diff options
Diffstat (limited to 'p11-kit')
80 files changed, 0 insertions, 32305 deletions
diff --git a/p11-kit/Makefile.am b/p11-kit/Makefile.am deleted file mode 100644 index 14ec4d6..0000000 --- a/p11-kit/Makefile.am +++ /dev/null @@ -1,253 +0,0 @@ - -inc_HEADERS += \ - p11-kit/deprecated.h \ - p11-kit/iter.h \ - p11-kit/p11-kit.h \ - p11-kit/pin.h \ - p11-kit/remote.h \ - p11-kit/uri.h \ - $(NULL) - -MODULE_SRCS = \ - p11-kit/util.c \ - p11-kit/conf.c p11-kit/conf.h \ - p11-kit/iter.c \ - p11-kit/log.c p11-kit/log.h \ - p11-kit/modules.c p11-kit/modules.h \ - p11-kit/pkcs11.h \ - p11-kit/pin.c \ - p11-kit/pkcs11.h \ - p11-kit/private.h \ - p11-kit/proxy.c p11-kit/proxy.h \ - p11-kit/messages.c \ - p11-kit/rpc-transport.c p11-kit/rpc.h \ - p11-kit/rpc-message.c p11-kit/rpc-message.h \ - p11-kit/rpc-client.c p11-kit/rpc-server.c \ - p11-kit/uri.c \ - p11-kit/virtual.c p11-kit/virtual.h \ - $(inc_HEADERS) - -lib_LTLIBRARIES += \ - libp11-kit.la - -libp11_kit_la_CFLAGS = \ - -DP11_SYSTEM_CONFIG_FILE=\""$(p11_system_config_file)"\" \ - -DP11_SYSTEM_CONFIG_MODULES=\""$(p11_system_config_modules)"\" \ - -DP11_PACKAGE_CONFIG_MODULES=\""$(p11_package_config_modules)"\" \ - -DP11_USER_CONFIG_FILE=\""$(p11_user_config_file)"\" \ - -DP11_USER_CONFIG_MODULES=\""$(p11_user_config_modules)"\" \ - -DP11_MODULE_PATH=\""$(p11_module_path)"\" \ - $(LIBFFI_CFLAGS) \ - $(NULL) - -libp11_kit_la_LDFLAGS = \ - -no-undefined \ - -version-info $(P11KIT_LT_RELEASE) \ - -export-symbols-regex '^C_GetFunctionList|^p11_kit_' - -libp11_kit_la_SOURCES = $(MODULE_SRCS) - -libp11_kit_la_LIBADD = \ - libp11-common.la \ - libp11-library.la \ - $(LIBFFI_LIBS) \ - $(LTLIBINTL) \ - $(NULL) - -noinst_LTLIBRARIES += \ - libp11-kit-testable.la - -libp11_kit_testable_la_LDFLAGS = -no-undefined -libp11_kit_testable_la_SOURCES = $(MODULE_SRCS) -libp11_kit_testable_la_LIBADD = $(libp11_kit_la_LIBADD) - -if OS_WIN32 - -libp11_kit_testable_la_CFLAGS = \ - -DP11_SYSTEM_CONFIG_FILE=\""$(abs_top_srcdir)/p11-kit/fixtures/system-pkcs11.conf"\" \ - -DP11_SYSTEM_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/fixtures/system-modules/win32"\" \ - -DP11_PACKAGE_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/fixtures/package-modules/win32"\" \ - -DP11_USER_CONFIG_FILE=\""$(abs_top_srcdir)/p11-kit/fixtures/user-pkcs11.conf"\" \ - -DP11_USER_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/fixtures/user-modules/win32"\" \ - -DP11_MODULE_PATH=\""$(abs_top_builddir)/.libs"\" \ - $(LIBFFI_CFLAGS) \ - $(NULL) - -else - -libp11_kit_testable_la_CFLAGS = \ - -DP11_SYSTEM_CONFIG_FILE=\""$(abs_top_srcdir)/p11-kit/fixtures/system-pkcs11.conf"\" \ - -DP11_SYSTEM_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/fixtures/system-modules"\" \ - -DP11_PACKAGE_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/fixtures/package-modules"\" \ - -DP11_USER_CONFIG_FILE=\""$(abs_top_srcdir)/p11-kit/fixtures/user-pkcs11.conf"\" \ - -DP11_USER_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/fixtures/user-modules"\" \ - -DP11_MODULE_PATH=\""$(abs_top_builddir)/.libs"\" \ - $(LIBFFI_CFLAGS) \ - $(NULL) - -# Proxy module is actually same as library, so install a link -install-exec-hook: - $(LN_S) -f `readlink $(DESTDIR)$(libdir)/libp11-kit.