, 0xc3, 0x49, 0x03, 0xf1, 0x60, - 0x0e, 0x50, 0xcd, 0x46, 0xc5, 0xf3, 0x77, 0x79, 0xf7, 0xb6, 0x15, 0xe0, 0x38, 0xdb, 0xc7, 0x2f, - 0x28, 0xa0, 0x0c, 0x3f, 0x77, 0x26, 0x74, 0xd9, 0x25, 0x12, 0xda, 0x31, 0xda, 0x1a, 0x1e, 0xdc, - 0x29, 0x41, 0x91, 0x22, 0x3c, 0x69, 0xa7, 0xbb, 0x02, 0xf2, 0xb6, 0x5c, 0x27, 0x03, 0x89, 0xf4, - 0x06, 0xea, 0x9b, 0xe4, 0x72, 0x82, 0xe3, 0xa1, 0x09, 0xc1, 0xe9, 0x00, 0x19, 0xd3, 0x3e, 0xd4, - 0x70, 0x6b, 0xba, 0x71, 0xa6, 0xaa, 0x58, 0xae, 0xf4, 0xbb, 0xe9, 0x6c, 0xb6, 0xef, 0x87, 0xcc, - 0x9b, 0xbb, 0xff, 0x39, 0xe6, 0x56, 0x61, 0xd3, 0x0a, 0xa7, 0xc4, 0x5c, 0x4c, 0x60, 0x7b, 0x05, - 0x77, 0x26, 0x7a, 0xbf, 0xd8, 0x07, 0x52, 0x2c, 0x62, 0xf7, 0x70, 0x63, 0xd9, 0x39, 0xbc, 0x6f, - 0x1c, 0xc2, 0x79, 0xdc, 0x76, 0x29, 0xaf, 0xce, 0xc5, 0x2c, 0x64, 0x04, 0x5e, 0x88, 0x36, 0x6e, - 0x31, 0xd4, 0x40, 0x1a, 0x62, 0x34, 0x36, 0x3f, 0x35, 0x01, 0xae, 0xac, 0x63, 0xa0, - }; - - check_decode_success (input, -1, output, sizeof (output)); -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_decode_simple, "/base64/decode-simple"); - p11_test (test_decode_thawte, "/base64/decode-thawte"); - return p11_test_run (argc, argv); -} diff --git a/trust/test-builder.c b/trust/test-builder.c deleted file mode 100644 index 5f4b823..0000000 --- a/trust/test-builder.c +++ /dev/null @@ -1,2237 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" -#include "test-trust.h" - -#include -#include -#include - -#include "attrs.h" -#include "builder.h" -#include "debug.h" -#include "digest.h" -#include "index.h" -#include "message.h" -#include "oid.h" -#include "pkcs11i.h" -#include "pkcs11x.h" - -struct { - p11_builder *builder; - p11_index *index; -} test; - -static CK_TRUST trusted = CKT_NSS_TRUSTED; -static CK_TRUST trusted_delegator = CKT_NSS_TRUSTED_DELEGATOR; -static CK_TRUST not_trusted = CKT_NSS_NOT_TRUSTED; -static CK_TRUST trust_unknown = CKT_NSS_TRUST_UNKNOWN; -static CK_OBJECT_CLASS certificate = CKO_CERTIFICATE; -static CK_OBJECT_CLASS data = CKO_DATA; -static CK_OBJECT_CLASS certificate_extension = CKO_X_CERTIFICATE_EXTENSION; -static CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST; -static CK_OBJECT_CLASS trust_assertion = CKO_X_TRUST_ASSERTION; -static CK_X_ASSERTION_TYPE anchored_certificate = CKT_X_ANCHORED_CERTIFICATE; -static CK_X_ASSERTION_TYPE distrusted_certificate = CKT_X_DISTRUSTED_CERTIFICATE; -static CK_CERTIFICATE_TYPE x509 = CKC_X_509; -static CK_ULONG certificate_authority = 2; -static CK_ULONG other_entity = 3; -static CK_BBOOL truev = CK_TRUE; -static CK_BBOOL falsev = CK_FALSE; - -static void -setup (void *unused) -{ - test.builder = p11_builder_new (P11_BUILDER_FLAG_TOKEN); - assert_ptr_not_null (test.builder); - - test.index = p11_index_new (p11_builder_build, NULL, NULL, p11_builder_changed, test.builder); - assert_ptr_not_null (test.index); -} - -static void -teardown (void *unused) -{ - p11_builder_free (test.builder); - p11_index_free (test.index); - memset (&test, 0, sizeof (test)); -} - -static void -test_get_cache (void) -{ - p11_asn1_cache *cache; - - cache = p11_builder_get_cache (test.builder); - assert_ptr_eq (NULL, p11_asn1_cache_get (cache, "blah", (unsigned char *)"blah", 4)); -} - -static void -test_build_data (void) -{ - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_VALUE, "the value", 9 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE check[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_TOKEN, &truev, sizeof (truev) }, - { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, - { CKA_PRIVATE, &falsev, sizeof (falsev) }, - { CKA_LABEL, "", 0 }, - { CKA_VALUE, "the value", 9 }, - { CKA_APPLICATION, "", 0 }, - { CKA_OBJECT_ID, "", 0 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *merge; - CK_ATTRIBUTE *extra; - CK_RV rv; - - attrs = NULL; - extra = NULL; - merge = p11_attrs_dup (input); - rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); - assert_num_eq (CKR_OK, rv); - - attrs = p11_attrs_merge (attrs, merge, true); - attrs = p11_attrs_merge (attrs, extra, false); - - test_check_attrs (check, attrs); - p11_attrs_free (attrs); -} - -static void -test_build_certificate (void) -{ - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_LABEL, "the label", 9 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE expected[] = { - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_CHECK_VALUE, "\xad\x7c\x3f", 3 }, - { CKA_START_DATE, "20110523", 8 }, - { CKA_END_DATE, "20210520", 8, }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, - { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, - { CKA_LABEL, "the label", 9 }, - { CKA_ID, "u\xa8q`L\x88\x13\xf0x\xd9\x89w\xb5m\xc5\x89\xdf\xbc\xb1z", 20}, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *merge; - CK_ATTRIBUTE *extra; - CK_RV rv; - - attrs = NULL; - extra = NULL; - merge = p11_attrs_dup (input); - rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); - assert_num_eq (CKR_OK, rv); - - attrs = p11_attrs_merge (attrs, merge, true); - attrs = p11_attrs_merge (attrs, extra, false); - - test_check_attrs (expected, attrs); - p11_attrs_free (attrs); -} - -static void -test_build_certificate_empty (void) -{ - unsigned char checksum[P11_DIGEST_SHA1_LEN]; - CK_ULONG domain = 0; - CK_ULONG category = 0; - - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_URL, "http://blah", 11 }, - { CKA_HASH_OF_ISSUER_PUBLIC_KEY, checksum, sizeof (checksum) }, - { CKA_HASH_OF_SUBJECT_PUBLIC_KEY, checksum, sizeof (checksum) }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_LABEL, "the label", 9 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE expected[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) }, - { CKA_VALUE, "", 0 }, - { CKA_START_DATE, "", 0 }, - { CKA_END_DATE, "", 0, }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_ISSUER, "", 0 }, - { CKA_SERIAL_NUMBER, "", 0 }, - { CKA_HASH_OF_ISSUER_PUBLIC_KEY, checksum, sizeof (checksum) }, - { CKA_HASH_OF_SUBJECT_PUBLIC_KEY, checksum, sizeof (checksum) }, - { CKA_LABEL, "the label", 9 }, - { CKA_JAVA_MIDP_SECURITY_DOMAIN, &domain, sizeof (domain) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *merge; - CK_ATTRIBUTE *extra; - CK_RV rv; - - p11_digest_sha1 (checksum, test_cacert3_ca_der, sizeof (test_cacert3_ca_der), NULL); - - attrs = NULL; - extra = NULL; - merge = p11_attrs_dup (input); - rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); - assert_num_eq (CKR_OK, rv); - - attrs = p11_attrs_merge (attrs, merge, true); - attrs = p11_attrs_merge (attrs, extra, false); - - test_check_attrs (expected, attrs); - p11_attrs_free (attrs); -} - -static const unsigned char entrust_pretend_ca[] = { - 0x30, 0x82, 0x04, 0x5c, 0x30, 0x82, 0x03, 0x44, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x04, 0x38, - 0x63, 0xb9, 0x66, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, - 0x05, 0x00, 0x30, 0x81, 0xb4, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, - 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x31, 0x40, 0x30, 0x3e, 0x06, - 0x03, 0x55, 0x04, 0x0b, 0x14, 0x37, 0x77, 0x77, 0x77, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, 0x73, - 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x2f, 0x43, 0x50, 0x53, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x20, 0x69, - 0x6e, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x20, 0x62, 0x79, 0x20, 0x72, 0x65, 0x66, 0x2e, 0x20, 0x28, - 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x20, 0x6c, 0x69, 0x61, 0x62, 0x2e, 0x29, 0x31, 0x25, 0x30, - 0x23, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1c, 0x28, 0x63, 0x29, 0x20, 0x31, 0x39, 0x39, 0x39, - 0x20, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x20, 0x4c, 0x69, 0x6d, - 0x69, 0x74, 0x65, 0x64, 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x2a, 0x45, - 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, - 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x74, 0x79, 0x20, 0x28, 0x32, 0x30, 0x34, 0x38, 0x29, 0x30, 0x1e, 0x17, 0x0d, 0x39, 0x39, 0x31, - 0x32, 0x32, 0x34, 0x31, 0x37, 0x35, 0x30, 0x35, 0x31, 0x5a, 0x17, 0x0d, 0x31, 0x39, 0x31, 0x32, - 0x32, 0x34, 0x31, 0x38, 0x32, 0x30, 0x35, 0x31, 0x5a, 0x30, 0x81, 0xb4, 0x31, 0x14, 0x30, 0x12, - 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, - 0x65, 0x74, 0x31, 0x40, 0x30, 0x3e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x14, 0x37, 0x77, 0x77, 0x77, - 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x2f, 0x43, 0x50, 0x53, - 0x5f, 0x32, 0x30, 0x34, 0x38, 0x20, 0x69, 0x6e, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x20, 0x62, 0x79, - 0x20, 0x72, 0x65, 0x66, 0x2e, 0x20, 0x28, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x20, 0x6c, 0x69, - 0x61, 0x62, 0x2e, 0x29, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1c, 0x28, - 0x63, 0x29, 0x20, 0x31, 0x39, 0x39, 0x39, 0x20, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, - 0x6e, 0x65, 0x74, 0x20, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x65, 0x64, 0x31, 0x33, 0x30, 0x31, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x13, 0x2a, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, - 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, - 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x28, 0x32, 0x30, 0x34, 0x38, 0x29, - 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, - 0x00, 0xad, 0x4d, 0x4b, 0xa9, 0x12, 0x86, 0xb2, 0xea, 0xa3, 0x20, 0x07, 0x15, 0x16, 0x64, 0x2a, - 0x2b, 0x4b, 0xd1, 0xbf, 0x0b, 0x4a, 0x4d, 0x8e, 0xed, 0x80, 0x76, 0xa5, 0x67, 0xb7, 0x78, 0x40, - 0xc0, 0x73, 0x42, 0xc8, 0x68, 0xc0, 0xdb, 0x53, 0x2b, 0xdd, 0x5e, 0xb8, 0x76, 0x98, 0x35, 0x93, - 0x8b, 0x1a, 0x9d, 0x7c, 0x13, 0x3a, 0x0e, 0x1f, 0x5b, 0xb7, 0x1e, 0xcf, 0xe5, 0x24, 0x14, 0x1e, - 0xb1, 0x81, 0xa9, 0x8d, 0x7d, 0xb8, 0xcc, 0x6b, 0x4b, 0x03, 0xf1, 0x02, 0x0c, 0xdc, 0xab, 0xa5, - 0x40, 0x24, 0x00, 0x7f, 0x74, 0x94, 0xa1, 0x9d, 0x08, 0x29, 0xb3, 0x88, 0x0b, 0xf5, 0x87, 0x77, - 0x9d, 0x55, 0xcd, 0xe4, 0xc3, 0x7e, 0xd7, 0x6a, 0x64, 0xab, 0x85, 0x14, 0x86, 0x95, 0x5b, 0x97, - 0x32, 0x50, 0x6f, 0x3d, 0xc8, 0xba, 0x66, 0x0c, 0xe3, 0xfc, 0xbd, 0xb8, 0x49, 0xc1, 0x76, 0x89, - 0x49, 0x19, 0xfd, 0xc0, 0xa8, 0xbd, 0x89, 0xa3, 0x67, 0x2f, 0xc6, 0x9f, 0xbc, 0x71, 0x19, 0x60, - 0xb8, 0x2d, 0xe9, 0x2c, 0xc9, 0x90, 0x76, 0x66, 0x7b, 0x94, 0xe2, 0xaf, 0x78, 0xd6, 0x65, 0x53, - 0x5d, 0x3c, 0xd6, 0x9c, 0xb2, 0xcf, 0x29, 0x03, 0xf9, 0x2f, 0xa4, 0x50, 0xb2, 0xd4, 0x48, 0xce, - 0x05, 0x32, 0x55, 0x8a, 0xfd, 0xb2, 0x64, 0x4c, 0x0e, 0xe4, 0x98, 0x07, 0x75, 0xdb, 0x7f, 0xdf, - 0xb9, 0x08, 0x55, 0x60, 0x85, 0x30, 0x29, 0xf9, 0x7b, 0x48, 0xa4, 0x69, 0x86, 0xe3, 0x35, 0x3f, - 0x1e, 0x86, 0x5d, 0x7a, 0x7a, 0x15, 0xbd, 0xef, 0x00, 0x8e, 0x15, 0x22, 0x54, 0x17, 0x00, 0x90, - 0x26, 0x93, 0xbc, 0x0e, 0x49, 0x68, 0x91, 0xbf, 0xf8, 0x47, 0xd3, 0x9d, 0x95, 0x42, 0xc1, 0x0e, - 0x4d, 0xdf, 0x6f, 0x26, 0xcf, 0xc3, 0x18, 0x21, 0x62, 0x66, 0x43, 0x70, 0xd6, 0xd5, 0xc0, 0x07, - 0xe1, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x74, 0x30, 0x72, 0x30, 0x11, 0x06, 0x09, 0x60, 0x86, - 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x01, 0x04, 0x04, 0x03, 0x02, 0x00, 0x07, 0x30, 0x1f, 0x06, - 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x55, 0xe4, 0x81, 0xd1, 0x11, 0x80, - 0xbe, 0xd8, 0x89, 0xb9, 0x08, 0xa3, 0x31, 0xf9, 0xa1, 0x24, 0x09, 0x16, 0xb9, 0x70, 0x30, 0x1d, - 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x55, 0xe4, 0x81, 0xd1, 0x11, 0x80, 0xbe, - 0xd8, 0x89, 0xb9, 0x08, 0xa3, 0x31, 0xf9, 0xa1, 0x24, 0x09, 0x16, 0xb9, 0x70, 0x30, 0x1d, 0x06, - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf6, 0x7d, 0x07, 0x41, 0x00, 0x04, 0x10, 0x30, 0x0e, 0x1b, 0x08, - 0x56, 0x35, 0x2e, 0x30, 0x3a, 0x34, 0x2e, 0x30, 0x03, 0x02, 0x04, 0x90, 0x30, 0x0d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, - 0x59, 0x47, 0xac, 0x21, 0x84, 0x8a, 0x17, 0xc9, 0x9c, 0x89, 0x53, 0x1e, 0xba, 0x80, 0x85, 0x1a, - 0xc6, 0x3c, 0x4e, 0x3e, 0xb1, 0x9c, 0xb6, 0x7c, 0xc6, 0x92, 0x5d, 0x18, 0x64, 0x02, 0xe3, 0xd3, - 0x06, 0x08, 0x11, 0x61, 0x7c, 0x63, 0xe3, 0x2b, 0x9d, 0x31, 0x03, 0x70, 0x76, 0xd2, 0xa3, 0x28, - 0xa0, 0xf4, 0xbb, 0x9a, 0x63, 0x73, 0xed, 0x6d, 0xe5, 0x2a, 0xdb, 0xed, 0x14, 0xa9, 0x2b, 0xc6, - 0x36, 0x11, 0xd0, 0x2b, 0xeb, 0x07, 0x8b, 0xa5, 0xda, 0x9e, 0x5c, 0x19, 0x9d, 0x56, 0x12, 0xf5, - 0x54, 0x29, 0xc8, 0x05, 0xed, 0xb2, 0x12, 0x2a, 0x8d, 0xf4, 0x03, 0x1b, 0xff, 0xe7, 0x92, 0x10, - 0x87, 0xb0, 0x3a, 0xb5, 0xc3, 0x9d, 0x05, 0x37, 0x12, 0xa3, 0xc7, 0xf4, 0x15, 0xb9, 0xd5, 0xa4, - 0x39, 0x16, 0x9b, 0x53, 0x3a, 0x23, 0x91, 0xf1, 0xa8, 0x82, 0xa2, 0x6a, 0x88, 0x68, 0xc1, 0x79, - 0x02, 0x22, 0xbc, 0xaa, 0xa6, 0xd6, 0xae, 0xdf, 0xb0, 0x14, 0x5f, 0xb8, 0x87, 0xd0, 0xdd, 0x7c, - 0x7f, 0x7b, 0xff, 0xaf, 0x1c, 0xcf, 0xe6, 0xdb, 0x07, 0xad, 0x5e, 0xdb, 0x85, 0x9d, 0xd0, 0x2b, - 0x0d, 0x33, 0xdb, 0x04, 0xd1, 0xe6, 0x49, 0x40, 0x13, 0x2b, 0x76, 0xfb, 0x3e, 0xe9, 0x9c, 0x89, - 0x0f, 0x15, 0xce, 0x18, 0xb0, 0x85, 0x78, 0x21, 0x4f, 0x6b, 0x4f, 0x0e, 0xfa, 0x36, 0x67, 0xcd, - 0x07, 0xf2, 0xff, 0x08, 0xd0, 0xe2, 0xde, 0xd9, 0xbf, 0x2a, 0xaf, 0xb8, 0x87, 0x86, 0x21, 0x3c, - 0x04, 0xca, 0xb7, 0x94, 0x68, 0x7f, 0xcf, 0x3c, 0xe9, 0x98, 0xd7, 0x38, 0xff, 0xec, 0xc0, 0xd9, - 0x50, 0xf0, 0x2e, 0x4b, 0x58, 0xae, 0x46, 0x6f, 0xd0, 0x2e, 0xc3, 0x60, 0xda, 0x72, 0x55, 0x72, - 0xbd, 0x4c, 0x45, 0x9e, 0x61, 0xba, 0xbf, 0x84, 0x81, 0x92, 0x03, 0xd1, 0xd2, 0x69, 0x7c, 0xc5, -}; - -static const unsigned char entrust_public_key[] = { - 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, - 0x00, 0xad, 0x4d, 0x4b, 0xa9, 0x12, 0x86, 0xb2, 0xea, 0xa3, 0x20, 0x07, 0x15, 0x16, 0x64, 0x2a, - 0x2b, 0x4b, 0xd1, 0xbf, 0x0b, 0x4a, 0x4d, 0x8e, 0xed, 0x80, 0x76, 0xa5, 0x67, 0xb7, 0x78, 0x40, - 0xc0, 0x73, 0x42, 0xc8, 0x68, 0xc0, 0xdb, 0x53, 0x2b, 0xdd, 0x5e, 0xb8, 0x76, 0x98, 0x35, 0x93, - 0x8b, 0x1a, 0x9d, 0x7c, 0x13, 0x3a, 0x0e, 0x1f, 0x5b, 0xb7, 0x1e, 0xcf, 0xe5, 0x24, 0x14, 0x1e, - 0xb1, 0x81, 0xa9, 0x8d, 0x7d, 0xb8, 0xcc, 0x6b, 0x4b, 0x03, 0xf1, 0x02, 0x0c, 0xdc, 0xab, 0xa5, - 0x40, 0x24, 0x00, 0x7f, 0x74, 0x94, 0xa1, 0x9d, 0x08, 0x29, 0xb3, 0x88, 0x0b, 0xf5, 0x87, 0x77, - 0x9d, 0x55, 0xcd, 0xe4, 0xc3, 0x7e, 0xd7, 0x6a, 0x64, 0xab, 0x85, 0x14, 0x86, 0x95, 0x5b, 0x97, - 0x32, 0x50, 0x6f, 0x3d, 0xc8, 0xba, 0x66, 0x0c, 0xe3, 0xfc, 0xbd, 0xb8, 0x49, 0xc1, 0x76, 0x89, - 0x49, 0x19, 0xfd, 0xc0, 0xa8, 0xbd, 0x89, 0xa3, 0x67, 0x2f, 0xc6, 0x9f, 0xbc, 0x71, 0x19, 0x60, - 0xb8, 0x2d, 0xe9, 0x2c, 0xc9, 0x90, 0x76, 0x66, 0x7b, 0x94, 0xe2, 0xaf, 0x78, 0xd6, 0x65, 0x53, - 0x5d, 0x3c, 0xd6, 0x9c, 0xb2, 0xcf, 0x29, 0x03, 0xf9, 0x2f, 0xa4, 0x50, 0xb2, 0xd4, 0x48, 0xce, - 0x05, 0x32, 0x55, 0x8a, 0xfd, 0xb2, 0x64, 0x4c, 0x0e, 0xe4, 0x98, 0x07, 0x75, 0xdb, 0x7f, 0xdf, - 0xb9, 0x08, 0x55, 0x60, 0x85, 0x30, 0x29, 0xf9, 0x7b, 0x48, 0xa4, 0x69, 0x86, 0xe3, 0x35, 0x3f, - 0x1e, 0x86, 0x5d, 0x7a, 0x7a, 0x15, 0xbd, 0xef, 0x00, 0x8e, 0x15, 0x22, 0x54, 0x17, 0x00, 0x90, - 0x26, 0x93, 0xbc, 0x0e, 0x49, 0x68, 0x91, 0xbf, 0xf8, 0x47, 0xd3, 0x9d, 0x95, 0x42, 0xc1, 0x0e, - 0x4d, 0xdf, 0x6f, 0x26, 0xcf, 0xc3, 0x18, 0x21, 0x62, 0x66, 0x43, 0x70, 0xd6, 0xd5, 0xc0, 0x07, - 0xe1, 0x02, 0x03, 0x01, 0x00, 0x01, -}; - -static void -test_build_certificate_non_ca (void) -{ - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_VALUE, (void *)entrust_pretend_ca, sizeof (entrust_pretend_ca) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE expected[] = { - { CKA_CERTIFICATE_CATEGORY, &other_entity, sizeof (other_entity) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *extra; - CK_RV rv; - - attrs = NULL; - extra = NULL; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true); - attrs = p11_attrs_merge (attrs, extra, false); - - test_check_attrs (expected, attrs); - p11_attrs_free (attrs); -} - -static void -test_build_certificate_v1_ca (void) -{ - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE expected[] = { - { CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *extra; - CK_RV rv; - - attrs = NULL; - extra = NULL; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true); - attrs = p11_attrs_merge (attrs, extra, false); - - test_check_attrs (expected, attrs); - p11_attrs_free (attrs); -} - -static void -test_build_certificate_staple_ca (void) -{ - CK_ULONG category = 2; /* CA */ - - CK_ATTRIBUTE attached[] = { - { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, - { CKA_OBJECT_ID, (void *)P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS) }, - { CKA_VALUE, "\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff", 17 }, - { CKA_PUBLIC_KEY_INFO, (void *)entrust_public_key, sizeof (entrust_public_key) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_VALUE, (void *)entrust_pretend_ca, sizeof (entrust_pretend_ca) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE expected[] = { - { CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *extra; - CK_RV rv; - - /* Adding the attached extension *first*, and then the certificate */ - - /* Add a attached certificate */ - rv = p11_index_add (test.index, attached, 4, NULL); - assert_num_eq (CKR_OK, rv); - - attrs = NULL; - extra = NULL; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true); - attrs = p11_attrs_merge (attrs, extra, false); - - /* - * Even though the certificate is not a valid CA, the presence of the - * attached certificate extension transforms it into a CA. - */ - test_check_attrs (expected, attrs); - p11_attrs_free (attrs); -} - -static void -test_build_certificate_staple_ca_backwards (void) -{ - CK_ULONG category = 2; /* CA */ - - CK_ATTRIBUTE attached[] = { - { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, - { CKA_OBJECT_ID, (void *)P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS) }, - { CKA_VALUE, "\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff", 17 }, - { CKA_PUBLIC_KEY_INFO, (void *)entrust_public_key, sizeof (entrust_public_key) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_VALUE, (void *)entrust_pretend_ca, sizeof (entrust_pretend_ca) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE expected[] = { - { CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) }, - { CKA_INVALID }, - }; - - CK_RV rv; - CK_ATTRIBUTE *attrs; - CK_OBJECT_HANDLE handle; - - /* Adding the certificate *first*, and then the attached extension */ - - rv = p11_index_add (test.index, input, 4, &handle); - assert_num_eq (CKR_OK, rv); - - /* Add a attached certificate */ - rv = p11_index_add (test.index, attached, 4, NULL); - assert_num_eq (CKR_OK, rv); - - /* - * Even though the certificate is not a valid CA, the presence of the - * attached certificate extension transforms it into a CA. - */ - attrs = p11_index_lookup (test.index, handle); - test_check_attrs (expected, attrs); -} - -static void -test_build_certificate_no_type (void) -{ - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *merge; - CK_ATTRIBUTE *extra; - CK_RV rv; - - p11_message_quiet (); - - attrs = NULL; - extra = NULL; - merge = p11_attrs_dup (input); - rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); - assert_num_eq (CKR_TEMPLATE_INCOMPLETE, rv); - p11_attrs_free (merge); - - p11_message_loud (); -} - -static void -test_build_certificate_bad_type (void) -{ - CK_CERTIFICATE_TYPE type = CKC_WTLS; - - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &type, sizeof (type) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *merge; - CK_ATTRIBUTE *extra; - CK_RV rv; - - p11_message_quiet (); - - attrs = NULL; - merge = p11_attrs_dup (input); - rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); - assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv); - p11_attrs_free (merge); - - p11_message_loud (); -} - -static void -test_build_extension (void) -{ - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, - { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, - { CKA_VALUE, "\x30\x11\x06\x03\x55\x1d\x50\x04\x0a\x74\x68\x65\x20\x76\x61\x6c\x75\x65\x0a", 19 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE check[] = { - { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, - { CKA_TOKEN, &truev, sizeof (truev) }, - { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, - { CKA_PRIVATE, &falsev, sizeof (falsev) }, - { CKA_OBJECT_ID, "\x06\x03\x55\x1d\x50", 5 }, - { CKA_VALUE, "\x30\x11\x06\x03\x55\x1d\x50\x04\x0a\x74\x68\x65\x20\x76\x61\x6c\x75\x65\x0a", 19 }, - { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, - { CKA_LABEL, "", 0 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *extra; - CK_RV rv; - - attrs = NULL; - extra = NULL; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true); - attrs = p11_attrs_merge (attrs, extra, false); - - test_check_attrs (check, attrs); - p11_attrs_free (attrs); -} - -/* This certificate has and end date in 2067 */ -static const unsigned char cert_distant_end_date[] = { - 0x30, 0x82, 0x01, 0x6a, 0x30, 0x82, 0x01, 0x14, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x02, 0x03, - 0xe7, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, - 0x30, 0x28, 0x31, 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x1d, 0x66, 0x61, 0x72, - 0x2d, 0x69, 0x6e, 0x2d, 0x74, 0x68, 0x65, 0x2d, 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2e, 0x65, - 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x20, 0x17, 0x0d, 0x31, 0x33, - 0x30, 0x33, 0x32, 0x37, 0x31, 0x36, 0x34, 0x39, 0x33, 0x33, 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x36, - 0x37, 0x31, 0x32, 0x32, 0x39, 0x31, 0x36, 0x34, 0x39, 0x33, 0x33, 0x5a, 0x30, 0x28, 0x31, 0x26, - 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x1d, 0x66, 0x61, 0x72, 0x2d, 0x69, 0x6e, 0x2d, - 0x74, 0x68, 0x65, 0x2d, 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, - 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x5c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x4b, 0x00, 0x30, 0x48, 0x02, 0x41, 0x00, 0xe2, - 0x2d, 0x35, 0x70, 0x75, 0xc0, 0x07, 0x56, 0x40, 0x7d, 0x63, 0xbc, 0xd2, 0x60, 0xb3, 0xcf, 0xb8, - 0x3d, 0x27, 0x6e, 0x10, 0xcd, 0x42, 0x50, 0x51, 0x9d, 0x79, 0x30, 0x79, 0x5a, 0xe3, 0xc3, 0x51, - 0x38, 0x85, 0x4c, 0xb4, 0x91, 0xd9, 0xe6, 0x8d, 0x69, 0x6a, 0xd4, 0x9c, 0x1c, 0x49, 0xc2, 0x25, - 0x2a, 0xc9, 0x2b, 0xf2, 0xf4, 0x8e, 0x8a, 0x3f, 0x8b, 0x4c, 0x97, 0xc3, 0x16, 0x96, 0x99, 0x02, - 0x03, 0x01, 0x00, 0x01, 0xa3, 0x26, 0x30, 0x24, 0x30, 0x22, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, - 0x1b, 0x30, 0x19, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x04, 0x06, 0x03, 0x2a, 0x03, 0x04, 0x30, 0x0d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x41, 0x00, 0xc2, 0x83, - 0x27, 0x32, 0x80, 0x74, 0x73, 0xe2, 0xa3, 0x92, 0xaa, 0x7c, 0xd8, 0x50, 0xf4, 0x61, 0x50, 0xb1, - 0x63, 0x9e, 0x29, 0xef, 0x38, 0x1d, 0xc0, 0x55, 0x20, 0x0f, 0x7e, 0xe9, 0x1f, 0xa1, 0x54, 0x1a, - 0x5f, 0x8c, 0x26, 0x1b, 0x66, 0x96, 0x0e, 0x64, 0x52, 0x1c, 0x00, 0x96, 0xfb, 0x81, 0x77, 0xa2, - 0x3a, 0x1d, 0x49, 0x0c, 0x03, 0xd5, 0x19, 0xf2, 0x6a, 0x01, 0x29, 0x31, 0xfb, 0xf5, -}; - -static void -test_build_distant_end_date (void) -{ - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_VALUE, (void *)cert_distant_end_date, sizeof (cert_distant_end_date) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE expected[] = { - { CKA_END_DATE, "20671229", 8 }, - { CKA_START_DATE, "20130327", 8 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *extra; - CK_RV rv; - - attrs = NULL; - extra = NULL; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true); - attrs = p11_attrs_merge (attrs, extra, false); - - test_check_attrs (expected, attrs); - p11_attrs_free (attrs); -} - -static void -test_valid_bool (void) -{ - CK_ATTRIBUTE *attrs = NULL; - CK_ATTRIBUTE *extra = NULL; - CK_BBOOL value = CK_TRUE; - CK_RV rv; - - CK_ATTRIBUTE input[] = { - { CKA_PRIVATE, &value, sizeof (value) }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_INVALID }, - }; - - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - p11_attrs_free (extra); -} - -static void -test_invalid_bool (void) -{ - CK_ATTRIBUTE *attrs = NULL; - CK_ATTRIBUTE *extra = NULL; - CK_RV rv; - - CK_ATTRIBUTE input[] = { - { CKA_PRIVATE, NULL, 0 }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_INVALID }, - }; - - p11_message_quiet (); - - input[0].pValue = "123"; - input[0].ulValueLen = 3; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); - - - input[0].pValue = NULL; - input[0].ulValueLen = sizeof (CK_BBOOL); - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); - - p11_message_loud (); -} - -static void -test_valid_ulong (void) -{ - CK_ATTRIBUTE *attrs = NULL; - CK_ATTRIBUTE *extra = NULL; - CK_ULONG value = 2; - CK_RV rv; - - CK_ATTRIBUTE input[] = { - { CKA_CERTIFICATE_CATEGORY, &value, sizeof (value) }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_INVALID }, - }; - - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - p11_attrs_free (extra); -} - -static void -test_invalid_ulong (void) -{ - CK_ATTRIBUTE *attrs = NULL; - CK_ATTRIBUTE *extra = NULL; - CK_RV rv; - - CK_ATTRIBUTE input[] = { - { CKA_CERTIFICATE_CATEGORY, NULL, 0 }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_INVALID }, - }; - - p11_message_quiet (); - - input[0].pValue = "123"; - input[0].ulValueLen = 3; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); - - - input[0].pValue = NULL; - input[0].ulValueLen = sizeof (CK_ULONG); - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); - - p11_message_loud (); -} - -static void -test_valid_utf8 (void) -{ - CK_ATTRIBUTE *attrs = NULL; - CK_ATTRIBUTE *extra = NULL; - CK_RV rv; - - CK_ATTRIBUTE input[] = { - { CKA_LABEL, NULL, 0 }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_INVALID }, - }; - - input[0].pValue = NULL; - input[0].ulValueLen = 0; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - p11_attrs_free (extra); -} - -static void -test_invalid_utf8 (void) -{ - CK_ATTRIBUTE *attrs = NULL; - CK_ATTRIBUTE *extra = NULL; - CK_RV rv; - - CK_ATTRIBUTE input[] = { - { CKA_LABEL, NULL, 0 }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_INVALID }, - }; - - p11_message_quiet (); - - input[0].pValue = "\xfex23"; - input[0].ulValueLen = 4; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); - - - input[0].pValue = NULL; - input[0].ulValueLen = 4; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); - - p11_message_loud (); -} - -static void -test_valid_dates (void) -{ - CK_ATTRIBUTE *attrs = NULL; - CK_ATTRIBUTE *extra = NULL; - CK_DATE date; - CK_RV rv; - - CK_ATTRIBUTE input[] = { - { CKA_START_DATE, &date, sizeof (CK_DATE) }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_INVALID }, - }; - - memcpy (date.year, "2000", sizeof (date.year)); - memcpy (date.month, "10", sizeof (date.month)); - memcpy (date.day, "10", sizeof (date.day)); - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - p11_attrs_free (extra); - p11_attrs_free (attrs); - attrs = NULL; - - input[0].ulValueLen = 0; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - p11_attrs_free (extra); - p11_attrs_free (attrs); -} - -static void -test_invalid_dates (void) -{ - CK_ATTRIBUTE *attrs = NULL; - CK_ATTRIBUTE *extra = NULL; - CK_DATE date; - CK_RV rv; - - CK_ATTRIBUTE input[] = { - { CKA_START_DATE, &date, sizeof (CK_DATE) }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_INVALID }, - }; - - p11_message_quiet (); - - memcpy (date.year, "AAAA", sizeof (date.year)); - memcpy (date.month, "BB", sizeof (date.month)); - memcpy (date.day, "CC", sizeof (date.day)); - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); - - memcpy (date.year, "2000", sizeof (date.year)); - memcpy (date.month, "15", sizeof (date.month)); - memcpy (date.day, "80", sizeof (date.day)); - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); - - input[0].pValue = NULL; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); - - p11_message_loud (); -} - -static void -test_valid_name (void) -{ - CK_ATTRIBUTE *attrs = NULL; - CK_ATTRIBUTE *extra = NULL; - CK_RV rv; - - CK_ATTRIBUTE input[] = { - { CKA_SUBJECT, NULL, 0 }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_INVALID }, - }; - - input[0].pValue = NULL; - input[0].ulValueLen = 0; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - p11_attrs_free (extra); - p11_attrs_free (attrs); - attrs = NULL; - - input[0].pValue = (void *)test_cacert3_ca_issuer; - input[0].ulValueLen = sizeof (test_cacert3_ca_issuer); - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - p11_attrs_free (extra); - p11_attrs_free (attrs); -} - -static void -test_invalid_name (void) -{ - CK_ATTRIBUTE *attrs = NULL; - CK_ATTRIBUTE *extra = NULL; - CK_RV rv; - - CK_ATTRIBUTE input[] = { - { CKA_SUBJECT, NULL, 0 }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_INVALID }, - }; - - p11_message_quiet (); - - input[0].pValue = "blah"; - input[0].ulValueLen = 4; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); - - input[0].pValue = NULL; - input[0].ulValueLen = 4; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); - - p11_message_loud (); -} - -static void -test_valid_serial (void) -{ - CK_ATTRIBUTE *attrs = NULL; - CK_ATTRIBUTE *extra = NULL; - CK_RV rv; - - CK_ATTRIBUTE input[] = { - { CKA_SERIAL_NUMBER, NULL, 0 }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_INVALID }, - }; - - input[0].pValue = NULL; - input[0].ulValueLen = 0; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - p11_attrs_free (extra); - attrs = NULL; - - input[0].pValue = (void *)test_cacert3_ca_serial; - input[0].ulValueLen = sizeof (test_cacert3_ca_serial); - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - p11_attrs_free (extra); -} - -static void -test_invalid_serial (void) -{ - CK_ATTRIBUTE *attrs = NULL; - CK_ATTRIBUTE *extra = NULL; - CK_RV rv; - - CK_ATTRIBUTE input[] = { - { CKA_SERIAL_NUMBER, NULL, 0 }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_INVALID }, - }; - - p11_message_quiet (); - - input[0].pValue = "blah"; - input[0].ulValueLen = 4; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); - - input[0].pValue = (void *)test_cacert3_ca_subject; - input[0].ulValueLen = sizeof (test_cacert3_ca_subject); - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); - - input[0].pValue = NULL; - input[0].ulValueLen = 4; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); - - p11_message_loud (); -} - -static void -test_valid_cert (void) -{ - CK_ATTRIBUTE *attrs = NULL; - CK_ATTRIBUTE *extra = NULL; - CK_RV rv; - - CK_ATTRIBUTE input[] = { - { CKA_VALUE, NULL, 0 }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_INVALID }, - }; - - input[0].pValue = NULL; - input[0].ulValueLen = 0; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - p11_attrs_free (extra); - attrs = NULL; - - input[0].pValue = (void *)test_cacert3_ca_der; - input[0].ulValueLen = sizeof (test_cacert3_ca_der); - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - p11_attrs_free (extra); -} - -static void -test_invalid_cert (void) -{ - CK_ATTRIBUTE *attrs = NULL; - CK_ATTRIBUTE *extra = NULL; - CK_RV rv; - - CK_ATTRIBUTE input[] = { - { CKA_VALUE, NULL, 0 }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_INVALID }, - }; - - p11_message_quiet (); - - input[0].pValue = "blah"; - input[0].ulValueLen = 4; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); - - input[0].pValue = (void *)test_cacert3_ca_subject; - input[0].ulValueLen = sizeof (test_cacert3_ca_subject); - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); - - input[0].pValue = NULL; - input[0].ulValueLen = 4; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); - - p11_message_loud (); -} - -static void -test_invalid_schema (void) -{ - CK_ATTRIBUTE *attrs = NULL; - CK_ATTRIBUTE *extra = NULL; - CK_RV rv; - - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_URL, "http://blah", 11 }, - { CKA_INVALID }, - }; - - p11_message_quiet (); - - /* Missing CKA_HASH_OF_SUBJECT_PUBLIC_KEY and CKA_HASH_OF_ISSUER_PUBLIC_KEY */ - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv); - - p11_message_loud (); -} - -static void -test_create_not_settable (void) -{ - /* - * CKA_PUBLIC_KEY_INFO cannot be created/modified - */ - - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_PUBLIC_KEY_INFO, (void *)verisign_v1_ca_public_key, sizeof (verisign_v1_ca_public_key) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *merge; - CK_ATTRIBUTE *extra; - CK_RV rv; - - p11_message_quiet (); - - attrs = NULL; - merge = p11_attrs_dup (input); - rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); - assert_num_eq (CKR_ATTRIBUTE_READ_ONLY, rv); - p11_attrs_free (merge); - - p11_message_loud (); - - p11_attrs_free (attrs); -} - -static void -test_create_but_loadable (void) -{ - /* - * CKA_PUBLIC_KEY_INFO cannot be set on creation, but can be set if we're - * loading from our store. This is signified by batching. - */ - - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_PUBLIC_KEY_INFO, (void *)verisign_v1_ca_public_key, sizeof (verisign_v1_ca_public_key) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *extra; - CK_RV rv; - - p11_index_load (test.index); - - attrs = NULL; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - p11_index_finish (test.index); - - attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true); - attrs = p11_attrs_merge (attrs, extra, false); - - test_check_attrs (input, attrs); - p11_attrs_free (attrs); -} - -static void -test_create_unsupported (void) -{ - CK_OBJECT_CLASS klass = CKO_PRIVATE_KEY; - - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &klass, sizeof (klass) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *merge; - CK_ATTRIBUTE *extra; - CK_RV rv; - - p11_message_quiet (); - - attrs = NULL; - extra = NULL; - merge = p11_attrs_dup (input); - rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); - assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv); - p11_attrs_free (merge); - - p11_message_loud (); -} - -static void -test_create_generated (void) -{ - CK_OBJECT_CLASS klass = CKO_NSS_TRUST; - - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &klass, sizeof (klass) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *merge; - CK_ATTRIBUTE *extra; - CK_RV rv; - - p11_message_quiet (); - - attrs = NULL; - extra = NULL; - merge = p11_attrs_dup (input); - rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); - assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv); - p11_attrs_free (merge); - - p11_message_loud (); -} - -static void -test_create_bad_attribute (void) -{ - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_VALUE, "the value", 9 }, - { CKA_COLOR, "blue", 4 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *merge; - CK_ATTRIBUTE *extra; - CK_RV rv; - - p11_message_quiet (); - - attrs = NULL; - extra = NULL; - merge = p11_attrs_dup (input); - rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); - assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv); - p11_attrs_free (merge); - - p11_message_loud (); -} - -static void -test_create_missing_attribute (void) -{ - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *merge; - CK_ATTRIBUTE *extra; - CK_RV rv; - - p11_message_quiet (); - - attrs = NULL; - extra = NULL; - merge = p11_attrs_dup (input); - rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); - assert_num_eq (CKR_TEMPLATE_INCOMPLETE, rv); - p11_attrs_free (merge); - - p11_message_loud (); -} - -static void -test_create_no_class (void) -{ - CK_ATTRIBUTE input[] = { - { CKA_VALUE, "the value", 9 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *merge; - CK_ATTRIBUTE *extra; - CK_RV rv; - - p11_message_quiet (); - - attrs = NULL; - extra = NULL; - merge = p11_attrs_dup (input); - rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); - assert_num_eq (CKR_TEMPLATE_INCOMPLETE, rv); - p11_attrs_free (merge); - - p11_message_loud (); -} - -static void -test_create_token_mismatch (void) -{ - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_TOKEN, &falsev, sizeof (falsev) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *merge; - CK_ATTRIBUTE *extra; - CK_RV rv; - - p11_message_quiet (); - - attrs = NULL; - extra = NULL; - merge = p11_attrs_dup (input); - rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); - assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv); - p11_attrs_free (merge); - - p11_message_loud (); -} - -static void -test_modify_success (void) -{ - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_MODIFIABLE, &truev, sizeof (truev) }, - { CKA_VALUE, "the value", 9 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE modify[] = { - { CKA_VALUE, "new value long", 14 }, - { CKA_LABEL, "new label", 9 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE expected[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_MODIFIABLE, &truev, sizeof (truev) }, - { CKA_VALUE, "new value long", 14 }, - { CKA_LABEL, "new label", 9 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *extra; - CK_RV rv; - - attrs = NULL; - extra = NULL; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true); - attrs = p11_attrs_merge (attrs, extra, false); - - extra = NULL; - rv = p11_builder_build (test.builder, test.index, attrs, modify, &extra); - assert_num_eq (CKR_OK, rv); - - attrs = p11_attrs_merge (attrs, p11_attrs_dup (modify), true); - attrs = p11_attrs_merge (attrs, extra, false); - - test_check_attrs (expected, attrs); - p11_attrs_free (attrs); -} - -static void -test_modify_read_only (void) -{ - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_MODIFIABLE, &truev, sizeof (truev) }, - { CKA_VALUE, "the value", 9 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE modify[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *merge; - CK_ATTRIBUTE *extra; - CK_RV rv; - - attrs = NULL; - extra = NULL; - merge = p11_attrs_dup (input); - rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); - assert_num_eq (CKR_OK, rv); - - attrs = p11_attrs_merge (attrs, merge, true); - attrs = p11_attrs_merge (attrs, extra, false); - - p11_message_quiet (); - - extra = NULL; - merge = p11_attrs_dup (modify); - rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); - assert_num_eq (CKR_ATTRIBUTE_READ_ONLY, rv); - p11_attrs_free (merge); - - p11_message_loud (); - - p11_attrs_free (attrs); -} - -static void -test_modify_unchanged (void) -{ - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_MODIFIABLE, &truev, sizeof (truev) }, - { CKA_VALUE, "the value", 9 }, - { CKA_INVALID }, - }; - - /* - * Although CKA_CLASS is read-only, changing to same value - * shouldn't fail - */ - - CK_ATTRIBUTE modify[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_VALUE, "the other", 9 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE expected[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_VALUE, "the other", 9 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *extra; - CK_RV rv; - - attrs = NULL; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true); - attrs = p11_attrs_merge (attrs, extra, false); - - extra = NULL; - rv = p11_builder_build (test.builder, test.index, attrs, modify, &extra); - assert_num_eq (CKR_OK, rv); - - attrs = p11_attrs_merge (attrs, p11_attrs_dup (modify), true); - attrs = p11_attrs_merge (attrs, extra, false); - - test_check_attrs (expected, attrs); - p11_attrs_free (attrs); -} - -static void -test_modify_not_modifiable (void) -{ - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, - { CKA_VALUE, "the value", 9 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE modify[] = { - { CKA_VALUE, "the value", 9 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *merge; - CK_ATTRIBUTE *extra; - CK_RV rv; - - attrs = NULL; - extra = NULL; - rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); - assert_num_eq (CKR_OK, rv); - - attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true); - attrs = p11_attrs_merge (attrs, extra, false); - - p11_message_quiet (); - - extra = NULL; - merge = p11_attrs_dup (modify); - rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); - assert_num_eq (CKR_ATTRIBUTE_READ_ONLY, rv); - p11_attrs_free (merge); - - p11_message_loud (); - - p11_attrs_free (attrs); -} - -static CK_ATTRIBUTE cacert3_assert_distrust_server[] = { - { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, - { CKA_X_PURPOSE, (void *)P11_OID_SERVER_AUTH_STR, sizeof (P11_OID_SERVER_AUTH_STR) - 1 }, - { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, - { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, - { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE cacert3_assert_distrust_client[] = { - { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, - { CKA_X_PURPOSE, (void *)P11_OID_CLIENT_AUTH_STR, sizeof (P11_OID_CLIENT_AUTH_STR) - 1}, - { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, - { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, - { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE cacert3_assert_distrust_code[] = { - { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, - { CKA_X_PURPOSE, (void *)P11_OID_CODE_SIGNING_STR, sizeof (P11_OID_CODE_SIGNING_STR) - 1}, - { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, - { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, - { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE cacert3_assert_distrust_email[] = { - { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, - { CKA_X_PURPOSE, (void *)P11_OID_EMAIL_PROTECTION_STR, sizeof (P11_OID_EMAIL_PROTECTION_STR) - 1}, - { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, - { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, - { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE cacert3_assert_distrust_system[] = { - { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, - { CKA_X_PURPOSE, (void *)P11_OID_IPSEC_END_SYSTEM_STR, sizeof (P11_OID_IPSEC_END_SYSTEM_STR) - 1}, - { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, - { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, - { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE cacert3_assert_distrust_tunnel[] = { - { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, - { CKA_X_PURPOSE, (void *)P11_OID_IPSEC_TUNNEL_STR, sizeof (P11_OID_IPSEC_TUNNEL_STR) - 1}, - { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, - { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, - { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE cacert3_assert_distrust_user[] = { - { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, - { CKA_X_PURPOSE, (void *)P11_OID_IPSEC_USER_STR, sizeof (P11_OID_IPSEC_USER_STR) - 1}, - { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, - { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, - { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE cacert3_assert_distrust_time[] = { - { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, - { CKA_X_PURPOSE, (void *)P11_OID_TIME_STAMPING_STR, sizeof (P11_OID_TIME_STAMPING_STR) - 1}, - { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, - { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, - { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, -}; - -static void -test_changed_trusted_certificate (void) -{ - static CK_ATTRIBUTE cacert3_trusted_certificate[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_CHECK_VALUE, "\xad\x7c\x3f", 3 }, - { CKA_START_DATE, "20110523", 8 }, - { CKA_END_DATE, "20210520", 8, }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, - { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, - { CKA_TRUSTED, &truev, sizeof (truev) }, - { CKA_ID, "cacert3", 7 }, - { CKA_LABEL, "Custom Label", 12 }, - { CKA_INVALID }, - }; - - static unsigned char eku_server_and_client[] = { - 0x30, 0x20, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x01, 0x01, 0xff, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x03, 0x02, - }; - - CK_ATTRIBUTE eku_extension_server_and_client[] = { - { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, - { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, - { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, - { CKA_LABEL, "Custom Label", 12 }, - { CKA_VALUE, eku_server_and_client, sizeof (eku_server_and_client) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, - }; - - static char eku_client_email[] = { - 0x30, 0x1a, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x99, 0x77, 0x06, 0x0a, 0x01, 0x04, 0x0c, - 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x04, - }; - - static CK_ATTRIBUTE reject_extension_email[] = { - { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, - { CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) }, - { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, - { CKA_LABEL, "Custom Label", 12 }, - { CKA_VALUE, eku_client_email, sizeof (eku_client_email) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, - }; - - static CK_ATTRIBUTE nss_trust_server_and_client_distrust_email[] = { - { CKA_CLASS, &nss_trust, sizeof (nss_trust), }, - { CKA_ID, "cacert3", 7 }, - { CKA_CERT_SHA1_HASH, "\xad\x7c\x3f\x64\xfc\x44\x39\xfe\xf4\xe9\x0b\xe8\xf4\x7c\x6c\xfa\x8a\xad\xfd\xce", 20 }, - { CKA_CERT_MD5_HASH, "\xf7\x25\x12\x82\x4e\x67\xb5\xd0\x8d\x92\xb7\x7c\x0b\x86\x7a\x42", 16 }, - { CKA_LABEL, "Custom Label", 12 }, - { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, - { CKA_TRUST_SERVER_AUTH, &trusted_delegator, sizeof (trusted_delegator) }, - { CKA_TRUST_CLIENT_AUTH, &trusted_delegator, sizeof (trusted_delegator) }, - { CKA_TRUST_EMAIL_PROTECTION, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_CODE_SIGNING, &trust_unknown, sizeof (trust_unknown) }, - { CKA_TRUST_IPSEC_END_SYSTEM, &trust_unknown, sizeof (trust_unknown) }, - { CKA_TRUST_IPSEC_TUNNEL, &trust_unknown, sizeof (trust_unknown) }, - { CKA_TRUST_IPSEC_USER, &trust_unknown, sizeof (trust_unknown) }, - { CKA_TRUST_TIME_STAMPING, &trust_unknown, sizeof (trust_unknown) }, - { CKA_TRUST_DIGITAL_SIGNATURE, &trusted_delegator, sizeof (trusted_delegator) }, - { CKA_TRUST_NON_REPUDIATION, &trusted_delegator, sizeof (trusted_delegator) }, - { CKA_TRUST_KEY_ENCIPHERMENT, &trusted_delegator, sizeof (trusted_delegator) }, - { CKA_TRUST_DATA_ENCIPHERMENT, &trusted_delegator, sizeof (trusted_delegator) }, - { CKA_TRUST_KEY_AGREEMENT, &trusted_delegator, sizeof (trusted_delegator) }, - { CKA_TRUST_KEY_CERT_SIGN, &trusted_delegator, sizeof (trusted_delegator) }, - { CKA_TRUST_CRL_SIGN, &trusted_delegator, sizeof (trusted_delegator) }, - { CKA_INVALID, } - }; - - static CK_ATTRIBUTE server_anchor_assertion[] = { - { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, - { CKA_X_PURPOSE, (void *)P11_OID_SERVER_AUTH_STR, sizeof (P11_OID_SERVER_AUTH_STR) - 1 }, - { CKA_LABEL, "Custom Label", 12 }, - { CKA_X_CERTIFICATE_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, - }; - - static CK_ATTRIBUTE client_anchor_assertion[] = { - { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, - { CKA_X_PURPOSE, (void *)P11_OID_CLIENT_AUTH_STR, sizeof (P11_OID_CLIENT_AUTH_STR) - 1 }, - { CKA_LABEL, "Custom Label", 12 }, - { CKA_X_CERTIFICATE_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, - }; - - /* - * We should get an NSS trust object and various assertions here. - * The first two attributes of each object are enough to look it up, - * and then we check the rest of the attributes match. - */ - - CK_ATTRIBUTE *expected[] = { - nss_trust_server_and_client_distrust_email, - cacert3_assert_distrust_email, - server_anchor_assertion, - client_anchor_assertion, - NULL, - }; - - CK_OBJECT_HANDLE handle; - CK_ATTRIBUTE *attrs; - CK_RV rv; - int i; - - /* - * A trusted cetrificate, trusted for server and client purposes, - * and explicitly rejects the email and timestamping purposes. - */ - p11_index_load (test.index); - rv = p11_index_take (test.index, p11_attrs_dup (cacert3_trusted_certificate), NULL); - assert_num_eq (CKR_OK, rv); - rv = p11_index_take (test.index, p11_attrs_dup (eku_extension_server_and_client), NULL); - assert_num_eq (CKR_OK, rv); - rv = p11_index_take (test.index, p11_attrs_dup (reject_extension_email), NULL); - assert_num_eq (CKR_OK, rv); - p11_index_finish (test.index); - - - /* The other objects */ - for (i = 0; expected[i]; i++) { - handle = p11_index_find (test.index, expected[i], 2); - assert (handle != 0); - - attrs = p11_index_lookup (test.index, handle); - assert_ptr_not_null (attrs); - - test_check_attrs (expected[i], attrs); - } -} - -static void -test_changed_distrust_value (void) -{ - CK_ATTRIBUTE distrust_cert[] = { - { CKA_CLASS, &certificate, sizeof (certificate), }, - { CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) }, - { CKA_PRIVATE, &falsev, sizeof (falsev) }, - { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_TRUSTED, &falsev, sizeof (falsev) }, - { CKA_X_DISTRUSTED, &truev, sizeof (truev) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE eku_extension[] = { - { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, - { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, - { CKA_VALUE, "\x30\x18\x06\x03\x55\x1d\x25\x01\x01\xff\x04\x0e\x30\x0c\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x10", 26 }, - { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE reject_extension[] = { - { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, - { CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) }, - { CKA_VALUE, "\x30\x1a\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x01\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x02", 28 }, - { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE nss_trust_nothing[] = { - { CKA_CLASS, &nss_trust, sizeof (nss_trust), }, - { CKA_ID, "cacert3", 7 }, - { CKA_CERT_SHA1_HASH, "\xad\x7c\x3f\x64\xfc\x44\x39\xfe\xf4\xe9\x0b\xe8\xf4\x7c\x6c\xfa\x8a\xad\xfd\xce", 20 }, - { CKA_CERT_MD5_HASH, "\xf7\x25\x12\x82\x4e\x67\xb5\xd0\x8d\x92\xb7\x7c\x0b\x86\x7a\x42", 16 }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, - { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, - { CKA_TRUST_SERVER_AUTH, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_CLIENT_AUTH, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_EMAIL_PROTECTION, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_CODE_SIGNING, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_IPSEC_END_SYSTEM, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_IPSEC_TUNNEL, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_IPSEC_USER, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_TIME_STAMPING, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_DIGITAL_SIGNATURE, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_NON_REPUDIATION, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_KEY_ENCIPHERMENT, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_DATA_ENCIPHERMENT, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_KEY_AGREEMENT, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_KEY_CERT_SIGN, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_CRL_SIGN, ¬_trusted, sizeof (not_trusted) }, - { CKA_INVALID, } - }; - - /* - * We should get an NSS trust object and various assertions here. - * The first two attributes of each object are enough to look it up, - * and then we check the rest of the attributes match. - */ - - CK_ATTRIBUTE *expected[] = { - nss_trust_nothing, - cacert3_assert_distrust_server, - cacert3_assert_distrust_client, - cacert3_assert_distrust_code, - cacert3_assert_distrust_email, - cacert3_assert_distrust_system, - cacert3_assert_distrust_tunnel, - cacert3_assert_distrust_user, - cacert3_assert_distrust_time, - NULL - }; - - CK_OBJECT_HANDLE handle; - CK_ATTRIBUTE *attrs; - CK_RV rv; - int i; - - /* - * A distrusted certificate with a value, plus some extra - * extensions (which should be ignored). - */ - p11_index_load (test.index); - rv = p11_index_take (test.index, p11_attrs_dup (distrust_cert), NULL); - assert_num_eq (CKR_OK, rv); - rv = p11_index_take (test.index, p11_attrs_dup (eku_extension), NULL); - assert_num_eq (CKR_OK, rv); - rv = p11_index_take (test.index, p11_attrs_dup (reject_extension), NULL); - assert_num_eq (CKR_OK, rv); - p11_index_finish (test.index); - - /* The other objects */ - for (i = 0; expected[i]; i++) { - handle = p11_index_find (test.index, expected[i], 2); - assert (handle != 0); - - attrs = p11_index_lookup (test.index, handle); - assert_ptr_not_null (attrs); - - test_check_attrs (expected[i], attrs); - } -} - -static void -test_changed_distrust_serial (void) -{ - CK_ATTRIBUTE distrust_cert[] = { - { CKA_CLASS, &certificate, sizeof (certificate), }, - { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, - { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_TRUSTED, &falsev, sizeof (falsev) }, - { CKA_X_DISTRUSTED, &truev, sizeof (truev) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE nss_trust_distrust[] = { - { CKA_CLASS, &nss_trust, sizeof (nss_trust), }, - { CKA_ID, "cacert3", 7 }, - { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, - { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, - { CKA_TRUST_SERVER_AUTH, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_CLIENT_AUTH, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_EMAIL_PROTECTION, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_CODE_SIGNING, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_IPSEC_END_SYSTEM, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_IPSEC_TUNNEL, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_IPSEC_USER, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_TIME_STAMPING, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_DIGITAL_SIGNATURE, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_NON_REPUDIATION, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_KEY_ENCIPHERMENT, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_DATA_ENCIPHERMENT, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_KEY_AGREEMENT, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_KEY_CERT_SIGN, ¬_trusted, sizeof (not_trusted) }, - { CKA_TRUST_CRL_SIGN, ¬_trusted, sizeof (not_trusted) }, - { CKA_INVALID, } - }; - - /* - * We should get an NSS trust object and various assertions here. - * The first two attributes of each object are enough to look it up, - * and then we check the rest of the attributes match. - */ - - CK_ATTRIBUTE *expected[] = { - nss_trust_distrust, - cacert3_assert_distrust_server, - cacert3_assert_distrust_client, - cacert3_assert_distrust_code, - cacert3_assert_distrust_email, - cacert3_assert_distrust_system, - cacert3_assert_distrust_tunnel, - cacert3_assert_distrust_user, - cacert3_assert_distrust_time, - NULL - }; - - CK_OBJECT_HANDLE handle; - CK_ATTRIBUTE *attrs; - CK_RV rv; - int i; - - /* - * A distrusted certificate without a value. - */ - p11_index_load (test.index); - rv = p11_index_take (test.index, p11_attrs_dup (distrust_cert), NULL); - assert_num_eq (CKR_OK, rv); - p11_index_finish (test.index); - - for (i = 0; expected[i]; i++) { - handle = p11_index_find (test.index, expected[i], 2); - assert (handle != 0); - attrs = p11_index_lookup (test.index, handle); - assert_ptr_not_null (attrs); - test_check_attrs (expected[i], attrs); - } -} - -static void -test_changed_dup_certificates (void) -{ - static CK_ATTRIBUTE trusted_cert[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_TRUSTED, &truev, sizeof (truev) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, - }; - - static CK_ATTRIBUTE distrust_cert[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_X_DISTRUSTED, &truev, sizeof (truev) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, - }; - - static CK_ATTRIBUTE trusted_nss[] = { - { CKA_CLASS, &nss_trust, sizeof (nss_trust), }, - { CKA_CERT_SHA1_HASH, "\xad\x7c\x3f\x64\xfc\x44\x39\xfe\xf4\xe9\x0b\xe8\xf4\x7c\x6c\xfa\x8a\xad\xfd\xce", 20 }, - { CKA_TRUST_SERVER_AUTH, &trusted_delegator, sizeof (trusted_delegator) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID, } - }; - - static CK_ATTRIBUTE distrust_nss[] = { - { CKA_CLASS, &nss_trust, sizeof (nss_trust), }, - { CKA_CERT_SHA1_HASH, "\xad\x7c\x3f\x64\xfc\x44\x39\xfe\xf4\xe9\x0b\xe8\xf4\x7c\x6c\xfa\x8a\xad\xfd\xce", 20 }, - { CKA_TRUST_SERVER_AUTH, ¬_trusted, sizeof (not_trusted) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID, } - }; - - static CK_ATTRIBUTE unknown_nss[] = { - { CKA_CLASS, &nss_trust, sizeof (nss_trust), }, - { CKA_CERT_SHA1_HASH, "\xad\x7c\x3f\x64\xfc\x44\x39\xfe\xf4\xe9\x0b\xe8\xf4\x7c\x6c\xfa\x8a\xad\xfd\xce", 20 }, - { CKA_TRUST_SERVER_AUTH, &trust_unknown, sizeof (trust_unknown) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID, } - }; - - static CK_ATTRIBUTE match_nss[] = { - { CKA_CLASS, &nss_trust, sizeof (nss_trust), }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID, } - }; - - static CK_ATTRIBUTE anchor_assertion[] = { - { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, - { CKA_X_PURPOSE, (void *)P11_OID_SERVER_AUTH_STR, sizeof (P11_OID_SERVER_AUTH_STR) - 1 }, - { CKA_X_CERTIFICATE_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, - }; - - static CK_ATTRIBUTE distrust_assertion[] = { - { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, - { CKA_X_PURPOSE, (void *)P11_OID_SERVER_AUTH_STR, sizeof (P11_OID_SERVER_AUTH_STR) - 1 }, - { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, - { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, - { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID }, - }; - - static CK_ATTRIBUTE match_assertion[] = { - { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, - { CKA_ID, "cacert3", 7 }, - { CKA_INVALID, } - }; - - CK_OBJECT_HANDLE handle1; - CK_OBJECT_HANDLE handle2; - CK_OBJECT_HANDLE handle; - CK_RV rv; - - /* - * A trusted certificate, should create trutsed nss trust - * and anchor assertions - */ - p11_index_load (test.index); - rv = p11_index_take (test.index, p11_attrs_dup (trusted_cert), &handle1); - assert_num_eq (CKR_OK, rv); - p11_index_finish (test.index); - - handle = p11_index_find (test.index, match_nss, -1); - assert (handle != 0); - handle = p11_index_find (test.index, match_assertion, -1); - assert (handle != 0); - handle = p11_index_find (test.index, trusted_nss, -1); - assert (handle != 0); - handle = p11_index_find (test.index, anchor_assertion, -1); - assert (handle != 0); - - /* Now we add a distrusted certificate, should update the objects */ - p11_index_load (test.index); - rv = p11_index_take (test.index, p11_attrs_dup (distrust_cert), &handle2); - assert_num_eq (CKR_OK, rv); - p11_index_finish (test.index); - - handle = p11_index_find (test.index, trusted_nss, -1); - assert (handle == 0); - handle = p11_index_find (test.index, distrust_nss, -1); - assert (handle != 0); - handle = p11_index_find (test.index, anchor_assertion, -1); - assert (handle == 0); - handle = p11_index_find (test.index, distrust_assertion, -1); - assert (handle != 0); - - /* Now remove the trusted cetrificate, should update again */ - rv = p11_index_remove (test.index, handle2); - assert_num_eq (CKR_OK, rv); - - handle = p11_index_find (test.index, trusted_nss, -1); - assert (handle != 0); - handle = p11_index_find (test.index, distrust_nss, -1); - assert (handle == 0); - handle = p11_index_find (test.index, anchor_assertion, -1); - assert (handle != 0); - handle = p11_index_find (test.index, distrust_assertion, -1); - assert (handle == 0); - - /* Now remove the original certificate, unknown nss and no assertions */ - rv = p11_index_remove (test.index, handle1); - assert_num_eq (CKR_OK, rv); - - handle = p11_index_find (test.index, unknown_nss, -1); - assert (handle != 0); - handle = p11_index_find (test.index, match_assertion, -1); - assert (handle == 0); -} - -static void -test_changed_without_id (void) -{ - static CK_ATTRIBUTE trusted_without_id[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_TRUSTED, &truev, sizeof (truev) }, - { CKA_ID, NULL, 0, }, - { CKA_INVALID }, - }; - - CK_OBJECT_CLASS klass = 0; - CK_ATTRIBUTE match[] = { - { CKA_CLASS, &klass, sizeof (klass) }, - { CKA_INVALID }, - }; - - /* - * A cetrificate without a CKA_ID that's created should still - * automatically create compat objects. - */ - - CK_OBJECT_HANDLE handle; - CK_RV rv; - - p11_index_load (test.index); - rv = p11_index_take (test.index, p11_attrs_dup (trusted_without_id), NULL); - assert_num_eq (CKR_OK, rv); - p11_index_finish (test.index); - - klass = CKO_NSS_TRUST; - handle = p11_index_find (test.index, match, -1); - assert (handle != 0); - - klass = CKO_X_TRUST_ASSERTION; - handle = p11_index_find (test.index, match, -1); - assert (handle != 0); -} - -static void -test_changed_staple_ca (void) -{ - CK_ULONG category = 0; - - CK_ATTRIBUTE attached[] = { - { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, - { CKA_OBJECT_ID, (void *)P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS) }, - { CKA_VALUE, "\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff", 14 }, - { CKA_PUBLIC_KEY_INFO, (void *)entrust_public_key, sizeof (entrust_public_key) }, - { CKA_ID, "the id", 6 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_VALUE, (void *)entrust_pretend_ca, sizeof (entrust_pretend_ca) }, - { CKA_ID, "the id", 6 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE match[] = { - { CKA_VALUE, (void *)entrust_pretend_ca, sizeof (entrust_pretend_ca) }, - { CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_RV rv; - - attrs = NULL; - rv = p11_index_take (test.index, p11_attrs_dup (input), NULL); - assert_num_eq (CKR_OK, rv); - - /* Not a CA at this point, until we staple */ - category = 0; - assert (p11_index_find (test.index, match, -1) == 0); - - /* Add a attached basic constraint */ - rv = p11_index_add (test.index, attached, 4, NULL); - assert_num_eq (CKR_OK, rv); - - /* Now should be a CA */ - category = 2; - assert (p11_index_find (test.index, match, -1) != 0); - - p11_attrs_free (attrs); -} - -static void -test_changed_staple_ku (void) -{ - CK_ATTRIBUTE attached_ds_and_np[] = { - { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, - { CKA_OBJECT_ID, (void *)P11_OID_KEY_USAGE, sizeof (P11_OID_KEY_USAGE) }, - { CKA_VALUE, "\x30\x0c\x06\x03\x55\x1d\x0f\x04\x05\x03\x03\x07\xc0\x00", 14 }, - { CKA_PUBLIC_KEY_INFO, (void *)entrust_public_key, sizeof (entrust_public_key) }, - { CKA_ID, "the id", 6 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE input[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_VALUE, (void *)entrust_pretend_ca, sizeof (entrust_pretend_ca) }, - { CKA_TRUSTED, &truev, sizeof (truev) }, - { CKA_ID, "the id", 6 }, - { CKA_INVALID }, - }; - - static CK_ATTRIBUTE nss_trust_ds_and_np[] = { - { CKA_CLASS, &nss_trust, sizeof (nss_trust), }, - { CKA_ID, "the id", 6 }, - { CKA_TRUST_SERVER_AUTH, &trusted, sizeof (trusted) }, - { CKA_TRUST_CLIENT_AUTH, &trusted, sizeof (trusted) }, - { CKA_TRUST_EMAIL_PROTECTION, &trusted, sizeof (trusted) }, - { CKA_TRUST_CODE_SIGNING, &trusted, sizeof (trusted) }, - { CKA_TRUST_IPSEC_END_SYSTEM, &trusted, sizeof (trusted) }, - { CKA_TRUST_IPSEC_TUNNEL, &trusted, sizeof (trusted) }, - { CKA_TRUST_IPSEC_USER, &trusted, sizeof (trusted) }, - { CKA_TRUST_TIME_STAMPING, &trusted, sizeof (trusted) }, - { CKA_TRUST_DIGITAL_SIGNATURE, &trusted, sizeof (trusted) }, - { CKA_TRUST_NON_REPUDIATION, &trusted, sizeof (trusted) }, - { CKA_TRUST_KEY_ENCIPHERMENT, &trust_unknown, sizeof (trust_unknown) }, - { CKA_TRUST_DATA_ENCIPHERMENT, &trust_unknown, sizeof (trust_unknown) }, - { CKA_TRUST_KEY_AGREEMENT, &trust_unknown, sizeof (trust_unknown) }, - { CKA_TRUST_KEY_CERT_SIGN, &trust_unknown, sizeof (trust_unknown) }, - { CKA_TRUST_CRL_SIGN, &trust_unknown, sizeof (trust_unknown) }, - { CKA_INVALID, } - }; - - CK_OBJECT_HANDLE handle; - CK_ATTRIBUTE *attrs; - CK_RV rv; - - p11_index_load (test.index); - rv = p11_index_take (test.index, p11_attrs_dup (input), NULL); - assert_num_eq (CKR_OK, rv); - rv = p11_index_take (test.index, p11_attrs_dup (attached_ds_and_np), NULL); - assert_num_eq (CKR_OK, rv); - p11_index_finish (test.index); - - handle = p11_index_find (test.index, nss_trust_ds_and_np, 2); - assert (handle != 0); - - attrs = p11_index_lookup (test.index, handle); - test_check_attrs (nss_trust_ds_and_np, attrs); -} - -int -main (int argc, - char *argv[]) -{ - p11_fixture (setup, teardown); - p11_test (test_get_cache, "/builder/get_cache"); - p11_test (test_build_data, "/builder/build_data"); - p11_test (test_build_certificate, "/builder/build_certificate"); - p11_test (test_build_certificate_empty, "/builder/build_certificate_empty"); - p11_test (test_build_certificate_non_ca, "/builder/build_certificate_non_ca"); - p11_test (test_build_certificate_v1_ca, "/builder/build_certificate_v1_ca"); - p11_test (test_build_certificate_staple_ca, "/builder/build_certificate_staple_ca"); - p11_test (test_build_certificate_staple_ca_backwards, "/builder/build-certificate-staple-ca-backwards"); - p11_test (test_build_certificate_no_type, "/builder/build_certificate_no_type"); - p11_test (test_build_certificate_bad_type, "/builder/build_certificate_bad_type"); - p11_test (test_build_extension, "/builder/build_extension"); - p11_test (test_build_distant_end_date, "/builder/build_distant_end_date"); - - p11_test (test_valid_bool, "/builder/valid-bool"); - p11_test (test_valid_ulong, "/builder/valid-ulong"); - p11_test (test_valid_utf8, "/builder/valid-utf8"); - p11_test (test_valid_dates, "/builder/valid-date"); - p11_test (test_valid_name, "/builder/valid-name"); - p11_test (test_valid_serial, "/builder/valid-serial"); - p11_test (test_valid_cert, "/builder/valid-cert"); - p11_test (test_invalid_bool, "/builder/invalid-bool"); - p11_test (test_invalid_ulong, "/builder/invalid-ulong"); - p11_test (test_invalid_utf8, "/builder/invalid-utf8"); - p11_test (test_invalid_dates, "/builder/invalid-date"); - p11_test (test_invalid_name, "/builder/invalid-name"); - p11_test (test_invalid_serial, "/builder/invalid-serial"); - p11_test (test_invalid_cert, "/builder/invalid-cert"); - p11_test (test_invalid_schema, "/builder/invalid-schema"); - - p11_test (test_create_not_settable, "/builder/create_not_settable"); - p11_test (test_create_but_loadable, "/builder/create_but_loadable"); - p11_test (test_create_unsupported, "/builder/create_unsupported"); - p11_test (test_create_generated, "/builder/create_generated"); - p11_test (test_create_bad_attribute, "/builder/create_bad_attribute"); - p11_test (test_create_missing_attribute, "/builder/create_missing_attribute"); - p11_test (test_create_no_class, "/builder/create_no_class"); - p11_test (test_create_token_mismatch, "/builder/create_token_mismatch"); - p11_test (test_modify_success, "/builder/modify_success"); - p11_test (test_modify_read_only, "/builder/modify_read_only"); - p11_test (test_modify_unchanged, "/builder/modify_unchanged"); - p11_test (test_modify_not_modifiable, "/builder/modify_not_modifiable"); - - p11_test (test_changed_trusted_certificate, "/builder/changed_trusted_certificate"); - p11_test (test_changed_distrust_value, "/builder/changed_distrust_value"); - p11_test (test_changed_distrust_serial, "/builder/changed_distrust_serial"); - p11_test (test_changed_without_id, "/builder/changed_without_id"); - p11_test (test_changed_staple_ca, "/builder/changed_staple_ca"); - p11_test (test_changed_staple_ku, "/builder/changed_staple_ku"); - p11_test (test_changed_dup_certificates, "/builder/changed_dup_certificates"); - return p11_test_run (argc, argv); -} diff --git a/trust/test-bundle.c b/trust/test-bundle.c deleted file mode 100644 index 3af7277..0000000 --- a/trust/test-bundle.c +++ /dev/null @@ -1,272 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#define P11_KIT_DISABLE_DEPRECATED - -#include "config.h" - -#include "test-trust.h" - -#include "attrs.h" -#include "compat.h" -#include "debug.h" -#include "dict.h" -#include "extract.h" -#include "message.h" -#include "mock.h" -#include "path.h" -#include "pkcs11.h" -#include "pkcs11x.h" -#include "oid.h" -#include "test.h" - -#include -#include -#include -#include -#include - -struct { - CK_FUNCTION_LIST module; - p11_enumerate ex; - char *directory; -} test; - -static void -setup (void *unused) -{ - CK_RV rv; - - mock_module_reset (); - memcpy (&test.module, &mock_module, sizeof (CK_FUNCTION_LIST)); - rv = test.module.C_Initialize (NULL); - assert_num_eq (CKR_OK, rv); - - p11_enumerate_init (&test.ex); - - test.directory = p11_test_directory ("test-extract"); -} - -static void -teardown (void *unused) -{ - CK_RV rv; - - if (rmdir (test.directory) < 0) - assert_not_reached (); - free (test.directory); - - p11_enumerate_cleanup (&test.ex); - - rv = test.module.C_Finalize (NULL); - assert_num_eq (CKR_OK, rv); -} - -static CK_OBJECT_CLASS certificate_class = CKO_CERTIFICATE; -static CK_CERTIFICATE_TYPE x509_type = CKC_X_509; - -static CK_ATTRIBUTE cacert3_authority_attrs[] = { - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, - { CKA_LABEL, "Cacert3 Here", 12 }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_ID, "ID1", 3 }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE certificate_filter[] = { - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_INVALID }, -}; - -static void -test_file (void) -{ - char *destination; - bool ret; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) - assert_not_reached (); - - ret = p11_extract_pem_bundle (&test.ex, destination); - assert_num_eq (true, ret); - - test_check_file (test.directory, "extract.pem", SRCDIR "/trust/fixtures/cacert3.pem"); - - free (destination); -} - -static void -test_file_multiple (void) -{ - char *destination; - bool ret; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) - assert_not_reached (); - - ret = p11_extract_pem_bundle (&test.ex, destination); - assert_num_eq (true, ret); - - test_check_file (test.directory, "extract.pem", SRCDIR "/trust/fixtures/cacert3-twice.pem"); - - free (destination); -} - -static void -test_file_without (void) -{ - char *destination; - bool ret; - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) - assert_not_reached (); - - ret = p11_extract_pem_bundle (&test.ex, destination); - assert_num_eq (true, ret); - - test_check_data (test.directory, "extract.pem", "", 0); - - free (destination); -} - -static void -test_directory (void) -{ - bool ret; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - /* Yes, this is a race, and why you shouldn't build software as root */ - if (rmdir (test.directory) < 0) - assert_not_reached (); - - ret = p11_extract_pem_directory (&test.ex, test.directory); - assert_num_eq (true, ret); - - test_check_directory (test.directory, ("Cacert3_Here.pem", "Cacert3_Here.1.pem", NULL)); - test_check_file (test.directory, "Cacert3_Here.pem", SRCDIR "/trust/fixtures/cacert3.pem"); - test_check_file (test.directory, "Cacert3_Here.1.pem", SRCDIR "/trust/fixtures/cacert3.pem"); -} - -static void -test_directory_empty (void) -{ - bool ret; - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - /* Yes, this is a race, and why you shouldn't build software as root */ - if (rmdir (test.directory) < 0) - assert_not_reached (); - - ret = p11_extract_pem_directory (&test.ex, test.directory); - assert_num_eq (true, ret); - - test_check_directory (test.directory, (NULL, NULL)); -} - -static void -test_directory_hash (void) -{ - bool ret; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - /* Yes, this is a race, and why you shouldn't build software as root */ - if (rmdir (test.directory) < 0) - assert_not_reached (); - - ret = p11_extract_pem_directory_hash (&test.ex, test.directory); - assert_num_eq (true, ret); - - test_check_directory (test.directory, ("Cacert3_Here.pem", "Cacert3_Here.1.pem", -#ifdef OS_UNIX - "e5662767.1", "e5662767.0", "590d426f.1", "590d426f.0", -#endif - NULL)); - test_check_file (test.directory, "Cacert3_Here.pem", SRCDIR "/trust/fixtures/cacert3.pem"); - test_check_file (test.directory, "Cacert3_Here.1.pem", SRCDIR "/trust/fixtures/cacert3.pem"); -#ifdef OS_UNIX - test_check_symlink (test.directory, "e5662767.0", "Cacert3_Here.pem"); - test_check_symlink (test.directory, "e5662767.1", "Cacert3_Here.1.pem"); - test_check_symlink (test.directory, "590d426f.0", "Cacert3_Here.pem"); - test_check_symlink (test.directory, "590d426f.1", "Cacert3_Here.1.pem"); -#endif -} - -int -main (int argc, - char *argv[]) -{ - mock_module_init (); - - p11_fixture (setup, teardown); - p11_test (test_file, "/pem/test_file"); - p11_test (test_file_multiple, "/pem/test_file_multiple"); - p11_test (test_file_without, "/pem/test_file_without"); - p11_test (test_directory, "/pem/test_directory"); - p11_test (test_directory_empty, "/pem/test_directory_empty"); - p11_test (test_directory_hash, "/pem/test_directory_hash"); - return p11_test_run (argc, argv); -} - -#include "enumerate.c" -#include "extract-pem.c" -#include "extract-openssl.c" -#include "save.c" diff --git a/trust/test-cer.c b/trust/test-cer.c deleted file mode 100644 index 422b528..0000000 --- a/trust/test-cer.c +++ /dev/null @@ -1,247 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#define P11_KIT_DISABLE_DEPRECATED - -#include "config.h" - -#include "test-trust.h" - -#include "attrs.h" -#include "compat.h" -#include "debug.h" -#include "dict.h" -#include "extract.h" -#include "message.h" -#include "mock.h" -#include "path.h" -#include "pkcs11.h" -#include "pkcs11x.h" -#include "oid.h" -#include "test.h" - -#include -#include -#include -#include -#include - -struct { - CK_FUNCTION_LIST module; - p11_enumerate ex; - char *directory; -} test; - -static void -setup (void *unused) -{ - CK_RV rv; - - mock_module_reset (); - memcpy (&test.module, &mock_module, sizeof (CK_FUNCTION_LIST)); - rv = test.module.C_Initialize (NULL); - assert_num_eq (CKR_OK, rv); - - p11_enumerate_init (&test.ex); - - test.directory = p11_test_directory ("test-extract"); -} - -static void -teardown (void *unused) -{ - CK_RV rv; - - if (rmdir (test.directory) < 0) - assert_fail ("rmdir() failed", test.directory); - free (test.directory); - - p11_enumerate_cleanup (&test.ex); - - rv = test.module.C_Finalize (NULL); - assert_num_eq (CKR_OK, rv); -} - -static CK_OBJECT_CLASS certificate_class = CKO_CERTIFICATE; -static CK_CERTIFICATE_TYPE x509_type = CKC_X_509; - -static CK_ATTRIBUTE cacert3_authority_attrs[] = { - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, - { CKA_LABEL, "Cacert3 Here", 12 }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_ID, "ID1", 3 }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE certificate_filter[] = { - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_INVALID }, -}; - -static void -test_file (void) -{ - char *destination; - bool ret; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - if (asprintf (&destination, "%s/%s", test.directory, "extract.cer") < 0) - assert_not_reached (); - - ret = p11_extract_x509_file (&test.ex, destination); - assert_num_eq (true, ret); - - test_check_file (test.directory, "extract.cer", SRCDIR "/trust/fixtures/cacert3.der"); - - free (destination); -} - -static void -test_file_multiple (void) -{ - char *destination; - bool ret; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - if (asprintf (&destination, "%s/%s", test.directory, "extract.cer") < 0) - assert_not_reached (); - - p11_message_quiet (); - - ret = p11_extract_x509_file (&test.ex, destination); - assert_num_eq (true, ret); - - assert (strstr (p11_message_last (), "multiple certificates") != NULL); - - p11_message_loud (); - - test_check_file (test.directory, "extract.cer", SRCDIR "/trust/fixtures/cacert3.der"); - - free (destination); -} - -static void -test_file_without (void) -{ - char *destination; - bool ret; - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - if (asprintf (&destination, "%s/%s", test.directory, "extract.cer") < 0) - assert_not_reached (); - - p11_message_quiet (); - - ret = p11_extract_x509_file (&test.ex, destination); - assert_num_eq (false, ret); - - assert (strstr (p11_message_last (), "no certificate") != NULL); - - p11_message_loud (); - - free (destination); -} - -static void -test_directory (void) -{ - bool ret; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - /* Yes, this is a race, and why you shouldn't build software as root */ - if (rmdir (test.directory) < 0) - assert_not_reached (); - - ret = p11_extract_x509_directory (&test.ex, test.directory); - assert_num_eq (true, ret); - - test_check_directory (test.directory, ("Cacert3_Here.cer", "Cacert3_Here.1.cer", NULL)); - test_check_file (test.directory, "Cacert3_Here.cer", SRCDIR "/trust/fixtures/cacert3.der"); - test_check_file (test.directory, "Cacert3_Here.1.cer", SRCDIR "/trust/fixtures/cacert3.der"); -} - -static void -test_directory_empty (void) -{ - bool ret; - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - /* Yes, this is a race, and why you shouldn't build software as root */ - if (rmdir (test.directory) < 0) - assert_not_reached (); - - ret = p11_extract_x509_directory (&test.ex, test.directory); - assert_num_eq (true, ret); - - test_check_directory (test.directory, (NULL, NULL)); -} - -int -main (int argc, - char *argv[]) -{ - mock_module_init (); - - p11_fixture (setup, teardown); - p11_test (test_file, "/x509/test_file"); - p11_test (test_file_multiple, "/x509/test_file_multiple"); - p11_test (test_file_without, "/x509/test_file_without"); - p11_test (test_directory, "/x509/test_directory"); - p11_test (test_directory_empty, "/x509/test_directory_empty"); - return p11_test_run (argc, argv); -} - -#include "enumerate.c" -#include "extract-cer.c" -#include "save.c" diff --git a/trust/test-digest.c b/trust/test-digest.c deleted file mode 100644 index f2cb669..0000000 --- a/trust/test-digest.c +++ /dev/null @@ -1,143 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include -#include -#include -#include -#include - -#include "digest.h" - -const char *sha1_input[] = { - "abc", - "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - NULL -}; - -const char *sha1_checksum[] = { - "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D", - "\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29\xE5\xE5\x46\x70\xF1", - NULL -}; - -static void -test_sha1 (void) -{ - unsigned char checksum[P11_DIGEST_SHA1_LEN]; - size_t len; - int i; - - for (i = 0; sha1_input[i] != NULL; i++) { - memset (checksum, 0, sizeof (checksum)); - len = strlen (sha1_input[i]); - - p11_digest_sha1 (checksum, sha1_input[i], len, NULL); - assert (memcmp (sha1_checksum[i], checksum, P11_DIGEST_SHA1_LEN) == 0); - - if (len > 6) { - p11_digest_sha1 (checksum, sha1_input[i], 6, sha1_input[i] + 6, len - 6, NULL); - assert (memcmp (sha1_checksum[i], checksum, P11_DIGEST_SHA1_LEN) == 0); - } - } -} - -static void -test_sha1_long (void) -{ - unsigned char checksum[P11_DIGEST_SHA1_LEN]; - char *expected = "\x34\xAA\x97\x3C\xD4\xC4\xDA\xA4\xF6\x1E\xEB\x2B\xDB\xAD\x27\x31\x65\x34\x01\x6F"; - char *input; - - input = malloc (1000000); - assert (input != NULL); - memset (input, 'a', 1000000); - - p11_digest_sha1 (checksum, input, 1000000, NULL); - assert (memcmp (expected, checksum, P11_DIGEST_SHA1_LEN) == 0); - - free (input); -} - -const char *md5_input[] = { - "", - "a", - "abc", - "message digest", - "abcdefghijklmnopqrstuvwxyz", - NULL -}; - -const char *md5_checksum[] = { - "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42\x7e", - "\x0c\xc1\x75\xb9\xc0\xf1\xb6\xa8\x31\xc3\x99\xe2\x69\x77\x26\x61", - "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f\x72", - "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61\xd0", - "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00\x7d\xfb\x49\x6c\xca\x67\xe1\x3b", - NULL -}; - -static void -test_md5 (void) -{ - unsigned char checksum[P11_DIGEST_MD5_LEN]; - size_t len; - int i; - - for (i = 0; md5_input[i] != NULL; i++) { - memset (checksum, 0, sizeof (checksum)); - len = strlen (md5_input[i]); - - p11_digest_md5 (checksum, md5_input[i], len, NULL); - assert (memcmp (md5_checksum[i], checksum, P11_DIGEST_MD5_LEN) == 0); - - if (len > 5) { - p11_digest_md5 (checksum, md5_input[i], 5, md5_input[i] + 5, len - 5, NULL); - assert (memcmp (md5_checksum[i], checksum, P11_DIGEST_MD5_LEN) == 0); - } - } -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_sha1, "/digest/sha1"); - p11_test (test_sha1_long, "/digest/sha1-long"); - p11_test (test_md5, "/digest/md5"); - return p11_test_run (argc, argv); -} diff --git a/trust/test-enumerate.c b/trust/test-enumerate.c deleted file mode 100644 index 424437e..0000000 --- a/trust/test-enumerate.c +++ /dev/null @@ -1,538 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#define P11_KIT_DISABLE_DEPRECATED - -#include "config.h" - -#include "test-trust.h" - -#include "attrs.h" -#include "compat.h" -#include "debug.h" -#include "dict.h" -#include "extract.h" -#include "message.h" -#include "mock.h" -#include "pkcs11.h" -#include "pkcs11x.h" -#include "oid.h" -#include "test.h" - -#include -#include - - -static void -test_file_name_for_label (void) -{ - CK_ATTRIBUTE label = { CKA_LABEL, "The Label!", 10 }; - p11_enumerate ex; - char *name; - - p11_enumerate_init (&ex); - - ex.attrs = p11_attrs_build (NULL, &label, NULL); - - name = p11_enumerate_filename (&ex); - assert_str_eq ("The_Label_", name); - free (name); - - p11_enumerate_cleanup (&ex); -} - -static void -test_file_name_for_class (void) -{ - p11_enumerate ex; - char *name; - - p11_enumerate_init (&ex); - - ex.klass = CKO_CERTIFICATE; - - name = p11_enumerate_filename (&ex); - assert_str_eq ("certificate", name); - free (name); - - ex.klass = CKO_DATA; - - name = p11_enumerate_filename (&ex); - assert_str_eq ("unknown", name); - free (name); - - p11_enumerate_cleanup (&ex); -} - -static void -test_comment_for_label (void) -{ - CK_ATTRIBUTE label = { CKA_LABEL, "The Label!", 10 }; - p11_enumerate ex; - char *comment; - - p11_enumerate_init (&ex); - - ex.flags = P11_EXTRACT_COMMENT; - ex.attrs = p11_attrs_build (NULL, &label, NULL); - - comment = p11_enumerate_comment (&ex, true); - assert_str_eq ("# The Label!\n", comment); - free (comment); - - comment = p11_enumerate_comment (&ex, false); - assert_str_eq ("\n# The Label!