{so,dylib}` $(DESTDIR)$(libdir)/p11-kit-proxy.so - $(MKDIR_P) $(DESTDIR)$(p11_package_config_modules) - -endif - -pkgconfigdir = $(libdir)/pkgconfig -pkgconfig_DATA = p11-kit/p11-kit-1.pc - -exampledir = $(p11_system_config) -example_DATA = p11-kit/pkcs11.conf.example - -EXTRA_DIST += \ - p11-kit/p11-kit-1.pc.in \ - p11-kit/pkcs11.conf.example.in \ - p11-kit/docs.h \ - $(NULL) - -bin_PROGRAMS += p11-kit/p11-kit - -p11_kit_p11_kit_SOURCES = \ - p11-kit/lists.c \ - p11-kit/p11-kit.c \ - $(NULL) - -p11_kit_p11_kit_LDADD = \ - libp11-kit.la \ - libp11-tool.la \ - libp11-common.la \ - $(LTLIBINTL) \ - $(NULL) - -private_PROGRAMS += p11-kit-remote - -p11_kit_remote_SOURCES = \ - p11-kit/remote.c \ - $(NULL) - -p11_kit_remote_LDADD = \ - libp11-tool.la \ - libp11-common.la \ - libp11-kit.la \ - $(NULL) - -# Tests ---------------------------------------------------------------- - -p11_kit_LIBS = \ - libp11-kit-testable.la \ - libp11-test.la \ - libp11-common.la \ - $(LTLIBINTL) - -CHECK_PROGS += \ - test-progname \ - test-util \ - test-conf \ - test-uri \ - test-pin \ - test-init \ - test-modules \ - test-deprecated \ - test-proxy \ - test-iter \ - test-rpc \ - $(NULL) - -test_conf_SOURCES = p11-kit/test-conf.c -test_conf_LDADD = $(p11_kit_LIBS) - -test_deprecated_SOURCES = p11-kit/test-deprecated.c -test_deprecated_LDADD = $(p11_kit_LIBS) - -test_init_SOURCES = p11-kit/test-init.c -test_init_LDADD = $(p11_kit_LIBS) - -test_iter_SOURCES = p11-kit/test-iter.c -test_iter_LDADD = $(p11_kit_LIBS) - -test_modules_SOURCES = p11-kit/test-modules.c -test_modules_LDADD = $(p11_kit_LIBS) - -test_pin_SOURCES = p11-kit/test-pin.c -test_pin_LDADD = $(p11_kit_LIBS) - -test_progname_SOURCES = p11-kit/test-progname.c -test_progname_LDADD = $(p11_kit_LIBS) - -test_proxy_SOURCES = p11-kit/test-proxy.c -test_proxy_LDADD = $(p11_kit_LIBS) - -test_rpc_SOURCES = p11-kit/test-rpc.c -test_rpc_LDADD = $(p11_kit_LIBS) - -test_uri_SOURCES = p11-kit/test-uri.c -test_uri_LDADD = $(p11_kit_LIBS) - -test_util_SOURCES = p11-kit/test-util.c -test_util_LDADD = $(p11_kit_LIBS) - -noinst_PROGRAMS += \ - print-messages \ - frob-setuid - -print_messages_SOURCES = p11-kit/print-messages.c -print_messages_LDADD = $(p11_kit_LIBS) - -frob_setuid_SOURCES = p11-kit/frob-setuid.c -frob_setuid_LDADD = $(p11_kit_LIBS) - -if WITH_FFI - -CHECK_PROGS += \ - test-virtual \ - test-managed \ - test-log \ - test-transport \ - $(NULL) - -test_log_SOURCES = p11-kit/test-log.c -test_log_LDADD = $(p11_kit_LIBS) - -test_managed_SOURCES = p11-kit/test-managed.c -test_managed_LDADD = $(p11_kit_LIBS) - -test_transport_SOURCES = p11-kit/test-transport.c -test_transport_LDADD = $(p11_kit_LIBS) - -test_virtual_SOURCES = p11-kit/test-virtual.c -test_virtual_LDADD = $(p11_kit_LIBS) - -endif - -noinst_LTLIBRARIES += \ - mock-one.la \ - mock-two.la \ - mock-three.la \ - mock-four.la \ - mock-five.la - -mock_one_la_SOURCES = p11-kit/mock-module-ep.c -mock_one_la_LIBADD = libp11-test.la libp11-common.la -mock_one_la_LDFLAGS = \ - -module -avoid-version -rpath /nowhere \ - -no-undefined -export-symbols-regex 'C_GetFunctionList' - -mock_two_la_SOURCES = p11-kit/mock-module-ep2.c -mock_two_la_LDFLAGS = $(mock_one_la_LDFLAGS) -mock_two_la_LIBADD = $(mock_one_la_LIBADD) - -mock_three_la_SOURCES = $(mock_one_la_SOURCES) -mock_three_la_LDFLAGS = $(mock_one_la_LDFLAGS) -mock_three_la_LIBADD = $(mock_one_la_LIBADD) - -mock_four_la_SOURCES = $(mock_one_la_SOURCES) -mock_four_la_LDFLAGS = $(mock_one_la_LDFLAGS) -mock_four_la_LIBADD = $(mock_one_la_LIBADD) - -mock_five_la_SOURCES = p11-kit/mock-module-ep3.c -mock_five_la_LDFLAGS = $(mock_one_la_LDFLAGS) -mock_five_la_LIBADD = $(mock_one_la_LIBADD) - -EXTRA_DIST += \ - p11-kit/fixtures \ - p11-kit/test-mock.c \ - $(NULL) diff --git a/p11-kit/conf.c b/p11-kit/conf.c deleted file mode 100644 index 8a328ed..0000000 --- a/p11-kit/conf.c +++ /dev/null @@ -1,509 +0,0 @@ -/* - * Copyright (c) 2005 Stefan Walter - * Copyright (c) 2011 Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * - * CONTRIBUTORS - * Stef Walter <stef@memberwebs.com> - */ - -#include "config.h" - -#include "conf.h" -#define P11_DEBUG_FLAG P11_DEBUG_CONF -#include "debug.h" -#include "lexer.h" -#include "message.h" -#include "path.h" -#include "private.h" - -#include <sys/param.h> -#include <sys/stat.h> -#include <sys/types.h> - -#include <assert.h> -#include <ctype.h> -#include <dirent.h> -#include <errno.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - -static int -strequal (const char *one, const char *two) -{ - return strcmp (one, two) == 0; -} - -/* ----------------------------------------------------------------------------- - * CONFIG PARSER - */ - -bool -_p11_conf_merge_defaults (p11_dict *map, - p11_dict *defaults) -{ - p11_dictiter iter; - void *key; - void *value; - - p11_dict_iterate (defaults, &iter); - while (p11_dict_next (&iter, &key, &value)) { - /* Only override if not set */ - if (p11_dict_get (map, key)) - continue; - key = strdup (key); - return_val_if_fail (key != NULL, false); - value = strdup (value); - return_val_if_fail (key != NULL, false); - if (!p11_dict_set (map, key, value)) - return_val_if_reached (false); - } - - return true; -} - -p11_dict * -_p11_conf_parse_file (const char* filename, - struct stat *sb, - int flags) -{ - p11_dict *map = NULL; - void *data; - p11_lexer lexer; - bool failed = false; - size_t length; - p11_mmap *mmap; - int error; - - assert (filename); - - p11_debug ("reading config file: %s", filename); - - mmap = p11_mmap_open (filename, sb, &data, &length); - if (mmap == NULL) { - error = errno; - if ((flags & CONF_IGNORE_MISSING) && - (error == ENOENT || error == ENOTDIR)) { - p11_debug ("config file does not exist"); - - } else if ((flags & CONF_IGNORE_ACCESS_DENIED) && - (error == EPERM || error == EACCES)) { - p11_debug ("config file is inaccessible"); - - } else { - p11_message_err (error, "couldn't open config file: %s", filename); - errno = error; - return NULL; - } - } - - map = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, free); - return_val_if_fail (map != NULL, NULL); - - /* Empty config fall through above */ - if (mmap == NULL) - return map; - - p11_lexer_init (&lexer, filename, data, length); - while (p11_lexer_next (&lexer, &failed)) { - switch (lexer.tok_type) { - case TOK_FIELD: - p11_debug ("config value: %s: %s", lexer.tok.field.name, - lexer.tok.field.value); - if (!p11_dict_set (map, lexer.tok.field.name, lexer.tok.field.value)) - return_val_if_reached (NULL); - lexer.tok.field.name = NULL; - lexer.tok.field.value = NULL; - break; - case TOK_PEM: - p11_message ("%s: unexpected pem block", filename); - failed = true; - break; - case TOK_SECTION: - p11_message ("%s: unexpected section header", filename); - failed = true; - break; - case TOK_EOF: - assert_not_reached (); - break; - } - - if (failed) - break; - } - - p11_lexer_done (&lexer); - p11_mmap_close (mmap); - - if (failed) { - p11_dict_free (map); - map = NULL; - errno = EINVAL; - } - - return map; -} - -static int -user_config_mode (p11_dict *config, - int defmode) -{ - const char *mode; - - /* Whether we should use or override from user directory */ - mode = p11_dict_get (config, "user-config"); - if (mode == NULL) { - return defmode; - } else if (strequal (mode, "none")) { - return CONF_USER_NONE; - } else if (strequal (mode, "merge")) { - return CONF_USER_MERGE; - } else if (strequal (mode, "only")) { - return CONF_USER_ONLY; - } else if (strequal (mode, "override")) { - return CONF_USER_ONLY; - } else { - p11_message ("invalid mode for 'user-config': %s", mode); - return CONF_USER_INVALID; - } -} - -p11_dict * -_p11_conf_load_globals (const char *system_conf, const char *user_conf, - int *user_mode) -{ - p11_dict *config = NULL; - p11_dict *uconfig = NULL; - p11_dict *result = NULL; - char *path = NULL; - int error = 0; - int flags; - int mode; - - /* - * This loads the system and user configs. This depends on the user-config - * value in both the system and user configs. A bit more complex than - * you might imagine, since user-config can be set to 'none' in the - * user configuration, essentially turning itself off. - */ - - /* Load the main configuration */ - config = _p11_conf_parse_file (system_conf, NULL, CONF_IGNORE_MISSING); - if (!config) - goto finished; - - /* Whether we should use or override from user directory */ - mode = user_config_mode (config, CONF_USER_MERGE); - if (mode == CONF_USER_INVALID) { - error = EINVAL; - goto finished; - } - - if (mode != CONF_USER_NONE && getauxval (AT_SECURE)) { - p11_debug ("skipping user config in setuid or setgid program"); - mode = CONF_USER_NONE; - } - - if (mode != CONF_USER_NONE) { - path = p11_path_expand (user_conf); - if (!path) { - error = errno; - goto finished; - } - - /* Load up the user configuration, ignore selinux denying us access */ - flags = CONF_IGNORE_MISSING | CONF_IGNORE_ACCESS_DENIED; - uconfig = _p11_conf_parse_file (path, NULL, flags); - if (!uconfig) { - error = errno; - goto finished; - } - - /* Figure out what the user mode is, defaulting to system mode if not set */ - mode = user_config_mode (uconfig, mode); - if (mode == CONF_USER_INVALID) { - error = EINVAL; - goto finished; - } - - /* If merging, then supplement user config with system values */ - if (mode == CONF_USER_MERGE) { - if (!_p11_conf_merge_defaults (uconfig, config)) { - error = errno; - goto finished; - } - } - - /* If user config valid at all, then replace system with what we have */ - if (mode != CONF_USER_NONE) { - p11_dict_free (config); - config = uconfig; - uconfig = NULL; - } - } - - if (user_mode) - *user_mode = mode; - - result = config; - config = NULL; - -finished: - free (path); - p11_dict_free (config); - p11_dict_free (uconfig); - errno = error; - return result; -} - -static char * -calc_name_from_filename (const char *fname) -{ - /* We eventually want to settle on .module */ - static const char *const suffix = ".module"; - static const size_t suffix_len = 7; - const char *c = fname; - size_t fname_len; - size_t name_len; - char *name; - - assert (fname); - - /* Make sure the filename starts with an alphanumeric */ - if (!isalnum(*c)) - return NULL; - ++c; - - /* Only allow alnum, _, -, and . */ - while (*c) { - if (!isalnum(*c) && *c != '_' && *c != '-' && *c != '.') - return NULL; - ++c; - } - - /* Make sure we have one of the suffixes */ - fname_len = strlen (fname); - if (suffix_len >= fname_len) - return NULL; - name_len = (fname_len - suffix_len); - if (strcmp (fname + name_len, suffix) != 0) - return NULL; - - name = malloc (name_len + 1); - return_val_if_fail (name != NULL, NULL); - memcpy (name, fname, name_len); - name[name_len] = 0; - return name; -} - -static bool -load_config_from_file (const char *configfile, - struct stat *sb, - const char *name, - p11_dict *configs, - int flags) -{ - p11_dict *config; - p11_dict *prev; - char *key; - int error = 0; - - assert (configfile); - - key = calc_name_from_filename (name); - if (key == NULL) { - p11_message ("invalid config filename, will be ignored in the future: %s", configfile); - key = strdup (name); - return_val_if_fail (key != NULL, false); - } - - config = _p11_conf_parse_file (configfile, sb, flags); - if (!config) { - free (key); - return false; - } - - prev = p11_dict_get (configs, key); - if (prev == NULL) { - if (!p11_dict_set (configs, key, config)) - return_val_if_reached (false); - config = NULL; - } else { - if (!_p11_conf_merge_defaults (prev, config)) - error = errno; - free (key); - } - - /* If still set */ - p11_dict_free (config); - - if (error) { - errno = error; - return false; - } - - return true; -} - -static bool -load_configs_from_directory (const char *directory, - p11_dict *configs, - int flags) -{ - struct dirent *dp; - struct stat st; - DIR *dir; - int error = 0; - bool is_dir; - char *path; - int count = 0; - - p11_debug ("loading module configs in: %s", directory); - - /* First we load all the modules */ - dir = opendir (directory); - if (!dir) { - error = errno; - if ((flags & CONF_IGNORE_MISSING) && - (errno == ENOENT || errno == ENOTDIR)) { - p11_debug ("module configs do not exist"); - return true; - } else if ((flags & CONF_IGNORE_ACCESS_DENIED) && - (errno == EPERM || errno == EACCES)) { - p11_debug ("couldn't list inacessible module configs"); - return true; - } - p11_message_err (error, "couldn't list directory: %s", directory); - errno = error; - return false; - } - - while ((dp = readdir(dir)) != NULL) { - path = p11_path_build (directory, dp->d_name, NULL); - return_val_if_fail (path != NULL, false); - - if (stat (path, &st) < 0) { - error = errno; - p11_message_err (error, "couldn't stat path: %s", path); - free (path); - break; - } - - is_dir = S_ISDIR (st.st_mode); - - if (!is_dir && !load_config_from_file (path, &st, dp->d_name, configs, flags)) { - error = errno; - free (path); - break; - } - - free (path); - count ++; - } - - closedir (dir); - - if (error) { - errno = error; - return false; - } - - return true; -} - -p11_dict * -_p11_conf_load_modules (int mode, - const char *package_dir, - const char *system_dir, - const char *user_dir) -{ - p11_dict *configs; - char *path; - int error = 0; - int flags; - - /* A hash table of name -> config */ - configs = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, - free, (p11_destroyer)p11_dict_free); - - /* Load each user config first, if user config is allowed */ - if (mode != CONF_USER_NONE) { - flags = CONF_IGNORE_MISSING | CONF_IGNORE_ACCESS_DENIED; - path = p11_path_expand (user_dir); - if (!path) - error = errno; - else if (!load_configs_from_directory (path, configs, flags)) - error = errno; - free (path); - if (error != 0) { - p11_dict_free (configs); - errno = error; - return NULL; - } - } - - /* - * Now unless user config is overriding, load system modules. - * Basically if a value for the same config name is not already - * loaded above (in the