\n", comment); - free (comment); - - p11_enumerate_cleanup (&ex); -} - -static void -test_comment_not_enabled (void) -{ - CK_ATTRIBUTE label = { CKA_LABEL, "The Label!", 10 }; - p11_enumerate ex; - char *comment; - - p11_enumerate_init (&ex); - - ex.attrs = p11_attrs_build (NULL, &label, NULL); - - comment = p11_enumerate_comment (&ex, true); - assert_ptr_eq (NULL, comment); - - comment = p11_enumerate_comment (&ex, false); - assert_ptr_eq (NULL, comment); - - p11_enumerate_cleanup (&ex); -} - -struct { - CK_FUNCTION_LIST module; - CK_FUNCTION_LIST_PTR modules[2]; - p11_enumerate ex; -} test; - -static void -setup (void *unused) -{ - CK_RV rv; - - mock_module_reset (); - memcpy (&test.module, &mock_module, sizeof (CK_FUNCTION_LIST)); - - rv = test.module.C_Initialize (NULL); - assert_num_eq (CKR_OK, rv); - - p11_enumerate_init (&test.ex); - - /* Prefill the modules */ - test.modules[0] = &test.module; - test.modules[1] = NULL; - test.ex.modules = test.modules; -} - -static void -teardown (void *unused) -{ - CK_RV rv; - - /* Don't free the modules */ - test.ex.modules = NULL; - - p11_enumerate_cleanup (&test.ex); - - rv = test.module.C_Finalize (NULL); - assert_num_eq (CKR_OK, rv); -} - -static CK_OBJECT_CLASS certificate_class = CKO_CERTIFICATE; -static CK_OBJECT_CLASS public_key_class = CKO_PUBLIC_KEY; -static CK_OBJECT_CLASS extension_class = CKO_X_CERTIFICATE_EXTENSION; -static CK_CERTIFICATE_TYPE x509_type = CKC_X_509; -static CK_BBOOL truev = CK_TRUE; - -static CK_ATTRIBUTE cacert3_trusted[] = { - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, - { CKA_LABEL, "Cacert3 Here", 11 }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, - { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, - { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, - { CKA_TRUSTED, &truev, sizeof (truev) }, - { CKA_ID, "ID1", 3 }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE cacert3_distrusted[] = { - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, - { CKA_LABEL, "Another CaCert", 11 }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, - { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, - { CKA_X_DISTRUSTED, &truev, sizeof (truev) }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE cacert3_distrusted_by_key[] = { - { CKA_CLASS, &public_key_class, sizeof (public_key_class) }, - { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, - { CKA_X_DISTRUSTED, &truev, sizeof (truev) }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE certificate_filter[] = { - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE extension_eku_server_client[] = { - { CKA_CLASS, &extension_class, sizeof (extension_class) }, - { CKA_ID, "ID1", 3 }, - { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, - { CKA_VALUE, "\x30\x1d\x06\x03\x55\x1d\x25\x04\x16\x30\x14\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x01\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x02", 31 }, - { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE extension_eku_invalid[] = { - { CKA_CLASS, &extension_class, sizeof (extension_class) }, - { CKA_ID, "ID1", 3 }, - { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, - { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, - { CKA_VALUE, "\x30\x0e\x06\x03\x55\x1d\x25\x04\x07\x69\x6e\x76\x61\x6c\x69\x64", 16 }, - { CKA_INVALID }, -}; - -static void -test_info_simple_certificate (void) -{ - void *value; - size_t length; - CK_RV rv; - - assert_ptr_not_null (test.ex.asn1_defs); - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); - mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client); - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_enumerate_ready (&test.ex, NULL); - - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_OK, rv); - - assert_num_eq (CKO_CERTIFICATE, test.ex.klass); - assert_ptr_not_null (test.ex.attrs); - value = p11_attrs_find_value (test.ex.attrs, CKA_VALUE, &length); - assert_ptr_not_null (value); - assert (memcmp (value, test_cacert3_ca_der, length) == 0); - assert_ptr_not_null (test.ex.cert_der); - assert (memcmp (test.ex.cert_der, test_cacert3_ca_der, test.ex.cert_len) == 0); - assert_ptr_not_null (test.ex.cert_asn); - - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_CANCEL, rv); -} - -static void -test_info_limit_purposes (void) -{ - CK_RV rv; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); - mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client); - - /* This should not match the above, with the attached certificat ext */ - assert_ptr_eq (NULL, test.ex.limit_to_purposes); - p11_enumerate_opt_purpose (&test.ex, "1.1.1"); - assert_ptr_not_null (test.ex.limit_to_purposes); - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_enumerate_ready (&test.ex, NULL); - - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_CANCEL, rv); -} - -static void -test_info_invalid_purposes (void) -{ - CK_RV rv; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); - mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_invalid); - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_enumerate_ready (&test.ex, NULL); - - p11_kit_be_quiet (); - - /* No results due to invalid purpose on certificate */ - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_CANCEL, rv); - - p11_kit_be_loud (); -} - -static void -test_info_skip_non_certificate (void) -{ - CK_RV rv; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); - - p11_enumerate_ready (&test.ex, NULL); - - p11_message_quiet (); - - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_OK, rv); - - assert_num_eq (CKO_CERTIFICATE, test.ex.klass); - - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_CANCEL, rv); - - p11_message_loud (); -} - -static void -test_limit_to_purpose_match (void) -{ - CK_RV rv; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); - mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client); - - p11_enumerate_opt_purpose (&test.ex, P11_OID_SERVER_AUTH_STR); - p11_enumerate_ready (&test.ex, NULL); - - p11_message_quiet (); - - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_OK, rv); - - p11_message_loud (); -} - -static void -test_limit_to_purpose_no_match (void) -{ - CK_RV rv; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); - mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client); - - p11_enumerate_opt_purpose (&test.ex, "3.3.3.3"); - p11_enumerate_ready (&test.ex, NULL); - - p11_message_quiet (); - - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_CANCEL, rv); - - p11_message_loud (); -} - -static void -test_duplicate_extract (void) -{ - CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) }; - CK_RV rv; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted); - - p11_kit_iter_add_filter (test.ex.iter, &certificate, 1); - p11_enumerate_ready (&test.ex, NULL); - - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_OK, rv); - - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_OK, rv); - - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_CANCEL, rv); -} - -static void -test_duplicate_distrusted (void) -{ - CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) }; - CK_ATTRIBUTE attrs[] = { - { CKA_X_DISTRUSTED, NULL, 0 }, - }; - - CK_BBOOL val; - CK_RV rv; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted); - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); - - test.ex.flags = P11_ENUMERATE_COLLAPSE; - p11_kit_iter_add_filter (test.ex.iter, &certificate, 1); - p11_enumerate_ready (&test.ex, NULL); - - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_OK, rv); - - rv = p11_kit_iter_load_attributes (test.ex.iter, attrs, 1); - assert_num_eq (CKR_OK, rv); - assert (p11_attrs_findn_bool (attrs, 1, CKA_X_DISTRUSTED, &val)); - assert_num_eq (val, CK_TRUE); - free (attrs[0].pValue); - - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_CANCEL, rv); -} - -static void -test_trusted_match (void) -{ - CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) }; - CK_RV rv; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted); - - test.ex.flags = P11_ENUMERATE_ANCHORS; - p11_kit_iter_add_filter (test.ex.iter, &certificate, 1); - p11_enumerate_ready (&test.ex, NULL); - - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_CANCEL, rv); -} - -static void -test_distrust_match (void) -{ - CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) }; - CK_BBOOL boolv; - CK_RV rv; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted); - - test.ex.flags = P11_ENUMERATE_BLACKLIST; - p11_kit_iter_add_filter (test.ex.iter, &certificate, 1); - p11_enumerate_ready (&test.ex, NULL); - - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_OK, rv); - - if (!p11_attrs_find_bool (test.ex.attrs, CKA_X_DISTRUSTED, &boolv)) - boolv = CK_FALSE; - assert_num_eq (CK_TRUE, boolv); - - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_CANCEL, rv); -} - -static void -test_override_by_issuer_serial (void) -{ - CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) }; - CK_BBOOL distrusted = CK_FALSE; - CK_RV rv; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted); - - test.ex.flags = P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST; - p11_kit_iter_add_filter (test.ex.iter, &certificate, 1); - p11_enumerate_ready (&test.ex, NULL); - - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_OK, rv); - - assert (p11_attrs_find_bool (test.ex.attrs, CKA_X_DISTRUSTED, &distrusted)); - assert_num_eq (CK_TRUE, distrusted); - - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_CANCEL, rv); -} - -static void -test_override_by_public_key (void) -{ - CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) }; - CK_RV rv; - - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); - mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted_by_key); - - test.ex.flags = P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST; - p11_kit_iter_add_filter (test.ex.iter, &certificate, 1); - p11_enumerate_ready (&test.ex, NULL); - - /* No results returned, because distrust is not a cert */ - rv = p11_kit_iter_next (test.ex.iter); - assert_num_eq (CKR_CANCEL, rv); -} - -int -main (int argc, - char *argv[]) -{ - mock_module_init (); - - p11_test (test_file_name_for_label, "/extract/test_file_name_for_label"); - p11_test (test_file_name_for_class, "/extract/test_file_name_for_class"); - p11_test (test_comment_for_label, "/extract/test_comment_for_label"); - p11_test (test_comment_not_enabled, "/extract/test_comment_not_enabled"); - - p11_fixture (setup, teardown); - p11_test (test_info_simple_certificate, "/extract/test_info_simple_certificate"); - p11_test (test_info_limit_purposes, "/extract/test_info_limit_purposes"); - p11_test (test_info_invalid_purposes, "/extract/test_info_invalid_purposes"); - p11_test (test_info_skip_non_certificate, "/extract/test_info_skip_non_certificate"); - p11_test (test_limit_to_purpose_match, "/extract/test_limit_to_purpose_match"); - p11_test (test_limit_to_purpose_no_match, "/extract/test_limit_to_purpose_no_match"); - p11_test (test_duplicate_extract, "/extract/test_duplicate_extract"); - p11_test (test_duplicate_distrusted, "/extract/test-duplicate-distrusted"); - p11_test (test_trusted_match, "/extract/test_trusted_match"); - p11_test (test_distrust_match, "/extract/test_distrust_match"); - p11_test (test_override_by_issuer_serial, "/extract/override-by-issuer-and-serial"); - p11_test (test_override_by_public_key, "/extract/override-by-public-key"); - - return p11_test_run (argc, argv); -} - -#include "enumerate.c" diff --git a/trust/test-extract.in b/trust/test-extract.in deleted file mode 100644 index 59f6cd6..0000000 --- a/trust/test-extract.in +++ /dev/null @@ -1,189 +0,0 @@ -#!/bin/sh - -set -euf - -# ----------------------------------------------------------------------------- -# Basic fundamentals - -prefix=@prefix@ -exec_prefix=@exec_prefix@ -datarootdir=@datarootdir@ -datadir=@datadir@ -sysconfdir=@sysconfdir@ -libdir=@libdir@ -privatedir=@privatedir@ -with_trust_paths=@with_trust_paths@ -script=$(basename $0) - -# ----------------------------------------------------------------------------- -# Testing - -warning() -{ - echo "$script: $@" >&2 -} - -assert_fail() -{ - warning $@ - exit 1 -} - -assert_contains() -{ - if ! grep -qF $2 $1; then - assert_fail "$1 does not contain $2" - fi -} - -assert_not_contains() -{ - if grep -qF $2 $1; then - assert_fail "$1 contains $2" - fi -} - -teardown() -{ - for x in $TD; do - if [ -d $x ]; then - rmdir $x - elif [ -f $x ]; then - rm $x - fi - done - TD="" -} - -teardown_dirty() -{ - echo "not ok $TEST_NUMBER $TEST_NAME" - teardown -} - -openssl_quiet() -( - command='/Generating a|-----|^[.+]+$|writing new private key/d' - exec 3>&1 - openssl $@ 2>&1 >&3 3>&- | sed -r "$command" 3>&- -) - -skip() -{ - TEST_SKIP=yes - echo "ok $TEST_NUMBER # skip $TEST_NAME: $@" -} - -setup() -{ - # Parse the trust paths - oldifs="$IFS" - IFS=: - set $with_trust_paths - IFS="$oldifs" - - if [ ! -d $1 ]; then - skip "$1 is not a directory" - return - fi - - SOURCE_1=$1 - if [ $# -lt 2 ]; then - warning "certain tests neutered if only 1 trust path: $with_trust_paths" - SOURCE_2=$1 - else - SOURCE_2=$2 - fi - - # Make a temporary directory - dir=$(mktemp -d) - cd $dir - CLEANUP="$dir $TD" - - # Generate a unique identifier - CERT_1_CN=test_$(dd if=/dev/urandom count=40 bs=1 status=none | base64 | tr -d '+/=') - CERT_2_CN=test_$(dd if=/dev/urandom count=40 bs=1 status=none | base64 | tr -d '+/=') - CERT_3_CN=test_$(dd if=/dev/urandom count=40 bs=1 status=none | base64 | tr -d '+/=') - - # Generate relevant certificates - openssl_quiet req -x509 -newkey rsa:512 -keyout /dev/null -days 3 -nodes \ - -out cert_1.pem -subj /CN=$CERT_1_CN - openssl_quiet req -x509 -newkey rsa:512 -keyout /dev/null -days 3 -nodes \ - -out cert_2.pem -subj /CN=$CERT_2_CN - openssl_quiet req -x509 -newkey rsa:512 -keyout /dev/null -days 3 -nodes \ - -out cert_3.pem -subj /CN=$CERT_3_CN - - TD="cert_1.pem cert_2.pem cert_3.pem $TD" - - mkdir -p $SOURCE_1/anchors - cp cert_1.pem $SOURCE_1/anchors/ - - mkdir -p $SOURCE_2/anchors - cp cert_2.pem $SOURCE_2/anchors/ - cp cert_3.pem $SOURCE_2/anchors/ - - TD="$SOURCE_1/anchors/cert_1.pem $SOURCE_2/anchors/cert_2.pem $SOURCE_2/anchors/cert_3.pem $TD" -} - -run() -{ - TOTAL=0 - for TEST_NAME in $@; do - TOTAL=$(expr $TOTAL + 1) - done - - echo "1..$TOTAL" - - TEST_NUMBER=0 - for TEST_NAME in $@; do - TEST_NUMBER=$(expr $TEST_NUMBER + 1) - ( - trap teardown_dirty EXIT - trap "teardown_dirty; exit 127" INT TERM - TD="" - - TEST_SKIP=no - setup - - if [ $TEST_SKIP != "yes" ]; then - $TEST_NAME - fi - if [ $TEST_SKIP != "yes" ]; then - echo "ok $TEST_NUMBER $TEST_NAME" - fi - - trap - EXIT - teardown - ) - done -} - -# ----------------------------------------------------------------------------- -# Main tests - -test_extract() -{ - trust extract --filter=ca-anchors --format=pem-bundle \ - --purpose=server-auth --comment \ - extract-test.pem - - assert_contains extract-test.pem $CERT_1_CN - assert_contains extract-test.pem $CERT_2_CN - assert_contains extract-test.pem $CERT_3_CN -} - -test_blacklist() -{ - mkdir -p $SOURCE_1/blacklist - cp cert_3.pem $SOURCE_1/blacklist - TD="$SOURCE_1/blacklist/cert_3.pem $TD" - - trust extract --filter=ca-anchors --format=pem-bundle \ - --purpose=server-auth --comment \ - blacklist-test.pem - - assert_contains blacklist-test.pem $CERT_1_CN - assert_not_contains blacklist-test.pem $CERT_3_CN -} - -run test_extract test_blacklist diff --git a/trust/test-index.c b/trust/test-index.c deleted file mode 100644 index fc861b2..0000000 --- a/trust/test-index.c +++ /dev/null @@ -1,1144 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" -#include "test-trust.h" - -#include -#include -#include -#include - -#include "attrs.h" -#include "debug.h" -#include "index.h" -#include "message.h" - -struct { - p11_index *index; -} test; - -static void -setup (void *unused) -{ - test.index = p11_index_new (NULL, NULL, NULL, NULL, NULL); - assert_ptr_not_null (test.index); -} - -static void -teardown (void *unused) -{ - p11_index_free (test.index); - memset (&test, 0, sizeof (test)); -} - -static void -test_take_lookup (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *check; - CK_OBJECT_HANDLE handle; - CK_RV rv; - - attrs = p11_attrs_dup (original); - rv = p11_index_take (test.index, attrs, &handle); - assert (rv == CKR_OK); - - check = p11_index_lookup (test.index, handle); - test_check_attrs (original, check); - - check = p11_index_lookup (test.index, 1UL); - assert_ptr_eq (NULL, check); - - check = p11_index_lookup (test.index, 0UL); - assert_ptr_eq (NULL, check); -} - -static void -test_add_lookup (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE *check; - CK_OBJECT_HANDLE handle; - CK_RV rv; - - rv = p11_index_add (test.index, original, 2, &handle); - assert (rv == CKR_OK); - - check = p11_index_lookup (test.index, handle); - test_check_attrs (original, check); -} - -static void -test_size (void) -{ - static CK_ATTRIBUTE original[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - CK_RV rv; - - rv = p11_index_add (test.index, original, 2, NULL); - assert (rv == CKR_OK); - - rv = p11_index_add (test.index, original, 2, NULL); - assert (rv == CKR_OK); - - rv = p11_index_add (test.index, original, 2, NULL); - assert (rv == CKR_OK); - - assert_num_eq (3, p11_index_size (test.index)); -} - -static int -compar_ulong (const void *one, - const void *two) -{ - const CK_ULONG *u1 = one; - const CK_ULONG *u2 = two; - - if (*u1 == *u2) - return 0; - if (*u1 < *u2) - return -1; - return 1; -} - -static void -test_snapshot (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - static const int NUM = 16; - CK_OBJECT_HANDLE expected[NUM]; - CK_OBJECT_HANDLE *snapshot; - int i; - - for (i = 0; i < NUM; i++) - p11_index_add (test.index, original, 2, expected + i); - - snapshot = p11_index_snapshot (test.index, NULL, NULL, 0); - assert_ptr_not_null (snapshot); - - for (i = 0; i < NUM; i++) - assert (snapshot[i] != 0); - assert (snapshot[NUM] == 0); - - qsort (snapshot, NUM, sizeof (CK_OBJECT_HANDLE), compar_ulong); - - for (i = 0; i < NUM; i++) - assert_num_eq (expected[i], snapshot[i]); - - free (snapshot); -} - -static void -test_snapshot_base (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - static const int NUM = 16; - CK_OBJECT_HANDLE expected[NUM]; - CK_OBJECT_HANDLE *snapshot; - CK_RV rv; - int i; - - for (i = 0; i < NUM; i++) { - rv = p11_index_add (test.index, original, 2, expected + i); - assert (rv == CKR_OK); - } - - snapshot = p11_index_snapshot (test.index, test.index, NULL, 0); - assert_ptr_not_null (snapshot); - - for (i = 0; i < NUM * 2; i++) - assert (snapshot[i] != 0); - assert (snapshot[NUM * 2] == 0); - - qsort (snapshot, NUM * 2, sizeof (CK_OBJECT_HANDLE), compar_ulong); - - for (i = 0; i < NUM * 2; i++) - assert_num_eq (expected[i / 2], snapshot[i]); - - free (snapshot); -} - -static void -test_remove (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *check; - CK_OBJECT_HANDLE handle; - CK_RV rv; - - attrs = p11_attrs_dup (original); - rv = p11_index_take (test.index, attrs, &handle); - assert (rv == CKR_OK); - - check = p11_index_lookup (test.index, handle); - assert_ptr_eq (attrs, check); - - rv = p11_index_remove (test.index, 1UL); - assert (rv == CKR_OBJECT_HANDLE_INVALID); - - rv = p11_index_remove (test.index, handle); - assert (rv == CKR_OK); - - check = p11_index_lookup (test.index, handle); - assert_ptr_eq (NULL, check); -} - -static void -test_set (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE change = { CKA_LABEL, "naay", 4 }; - - CK_ATTRIBUTE changed[] = { - { CKA_LABEL, "naay", 4 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *check; - CK_OBJECT_HANDLE handle; - CK_RV rv; - - attrs = p11_attrs_dup (original); - rv = p11_index_take (test.index, attrs, &handle); - assert (rv == CKR_OK); - - check = p11_index_lookup (test.index, handle); - test_check_attrs (original, check); - - rv = p11_index_set (test.index, handle, &change, 1); - assert (rv == CKR_OK); - - check = p11_index_lookup (test.index, handle); - test_check_attrs (changed, check); - - rv = p11_index_set (test.index, 1UL, &change, 1); - assert (rv == CKR_OBJECT_HANDLE_INVALID); -} - -static void -test_update (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE change = { CKA_LABEL, "naay", 4 }; - - CK_ATTRIBUTE changed[] = { - { CKA_LABEL, "naay", 4 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *check; - CK_OBJECT_HANDLE handle; - CK_RV rv; - - attrs = p11_attrs_dup (original); - rv = p11_index_take (test.index, attrs, &handle); - assert (rv == CKR_OK); - - check = p11_index_lookup (test.index, handle); - test_check_attrs (original, check); - - attrs = p11_attrs_build (NULL, &change, NULL); - rv = p11_index_update (test.index, handle, attrs); - assert (rv == CKR_OK); - - check = p11_index_lookup (test.index, handle); - test_check_attrs (changed, check); - - attrs = p11_attrs_build (NULL, &change, NULL); - rv = p11_index_update (test.index, 1L, attrs); - assert (rv == CKR_OBJECT_HANDLE_INVALID); -} - -static void -test_find (void) -{ - CK_ATTRIBUTE first[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "one", 3 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE second[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "two", 3 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE third[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "three", 5 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE match3[] = { - { CKA_VALUE, "three", 5 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE match_any[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE match_none[] = { - { CKA_VALUE, "blonononon", 10 }, - { CKA_LABEL, "yay", 3 }, - { CKA_INVALID } - }; - - CK_OBJECT_HANDLE check; - CK_OBJECT_HANDLE one; - CK_OBJECT_HANDLE two; - CK_OBJECT_HANDLE three; - - p11_index_add (test.index, first, 2, &one); - p11_index_add (test.index, second, 2, &two); - p11_index_add (test.index, third, 2, &three); - - check = p11_index_find (test.index, match3, -1); - assert_num_eq (three, check); - - check = p11_index_find (test.index, match3, 1); - assert_num_eq (three, check); - - check = p11_index_find (test.index, match_any, -1); - assert (check == one || check == two || check == three); - - check = p11_index_find (test.index, match_any, 1); - assert (check == one || check == two || check == three); - - check = p11_index_find (test.index, match_none, -1); - assert_num_eq (0, check); - - check = p11_index_find (test.index, match_none, 2); - assert_num_eq (0, check); -} - -static bool -handles_are (CK_OBJECT_HANDLE *handles, - ...) -{ - CK_OBJECT_HANDLE handle; - bool matched = true; - int count; - int num; - va_list va; - int i; - - if (!handles) - return false; - - /* Count number of handles */ - for (num = 0; handles[num]; num++); - - va_start (va, handles); - - for (count = 0; matched; count++) { - handle = va_arg (va, CK_OBJECT_HANDLE); - if (handle == 0) - break; - - for (i = 0; handles[i]; i++) { - if (handle == handles[i]) - break; - } - - if (handles[i] != handle) - matched = false; - } - - va_end (va); - - return matched && (count == num); -} - -static void -test_find_all (void) -{ - CK_ATTRIBUTE first[] = { - { CKA_LABEL, "odd", 3 }, - { CKA_VALUE, "one", 3 }, - { CKA_APPLICATION, "test", 4 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE second[] = { - { CKA_LABEL, "even", 4 }, - { CKA_VALUE, "two", 3 }, - { CKA_APPLICATION, "test", 4 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE third[] = { - { CKA_LABEL, "odd", 3 }, - { CKA_VALUE, "three", 5 }, - { CKA_APPLICATION, "test", 4 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE match_odd[] = { - { CKA_LABEL, "odd", 3 }, - { CKA_APPLICATION, "test", 4 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE match_3[] = { - { CKA_VALUE, "three", 5 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE match_any[] = { - { CKA_INVALID } - }; - - CK_ATTRIBUTE match_none[] = { - { CKA_VALUE, "blonononon", 10 }, - { CKA_LABEL, "yay", 3 }, - { CKA_INVALID } - }; - - CK_OBJECT_HANDLE *check; - CK_OBJECT_HANDLE one; - CK_OBJECT_HANDLE two; - CK_OBJECT_HANDLE three; - - p11_index_add (test.index, first, 3, &one); - p11_index_add (test.index, second, 3, &two); - p11_index_add (test.index, third, 3, &three); - - check = p11_index_find_all (test.index, match_3, -1); - assert (handles_are (check, three, 0UL)); - free (check); - - check = p11_index_find_all (test.index, match_none, -1); - assert (handles_are (check, 0UL)); - free (check); - - check = p11_index_find_all (test.index, match_odd, -1); - assert (handles_are (check, one, three, 0UL)); - free (check); - - check = p11_index_find_all (test.index, match_any, -1); - assert (handles_are (check, one, two, three, 0UL)); - free (check); - - check = p11_index_find_all (test.index, match_none, -1); - assert_ptr_not_null (check); - assert_num_eq (0, check[0]); - free (check); - - /* A double check of this method */ - one = 0UL; - check = &one; - assert (!handles_are (check, 29292929, 0UL)); - assert (!handles_are (NULL, 0UL)); -} - -static void -test_find_realloc (void) -{ - CK_ATTRIBUTE attrs[] = { - { CKA_LABEL, "odd", 3 }, - { CKA_VALUE, "one", 3 }, - { CKA_APPLICATION, "test", 4 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE match[] = { - { CKA_INVALID } - }; - - CK_OBJECT_HANDLE *check; - int i; - - for (i = 0; i < 1000; i++) - p11_index_add (test.index, attrs, 3, NULL); - - check = p11_index_find_all (test.index, match, -1); - assert_ptr_not_null (check); - - for (i = 0; i < 1000; i++) - assert (check[i] != 0); - assert_num_eq (0, check[1000]); - - free (check); -} - -static void -test_replace_all (void) -{ - CK_ATTRIBUTE first[] = { - { CKA_LABEL, "odd", 3 }, - { CKA_VALUE, "one", 3 }, - { CKA_APPLICATION, "test", 4 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE second[] = { - { CKA_LABEL, "even", 4 }, - { CKA_VALUE, "two", 3 }, - { CKA_APPLICATION, "test", 4 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE third[] = { - { CKA_LABEL, "odd", 3 }, - { CKA_VALUE, "three", 5 }, - { CKA_APPLICATION, "test", 4 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE fifth[] = { - { CKA_LABEL, "odd", 3 }, - { CKA_VALUE, "five", 4 }, - { CKA_APPLICATION, "test", 4 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE match[] = { - { CKA_LABEL, "odd", 3 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE eins[] = { - { CKA_LABEL, "odd", 3 }, - { CKA_VALUE, "one", 3 }, - { CKA_APPLICATION, "replace", 7 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE sieben[] = { - { CKA_LABEL, "odd", 3 }, - { CKA_VALUE, "seven", 5 }, - { CKA_APPLICATION, "replace", 7 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE neun[] = { - { CKA_LABEL, "odd", 3 }, - { CKA_VALUE, "nine", 4 }, - { CKA_APPLICATION, "replace", 7 }, - { CKA_INVALID } - }; - - CK_OBJECT_HANDLE check; - CK_OBJECT_HANDLE one; - CK_OBJECT_HANDLE two; - CK_OBJECT_HANDLE three; - CK_OBJECT_HANDLE five; - p11_array *array; - CK_RV rv; - - p11_index_add (test.index, first, 3, &one); - assert (one != 0); - p11_index_add (test.index, second, 3, &two); - assert (two != 0); - p11_index_add (test.index, third, 3, &three); - assert (three != 0); - p11_index_add (test.index, fifth, 3, &five); - assert (five != 0); - - array = p11_array_new (p11_attrs_free); - p11_array_push (array, p11_attrs_buildn (NULL, eins, 3)); - p11_array_push (array, p11_attrs_buildn (NULL, sieben, 3)); - p11_array_push (array, p11_attrs_buildn (NULL, neun, 3)); - - rv = p11_index_replace_all (test.index, match, CKA_VALUE, array); - assert (rv == CKR_OK); - - assert_num_eq (0, array->num); - p11_array_free (array); - - /* eins should have replaced one */ - check = p11_index_find (test.index, eins, -1); - assert_num_eq (one, check); - - /* two should still be around */ - check = p11_index_find (test.index, second, -1); - assert_num_eq (two, check); - - /* three should have been removed */ - check = p11_index_find (test.index, third, -1); - assert_num_eq (0, check); - - /* five should have been removed */ - check = p11_index_find (test.index, fifth, -1); - assert_num_eq (0, check); - - /* sieben should have been added */ - check = p11_index_find (test.index, sieben, -1); - assert (check != one && check != two && check != three && check != five); - - /* neun should have been added */ - check = p11_index_find (test.index, neun, -1); - assert (check != one && check != two && check != three && check != five); - - assert_num_eq (4, p11_index_size (test.index)); -} - -static CK_RV -on_index_build_fail (void *data, - p11_index *index, - CK_ATTRIBUTE *attrs, - CK_ATTRIBUTE *merge, - CK_ATTRIBUTE **populate) -{ - CK_ATTRIBUTE *match = data; - - if (p11_attrs_match (merge, match)) - return CKR_FUNCTION_FAILED; - - return CKR_OK; -} - -static void -test_replace_all_build_fails (void) -{ - CK_ATTRIBUTE replace[] = { - { CKA_LABEL, "odd", 3 }, - { CKA_VALUE, "one", 3 }, - { CKA_APPLICATION, "test", 4 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE match[] = { - { CKA_LABEL, "odd", 3 }, - { CKA_INVALID } - }; - - p11_array *array; - p11_index *index; - CK_RV rv; - - index = p11_index_new (on_index_build_fail, NULL, NULL, NULL, &match); - assert_ptr_not_null (index); - - array = p11_array_new (p11_attrs_free); - if (!p11_array_push (array, p11_attrs_dup (replace))) - assert_not_reached (); - - rv = p11_index_replace_all (index, NULL, CKA_INVALID, array); - assert_num_eq (rv, CKR_FUNCTION_FAILED); - - p11_array_free (array); - p11_index_free (index); -} - - -static CK_RV -on_build_populate (void *data, - p11_index *index, - CK_ATTRIBUTE *attrs, - CK_ATTRIBUTE *merge, - CK_ATTRIBUTE **populate) -{ - CK_ATTRIBUTE more[] = { - { CKA_APPLICATION, "vigorous", 8 }, - { CKA_LABEL, "naay", 4 }, - }; - - assert_str_eq (data, "blah"); - assert_ptr_not_null (index); - assert_ptr_not_null (merge); - - *populate = p11_attrs_buildn (*populate, more, 2); - return CKR_OK; -} - -static void -test_build_populate (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - - }; - - CK_ATTRIBUTE after[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_APPLICATION, "vigorous", 8 }, - { CKA_INVALID } - }; - - CK_OBJECT_HANDLE handle; - CK_ATTRIBUTE *check; - p11_index *index; - CK_RV rv; - - index = p11_index_new (on_build_populate, NULL, NULL, NULL, "blah"); - assert_ptr_not_null (index); - - rv = p11_index_add (index, original, 2, &handle); - assert (rv == CKR_OK); - - check = p11_index_lookup (index, handle); - assert_ptr_not_null (check); - - test_check_attrs (after, check); - - rv = p11_index_set (index, handle, original, 2); - assert (rv == CKR_OK); - - check = p11_index_lookup (index, handle); - assert_ptr_not_null (check); - - test_check_attrs (after, check); - - p11_index_free (index); -} - -static CK_RV -on_build_fail (void *data, - p11_index *index, - CK_ATTRIBUTE *attrs, - CK_ATTRIBUTE *merge, - CK_ATTRIBUTE **populate) -{ - CK_ATTRIBUTE check[] = { - { CKA_LABEL, "nay", 3 }, - { CKA_INVALID } - }; - - assert_str_eq (data, "testo"); - assert_ptr_not_null (merge); - - if (p11_attrs_match (merge, check)) - return CKR_DEVICE_ERROR; - - return CKR_OK; -} - - -static void -test_build_fail (void) -{ - CK_ATTRIBUTE okay[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE fails[] = { - { CKA_LABEL, "nay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - CK_OBJECT_HANDLE handle; - p11_index *index; - CK_RV rv; - - index = p11_index_new (on_build_fail, NULL, NULL, NULL, "testo"); - assert_ptr_not_null (index); - - rv = p11_index_add (index, okay, 2, &handle); - assert (rv == CKR_OK); - - rv = p11_index_add (index, fails, 2, NULL); - assert (rv == CKR_DEVICE_ERROR); - - rv = p11_index_set (index, handle, fails, 2); - assert (rv == CKR_DEVICE_ERROR); - - rv = p11_index_set (index, handle, okay, 2); - assert (rv == CKR_OK); - - p11_index_free (index); -} - -static int on_change_called = 0; -static bool on_change_removing = false; -static bool on_change_batching = false; - -static void -on_change_check (void *data, - p11_index *index, - CK_OBJECT_HANDLE handle, - CK_ATTRIBUTE *attrs) -{ - CK_ATTRIBUTE check[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - - }; - - assert_str_eq (data, "change-check"); - assert_ptr_not_null (index); - assert_ptr_not_null (attrs); - - if (!on_change_batching) { - if (on_change_removing) - assert_num_eq (0, handle); - else - assert (handle != 0); - } - - test_check_attrs (check, attrs); - on_change_called++; -} - -static void -test_change_called (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - - }; - - CK_OBJECT_HANDLE handle; - p11_index *index; - CK_RV rv; - - index = p11_index_new (NULL, NULL, NULL, on_change_check, "change-check"); - assert_ptr_not_null (index); - - on_change_removing = false; - on_change_called = 0; - - rv = p11_index_add (index, original, 2, NULL); - assert (rv == CKR_OK); - - assert_num_eq (1, on_change_called); - - rv = p11_index_add (index, original, 2, NULL); - assert (rv == CKR_OK); - - assert_num_eq (2, on_change_called); - - rv = p11_index_add (index, original, 2, &handle); - assert (rv == CKR_OK); - - assert_num_eq (3, on_change_called); - - on_change_removing = true; - - rv = p11_index_remove (index, handle); - assert (rv == CKR_OK); - - assert_num_eq (4, on_change_called); - - p11_index_free (index); -} - -static void -test_change_batch (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - - }; - - CK_OBJECT_HANDLE handle; - p11_index *index; - CK_RV rv; - - index = p11_index_new (NULL, NULL, NULL, on_change_check, "change-check"); - assert_ptr_not_null (index); - - on_change_batching = true; - on_change_called = 0; - - p11_index_load (index); - - assert (p11_index_loading (index)); - - rv = p11_index_add (index, original, 2, NULL); - assert (rv == CKR_OK); - - assert_num_eq (0, on_change_called); - - rv = p11_index_add (index, original, 2, NULL); - assert (rv == CKR_OK); - - assert_num_eq (0, on_change_called); - - rv = p11_index_add (index, original, 2, &handle); - assert (rv == CKR_OK); - - assert_num_eq (0, on_change_called); - - /* Nested batch is a noop */ - p11_index_load (index); - - rv = p11_index_remove (index, handle); - assert (rv == CKR_OK); - - assert_num_eq (0, on_change_called); - - /* - * Batch finishes when first finish call is called, - * even when batches are nested - */ - p11_index_finish (index); - - assert (!p11_index_loading (index)); - - /* - * Only three calls, because later operations on the - * same handle override the earlier one. - */ - assert_num_eq (3, on_change_called); - - /* This is a noop */ - p11_index_finish (index); - - assert (!p11_index_loading (index)); - - p11_index_free (index); -} - -static void -on_change_nested (void *data, - p11_index *index, - CK_OBJECT_HANDLE handle, - CK_ATTRIBUTE *attrs) -{ - CK_RV rv; - - CK_ATTRIBUTE second[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - - }; - - assert_str_eq (data, "change-nested"); - on_change_called++; - - /* A nested call */ - rv = p11_index_add (index, second, 2, NULL); - assert (rv == CKR_OK); -} - -static void -test_change_nested (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - - }; - - p11_index *index; - CK_RV rv; - - index = p11_index_new (NULL, NULL, NULL, on_change_nested, "change-nested"); - assert_ptr_not_null (index); - - on_change_called = 0; - rv = p11_index_add (index, original, 2, NULL); - assert (rv == CKR_OK); - assert_num_eq (1, on_change_called); - - - on_change_called = 0; - p11_index_load (index); - rv = p11_index_add (index, original, 2, NULL); - assert (rv == CKR_OK); - p11_index_finish (index); - assert_num_eq (1, on_change_called); - - p11_index_free (index); -} - -static CK_RV -on_remove_callback (void *data, - p11_index *index, - CK_ATTRIBUTE *attrs) -{ - int *removed = data; - assert_ptr_not_null (removed); - assert_num_eq (*removed, 0); - *removed = 1; - return CKR_OK; -} - -static void -test_remove_callback (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - - }; - - CK_OBJECT_HANDLE handle; - p11_index *index; - int removed = 0; - CK_RV rv; - - index = p11_index_new (NULL, NULL, on_remove_callback, NULL, &removed); - assert_ptr_not_null (index); - - rv = p11_index_add (index, original, 2, &handle); - assert_num_eq (rv, CKR_OK); - - assert_ptr_not_null (p11_index_lookup (index, handle)); - - rv = p11_index_remove (index, handle); - assert_num_eq (rv, CKR_OK); - - assert_num_eq (removed, 1); - assert_ptr_eq (p11_index_lookup (index, handle), NULL); - - p11_index_free (index); -} - -static CK_RV -on_remove_fail (void *data, - p11_index *index, - CK_ATTRIBUTE *attrs) -{ - assert_str_eq (data, "remove-fail"); - return CKR_DEVICE_REMOVED; -} - -static void -test_remove_fail (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - - }; - - CK_OBJECT_HANDLE handle; - p11_index *index; - CK_RV rv; - - index = p11_index_new (NULL, NULL, on_remove_fail, NULL, "remove-fail"); - assert_ptr_not_null (index); - - rv = p11_index_add (index, original, 2, &handle); - assert (rv == CKR_OK); - - assert_ptr_not_null (p11_index_lookup (index, handle)); - - rv = p11_index_remove (index, handle); - assert_num_eq (rv, CKR_DEVICE_REMOVED); - - assert_ptr_not_null (p11_index_lookup (index, handle)); - - p11_index_free (index); -} - -int -main (int argc, - char *argv[]) -{ - p11_message_quiet (); - - p11_fixture (setup, teardown); - p11_test (test_add_lookup, "/index/add_lookup"); - p11_test (test_take_lookup, "/index/take_lookup"); - p11_test (test_size, "/index/size"); - p11_test (test_remove, "/index/remove"); - p11_test (test_snapshot, "/index/snapshot"); - p11_test (test_snapshot_base, "/index/snapshot_base"); - p11_test (test_set, "/index/set"); - p11_test (test_update, "/index/update"); - p11_test (test_find, "/index/find"); - p11_test (test_find_all, "/index/find_all"); - p11_test (test_find_realloc, "/index/find_realloc"); - p11_test (test_replace_all, "/index/replace_all"); - - p11_fixture (NULL, NULL); - p11_test (test_build_populate, "/index/build_populate"); - p11_test (test_build_fail, "/index/build_fail"); - p11_test (test_change_called, "/index/change_called"); - p11_test (test_change_batch, "/index/change_batch"); - p11_test (test_change_nested, "/index/change_nested"); - p11_test (test_replace_all_build_fails, "/index/replace-all-build-fails"); - p11_test (test_remove_callback, "/index/remove-callback"); - p11_test (test_remove_fail, "/index/remove-fail"); - - return p11_test_run (argc, argv); -} diff --git a/trust/test-module.c b/trust/test-module.c deleted file mode 100644 index 1729b41..0000000 --- a/trust/test-module.c +++ /dev/null @@ -1,1218 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#define CRYPTOKI_EXPORTS - -#include "config.h" -#include "test.h" -#include "test-trust.h" - -#include -#include -#include - -#include "attrs.h" -#include "digest.h" -#include "library.h" -#include "path.h" -#include "parser.h" -#include "pkcs11x.h" -#include "token.h" - -#include - -/* - * This is the number of input paths. Should match the - * paths below near : - * - * paths='%s' - */ -#define NUM_SLOTS 3 - -static CK_OBJECT_CLASS data = CKO_DATA; -static CK_BBOOL vtrue = CK_TRUE; -static CK_BBOOL vfalse = CK_FALSE; - -struct { - CK_FUNCTION_LIST *module; - CK_SLOT_ID slots[NUM_SLOTS]; - char *directory; - p11_asn1_cache *cache; - p11_parser *parser; -} test; - -static void -setup (void *unused) -{ - CK_C_INITIALIZE_ARGS args; - const char *paths; - char *arguments; - CK_ULONG count; - CK_RV rv; - - memset (&test, 0, sizeof (test)); - - /* This is the entry point of the trust module, linked to this test */ - rv = C_GetFunctionList (&test.module); - assert (rv == CKR_OK); - - memset (&args, 0, sizeof (args)); - paths = SRCDIR "/trust/input" P11_PATH_SEP \ - SRCDIR "/trust/fixtures/self-signed-with-ku.der" P11_PATH_SEP \ - SRCDIR "/trust/fixtures/thawte.pem"; - if (asprintf (&arguments, "paths='%s'", paths) < 0) - assert (false && "not reached"); - args.pReserved = arguments; - args.flags = CKF_OS_LOCKING_OK; - - rv = test.module->C_Initialize (&args); - assert (rv == CKR_OK); - - free (arguments); - - count = NUM_SLOTS; - rv = test.module->C_GetSlotList (CK_TRUE, test.slots, &count); - assert (rv == CKR_OK); - assert (count == NUM_SLOTS); -} - -static void -teardown (void *unused) -{ - CK_RV rv; - - if (test.parser) - p11_parser_free (test.parser); - p11_asn1_cache_free (test.cache); - - rv = test.module->C_Finalize (NULL); - assert (rv == CKR_OK); - - free (test.directory); - - memset (&test, 0, sizeof (test)); -} - -static void -setup_writable (void *unused) -{ - CK_C_INITIALIZE_ARGS args; - char *arguments; - CK_ULONG count; - CK_RV rv; - - memset (&test, 0, sizeof (test)); - - /* This is the entry point of the trust module, linked to this test */ - rv = C_GetFunctionList (&test.module); - assert (rv == CKR_OK); - - test.directory = p11_test_directory ("test-module"); - - memset (&args, 0, sizeof (args)); - if (asprintf (&arguments, "paths='%s'", test.directory) < 0) - assert (false && "not reached"); - args.pReserved = arguments; - args.flags = CKF_OS_LOCKING_OK; - - rv = test.module->C_Initialize (&args); - assert (rv == CKR_OK); - - free (arguments); - - count = 1; - rv = test.module->C_GetSlotList (CK_TRUE, test.slots, &count); - assert_num_eq (rv, CKR_OK); - assert_num_eq (count, 1); - - test.cache = p11_asn1_cache_new (); - test.parser = p11_parser_new (test.cache); - p11_parser_formats (test.parser, p11_parser_format_persist, NULL); -} - -static void -test_get_slot_list (void) -{ - CK_SLOT_ID slots[NUM_SLOTS]; - CK_ULONG count; - CK_RV rv; - int i; - - rv = test.module->C_GetSlotList (TRUE, NULL, &count); - assert_num_eq (CKR_OK, rv); - assert_num_eq (NUM_SLOTS, count); - - count = 1; - rv = test.module->C_GetSlotList (TRUE, slots, &count); - assert_num_eq (CKR_BUFFER_TOO_SMALL, rv); - assert_num_eq (NUM_SLOTS, count); - - count = NUM_SLOTS; - memset (slots, 0, sizeof (slots)); - rv = test.module->C_GetSlotList (TRUE, slots, &count); - assert_num_eq (CKR_OK, rv); - assert_num_eq (NUM_SLOTS, count); - - for (i = 0; i < NUM_SLOTS; i++) - assert (slots[i] != 0); -} - -static void -test_null_initialize (void) -{ - CK_FUNCTION_LIST *module; - CK_RV rv; - - /* This is the entry point of the trust module, linked to this test */ - rv = C_GetFunctionList (&module); - assert_num_eq (rv, CKR_OK); - - rv = module->C_Initialize (NULL); - assert_num_eq (rv, CKR_OK); - - rv = module->C_Finalize (NULL); - assert_num_eq (CKR_OK, rv); -} - -static void -test_multi_initialize (void) -{ - static CK_C_INITIALIZE_ARGS args = - { NULL, NULL, NULL, NULL, CKF_OS_LOCKING_OK, NULL, }; - CK_FUNCTION_LIST *module; - CK_SESSION_HANDLE session; - CK_SLOT_ID slots[8]; - CK_SESSION_INFO info; - CK_ULONG count; - CK_RV rv; - - /* This is the entry point of the trust module, linked to this test */ - rv = C_GetFunctionList (&module); - assert_num_eq (rv, CKR_OK); - - args.pReserved = "paths='" SYSCONFDIR "/trust/input'"; - rv = module->C_Initialize (&args); - assert_num_eq (rv, CKR_OK); - - count = 8; - rv = module->C_GetSlotList (CK_TRUE, slots, &count); - assert_num_eq (rv, CKR_OK); - assert_num_cmp (count, ==, 1); - - rv = module->C_OpenSession (slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - assert_num_eq (rv, CKR_OK); - - rv = module->C_GetSessionInfo (session, &info); - assert_num_eq (rv, CKR_OK); - assert_num_eq (info.slotID, slots[0]); - - rv = module->C_Initialize (&args); - assert_num_eq (rv, CKR_OK); - - rv = module->C_GetSessionInfo (session, &info); - assert_num_eq (rv, CKR_OK); - assert_num_eq (info.slotID, slots[0]); - - rv = module->C_Finalize (NULL); - assert_num_eq (CKR_OK, rv); - - rv = module->C_Finalize (NULL); - assert_num_eq (CKR_OK, rv); - - rv = module->C_Finalize (NULL); - assert_num_eq (CKR_CRYPTOKI_NOT_INITIALIZED, rv); -} - -static void -test_get_slot_info (void) -{ - CK_SLOT_ID slots[NUM_SLOTS]; - CK_SLOT_INFO info; - char description[64]; - CK_ULONG count; - size_t length; - CK_RV rv; - int i; - - /* These are the paths passed in in setup() */ - const char *paths[] = { - SRCDIR "/trust/input", - SRCDIR "/trust/fixtures/self-signed-with-ku.der", - SRCDIR "/trust/fixtures/thawte.pem" - }; - - count = NUM_SLOTS; - rv = test.module->C_GetSlotList (TRUE, slots, &count); - assert_num_eq (CKR_OK, rv); - assert_num_eq (NUM_SLOTS, count); - - for (i = 0; i < NUM_SLOTS; i++) { - rv = test.module->C_GetSlotInfo (slots[i], &info); - assert_num_eq (CKR_OK, rv); - - memset (description, ' ', sizeof (description)); - length = strlen(paths[i]); - if (length > sizeof (description)) - length = sizeof (description); - memcpy (description, paths[i], length); - assert (memcmp (info.slotDescription, description, sizeof (description)) == 0); - } -} - -static void -test_get_token_info (void) -{ - CK_C_INITIALIZE_ARGS args; - CK_FUNCTION_LIST *module; - CK_SLOT_ID slots[NUM_SLOTS]; - CK_TOKEN_INFO info; - char label[32]; - CK_ULONG count; - CK_RV rv; - int i; - - /* These are the paths passed in in setup() */ - const char *labels[] = { - "System Trust", - "Default Trust", - "the-basename", - }; - - /* This is the entry point of the trust module, linked to this test */ - rv = C_GetFunctionList (&module); - assert (rv == CKR_OK); - - memset (&args, 0, sizeof (args)); - args.pReserved = "paths='" \ - SYSCONFDIR "/trust/input" P11_PATH_SEP \ - DATA_DIR "/trust/fixtures/blah" P11_PATH_SEP \ - "/some/other/path/the-basename'"; - args.flags = CKF_OS_LOCKING_OK; - - rv = module->C_Initialize (&args); - assert (rv == CKR_OK); - - count = NUM_SLOTS; - rv = module->C_GetSlotList (CK_TRUE, slots, &count); - assert (rv == CKR_OK); - assert (count == NUM_SLOTS); - - for (i = 0; i < NUM_SLOTS; i++) { - rv = module->C_GetTokenInfo (slots[i], &info); - assert_num_eq (CKR_OK, rv); - - memset (label, ' ', sizeof (label)); - memcpy (label, labels[i], strlen (labels[i])); - assert (memcmp (info.label, label, sizeof (label)) == 0); - } - - rv = module->C_Finalize (NULL); - assert_num_eq (CKR_OK, rv); -} - -static void -test_get_session_info (void) -{ - CK_SLOT_ID slots[NUM_SLOTS]; - CK_SESSION_HANDLE sessions[NUM_SLOTS]; - CK_SESSION_INFO info; - CK_ULONG count; - CK_RV rv; - int i; - - count = NUM_SLOTS; - rv = test.module->C_GetSlotList (TRUE, slots, &count); - assert_num_eq (CKR_OK, rv); - assert_num_eq (NUM_SLOTS, count); - - /* Open two sessions with each token */ - for (i = 0; i < NUM_SLOTS; i++) { - rv = test.module->C_OpenSession (slots[i], CKF_SERIAL_SESSION, NULL, NULL, &sessions[i]); - assert_num_eq (CKR_OK, rv); - - rv = test.module->C_GetSessionInfo (sessions[i], &info); - assert_num_eq (CKR_OK, rv); - - assert_num_eq (slots[i], info.slotID); - assert_num_eq (CKF_SERIAL_SESSION, info.flags); - } -} - -static void -test_close_all_sessions (void) -{ - CK_SLOT_ID slots[NUM_SLOTS]; - CK_SESSION_HANDLE sessions[NUM_SLOTS][2]; - CK_SESSION_INFO info; - CK_ULONG count; - CK_RV rv; - int i; - - count = NUM_SLOTS; - rv = test.module->C_GetSlotList (TRUE, slots, &count); - assert_num_eq (CKR_OK, rv); - assert_num_eq (NUM_SLOTS, count); - - /* Open two sessions with each token */ - for (i = 0; i < NUM_SLOTS; i++) { - rv = test.module->C_OpenSession (slots[i], CKF_SERIAL_SESSION, NULL, NULL, &sessions[i][0]); - assert_num_eq (CKR_OK, rv); - - rv = test.module->C_GetSessionInfo (sessions[i][0], &info); - assert_num_eq (CKR_OK, rv); - - rv = test.module->C_OpenSession (slots[i], CKF_SERIAL_SESSION, NULL, NULL, &sessions[i][1]); - assert_num_eq (CKR_OK, rv); - - rv = test.module->C_GetSessionInfo (sessions[i][0], &info); - assert_num_eq (CKR_OK, rv); - } - - /* Close all the sessions on the first token */ - rv = test.module->C_CloseAllSessions (slots[0]); - assert_num_eq (CKR_OK, rv); - - /* Those sessions should be closed */ - rv = test.module->C_GetSessionInfo (sessions[0][0], &info); - assert_num_eq (CKR_SESSION_HANDLE_INVALID, rv); - rv = test.module->C_GetSessionInfo (sessions[0][1], &info); - assert_num_eq (CKR_SESSION_HANDLE_INVALID, rv); - - /* Other sessions should still be open */ - for (i = 1; i < NUM_SLOTS; i++) { - rv = test.module->C_GetSessionInfo (sessions[i][0], &info); - assert_num_eq (CKR_OK, rv); - rv = test.module->C_GetSessionInfo (sessions[i][0], &info); - assert_num_eq (CKR_OK, rv); - } -} - -static CK_ULONG -find_objects (CK_ATTRIBUTE *match, - CK_OBJECT_HANDLE *sessions, - CK_OBJECT_HANDLE *objects, - CK_ULONG max_objects) -{ - CK_SESSION_HANDLE session; - CK_RV rv; - CK_ULONG found; - CK_ULONG count; - int i, j; - - found = 0; - for (i = 0; i < NUM_SLOTS; i++) { - rv = test.module->C_OpenSession (test.slots[i], CKF_SERIAL_SESSION, NULL, NULL, &session); - assert (rv == CKR_OK); - - rv = test.module->C_FindObjectsInit (session, match, p11_attrs_count (match)); - assert (rv == CKR_OK); - rv = test.module->C_FindObjects (session, objects + found, max_objects - found, &count); - assert (rv == CKR_OK); - rv = test.module->C_FindObjectsFinal (session); - assert (rv == CKR_OK); - - for (j = found ; j < found + count; j++) - sessions[j] = session; - found += count; - } - - assert (found < max_objects); - return found; -} - -static void -check_trust_object_equiv (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE trust, - CK_ATTRIBUTE *cert) -{ - unsigned char subject[1024]; - unsigned char issuer[1024]; - unsigned char serial[128]; - CK_BBOOL private; - CK_BBOOL token; - CK_RV rv; - - /* The following attributes should be equivalent to the certificate */ - CK_ATTRIBUTE equiv[] = { - { CKA_TOKEN, &token, sizeof (token) }, - { CKA_PRIVATE, &private, sizeof (private) }, - { CKA_ISSUER, issuer, sizeof (issuer) }, - { CKA_SUBJECT, subject, sizeof (subject) }, - { CKA_SERIAL_NUMBER, serial, sizeof (serial) }, - { CKA_INVALID, }, - }; - - rv = test.module->C_GetAttributeValue (session, trust, equiv, 5); - assert_num_eq (CKR_OK, rv); - - test_check_attrs (equiv, cert); -} - -static void -check_trust_object_hashes (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE trust, - CK_ATTRIBUTE *cert) -{ - unsigned char sha1[P11_DIGEST_SHA1_LEN]; - unsigned char md5[P11_DIGEST_MD5_LEN]; - unsigned char check[128]; - CK_ATTRIBUTE *value; - CK_RV rv; - - CK_ATTRIBUTE hashes[] = { - { CKA_CERT_SHA1_HASH, sha1, sizeof (sha1) }, - { CKA_CERT_MD5_HASH, md5, sizeof (md5) }, - { CKA_INVALID, }, - }; - - rv = test.module->C_GetAttributeValue (session, trust, hashes, 2); - assert (rv == CKR_OK); - - value = p11_attrs_find_valid (cert, CKA_VALUE); - assert_ptr_not_null (value); - - p11_digest_md5 (check, value->pValue, value->ulValueLen, NULL); - assert (memcmp (md5, check, sizeof (md5)) == 0); - - p11_digest_sha1 (check, value->pValue, value->ulValueLen, NULL); - assert (memcmp (sha1, check, sizeof (sha1)) == 0); -} - -static void -check_has_trust_object (CK_ATTRIBUTE *cert) -{ - CK_OBJECT_CLASS trust_object = CKO_NSS_TRUST; - CK_ATTRIBUTE klass = { CKA_CLASS, &trust_object, sizeof (trust_object) }; - CK_OBJECT_HANDLE objects[2]; - CK_SESSION_HANDLE sessions[2]; - CK_ATTRIBUTE *match; - CK_ATTRIBUTE *attr; - CK_ULONG count; - - attr = p11_attrs_find_valid (cert, CKA_ID); - assert_ptr_not_null (attr); - - match = p11_attrs_build (NULL, &klass, attr, NULL); - count = find_objects (match, sessions, objects, 2); - assert_num_eq (1, count); - - check_trust_object_equiv (sessions[0], objects[0], cert); - check_trust_object_hashes (sessions[0], objects[0], cert); - - p11_attrs_free (match); -} - -static void -check_certificate (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE handle) -{ - unsigned char label[4096]= { 0, }; - CK_OBJECT_CLASS klass; - unsigned char value[4096]; - unsigned char subject[1024]; - unsigned char issuer[1024]; - unsigned char serial[128]; - unsigned char id[128]; - CK_CERTIFICATE_TYPE type; - CK_BYTE check[3]; - CK_DATE start; - CK_DATE end; - CK_ULONG category; - CK_BBOOL private; - CK_BBOOL token; - CK_RV rv; - - CK_ATTRIBUTE attrs[] = { - { CKA_CLASS, &klass, sizeof (klass) }, - { CKA_TOKEN, &token, sizeof (token) }, - { CKA_PRIVATE, &private, sizeof (private) }, - { CKA_VALUE, value, sizeof (value) }, - { CKA_ISSUER, issuer, sizeof (issuer) }, - { CKA_SUBJECT, subject, sizeof (subject) }, - { CKA_CERTIFICATE_TYPE, &type, sizeof (type) }, - { CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) }, - { CKA_START_DATE, &start, sizeof (start) }, - { CKA_END_DATE, &end, sizeof (end) }, - { CKA_SERIAL_NUMBER, serial, sizeof (serial) }, - { CKA_CHECK_VALUE, check, sizeof (check) }, - { CKA_ID, id, sizeof (id) }, - { CKA_LABEL, label, sizeof (label) }, - { CKA_INVALID, }, - }; - - /* Note that we don't pass the CKA_INVALID attribute in */ - rv = test.module->C_GetAttributeValue (session, handle, attrs, 14); - assert_num_eq (rv, CKR_OK); - - /* If this is the cacert3 certificate, check its values */ - if (memcmp (value, test_cacert3_ca_der, sizeof (test_cacert3_ca_der)) == 0) { - CK_BBOOL trusted; - CK_BBOOL vtrue = CK_TRUE; - - CK_ATTRIBUTE anchor[] = { - { CKA_TRUSTED, &trusted, sizeof (trusted) }, - { CKA_INVALID, }, - }; - - CK_ATTRIBUTE check[] = { - { CKA_TRUSTED, &vtrue, sizeof (vtrue) }, - { CKA_INVALID, }, - }; - - test_check_cacert3_ca (attrs, NULL); - - /* Get anchor specific attributes */ - rv = test.module->C_GetAttributeValue (session, handle, anchor, 1); - assert (rv == CKR_OK); - - /* It lives in the trusted directory */ - test_check_attrs (check, anchor); - - /* Other certificates, we can't check the values */ - } else { - test_check_object (attrs, CKO_CERTIFICATE, NULL); - } - - check_has_trust_object (attrs); -} - -static void -test_find_certificates (void) -{ - CK_OBJECT_CLASS klass = CKO_CERTIFICATE; - - CK_ATTRIBUTE match[] = { - { CKA_CLASS, &klass, sizeof (klass) }, - { CKA_INVALID, } - }; - - CK_OBJECT_HANDLE objects[16]; - CK_SESSION_HANDLE sessions[16]; - CK_ULONG count; - CK_ULONG i; - - count = find_objects (match, sessions, objects, 16); - assert_num_eq (8, count); - - for (i = 0; i < count; i++) - check_certificate (sessions[i], objects[i]); -} - -static void -test_find_builtin (void) -{ - CK_OBJECT_CLASS klass = CKO_NSS_BUILTIN_ROOT_LIST; - - CK_ATTRIBUTE match[] = { - { CKA_CLASS, &klass, sizeof (klass) }, - { CKA_TOKEN, &vtrue, sizeof (vtrue) }, - { CKA_PRIVATE, &vfalse, sizeof (vfalse) }, - { CKA_MODIFIABLE, &vfalse, sizeof (vfalse) }, - { CKA_INVALID, } - }; - - CK_OBJECT_HANDLE objects[16]; - CK_SESSION_HANDLE sessions[16]; - CK_ULONG count; - - /* One per token */ - count = find_objects (match, sessions, objects, 16); - assert_num_eq (NUM_SLOTS, count); -} - -static void -test_session_object (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE handle; - CK_ULONG size; - CK_RV rv; - - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - assert (rv == CKR_OK); - - rv = test.module->C_CreateObject (session, original, 2, &handle); - assert (rv == CKR_OK); - - rv = test.module->C_GetObjectSize (session, handle, &size); - assert (rv == CKR_OK); -} - -static void -test_session_find (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE handle; - CK_OBJECT_HANDLE check; - CK_ULONG count; - CK_RV rv; - - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - assert_num_eq (CKR_OK, rv); - - rv = test.module->C_CreateObject (session, original, 2, &handle); - assert_num_eq (CKR_OK, rv); - - rv = test.module->C_FindObjectsInit (session, original, 2); - assert_num_eq (CKR_OK, rv); - - rv = test.module->C_FindObjects (session, &check, 1, &count); - assert_num_eq (CKR_OK, rv); - assert_num_eq (1, count); - assert_num_eq (handle, check); - - rv = test.module->C_FindObjectsFinal (session); - assert_num_eq (CKR_OK, rv); -} - -static void -test_session_find_no_attr (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE match[] = { - { CKA_COLOR, "blah", 4 }, - { CKA_INVALID } - }; - - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE handle; - CK_OBJECT_HANDLE check; - CK_ULONG count; - CK_RV rv; - - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - assert_num_eq (CKR_OK, rv); - - rv = test.module->C_CreateObject (session, original, 3, &handle); - assert_num_eq (CKR_OK, rv); - - rv = test.module->C_FindObjectsInit (session, match, 1); - assert_num_eq (CKR_OK, rv); - rv = test.module->C_FindObjects (session, &check, 1, &count); - assert_num_eq (CKR_OK, rv); - assert_num_eq (0, count); - rv = test.module->C_FindObjectsFinal (session); - assert_num_eq (CKR_OK, rv); -} - -static void -test_lookup_invalid (void) -{ - CK_SESSION_HANDLE session; - CK_ULONG size; - CK_RV rv; - - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - assert (rv == CKR_OK); - - rv = test.module->C_GetObjectSize (session, 88888, &size); - assert (rv == CKR_OBJECT_HANDLE_INVALID); -} - -static void -test_remove_token (void) -{ - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE handle; - CK_ULONG count; - CK_RV rv; - - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - assert_num_eq (rv, CKR_OK); - - rv = test.module->C_FindObjectsInit (session, NULL, 0); - assert_num_eq (rv, CKR_OK); - - rv = test.module->C_FindObjects (session, &handle, 1, &count); - assert_num_eq (rv, CKR_OK); - assert_num_eq (1, count); - - rv = test.module->C_DestroyObject (session, handle); - if (rv != CKR_TOKEN_WRITE_PROTECTED) - assert_num_eq (rv, CKR_SESSION_READ_ONLY); -} - -static void -test_setattr_token (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE handle; - CK_ULONG count; - CK_RV rv; - - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - assert_num_eq (rv, CKR_OK); - - rv = test.module->C_FindObjectsInit (session, NULL, 0); - assert_num_eq (rv, CKR_OK); - - rv = test.module->C_FindObjects (session, &handle, 1, &count); - assert_num_eq (rv, CKR_OK); - assert_num_eq (1, count); - - rv = test.module->C_SetAttributeValue (session, handle, original, 2); - if (rv != CKR_TOKEN_WRITE_PROTECTED) - assert_num_eq (rv, CKR_ATTRIBUTE_READ_ONLY); -} - -static void -test_session_copy (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE handle; - CK_OBJECT_HANDLE copy; - CK_ULONG size; - CK_RV rv; - - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - assert_num_eq (CKR_OK, rv); - - rv = test.module->C_CreateObject (session, original, 2, &handle); - assert_num_eq (CKR_OK, rv); - - rv = test.module->C_CopyObject (session, handle, original, 2, ©); - assert_num_eq (CKR_OK, rv); - - rv = test.module->C_GetObjectSize (session, copy, &size); - assert_num_eq (CKR_OK, rv); -} - -static void -test_session_setattr (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE handle; - CK_RV rv; - - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - assert (rv == CKR_OK); - - rv = test.module->C_CreateObject (session, original, 2, &handle); - assert (rv == CKR_OK); - - rv = test.module->C_SetAttributeValue (session, handle, original, 2); - assert (rv == CKR_OK); -} - -static void -test_session_remove (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_INVALID } - }; - - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE handle; - CK_RV rv; - - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - assert (rv == CKR_OK); - - rv = test.module->C_CreateObject (session, original, 2, &handle); - assert (rv == CKR_OK); - - rv = test.module->C_DestroyObject (session, handle); - assert (rv == CKR_OK); - - rv = test.module->C_DestroyObject (session, handle); - assert (rv == CKR_OBJECT_HANDLE_INVALID); -} - -static void -test_find_serial_der_decoded (void) -{ - CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST; - - CK_ATTRIBUTE object[] = { - { CKA_CLASS, &nss_trust, sizeof (nss_trust) }, - { CKA_SERIAL_NUMBER, "\x02\x03\x01\x02\x03", 5 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE match_decoded[] = { - { CKA_CLASS, &nss_trust, sizeof (nss_trust) }, - { CKA_SERIAL_NUMBER, "\x01\x02\x03", 3 }, - { CKA_INVALID } - }; - - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE handle; - CK_OBJECT_HANDLE check; - CK_ULONG count; - CK_RV rv; - - /* - * WORKAROUND: NSS calls us asking for CKA_SERIAL_NUMBER items that are - * not DER encoded. It shouldn't be doing this. We never return any certificate - * serial numbers that are not DER encoded. - * - * So work around the issue here while the NSS guys fix this issue. - * This code should be removed in future versions. - * - * See work_around_broken_nss_serial_number_lookups(). - */ - - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - assert_num_eq (CKR_OK, rv); - - rv = test.module->C_CreateObject (session, object, 2, &handle); - assert_num_eq (CKR_OK, rv); - - /* Do a standard find for the same object */ - rv = test.module->C_FindObjectsInit (session, object, 2); - assert_num_eq (CKR_OK, rv); - rv = test.module->C_FindObjects (session, &check, 1, &count); - assert_num_eq (CKR_OK, rv); - assert_num_eq (1, count); - assert_num_eq (handle, check); - rv = test.module->C_FindObjectsFinal (session); - assert_num_eq (CKR_OK, rv); - - /* Do a find for the serial number decoded */ - rv = test.module->C_FindObjectsInit (session, match_decoded, 2); - assert_num_eq (CKR_OK, rv); - rv = test.module->C_FindObjects (session, &check, 1, &count); - assert_num_eq (CKR_OK, rv); - assert_num_eq (1, count); - assert_num_eq (handle, check); - rv = test.module->C_FindObjectsFinal (session); - assert_num_eq (CKR_OK, rv); -} - -static void -test_find_serial_der_mismatch (void) -{ - CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST; - - CK_ATTRIBUTE object[] = { - { CKA_CLASS, &nss_trust, sizeof (nss_trust) }, - { CKA_SERIAL_NUMBER, "\x02\x03\x01\x02\x03", 5 }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE match[] = { - { CKA_SERIAL_NUMBER, NULL, 0 }, - { CKA_CLASS, &nss_trust, sizeof (nss_trust) }, - { CKA_INVALID } - }; - - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE handle; - CK_OBJECT_HANDLE check; - CK_ULONG count; - CK_RV rv; - - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - assert_num_eq (CKR_OK, rv); - - rv = test.module->C_CreateObject (session, object, 2, &handle); - assert_num_eq (CKR_OK, rv); - - /* Do a find with a null serial number, no match */ - rv = test.module->C_FindObjectsInit (session, match, 2); - assert_num_eq (CKR_OK, rv); - rv = test.module->C_FindObjects (session, &check, 1, &count); - assert_num_eq (CKR_OK, rv); - assert_num_eq (0, count); - rv = test.module->C_FindObjectsFinal (session); - assert_num_eq (CKR_OK, rv); - - /* Do a find with a wrong length, no match */ - match[0].pValue = "at"; - match[0].ulValueLen = 2; - rv = test.module->C_FindObjectsInit (session, match, 2); - assert_num_eq (CKR_OK, rv); - rv = test.module->C_FindObjects (session, &check, 1, &count); - assert_num_eq (CKR_OK, rv); - assert_num_eq (0, count); - rv = test.module->C_FindObjectsFinal (session); - assert_num_eq (CKR_OK, rv); - - /* Do a find with a right length, wrong value, no match */ - match[0].pValue = "one"; - match[0].ulValueLen = 3; - rv = test.module->C_FindObjectsInit (session, match, 2); - assert_num_eq (CKR_OK, rv); - rv = test.module->C_FindObjects (session, &check, 1, &count); - assert_num_eq (CKR_OK, rv); - assert_num_eq (0, count); - rv = test.module->C_FindObjectsFinal (session); - assert_num_eq (CKR_OK, rv); -} - -static void -test_login_logout (void) -{ - CK_SESSION_HANDLE session; - CK_RV rv; - - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); - assert (rv == CKR_OK); - - /* Just testing our stubs for now */ - - rv = test.module->C_Login (session, CKU_USER, NULL, 0); - assert (rv == CKR_USER_TYPE_INVALID); - - rv = test.module->C_Logout (session); - assert (rv == CKR_USER_NOT_LOGGED_IN); -} - -static void -test_token_writable (void) -{ - CK_TOKEN_INFO info; - CK_RV rv; - - rv = test.module->C_GetTokenInfo (test.slots[0], &info); - - assert_num_eq (rv, CKR_OK); - assert_num_eq (info.flags & CKF_WRITE_PROTECTED, 0); -} - -static void -test_session_read_only_create (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_TOKEN, &vtrue, sizeof (vtrue) }, - { CKA_INVALID } - }; - - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE handle; - CK_RV rv; - - /* Read-only session */ - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, - NULL, NULL, &session); - assert (rv == CKR_OK); - - /* Create a token object */ - rv = test.module->C_CreateObject (session, original, 4, &handle); - assert_num_eq (rv, CKR_SESSION_READ_ONLY); -} - -static void -test_create_and_write (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_TOKEN, &vtrue, sizeof (vtrue) }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE expected[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "eight", 5 }, - { CKA_APPLICATION, "", 0 }, - { CKA_OBJECT_ID, "", 0 }, - { CKA_INVALID } - }; - - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE handle; - p11_array *parsed; - char *path; - CK_RV rv; - int ret; - - /* Read-only session */ - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION | CKF_RW_SESSION, - NULL, NULL, &session); - assert_num_eq (rv, CKR_OK); - - /* Create a token object */ - rv = test.module->C_CreateObject (session, original, 4, &handle); - assert_num_eq (rv, CKR_OK); - - /* The expected file name */ - path = p11_path_build (test.directory, "yay.p11-kit", NULL); - p11_parser_formats (test.parser, p11_parser_format_persist, NULL); - ret = p11_parse_file (test.parser, path, NULL, 0); - assert_num_eq (ret, P11_PARSE_SUCCESS); - free (path); - - parsed = p11_parser_parsed (test.parser); - assert_num_eq (parsed->num, 1); - - test_check_attrs (expected, parsed->elem[0]); -} - -static void -test_modify_and_write (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_VALUE, "eight", 5 }, - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "yay", 3 }, - { CKA_TOKEN, &vtrue, sizeof (vtrue) }, - { CKA_MODIFIABLE, &vtrue, sizeof (vtrue) }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE expected[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "yay", 3 }, - { CKA_VALUE, "nine", 4 }, - { CKA_APPLICATION, "", 0 }, - { CKA_OBJECT_ID, "", 0 }, - { CKA_INVALID } - }; - - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE handle; - p11_array *parsed; - char *path; - CK_RV rv; - int ret; - - /* Read-only session */ - rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION | CKF_RW_SESSION, - NULL, NULL, &session); - assert_num_eq (rv, CKR_OK); - - /* Create a token object */ - rv = test.module->C_CreateObject (session, original, 5, &handle); - assert_num_eq (rv, CKR_OK); - - /* Now modify the object */ - original[0].pValue = "nine"; - original[0].ulValueLen = 4; - - rv = test.module->C_SetAttributeValue (session, handle, original, 5); - assert_num_eq (rv, CKR_OK); - - /* The expected file name */ - path = p11_path_build (test.directory, "yay.p11-kit", NULL); - ret = p11_parse_file (test.parser, path, NULL, 0); - assert_num_eq (ret, P11_PARSE_SUCCESS); - free (path); - - parsed = p11_parser_parsed (test.parser); - assert_num_eq (parsed->num, 1); - - test_check_attrs (expected, parsed->elem[0]); -} - -int -main (int argc, - char *argv[]) -{ - p11_library_init (); - - p11_fixture (setup, teardown); - p11_test (test_get_slot_list, "/module/get_slot_list"); - p11_test (test_get_slot_info, "/module/get_slot_info"); - - p11_fixture (NULL, NULL); - p11_test (test_null_initialize, "/module/initialize-null"); - p11_test (test_multi_initialize, "/module/initialize-multi"); - p11_test (test_get_token_info, "/module/get_token_info"); - - p11_fixture (setup, teardown); - p11_test (test_get_session_info, "/module/get_session_info"); - p11_test (test_close_all_sessions, "/module/close_all_sessions"); - p11_test (test_find_certificates, "/module/find_certificates"); - p11_test (test_find_builtin, "/module/find_builtin"); - p11_test (test_lookup_invalid, "/module/lookup_invalid"); - p11_test (test_remove_token, "/module/remove_token"); - p11_test (test_setattr_token, "/module/setattr_token"); - p11_test (test_session_object, "/module/session_object"); - p11_test (test_session_find, "/module/session_find"); - p11_test (test_session_find_no_attr, "/module/session_find_no_attr"); - p11_test (test_session_copy, "/module/session_copy"); - p11_test (test_session_remove, "/module/session_remove"); - p11_test (test_session_setattr, "/module/session_setattr"); - p11_test (test_find_serial_der_decoded, "/module/find_serial_der_decoded"); - p11_test (test_find_serial_der_mismatch, "/module/find_serial_der_mismatch"); - p11_test (test_login_logout, "/module/login_logout"); - - p11_fixture (setup_writable, teardown); - p11_test (test_token_writable, "/module/token-writable"); - p11_test (test_session_read_only_create, "/module/session-read-only-create"); - p11_test (test_create_and_write, "/module/create-and-write"); - p11_test (test_modify_and_write, "/module/modify-and-write"); - - return p11_test_run (argc, argv); -} diff --git a/trust/test-oid.c b/trust/test-oid.c deleted file mode 100644 index 0635d0a..0000000 --- a/trust/test-oid.c +++ /dev/null @@ -1,127 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include -#include -#include - -#include "debug.h" -#include "oid.h" - -#include - -#include "pkix.asn.h" - -static void -test_known_oids (void) -{ - char buffer[128]; - node_asn *definitions = NULL; - node_asn *node; - int ret; - int len; - int i; - - struct { - const unsigned char *oid; - size_t length; - const char *string; - } known_oids[] = { - { P11_OID_SUBJECT_KEY_IDENTIFIER, sizeof (P11_OID_SUBJECT_KEY_IDENTIFIER), P11_OID_SUBJECT_KEY_IDENTIFIER_STR, }, - { P11_OID_KEY_USAGE, sizeof (P11_OID_KEY_USAGE), P11_OID_KEY_USAGE_STR, }, - { P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS), P11_OID_BASIC_CONSTRAINTS_STR }, - { P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE), P11_OID_EXTENDED_KEY_USAGE_STR }, - { P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT), P11_OID_OPENSSL_REJECT_STR }, - { P11_OID_SERVER_AUTH, sizeof (P11_OID_SERVER_AUTH), P11_OID_SERVER_AUTH_STR }, - { P11_OID_CLIENT_AUTH, sizeof (P11_OID_CLIENT_AUTH), P11_OID_CLIENT_AUTH_STR }, - { P11_OID_CODE_SIGNING, sizeof (P11_OID_CODE_SIGNING), P11_OID_CODE_SIGNING_STR }, - { P11_OID_EMAIL_PROTECTION, sizeof (P11_OID_EMAIL_PROTECTION), P11_OID_EMAIL_PROTECTION_STR }, - { P11_OID_IPSEC_END_SYSTEM, sizeof (P11_OID_IPSEC_END_SYSTEM), P11_OID_IPSEC_END_SYSTEM_STR }, - { P11_OID_IPSEC_TUNNEL, sizeof (P11_OID_IPSEC_TUNNEL), P11_OID_IPSEC_TUNNEL_STR }, - { P11_OID_IPSEC_USER, sizeof (P11_OID_IPSEC_USER), P11_OID_IPSEC_USER_STR }, - { P11_OID_TIME_STAMPING, sizeof (P11_OID_TIME_STAMPING), P11_OID_TIME_STAMPING_STR }, - { P11_OID_RESERVED_PURPOSE, sizeof (P11_OID_RESERVED_PURPOSE), P11_OID_RESERVED_PURPOSE_STR }, - { NULL }, - }; - - ret = asn1_array2tree (pkix_asn1_tab, &definitions, NULL); - assert (ret == ASN1_SUCCESS); - - for (i = 0; known_oids[i].oid != NULL; i++) { - - assert (p11_oid_simple (known_oids[i].oid, known_oids[i].length)); - assert_num_eq (known_oids[i].length, p11_oid_length (known_oids[i].oid)); - assert (p11_oid_equal (known_oids[i].oid, known_oids[i].oid)); - - if (i > 0) - assert (!p11_oid_equal (known_oids[i].oid, known_oids[i - 1].oid)); - - /* AttributeType is a OBJECT IDENTIFIER */ - ret = asn1_create_element (definitions, "PKIX1.AttributeType", &node); - assert (ret == ASN1_SUCCESS); - - ret = asn1_der_decoding (&node, known_oids[i].oid, known_oids[i].length, NULL); - assert (ret == ASN1_SUCCESS); - - len = sizeof (buffer); - ret = asn1_read_value (node, "", buffer, &len); - assert (ret == ASN1_SUCCESS); - - assert_str_eq (known_oids[i].string, buffer); - - asn1_delete_structure (&node); - } - - asn1_delete_structure (&definitions); -} - -static void -test_hash (void) -{ - assert_num_cmp (p11_oid_hash (P11_OID_CN), !=, 0); - assert_num_cmp (p11_oid_hash (P11_OID_CN), ==, p11_oid_hash (P11_OID_CN)); - assert_num_cmp (p11_oid_hash (P11_OID_CN), !=, p11_oid_hash (P11_OID_BASIC_CONSTRAINTS)); -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_known_oids, "/oids/known"); - p11_test (test_hash, "/oids/hash"); - return p11_test_run (argc, argv); -} diff --git a/trust/test-openssl.c b/trust/test-openssl.c deleted file mode 100644 index 3cba1ed..0000000 --- a/trust/test-openssl.c +++ /dev/null @@ -1,662 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#define P11_KIT_DISABLE_DEPRECATED - -#include "config.h" - -#include "test-trust.h" - -#include "attrs.h" -#include "buffer.h" -#include "compat.h" -#include "debug.h" -#include "dict.h" -#include "extract.h" -#include "message.h" -#include "mock.h" -#include "path.h" -#include "pkcs11.h" -#include "pkcs11x.h" -#include "oid.h" -#include "test.h" - -#include -#include -#include -#include -#include - -#define ELEMS(x) (sizeof (x) / sizeof (x[0])) - -struct { - CK_FUNCTION_LIST module; - p11_enumerate ex; - char *directory; -} test; - -static void -setup (void *unused) -{ - CK_RV rv; - - mock_module_reset (); - memcpy (&test.module, &mock_module, sizeof (CK_FUNCTION_LIST)); - rv = test.module.C_Initialize (NULL); - assert_num_eq (CKR_OK, rv); - - p11_enumerate_init (&test.ex); - - test.directory = p11_test_directory ("test-extract"); -} - -static void -teardown (void *unused) -{ - CK_RV rv; - - if (rmdir (test.directory) < 0) - assert_not_reached (); - free (test.directory); - - p11_enumerate_cleanup (&test.ex); - p11_kit_iter_free (test.ex.iter); - - rv = test.module.C_Finalize (NULL); - assert_num_eq (CKR_OK, rv); -} - -static CK_OBJECT_CLASS certificate_class = CKO_CERTIFICATE; -static CK_OBJECT_CLASS extension_class = CKO_X_CERTIFICATE_EXTENSION; -static CK_CERTIFICATE_TYPE x509_type = CKC_X_509; -static CK_BBOOL vtrue = CK_TRUE; - -static CK_ATTRIBUTE cacert3_authority_attrs[] = { - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, - { CKA_LABEL, "Custom Label", 12 }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, - { CKA_TRUSTED, &vtrue, sizeof (vtrue) }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE verisign_v1_attrs[] = { - { CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) }, - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, - { CKA_LABEL, "Custom Label", 12 }, - { CKA_SUBJECT, (void *)verisign_v1_ca_subject, sizeof (verisign_v1_ca_subject) }, - { CKA_PUBLIC_KEY_INFO, (void *)verisign_v1_ca_public_key, sizeof (verisign_v1_ca_public_key) }, - { CKA_TRUSTED, &vtrue, sizeof (vtrue) }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE extension_eku_server[] = { - { CKA_CLASS, &extension_class, sizeof (extension_class) }, - { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, - { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, - { CKA_VALUE, "\x30\x13\x06\x03\x55\x1d\x25\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x01", 21 }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE extension_reject_email[] = { - { CKA_CLASS, &extension_class, sizeof (extension_class) }, - { CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) }, - { CKA_VALUE, "\x30\x1a\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x01\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x04", 28 }, - { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, - { CKA_INVALID }, -}; - -static CK_ATTRIBUTE certificate_filter[] = { - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_INVALID }, -}; - -static void -setup_objects (const CK_ATTRIBUTE *attrs, - ...) GNUC_NULL_TERMINATED; - -static void -setup_objects (const CK_ATTRIBUTE *attrs, - ...) -{ - static CK_ULONG id_value = 8888; - - CK_ATTRIBUTE id = { CKA_ID, &id_value, sizeof (id_value) }; - CK_ATTRIBUTE *copy; - va_list va; - - va_start (va, attrs); - while (attrs != NULL) { - copy = p11_attrs_build (p11_attrs_dup (attrs), &id, NULL); - assert (copy != NULL); - mock_module_take_object (MOCK_SLOT_ONE_ID, copy); - attrs = va_arg (va, const CK_ATTRIBUTE *); - } - va_end (va); - - id_value++; -} - -static void -test_file (void) -{ - char *destination; - bool ret; - - setup_objects (cacert3_authority_attrs, - extension_eku_server, - extension_reject_email, - NULL); - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) - assert_not_reached (); - - ret = p11_extract_openssl_bundle (&test.ex, destination); - assert_num_eq (true, ret); - - test_check_file (test.directory, "extract.pem", - SRCDIR "/trust/fixtures/cacert3-trusted-server-alias.pem"); - - free (destination); -} - -static void -test_plain (void) -{ - char *destination; - bool ret; - - setup_objects (cacert3_authority_attrs, NULL); - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) - assert_not_reached (); - - ret = p11_extract_openssl_bundle (&test.ex, destination); - assert_num_eq (true, ret); - - test_check_file (test.directory, "extract.pem", - SRCDIR "/trust/fixtures/cacert3-trusted-alias.pem"); - - free (destination); -} - -static void -test_keyid (void) -{ - char *destination; - bool ret; - - static CK_ATTRIBUTE cacert3_plain[] = { - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, - { CKA_TRUSTED, &vtrue, sizeof (vtrue) }, - { CKA_INVALID }, - }; - - static CK_ATTRIBUTE extension_subject_key_identifier[] = { - { CKA_CLASS, &extension_class, sizeof (extension_class) }, - { CKA_OBJECT_ID, (void *)P11_OID_SUBJECT_KEY_IDENTIFIER, sizeof (P11_OID_SUBJECT_KEY_IDENTIFIER) }, - { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, - { CKA_VALUE, "\x30\x0e\x06\x03\x55\x1d\x0e\x04\x07\x00\x01\x02\x03\x04\x05\x06", 16 }, - { CKA_INVALID }, - }; - - setup_objects (cacert3_plain, extension_subject_key_identifier, NULL); - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) - assert_not_reached (); - - ret = p11_extract_openssl_bundle (&test.ex, destination); - assert_num_eq (true, ret); - - test_check_file (test.directory, "extract.pem", - SRCDIR "/trust/fixtures/cacert3-trusted-keyid.pem"); - - free (destination); -} - -static void -test_not_authority (void) -{ - char *destination; - bool ret; - - static CK_ATTRIBUTE cacert3_not_trusted[] = { - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_INVALID }, - }; - - setup_objects (cacert3_not_trusted, NULL); - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) - assert_not_reached (); - - ret = p11_extract_openssl_bundle (&test.ex, destination); - assert_num_eq (true, ret); - - test_check_file (test.directory, "extract.pem", - SRCDIR "/trust/fixtures/cacert3-not-trusted.pem"); - - free (destination); -} - -static void -test_distrust_all (void) -{ - char *destination; - bool ret; - - static CK_ATTRIBUTE cacert3_blacklist[] = { - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, - { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_X_DISTRUSTED, &vtrue, sizeof (vtrue) }, - { CKA_INVALID }, - }; - - setup_objects (cacert3_blacklist, NULL); - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) - assert_not_reached (); - - ret = p11_extract_openssl_bundle (&test.ex, destination); - assert_num_eq (true, ret); - - test_check_file (test.directory, "extract.pem", - SRCDIR "/trust/fixtures/cacert3-distrust-all.pem"); - - free (destination); -} - -static void -test_file_multiple (void) -{ - char *destination; - bool ret; - - setup_objects (cacert3_authority_attrs, - extension_eku_server, - extension_reject_email, - NULL); - - setup_objects (verisign_v1_attrs, - NULL); - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) - assert_not_reached (); - - ret = p11_extract_openssl_bundle (&test.ex, destination); - assert_num_eq (true, ret); - - test_check_file (test.directory, "extract.pem", SRCDIR "/trust/fixtures/multiple.pem"); - free (destination); -} - -static void -test_file_without (void) -{ - char *destination; - bool ret; - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) - assert_not_reached (); - - ret = p11_extract_openssl_bundle (&test.ex, destination); - assert_num_eq (true, ret); - - test_check_data (test.directory, "extract.pem", "", 0); - - free (destination); -} - -/* From extract-openssl.c */ -void p11_openssl_canon_string (char *str, size_t *len); - -static void -test_canon_string (void) -{ - struct { - char *input; - int input_len; - char *output; - int output_len; - } fixtures[] = { - { "A test", -1, "a test", -1 }, - { " Strip spaces ", -1, "strip spaces", -1 }, - { " Collapse \n\t spaces", -1, "collapse spaces", -1 }, - { "Ignore non-ASCII \303\204", -1, "ignore non-ascii \303\204", -1 }, - { "no-space", -1, "no-space", -1 }, - }; - - char *str; - size_t len; - size_t out; - int i; - - for (i = 0; i < ELEMS (fixtures); i++) { - if (fixtures[i].input_len < 0) - len = strlen (fixtures[i].input); - else - len = fixtures[i].input_len; - str = strndup (fixtures[i].input, len); - - p11_openssl_canon_string (str, &len); - - if (fixtures[i].output_len < 0) - out = strlen (fixtures[i].output); - else - out = fixtures[i].output_len; - assert_num_eq (out, len); - assert_str_eq (fixtures[i].output, str); - - free (str); - } -} - -bool p11_openssl_canon_string_der (p11_buffer *der); - -static void -test_canon_string_der (void) -{ - struct { - unsigned char input[100]; - int input_len; - unsigned char output[100]; - int output_len; - } fixtures[] = { - /* UTF8String */ - { { 0x0c, 0x0f, 0xc3, 0x84, ' ', 'U', 'T', 'F', '8', ' ', 's', 't', 'r', 'i', 'n', 'g', ' ', }, 17, - { 0x0c, 0x0e, 0xc3, 0x84, ' ', 'u', 't', 'f', '8', ' ', 's', 't', 'r', 'i', 'n', 'g', }, 16, - }, - - /* NumericString */ - { { 0x12, 0x04, '0', '1', '2', '3', }, 6, - { 0x0c, 0x04, '0', '1', '2', '3' }, 6, - }, - - /* IA5String */ - { { 0x16, 0x04, ' ', 'A', 'B', ' ', }, 6, - { 0x0c, 0x02, 'a', 'b', }, 4, - }, - - /* TeletexString */ - { { 0x14, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9, - { 0x0c, 0x06, 'a', ' ', 'n', 'i', 'c', 'e' }, 8, - }, - - /* PrintableString */ - { { 0x13, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9, - { 0x0c, 0x06, 'a', ' ', 'n', 'i', 'c', 'e' }, 8, - }, - - /* No change, not a known string type */ - { { 0x05, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9, - { 0x05, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9 - }, - - /* UniversalString */ - { { 0x1c, 0x14, 0x00, 0x00, 0x00, 'F', 0x00, 0x00, 0x00, 'u', - 0x00, 0x00, 0x00, 'n', 0x00, 0x00, 0x00, ' ', 0x00, 0x01, 0x03, 0x19, }, 22, - { 0x0c, 0x08, 'f', 'u', 'n', ' ', 0xf0, 0x90, 0x8c, 0x99 }, 10, - }, - - /* BMPString */ - { { 0x1e, 0x0a, 0x00, 'V', 0x00, 0xF6, 0x00, 'g', 0x00, 'e', 0x00, 'l' }, 12, - { 0x0c, 0x06, 'v', 0xc3, 0xb6, 'g', 'e', 'l' }, 8, - }, - }; - - p11_buffer buf; - bool ret; - int i; - - for (i = 0; i < ELEMS (fixtures); i++) { - p11_buffer_init_full (&buf, memdup (fixtures[i].input, fixtures[i].input_len), - fixtures[i].input_len, 0, realloc, free); - - ret = p11_openssl_canon_string_der (&buf); - assert_num_eq (true, ret); - - assert_num_eq (fixtures[i].output_len, buf.len); - assert (memcmp (buf.data, fixtures[i].output, buf.len) == 0); - - p11_buffer_uninit (&buf); - } -} - -bool p11_openssl_canon_name_der (p11_dict *asn1_defs, - p11_buffer *der); - -static void -test_canon_name_der (void) -{ - struct { - unsigned char input[100]; - int input_len; - unsigned char output[100]; - int output_len; - } fixtures[] = { - { { '0', 'T', '1', 0x14, '0', 0x12, 0x06, 0x03, 'U', 0x04, 0x0a, - 0x13, 0x0b, 'C', 'A', 'c', 'e', 'r', 't', 0x20, 'I', 'n', - 'c', '.', '1', 0x1e, '0', 0x1c, 0x06, 0x03, 'U', 0x04, - 0x0b, 0x13, 0x15, 'h', 't', 't', 'p', ':', '/', '/', 'w', - 'w', 'w', '.', 'C', 'A', 'c', 'e', 'r', 't', '.', 'o', 'r', - 'g', '1', 0x1c, '0', 0x1a, 0x06, 0x03, 'U', 0x04, 0x03, 0x13, - 0x13, 'C', 'A', 'c', 'e', 'r', 't', 0x20, 'C', 'l', 'a', 's', - 's', 0x20, '3', 0x20, 'R', 'o', 'o', 't', }, 86, - { '1', 0x14, '0', 0x12, 0x06, 0x03, 'U', 0x04, 0x0a, - 0x0c, 0x0b, 'c', 'a', 'c', 'e', 'r', 't', 0x20, 'i', 'n', - 'c', '.', '1', 0x1e, '0', 0x1c, 0x06, 0x03, 'U', 0x04, - 0x0b, 0x0c, 0x15, 'h', 't', 't', 'p', ':', '/', '/', 'w', - 'w', 'w', '.', 'c', 'a', 'c', 'e', 'r', 't', '.', 'o', 'r', - 'g', '1', 0x1c, '0', 0x1a, 0x06, 0x03, 'U', 0x04, 0x03, 0x0c, - 0x13, 'c', 'a', 'c', 'e', 'r', 't', 0x20, 'c', 'l', 'a', 's', - 's', 0x20, '3', 0x20, 'r', 'o', 'o', 't', }, 84, - }, - { { '0', 0x00, }, 2, - { }, 0, - }, - }; - - p11_buffer buf; - p11_dict *asn1_defs; - bool ret; - int i; - - asn1_defs = p11_asn1_defs_load (); - - for (i = 0; i < ELEMS (fixtures); i++) { - p11_buffer_init_full (&buf, memdup (fixtures[i].input, fixtures[i].input_len), - fixtures[i].input_len, 0, realloc, free); - - ret = p11_openssl_canon_name_der (asn1_defs, &buf); - assert_num_eq (true, ret); - - assert_num_eq (fixtures[i].output_len, buf.len); - assert (memcmp (buf.data, fixtures[i].output, buf.len) == 0); - - p11_buffer_uninit (&buf); - } - - p11_dict_free (asn1_defs); -} - -static void -test_canon_string_der_fail (void) -{ - struct { - unsigned char input[100]; - int input_len; - } fixtures[] = { - { { 0x0c, 0x02, 0xc3, 0xc4 /* Invalid UTF-8 */ }, 4 }, - { { 0x1e, 0x01, 0x00 /* Invalid UCS2 */ }, 3 }, - { { 0x1c, 0x02, 0x00, 0x01 /* Invalid UCS4 */ }, 4 }, - }; - - p11_buffer buf; - bool ret; - int i; - - for (i = 0; i < ELEMS (fixtures); i++) { - p11_buffer_init_full (&buf, memdup (fixtures[i].input, fixtures[i].input_len), - fixtures[i].input_len, 0, realloc, free); - - ret = p11_openssl_canon_string_der (&buf); - assert_num_eq (false, ret); - - p11_buffer_uninit (&buf); - } -} - -static void -test_directory (void) -{ - bool ret; - - setup_objects (cacert3_authority_attrs, - extension_eku_server, - extension_reject_email, - NULL); - - /* Accesses the above objects */ - setup_objects (cacert3_authority_attrs, - NULL); - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - /* Yes, this is a race, and why you shouldn't build software as root */ - if (rmdir (test.directory) < 0) - assert_not_reached (); - - ret = p11_extract_openssl_directory (&test.ex, test.directory); - assert_num_eq (true, ret); - - test_check_directory (test.directory, ("Custom_Label.pem", "Custom_Label.1.pem", -#ifdef OS_UNIX - "e5662767.1", "e5662767.0", "590d426f.1", "590d426f.0", -#endif - NULL)); - test_check_file (test.directory, "Custom_Label.pem", - SRCDIR "/trust/fixtures/cacert3-trusted-server-alias.pem"); - test_check_file (test.directory, "Custom_Label.1.pem", - SRCDIR "/trust/fixtures/cacert3-trusted-server-alias.pem"); -#ifdef OS_UNIX - test_check_symlink (test.directory, "e5662767.0", "Custom_Label.pem"); - test_check_symlink (test.directory, "e5662767.1", "Custom_Label.1.pem"); - test_check_symlink (test.directory, "590d426f.0", "Custom_Label.pem"); - test_check_symlink (test.directory, "590d426f.1", "Custom_Label.1.pem"); -#endif -} - -static void -test_directory_empty (void) -{ - bool ret; - - p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); - p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); - - /* Yes, this is a race, and why you shouldn't build software as root */ - if (rmdir (test.directory) < 0) - assert_not_reached (); - - ret = p11_extract_openssl_directory (&test.ex, test.directory); - assert_num_eq (true, ret); - - test_check_directory (test.directory, (NULL, NULL)); -} - -int -main (int argc, - char *argv[]) -{ - mock_module_init (); - - p11_fixture (setup, teardown); - p11_test (test_file, "/openssl/test_file"); - p11_test (test_plain, "/openssl/test_plain"); - p11_test (test_keyid, "/openssl/test_keyid"); - p11_test (test_not_authority, "/openssl/test_not_authority"); - p11_test (test_distrust_all, "/openssl/test_distrust_all"); - p11_test (test_file_multiple, "/openssl/test_file_multiple"); - p11_test (test_file_without, "/openssl/test_file_without"); - - p11_fixture (NULL, NULL); - p11_test (test_canon_string, "/openssl/test_canon_string"); - p11_test (test_canon_string_der, "/openssl/test_canon_string_der"); - p11_test (test_canon_string_der_fail, "/openssl/test_canon_string_der_fail"); - p11_test (test_canon_name_der, "/openssl/test_canon_name_der"); - - p11_fixture (setup, teardown); - p11_test (test_directory, "/openssl/test_directory"); - p11_test (test_directory_empty, "/openssl/test_directory_empty"); - - return p11_test_run (argc, argv); -} - -#include "enumerate.c" -#include "extract-openssl.c" -#include "save.c" diff --git a/trust/test-parser.c b/trust/test-parser.c deleted file mode 100644 index b5c2525..0000000 --- a/trust/test-parser.c +++ /dev/null @@ -1,567 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" -#include "test-trust.h" - -#include -#include -#include - -#include "array.h" -#include "attrs.h" -#include "builder.h" -#include "debug.h" -#include "message.h" -#include "oid.h" -#include "parser.h" -#include "pkcs11x.h" - -struct { - p11_parser *parser; - p11_array *parsed; - p11_asn1_cache *cache; -} test; - -static void -setup (void *unused) -{ - test.cache = p11_asn1_cache_new (); - test.parser = p11_parser_new (test.cache); - assert_ptr_not_null (test.parser); - - test.parsed = p11_parser_parsed (test.parser); - assert_ptr_not_null (test.parsed); -} - -static void -teardown (void *unused) -{ - p11_parser_free (test.parser); - p11_asn1_cache_free (test.cache); - memset (&test, 0, sizeof (test)); -} - -static CK_OBJECT_CLASS certificate = CKO_CERTIFICATE; -static CK_OBJECT_CLASS certificate_extension = CKO_X_CERTIFICATE_EXTENSION; -static CK_BBOOL falsev = CK_FALSE; -static CK_BBOOL truev = CK_TRUE; -static CK_CERTIFICATE_TYPE x509 = CKC_X_509; - -static CK_ATTRIBUTE certificate_match[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_INVALID, }, -}; - -static CK_ATTRIBUTE * -parsed_attrs (CK_ATTRIBUTE *match, - int length) -{ - int i; - - if (length < 0) - length = p11_attrs_count (match); - for (i = 0; i < test.parsed->num; i++) { - if (p11_attrs_matchn (test.parsed->elem[i], match, length)) - return test.parsed->elem[i]; - } - - return NULL; -} - -static void -test_parse_der_certificate (void) -{ - CK_ATTRIBUTE *cert; - int ret; - - CK_ATTRIBUTE expected[] = { - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, - { CKA_TRUSTED, &falsev, sizeof (falsev) }, - { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, - { CKA_INVALID }, - }; - - p11_parser_formats (test.parser, p11_parser_format_x509, NULL); - ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/cacert3.der", NULL, - P11_PARSE_FLAG_NONE); - assert_num_eq (P11_PARSE_SUCCESS, ret); - - /* Should have gotten certificate */ - assert_num_eq (1, test.parsed->num); - - cert = parsed_attrs (certificate_match, -1); - test_check_attrs (expected, cert); -} - -static void -test_parse_pem_certificate (void) -{ - CK_ATTRIBUTE *cert; - int ret; - - CK_ATTRIBUTE expected[] = { - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, - { CKA_TRUSTED, &falsev, sizeof (falsev) }, - { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, - { CKA_INVALID }, - }; - - p11_parser_formats (test.parser, p11_parser_format_pem, NULL); - ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/cacert3.pem", NULL, - P11_PARSE_FLAG_NONE); - assert_num_eq (P11_PARSE_SUCCESS, ret); - - /* Should have gotten certificate */ - assert_num_eq (1, test.parsed->num); - - cert = parsed_attrs (certificate_match, -1); - test_check_attrs (expected, cert); -} - -static void -test_parse_p11_kit_persist (void) -{ - CK_ATTRIBUTE *cert; - int ret; - - CK_ATTRIBUTE expected[] = { - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) }, - { CKA_TRUSTED, &truev, sizeof (truev) }, - { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, - { CKA_INVALID }, - }; - - p11_parser_formats (test.parser, p11_parser_format_persist, NULL); - ret = p11_parse_file (test.parser, SRCDIR "/trust/input/verisign-v1.p11-kit", NULL, - P11_PARSE_FLAG_NONE); - assert_num_eq (P11_PARSE_SUCCESS, ret); - - /* Should have gotten certificate */ - assert_num_eq (1, test.parsed->num); - - cert = parsed_attrs (certificate_match, -1); - test_check_attrs (expected, cert); -} - -static void -test_parse_openssl_trusted (void) -{ - CK_ATTRIBUTE cacert3[] = { - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, - { CKA_TRUSTED, &truev, sizeof (truev) }, - { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE eku_extension[] = { - { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, - { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, - { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, - { CKA_VALUE, "\x30\x16\x06\x03\x55\x1d\x25\x01\x01\xff\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x01", 24 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE reject_extension[] = { - { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, - { CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) }, - { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, - { CKA_VALUE, "\x30\x1a\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x01\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x04", 28 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *expected[] = { - cacert3, - eku_extension, - reject_extension, - NULL - }; - - CK_ATTRIBUTE *cert; - CK_ATTRIBUTE *object; - int ret; - int i; - - p11_parser_formats (test.parser, p11_parser_format_pem, NULL); - ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/cacert3-trusted.pem", NULL, - P11_PARSE_FLAG_ANCHOR); - assert_num_eq (P11_PARSE_SUCCESS, ret); - - /* - * Should have gotten: - * - 1 certificate - * - 2 attached extensions - */ - assert_num_eq (3, test.parsed->num); - - /* The certificate */ - cert = parsed_attrs (certificate_match, -1); - test_check_attrs (expected[0], cert); - - /* The other objects */ - for (i = 1; expected[i]; i++) { - object = parsed_attrs (expected[i], 2); - assert_ptr_not_null (object); - - test_check_attrs (expected[i], object); - } -} - -static void -test_parse_openssl_distrusted (void) -{ - static const char distrust_public_key[] = { - 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, - 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xdf, 0xc7, 0x0d, - 0x61, 0xa2, 0x2f, 0xc0, 0x5a, 0xad, 0x45, 0x83, 0x22, 0x33, 0x42, 0xea, 0xec, 0x42, 0x5e, 0xa6, - 0x0d, 0x42, 0x4c, 0x1c, 0x9a, 0x12, 0x0b, 0x5f, 0xe7, 0x25, 0xf9, 0x8b, 0x83, 0x0c, 0x0a, 0xc5, - 0x2f, 0x5a, 0x58, 0x56, 0xb8, 0xad, 0x87, 0x6d, 0xbc, 0x80, 0x5d, 0xdd, 0x49, 0x45, 0x39, 0x5f, - 0xb9, 0x08, 0x3a, 0x63, 0xe4, 0x92, 0x33, 0x61, 0x79, 0x19, 0x1b, 0x9d, 0xab, 0x3a, 0xd5, 0x7f, - 0xa7, 0x8b, 0x7f, 0x8a, 0x5a, 0xf6, 0xd7, 0xde, 0xaf, 0xa1, 0xe5, 0x53, 0x31, 0x29, 0x7d, 0x9c, - 0x03, 0x55, 0x3e, 0x47, 0x78, 0xcb, 0xb9, 0x7a, 0x98, 0x8c, 0x5f, 0x8d, 0xda, 0x09, 0x0f, 0xc8, - 0xfb, 0xf1, 0x7a, 0x80, 0xee, 0x12, 0x77, 0x0a, 0x00, 0x8b, 0x70, 0xfa, 0x62, 0xbf, 0xaf, 0xee, - 0x0b, 0x58, 0x16, 0xf9, 0x9c, 0x5c, 0xde, 0x93, 0xb8, 0x4f, 0xdf, 0x4d, 0x7b, 0x02, 0x03, 0x01, - 0x00, 0x01, - }; - - CK_ATTRIBUTE distrust_cert[] = { - { CKA_CLASS, &certificate, sizeof (certificate), }, - { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_TRUSTED, &falsev, sizeof (falsev) }, - { CKA_X_DISTRUSTED, &truev, sizeof (truev) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE eku_extension[] = { - { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, - { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, - { CKA_PUBLIC_KEY_INFO, (void *)distrust_public_key, sizeof (distrust_public_key) }, - { CKA_VALUE, "\x30\x18\x06\x03\x55\x1d\x25\x01\x01\xff\x04\x0e\x30\x0c\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x10", 26 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE reject_extension[] = { - { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, - { CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) }, - { CKA_PUBLIC_KEY_INFO, (void *)distrust_public_key, sizeof (distrust_public_key) }, - { CKA_VALUE, "\x30\x1a\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x01\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x02", 28 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *expected[] = { - distrust_cert, - eku_extension, - reject_extension, - NULL - }; - - CK_ATTRIBUTE *cert; - CK_ATTRIBUTE *object; - int ret; - int i; - - /* - * OpenSSL style is to litter the blacklist in with the anchors, - * so we parse this as an anchor, but expect it to be blacklisted - */ - p11_parser_formats (test.parser, p11_parser_format_pem, NULL); - ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/distrusted.pem", NULL, - P11_PARSE_FLAG_ANCHOR); - assert_num_eq (P11_PARSE_SUCCESS, ret); - - /* - * Should have gotten: - * - 1 certificate - * - 2 attached extensions - */ - assert_num_eq (3, test.parsed->num); - cert = parsed_attrs (certificate_match, -1); - test_check_attrs (expected[0], cert); - - /* The other objects */ - for (i = 1; expected[i]; i++) { - object = parsed_attrs (expected[i], 2); - assert_ptr_not_null (object); - - test_check_attrs (expected[i], object); - } -} - -static void -test_openssl_trusted_no_trust (void) -{ - CK_ATTRIBUTE *cert; - int ret; - - char expected_value[] = { - 0x30, 0x82, 0x04, 0x99, 0x30, 0x82, 0x03, 0x81, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x5d, - 0x20, 0x61, 0x8e, 0x8c, 0x0e, 0xb9, 0x34, 0x40, 0x93, 0xb9, 0xb1, 0xd8, 0x63, 0x95, 0xb6, 0x30, - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x6f, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x53, 0x45, 0x31, 0x14, 0x30, - 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, - 0x20, 0x41, 0x42, 0x31, 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1d, 0x41, 0x64, - 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x20, - 0x54, 0x54, 0x50, 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x31, 0x22, 0x30, 0x20, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x45, - 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x20, 0x43, 0x41, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, - 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x30, 0x38, 0x30, 0x35, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, - 0x17, 0x0d, 0x31, 0x35, 0x31, 0x31, 0x30, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, - 0x7f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0b, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x02, 0x55, 0x54, 0x31, 0x17, 0x30, 0x15, 0x06, - 0x03, 0x55, 0x04, 0x07, 0x13, 0x0e, 0x53, 0x61, 0x6c, 0x74, 0x20, 0x4c, 0x61, 0x6b, 0x65, 0x20, - 0x43, 0x69, 0x74, 0x79, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, 0x54, - 0x68, 0x65, 0x20, 0x55, 0x53, 0x45, 0x52, 0x54, 0x52, 0x55, 0x53, 0x54, 0x20, 0x4e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x31, 0x2a, 0x30, 0x28, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x21, 0x55, - 0x53, 0x45, 0x52, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x20, - 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x41, - 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, - 0x00, 0xd9, 0x4d, 0x20, 0x3a, 0xe6, 0x29, 0x30, 0x86, 0xf2, 0xe9, 0x86, 0x89, 0x76, 0x34, 0x4e, - 0x68, 0x1f, 0x96, 0x44, 0xf7, 0xd1, 0xf9, 0xd6, 0x82, 0x4e, 0xa6, 0x38, 0x9e, 0xee, 0xcb, 0x5b, - 0xe1, 0x8e, 0x2e, 0xbd, 0xf2, 0x57, 0x80, 0xfd, 0xc9, 0x3f, 0xfc, 0x90, 0x73, 0x44, 0xbc, 0x8f, - 0xbb, 0x57, 0x5b, 0xe5, 0x2d, 0x1f, 0x14, 0x30, 0x75, 0x36, 0xf5, 0x7f, 0xbc, 0xcf, 0x56, 0xf4, - 0x7f, 0x81, 0xff, 0xae, 0x91, 0xcd, 0xd8, 0xd2, 0x6a, 0xcb, 0x97, 0xf9, 0xf7, 0xcd, 0x90, 0x6a, - 0x45, 0x2d, 0xc4, 0xbb, 0xa4, 0x85, 0x13, 0x68, 0x57, 0x5f, 0xef, 0x29, 0xba, 0x2a, 0xca, 0xea, - 0xf5, 0xcc, 0xa4, 0x04, 0x9b, 0x63, 0xcd, 0x00, 0xeb, 0xfd, 0xed, 0x8d, 0xdd, 0x23, 0xc6, 0x7b, - 0x1e, 0x57, 0x1d, 0x36, 0x7f, 0x1f, 0x08, 0x9a, 0x0d, 0x61, 0xdb, 0x5a, 0x6c, 0x71, 0x02, 0x53, - 0x28, 0xc2, 0xfa, 0x8d, 0xfd, 0xab, 0xbb, 0xb3, 0xf1, 0x8d, 0x74, 0x4b, 0xdf, 0xbd, 0xbd, 0xcc, - 0x06, 0x93, 0x63, 0x09, 0x95, 0xc2, 0x10, 0x7a, 0x9d, 0x25, 0x90, 0x32, 0x9d, 0x01, 0xc2, 0x39, - 0x53, 0xb0, 0xe0, 0x15, 0x6b, 0xc7, 0xd7, 0x74, 0xe5, 0xa4, 0x22, 0x9b, 0xe4, 0x94, 0xff, 0x84, - 0x91, 0xfb, 0x2d, 0xb3, 0x19, 0x43, 0x2d, 0x93, 0x0f, 0x9c, 0x12, 0x09, 0xe4, 0x67, 0xb9, 0x27, - 0x7a, 0x32, 0xad, 0x7a, 0x2a, 0xcc, 0x41, 0x58, 0xc0, 0x6e, 0x59, 0x5f, 0xee, 0x38, 0x2b, 0x17, - 0x22, 0x9c, 0x89, 0xfa, 0x6e, 0xe7, 0xe5, 0x57, 0x35, 0xf4, 0x5a, 0xed, 0x92, 0x95, 0x93, 0x2d, - 0xf9, 0xcc, 0x24, 0x3f, 0xa5, 0x1c, 0x3d, 0x27, 0xbd, 0x22, 0x03, 0x73, 0xcc, 0xf5, 0xca, 0xf3, - 0xa9, 0xf4, 0xdc, 0xfe, 0xcf, 0xe9, 0xd0, 0x5c, 0xd0, 0x0f, 0xab, 0x87, 0xfc, 0x83, 0xfd, 0xc8, - 0xa9, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x1f, 0x30, 0x82, 0x01, 0x1b, 0x30, 0x1f, - 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xad, 0xbd, 0x98, 0x7a, 0x34, - 0xb4, 0x26, 0xf7, 0xfa, 0xc4, 0x26, 0x54, 0xef, 0x03, 0xbd, 0xe0, 0x24, 0xcb, 0x54, 0x1a, 0x30, - 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xaf, 0xa4, 0x40, 0xaf, 0x9f, 0x16, - 0xfe, 0xab, 0x31, 0xfd, 0xfb, 0xd5, 0x97, 0x8b, 0xf5, 0x91, 0xa3, 0x24, 0x86, 0x16, 0x30, 0x0e, - 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x12, - 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, - 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, - 0x02, 0x30, 0x19, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x12, 0x30, 0x10, 0x30, 0x0e, 0x06, 0x0c, - 0x2b, 0x06, 0x01, 0x04, 0x01, 0xb2, 0x31, 0x01, 0x02, 0x01, 0x03, 0x04, 0x30, 0x44, 0x06, 0x03, - 0x55, 0x1d, 0x1f, 0x04, 0x3d, 0x30, 0x3b, 0x30, 0x39, 0xa0, 0x37, 0xa0, 0x35, 0x86, 0x33, 0x68, - 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x72, - 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, - 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x43, 0x41, 0x52, 0x6f, 0x6f, 0x74, 0x2e, 0x63, - 0x72, 0x6c, 0x30, 0x35, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x29, - 0x30, 0x27, 0x30, 0x25, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x19, - 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x75, 0x73, 0x65, 0x72, - 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, - 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x84, 0xae, 0x2d, - 0x68, 0x38, 0x11, 0x6c, 0x83, 0x51, 0x62, 0xc0, 0x91, 0xc2, 0x98, 0xbc, 0xc6, 0x3b, 0xfa, 0xa5, - 0xc5, 0xbd, 0x3b, 0x09, 0xe6, 0x6e, 0x60, 0x6f, 0x30, 0x03, 0x86, 0x22, 0x1a, 0xb2, 0x8b, 0xf3, - 0xc6, 0xce, 0x1e, 0xbb, 0x1b, 0x79, 0xe0, 0x16, 0x14, 0x4d, 0xd2, 0x9a, 0x05, 0x4b, 0xff, 0x8f, - 0xec, 0xf0, 0x28, 0x29, 0xea, 0x2a, 0x04, 0x1d, 0x3d, 0xaf, 0x11, 0x12, 0xd5, 0x49, 0x98, 0x50, - 0x42, 0x9f, 0x61, 0x66, 0x3a, 0xb6, 0x40, 0x99, 0x04, 0x0c, 0x6b, 0x10, 0x32, 0xe9, 0xf7, 0xcf, - 0x86, 0x58, 0x4f, 0x2d, 0xcd, 0xd3, 0xac, 0x7e, 0xe8, 0x5b, 0x6a, 0x83, 0x7c, 0x0d, 0xa0, 0x9c, - 0x5c, 0x50, 0x36, 0x75, 0x0d, 0x6d, 0x7e, 0x42, 0xb7, 0xdf, 0xa6, 0xdc, 0x90, 0x5c, 0x6f, 0x23, - 0x4e, 0x97, 0x1d, 0xf3, 0x22, 0x75, 0xbf, 0x03, 0x35, 0xe6, 0x5d, 0x7f, 0xc7, 0xf9, 0x9b, 0x2c, - 0x87, 0xf6, 0x8e, 0xd6, 0x25, 0x96, 0x59, 0x9d, 0xcf, 0xea, 0x10, 0x1e, 0xef, 0x6e, 0xea, 0x5a, - 0x9b, 0x77, 0x18, 0x34, 0xcc, 0x81, 0x77, 0xaf, 0x9a, 0x87, 0xc2, 0x0a, 0xe5, 0xe5, 0x9e, 0x13, - 0x95, 0x53, 0xbd, 0xbd, 0x49, 0x1a, 0xa5, 0x76, 0x12, 0xf6, 0xdc, 0xf2, 0x91, 0xb7, 0xe9, 0x1a, - 0xe1, 0xbc, 0x4d, 0x3d, 0x95, 0x71, 0x7d, 0xf8, 0x8d, 0x7c, 0x3e, 0x03, 0x4f, 0x53, 0xed, 0xfe, - 0x52, 0xfd, 0xca, 0x5f, 0x93, 0xe1, 0x1a, 0x01, 0x1b, 0x02, 0xb7, 0x73, 0x4e, 0xba, 0x66, 0xe9, - 0x78, 0x8b, 0x50, 0xfe, 0x11, 0xcb, 0xd1, 0x67, 0xd0, 0x22, 0x4f, 0x77, 0xea, 0xcd, 0x14, 0x15, - 0x40, 0xae, 0x66, 0x5d, 0xe8, 0x2e, 0x7f, 0x1e, 0x88, 0x6f, 0x55, 0x79, 0xd6, 0xb9, 0x7e, 0xe3, - 0xb5, 0xfd, 0x91, 0xa0, 0xc0, 0xf2, 0x26, 0x87, 0x4b, 0x2f, 0x9d, 0xf5, 0xa0, - }; - - CK_ATTRIBUTE expected[] = { - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_TRUSTED, &falsev, sizeof (falsev) }, - { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, - { CKA_VALUE, expected_value, sizeof (expected_value) }, - { CKA_INVALID }, - }; - - p11_parser_formats (test.parser, p11_parser_format_pem, NULL); - ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/openssl-trust-no-trust.pem", NULL, - P11_PARSE_FLAG_NONE); - assert_num_eq (P11_PARSE_SUCCESS, ret); - - /* Should have gotten certificate */ - assert_num_eq (1, test.parsed->num); - - cert = parsed_attrs (certificate_match, -1); - test_check_attrs (expected, cert); -} - -static void -test_parse_anchor (void) -{ - CK_ATTRIBUTE cacert3[] = { - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, - { CKA_TRUSTED, &truev, sizeof (truev) }, - { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *cert; - int ret; - - p11_parser_formats (test.parser, p11_parser_format_x509, NULL); - ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/cacert3.der", NULL, - P11_PARSE_FLAG_ANCHOR); - assert_num_eq (P11_PARSE_SUCCESS, ret); - - /* - * Should have gotten: - * - 1 certificate - */ - assert_num_eq (1, test.parsed->num); - - cert = parsed_attrs (certificate_match, -1); - test_check_attrs (cacert3, cert); -} - -static void -test_parse_thawte (void) -{ - CK_ATTRIBUTE *cert; - int ret; - - CK_ATTRIBUTE expected[] = { - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, - { CKA_TRUSTED, &falsev, sizeof (falsev) }, - { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, - { CKA_INVALID }, - }; - - p11_parser_formats (test.parser, p11_parser_format_pem, NULL); - ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/thawte.pem", NULL, - P11_PARSE_FLAG_NONE); - assert_num_eq (P11_PARSE_SUCCESS, ret); - - /* Should have gotten certificate */ - assert_num_eq (1, test.parsed->num); - - cert = parsed_attrs (certificate_match, -1); - test_check_attrs (expected, cert); -} - -/* TODO: A certificate that uses generalTime needs testing */ - -static void -test_parse_invalid_file (void) -{ - int ret; - - p11_message_quiet (); - - p11_parser_formats (test.parser, p11_parser_format_x509, NULL); - ret = p11_parse_file (test.parser, "/nonexistant", NULL, - P11_PARSE_FLAG_NONE); - assert_num_eq (P11_PARSE_FAILURE, ret); - - p11_message_loud (); -} - -static void -test_parse_unrecognized (void) -{ - int ret; - - p11_message_quiet (); - - p11_parser_formats (test.parser, p11_parser_format_x509, NULL); - ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/unrecognized-file.txt", NULL, - P11_PARSE_FLAG_NONE); - assert_num_eq (P11_PARSE_UNRECOGNIZED, ret); - - p11_message_loud (); -} - -static void -test_parse_no_asn1_cache (void) -{ - p11_parser *parser; - int ret; - - parser = p11_parser_new (NULL); - assert_ptr_not_null (parser); - - p11_parser_formats (parser, p11_parser_format_x509, NULL); - ret = p11_parse_file (parser, SRCDIR "/trust/fixtures/cacert3.der", NULL, P11_PARSE_FLAG_NONE); - assert_num_eq (P11_PARSE_SUCCESS, ret); - - /* Should have gotten certificate */ - assert_num_eq (1, p11_parser_parsed (parser)->num); - - p11_parser_free (parser); -} - -int -main (int argc, - char *argv[]) -{ - p11_fixture (setup, teardown); - p11_test (test_parse_der_certificate, "/parser/parse_der_certificate"); - p11_test (test_parse_pem_certificate, "/parser/parse_pem_certificate"); - p11_test (test_parse_p11_kit_persist, "/parser/parse_p11_kit_persist"); - p11_test (test_parse_openssl_trusted, "/parser/parse_openssl_trusted"); - p11_test (test_parse_openssl_distrusted, "/parser/parse_openssl_distrusted"); - p11_test (test_openssl_trusted_no_trust, "/parser/openssl-trusted-no-trust"); - p11_test (test_parse_anchor, "/parser/parse_anchor"); - p11_test (test_parse_thawte, "/parser/parse_thawte"); - p11_test (test_parse_invalid_file, "/parser/parse_invalid_file"); - p11_test (test_parse_unrecognized, "/parser/parse_unrecognized"); - - p11_fixture (NULL, NULL); - p11_test (test_parse_no_asn1_cache, "/parser/null-asn1-cache"); - - return p11_test_run (argc, argv); -} diff --git a/trust/test-pem.c b/trust/test-pem.c deleted file mode 100644 index 0c7d60a..0000000 --- a/trust/test-pem.c +++ /dev/null @@ -1,341 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include -#include -#include - -#include "compat.h" -#include "pem.h" - -struct { - const char *input; - struct { - const char *type; - const char *data; - unsigned int length; - } output[8]; -} success_fixtures[] = { - { - /* one block */ - "-----BEGIN BLOCK1-----\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" - "-----END BLOCK1-----", - { - { - "BLOCK1", - "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87" - "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf\x1e\x1a", - 30, - }, - { - NULL, - } - } - }, - - { - /* one block, with header */ - "-----BEGIN BLOCK1-----\n" - "Header1: value1 \n" - " Header2: value2\n" - "\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" - "-----END BLOCK1-----", - { - { - "BLOCK1", - "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87" - "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf\x1e\x1a", - 30, - }, - { - NULL, - } - } - }, - - { - /* two blocks, junk data */ - "-----BEGIN BLOCK1-----\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" - "-----END BLOCK1-----\n" - "blah blah\n" - "-----BEGIN TWO-----\n" - "oy5L157C671HyJMCf9FiK9prvPZfSch6V4EoUfylFoI1Bq6SbL53kg==\n" - "-----END TWO-----\n" - "trailing data", - { - { - "BLOCK1", - "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87" - "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf\x1e\x1a", - 30, - }, - { - "TWO", - "\xa3\x2e\x4b\xd7\x9e\xc2\xeb\xbd\x47\xc8\x93\x02\x7f\xd1\x62\x2b" - "\xda\x6b\xbc\xf6\x5f\x49\xc8\x7a\x57\x81\x28\x51\xfc\xa5\x16\x82" - "\x35\x06\xae\x92\x6c\xbe\x77\x92", - 40 - }, - { - NULL, - } - } - }, - - { - NULL, - } -}; - -typedef struct { - int input_index; - int output_index; - int parsed; -} Closure; - -static void -on_parse_pem_success (const char *type, - const unsigned char *contents, - size_t length, - void *user_data) -{ - Closure *cl = user_data; - - assert_num_eq (success_fixtures[cl->input_index].output[cl->output_index].length, length); - assert (memcmp (success_fixtures[cl->input_index].output[cl->output_index].data, contents, - success_fixtures[cl->input_index].output[cl->output_index].length) == 0); - - cl->output_index++; - cl->parsed++; -} - -static void -test_pem_success (void) -{ - Closure cl; - int ret; - int i; - int j; - - for (i = 0; success_fixtures[i].input != NULL; i++) { - cl.input_index = i; - cl.output_index = 0; - cl.parsed = 0; - - ret = p11_pem_parse (success_fixtures[i].input, strlen (success_fixtures[i].input), - on_parse_pem_success, &cl); - - assert (success_fixtures[i].output[cl.output_index].type == NULL); - - /* Count number of outputs, return from p11_pem_parse() should match */ - for (j = 0; success_fixtures[i].output[j].type != NULL; j++); - assert_num_eq (j, ret); - assert_num_eq (ret, cl.parsed); - } -} - -const char *failure_fixtures[] = { - /* too short at end of opening line */ - "-----BEGIN BLOCK1---\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" - "-----END BLOCK1-----", - - /* truncated */ - "-----BEGIN BLOCK1---", - - /* no ending */ - "-----BEGIN BLOCK1-----\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n", - - /* wrong ending */ - "-----BEGIN BLOCK1-----\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" - "-----END BLOCK2-----", - - /* wrong ending */ - "-----BEGIN BLOCK1-----\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" - "-----END INVALID-----", - - /* too short at end of ending line */ - "-----BEGIN BLOCK1-----\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" - "-----END BLOCK1---", - - /* invalid base64 data */ - "-----BEGIN BLOCK1-----\n" - "!!!!NNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" - "-----END BLOCK1-----", - - NULL, -}; - -static void -on_parse_pem_failure (const char *type, - const unsigned char *contents, - size_t length, - void *user_data) -{ - assert (false && "not reached"); -} - -static void -test_pem_failure (void) -{ - int ret; - int i; - - for (i = 0; failure_fixtures[i] != NULL; i++) { - ret = p11_pem_parse (failure_fixtures[i], strlen (failure_fixtures[i]), - on_parse_pem_failure, NULL); - assert_num_eq (0, ret); - } -} - -typedef struct { - const char *input; - size_t length; - const char *type; - const char *output; -} WriteFixture; - -static WriteFixture write_fixtures[] = { - { - "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87" - "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf\x1e\x1a", - 30, "BLOCK1", - "-----BEGIN BLOCK1-----\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" - "-----END BLOCK1-----\n", - }, - { - "\x50\x31\x31\x2d\x4b\x49\x54\x0a\x0a\x50\x72\x6f\x76\x69\x64\x65" - "\x73\x20\x61\x20\x77\x61\x79\x20\x74\x6f\x20\x6c\x6f\x61\x64\x20" - "\x61\x6e\x64\x20\x65\x6e\x75\x6d\x65\x72\x61\x74\x65\x20\x50\x4b" - "\x43\x53\x23\x31\x31\x20\x6d\x6f\x64\x75\x6c\x65\x73\x2e\x20\x50" - "\x72\x6f\x76\x69\x64\x65\x73\x20\x61\x20\x73\x74\x61\x6e\x64\x61" - "\x72\x64\x0a\x63\x6f\x6e\x66\x69\x67\x75\x72\x61\x74\x69\x6f\x6e" - "\x20\x73\x65\x74\x75\x70\x20\x66\x6f\x72\x20\x69\x6e\x73\x74\x61" - "\x6c\x6c\x69\x6e\x67\x20\x50\x4b\x43\x53\x23\x31\x31\x20\x6d\x6f" - "\x64\x75\x6c\x65\x73\x20\x69\x6e\x20\x73\x75\x63\x68\x20\x61\x20" - "\x77\x61\x79\x20\x74\x68\x61\x74\x20\x74\x68\x65\x79\x27\x72\x65" - "\x0a\x64\x69\x73\x63\x6f\x76\x65\x72\x61\x62\x6c\x65\x2e\x0a\x0a" - "\x41\x6c\x73\x6f\x20\x73\x6f\x6c\x76\x65\x73\x20\x70\x72\x6f\x62" - "\x6c\x65\x6d\x73\x20\x77\x69\x74\x68\x20\x63\x6f\x6f\x72\x64\x69" - "\x6e\x61\x74\x69\x6e\x67\x20\x74\x68\x65\x20\x75\x73\x65\x20\x6f" - "\x66\x20\x50\x4b\x43\x53\x23\x31\x31\x20\x62\x79\x20\x64\x69\x66" - "\x66\x65\x72\x65\x6e\x74\x0a\x63\x6f\x6d\x70\x6f\x6e\x65\x6e\x74" - "\x73\x20\x6f\x72\x20\x6c\x69\x62\x72\x61\x72\x69\x65\x73\x20\x6c" - "\x69\x76\x69\x6e\x67\x20\x69\x6e\x20\x74\x68\x65\x20\x73\x61\x6d" - "\x65\x20\x70\x72\x6f\x63\x65\x73\x73\x2e\x0a", - 299, "LONG TYPE WITH SPACES", - "-----BEGIN LONG TYPE WITH SPACES-----\n" - "UDExLUtJVAoKUHJvdmlkZXMgYSB3YXkgdG8gbG9hZCBhbmQgZW51bWVyYXRlIFBL\n" - "Q1MjMTEgbW9kdWxlcy4gUHJvdmlkZXMgYSBzdGFuZGFyZApjb25maWd1cmF0aW9u\n" - "IHNldHVwIGZvciBpbnN0YWxsaW5nIFBLQ1MjMTEgbW9kdWxlcyBpbiBzdWNoIGEg\n" - "d2F5IHRoYXQgdGhleSdyZQpkaXNjb3ZlcmFibGUuCgpBbHNvIHNvbHZlcyBwcm9i\n" - "bGVtcyB3aXRoIGNvb3JkaW5hdGluZyB0aGUgdXNlIG9mIFBLQ1MjMTEgYnkgZGlm\n" - "ZmVyZW50CmNvbXBvbmVudHMgb3IgbGlicmFyaWVzIGxpdmluZyBpbiB0aGUgc2Ft\n" - "ZSBwcm9jZXNzLgo=\n" - "-----END LONG TYPE WITH SPACES-----\n" - }, - { - "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87" - "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf", - 28, "BLOCK1", - "-----BEGIN BLOCK1-----\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrw==\n" - "-----END BLOCK1-----\n", - }, - { - NULL, - } -}; - -static void -on_parse_written (const char *type, - const unsigned char *contents, - size_t length, - void *user_data) -{ - WriteFixture *fixture = user_data; - - assert_str_eq (fixture->type, type); - assert_num_eq (fixture->length, length); - assert (memcmp (contents, fixture->input, length) == 0); -} - -static void -test_pem_write (void) -{ - WriteFixture *fixture; - p11_buffer buf; - unsigned int count; - int i; - - for (i = 0; write_fixtures[i].input != NULL; i++) { - fixture = write_fixtures + i; - - if (!p11_buffer_init_null (&buf, 0)) - assert_not_reached (); - - if (!p11_pem_write ((unsigned char *)fixture->input, - fixture->length, - fixture->type, &buf)) - assert_not_reached (); - assert_str_eq (fixture->output, buf.data); - assert_num_eq (strlen (fixture->output), buf.len); - - count = p11_pem_parse (buf.data, buf.len, on_parse_written, fixture); - assert_num_eq (1, count); - - p11_buffer_uninit (&buf); - } -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_pem_success, "/pem/success"); - p11_test (test_pem_failure, "/pem/failure"); - p11_test (test_pem_write, "/pem/write"); - return p11_test_run (argc, argv); -} diff --git a/trust/test-persist.c b/trust/test-persist.c deleted file mode 100644 index 238a3c4..0000000 --- a/trust/test-persist.c +++ /dev/null @@ -1,635 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" -#include "test-trust.h" - -#include -#include -#include -#include - -#include "array.h" -#include "attrs.h" -#include "compat.h" -#include "debug.h" -#include "message.h" -#include "persist.h" -#include "pkcs11.h" -#include "pkcs11i.h" -#include "pkcs11x.h" - -static void -test_magic (void) -{ - const char *input = "[p11-kit-object-v1]\n" - "class: data\n" - "value: \"blah\"\n" - "application: \"test-persist\"\n"; - - const char *other = " " - "\n\n[p11-kit-object-v1]\n" - "class: data\n" - "value: \"blah\"\n" - "application: \"test-persist\"\n"; - - assert (p11_persist_magic ((unsigned char *)input, strlen (input))); - assert (!p11_persist_magic ((unsigned char *)input, 5)); - assert (p11_persist_magic ((unsigned char *)other, strlen (other))); - assert (!p11_persist_magic ((unsigned char *)"blah", 4)); -} - -static p11_array * -args_to_array (void *arg, - ...) GNUC_NULL_TERMINATED; - -static p11_array * -args_to_array (void *arg, - ...) -{ - p11_array *array = p11_array_new (NULL); - - va_list (va); - va_start (va, arg); - - while (arg != NULL) { - p11_array_push (array, arg); - arg = va_arg (va, void *); - } - - va_end (va); - - return array; -} - -static void -check_read_msg (const char *file, - int line, - const char *function, - const char *input, - p11_array *expected) -{ - p11_array *objects; - p11_persist *persist; - int i; - - persist = p11_persist_new (); - objects = p11_array_new (p11_attrs_free); - - if (p11_persist_read (persist, "test", (const unsigned char *)input, strlen (input), objects)) { - if (expected == NULL) - p11_test_fail (file, line, function, "decoding should have failed"); - for (i = 0; i < expected->num; i++) { - if (i >= objects->num) - p11_test_fail (file, line, function, "too few objects read"); - test_check_attrs_msg (file, line, function, expected->elem[i], objects->elem[i]); - } - if (i != objects->num) - p11_test_fail (file, line, function, "too many objects read"); - } else { - if (expected != NULL) - p11_test_fail (file, line, function, "decoding failed"); - } - - p11_array_free (objects); - p11_persist_free (persist); - p11_array_free (expected); -} - -static void -check_write_msg (const char *file, - int line, - const char *function, - const char *expected, - p11_array *input) -{ - p11_persist *persist; - p11_buffer buf; - int i; - - persist = p11_persist_new (); - p11_buffer_init_null (&buf, 0); - - for (i = 0; i < input->num; i++) { - if (!p11_persist_write (persist, input->elem[i], &buf)) - p11_test_fail (file, line, function, "persist write failed"); - } - - if (strcmp (buf.data, expected) != 0) { - p11_test_fail (file, line, function, "persist doesn't match: (\n%s----\n%s\n)", \ - expected, (char *)buf.data); - } - - p11_buffer_uninit (&buf); - p11_array_free (input); - p11_persist_free (persist); -} - -#define check_read_success(input, objs) \ - check_read_msg (__FILE__, __LINE__, __FUNCTION__, input, args_to_array objs) - -#define check_read_failure(input) \ - check_read_msg (__FILE__, __LINE__, __FUNCTION__, input, NULL) - -#define check_write_success(expected, inputs) \ - check_write_msg (__FILE__, __LINE__, __FUNCTION__, expected, args_to_array inputs) - -static CK_OBJECT_CLASS certificate = CKO_CERTIFICATE; -static CK_CERTIFICATE_TYPE x509 = CKC_X_509; -static CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST; -static CK_OBJECT_CLASS data = CKO_DATA; -static CK_BBOOL truev = CK_TRUE; -static CK_BBOOL falsev = CK_FALSE; - -static void -test_simple (void) -{ - const char *output = "[p11-kit-object-v1]\n" - "class: data\n" - "value: \"blah\"\n" - "application: \"test-persist\"\n\n"; - - CK_ATTRIBUTE attrs[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_VALUE, "blah", 4 }, - { CKA_APPLICATION, "test-persist", 12 }, - { CKA_INVALID }, - }; - - check_read_success (output, (attrs, NULL)); - check_write_success (output, (attrs, NULL)); -} - -static void -test_number (void) -{ - const char *output = "[p11-kit-object-v1]\n" - "class: data\n" - "value-len: 29202390\n" - "application: \"test-persist\"\n\n"; - - CK_ULONG value = 29202390; - - CK_ATTRIBUTE attrs[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_VALUE_LEN, &value, sizeof (value) }, - { CKA_APPLICATION, "test-persist", 12 }, - { CKA_INVALID }, - }; - - check_read_success (output, (attrs, NULL)); - check_write_success (output, (attrs, NULL)); -} - -static void -test_bool (void) -{ - const char *output = "[p11-kit-object-v1]\n" - "class: data\n" - "private: true\n" - "modifiable: false\n" - "application: \"test-persist\"\n\n"; - - CK_ATTRIBUTE attrs[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_PRIVATE, &truev, sizeof (truev) }, - { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, - { CKA_APPLICATION, "test-persist", 12 }, - { CKA_INVALID }, - }; - - check_read_success (output, (attrs, NULL)); - check_write_success (output, (attrs, NULL)); -} - -static void -test_oid (void) -{ - const char *output = "[p11-kit-object-v1]\n" - "class: data\n" - "object-id: 1.2.3.4\n\n"; - - CK_ATTRIBUTE attrs[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_OBJECT_ID, "\x06\x03*\x03\x04", 5 }, - { CKA_INVALID }, - }; - - check_read_success (output, (attrs, NULL)); - check_write_success (output, (attrs, NULL)); -} - -static void -test_constant (void) -{ - const char *output = "[p11-kit-object-v1]\n" - "class: data\n" - "certificate-type: x-509-attr-cert\n" - "key-type: rsa\n" - "x-assertion-type: x-pinned-certificate\n" - "certificate-category: authority\n" - "mechanism-type: rsa-pkcs-key-pair-gen\n" - "trust-server-auth: nss-trust-unknown\n\n"; - - CK_TRUST trust = CKT_NSS_TRUST_UNKNOWN; - CK_CERTIFICATE_TYPE type = CKC_X_509_ATTR_CERT; - CK_X_ASSERTION_TYPE ass = CKT_X_PINNED_CERTIFICATE; - CK_MECHANISM_TYPE mech = CKM_RSA_PKCS_KEY_PAIR_GEN; - CK_ULONG category = 2; - CK_KEY_TYPE key = CKK_RSA; - - CK_ATTRIBUTE attrs[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_CERTIFICATE_TYPE, &type, sizeof (type) }, - { CKA_KEY_TYPE, &key, sizeof (key) }, - { CKA_X_ASSERTION_TYPE, &ass, sizeof (ass) }, - { CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) }, - { CKA_MECHANISM_TYPE, &mech, sizeof (mech) }, - { CKA_TRUST_SERVER_AUTH, &trust, sizeof (trust) }, - { CKA_INVALID }, - }; - - check_read_success (output, (attrs, NULL)); - check_write_success (output, (attrs, NULL)); -} - -static void -test_unknown (void) -{ - const char *output = "[p11-kit-object-v1]\n" - "class: data\n" - "38383838: \"the-value-here\"\n\n"; - - CK_ATTRIBUTE attrs[] = { - { CKA_CLASS, &data, sizeof (data) }, - { 38383838, "the-value-here", 14 }, - { CKA_INVALID }, - }; - - check_read_success (output, (attrs, NULL)); - check_write_success (output, (attrs, NULL)); -} - -static void -test_multiple (void) -{ - const char *output = "[p11-kit-object-v1]\n" - "class: data\n" - "object-id: 1.2.3.4\n\n" - "[p11-kit-object-v1]\n" - "class: nss-trust\n" - "trust-server-auth: nss-trust-unknown\n\n"; - - CK_TRUST trust = CKT_NSS_TRUST_UNKNOWN; - - CK_ATTRIBUTE attrs1[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_OBJECT_ID, "\x06\x03*\x03\x04", 5 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE attrs2[] = { - { CKA_CLASS, &nss_trust, sizeof (nss_trust) }, - { CKA_TRUST_SERVER_AUTH, &trust, sizeof (trust) }, - { CKA_INVALID }, - }; - - check_read_success (output, (attrs1, attrs2, NULL)); - check_write_success (output, (attrs1, attrs2, NULL)); -} - -static void -test_pem_block (void) -{ - const char *output = "[p11-kit-object-v1]\n" - "id: \"292c92\"\n" - "trusted: true\n" - "-----BEGIN CERTIFICATE-----\n" - "MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG\n" - "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n" - "cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n" - "MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n" - "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt\n" - "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n" - "ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f\n" - "zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi\n" - "TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G\n" - "CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW\n" - "NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV\n" - "Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb\n" - "-----END CERTIFICATE-----\n" - "\n"; - - CK_ATTRIBUTE attrs[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_ID, "292c92", 6, }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_VALUE, (unsigned char *)&verisign_v1_ca, sizeof (verisign_v1_ca) }, - { CKA_TRUSTED, &truev, sizeof (truev) }, - { CKA_INVALID }, - }; - - check_read_success (output, (attrs, NULL)); - check_write_success (output, (attrs, NULL)); -} - -static void -test_pem_middle (void) -{ - const char *input = "[p11-kit-object-v1]\n" - "class: certificate\n" - "id: \"292c92\"\n" - "-----BEGIN CERTIFICATE-----\n" - "MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG\n" - "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n" - "cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n" - "MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n" - "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt\n" - "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n" - "ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f\n" - "zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi\n" - "TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G\n" - "CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW\n" - "NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV\n" - "Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb\n" - "-----END CERTIFICATE-----\n" - "\n" - "trusted: true"; - - CK_ATTRIBUTE expected[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_TRUSTED, &truev, sizeof (truev) }, - { CKA_VALUE, (unsigned char *)&verisign_v1_ca, sizeof (verisign_v1_ca) }, - { CKA_INVALID }, - }; - - check_read_success (input, (expected, NULL)); -} - -static void -test_pem_public_key (void) -{ - const char *output = "[p11-kit-object-v1]\n" - "id: \"292c92\"\n" - "-----BEGIN PUBLIC KEY-----\n" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryQICCl6NZ5gDKrnSztO\n" - "3Hy8PEUcuyvg/ikC+VcIo2SFFSf18a3IMYldIugqqqZCs4/4uVW3sbdLs/6PfgdX\n" - "7O9D22ZiFWHPYA2k2N744MNiCD1UE+tJyllUhSblK48bn+v1oZHCM0nYQ2NqUkvS\n" - "j+hwUU3RiWl7x3D2s9wSdNt7XUtW05a/FXehsPSiJfKvHJJnGOX0BgTvkLnkAOTd\n" - "OrUZ/wK69Dzu4IvrN4vs9Nes8vbwPa/ddZEzGR0cQMt0JBkhk9kU/qwqUseP1QRJ\n" - "5I1jR4g8aYPL/ke9K35PxZWuDp3U0UPAZ3PjFAh+5T+fc7gzCs9dPzSHloruU+gl\n" - "FQIDAQAB\n" - "-----END PUBLIC KEY-----\n\n"; - - CK_ATTRIBUTE attrs[] = { - { CKA_ID, "292c92", 6, }, - { CKA_PUBLIC_KEY_INFO, (unsigned char *)&example_public_key, sizeof (example_public_key) }, - { CKA_INVALID }, - }; - - check_read_success (output, (attrs, NULL)); - check_write_success (output, (attrs, NULL)); -} - - -static void -test_pem_invalid (void) -{ - const char *input = "[p11-kit-object-v1]\n" - "class: certificate\n" - "-----BEGIN CERT-----\n" - "MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG\n" - "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n" - "cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n" - "MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n" - "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt\n" - "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n" - "ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f\n" - "zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi\n" - "TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G\n" - "CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW\n" - "NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV\n" - "Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb\n" - "-----END CERTIFICATEXXX-----\n"; - - p11_message_quiet (); - - check_read_failure (input); - - p11_message_loud (); -} - -static void -test_pem_unsupported (void) -{ - const char *input = "[p11-kit-object-v1]\n" - "class: certificate\n" - "-----BEGIN BLOCK1-----\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" - "-----END BLOCK1-----\n"; - - p11_message_quiet (); - - check_read_failure (input); - - p11_message_loud (); -} - -static void -test_pem_first (void) -{ - const char *input = "-----BEGIN BLOCK1-----\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" - "-----END BLOCK1-----\n" - "[p11-kit-object-v1]\n" - "class: certificate\n"; - - p11_message_quiet (); - - check_read_failure (input); - - p11_message_loud (); -} - -static void -test_skip_unknown (void) -{ - const char *input = "[version-2]\n" - "class: data\n" - "object-id: 1.2.3.4\n" - "-----BEGIN BLOCK1-----\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" - "-----END BLOCK1-----\n" - "[p11-kit-object-v1]\n" - "class: nss-trust\n" - "trust-server-auth: nss-trust-unknown"; - - CK_TRUST trust = CKT_NSS_TRUST_UNKNOWN; - - CK_ATTRIBUTE expected2[] = { - { CKA_CLASS, &nss_trust, sizeof (nss_trust) }, - { CKA_TRUST_SERVER_AUTH, &trust, sizeof (trust) }, - { CKA_INVALID }, - }; - - p11_message_quiet (); - - check_read_success (input, (expected2, NULL)); - - p11_message_loud (); -} - -static void -test_bad_value (void) -{ - const char *input = "[p11-kit-object-v1]\n" - "class: data\n" - "value: \"%38%\"\n"; - - p11_message_quiet (); - - check_read_failure (input); - - p11_message_loud (); -} - -static void -test_bad_oid (void) -{ - const char *input = "[p11-kit-object-v1]\n" - "class: data\n" - "object-id: 1.2"; - - p11_message_quiet (); - - check_read_failure (input); - - p11_message_loud (); -} - -static void -test_bad_field (void) -{ - const char *input = "[p11-kit-object-v1]\n" - "class: data\n" - "invalid-field: true"; - - p11_message_quiet (); - - check_read_failure (input); - - p11_message_loud (); -} - -static void -test_attribute_first (void) -{ - const char *input = "class: data\n" - "[p11-kit-object-v1]\n" - "invalid-field: true"; - - p11_message_quiet (); - - check_read_failure (input); - - p11_message_loud (); -} - -static void -test_not_boolean (void) -{ - const char *output = "[p11-kit-object-v1]\n" - "private: \"x\"\n\n"; - - CK_ATTRIBUTE attrs[] = { - { CKA_PRIVATE, "x", 1 }, - { CKA_INVALID }, - }; - - check_write_success (output, (attrs, NULL)); -} - -static void -test_not_ulong (void) -{ - char buffer[sizeof (CK_ULONG) + 1]; - char *output; - - CK_ATTRIBUTE attrs[] = { - { CKA_BITS_PER_PIXEL, "xx", 2 }, - { CKA_VALUE, buffer, sizeof (CK_ULONG) }, - { CKA_INVALID }, - }; - - memset (buffer, 'x', sizeof (buffer)); - buffer[sizeof (CK_ULONG)] = 0; - - if (asprintf (&output, "[p11-kit-object-v1]\n" - "bits-per-pixel: \"xx\"\n" - "value: \"%s\"\n\n", buffer) < 0) - assert_not_reached (); - - check_write_success (output, (attrs, NULL)); - free (output); -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_magic, "/persist/magic"); - p11_test (test_simple, "/persist/simple"); - p11_test (test_number, "/persist/number"); - p11_test (test_bool, "/persist/bool"); - p11_test (test_oid, "/persist/oid"); - p11_test (test_constant, "/persist/constant"); - p11_test (test_unknown, "/persist/unknown"); - p11_test (test_multiple, "/persist/multiple"); - p11_test (test_pem_block, "/persist/pem_block"); - p11_test (test_pem_middle, "/persist/pem-middle"); - p11_test (test_pem_public_key, "/persist/pem-public-key"); - p11_test (test_pem_invalid, "/persist/pem_invalid"); - p11_test (test_pem_unsupported, "/persist/pem_unsupported"); - p11_test (test_pem_first, "/persist/pem_first"); - p11_test (test_bad_value, "/persist/bad_value"); - p11_test (test_bad_oid, "/persist/bad_oid"); - p11_test (test_bad_field, "/persist/bad_field"); - p11_test (test_skip_unknown, "/persist/skip_unknown"); - p11_test (test_attribute_first, "/persist/attribute_first"); - p11_test (test_not_boolean, "/persist/not-boolean"); - p11_test (test_not_ulong, "/persist/not-ulong"); - return p11_test_run (argc, argv); -} diff --git a/trust/test-save.c b/trust/test-save.c deleted file mode 100644 index 1de798d..0000000 --- a/trust/test-save.c +++ /dev/null @@ -1,595 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "test-trust.h" - -#include "attrs.h" -#include "compat.h" -#include "debug.h" -#include "dict.h" -#include "message.h" -#include "path.h" -#include "save.h" -#include "test.h" - -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -struct { - char *directory; -} test; - -static void -setup (void *unused) -{ - test.directory = p11_test_directory ("test-extract"); -} - -static void -teardown (void *unused) -{ - if (rmdir (test.directory) < 0) - assert_fail ("rmdir() failed", strerror (errno)); - free (test.directory); -} - -static void -write_zero_file (const char *directory, - const char *name) -{ - char *filename; - int res; - int fd; - - if (asprintf (&filename, "%s/%s", directory, name) < 0) - assert_not_reached (); - - fd = open (filename, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR); - assert (fd != -1); - res = close (fd); - assert (res >= 0); - - free (filename); -} - -static void -test_file_write (void) -{ - p11_save_file *file; - char *filename; - bool ret; - - if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0) - assert_not_reached (); - - file = p11_save_open_file (filename, NULL, 0); - assert_ptr_not_null (file); - - ret = p11_save_write_and_finish (file, test_cacert3_ca_der, sizeof (test_cacert3_ca_der)); - assert_num_eq (true, ret); - free (filename); - - test_check_file (test.directory, "extract-file", SRCDIR "/trust/fixtures/cacert3.der"); -} - -static void -test_file_exists (void) -{ - p11_save_file *file; - char *filename; - - if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0) - assert_not_reached (); - - write_zero_file (test.directory, "extract-file"); - - p11_message_quiet (); - - file = p11_save_open_file (filename, NULL, 0); - assert (file != NULL); - - if (p11_save_finish_file (file, NULL, true)) - assert_not_reached (); - - p11_message_loud (); - - unlink (filename); - free (filename); -} - -static void -test_file_bad_directory (void) -{ - p11_save_file *file; - char *filename; - - if (asprintf (&filename, "/non-existent/%s/%s", test.directory, "extract-file") < 0) - assert_not_reached (); - - p11_message_quiet (); - - file = p11_save_open_file (filename, NULL, 0); - assert (file == NULL); - - p11_message_loud (); - - free (filename); -} - -static void -test_file_overwrite (void) -{ - p11_save_file *file; - char *filename; - bool ret; - - if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0) - assert_not_reached (); - - write_zero_file (test.directory, "extract-file"); - - file = p11_save_open_file (filename, NULL, P11_SAVE_OVERWRITE); - assert_ptr_not_null (file); - - ret = p11_save_write_and_finish (file, test_cacert3_ca_der, sizeof (test_cacert3_ca_der)); - assert_num_eq (true, ret); - free (filename); - - test_check_file (test.directory, "extract-file", SRCDIR "/trust/fixtures/cacert3.der"); -} - -static void -test_file_unique (void) -{ - p11_save_file *file; - char *filename; - bool ret; - - if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0) - assert_not_reached (); - - write_zero_file (test.directory, "extract-file"); - - file = p11_save_open_file (filename, NULL, P11_SAVE_UNIQUE); - assert_ptr_not_null (file); - - ret = p11_save_write_and_finish (file, test_cacert3_ca_der, sizeof (test_cacert3_ca_der)); - assert_num_eq (true, ret); - free (filename); - - test_check_file (test.directory, "extract-file", SRCDIR "/trust/fixtures/empty-file"); - test_check_file (test.directory, "extract-file.1", SRCDIR "/trust/fixtures/cacert3.der"); -} - -static void -test_file_auto_empty (void) -{ - p11_save_file *file; - char *filename; - bool ret; - - if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0) - assert_not_reached (); - - file = p11_save_open_file (filename, NULL, 0); - assert_ptr_not_null (file); - - ret = p11_save_write_and_finish (file, NULL, -1); - assert_num_eq (true, ret); - free (filename); - - test_check_file (test.directory, "extract-file", SRCDIR "/trust/fixtures/empty-file"); -} - -static void -test_file_auto_length (void) -{ - p11_save_file *file; - char *filename; - bool ret; - - if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0) - assert_not_reached (); - - file = p11_save_open_file (filename, NULL, 0); - assert_ptr_not_null (file); - - ret = p11_save_write_and_finish (file, "The simple string is hairy", -1); - assert_num_eq (true, ret); - free (filename); - - test_check_file (test.directory, "extract-file", SRCDIR "/trust/fixtures/simple-string"); -} - -static void -test_write_with_null (void) -{ - bool ret; - - ret = p11_save_write (NULL, "test", 4); - assert_num_eq (false, ret); -} - -static void -test_write_and_finish_with_null (void) -{ - bool ret; - - ret = p11_save_write_and_finish (NULL, "test", 4); - assert_num_eq (false, ret); -} - -static void -test_file_abort (void) -{ - struct stat st; - p11_save_file *file; - char *filename; - char *path; - bool ret; - - if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0) - assert_not_reached (); - - file = p11_save_open_file (filename, NULL, 0); - assert_ptr_not_null (file); - - path = NULL; - ret = p11_save_finish_file (file, &path, false); - assert_num_eq (true, ret); - assert (path == NULL); - - if (stat (filename, &st) >= 0 || errno != ENOENT) - assert_fail ("file should not exist", filename); - - free (filename); -} - - -static void -test_directory_empty (void) -{ - p11_save_dir *dir; - char *subdir; - bool ret; - - if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0) - assert_not_reached (); - - dir = p11_save_open_directory (subdir, 0); - assert_ptr_not_null (dir); - - ret = p11_save_finish_directory (dir, true); - assert_num_eq (true, ret); - - test_check_directory (subdir, (NULL, NULL)); - - assert (rmdir (subdir) >= 0); - free (subdir); -} - -static void -test_directory_files (void) -{ - char *path; - char *check; - p11_save_file *file; - p11_save_dir *dir; - char *subdir; - bool ret; - - if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0) - assert_not_reached (); - - dir = p11_save_open_directory (subdir, 0); - assert_ptr_not_null (dir); - - file = p11_save_open_file_in (dir, "blah", ".cer"); - assert_ptr_not_null (file); - ret = p11_save_write (file, test_cacert3_ca_der, sizeof (test_cacert3_ca_der)); - assert_num_eq (true, ret); - ret = p11_save_finish_file (file, &path, true); - assert_num_eq (true, ret); - if (asprintf (&check, "%s/%s", subdir, "blah.cer") < 0) - assert_not_reached (); - assert_str_eq (check, path); - free (check); - free (path); - - file = p11_save_open_file_in (dir, "file", ".txt"); - assert_ptr_not_null (file); - ret = p11_save_write (file, test_text, strlen (test_text)); - assert_num_eq (true, ret); - ret = p11_save_finish_file (file, &path, true); - assert_num_eq (true, ret); - if (asprintf (&check, "%s/%s", subdir, "file.txt") < 0) - assert_not_reached (); - assert_str_eq (check, path); - free (check); - free (path); - -#ifdef OS_UNIX - ret = p11_save_symlink_in (dir, "link", ".ext", "/the/destination"); - assert_num_eq (true, ret); -#endif - - ret = p11_save_finish_directory (dir, true); - assert_num_eq (true, ret); - - test_check_directory (subdir, ("blah.cer", "file.txt", -#ifdef OS_UNIX - "link.ext", -#endif - NULL)); - test_check_file (subdir, "blah.cer", SRCDIR "/trust/fixtures/cacert3.der"); - test_check_data (subdir, "file.txt", test_text, strlen (test_text)); -#ifdef OS_UNIX - test_check_symlink (subdir, "link.ext", "/the/destination"); -#endif - - assert (rmdir (subdir) >= 0); - free (subdir); -} - -static void -test_directory_dups (void) -{ - char *path; - char *check; - p11_save_file *file; - p11_save_dir *dir; - char *subdir; - bool ret; - - if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0) - assert_not_reached (); - - dir = p11_save_open_directory (subdir, 0); - assert_ptr_not_null (dir); - - file = p11_save_open_file_in (dir, "file", ".txt"); - assert_ptr_not_null (file); - ret = p11_save_write (file, test_text, 5); - assert_num_eq (true, ret); - ret = p11_save_finish_file (file, &path, true); - assert_num_eq (true, ret); - if (asprintf (&check, "%s/%s", subdir, "file.txt") < 0) - assert_not_reached (); - assert_str_eq (check, path); - free (check); - free (path); - - file = p11_save_open_file_in (dir, "file", ".txt"); - assert_ptr_not_null (file); - ret = p11_save_write (file, test_text, 10); - assert_num_eq (true, ret); - ret = p11_save_finish_file (file, &path, true); - assert_num_eq (true, ret); - if (asprintf (&check, "%s/%s", subdir, "file.1.txt") < 0) - assert_not_reached (); - assert_str_eq (check, path); - free (check); - free (path); - - ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "file", ".txt"), - test_text, 15); - assert_num_eq (true, ret); - - ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "no-ext", NULL), - test_text, 8); - assert_num_eq (true, ret); - - ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "no-ext", NULL), - test_text, 16); - assert_num_eq (true, ret); - - ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "with-num", ".0"), - test_text, 14); - assert_num_eq (true, ret); - - ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "with-num", ".0"), - test_text, 15); - assert_num_eq (true, ret); - -#ifdef OS_UNIX - ret = p11_save_symlink_in (dir, "link", ".0", "/destination1"); - assert_num_eq (true, ret); - - ret = p11_save_symlink_in (dir, "link", ".0", "/destination2"); - assert_num_eq (true, ret); -#endif - - ret = p11_save_finish_directory (dir, true); - assert_num_eq (true, ret); - - test_check_directory (subdir, ("file.txt", "file.1.txt", "file.2.txt", - "no-ext", "no-ext.1", - "with-num.0", "with-num.1", -#ifdef OS_UNIX - "link.0", "link.1", -#endif - NULL)); - test_check_data (subdir, "file.txt", test_text, 5); - test_check_data (subdir, "file.1.txt", test_text, 10); - test_check_data (subdir, "file.2.txt", test_text, 15); - test_check_data (subdir, "no-ext", test_text, 8); - test_check_data (subdir, "no-ext.1", test_text, 16); - test_check_data (subdir, "with-num.0", test_text, 14); - test_check_data (subdir, "with-num.1", test_text, 15); -#ifdef OS_UNIX - test_check_symlink (subdir, "link.0", "/destination1"); - test_check_symlink (subdir, "link.1", "/destination2"); -#endif - - assert (rmdir (subdir) >= 0); - free (subdir); -} - -static void -test_directory_exists (void) -{ - p11_save_dir *dir; - char *subdir; - - if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0) - assert_not_reached (); - -#ifdef OS_UNIX - if (mkdir (subdir, S_IRWXU) < 0) -#else - if (mkdir (subdir) < 0) -#endif - assert_fail ("mkdir() failed", subdir); - - p11_message_quiet (); - - dir = p11_save_open_directory (subdir, 0); - assert_ptr_eq (NULL, dir); - - p11_message_loud (); - - rmdir (subdir); - free (subdir); -} - -static void -test_directory_overwrite (void) -{ - char *path; - char *check; - p11_save_file *file; - p11_save_dir *dir; - char *subdir; - bool ret; - - if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0) - assert_not_reached (); - - /* Some initial files into this directory, which get overwritten */ - dir = p11_save_open_directory (subdir, 0); - ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "file", ".txt"), "", 0) && - p11_save_write_and_finish (p11_save_open_file_in (dir, "another-file", NULL), "", 0) && - p11_save_write_and_finish (p11_save_open_file_in (dir, "third-file", NULL), "", 0) && - p11_save_finish_directory (dir, true); - assert (ret && dir); - - /* Now the actual test, using the same directory */ - dir = p11_save_open_directory (subdir, P11_SAVE_OVERWRITE); - assert_ptr_not_null (dir); - - file = p11_save_open_file_in (dir, "blah", ".cer"); - assert_ptr_not_null (file); - ret = p11_save_write (file, test_cacert3_ca_der, sizeof (test_cacert3_ca_der)); - assert_num_eq (true, ret); - ret = p11_save_finish_file (file, &path, true); - assert_num_eq (true, ret); - if (asprintf (&check, "%s/%s", subdir, "blah.cer") < 0) - assert_not_reached (); - assert_str_eq (check, path); - free (check); - free (path); - - file = p11_save_open_file_in (dir, "file", ".txt"); - assert_ptr_not_null (file); - ret = p11_save_write (file, test_text, strlen (test_text)); - assert_num_eq (true, ret); - ret = p11_save_finish_file (file, &path, true); - assert_num_eq (true, ret); - if (asprintf (&check, "%s/%s", subdir, "file.txt") < 0) - assert_not_reached (); - assert_str_eq (check, path); - free (check); - free (path); - - file = p11_save_open_file_in (dir, "file", ".txt"); - assert_ptr_not_null (file); - ret = p11_save_write (file, test_text, 10); - assert_num_eq (true, ret); - ret = p11_save_finish_file (file, &path, true); - assert_num_eq (true, ret); - if (asprintf (&check, "%s/%s", subdir, "file.1.txt") < 0) - assert_not_reached (); - assert_str_eq (check, path); - free (check); - free (path); - - ret = p11_save_finish_directory (dir, true); - assert_num_eq (true, ret); - - test_check_directory (subdir, ("blah.cer", "file.txt", "file.1.txt", NULL)); - test_check_data (subdir, "blah.cer", test_cacert3_ca_der, sizeof (test_cacert3_ca_der)); - test_check_data (subdir, "file.txt", test_text, strlen (test_text)); - test_check_data (subdir, "file.1.txt", test_text, 10); - - assert (rmdir (subdir) >= 0); - free (subdir); -} - -int -main (int argc, - char *argv[]) -{ - p11_fixture (setup, teardown); - p11_test (test_file_write, "/save/test_file_write"); - p11_test (test_file_exists, "/save/test_file_exists"); - p11_test (test_file_bad_directory, "/save/test_file_bad_directory"); - p11_test (test_file_overwrite, "/save/test_file_overwrite"); - p11_test (test_file_unique, "/save/file-unique"); - p11_test (test_file_auto_empty, "/save/test_file_auto_empty"); - p11_test (test_file_auto_length, "/save/test_file_auto_length"); - - p11_fixture (NULL, NULL); - p11_test (test_write_with_null, "/save/test_write_with_null"); - p11_test (test_write_and_finish_with_null, "/save/test_write_and_finish_with_null"); - - p11_fixture (setup, teardown); - p11_test (test_file_abort, "/save/test_file_abort"); - - p11_test (test_directory_empty, "/save/test_directory_empty"); - p11_test (test_directory_files, "/save/test_directory_files"); - p11_test (test_directory_dups, "/save/test_directory_dups"); - p11_test (test_directory_exists, "/save/test_directory_exists"); - p11_test (test_directory_overwrite, "/save/test_directory_overwrite"); - return p11_test_run (argc, argv); -} diff --git a/trust/test-token.c b/trust/test-token.c deleted file mode 100644 index d4c89ce..0000000 --- a/trust/test-token.c +++ /dev/null @@ -1,793 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" -#include "test-trust.h" - -#include -#include -#include - -#include "attrs.h" -#include "debug.h" -#include "parser.h" -#include "path.h" -#include "pkcs11x.h" -#include "message.h" -#include "token.h" - -static CK_OBJECT_CLASS certificate = CKO_CERTIFICATE; -static CK_OBJECT_CLASS data = CKO_DATA; -static CK_BBOOL falsev = CK_FALSE; -static CK_BBOOL truev = CK_TRUE; - -struct { - p11_token *token; - p11_index *index; - p11_parser *parser; - char *directory; -} test; - -static void -setup (void *path) -{ - test.token = p11_token_new (333, path, "Label"); - assert_ptr_not_null (test.token); - - test.index = p11_token_index (test.token); - assert_ptr_not_null (test.token); - - test.parser = p11_token_parser (test.token); - assert_ptr_not_null (test.parser); -} - -static void -setup_temp (void *unused) -{ - test.directory = p11_test_directory ("test-module"); - setup (test.directory); -} - -static void -teardown (void *path) -{ - p11_token_free (test.token); - memset (&test, 0, sizeof (test)); -} - -static void -teardown_temp (void *unused) -{ - p11_test_directory_delete (test.directory); - teardown (test.directory); - free (test.directory); -} - -static void -test_token_load (void *path) -{ - p11_index *index; - int count; - - count = p11_token_load (test.token); - assert_num_eq (6, count); - - /* A certificate and trust object for each parsed object */ - index = p11_token_index (test.token); - assert (((count - 1) * 2) + 1 <= p11_index_size (index)); -} - -static void -test_token_flags (void *path) -{ - /* - * blacklist comes from the input/distrust.pem file. It is not in the blacklist - * directory, but is an OpenSSL trusted certificate file, and is marked - * in the blacklist style for OpenSSL. - */ - - CK_ATTRIBUTE blacklist[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_LABEL, "Red Hat Is the CA", 17 }, - { CKA_SERIAL_NUMBER, "\x02\x01\x01", 3 }, - { CKA_TRUSTED, &falsev, sizeof (falsev) }, - { CKA_X_DISTRUSTED, &truev, sizeof (truev) }, - { CKA_INVALID }, - }; - - /* - * blacklist2 comes from the input/blacklist/self-server.der file. It is - * explicitly put on the blacklist, even though it containts no trust - * policy information. - */ - - const unsigned char self_server_subject[] = { - 0x30, 0x4b, 0x31, 0x13, 0x30, 0x11, 0x06, 0x0a, 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, - 0x01, 0x19, 0x16, 0x03, 0x43, 0x4f, 0x4d, 0x31, 0x17, 0x30, 0x15, 0x06, 0x0a, 0x09, 0x92, 0x26, - 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x19, 0x16, 0x07, 0x45, 0x58, 0x41, 0x4d, 0x50, 0x4c, 0x45, - 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x73, 0x65, 0x72, 0x76, 0x65, - 0x72, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, - }; - - CK_ATTRIBUTE blacklist2[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_SUBJECT, (void *)self_server_subject, sizeof (self_server_subject) }, - { CKA_TRUSTED, &falsev, sizeof (falsev) }, - { CKA_X_DISTRUSTED, &truev, sizeof (truev) }, - { CKA_INVALID }, - }; - - /* - * anchor comes from the input/anchors/cacert3.der file. It is - * explicitly marked as an anchor, even though it containts no trust - * policy information. - */ - - CK_ATTRIBUTE anchor[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_TRUSTED, &truev, sizeof (truev) }, - { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, - { CKA_INVALID }, - }; - - const unsigned char cacert_root_subject[] = { - 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, 0x6f, - 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68, - 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, - 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x43, - 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x41, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, - 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, - }; - - /* - * notrust comes from the input/cacert-ca.der file. It contains no - * trust information, and is not explicitly marked as an anchor, so - * it's neither trusted or distrusted. - */ - - CK_ATTRIBUTE notrust[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_SUBJECT, (void *)cacert_root_subject, sizeof (cacert_root_subject) }, - { CKA_TRUSTED, &falsev, sizeof (falsev) }, - { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *expected[] = { - anchor, - blacklist, - blacklist2, - notrust, - NULL, - }; - - CK_OBJECT_HANDLE handle; - CK_ATTRIBUTE *object; - int i; - - if (p11_token_load (test.token) < 0) - assert_not_reached (); - - /* The other objects */ - for (i = 0; expected[i]; i++) { - handle = p11_index_find (p11_token_index (test.token), expected[i], 2); - assert (handle != 0); - - object = p11_index_lookup (p11_token_index (test.token), handle); - assert_ptr_not_null (object); - - test_check_attrs (expected[i], object); - } -} - -static void -test_token_path (void *path) -{ - assert_str_eq (path, p11_token_get_path (test.token)); -} - -static void -test_token_label (void *path) -{ - assert_str_eq ("Label", p11_token_get_label (test.token)); -} - -static void -test_token_slot (void *path) -{ - assert_num_eq (333, p11_token_get_slot (test.token)); -} - -static void -test_not_writable (void) -{ - p11_token *token; - -#ifdef OS_UNIX - if (getuid () != 0) { -#endif - token = p11_token_new (333, "/", "Label"); - assert (!p11_token_is_writable (token)); - p11_token_free (token); -#ifdef OS_UNIX - } -#endif - - token = p11_token_new (333, "", "Label"); - assert (!p11_token_is_writable (token)); - p11_token_free (token); - - token = p11_token_new (333, "/non-existant", "Label"); - assert (!p11_token_is_writable (token)); - p11_token_free (token); -} - -static void -test_writable_exists (void) -{ - /* A writable directory since we created it */ - assert (p11_token_is_writable (test.token)); -} - -static void -test_writable_no_exist (void) -{ - char *directory; - p11_token *token; - char *path; - - directory = p11_test_directory ("test-module"); - - path = p11_path_build (directory, "subdir", NULL); - assert (path != NULL); - - token = p11_token_new (333, path, "Label"); - free (path); - - /* A writable directory since parent is writable */ - assert (p11_token_is_writable (token)); - - p11_token_free (token); - - if (rmdir (directory) < 0) - assert_not_reached (); - - free (directory); -} - -static void -test_load_already (void) -{ - CK_ATTRIBUTE cert[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_INVALID }, - }; - - CK_OBJECT_HANDLE handle; - int ret; - - p11_test_file_write (test.directory, "test.cer", test_cacert3_ca_der, - sizeof (test_cacert3_ca_der)); - - ret = p11_token_load (test.token); - assert_num_eq (ret, 1); - handle = p11_index_find (test.index, cert, -1); - assert (handle != 0); - - /* Have to wait to make sure changes are detected */ - p11_sleep_ms (1100); - - ret = p11_token_load (test.token); - assert_num_eq (ret, 0); - assert_num_eq (p11_index_find (test.index, cert, -1), handle); -} - -static void -test_load_unreadable (void) -{ - CK_ATTRIBUTE cert[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_INVALID }, - }; - - int ret; - - p11_test_file_write (test.directory, "test.cer", test_cacert3_ca_der, - sizeof (test_cacert3_ca_der)); - - ret = p11_token_load (test.token); - assert_num_eq (ret, 1); - assert (p11_index_find (test.index, cert, -1) != 0); - - p11_test_file_write (test.directory, "test.cer", "", 0); - - /* Have to wait to make sure changes are detected */ - p11_sleep_ms (1100); - - ret = p11_token_load (test.token); - assert_num_eq (ret, 0); - assert (p11_index_find (test.index, cert, -1) == 0); -} - -static void -test_load_gone (void) -{ - CK_ATTRIBUTE cert[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_INVALID }, - }; - - int ret; - - p11_test_file_write (test.directory, "test.cer", test_cacert3_ca_der, - sizeof (test_cacert3_ca_der)); - - ret = p11_token_load (test.token); - assert_num_eq (ret, 1); - assert (p11_index_find (test.index, cert, -1) != 0); - - p11_test_file_delete (test.directory, "test.cer"); - - /* Have to wait to make sure changes are detected */ - p11_sleep_ms (1100); - - ret = p11_token_load (test.token); - assert_num_eq (ret, 0); - assert (p11_index_find (test.index, cert, -1) == 0); -} - -static void -test_load_found (void) -{ - CK_ATTRIBUTE cert[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_INVALID }, - }; - - int ret; - - ret = p11_token_load (test.token); - assert_num_eq (ret, 0); - assert (p11_index_find (test.index, cert, -1) == 0); - - /* Have to wait to make sure changes are detected */ - p11_sleep_ms (1100); - - p11_test_file_write (test.directory, "test.cer", test_cacert3_ca_der, - sizeof (test_cacert3_ca_der)); - - ret = p11_token_load (test.token); - assert_num_eq (ret, 1); - assert (p11_index_find (test.index, cert, -1) != 0); -} - -static void -test_reload_changed (void) -{ - CK_ATTRIBUTE cacert3[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE verisign[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_OBJECT_HANDLE handle; - int ret; - - /* Just one file */ - p11_test_file_write (test.directory, "test.cer", test_cacert3_ca_der, - sizeof (test_cacert3_ca_der)); - - ret = p11_token_load (test.token); - assert_num_eq (ret, 1); - handle = p11_index_find (test.index, cacert3, -1); - assert (handle != 0); - - /* Replace the file with verisign */ - p11_test_file_write (test.directory, "test.cer", verisign_v1_ca, - sizeof (verisign_v1_ca)); - - /* Add another file with cacert3, but not reloaded */ - p11_test_file_write (test.directory, "another.cer", test_cacert3_ca_der, - sizeof (test_cacert3_ca_der)); - - attrs = p11_index_lookup (test.index, handle); - assert_ptr_not_null (attrs); - if (!p11_token_reload (test.token, attrs)) - assert_not_reached (); - - assert (p11_index_find (test.index, cacert3, -1) == 0); - assert (p11_index_find (test.index, verisign, -1) != 0); -} - -static void -test_reload_gone (void) -{ - CK_ATTRIBUTE cacert3[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE verisign[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE *attrs; - CK_OBJECT_HANDLE handle; - int ret; - - /* Just one file */ - p11_test_file_write (test.directory, "cacert3.cer", test_cacert3_ca_der, - sizeof (test_cacert3_ca_der)); - p11_test_file_write (test.directory, "verisign.cer", verisign_v1_ca, - sizeof (verisign_v1_ca)); - - ret = p11_token_load (test.token); - assert_num_eq (ret, 2); - handle = p11_index_find (test.index, cacert3, -1); - assert (handle != 0); - assert (p11_index_find (test.index, verisign, -1) != 0); - - p11_test_file_delete (test.directory, "cacert3.cer"); - p11_test_file_delete (test.directory, "verisign.cer"); - - attrs = p11_index_lookup (test.index, handle); - assert_ptr_not_null (attrs); - if (p11_token_reload (test.token, attrs)) - assert_not_reached (); - - assert (p11_index_find (test.index, cacert3, -1) == 0); - assert (p11_index_find (test.index, verisign, -1) != 0); -} - -static void -test_reload_no_origin (void) -{ - CK_ATTRIBUTE cacert3[] = { - { CKA_CLASS, &certificate, sizeof (certificate) }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_INVALID }, - }; - - if (p11_token_reload (test.token, cacert3)) - assert_not_reached (); -} - -static void -test_write_new (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "Yay!", 4 }, - { CKA_VALUE, "eight", 5 }, - { CKA_TOKEN, &truev, sizeof (truev) }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE expected[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "Yay!", 4 }, - { CKA_VALUE, "eight", 5 }, - { CKA_APPLICATION, "", 0 }, - { CKA_OBJECT_ID, "", 0 }, - { CKA_INVALID } - }; - - CK_OBJECT_HANDLE handle; - p11_array *parsed; - char *path; - CK_RV rv; - int ret; - - rv = p11_index_add (test.index, original, 4, &handle); - assert_num_eq (rv, CKR_OK); - - /* The expected file name */ - path = p11_path_build (test.directory, "Yay_.p11-kit", NULL); - ret = p11_parse_file (test.parser, path, NULL, 0); - assert_num_eq (ret, P11_PARSE_SUCCESS); - free (path); - - parsed = p11_parser_parsed (test.parser); - assert_num_eq (parsed->num, 1); - - test_check_attrs (expected, parsed->elem[0]); -} - -static void -test_write_no_label (void) -{ - CK_ATTRIBUTE original[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_VALUE, "eight", 5 }, - { CKA_TOKEN, &truev, sizeof (truev) }, - { CKA_INVALID } - }; - - CK_ATTRIBUTE expected[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "", 0 }, - { CKA_VALUE, "eight", 5 }, - { CKA_APPLICATION, "", 0 }, - { CKA_OBJECT_ID, "", 0 }, - { CKA_INVALID } - }; - - CK_OBJECT_HANDLE handle; - p11_array *parsed; - char *path; - CK_RV rv; - int ret; - - rv = p11_index_add (test.index, original, 4, &handle); - assert_num_eq (rv, CKR_OK); - - /* The expected file name */ - path = p11_path_build (test.directory, "data.p11-kit", NULL); - ret = p11_parse_file (test.parser, path, NULL, 0); - assert_num_eq (ret, P11_PARSE_SUCCESS); - free (path); - - parsed = p11_parser_parsed (test.parser); - assert_num_eq (parsed->num, 1); - - test_check_attrs (expected, parsed->elem[0]); -} - -static void -test_modify_multiple (void) -{ - const char *test_data = - "[p11-kit-object-v1]\n" - "class: data\n" - "label: \"first\"\n" - "value: \"1\"\n" - "\n" - "[p11-kit-object-v1]\n" - "class: data\n" - "label: \"second\"\n" - "value: \"2\"\n" - "\n" - "[p11-kit-object-v1]\n" - "class: data\n" - "label: \"third\"\n" - "value: \"3\"\n"; - - CK_ATTRIBUTE first[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "first", 5 }, - { CKA_VALUE, "1", 1 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE second[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "zwei", 4 }, - { CKA_VALUE, "2", 2 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE third[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "third", 5 }, - { CKA_VALUE, "3", 1 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE match = { CKA_LABEL, "second", 6 }; - - CK_OBJECT_HANDLE handle; - p11_array *parsed; - char *path; - int ret; - CK_RV rv; - - p11_test_file_write (test.directory, "Test.p11-kit", test_data, strlen (test_data)); - - /* Reload now that we have this new file */ - p11_token_load (test.token); - - handle = p11_index_find (test.index, &match, 1); - - rv = p11_index_update (test.index, handle, p11_attrs_dup (second)); - assert_num_eq (rv, CKR_OK); - - /* Now read in the file and make sure it has all the objects */ - path = p11_path_build (test.directory, "Test.p11-kit", NULL); - ret = p11_parse_file (test.parser, path, NULL, 0); - assert_num_eq (ret, P11_PARSE_SUCCESS); - free (path); - - parsed = p11_parser_parsed (test.parser); - assert_num_eq (parsed->num, 3); - - /* The modified one will be first */ - test_check_attrs (second, parsed->elem[0]); - test_check_attrs (first, parsed->elem[1]); - test_check_attrs (third, parsed->elem[2]); -} - -static void -test_remove_one (void) -{ - const char *test_data = - "[p11-kit-object-v1]\n" - "class: data\n" - "label: \"first\"\n" - "value: \"1\"\n" - "\n"; - - CK_ATTRIBUTE match = { CKA_LABEL, "first", 5 }; - - CK_OBJECT_HANDLE handle; - CK_RV rv; - - p11_test_file_write (test.directory, "Test.p11-kit", test_data, strlen (test_data)); - test_check_directory (test.directory, ("Test.p11-kit", NULL)); - - /* Reload now that we have this new file */ - p11_token_load (test.token); - - handle = p11_index_find (test.index, &match, 1); - assert_num_cmp (handle, !=, 0); - - rv = p11_index_remove (test.index, handle); - assert_num_eq (rv, CKR_OK); - - /* No other files in the test directory, all files gone */ - test_check_directory (test.directory, (NULL, NULL)); -} - -static void -test_remove_multiple (void) -{ - const char *test_data = - "[p11-kit-object-v1]\n" - "class: data\n" - "label: \"first\"\n" - "value: \"1\"\n" - "\n" - "[p11-kit-object-v1]\n" - "class: data\n" - "label: \"second\"\n" - "value: \"2\"\n" - "\n" - "[p11-kit-object-v1]\n" - "class: data\n" - "label: \"third\"\n" - "value: \"3\"\n"; - - CK_ATTRIBUTE first[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "first", 5 }, - { CKA_VALUE, "1", 1 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE third[] = { - { CKA_CLASS, &data, sizeof (data) }, - { CKA_LABEL, "third", 5 }, - { CKA_VALUE, "3", 1 }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE match = { CKA_LABEL, "second", 6 }; - - CK_OBJECT_HANDLE handle; - p11_array *parsed; - char *path; - int ret; - CK_RV rv; - - p11_test_file_write (test.directory, "Test.p11-kit", test_data, strlen (test_data)); - - /* Reload now that we have this new file */ - p11_token_load (test.token); - - handle = p11_index_find (test.index, &match, 1); - assert_num_cmp (handle, !=, 0); - - rv = p11_index_remove (test.index, handle); - assert_num_eq (rv, CKR_OK); - - /* Now read in the file and make sure it has all the objects */ - path = p11_path_build (test.directory, "Test.p11-kit", NULL); - ret = p11_parse_file (test.parser, path, NULL, 0); - assert_num_eq (ret, P11_PARSE_SUCCESS); - free (path); - - parsed = p11_parser_parsed (test.parser); - assert_num_eq (parsed->num, 2); - - /* The modified one will be first */ - test_check_attrs (first, parsed->elem[0]); - test_check_attrs (third, parsed->elem[1]); -} - -int -main (int argc, - char *argv[]) -{ - p11_fixture (setup, teardown); - p11_testx (test_token_load, SRCDIR "/trust/input", "/token/load"); - p11_testx (test_token_flags, SRCDIR "/trust/input", "/token/flags"); - p11_testx (test_token_path, "/wheee", "/token/path"); - p11_testx (test_token_label, "/wheee", "/token/label"); - p11_testx (test_token_slot, "/unneeded", "/token/slot"); - - p11_fixture (NULL, NULL); - p11_test (test_not_writable, "/token/not-writable"); - p11_test (test_writable_no_exist, "/token/writable-no-exist"); - - p11_fixture (setup_temp, teardown_temp); - p11_test (test_writable_exists, "/token/writable-exists"); - p11_test (test_load_found, "/token/load-found"); - p11_test (test_load_already, "/token/load-already"); - p11_test (test_load_unreadable, "/token/load-unreadable"); - p11_test (test_load_gone, "/token/load-gone"); - p11_test (test_reload_changed, "/token/reload-changed"); - p11_test (test_reload_gone, "/token/reload-gone"); - p11_test (test_reload_no_origin, "/token/reload-no-origin"); - p11_test (test_write_new, "/token/write-new"); - p11_test (test_write_no_label, "/token/write-no-label"); - p11_test (test_modify_multiple, "/token/modify-multiple"); - p11_test (test_remove_one, "/token/remove-one"); - p11_test (test_remove_multiple, "/token/remove-multiple"); - - return p11_test_run (argc, argv); -} diff --git a/trust/test-trust.c b/trust/test-trust.c deleted file mode 100644 index 802007d..0000000 --- a/trust/test-trust.c +++ /dev/null @@ -1,333 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "attrs.h" -#include "debug.h" -#include "message.h" -#include "path.h" -#include "test.h" - -#include "test-trust.h" - -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#ifdef OS_UNIX -#include -#endif - -void -test_check_object_msg (const char *file, - int line, - const char *function, - CK_ATTRIBUTE *attrs, - CK_OBJECT_CLASS klass, - const char *label) -{ - CK_BBOOL vfalse = CK_FALSE; - - CK_ATTRIBUTE expected[] = { - { CKA_PRIVATE, &vfalse, sizeof (vfalse) }, - { CKA_CLASS, &klass, sizeof (klass) }, - { label ? CKA_LABEL : CKA_INVALID, (void *)label, label ? strlen (label) : 0 }, - { CKA_INVALID }, - }; - - test_check_attrs_msg (file, line, function, expected, attrs); -} - -void -test_check_cacert3_ca_msg (const char *file, - int line, - const char *function, - CK_ATTRIBUTE *attrs, - const char *label) -{ - CK_CERTIFICATE_TYPE x509 = CKC_X_509; - CK_ULONG category = 2; /* authority */ - - CK_ATTRIBUTE expected[] = { - { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, - { CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_CHECK_VALUE, "\xad\x7c\x3f", 3 }, - { CKA_START_DATE, "20110523", 8 }, - { CKA_END_DATE, "20210520", 8, }, - { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, - { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, - { CKA_INVALID }, - }; - - test_check_object_msg (file, line, function, attrs, CKO_CERTIFICATE, label); - test_check_attrs_msg (file, line, function, expected, attrs); -} - -void -test_check_id_msg (const char *file, - int line, - const char *function, - CK_ATTRIBUTE *expected, - CK_ATTRIBUTE *attr) -{ - CK_ATTRIBUTE *one; - CK_ATTRIBUTE *two; - - one = p11_attrs_find (expected, CKA_ID); - two = p11_attrs_find (attr, CKA_ID); - - test_check_attr_msg (file, line, function, CKA_INVALID, one, two); -} - -void -test_check_attrs_msg (const char *file, - int line, - const char *function, - CK_ATTRIBUTE *expected, - CK_ATTRIBUTE *attrs) -{ - CK_OBJECT_CLASS klass; - CK_ATTRIBUTE *attr; - - assert (expected != NULL); - - if (!p11_attrs_find_ulong (expected, CKA_CLASS, &klass)) - klass = CKA_INVALID; - - while (!p11_attrs_terminator (expected)) { - attr = p11_attrs_find (attrs, expected->type); - test_check_attr_msg (file, line, function, klass, expected, attr); - expected++; - } -} - -void -test_check_attr_msg (const char *file, - int line, - const char *function, - CK_OBJECT_CLASS klass, - CK_ATTRIBUTE *expected, - CK_ATTRIBUTE *attr) -{ - assert (expected != NULL); - - if (attr == NULL) { - p11_test_fail (file, line, function, - "attribute does not match: (expected %s but found NULL)", - p11_attr_to_string (expected, klass)); - } - - if (!p11_attr_equal (attr, expected)) { - p11_test_fail (file, line, function, - "attribute does not match: (expected %s but found %s)", - p11_attr_to_string (expected, klass), - attr ? p11_attr_to_string (attr, klass) : "(null)"); - } -} - -static char * -read_file (const char *file, - int line, - const char *function, - const char *filename, - long *len) -{ - struct stat sb; - FILE *f = NULL; - char *data; - - f = fopen (filename, "rb"); - if (f == NULL) - p11_test_fail (file, line, function, "Couldn't open file: %s", filename); - - /* Figure out size */ - if (stat (filename, &sb) < 0) - p11_test_fail (file, line, function, "Couldn't stat file: %s", filename); - - *len = sb.st_size; - data = malloc (*len ? *len : 1); - assert (data != NULL); - - /* And read in one block */ - if (fread (data, 1, *len, f) != *len) - p11_test_fail (file, line, function, "Couldn't read file: %s", filename); - - fclose (f); - - return data; -} - -void -test_check_file_msg (const char *file, - int line, - const char *function, - const char *directory, - const char *name, - const char *reference) -{ - char *refdata; - long reflen; - - refdata = read_file (file, line, function, reference, &reflen); - test_check_data_msg (file, line, function, directory, name, refdata, reflen); - free (refdata); -} - -void -test_check_data_msg (const char *file, - int line, - const char *function, - const char *directory, - const char *name, - const void *refdata, - long reflen) -{ - char *filedata; - char *filename; - long filelen; - - if (asprintf (&filename, "%s/%s", directory, name) < 0) - assert_not_reached (); - - filedata = read_file (file, line, function, filename, &filelen); - - if (filelen != reflen || memcmp (filedata, refdata, reflen) != 0) - p11_test_fail (file, line, function, "File contents not as expected: %s", filename); - - if (unlink (filename) < 0) - p11_test_fail (file, line, function, "Couldn't remove file: %s", filename); - free (filename); - free (filedata); -} - -#ifdef OS_UNIX - -void -test_check_symlink_msg (const char *file, - int line, - const char *function, - const char *directory, - const char *name, - const char *destination) -{ - char buf[1024] = { 0, }; - char *filename; - - if (asprintf (&filename, "%s/%s", directory, name) < 0) - assert_not_reached (); - - if (readlink (filename, buf, sizeof (buf)) < 0) - p11_test_fail (file, line, function, "Couldn't read symlink: %s", filename); - - if (strcmp (destination, buf) != 0) - p11_test_fail (file, line, function, "Symlink contents wrong: %s != %s", destination, buf); - - if (unlink (filename) < 0) - p11_test_fail (file, line, function, "Couldn't remove symlink: %s", filename); - free (filename); -} - -#endif /* OS_UNIX */ - -p11_dict * -test_check_directory_files (const char *file, - ...) -{ - p11_dict *files; - va_list va; - - files = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); - - va_start (va, file); - - while (file != NULL) { - if (!p11_dict_set (files, (void *)file, (void *)file)) - return_val_if_reached (NULL); - file = va_arg (va, const char *); - } - - va_end (va); - - return files; -} - -void -test_check_directory_msg (const char *file, - int line, - const char *function, - const char *directory, - p11_dict *files) -{ - p11_dictiter iter; - struct dirent *dp; - const char *name; - DIR *dir; - - dir = opendir (directory); - if (dir == NULL) - p11_test_fail (file ,line, function, "Couldn't open directory: %s", directory); - - while ((dp = readdir (dir)) != NULL) { - if (strcmp (dp->d_name, ".") == 0 || - strcmp (dp->d_name, "..") == 0) - continue; - - if (!p11_dict_remove (files, dp->d_name)) - p11_test_fail (file, line, function, "Unexpected file in directory: %s", dp->d_name); - } - - closedir (dir); - -#ifdef OS_UNIX - if (chmod (directory, S_IRWXU) < 0) - p11_test_fail (file, line, function, "couldn't chown directory: %s: %s", directory, strerror (errno)); -#endif - - p11_dict_iterate (files, &iter); - while (p11_dict_next (&iter, (void **)&name, NULL)) - p11_test_fail (file, line, function, "Couldn't find file in directory: %s", name); - - p11_dict_free (files); -} diff --git a/trust/test-trust.h b/trust/test-trust.h deleted file mode 100644 index 81c779c..0000000 --- a/trust/test-trust.h +++ /dev/null @@ -1,431 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "dict.h" -#include "pkcs11.h" -#include "test.h" - -#include -#include - -#ifndef TEST_DATA_H_ -#define TEST_DATA_H_ - -#define test_check_object(attrs, klass, label) \ - test_check_object_msg (__FILE__, __LINE__, __FUNCTION__, attrs, klass, label) - -void test_check_object_msg (const char *file, - int line, - const char *function, - CK_ATTRIBUTE *attrs, - CK_OBJECT_CLASS klass, - const char *label); - -#define test_check_cacert3_ca(attrs, label) \ - test_check_cacert3_ca_msg (__FILE__, __LINE__, __FUNCTION__, attrs, label) - -void test_check_cacert3_ca_msg (const char *file, - int line, - const char *function, - CK_ATTRIBUTE *attrs, - const char *label); - -#define test_check_attrs(expected, attrs) \ - test_check_attrs_msg (__FILE__, __LINE__, __FUNCTION__, expected, attrs) - -void test_check_attrs_msg (const char *file, - int line, - const char *function, - CK_ATTRIBUTE *expected, - CK_ATTRIBUTE *attrs); - -#define test_check_attr(expected, attr) \ - test_check_attr_msg (__FILE__, __LINE__, __FUNCTION__, CKA_INVALID, expected, attr) - -void test_check_attr_msg (const char *file, - int line, - const char *function, - CK_OBJECT_CLASS klass, - CK_ATTRIBUTE *expected, - CK_ATTRIBUTE *attr); - -#define test_check_id(expected, attrs) \ - test_check_id_msg (__FILE__, __LINE__, __FUNCTION__, expected, attrs) - -void test_check_id_msg (const char *file, - int line, - const char *function, - CK_ATTRIBUTE *expected, - CK_ATTRIBUTE *attr); - -static const unsigned char test_cacert3_ca_der[] = { - 0x30, 0x82, 0x07, 0x59, 0x30, 0x82, 0x05, 0x41, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x03, 0x0a, - 0x41, 0x8a, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, - 0x00, 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, - 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, - 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, - 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, - 0x43, 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, - 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, - 0x74, 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x1e, 0x17, 0x0d, - 0x31, 0x31, 0x30, 0x35, 0x32, 0x33, 0x31, 0x37, 0x34, 0x38, 0x30, 0x32, 0x5a, 0x17, 0x0d, 0x32, - 0x31, 0x30, 0x35, 0x32, 0x30, 0x31, 0x37, 0x34, 0x38, 0x30, 0x32, 0x5a, 0x30, 0x54, 0x31, 0x14, - 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x20, - 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68, - 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, - 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x13, 0x43, - 0x41, 0x63, 0x65, 0x72, 0x74, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x33, 0x20, 0x52, 0x6f, - 0x6f, 0x74, 0x30, 0x82, 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82, - 0x02, 0x01, 0x00, 0xab, 0x49, 0x35, 0x11, 0x48, 0x7c, 0xd2, 0x26, 0x7e, 0x53, 0x94, 0xcf, 0x43, - 0xa9, 0xdd, 0x28, 0xd7, 0x42, 0x2a, 0x8b, 0xf3, 0x87, 0x78, 0x19, 0x58, 0x7c, 0x0f, 0x9e, 0xda, - 0x89, 0x7d, 0xe1, 0xfb, 0xeb, 0x72, 0x90, 0x0d, 0x74, 0xa1, 0x96, 0x64, 0xab, 0x9f, 0xa0, 0x24, - 0x99, 0x73, 0xda, 0xe2, 0x55, 0x76, 0xc7, 0x17, 0x7b, 0xf5, 0x04, 0xac, 0x46, 0xb8, 0xc3, 0xbe, - 0x7f, 0x64, 0x8d, 0x10, 0x6c, 0x24, 0xf3, 0x61, 0x9c, 0xc0, 0xf2, 0x90, 0xfa, 0x51, 0xe6, 0xf5, - 0x69, 0x01, 0x63, 0xc3, 0x0f, 0x56, 0xe2, 0x4a, 0x42, 0xcf, 0xe2, 0x44, 0x8c, 0x25, 0x28, 0xa8, - 0xc5, 0x79, 0x09, 0x7d, 0x46, 0xb9, 0x8a, 0xf3, 0xe9, 0xf3, 0x34, 0x29, 0x08, 0x45, 0xe4, 0x1c, - 0x9f, 0xcb, 0x94, 0x04, 0x1c, 0x81, 0xa8, 0x14, 0xb3, 0x98, 0x65, 0xc4, 0x43, 0xec, 0x4e, 0x82, - 0x8d, 0x09, 0xd1, 0xbd, 0xaa, 0x5b, 0x8d, 0x92, 0xd0, 0xec, 0xde, 0x90, 0xc5, 0x7f, 0x0a, 0xc2, - 0xe3, 0xeb, 0xe6, 0x31, 0x5a, 0x5e, 0x74, 0x3e, 0x97, 0x33, 0x59, 0xe8, 0xc3, 0x03, 0x3d, 0x60, - 0x33, 0xbf, 0xf7, 0xd1, 0x6f, 0x47, 0xc4, 0xcd, 0xee, 0x62, 0x83, 0x52, 0x6e, 0x2e, 0x08, 0x9a, - 0xa4, 0xd9, 0x15, 0x18, 0x91, 0xa6, 0x85, 0x92, 0x47, 0xb0, 0xae, 0x48, 0xeb, 0x6d, 0xb7, 0x21, - 0xec, 0x85, 0x1a, 0x68, 0x72, 0x35, 0xab, 0xff, 0xf0, 0x10, 0x5d, 0xc0, 0xf4, 0x94, 0xa7, 0x6a, - 0xd5, 0x3b, 0x92, 0x7e, 0x4c, 0x90, 0x05, 0x7e, 0x93, 0xc1, 0x2c, 0x8b, 0xa4, 0x8e, 0x62, 0x74, - 0x15, 0x71, 0x6e, 0x0b, 0x71, 0x03, 0xea, 0xaf, 0x15, 0x38, 0x9a, 0xd4, 0xd2, 0x05, 0x72, 0x6f, - 0x8c, 0xf9, 0x2b, 0xeb, 0x5a, 0x72, 0x25, 0xf9, 0x39, 0x46, 0xe3, 0x72, 0x1b, 0x3e, 0x04, 0xc3, - 0x64, 0x27, 0x22, 0x10, 0x2a, 0x8a, 0x4f, 0x58, 0xa7, 0x03, 0xad, 0xbe, 0xb4, 0x2e, 0x13, 0xed, - 0x5d, 0xaa, 0x48, 0xd7, 0xd5, 0x7d, 0xd4, 0x2a, 0x7b, 0x5c, 0xfa, 0x46, 0x04, 0x50, 0xe4, 0xcc, - 0x0e, 0x42, 0x5b, 0x8c, 0xed, 0xdb, 0xf2, 0xcf, 0xfc, 0x96, 0x93, 0xe0, 0xdb, 0x11, 0x36, 0x54, - 0x62, 0x34, 0x38, 0x8f, 0x0c, 0x60, 0x9b, 0x3b, 0x97, 0x56, 0x38, 0xad, 0xf3, 0xd2, 0x5b, 0x8b, - 0xa0, 0x5b, 0xea, 0x4e, 0x96, 0xb8, 0x7c, 0xd7, 0xd5, 0xa0, 0x86, 0x70, 0x40, 0xd3, 0x91, 0x29, - 0xb7, 0xa2, 0x3c, 0xad, 0xf5, 0x8c, 0xbb, 0xcf, 0x1a, 0x92, 0x8a, 0xe4, 0x34, 0x7b, 0xc0, 0xd8, - 0x6c, 0x5f, 0xe9, 0x0a, 0xc2, 0xc3, 0xa7, 0x20, 0x9a, 0x5a, 0xdf, 0x2c, 0x5d, 0x52, 0x5c, 0xba, - 0x47, 0xd5, 0x9b, 0xef, 0x24, 0x28, 0x70, 0x38, 0x20, 0x2f, 0xd5, 0x7f, 0x29, 0xc0, 0xb2, 0x41, - 0x03, 0x68, 0x92, 0xcc, 0xe0, 0x9c, 0xcc, 0x97, 0x4b, 0x45, 0xef, 0x3a, 0x10, 0x0a, 0xab, 0x70, - 0x3a, 0x98, 0x95, 0x70, 0xad, 0x35, 0xb1, 0xea, 0x85, 0x2b, 0xa4, 0x1c, 0x80, 0x21, 0x31, 0xa9, - 0xae, 0x60, 0x7a, 0x80, 0x26, 0x48, 0x00, 0xb8, 0x01, 0xc0, 0x93, 0x63, 0x55, 0x22, 0x91, 0x3c, - 0x56, 0xe7, 0xaf, 0xdb, 0x3a, 0x25, 0xf3, 0x8f, 0x31, 0x54, 0xea, 0x26, 0x8b, 0x81, 0x59, 0xf9, - 0xa1, 0xd1, 0x53, 0x11, 0xc5, 0x7b, 0x9d, 0x03, 0xf6, 0x74, 0x11, 0xe0, 0x6d, 0xb1, 0x2c, 0x3f, - 0x2c, 0x86, 0x91, 0x99, 0x71, 0x9a, 0xa6, 0x77, 0x8b, 0x34, 0x60, 0xd1, 0x14, 0xb4, 0x2c, 0xac, - 0x9d, 0xaf, 0x8c, 0x10, 0xd3, 0x9f, 0xc4, 0x6a, 0xf8, 0x6f, 0x13, 0xfc, 0x73, 0x59, 0xf7, 0x66, - 0x42, 0x74, 0x1e, 0x8a, 0xe3, 0xf8, 0xdc, 0xd2, 0x6f, 0x98, 0x9c, 0xcb, 0x47, 0x98, 0x95, 0x40, - 0x05, 0xfb, 0xe9, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x02, 0x0d, 0x30, 0x82, 0x02, 0x09, - 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x75, 0xa8, 0x71, 0x60, 0x4c, - 0x88, 0x13, 0xf0, 0x78, 0xd9, 0x89, 0x77, 0xb5, 0x6d, 0xc5, 0x89, 0xdf, 0xbc, 0xb1, 0x7a, 0x30, - 0x81, 0xa3, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0x9b, 0x30, 0x81, 0x98, 0x80, 0x14, 0x16, - 0xb5, 0x32, 0x1b, 0xd4, 0xc7, 0xf3, 0xe0, 0xe6, 0x8e, 0xf3, 0xbd, 0xd2, 0xb0, 0x3a, 0xee, 0xb2, - 0x39, 0x18, 0xd1, 0xa1, 0x7d, 0xa4, 0x7b, 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, - 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, - 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, - 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x43, 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, - 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, - 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, - 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, - 0x72, 0x67, 0x82, 0x01, 0x00, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, - 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x5d, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x01, 0x01, 0x04, 0x51, 0x30, 0x4f, 0x30, 0x23, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x30, 0x01, 0x86, 0x17, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, - 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x30, 0x28, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x1c, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, - 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x63, - 0x61, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x4a, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x43, 0x30, 0x41, - 0x30, 0x3f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x81, 0x90, 0x4a, 0x30, 0x33, 0x30, 0x31, - 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, - 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, - 0x67, 0x2f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x2e, 0x70, 0x68, 0x70, 0x3f, 0x69, 0x64, 0x3d, 0x31, - 0x30, 0x30, 0x34, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x08, 0x04, 0x27, - 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, - 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x2e, 0x70, 0x68, - 0x70, 0x3f, 0x69, 0x64, 0x3d, 0x31, 0x30, 0x30, 0x50, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, - 0xf8, 0x42, 0x01, 0x0d, 0x04, 0x43, 0x16, 0x41, 0x54, 0x6f, 0x20, 0x67, 0x65, 0x74, 0x20, 0x79, - 0x6f, 0x75, 0x72, 0x20, 0x6f, 0x77, 0x6e, 0x20, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x65, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x46, 0x52, 0x45, 0x45, 0x2c, 0x20, 0x67, 0x6f, - 0x20, 0x74, 0x6f, 0x20, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, - 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, - 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x29, 0x28, 0x85, - 0xae, 0x44, 0xa9, 0xb9, 0xaf, 0xa4, 0x79, 0x13, 0xf0, 0xa8, 0xa3, 0x2b, 0x97, 0x60, 0xf3, 0x5c, - 0xee, 0xe3, 0x2f, 0xc1, 0xf6, 0xe2, 0x66, 0xa0, 0x11, 0xae, 0x36, 0x37, 0x3a, 0x76, 0x15, 0x04, - 0x53, 0xea, 0x42, 0xf5, 0xf9, 0xea, 0xc0, 0x15, 0xd8, 0xa6, 0x82, 0xd9, 0xe4, 0x61, 0xae, 0x72, - 0x0b, 0x29, 0x5c, 0x90, 0x43, 0xe8, 0x41, 0xb2, 0xe1, 0x77, 0xdb, 0x02, 0x13, 0x44, 0x78, 0x47, - 0x55, 0xaf, 0x58, 0xfc, 0xcc, 0x98, 0xf6, 0x45, 0xb9, 0xd1, 0x20, 0xf8, 0xd8, 0x21, 0x07, 0xfe, - 0x6d, 0xaa, 0x73, 0xd4, 0xb3, 0xc6, 0x07, 0xe9, 0x09, 0x85, 0xcc, 0x3b, 0xf2, 0xb6, 0xbe, 0x2c, - 0x1c, 0x25, 0xd5, 0x71, 0x8c, 0x39, 0xb5, 0x2e, 0xea, 0xbe, 0x18, 0x81, 0xba, 0xb0, 0x93, 0xb8, - 0x0f, 0xe3, 0xe6, 0xd7, 0x26, 0x8c, 0x31, 0x5a, 0x72, 0x03, 0x84, 0x52, 0xe6, 0xa6, 0xf5, 0x33, - 0x22, 0x45, 0x0a, 0xc8, 0x0b, 0x0d, 0x8a, 0xb8, 0x36, 0x6f, 0x90, 0x09, 0xa1, 0xab, 0xbd, 0xd7, - 0xd5, 0x4e, 0x2e, 0x71, 0xa2, 0xd4, 0xae, 0xfa, 0xa7, 0x54, 0x2b, 0xeb, 0x35, 0x8d, 0x5a, 0xb7, - 0x54, 0x88, 0x2f, 0xee, 0x74, 0x9f, 0xed, 0x48, 0x16, 0xca, 0x0d, 0x48, 0xd0, 0x94, 0xd3, 0xac, - 0xa4, 0xa2, 0xf6, 0x24, 0xdf, 0x92, 0xe3, 0xbd, 0xeb, 0x43, 0x40, 0x91, 0x6e, 0x1c, 0x18, 0x8e, - 0x56, 0xb4, 0x82, 0x12, 0xf3, 0xa9, 0x93, 0x9f, 0xd4, 0xbc, 0x9c, 0xad, 0x9c, 0x75, 0xee, 0x5a, - 0x97, 0x1b, 0x95, 0xe7, 0x74, 0x2d, 0x1c, 0x0f, 0xb0, 0x2c, 0x97, 0x9f, 0xfb, 0xa9, 0x33, 0x39, - 0x7a, 0xe7, 0x03, 0x3a, 0x92, 0x8e, 0x22, 0xf6, 0x8c, 0x0d, 0xe4, 0xd9, 0x7e, 0x0d, 0x76, 0x18, - 0xf7, 0x01, 0xf9, 0xef, 0x96, 0x96, 0xa2, 0x55, 0x73, 0xc0, 0x3c, 0x71, 0xb4, 0x1d, 0x1a, 0x56, - 0x43, 0xb7, 0xc3, 0x0a, 0x8d, 0x72, 0xfc, 0xe2, 0x10, 0x09, 0x0b, 0x41, 0xce, 0x8c, 0x94, 0xa0, - 0xf9, 0x03, 0xfd, 0x71, 0x73, 0x4b, 0x8a, 0x57, 0x33, 0xe5, 0x8e, 0x74, 0x7e, 0x15, 0x01, 0x00, - 0xe6, 0xcc, 0x4a, 0x1c, 0xe7, 0x7f, 0x95, 0x19, 0x2d, 0xc5, 0xa5, 0x0c, 0x8b, 0xbb, 0xb5, 0xed, - 0x85, 0xb3, 0x5c, 0xd3, 0xdf, 0xb8, 0xb9, 0xf2, 0xca, 0xc7, 0x0d, 0x01, 0x14, 0xac, 0x70, 0x58, - 0xc5, 0x8c, 0x8d, 0x33, 0xd4, 0x9d, 0x66, 0xa3, 0x1a, 0x50, 0x95, 0x23, 0xfc, 0x48, 0xe0, 0x06, - 0x43, 0x12, 0xd9, 0xcd, 0xa7, 0x86, 0x39, 0x2f, 0x36, 0x72, 0xa3, 0x80, 0x10, 0xe4, 0xe1, 0xf3, - 0xd1, 0xcb, 0x5b, 0x1a, 0xc0, 0xe4, 0x80, 0x9a, 0x7c, 0x13, 0x73, 0x06, 0x4f, 0xdb, 0xa3, 0x6b, - 0x24, 0x0a, 0xba, 0xb3, 0x1c, 0xbc, 0x4a, 0x78, 0xbb, 0xe5, 0xe3, 0x75, 0x38, 0xa5, 0x48, 0xa7, - 0xa2, 0x1e, 0xaf, 0x76, 0xd4, 0x5e, 0xf7, 0x38, 0x86, 0x56, 0x5a, 0x89, 0xce, 0xd6, 0xc3, 0xa7, - 0x79, 0xb2, 0x52, 0xa0, 0xc6, 0xf1, 0x85, 0xb4, 0x25, 0x8c, 0xf2, 0x3f, 0x96, 0xb3, 0x10, 0xd9, - 0x8d, 0x6c, 0x57, 0x3b, 0x9f, 0x6f, 0x86, 0x3a, 0x18, 0x82, 0x22, 0x36, 0xc8, 0xb0, 0x91, 0x38, - 0xdb, 0x2a, 0xa1, 0x93, 0xaa, 0x84, 0x3f, 0xf5, 0x27, 0x65, 0xae, 0x73, 0xd5, 0xc8, 0xd5, 0xd3, - 0x77, 0xea, 0x4b, 0x9d, 0xc7, 0x41, 0xbb, 0xc7, 0xc0, 0xe3, 0xa0, 0x3f, 0xe4, 0x7d, 0xa4, 0x8d, - 0x73, 0xe6, 0x12, 0x4b, 0xdf, 0xa1, 0x73, 0x73, 0x73, 0x3a, 0x80, 0xe8, 0xd5, 0xcb, 0x8e, 0x2f, - 0xcb, 0xea, 0x13, 0xa7, 0xd6, 0x41, 0x8b, 0xac, 0xfa, 0x3c, 0x89, 0xd7, 0x24, 0xf5, 0x4e, 0xb4, - 0xe0, 0x61, 0x92, 0xb7, 0xf3, 0x37, 0x98, 0xc4, 0xbe, 0x96, 0xa3, 0xb7, 0x8a, -}; - -static const char test_cacert3_ca_subject[] = { - 0x30, 0x54, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x43, 0x41, 0x63, - 0x65, 0x72, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, - 0x0b, 0x13, 0x15, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, - 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, - 0x03, 0x13, 0x13, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, - 0x33, 0x20, 0x52, 0x6f, 0x6f, 0x74, -}; - -static const char test_cacert3_ca_issuer[] = { - 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, 0x6f, - 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68, - 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, - 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x43, - 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x41, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, - 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, -}; - -static const char test_cacert3_ca_serial[] = { - 0x02, 0x03, 0x0a, 0x41, 0x8a, -}; - -static const char test_cacert3_ca_public_key[] = { - 0x30, 0x82, 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82, 0x02, 0x01, - 0x00, 0xab, 0x49, 0x35, 0x11, 0x48, 0x7c, 0xd2, 0x26, 0x7e, 0x53, 0x94, 0xcf, 0x43, 0xa9, 0xdd, - 0x28, 0xd7, 0x42, 0x2a, 0x8b, 0xf3, 0x87, 0x78, 0x19, 0x58, 0x7c, 0x0f, 0x9e, 0xda, 0x89, 0x7d, - 0xe1, 0xfb, 0xeb, 0x72, 0x90, 0x0d, 0x74, 0xa1, 0x96, 0x64, 0xab, 0x9f, 0xa0, 0x24, 0x99, 0x73, - 0xda, 0xe2, 0x55, 0x76, 0xc7, 0x17, 0x7b, 0xf5, 0x04, 0xac, 0x46, 0xb8, 0xc3, 0xbe, 0x7f, 0x64, - 0x8d, 0x10, 0x6c, 0x24, 0xf3, 0x61, 0x9c, 0xc0, 0xf2, 0x90, 0xfa, 0x51, 0xe6, 0xf5, 0x69, 0x01, - 0x63, 0xc3, 0x0f, 0x56, 0xe2, 0x4a, 0x42, 0xcf, 0xe2, 0x44, 0x8c, 0x25, 0x28, 0xa8, 0xc5, 0x79, - 0x09, 0x7d, 0x46, 0xb9, 0x8a, 0xf3, 0xe9, 0xf3, 0x34, 0x29, 0x08, 0x45, 0xe4, 0x1c, 0x9f, 0xcb, - 0x94, 0x04, 0x1c, 0x81, 0xa8, 0x14, 0xb3, 0x98, 0x65, 0xc4, 0x43, 0xec, 0x4e, 0x82, 0x8d, 0x09, - 0xd1, 0xbd, 0xaa, 0x5b, 0x8d, 0x92, 0xd0, 0xec, 0xde, 0x90, 0xc5, 0x7f, 0x0a, 0xc2, 0xe3, 0xeb, - 0xe6, 0x31, 0x5a, 0x5e, 0x74, 0x3e, 0x97, 0x33, 0x59, 0xe8, 0xc3, 0x03, 0x3d, 0x60, 0x33, 0xbf, - 0xf7, 0xd1, 0x6f, 0x47, 0xc4, 0xcd, 0xee, 0x62, 0x83, 0x52, 0x6e, 0x2e, 0x08, 0x9a, 0xa4, 0xd9, - 0x15, 0x18, 0x91, 0xa6, 0x85, 0x92, 0x47, 0xb0, 0xae, 0x48, 0xeb, 0x6d, 0xb7, 0x21, 0xec, 0x85, - 0x1a, 0x68, 0x72, 0x35, 0xab, 0xff, 0xf0, 0x10, 0x5d, 0xc0, 0xf4, 0x94, 0xa7, 0x6a, 0xd5, 0x3b, - 0x92, 0x7e, 0x4c, 0x90, 0x05, 0x7e, 0x93, 0xc1, 0x2c, 0x8b, 0xa4, 0x8e, 0x62, 0x74, 0x15, 0x71, - 0x6e, 0x0b, 0x71, 0x03, 0xea, 0xaf, 0x15, 0x38, 0x9a, 0xd4, 0xd2, 0x05, 0x72, 0x6f, 0x8c, 0xf9, - 0x2b, 0xeb, 0x5a, 0x72, 0x25, 0xf9, 0x39, 0x46, 0xe3, 0x72, 0x1b, 0x3e, 0x04, 0xc3, 0x64, 0x27, - 0x22, 0x10, 0x2a, 0x8a, 0x4f, 0x58, 0xa7, 0x03, 0xad, 0xbe, 0xb4, 0x2e, 0x13, 0xed, 0x5d, 0xaa, - 0x48, 0xd7, 0xd5, 0x7d, 0xd4, 0x2a, 0x7b, 0x5c, 0xfa, 0x46, 0x04, 0x50, 0xe4, 0xcc, 0x0e, 0x42, - 0x5b, 0x8c, 0xed, 0xdb, 0xf2, 0xcf, 0xfc, 0x96, 0x93, 0xe0, 0xdb, 0x11, 0x36, 0x54, 0x62, 0x34, - 0x38, 0x8f, 0x0c, 0x60, 0x9b, 0x3b, 0x97, 0x56, 0x38, 0xad, 0xf3, 0xd2, 0x5b, 0x8b, 0xa0, 0x5b, - 0xea, 0x4e, 0x96, 0xb8, 0x7c, 0xd7, 0xd5, 0xa0, 0x86, 0x70, 0x40, 0xd3, 0x91, 0x29, 0xb7, 0xa2, - 0x3c, 0xad, 0xf5, 0x8c, 0xbb, 0xcf, 0x1a, 0x92, 0x8a, 0xe4, 0x34, 0x7b, 0xc0, 0xd8, 0x6c, 0x5f, - 0xe9, 0x0a, 0xc2, 0xc3, 0xa7, 0x20, 0x9a, 0x5a, 0xdf, 0x2c, 0x5d, 0x52, 0x5c, 0xba, 0x47, 0xd5, - 0x9b, 0xef, 0x24, 0x28, 0x70, 0x38, 0x20, 0x2f, 0xd5, 0x7f, 0x29, 0xc0, 0xb2, 0x41, 0x03, 0x68, - 0x92, 0xcc, 0xe0, 0x9c, 0xcc, 0x97, 0x4b, 0x45, 0xef, 0x3a, 0x10, 0x0a, 0xab, 0x70, 0x3a, 0x98, - 0x95, 0x70, 0xad, 0x35, 0xb1, 0xea, 0x85, 0x2b, 0xa4, 0x1c, 0x80, 0x21, 0x31, 0xa9, 0xae, 0x60, - 0x7a, 0x80, 0x26, 0x48, 0x00, 0xb8, 0x01, 0xc0, 0x93, 0x63, 0x55, 0x22, 0x91, 0x3c, 0x56, 0xe7, - 0xaf, 0xdb, 0x3a, 0x25, 0xf3, 0x8f, 0x31, 0x54, 0xea, 0x26, 0x8b, 0x81, 0x59, 0xf9, 0xa1, 0xd1, - 0x53, 0x11, 0xc5, 0x7b, 0x9d, 0x03, 0xf6, 0x74, 0x11, 0xe0, 0x6d, 0xb1, 0x2c, 0x3f, 0x2c, 0x86, - 0x91, 0x99, 0x71, 0x9a, 0xa6, 0x77, 0x8b, 0x34, 0x60, 0xd1, 0x14, 0xb4, 0x2c, 0xac, 0x9d, 0xaf, - 0x8c, 0x10, 0xd3, 0x9f, 0xc4, 0x6a, 0xf8, 0x6f, 0x13, 0xfc, 0x73, 0x59, 0xf7, 0x66, 0x42, 0x74, - 0x1e, 0x8a, 0xe3, 0xf8, 0xdc, 0xd2, 0x6f, 0x98, 0x9c, 0xcb, 0x47, 0x98, 0x95, 0x40, 0x05, 0xfb, - 0xe9, 0x02, 0x03, 0x01, 0x00, 0x01, -}; - -static const unsigned char verisign_v1_ca[] = { - 0x30, 0x82, 0x02, 0x3c, 0x30, 0x82, 0x01, 0xa5, 0x02, 0x10, 0x3f, 0x69, 0x1e, 0x81, 0x9c, 0xf0, - 0x9a, 0x4a, 0xf3, 0x73, 0xff, 0xb9, 0x48, 0xa2, 0xe4, 0xdd, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, - 0x0a, 0x13, 0x0e, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, - 0x2e, 0x31, 0x37, 0x30, 0x35, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2e, 0x43, 0x6c, 0x61, 0x73, - 0x73, 0x20, 0x31, 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x20, 0x50, 0x72, 0x69, 0x6d, 0x61, - 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x39, 0x36, - 0x30, 0x31, 0x32, 0x39, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x38, 0x30, - 0x38, 0x30, 0x32, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09, - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, - 0x04, 0x0a, 0x13, 0x0e, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, - 0x63, 0x2e, 0x31, 0x37, 0x30, 0x35, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2e, 0x43, 0x6c, 0x61, - 0x73, 0x73, 0x20, 0x31, 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x20, 0x50, 0x72, 0x69, 0x6d, - 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, 0x81, 0x9f, 0x30, 0x0d, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, - 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xe5, 0x19, 0xbf, 0x6d, 0xa3, 0x56, 0x61, 0x2d, - 0x99, 0x48, 0x71, 0xf6, 0x67, 0xde, 0xb9, 0x8d, 0xeb, 0xb7, 0x9e, 0x86, 0x80, 0x0a, 0x91, 0x0e, - 0xfa, 0x38, 0x25, 0xaf, 0x46, 0x88, 0x82, 0xe5, 0x73, 0xa8, 0xa0, 0x9b, 0x24, 0x5d, 0x0d, 0x1f, - 0xcc, 0x65, 0x6e, 0x0c, 0xb0, 0xd0, 0x56, 0x84, 0x18, 0x87, 0x9a, 0x06, 0x9b, 0x10, 0xa1, 0x73, - 0xdf, 0xb4, 0x58, 0x39, 0x6b, 0x6e, 0xc1, 0xf6, 0x15, 0xd5, 0xa8, 0xa8, 0x3f, 0xaa, 0x12, 0x06, - 0x8d, 0x31, 0xac, 0x7f, 0xb0, 0x34, 0xd7, 0x8f, 0x34, 0x67, 0x88, 0x09, 0xcd, 0x14, 0x11, 0xe2, - 0x4e, 0x45, 0x56, 0x69, 0x1f, 0x78, 0x02, 0x80, 0xda, 0xdc, 0x47, 0x91, 0x29, 0xbb, 0x36, 0xc9, - 0x63, 0x5c, 0xc5, 0xe0, 0xd7, 0x2d, 0x87, 0x7b, 0xa1, 0xb7, 0x32, 0xb0, 0x7b, 0x30, 0xba, 0x2a, - 0x2f, 0x31, 0xaa, 0xee, 0xa3, 0x67, 0xda, 0xdb, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, - 0x58, 0x15, 0x29, 0x39, 0x3c, 0x77, 0xa3, 0xda, 0x5c, 0x25, 0x03, 0x7c, 0x60, 0xfa, 0xee, 0x09, - 0x99, 0x3c, 0x27, 0x10, 0x70, 0xc8, 0x0c, 0x09, 0xe6, 0xb3, 0x87, 0xcf, 0x0a, 0xe2, 0x18, 0x96, - 0x35, 0x62, 0xcc, 0xbf, 0x9b, 0x27, 0x79, 0x89, 0x5f, 0xc9, 0xc4, 0x09, 0xf4, 0xce, 0xb5, 0x1d, - 0xdf, 0x2a, 0xbd, 0xe5, 0xdb, 0x86, 0x9c, 0x68, 0x25, 0xe5, 0x30, 0x7c, 0xb6, 0x89, 0x15, 0xfe, - 0x67, 0xd1, 0xad, 0xe1, 0x50, 0xac, 0x3c, 0x7c, 0x62, 0x4b, 0x8f, 0xba, 0x84, 0xd7, 0x12, 0x15, - 0x1b, 0x1f, 0xca, 0x5d, 0x0f, 0xc1, 0x52, 0x94, 0x2a, 0x11, 0x99, 0xda, 0x7b, 0xcf, 0x0c, 0x36, - 0x13, 0xd5, 0x35, 0xdc, 0x10, 0x19, 0x59, 0xea, 0x94, 0xc1, 0x00, 0xbf, 0x75, 0x8f, 0xd9, 0xfa, - 0xfd, 0x76, 0x04, 0xdb, 0x62, 0xbb, 0x90, 0x6a, 0x03, 0xd9, 0x46, 0x35, 0xd9, 0xf8, 0x7c, 0x5b, -}; - -static const unsigned char verisign_v1_ca_subject[] = { - 0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, - 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x37, 0x30, 0x35, 0x06, 0x03, 0x55, 0x04, - 0x0b, 0x13, 0x2e, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x31, 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, - 0x63, 0x20, 0x50, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, - 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, - 0x79, -}; - -static const unsigned char verisign_v1_ca_public_key[] = { - 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, - 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xe5, 0x19, 0xbf, - 0x6d, 0xa3, 0x56, 0x61, 0x2d, 0x99, 0x48, 0x71, 0xf6, 0x67, 0xde, 0xb9, 0x8d, 0xeb, 0xb7, 0x9e, - 0x86, 0x80, 0x0a, 0x91, 0x0e, 0xfa, 0x38, 0x25, 0xaf, 0x46, 0x88, 0x82, 0xe5, 0x73, 0xa8, 0xa0, - 0x9b, 0x24, 0x5d, 0x0d, 0x1f, 0xcc, 0x65, 0x6e, 0x0c, 0xb0, 0xd0, 0x56, 0x84, 0x18, 0x87, 0x9a, - 0x06, 0x9b, 0x10, 0xa1, 0x73, 0xdf, 0xb4, 0x58, 0x39, 0x6b, 0x6e, 0xc1, 0xf6, 0x15, 0xd5, 0xa8, - 0xa8, 0x3f, 0xaa, 0x12, 0x06, 0x8d, 0x31, 0xac, 0x7f, 0xb0, 0x34, 0xd7, 0x8f, 0x34, 0x67, 0x88, - 0x09, 0xcd, 0x14, 0x11, 0xe2, 0x4e, 0x45, 0x56, 0x69, 0x1f, 0x78, 0x02, 0x80, 0xda, 0xdc, 0x47, - 0x91, 0x29, 0xbb, 0x36, 0xc9, 0x63, 0x5c, 0xc5, 0xe0, 0xd7, 0x2d, 0x87, 0x7b, 0xa1, 0xb7, 0x32, - 0xb0, 0x7b, 0x30, 0xba, 0x2a, 0x2f, 0x31, 0xaa, 0xee, 0xa3, 0x67, 0xda, 0xdb, 0x02, 0x03, 0x01, - 0x00, 0x01, -}; - -static const unsigned char example_public_key[] = { - 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, - 0x00, 0xaf, 0x24, 0x08, 0x08, 0x29, 0x7a, 0x35, 0x9e, 0x60, 0x0c, 0xaa, 0xe7, 0x4b, 0x3b, 0x4e, - 0xdc, 0x7c, 0xbc, 0x3c, 0x45, 0x1c, 0xbb, 0x2b, 0xe0, 0xfe, 0x29, 0x02, 0xf9, 0x57, 0x08, 0xa3, - 0x64, 0x85, 0x15, 0x27, 0xf5, 0xf1, 0xad, 0xc8, 0x31, 0x89, 0x5d, 0x22, 0xe8, 0x2a, 0xaa, 0xa6, - 0x42, 0xb3, 0x8f, 0xf8, 0xb9, 0x55, 0xb7, 0xb1, 0xb7, 0x4b, 0xb3, 0xfe, 0x8f, 0x7e, 0x07, 0x57, - 0xec, 0xef, 0x43, 0xdb, 0x66, 0x62, 0x15, 0x61, 0xcf, 0x60, 0x0d, 0xa4, 0xd8, 0xde, 0xf8, 0xe0, - 0xc3, 0x62, 0x08, 0x3d, 0x54, 0x13, 0xeb, 0x49, 0xca, 0x59, 0x54, 0x85, 0x26, 0xe5, 0x2b, 0x8f, - 0x1b, 0x9f, 0xeb, 0xf5, 0xa1, 0x91, 0xc2, 0x33, 0x49, 0xd8, 0x43, 0x63, 0x6a, 0x52, 0x4b, 0xd2, - 0x8f, 0xe8, 0x70, 0x51, 0x4d, 0xd1, 0x89, 0x69, 0x7b, 0xc7, 0x70, 0xf6, 0xb3, 0xdc, 0x12, 0x74, - 0xdb, 0x7b, 0x5d, 0x4b, 0x56, 0xd3, 0x96, 0xbf, 0x15, 0x77, 0xa1, 0xb0, 0xf4, 0xa2, 0x25, 0xf2, - 0xaf, 0x1c, 0x92, 0x67, 0x18, 0xe5, 0xf4, 0x06, 0x04, 0xef, 0x90, 0xb9, 0xe4, 0x00, 0xe4, 0xdd, - 0x3a, 0xb5, 0x19, 0xff, 0x02, 0xba, 0xf4, 0x3c, 0xee, 0xe0, 0x8b, 0xeb, 0x37, 0x8b, 0xec, 0xf4, - 0xd7, 0xac, 0xf2, 0xf6, 0xf0, 0x3d, 0xaf, 0xdd, 0x75, 0x91, 0x33, 0x19, 0x1d, 0x1c, 0x40, 0xcb, - 0x74, 0x24, 0x19, 0x21, 0x93, 0xd9, 0x14, 0xfe, 0xac, 0x2a, 0x52, 0xc7, 0x8f, 0xd5, 0x04, 0x49, - 0xe4, 0x8d, 0x63, 0x47, 0x88, 0x3c, 0x69, 0x83, 0xcb, 0xfe, 0x47, 0xbd, 0x2b, 0x7e, 0x4f, 0xc5, - 0x95, 0xae, 0x0e, 0x9d, 0xd4, 0xd1, 0x43, 0xc0, 0x67, 0x73, 0xe3, 0x14, 0x08, 0x7e, 0xe5, 0x3f, - 0x9f, 0x73, 0xb8, 0x33, 0x0a, 0xcf, 0x5d, 0x3f, 0x34, 0x87, 0x96, 0x8a, 0xee, 0x53, 0xe8, 0x25, - 0x15, 0x02, 0x03, 0x01, 0x00, 0x01 -}; - -static const char test_text[] = "This is the file text"; - -static const char test_eku_server_and_client[] = { - 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, - 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, -}; - -static const char test_eku_server[] = { - 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, -}; - -static const char test_eku_email[] = { - 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x04 -}; - -static const char test_eku_none[] = { - 0x30, 0x00, -}; - -void test_check_file_msg (const char *file, - int line, - const char *function, - const char *directory, - const char *filename, - const char *reference); - -void test_check_data_msg (const char *file, - int line, - const char *function, - const char *directory, - const char *filename, - const void *refdata, - long reflen); - -#ifdef OS_UNIX - -void test_check_symlink_msg (const char *file, - int line, - const char *function, - const char *directory, - const char *name, - const char *destination); - -#endif /* OS_UNIX */ - -p11_dict * test_check_directory_files (const char *file, - ...) GNUC_NULL_TERMINATED; - -void test_check_directory_msg (const char *file, - int line, - const char *function, - const char *directory, - p11_dict *files); - -#define test_check_file(directory, name, reference) \ - (test_check_file_msg (__FILE__, __LINE__, __FUNCTION__, directory, name, reference)) - -#define test_check_data(directory, name, data, length) \ - (test_check_data_msg (__FILE__, __LINE__, __FUNCTION__, directory, name, data, length)) - -#ifdef OS_UNIX - -#define test_check_symlink(directory, name, destination) \ - (test_check_symlink_msg (__FILE__, __LINE__, __FUNCTION__, directory, name, destination)) - -#endif /* OS_UNIX */ - -#define test_check_directory(directory, files) \ - (test_check_directory_msg (__FILE__, __LINE__, __FUNCTION__, directory, \ - test_check_directory_files files)) - -#endif /* TEST_DATA_H_ */ diff --git a/trust/test-utf8.c b/trust/test-utf8.c deleted file mode 100644 index 9b2c3d5..0000000 --- a/trust/test-utf8.c +++ /dev/null @@ -1,244 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include "utf8.h" - -#include -#include - -#define ELEMS(x) (sizeof (x) / sizeof (x[0])) - -static void -test_ucs2be (void) -{ - char *output; - size_t length; - int i; - - struct { - const char *output; - size_t output_len; - const unsigned char input[100]; - size_t input_len; - } fixtures[] = { - { "This is a test", 14, - { 0x00, 'T', 0x00, 'h', 0x00, 'i', 0x00, 's', 0x00, ' ', 0x00, 'i', 0x00, 's', 0x00, ' ', - 0x00, 'a', 0x00, ' ', 0x00, 't', 0x00, 'e', 0x00, 's', 0x00, 't' }, 28, - }, - { "V\303\266gel", 6, - { 0x00, 'V', 0x00, 0xF6, 0x00, 'g', 0x00, 'e', 0x00, 'l' }, 10, - }, - { "M\303\244nwich \340\264\205", 12, - { 0x00, 'M', 0x00, 0xE4, 0x00, 'n', 0x00, 'w', 0x00, 'i', 0x00, 'c', 0x00, 'h', - 0x00, ' ', 0x0D, 0x05 }, 18, - } - }; - - for (i = 0; i < ELEMS (fixtures); i++) { - output = p11_utf8_for_ucs2be (fixtures[i].input, - fixtures[i].input_len, - &length); - - assert_num_eq (fixtures[i].output_len, length); - assert_str_eq (fixtures[i].output, output); - free (output); - } -} - -static void -test_ucs2be_fail (void) -{ - char *output; - size_t length; - int i; - - struct { - const unsigned char input[100]; - size_t input_len; - } fixtures[] = { - { { 0x00, 'T', 0x00, 'h', 0x00, 'i', 0x00, }, 7 /* truncated */ } - }; - - for (i = 0; i < ELEMS (fixtures); i++) { - output = p11_utf8_for_ucs2be (fixtures[i].input, - fixtures[i].input_len, - &length); - assert_ptr_eq (NULL, output); - } -} - -static void -test_ucs4be (void) -{ - char *output; - size_t length; - int i; - - struct { - const char *output; - size_t output_len; - const unsigned char input[100]; - size_t input_len; - } fixtures[] = { - { "This is a test", 14, - { 0x00, 0x00, 0x00, 'T', - 0x00, 0x00, 0x00, 'h', - 0x00, 0x00, 0x00, 'i', - 0x00, 0x00, 0x00, 's', - 0x00, 0x00, 0x00, ' ', - 0x00, 0x00, 0x00, 'i', - 0x00, 0x00, 0x00, 's', - 0x00, 0x00, 0x00, ' ', - 0x00, 0x00, 0x00, 'a', - 0x00, 0x00, 0x00, ' ', - 0x00, 0x00, 0x00, 't', - 0x00, 0x00, 0x00, 'e', - 0x00, 0x00, 0x00, 's', - 0x00, 0x00, 0x00, 't', - }, 56, - }, - { "Fun \360\220\214\231", 8, - { 0x00, 0x00, 0x00, 'F', - 0x00, 0x00, 0x00, 'u', - 0x00, 0x00, 0x00, 'n', - 0x00, 0x00, 0x00, ' ', - 0x00, 0x01, 0x03, 0x19, /* U+10319: looks like an antenna */ - }, 20, - } - }; - - for (i = 0; i < ELEMS (fixtures); i++) { - output = p11_utf8_for_ucs4be (fixtures[i].input, - fixtures[i].input_len, - &length); - - assert_num_eq (fixtures[i].output_len, length); - assert_str_eq (fixtures[i].output, output); - - free (output); - } -} - -static void -test_ucs4be_fail (void) -{ - char *output; - size_t length; - int i; - - struct { - const unsigned char input[100]; - size_t input_len; - } fixtures[] = { - { { 0x00, 0x00, 'T', - }, 7 /* truncated */ }, - { { 0x00, 0x00, 0x00, 'F', - 0x00, 0x00, 0x00, 'u', - 0x00, 0x00, 0x00, 'n', - 0x00, 0x00, 0x00, ' ', - 0xD8, 0x00, 0xDF, 0x19, - }, 20, - } - }; - - for (i = 0; i < ELEMS (fixtures); i++) { - output = p11_utf8_for_ucs4be (fixtures[i].input, - fixtures[i].input_len, - &length); - assert_ptr_eq (NULL, output); - } -} - -static void -test_utf8 (void) -{ - bool ret; - int i; - - struct { - const char *input; - size_t input_len; - } fixtures[] = { - { "This is a test", 14 }, - { "Good news everyone", -1 }, - { "Fun \360\220\214\231", -1 }, - { "Fun invalid here: \xfe", 4 }, /* but limited length */ - { "V\303\266gel", 6, }, - }; - - for (i = 0; i < ELEMS (fixtures); i++) { - ret = p11_utf8_validate (fixtures[i].input, - fixtures[i].input_len); - assert_num_eq (true, ret); - } -} - -static void -test_utf8_fail (void) -{ - bool ret; - int i; - - struct { - const char *input; - size_t input_len; - } fixtures[] = { - { "This is a test\x80", 15 }, - { "Good news everyone\x88", -1 }, - { "Bad \xe0v following chars should be |0x80", -1 }, - { "Truncated \xe0", -1 }, - }; - - for (i = 0; i < ELEMS (fixtures); i++) { - ret = p11_utf8_validate (fixtures[i].input, - fixtures[i].input_len); - assert_num_eq (false, ret); - } -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_ucs2be, "/utf8/ucs2be"); - p11_test (test_ucs2be_fail, "/utf8/ucs2be_fail"); - p11_test (test_ucs4be, "/utf8/ucs4be"); - p11_test (test_ucs4be_fail, "/utf8/ucs4be_fail"); - p11_test (test_utf8, "/utf8/utf8"); - p11_test (test_utf8_fail, "/utf8/utf8_fail"); - return p11_test_run (argc, argv); -} diff --git a/trust/test-x509.c b/trust/test-x509.c deleted file mode 100644 index 9f7d258..0000000 --- a/trust/test-x509.c +++ /dev/null @@ -1,416 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" -#include "test.h" - -#include "asn1.h" -#include "debug.h" -#include "oid.h" -#include "x509.h" - -#include -#include -#include - -#define ELEMS(x) (sizeof (x) / sizeof (x[0])) - -struct { - p11_dict *asn1_defs; -} test; - -static void -setup (void *unused) -{ - test.asn1_defs = p11_asn1_defs_load (); - assert_ptr_not_null (test.asn1_defs); -} - -static void -teardown (void *unused) -{ - p11_dict_free (test.asn1_defs); - memset (&test, 0, sizeof (test)); -} - -static const char test_ku_ds_and_np[] = { - 0x03, 0x03, 0x07, 0xc0, 0x00, -}; - -static const char test_ku_none[] = { - 0x03, 0x03, 0x07, 0x00, 0x00, -}; - -static const char test_ku_cert_crl_sign[] = { - 0x03, 0x03, 0x07, 0x06, 0x00, -}; - -static const char test_eku_server_and_client[] = { - 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, - 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, -}; - -static const char test_eku_none[] = { - 0x30, 0x00, -}; - -static const char test_eku_client_email_and_timestamp[] = { - 0x30, 0x1e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, 0x08, 0x2b, 0x06, - 0x01, 0x05, 0x05, 0x07, 0x03, 0x04, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x08, -}; - -static const unsigned char test_cacert3_ca_der[] = { - 0x30, 0x82, 0x07, 0x59, 0x30, 0x82, 0x05, 0x41, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x03, 0x0a, - 0x41, 0x8a, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, - 0x00, 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, - 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, - 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, - 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, - 0x43, 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, - 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, - 0x74, 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x1e, 0x17, 0x0d, - 0x31, 0x31, 0x30, 0x35, 0x32, 0x33, 0x31, 0x37, 0x34, 0x38, 0x30, 0x32, 0x5a, 0x17, 0x0d, 0x32, - 0x31, 0x30, 0x35, 0x32, 0x30, 0x31, 0x37, 0x34, 0x38, 0x30, 0x32, 0x5a, 0x30, 0x54, 0x31, 0x14, - 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x20, - 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68, - 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, - 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x13, 0x43, - 0x41, 0x63, 0x65, 0x72, 0x74, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x33, 0x20, 0x52, 0x6f, - 0x6f, 0x74, 0x30, 0x82, 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82, - 0x02, 0x01, 0x00, 0xab, 0x49, 0x35, 0x11, 0x48, 0x7c, 0xd2, 0x26, 0x7e, 0x53, 0x94, 0xcf, 0x43, - 0xa9, 0xdd, 0x28, 0xd7, 0x42, 0x2a, 0x8b, 0xf3, 0x87, 0x78, 0x19, 0x58, 0x7c, 0x0f, 0x9e, 0xda, - 0x89, 0x7d, 0xe1, 0xfb, 0xeb, 0x72, 0x90, 0x0d, 0x74, 0xa1, 0x96, 0x64, 0xab, 0x9f, 0xa0, 0x24, - 0x99, 0x73, 0xda, 0xe2, 0x55, 0x76, 0xc7, 0x17, 0x7b, 0xf5, 0x04, 0xac, 0x46, 0xb8, 0xc3, 0xbe, - 0x7f, 0x64, 0x8d, 0x10, 0x6c, 0x24, 0xf3, 0x61, 0x9c, 0xc0, 0xf2, 0x90, 0xfa, 0x51, 0xe6, 0xf5, - 0x69, 0x01, 0x63, 0xc3, 0x0f, 0x56, 0xe2, 0x4a, 0x42, 0xcf, 0xe2, 0x44, 0x8c, 0x25, 0x28, 0xa8, - 0xc5, 0x79, 0x09, 0x7d, 0x46, 0xb9, 0x8a, 0xf3, 0xe9, 0xf3, 0x34, 0x29, 0x08, 0x45, 0xe4, 0x1c, - 0x9f, 0xcb, 0x94, 0x04, 0x1c, 0x81, 0xa8, 0x14, 0xb3, 0x98, 0x65, 0xc4, 0x43, 0xec, 0x4e, 0x82, - 0x8d, 0x09, 0xd1, 0xbd, 0xaa, 0x5b, 0x8d, 0x92, 0xd0, 0xec, 0xde, 0x90, 0xc5, 0x7f, 0x0a, 0xc2, - 0xe3, 0xeb, 0xe6, 0x31, 0x5a, 0x5e, 0x74, 0x3e, 0x97, 0x33, 0x59, 0xe8, 0xc3, 0x03, 0x3d, 0x60, - 0x33, 0xbf, 0xf7, 0xd1, 0x6f, 0x47, 0xc4, 0xcd, 0xee, 0x62, 0x83, 0x52, 0x6e, 0x2e, 0x08, 0x9a, - 0xa4, 0xd9, 0x15, 0x18, 0x91, 0xa6, 0x85, 0x92, 0x47, 0xb0, 0xae, 0x48, 0xeb, 0x6d, 0xb7, 0x21, - 0xec, 0x85, 0x1a, 0x68, 0x72, 0x35, 0xab, 0xff, 0xf0, 0x10, 0x5d, 0xc0, 0xf4, 0x94, 0xa7, 0x6a, - 0xd5, 0x3b, 0x92, 0x7e, 0x4c, 0x90, 0x05, 0x7e, 0x93, 0xc1, 0x2c, 0x8b, 0xa4, 0x8e, 0x62, 0x74, - 0x15, 0x71, 0x6e, 0x0b, 0x71, 0x03, 0xea, 0xaf, 0x15, 0x38, 0x9a, 0xd4, 0xd2, 0x05, 0x72, 0x6f, - 0x8c, 0xf9, 0x2b, 0xeb, 0x5a, 0x72, 0x25, 0xf9, 0x39, 0x46, 0xe3, 0x72, 0x1b, 0x3e, 0x04, 0xc3, - 0x64, 0x27, 0x22, 0x10, 0x2a, 0x8a, 0x4f, 0x58, 0xa7, 0x03, 0xad, 0xbe, 0xb4, 0x2e, 0x13, 0xed, - 0x5d, 0xaa, 0x48, 0xd7, 0xd5, 0x7d, 0xd4, 0x2a, 0x7b, 0x5c, 0xfa, 0x46, 0x04, 0x50, 0xe4, 0xcc, - 0x0e, 0x42, 0x5b, 0x8c, 0xed, 0xdb, 0xf2, 0xcf, 0xfc, 0x96, 0x93, 0xe0, 0xdb, 0x11, 0x36, 0x54, - 0x62, 0x34, 0x38, 0x8f, 0x0c, 0x60, 0x9b, 0x3b, 0x97, 0x56, 0x38, 0xad, 0xf3, 0xd2, 0x5b, 0x8b, - 0xa0, 0x5b, 0xea, 0x4e, 0x96, 0xb8, 0x7c, 0xd7, 0xd5, 0xa0, 0x86, 0x70, 0x40, 0xd3, 0x91, 0x29, - 0xb7, 0xa2, 0x3c, 0xad, 0xf5, 0x8c, 0xbb, 0xcf, 0x1a, 0x92, 0x8a, 0xe4, 0x34, 0x7b, 0xc0, 0xd8, - 0x6c, 0x5f, 0xe9, 0x0a, 0xc2, 0xc3, 0xa7, 0x20, 0x9a, 0x5a, 0xdf, 0x2c, 0x5d, 0x52, 0x5c, 0xba, - 0x47, 0xd5, 0x9b, 0xef, 0x24, 0x28, 0x70, 0x38, 0x20, 0x2f, 0xd5, 0x7f, 0x29, 0xc0, 0xb2, 0x41, - 0x03, 0x68, 0x92, 0xcc, 0xe0, 0x9c, 0xcc, 0x97, 0x4b, 0x45, 0xef, 0x3a, 0x10, 0x0a, 0xab, 0x70, - 0x3a, 0x98, 0x95, 0x70, 0xad, 0x35, 0xb1, 0xea, 0x85, 0x2b, 0xa4, 0x1c, 0x80, 0x21, 0x31, 0xa9, - 0xae, 0x60, 0x7a, 0x80, 0x26, 0x48, 0x00, 0xb8, 0x01, 0xc0, 0x93, 0x63, 0x55, 0x22, 0x91, 0x3c, - 0x56, 0xe7, 0xaf, 0xdb, 0x3a, 0x25, 0xf3, 0x8f, 0x31, 0x54, 0xea, 0x26, 0x8b, 0x81, 0x59, 0xf9, - 0xa1, 0xd1, 0x53, 0x11, 0xc5, 0x7b, 0x9d, 0x03, 0xf6, 0x74, 0x11, 0xe0, 0x6d, 0xb1, 0x2c, 0x3f, - 0x2c, 0x86, 0x91, 0x99, 0x71, 0x9a, 0xa6, 0x77, 0x8b, 0x34, 0x60, 0xd1, 0x14, 0xb4, 0x2c, 0xac, - 0x9d, 0xaf, 0x8c, 0x10, 0xd3, 0x9f, 0xc4, 0x6a, 0xf8, 0x6f, 0x13, 0xfc, 0x73, 0x59, 0xf7, 0x66, - 0x42, 0x74, 0x1e, 0x8a, 0xe3, 0xf8, 0xdc, 0xd2, 0x6f, 0x98, 0x9c, 0xcb, 0x47, 0x98, 0x95, 0x40, - 0x05, 0xfb, 0xe9, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x02, 0x0d, 0x30, 0x82, 0x02, 0x09, - 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x75, 0xa8, 0x71, 0x60, 0x4c, - 0x88, 0x13, 0xf0, 0x78, 0xd9, 0x89, 0x77, 0xb5, 0x6d, 0xc5, 0x89, 0xdf, 0xbc, 0xb1, 0x7a, 0x30, - 0x81, 0xa3, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0x9b, 0x30, 0x81, 0x98, 0x80, 0x14, 0x16, - 0xb5, 0x32, 0x1b, 0xd4, 0xc7, 0xf3, 0xe0, 0xe6, 0x8e, 0xf3, 0xbd, 0xd2, 0xb0, 0x3a, 0xee, 0xb2, - 0x39, 0x18, 0xd1, 0xa1, 0x7d, 0xa4, 0x7b, 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, - 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, - 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, - 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x43, 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, - 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, - 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, - 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, - 0x72, 0x67, 0x82, 0x01, 0x00, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, - 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x5d, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x01, 0x01, 0x04, 0x51, 0x30, 0x4f, 0x30, 0x23, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x30, 0x01, 0x86, 0x17, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, - 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x30, 0x28, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x1c, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, - 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x63, - 0x61, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x4a, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x43, 0x30, 0x41, - 0x30, 0x3f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x81, 0x90, 0x4a, 0x30, 0x33, 0x30, 0x31, - 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, - 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, - 0x67, 0x2f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x2e, 0x70, 0x68, 0x70, 0x3f, 0x69, 0x64, 0x3d, 0x31, - 0x30, 0x30, 0x34, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x08, 0x04, 0x27, - 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, - 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x2e, 0x70, 0x68, - 0x70, 0x3f, 0x69, 0x64, 0x3d, 0x31, 0x30, 0x30, 0x50, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, - 0xf8, 0x42, 0x01, 0x0d, 0x04, 0x43, 0x16, 0x41, 0x54, 0x6f, 0x20, 0x67, 0x65, 0x74, 0x20, 0x79, - 0x6f, 0x75, 0x72, 0x20, 0x6f, 0x77, 0x6e, 0x20, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x65, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x46, 0x52, 0x45, 0x45, 0x2c, 0x20, 0x67, 0x6f, - 0x20, 0x74, 0x6f, 0x20, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, - 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, - 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x29, 0x28, 0x85, - 0xae, 0x44, 0xa9, 0xb9, 0xaf, 0xa4, 0x79, 0x13, 0xf0, 0xa8, 0xa3, 0x2b, 0x97, 0x60, 0xf3, 0x5c, - 0xee, 0xe3, 0x2f, 0xc1, 0xf6, 0xe2, 0x66, 0xa0, 0x11, 0xae, 0x36, 0x37, 0x3a, 0x76, 0x15, 0x04, - 0x53, 0xea, 0x42, 0xf5, 0xf9, 0xea, 0xc0, 0x15, 0xd8, 0xa6, 0x82, 0xd9, 0xe4, 0x61, 0xae, 0x72, - 0x0b, 0x29, 0x5c, 0x90, 0x43, 0xe8, 0x41, 0xb2, 0xe1, 0x77, 0xdb, 0x02, 0x13, 0x44, 0x78, 0x47, - 0x55, 0xaf, 0x58, 0xfc, 0xcc, 0x98, 0xf6, 0x45, 0xb9, 0xd1, 0x20, 0xf8, 0xd8, 0x21, 0x07, 0xfe, - 0x6d, 0xaa, 0x73, 0xd4, 0xb3, 0xc6, 0x07, 0xe9, 0x09, 0x85, 0xcc, 0x3b, 0xf2, 0xb6, 0xbe, 0x2c, - 0x1c, 0x25, 0xd5, 0x71, 0x8c, 0x39, 0xb5, 0x2e, 0xea, 0xbe, 0x18, 0x81, 0xba, 0xb0, 0x93, 0xb8, - 0x0f, 0xe3, 0xe6, 0xd7, 0x26, 0x8c, 0x31, 0x5a, 0x72, 0x03, 0x84, 0x52, 0xe6, 0xa6, 0xf5, 0x33, - 0x22, 0x45, 0x0a, 0xc8, 0x0b, 0x0d, 0x8a, 0xb8, 0x36, 0x6f, 0x90, 0x09, 0xa1, 0xab, 0xbd, 0xd7, - 0xd5, 0x4e, 0x2e, 0x71, 0xa2, 0xd4, 0xae, 0xfa, 0xa7, 0x54, 0x2b, 0xeb, 0x35, 0x8d, 0x5a, 0xb7, - 0x54, 0x88, 0x2f, 0xee, 0x74, 0x9f, 0xed, 0x48, 0x16, 0xca, 0x0d, 0x48, 0xd0, 0x94, 0xd3, 0xac, - 0xa4, 0xa2, 0xf6, 0x24, 0xdf, 0x92, 0xe3, 0xbd, 0xeb, 0x43, 0x40, 0x91, 0x6e, 0x1c, 0x18, 0x8e, - 0x56, 0xb4, 0x82, 0x12, 0xf3, 0xa9, 0x93, 0x9f, 0xd4, 0xbc, 0x9c, 0xad, 0x9c, 0x75, 0xee, 0x5a, - 0x97, 0x1b, 0x95, 0xe7, 0x74, 0x2d, 0x1c, 0x0f, 0xb0, 0x2c, 0x97, 0x9f, 0xfb, 0xa9, 0x33, 0x39, - 0x7a, 0xe7, 0x03, 0x3a, 0x92, 0x8e, 0x22, 0xf6, 0x8c, 0x0d, 0xe4, 0xd9, 0x7e, 0x0d, 0x76, 0x18, - 0xf7, 0x01, 0xf9, 0xef, 0x96, 0x96, 0xa2, 0x55, 0x73, 0xc0, 0x3c, 0x71, 0xb4, 0x1d, 0x1a, 0x56, - 0x43, 0xb7, 0xc3, 0x0a, 0x8d, 0x72, 0xfc, 0xe2, 0x10, 0x09, 0x0b, 0x41, 0xce, 0x8c, 0x94, 0xa0, - 0xf9, 0x03, 0xfd, 0x71, 0x73, 0x4b, 0x8a, 0x57, 0x33, 0xe5, 0x8e, 0x74, 0x7e, 0x15, 0x01, 0x00, - 0xe6, 0xcc, 0x4a, 0x1c, 0xe7, 0x7f, 0x95, 0x19, 0x2d, 0xc5, 0xa5, 0x0c, 0x8b, 0xbb, 0xb5, 0xed, - 0x85, 0xb3, 0x5c, 0xd3, 0xdf, 0xb8, 0xb9, 0xf2, 0xca, 0xc7, 0x0d, 0x01, 0x14, 0xac, 0x70, 0x58, - 0xc5, 0x8c, 0x8d, 0x33, 0xd4, 0x9d, 0x66, 0xa3, 0x1a, 0x50, 0x95, 0x23, 0xfc, 0x48, 0xe0, 0x06, - 0x43, 0x12, 0xd9, 0xcd, 0xa7, 0x86, 0x39, 0x2f, 0x36, 0x72, 0xa3, 0x80, 0x10, 0xe4, 0xe1, 0xf3, - 0xd1, 0xcb, 0x5b, 0x1a, 0xc0, 0xe4, 0x80, 0x9a, 0x7c, 0x13, 0x73, 0x06, 0x4f, 0xdb, 0xa3, 0x6b, - 0x24, 0x0a, 0xba, 0xb3, 0x1c, 0xbc, 0x4a, 0x78, 0xbb, 0xe5, 0xe3, 0x75, 0x38, 0xa5, 0x48, 0xa7, - 0xa2, 0x1e, 0xaf, 0x76, 0xd4, 0x5e, 0xf7, 0x38, 0x86, 0x56, 0x5a, 0x89, 0xce, 0xd6, 0xc3, 0xa7, - 0x79, 0xb2, 0x52, 0xa0, 0xc6, 0xf1, 0x85, 0xb4, 0x25, 0x8c, 0xf2, 0x3f, 0x96, 0xb3, 0x10, 0xd9, - 0x8d, 0x6c, 0x57, 0x3b, 0x9f, 0x6f, 0x86, 0x3a, 0x18, 0x82, 0x22, 0x36, 0xc8, 0xb0, 0x91, 0x38, - 0xdb, 0x2a, 0xa1, 0x93, 0xaa, 0x84, 0x3f, 0xf5, 0x27, 0x65, 0xae, 0x73, 0xd5, 0xc8, 0xd5, 0xd3, - 0x77, 0xea, 0x4b, 0x9d, 0xc7, 0x41, 0xbb, 0xc7, 0xc0, 0xe3, 0xa0, 0x3f, 0xe4, 0x7d, 0xa4, 0x8d, - 0x73, 0xe6, 0x12, 0x4b, 0xdf, 0xa1, 0x73, 0x73, 0x73, 0x3a, 0x80, 0xe8, 0xd5, 0xcb, 0x8e, 0x2f, - 0xcb, 0xea, 0x13, 0xa7, 0xd6, 0x41, 0x8b, 0xac, 0xfa, 0x3c, 0x89, 0xd7, 0x24, 0xf5, 0x4e, 0xb4, - 0xe0, 0x61, 0x92, 0xb7, 0xf3, 0x37, 0x98, 0xc4, 0xbe, 0x96, 0xa3, 0xb7, 0x8a, -}; - -struct { - const char *eku; - size_t length; - const char *expected[16]; -} extended_key_usage_fixtures[] = { - { test_eku_server_and_client, sizeof (test_eku_server_and_client), - { P11_OID_SERVER_AUTH_STR, P11_OID_CLIENT_AUTH_STR, NULL }, }, - { test_eku_none, sizeof (test_eku_none), - { NULL, }, }, - { test_eku_client_email_and_timestamp, sizeof (test_eku_client_email_and_timestamp), - { P11_OID_CLIENT_AUTH_STR, P11_OID_EMAIL_PROTECTION_STR, P11_OID_TIME_STAMPING_STR }, }, - { NULL }, -}; - -static void -test_parse_extended_key_usage (void) -{ - p11_array *ekus; - int i, j, count; - - for (i = 0; extended_key_usage_fixtures[i].eku != NULL; i++) { - ekus = p11_x509_parse_extended_key_usage (test.asn1_defs, - (const unsigned char *)extended_key_usage_fixtures[i].eku, - extended_key_usage_fixtures[i].length); - assert_ptr_not_null (ekus); - - for (count = 0; extended_key_usage_fixtures[i].expected[count] != NULL; count++); - - assert_num_eq (count, ekus->num); - for (j = 0; j < count; j++) - assert_str_eq (ekus->elem[j], extended_key_usage_fixtures[i].expected[j]); - - p11_array_free (ekus); - } -} - -struct { - const char *ku; - size_t length; - unsigned int expected; -} key_usage_fixtures[] = { - { test_ku_ds_and_np, sizeof (test_ku_ds_and_np), P11_KU_DIGITAL_SIGNATURE | P11_KU_NON_REPUDIATION }, - { test_ku_none, sizeof (test_ku_none), 0 }, - { test_ku_cert_crl_sign, sizeof (test_ku_cert_crl_sign), P11_KU_KEY_CERT_SIGN | P11_KU_CRL_SIGN }, - { NULL }, -}; - -static void -test_parse_key_usage (void) -{ - unsigned int ku; - int i; - bool ret; - - for (i = 0; key_usage_fixtures[i].ku != NULL; i++) { - ku = 0; - - ret = p11_x509_parse_key_usage (test.asn1_defs, - (const unsigned char *)key_usage_fixtures[i].ku, - key_usage_fixtures[i].length, &ku); - assert_num_eq (true, ret); - - assert_num_eq (key_usage_fixtures[i].expected, ku); - } -} - -static void -test_parse_extension (void) -{ - node_asn *cert; - unsigned char *ext; - size_t length; - bool is_ca; - - cert = p11_asn1_decode (test.asn1_defs, "PKIX1.Certificate", - test_cacert3_ca_der, sizeof (test_cacert3_ca_der), NULL); - assert_ptr_not_null (cert); - - ext = p11_x509_find_extension (cert, P11_OID_BASIC_CONSTRAINTS, - test_cacert3_ca_der, sizeof (test_cacert3_ca_der), - &length); - assert_ptr_not_null (ext); - assert (length > 0); - - asn1_delete_structure (&cert); - - if (!p11_x509_parse_basic_constraints (test.asn1_defs, ext, length, &is_ca)) - assert_fail ("failed to parse message", "basic constraints"); - - free (ext); -} -static void -test_parse_extension_not_found (void) -{ - node_asn *cert; - unsigned char *ext; - size_t length; - - cert = p11_asn1_decode (test.asn1_defs, "PKIX1.Certificate", - test_cacert3_ca_der, sizeof (test_cacert3_ca_der), NULL); - assert_ptr_not_null (cert); - - ext = p11_x509_find_extension (cert, P11_OID_OPENSSL_REJECT, - test_cacert3_ca_der, sizeof (test_cacert3_ca_der), - &length); - assert_ptr_eq (NULL, ext); - - asn1_delete_structure (&cert); -} - -static void -test_directory_string (void) -{ - struct { - unsigned char input[100]; - int input_len; - char *output; - int output_len; - } fixtures[] = { - /* UTF8String */ - { { 0x0c, 0x0f, 0xc3, 0x84, ' ', 'U', 'T', 'F', '8', ' ', 's', 't', 'r', 'i', 'n', 'g', ' ', }, 17, - "\xc3\x84 UTF8 string ", 15, - }, - - /* NumericString */ - { { 0x12, 0x04, '0', '1', '2', '3', }, 6, - "0123", 4, - }, - - /* IA5String */ - { { 0x16, 0x04, ' ', 'A', 'B', ' ', }, 6, - " AB ", 4 - }, - - /* TeletexString */ - { { 0x14, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9, - "A nice", 7 - }, - - /* PrintableString */ - { { 0x13, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9, - "A nice", 7, - }, - - /* UniversalString */ - { { 0x1c, 0x14, 0x00, 0x00, 0x00, 'F', 0x00, 0x00, 0x00, 'u', - 0x00, 0x00, 0x00, 'n', 0x00, 0x00, 0x00, ' ', 0x00, 0x01, 0x03, 0x19, }, 22, - "Fun \xf0\x90\x8c\x99", 8 - }, - - /* BMPString */ - { { 0x1e, 0x0a, 0x00, 'V', 0x00, 0xF6, 0x00, 'g', 0x00, 'e', 0x00, 'l' }, 12, - "V\xc3\xb6gel", 6 - }, - }; - - char *string; - bool unknown; - size_t length; - int i; - - for (i = 0; i < ELEMS (fixtures); i++) { - string = p11_x509_parse_directory_string (fixtures[i].input, - fixtures[i].input_len, - &unknown, &length); - assert_ptr_not_null (string); - assert_num_eq (false, unknown); - - assert_num_eq (fixtures[i].output_len, length); - assert_str_eq (fixtures[i].output, string); - free (string); - } -} - -static void -test_directory_string_unknown (void) -{ - /* Not a valid choice in DirectoryString */ - unsigned char input[] = { 0x05, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }; - char *string; - bool unknown = false; - size_t length; - - string = p11_x509_parse_directory_string (input, sizeof (input), &unknown, &length); - assert_ptr_eq (NULL, string); - assert_num_eq (true, unknown); -} - -int -main (int argc, - char *argv[]) -{ - p11_fixture (setup, teardown); - p11_test (test_parse_extended_key_usage, "/x509/parse-extended-key-usage"); - p11_test (test_parse_key_usage, "/x509/parse-key-usage"); - p11_test (test_parse_extension, "/x509/parse-extension"); - p11_test (test_parse_extension_not_found, "/x509/parse-extension-not-found"); - - p11_fixture (NULL, NULL); - p11_test (test_directory_string, "/x509/directory-string"); - p11_test (test_directory_string_unknown, "/x509/directory-string-unknown"); - return p11_test_run (argc, argv); -} diff --git a/trust/token.c b/trust/token.c deleted file mode 100644 index 47b80d8..0000000 --- a/trust/token.c +++ /dev/null @@ -1,909 +0,0 @@ -/* - * Copyright (C) 2012-2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "asn1.h" -#include "attrs.h" -#include "builder.h" -#include "compat.h" -#include "constants.h" -#define P11_DEBUG_FLAG P11_DEBUG_TRUST -#include "debug.h" -#include "errno.h" -#include "message.h" -#include "module.h" -#include "parser.h" -#include "path.h" -#include "persist.h" -#include "pkcs11.h" -#include "pkcs11x.h" -#include "save.h" -#include "token.h" - -#include -#include - -#include -#include -#include -#include -#include - -struct _p11_token { - p11_parser *parser; /* Parser we use to load files */ - p11_index *index; /* Index we load objects into */ - p11_builder *builder; /* Expands objects and applies policy */ - p11_dict *loaded; /* stat structs for loaded files, track reloads */ - - char *path; /* Main path to load from */ - char *anchors; /* Path to load anchors from */ - char *blacklist; /* Path to load blacklist from */ - char *label; /* The token label */ - CK_SLOT_ID slot; /* The slot id */ - - bool checked_path; - bool is_writable; - bool make_directory; -}; - -static bool -loader_is_necessary (p11_token *token, - const char *filename, - struct stat *sb) -{ - struct stat *last; - - last = p11_dict_get (token->loaded, filename); - - /* Never seen this before, load it */ - if (last == NULL) - return true; - - /* - * If any of these are different assume that the file - * needs to be reloaded - */ - return (sb->st_mode != last->st_mode || - sb->st_mtime != last->st_mtime || - sb->st_size != last->st_size); -} - -static void -loader_was_loaded (p11_token *token, - const char *filename, - struct stat *sb) -{ - char *key; - - key = strdup (filename); - return_if_fail (key != NULL); - - sb = memdup (sb, sizeof (struct stat)); - return_if_fail (sb != NULL); - - /* Track the info about this file, so we don't reload unnecessarily */ - if (!p11_dict_set (token->loaded, key, sb)) - return_if_reached (); -} - -static bool -loader_not_loaded (p11_token *token, - const char *filename) -{ - /* No longer track info about this file */ - return p11_dict_remove (token->loaded, filename); -} - -static void -loader_gone_file (p11_token *token, - const char *filename) -{ - CK_ATTRIBUTE origin[] = { - { CKA_X_ORIGIN, (void *)filename, strlen (filename) }, - { CKA_INVALID }, - }; - - CK_RV rv; - - p11_index_load (token->index); - - /* Remove everything at this origin */ - rv = p11_index_replace_all (token->index, origin, CKA_INVALID, NULL); - return_if_fail (rv == CKR_OK); - - p11_index_finish (token->index); - - /* No longer track info about this file */ - loader_not_loaded (token, filename); -} - -static int -loader_load_file (p11_token *token, - const char *filename, - struct stat *sb) -{ - CK_ATTRIBUTE origin[] = { - { CKA_X_ORIGIN, (void *)filename, strlen (filename) }, - { CKA_INVALID }, - }; - - p11_array *parsed; - CK_RV rv; - int flags; - int ret; - int i; - - /* Check if this file is already loaded */ - if (!loader_is_necessary (token, filename, sb)) - return 0; - - flags = P11_PARSE_FLAG_NONE; - - /* If it's in the anchors subdirectory, treat as an anchor */ - if (p11_path_prefix (filename, token->anchors)) - flags = P11_PARSE_FLAG_ANCHOR; - - /* If it's in the blacklist subdirectory, treat as a blacklist */ - else if (p11_path_prefix (filename, token->blacklist)) - flags = P11_PARSE_FLAG_BLACKLIST; - - /* If the token is just one path, then assume they are anchors */ - else if (strcmp (filename, token->path) == 0 && !S_ISDIR (sb->st_mode)) - flags = P11_PARSE_FLAG_ANCHOR; - - ret = p11_parse_file (token->parser, filename, sb, flags); - - switch (ret) { - case P11_PARSE_SUCCESS: - p11_debug ("loaded: %s", filename); - break; - case P11_PARSE_UNRECOGNIZED: - p11_debug ("skipped: %s", filename); - loader_gone_file (token, filename); - return 0; - default: - p11_debug ("failed to parse: %s", filename); - loader_gone_file (token, filename); - return 0; - } - - /* Update each parsed object with the origin */ - parsed = p11_parser_parsed (token->parser); - for (i = 0; i < parsed->num; i++) { - parsed->elem[i] = p11_attrs_build (parsed->elem[i], origin, NULL); - return_val_if_fail (parsed->elem[i] != NULL, 0); - } - - p11_index_load (token->index); - - /* Now place all of these in the index */ - rv = p11_index_replace_all (token->index, origin, CKA_CLASS, parsed); - - p11_index_finish (token->index); - - if (rv != CKR_OK) { - p11_message ("couldn't load file into objects: %s", filename); - return 0; - } - - loader_was_loaded (token, filename, sb); - return 1; -} - -static int -loader_load_if_file (p11_token *token, - const char *path) -{ - struct stat sb; - - if (stat (path, &sb) < 0) { - if (errno != ENOENT) - p11_message_err (errno, "couldn't stat path: %d: %s", errno, path); - - } else if (!S_ISDIR (sb.st_mode)) { - return loader_load_file (token, path, &sb); - } - - /* Perhaps the file became unloadable, so track properly */ - loader_gone_file (token, path); - return 0; -} - -static int -loader_load_directory (p11_token *token, - const char *directory, - p11_dict *present) -{ - p11_dictiter iter; - struct dirent *dp; - char *path; - int total = 0; - int ret; - DIR *dir; - - /* First we load all the modules */ - dir = opendir (directory); - if (!dir) { - p11_message_err (errno, "couldn't list directory: %s", directory); - loader_not_loaded (token, directory); - return 0; - } - - while ((dp = readdir (dir)) != NULL) { - path = p11_path_build (directory, dp->d_name, NULL); - return_val_if_fail (path != NULL, -1); - - ret = loader_load_if_file (token, path); - return_val_if_fail (ret >=0, -1); - total += ret; - - /* Make note that this file was seen */ - p11_dict_remove (present, path); - - free (path); - } - - closedir (dir); - - /* All other files that were present, not here now */ - p11_dict_iterate (present, &iter); - while (p11_dict_next (&iter, (void **)&path, NULL)) - loader_gone_file (token, path); - - return total; -} - -static int -loader_load_path (p11_token *token, - const char *path, - bool *is_dir) -{ - p11_dictiter iter; - p11_dict *present; - char *filename; - struct stat sb; - int total; - int ret; - - if (stat (path, &sb) < 0) { - if (errno != ENOENT) - p11_message_err (errno, "cannot access trust certificate path: %s", path); - loader_gone_file (token, path); - *is_dir = false; - ret = 0; - - } else if (S_ISDIR (sb.st_mode)) { - *is_dir = true; - ret = 0; - - /* All the files we know about at this path */ - present = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); - p11_dict_iterate (token->loaded, &iter); - while (p11_dict_next (&iter, (void **)&filename, NULL)) { - if (p11_path_prefix (filename, path)) { - if (!p11_dict_set (present, filename, filename)) - return_val_if_reached (-1); - } - } - - /* If the directory has changed, reload it */ - if (loader_is_necessary (token, path, &sb)) { - ret = loader_load_directory (token, path, present); - - /* Directory didn't change, but maybe files changed? */ - } else { - total = 0; - p11_dict_iterate (present, &iter); - while (p11_dict_next (&iter, (void **)&filename, NULL)) { - ret = loader_load_if_file (token, filename); - return_val_if_fail (ret >= 0, ret); - total += ret; - } - } - - p11_dict_free (present); - loader_was_loaded (token, path, &sb); - - } else { - *is_dir = false; - ret = loader_load_file (token, path, &sb); - } - - return ret; -} - -static int -load_builtin_objects (p11_token *token) -{ - CK_OBJECT_CLASS builtin = CKO_NSS_BUILTIN_ROOT_LIST; - CK_BBOOL vtrue = CK_TRUE; - CK_BBOOL vfalse = CK_FALSE; - CK_RV rv; - - const char *trust_anchor_roots = "Trust Anchor Roots"; - CK_ATTRIBUTE builtin_root_list[] = { - { CKA_CLASS, &builtin, sizeof (builtin) }, - { CKA_TOKEN, &vtrue, sizeof (vtrue) }, - { CKA_PRIVATE, &vfalse, sizeof (vfalse) }, - { CKA_MODIFIABLE, &vfalse, sizeof (vfalse) }, - { CKA_LABEL, (void *)trust_anchor_roots, strlen (trust_anchor_roots) }, - { CKA_INVALID }, - }; - - p11_index_load (token->index); - rv = p11_index_take (token->index, p11_attrs_dup (builtin_root_list), NULL); - return_val_if_fail (rv == CKR_OK, 0); - p11_index_finish (token->index); - return 1; -} - -int -p11_token_load (p11_token *token) -{ - int total = 0; - bool is_dir; - int ret; - - ret = loader_load_path (token, token->path, &is_dir); - return_val_if_fail (ret >= 0, -1); - total += ret; - - if (is_dir) { - ret = loader_load_path (token, token->anchors, &is_dir); - return_val_if_fail (ret >= 0, -1); - total += ret; - - ret = loader_load_path (token, token->blacklist, &is_dir); - return_val_if_fail (ret >= 0, -1); - total += ret; - } - - return total; -} - -bool -p11_token_reload (p11_token *token, - CK_ATTRIBUTE *attrs) -{ - CK_ATTRIBUTE *attr; - struct stat sb; - char *origin; - bool ret; - - attr = p11_attrs_find (attrs, CKA_X_ORIGIN); - if (attr == NULL) - return false; - - origin = strndup (attr->pValue, attr->ulValueLen); - return_val_if_fail (origin != NULL, false); - - if (stat (origin, &sb) < 0) { - if (errno == ENOENT) { - loader_gone_file (token, origin); - } else { - p11_message_err (errno, "cannot access trust file: %s", origin); - } - ret = false; - - } else { - ret = loader_load_file (token, origin, &sb) > 0; - } - - free (origin); - return ret; -} - -static bool -check_directory (const char *path, - bool *make_directory, - bool *is_writable) -{ - struct stat sb; - char *parent; - bool dummy; - bool ret; - - /* - * This function attempts to determine whether a later write - * to this token will succeed so we can setup the appropriate - * token flags. Yes, it is racy, but that's inherent to the problem. - */ - - if (stat (path, &sb) == 0) { - *make_directory = false; - *is_writable = S_ISDIR (sb.st_mode) && access (path, W_OK) == 0; - return true; - } - - switch (errno) { - case EACCES: - *is_writable = false; - *make_directory = false; - return true; - case ENOENT: - *make_directory = true; - parent = p11_path_parent (path); - if (parent == NULL) - ret = false; - else - ret = check_directory (parent, &dummy, is_writable); - free (parent); - return ret; - default: - p11_message_err (errno, "couldn't access: %s", path); - return false; - } -} - -static bool -check_token_directory (p11_token *token) -{ - if (!token->checked_path) { - token->checked_path = check_directory (token->path, - &token->make_directory, - &token->is_writable); - } - - return token->checked_path; -} - -static bool -writer_remove_origin (p11_token *token, - CK_ATTRIBUTE *origin) -{ - bool ret = true; - char *path; - - path = strndup (origin->pValue, origin->ulValueLen); - return_val_if_fail (path != NULL, false); - - if (unlink (path) < 0) { - p11_message_err (errno, "couldn't remove file: %s", path); - ret = false; - } - - free (path); - return ret; -} - -static p11_save_file * -writer_overwrite_origin (p11_token *token, - CK_ATTRIBUTE *origin) -{ - p11_save_file *file; - char *path; - - path = strndup (origin->pValue, origin->ulValueLen); - return_val_if_fail (path != NULL, NULL); - - file = p11_save_open_file (path, NULL, P11_SAVE_OVERWRITE); - free (path); - - return file; -} - -static char * -writer_suggest_name (CK_ATTRIBUTE *attrs) -{ - CK_ATTRIBUTE *label; - CK_OBJECT_CLASS klass; - const char *nick; - - label = p11_attrs_find (attrs, CKA_LABEL); - if (label && label->ulValueLen) - return strndup (label->pValue, label->ulValueLen); - - nick = NULL; - if (p11_attrs_find_ulong (attrs, CKA_CLASS, &klass)) - nick = p11_constant_nick (p11_constant_classes, klass); - if (nick == NULL) - nick = "object"; - return strdup (nick); -} - -static p11_save_file * -writer_create_origin (p11_token *token, - CK_ATTRIBUTE *attrs) -{ - p11_save_file *file; - char *name; - char *path; - - name = writer_suggest_name (attrs); - return_val_if_fail (name != NULL, NULL); - - p11_path_canon (name); - - path = p11_path_build (token->path, name, NULL); - free (name); - - file = p11_save_open_file (path, ".p11-kit", P11_SAVE_UNIQUE); - free (path); - - return file; -} - -static CK_RV -writer_put_header (p11_save_file *file) -{ - const char *header = - "# This file has been auto-generated and written by p11-kit. Changes will be\n" - "# unceremoniously overwritten.\n" - "#\n" - "# The format is designed to be somewhat human readable and debuggable, and a\n" - "# bit transparent but it is not encouraged to read/write this format from other\n" - "# applications or tools without first discussing this at the the mailing list:\n" - "#\n" - "# p11-glue@lists.freedesktop.org\n" - "#\n"; - - if (!p11_save_write (file, header, -1)) - return CKR_FUNCTION_FAILED; - - return CKR_OK; -} - -static CK_RV -writer_put_object (p11_save_file *file, - p11_persist *persist, - p11_buffer *buffer, - CK_ATTRIBUTE *attrs) -{ - if (!p11_buffer_reset (buffer, 0)) - assert_not_reached (); - if (!p11_persist_write (persist, attrs, buffer)) - return_val_if_reached (CKR_GENERAL_ERROR); - if (!p11_save_write (file, buffer->data, buffer->len)) - return CKR_FUNCTION_FAILED; - - return CKR_OK; -} - -static bool -mkdir_with_parents (const char *path) -{ - char *parent; - bool ret; - -#ifdef OS_UNIX - int mode = S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH; - if (mkdir (path, mode) == 0) -#else - if (mkdir (path) == 0) -#endif - return true; - - switch (errno) { - case ENOENT: - parent = p11_path_parent (path); - if (parent != NULL) { - ret = mkdir_with_parents (parent); - free (parent); - if (ret == true) { -#ifdef OS_UNIX - if (mkdir (path, mode) == 0) -#else - if (mkdir (path) == 0) -#endif - return true; - } - } - /* fall through */ - default: - p11_message_err (errno, "couldn't create directory: %s", path); - return false; - } -} - -static CK_RV -on_index_build (void *data, - p11_index *index, - CK_ATTRIBUTE *attrs, - CK_ATTRIBUTE *merge, - CK_ATTRIBUTE **extra) -{ - p11_token *token = data; - return p11_builder_build (token->builder, index, attrs, merge, extra); -} - -static CK_RV -on_index_store (void *data, - p11_index *index, - CK_OBJECT_HANDLE handle, - CK_ATTRIBUTE **attrs) -{ - p11_token *token = data; - CK_OBJECT_HANDLE *other; - p11_persist *persist; - p11_buffer buffer; - CK_ATTRIBUTE *origin; - CK_ATTRIBUTE *object; - p11_save_file *file; - bool creating = false; - char *path; - CK_RV rv; - int i; - - /* Signifies that data is being loaded, don't write out */ - if (p11_index_loading (index)) - return CKR_OK; - - if (!check_token_directory (token)) - return CKR_FUNCTION_FAILED; - - if (token->make_directory) { - if (!mkdir_with_parents (token->path)) - return CKR_FUNCTION_FAILED; - token->make_directory = false; - } - - /* Do we already have a filename? */ - origin = p11_attrs_find (*attrs, CKA_X_ORIGIN); - if (origin == NULL) { - file = writer_create_origin (token, *attrs); - creating = true; - other = NULL; - - } else { - other = p11_index_find_all (index, origin, 1); - file = writer_overwrite_origin (token, origin); - creating = false; - } - - if (file == NULL) { - free (origin); - free (other); - return CKR_GENERAL_ERROR; - } - - persist = p11_persist_new (); - p11_buffer_init (&buffer, 1024); - - rv = writer_put_header (file); - if (rv == CKR_OK) - rv = writer_put_object (file, persist, &buffer, *attrs); - - for (i = 0; rv == CKR_OK && other && other[i] != 0; i++) { - if (other[i] != handle) { - object = p11_index_lookup (index, other[i]); - if (object != NULL) - rv = writer_put_object (file, persist, &buffer, object); - } - } - - p11_buffer_uninit (&buffer); - p11_persist_free (persist); - free (other); - - if (rv == CKR_OK) { - if (!p11_save_finish_file (file, &path, true)) - rv = CKR_FUNCTION_FAILED; - else if (creating) - *attrs = p11_attrs_take (*attrs, CKA_X_ORIGIN, path, strlen (path)); - else - free (path); - } else { - p11_save_finish_file (file, NULL, false); - } - - return rv; -} - -static CK_RV -on_index_remove (void *data, - p11_index *index, - CK_ATTRIBUTE *attrs) -{ - p11_token *token = data; - CK_OBJECT_HANDLE *other; - p11_persist *persist; - p11_buffer buffer; - CK_ATTRIBUTE *origin; - CK_ATTRIBUTE *object; - p11_save_file *file; - CK_RV rv = CKR_OK; - int i; - - /* Signifies that data is being loaded, don't write out */ - if (p11_index_loading (index)) - return CKR_OK; - - if (!check_token_directory (token)) - return CKR_FUNCTION_FAILED; - - /* We should have a file name */ - origin = p11_attrs_find (attrs, CKA_X_ORIGIN); - return_val_if_fail (origin != NULL, CKR_GENERAL_ERROR); - - /* If there are other objects in this file, then rewrite it */ - other = p11_index_find_all (index, origin, 1); - if (other && other[0]) { - file = writer_overwrite_origin (token, origin); - if (file == NULL) { - free (other); - return CKR_GENERAL_ERROR; - } - - persist = p11_persist_new (); - p11_buffer_init (&buffer, 1024); - - rv = writer_put_header (file); - for (i = 0; rv == CKR_OK && other && other[i] != 0; i++) { - object = p11_index_lookup (index, other[i]); - if (object != NULL) - rv = writer_put_object (file, persist, &buffer, object); - } - - if (rv == CKR_OK) { - if (!p11_save_finish_file (file, NULL, true)) - rv = CKR_FUNCTION_FAILED; - } else { - p11_save_finish_file (file, NULL, false); - } - - p11_persist_free (persist); - p11_buffer_uninit (&buffer); - - /* Otherwise just remove the file */ - } else { - if (!writer_remove_origin (token, origin)) - rv = CKR_FUNCTION_FAILED; - } - - free (other); - - return rv; -} - -static void -on_index_notify (void *data, - p11_index *index, - CK_OBJECT_HANDLE handle, - CK_ATTRIBUTE *attrs) -{ - p11_token *token = data; - p11_builder_changed (token->builder, index, handle, attrs); -} - -void -p11_token_free (p11_token *token) -{ - if (!token) - return; - - p11_index_free (token->index); - p11_parser_free (token->parser); - p11_builder_free (token->builder); - p11_dict_free (token->loaded); - free (token->path); - free (token->anchors); - free (token->blacklist); - free (token->label); - free (token); -} - -p11_token * -p11_token_new (CK_SLOT_ID slot, - const char *path, - const char *label) -{ - p11_token *token; - - return_val_if_fail (path != NULL, NULL); - return_val_if_fail (label != NULL, NULL); - - token = calloc (1, sizeof (p11_token)); - return_val_if_fail (token != NULL, NULL); - - token->builder = p11_builder_new (P11_BUILDER_FLAG_TOKEN); - return_val_if_fail (token->builder != NULL, NULL); - - token->index = p11_index_new (on_index_build, - on_index_store, - on_index_remove, - on_index_notify, - token); - return_val_if_fail (token->index != NULL, NULL); - - token->parser = p11_parser_new (p11_builder_get_cache (token->builder)); - return_val_if_fail (token->parser != NULL, NULL); - p11_parser_formats (token->parser, p11_parser_format_persist, - p11_parser_format_pem, p11_parser_format_x509, NULL); - - token->loaded = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, free); - return_val_if_fail (token->loaded != NULL, NULL); - - token->path = p11_path_expand (path); - return_val_if_fail (token->path != NULL, NULL); - - token->anchors = p11_path_build (token->path, "anchors", NULL); - return_val_if_fail (token->anchors != NULL, NULL); - - token->blacklist = p11_path_build (token->path, "blacklist", NULL); - return_val_if_fail (token->blacklist != NULL, NULL); - - token->label = strdup (label); - return_val_if_fail (token->label != NULL, NULL); - - token->slot = slot; - - load_builtin_objects (token); - - p11_debug ("token: %s: %s", token->label, token->path); - return token; -} - -const char * -p11_token_get_label (p11_token *token) -{ - return_val_if_fail (token != NULL, NULL); - return token->label; -} - -const char * -p11_token_get_path (p11_token *token) -{ - return_val_if_fail (token != NULL, NULL); - return token->path; -} - -CK_SLOT_ID -p11_token_get_slot (p11_token *token) -{ - return_val_if_fail (token != NULL, 0); - return token->slot; -} - -p11_index * -p11_token_index (p11_token *token) -{ - return_val_if_fail (token != NULL, NULL); - return token->index; -} - -p11_parser * -p11_token_parser (p11_token *token) -{ - return_val_if_fail (token != NULL, NULL); - return token->parser; -} - -bool -p11_token_is_writable (p11_token *token) -{ - if (!check_token_directory (token)) - return false; - return token->is_writable; -} diff --git a/trust/token.h b/trust/token.h deleted file mode 100644 index 1180b27..0000000 --- a/trust/token.h +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef P11_TOKEN_H_ -#define P11_TOKEN_H_ - -#include "dict.h" -#include "index.h" -#include "parser.h" -#include "pkcs11.h" - -typedef struct _p11_token p11_token; - -p11_token * p11_token_new (CK_SLOT_ID slot, - const char *path, - const char *label); - -void p11_token_free (p11_token *token); - -int p11_token_load (p11_token *token); - -bool p11_token_reload (p11_token *token, - CK_ATTRIBUTE *attrs); - -p11_index * p11_token_index (p11_token *token); - -p11_parser * p11_token_parser (p11_token *token); - -const char * p11_token_get_path (p11_token *token); - -const char * p11_token_get_label (p11_token *token); - -CK_SLOT_ID p11_token_get_slot (p11_token *token); - -bool p11_token_is_writable (p11_token *token); - -#endif /* P11_TOKEN_H_ */ diff --git a/trust/trust-extract-compat.in b/trust/trust-extract-compat.in deleted file mode 100755 index 9b46055..0000000 --- a/trust/trust-extract-compat.in +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/sh - -# This script is a placeholder designed to be replaced when this software -# has been customized for distribution. It should be symlinked linked to the -# distribution's update-ca-certificates or update-ca-trust command as -# appropriate. In the future this script will be called when the PKCS#11 -# trust module is used to modifiy trust anchors and related data. - -if [ $# -ne 0 ]; then - echo "usage: trust extract-compat" >&2 - exit 2 -fi - -uid=$(id -u) -if [ "$uid" != 0 ]; then - echo "trust: running as non-root user: skip extracting compat bundles" >&2 - exit 0 -fi - -echo "trust: the placeholder extract-compat command has not been customized by your distribution." >&2 - -# You can use commands like this to extract data from trust modules -# into appropriate locations for your distribution. -# -# trust extract --format=openssl-bundle --filter=ca-anchors \ -# --overwrite /tmp/openssl-bundle.pem -# trust extract --format=pem-bundle --filter=ca-anchors --overwrite \ -# --purpose server-auth /tmp/server-auth-bundle.pem -# trust extract --format=java-cacerts --filter=ca-anchors --overwrite \ -# --purpose server-auth /tmp/cacerts - -exit 1 diff --git a/trust/trust.c b/trust/trust.c deleted file mode 100644 index b006ec8..0000000 --- a/trust/trust.c +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "anchor.h" -#include "extract.h" -#include "list.h" - -#include "buffer.h" -#include "compat.h" -#include "debug.h" -#include "message.h" -#include "path.h" -#include "tool.h" - -#include -#include -#include -#include -#include -#include -#include - -static const p11_tool_command commands[] = { - { "list", p11_trust_list, "List trust or certificates" }, - { "extract", p11_trust_extract, "Extract certificates and trust" }, - { "extract-compat", p11_trust_extract_compat, "Extract trust compatibility bundles" }, - { "anchor", p11_trust_anchor, "Add, remove, change trust anchors" }, - { 0, } -}; - -int -main (int argc, - char *argv[]) -{ - return p11_tool_main (argc, argv, commands); -} diff --git a/trust/types.h b/trust/types.h deleted file mode 100644 index 64a92b1..0000000 --- a/trust/types.h +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef TYPES_H_ -#define TYPES_H_ 1 - -#include "pkcs11x.h" - -/* - * A boolean value which denotes whether we auto generated - * this object, as opposed to coming from outside the builder. - * - * We set this on all objects. It will always be either CK_TRUE - * or CK_FALSE for all objects built by this builder. - */ -#define CKA_X_GENERATED (CKA_X_VENDOR + 8000) - -/* - * A string pointing to the filename from which this was loaded. - */ -#define CKA_X_ORIGIN (CKA_X_VENDOR + 8001) - -#endif /* TYPES_H_ */ diff --git a/trust/utf8.c b/trust/utf8.c deleted file mode 100644 index b94c3e7..0000000 --- a/trust/utf8.c +++ /dev/null @@ -1,329 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "buffer.h" -#include "debug.h" -#include "utf8.h" - -#include -#include -#include -#include - -/* - * Some parts come from FreeBSD utf8.c - * - * Copyright (c) 2002-2004 Tim J. Robbins - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -static ssize_t -utf8_to_uchar (const char *str, - size_t len, - uint32_t *uc) -{ - int ch, i, mask, want; - uint32_t lbound, uch; - - assert (str != NULL); - assert (len > 0); - assert (uc != NULL); - - if (((ch = (unsigned char)*str) & ~0x7f) == 0) { - /* Fast path for plain ASCII characters. */ - *uc = ch; - return 1; - } - - /* - * Determine the number of octets that make up this character - * from the first octet, and a mask that extracts the - * interesting bits of the first octet. We already know - * the character is at least two bytes long. - * - * We also specify a lower bound for the character code to - * detect redundant, non-"shortest form" encodings. For - * example, the sequence C0 80 is _not_ a legal representation - * of the null character. This enforces a 1-to-1 mapping - * between character codes and their multibyte representations. - */ - ch = (unsigned char)*str; - if ((ch & 0xe0) == 0xc0) { - mask = 0x1f; - want = 2; - lbound = 0x80; - } else if ((ch & 0xf0) == 0xe0) { - mask = 0x0f; - want = 3; - lbound = 0x800; - } else if ((ch & 0xf8) == 0xf0) { - mask = 0x07; - want = 4; - lbound = 0x10000; - } else if ((ch & 0xfc) == 0xf8) { - mask = 0x03; - want = 5; - lbound = 0x200000; - } else if ((ch & 0xfe) == 0xfc) { - mask = 0x01; - want = 6; - lbound = 0x4000000; - } else { - /* - * Malformed input; input is not UTF-8. - */ - return -1; - } - - if (want > len) { - /* Incomplete multibyte sequence. */ - return -1; - } - - /* - * Decode the octet sequence representing the character in chunks - * of 6 bits, most significant first. - */ - uch = (unsigned char)*str++ & mask; - for (i = 1; i < want; i++) { - if ((*str & 0xc0) != 0x80) { - /* - * Malformed input; bad characters in the middle - * of a character. - */ - return -1; - } - uch <<= 6; - uch |= *str++ & 0x3f; - } - if (uch < lbound) { - /* - * Malformed input; redundant encoding. - */ - return -1; - } - - *uc = uch; - return want; -} - -static size_t -utf8_for_uchar (uint32_t uc, - char *str, - size_t len) -{ - unsigned char lead; - int i, want; - - assert (str != NULL); - assert (len >= 6); - - if ((uc & ~0x7f) == 0) { - /* Fast path for plain ASCII characters. */ - *str = (char)uc; - return 1; - } - - /* - * Determine the number of octets needed to represent this character. - * We always output the shortest sequence possible. Also specify the - * first few bits of the first octet, which contains the information - * about the sequence length. - */ - if ((uc & ~0x7ff) == 0) { - lead = 0xc0; - want = 2; - } else if ((uc & ~0xffff) == 0) { - lead = 0xe0; - want = 3; - } else if ((uc & ~0x1fffff) == 0) { - lead = 0xf0; - want = 4; - } else if ((uc & ~0x3ffffff) == 0) { - lead = 0xf8; - want = 5; - } else if ((uc & ~0x7fffffff) == 0) { - lead = 0xfc; - want = 6; - } else { - return -1; - } - - assert (want <= len); - - /* - * Output the octets representing the character in chunks - * of 6 bits, least significant last. The first octet is - * a special case because it contains the sequence length - * information. - */ - for (i = want - 1; i > 0; i--) { - str[i] = (uc & 0x3f) | 0x80; - uc >>= 6; - } - *str = (uc & 0xff) | lead; - return want; -} - -static ssize_t -ucs2be_to_uchar (const unsigned char *str, - size_t len, - uint32_t *wc) -{ - assert (str != NULL); - assert (len != 0); - assert (wc != NULL); - - if (len < 2) - return -1; - - *wc = (str[0] << 8 | str[1]); - return 2; -} - -static ssize_t -ucs4be_to_uchar (const unsigned char *str, - size_t len, - uint32_t *uc) -{ - assert (str != NULL); - assert (len != 0); - assert (uc != NULL); - - if (len < 4) - return -1; - - *uc = (str[0] << 24 | str[1] << 16 | str[2] << 8 | str[3]); - return 4; -} - -bool -p11_utf8_validate (const char *str, - ssize_t len) -{ - uint32_t dummy; - ssize_t ret; - - if (len < 0) - len = strlen (str); - - while (len > 0) { - ret = utf8_to_uchar (str, len, &dummy); - if (ret < 0) - return false; - str += ret; - len -= ret; - } - - return true; -} - -static char * -utf8_for_convert (ssize_t (* convert) (const unsigned char *, size_t, uint32_t *), - const unsigned char *str, - size_t num_bytes, - size_t *ret_len) -{ - p11_buffer buf; - char block[6]; - uint32_t uc; - ssize_t ret; - - assert (convert); - - if (!p11_buffer_init_null (&buf, num_bytes)) - return_val_if_reached (NULL); - - while (num_bytes != 0) { - ret = (convert) (str, num_bytes, &uc); - if (ret < 0) { - p11_buffer_uninit (&buf); - return NULL; - } - - str += ret; - num_bytes -= ret; - - ret = utf8_for_uchar (uc, block, 6); - if (ret < 0) { - p11_buffer_uninit (&buf); - return NULL; - } - p11_buffer_add (&buf, block, ret); - } - - return_val_if_fail (p11_buffer_ok (&buf), NULL); - return p11_buffer_steal (&buf, ret_len); -} - -char * -p11_utf8_for_ucs2be (const unsigned char *str, - size_t num_bytes, - size_t *ret_len) -{ - assert (str != NULL); - return utf8_for_convert (ucs2be_to_uchar, str, num_bytes, ret_len); -} - -char * -p11_utf8_for_ucs4be (const unsigned char *str, - size_t num_bytes, - size_t *ret_len) -{ - assert (str != NULL); - return utf8_for_convert (ucs4be_to_uchar, str, num_bytes, ret_len); -} diff --git a/trust/utf8.h b/trust/utf8.h deleted file mode 100644 index 8efa66f..0000000 --- a/trust/utf8.h +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef P11_UTF8_H_ -#define P11_UTF8_H_ - -#include "compat.h" - -#include - -bool p11_utf8_validate (const char *str, - ssize_t len); - -char * p11_utf8_for_ucs2be (const unsigned char *str, - size_t num_bytes, - size_t *ret_len); - -char * p11_utf8_for_ucs4be (const unsigned char *str, - size_t num_bytes, - size_t *ret_len); - -#endif /* P11_UTF8_H_ */ diff --git a/trust/x509.c b/trust/x509.c deleted file mode 100644 index 3b4fb2d..0000000 --- a/trust/x509.c +++ /dev/null @@ -1,370 +0,0 @@ -/* - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "asn1.h" -#define P11_DEBUG_FLAG P11_DEBUG_TRUST -#include "debug.h" -#include "digest.h" -#include "oid.h" -#include "utf8.h" -#include "x509.h" - -#include -#include - -unsigned char * -p11_x509_find_extension (node_asn *cert, - const unsigned char *oid, - const unsigned char *der, - size_t der_len, - size_t *ext_len) -{ - char field[128]; - int start; - int end; - int ret; - int i; - - return_val_if_fail (cert != NULL, NULL); - return_val_if_fail (oid != NULL, NULL); - return_val_if_fail (ext_len != NULL, NULL); - - for (i = 1; ; i++) { - if (snprintf (field, sizeof (field), "tbsCertificate.extensions.?%u.extnID", i) < 0) - return_val_if_reached (NULL); - - ret = asn1_der_decoding_startEnd (cert, der, der_len, field, &start, &end); - - /* No more extensions */ - if (ret == ASN1_ELEMENT_NOT_FOUND) - break; - - return_val_if_fail (ret == ASN1_SUCCESS, NULL); - - /* Make sure it's a straightforward oid with certain assumptions */ - if (!p11_oid_simple (der + start, (end - start) + 1)) - continue; - - /* The one we're lookin for? */ - if (!p11_oid_equal (der + start, oid)) - continue; - - if (snprintf (field, sizeof (field), "tbsCertificate.extensions.?%u.extnValue", i) < 0) - return_val_if_reached (NULL); - - return p11_asn1_read (cert, field, ext_len); - } - - return NULL; -} - -bool -p11_x509_hash_subject_public_key (node_asn *cert, - const unsigned char *der, - size_t der_len, - unsigned char *keyid) -{ - int start, end; - size_t len; - int ret; - - return_val_if_fail (cert != NULL, NULL); - return_val_if_fail (der != NULL, NULL); - - ret = asn1_der_decoding_startEnd (cert, der, der_len, "tbsCertificate.subjectPublicKeyInfo", &start, &end); - return_val_if_fail (ret == ASN1_SUCCESS, false); - return_val_if_fail (end >= start, false); - - len = (end - start) + 1; - p11_digest_sha1 (keyid, (der + start), len, NULL); - return true; -} - -unsigned char * -p11_x509_parse_subject_key_identifier (p11_dict *asn1_defs, - const unsigned char *ext_der, - size_t ext_len, - size_t *keyid_len) -{ - unsigned char *keyid; - node_asn *ext; - - return_val_if_fail (keyid_len != NULL, false); - - ext = p11_asn1_decode (asn1_defs, "PKIX1.SubjectKeyIdentifier", ext_der, ext_len, NULL); - if (ext == NULL) - return NULL; - - keyid = p11_asn1_read (ext, "", keyid_len); - return_val_if_fail (keyid != NULL, NULL); - - asn1_delete_structure (&ext); - - return keyid; -} - -bool -p11_x509_parse_basic_constraints (p11_dict *asn1_defs, - const unsigned char *ext_der, - size_t ext_len, - bool *is_ca) -{ - char buffer[8]; - node_asn *ext; - int ret; - int len; - - return_val_if_fail (is_ca != NULL, false); - - ext = p11_asn1_decode (asn1_defs, "PKIX1.BasicConstraints", ext_der, ext_len, NULL); - if (ext == NULL) - return false; - - len = sizeof (buffer); - ret = asn1_read_value (ext, "cA", buffer, &len); - - /* Default value for cA is FALSE */ - if (ret == ASN1_ELEMENT_NOT_FOUND) { - *is_ca = false; - - } else { - return_val_if_fail (ret == ASN1_SUCCESS, false); - *is_ca = (strcmp (buffer, "TRUE") == 0); - } - - asn1_delete_structure (&ext); - - return true; -} - -bool -p11_x509_parse_key_usage (p11_dict *asn1_defs, - const unsigned char *ext_der, - size_t ext_len, - unsigned int *ku) -{ - char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; - unsigned char buf[2]; - node_asn *ext; - int len; - int ret; - - ext = p11_asn1_decode (asn1_defs, "PKIX1.KeyUsage", ext_der, ext_len, message); - if (ext == NULL) - return false; - - len = sizeof (buf); - ret = asn1_read_value (ext, "", buf, &len); - return_val_if_fail (ret == ASN1_SUCCESS, false); - - /* A bit string, so combine into one set of flags */ - *ku = buf[0] | (buf[1] << 8); - - asn1_delete_structure (&ext); - - return true; -} - -p11_array * -p11_x509_parse_extended_key_usage (p11_dict *asn1_defs, - const unsigned char *ext_der, - size_t ext_len) -{ - node_asn *asn; - char field[128]; - p11_array *ekus; - size_t len; - char *eku; - int i; - - asn = p11_asn1_decode (asn1_defs, "PKIX1.ExtKeyUsageSyntax", ext_der, ext_len, NULL); - if (asn == NULL) - return NULL; - - ekus = p11_array_new (free); - - for (i = 1; ; i++) { - if (snprintf (field, sizeof (field), "?%u", i) < 0) - return_val_if_reached (NULL); - - eku = p11_asn1_read (asn, field, &len); - if (eku == NULL) - break; - - eku[len] = 0; - - /* If it's our reserved OID, then skip */ - if (strcmp (eku, P11_OID_RESERVED_PURPOSE_STR) == 0) { - free (eku); - continue; - } - - if (!p11_array_push (ekus, eku)) - return_val_if_reached (NULL); - } - - asn1_delete_structure (&asn); - - return ekus; -} - -char * -p11_x509_parse_directory_string (const unsigned char *input, - size_t input_len, - bool *unknown_string, - size_t *string_len) -{ - unsigned long tag; - unsigned char cls; - int tag_len; - int len_len; - const void *octets; - long octet_len; - int ret; - - ret = asn1_get_tag_der (input, input_len, &cls, &tag_len, &tag); - return_val_if_fail (ret == ASN1_SUCCESS, NULL); - - octet_len = asn1_get_length_der (input + tag_len, input_len - tag_len, &len_len); - return_val_if_fail (octet_len >= 0, false); - return_val_if_fail (tag_len + len_len + octet_len == input_len, NULL); - - octets = input + tag_len + len_len; - - if (unknown_string) - *unknown_string = false; - - /* The following strings are the ones we normalize */ - switch (tag) { - case 12: /* UTF8String */ - case 18: /* NumericString */ - case 22: /* IA5String */ - case 20: /* TeletexString */ - case 19: /* PrintableString */ - if (!p11_utf8_validate (octets, octet_len)) - return NULL; - if (string_len) - *string_len = octet_len; - return strndup (octets, octet_len); - - case 28: /* UniversalString */ - return p11_utf8_for_ucs4be (octets, octet_len, string_len); - - case 30: /* BMPString */ - return p11_utf8_for_ucs2be (octets, octet_len, string_len); - - /* Just pass through all the non-string types */ - default: - if (unknown_string) - *unknown_string = true; - return NULL; - } - -} - -char * -p11_x509_parse_dn_name (p11_dict *asn_defs, - const unsigned char *der, - size_t der_len, - const unsigned char *oid) -{ - node_asn *asn; - char *part; - - asn = p11_asn1_decode (asn_defs, "PKIX1.Name", der, der_len, NULL); - if (asn == NULL) - return NULL; - - part = p11_x509_lookup_dn_name (asn, NULL, der, der_len, oid); - asn1_delete_structure (&asn); - return part; -} - -char * -p11_x509_lookup_dn_name (node_asn *asn, - const char *dn_field, - const unsigned char *der, - size_t der_len, - const unsigned char *oid) -{ - unsigned char *value; - char field[128]; - size_t value_len; - char *part; - int i, j; - int start; - int end; - int ret; - - for (i = 1; true; i++) { - for (j = 1; true; j++) { - snprintf (field, sizeof (field), "%s%srdnSequence.?%d.?%d.type", - dn_field, dn_field ? "." : "", i, j); - - ret = asn1_der_decoding_startEnd (asn, der, der_len, field, &start, &end); - - /* No more dns */ - if (ret == ASN1_ELEMENT_NOT_FOUND) - break; - - return_val_if_fail (ret == ASN1_SUCCESS, NULL); - - /* Make sure it's a straightforward oid with certain assumptions */ - if (!p11_oid_simple (der + start, (end - start) + 1)) - continue; - - /* The one we're lookin for? */ - if (!p11_oid_equal (der + start, oid)) - continue; - - snprintf (field, sizeof (field), "%s%srdnSequence.?%d.?%d.value", - dn_field, dn_field ? "." : "", i, j); - - value = p11_asn1_read (asn, field, &value_len); - return_val_if_fail (value != NULL, NULL); - - part = p11_x509_parse_directory_string (value, value_len, NULL, NULL); - free (value); - - return part; - } - - if (j == 1) - break; - } - - return NULL; -} diff --git a/trust/x509.h b/trust/x509.h deleted file mode 100644 index 45fa628..0000000 --- a/trust/x509.h +++ /dev/null @@ -1,89 +0,0 @@ -/* - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include - -#include "array.h" -#include "dict.h" - -#ifndef P11_X509_H_ -#define P11_X509_H_ - -unsigned char * p11_x509_find_extension (node_asn *cert, - const unsigned char *oid, - const unsigned char *der, - size_t der_len, - size_t *ext_len); - -bool p11_x509_hash_subject_public_key (node_asn *cert, - const unsigned char *der, - size_t der_len, - unsigned char *keyid); - -bool p11_x509_parse_basic_constraints (p11_dict *asn1_defs, - const unsigned char *ext_der, - size_t ext_len, - bool *is_ca); - -bool p11_x509_parse_key_usage (p11_dict *asn1_defs, - const unsigned char *data, - size_t length, - unsigned int *ku); - -p11_array * p11_x509_parse_extended_key_usage (p11_dict *asn1_defs, - const unsigned char *ext_der, - size_t ext_len); - -unsigned char * p11_x509_parse_subject_key_identifier (p11_dict *asn1_defs, - const unsigned char *ext_der, - size_t ext_len, - size_t *keyid_len); - -char * p11_x509_parse_dn_name (p11_dict *asn_defs, - const unsigned char *der, - size_t der_len, - const unsigned char *oid); - -char * p11_x509_lookup_dn_name (node_asn *asn, - const char *dn_field, - const unsigned char *der, - size_t der_len, - const unsigned char *oid); - -char * p11_x509_parse_directory_string (const unsigned char *input, - size_t input_len, - bool *unknown_string, - size_t *string_len); - -#endif /* P11_X509_H_ */ -- cgit v1.2.1