user configs) then they're loaded here. - */ - if (mode != CONF_USER_ONLY) { - flags = CONF_IGNORE_MISSING; - if (!load_configs_from_directory (system_dir, configs, flags) || - !load_configs_from_directory (package_dir, configs, flags)) { - error = errno; - p11_dict_free (configs); - errno = error; - return NULL; - } - } - - return configs; -} - -bool -_p11_conf_parse_boolean (const char *string, - bool default_value) -{ - if (!string) - return default_value; - - if (strcmp (string, "yes") == 0) { - return true; - } else if (strcmp (string, "no") == 0) { - return false; - } else { - p11_message ("invalid setting '%s' defaulting to '%s'", - string, default_value ? "yes" : "no"); - return default_value; - } -} diff --git a/p11-kit/conf.h b/p11-kit/conf.h deleted file mode 100644 index 911e650..0000000 --- a/p11-kit/conf.h +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Copyright (c) 2005 Stefan Walter - * Copyright (c) 2011 Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@collabora.co.uk> - */ - -#ifndef __CONF_H__ -#define __CONF_H__ - -#include "dict.h" - -enum { - CONF_IGNORE_MISSING = 0x01, - CONF_IGNORE_ACCESS_DENIED = 0x02, -}; - -enum { - CONF_USER_INVALID = 0, - CONF_USER_NONE = 1, - CONF_USER_MERGE, - CONF_USER_ONLY -}; - -bool _p11_conf_merge_defaults (p11_dict *config, - p11_dict *defaults); - -/* Returns a hash of char *key -> char *value */ -p11_dict * _p11_conf_parse_file (const char *filename, - struct stat *sb, - int flags); - -/* Returns a hash of char *key -> char *value */ -p11_dict * _p11_conf_load_globals (const char *system_conf, - const char *user_conf, - int *user_mode); - -/* Returns a hash of char* name -> hash_t *config */ -p11_dict * _p11_conf_load_modules (int user_mode, - const char *package_dir, - const char *system_dir, - const char *user_dir); - -bool _p11_conf_parse_boolean (const char *string, - bool default_value); - -#endif /* __CONF_H__ */ diff --git a/p11-kit/deprecated.h b/p11-kit/deprecated.h deleted file mode 100644 index ffe5d9d..0000000 --- a/p11-kit/deprecated.h +++ /dev/null @@ -1,97 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@redhat.com> - */ - -#ifndef __P11_KIT_DEPRECATED_H__ -#define __P11_KIT_DEPRECATED_H__ - -#ifndef __P11_KIT_H__ -#error "Please include <p11-kit/p11-kit.h> instead of this file." -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -#ifndef P11_KIT_NO_DEPRECATIONS -#if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5) -#define P11_KIT_DEPRECATED_FOR(f) __attribute__((deprecated("Use " #f " instead"))) -#elif __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1) -#define P11_KIT_DEPRECATED_FOR(f) __attribute__((__deprecated__)) -#endif -#endif - -#ifndef P11_KIT_DEPRECATED_FOR -#define P11_KIT_DEPRECATED_FOR(f) -#endif - -#ifndef P11_KIT_DISABLE_DEPRECATED - -P11_KIT_DEPRECATED_FOR (p11_kit_modules_load) -CK_RV p11_kit_initialize_registered (void); - -P11_KIT_DEPRECATED_FOR (p11_kit_modules_release) -CK_RV p11_kit_finalize_registered (void); - -P11_KIT_DEPRECATED_FOR (p11_kit_modules_release) -CK_FUNCTION_LIST_PTR * p11_kit_registered_modules (void); - -P11_KIT_DEPRECATED_FOR (p11_kit_module_for_name) -CK_FUNCTION_LIST_PTR p11_kit_registered_name_to_module (const char *name); - -P11_KIT_DEPRECATED_FOR (p11_kit_module_get_name) -char * p11_kit_registered_module_to_name (CK_FUNCTION_LIST_PTR module); - -P11_KIT_DEPRECATED_FOR (p11_kit_config_option) -char * p11_kit_registered_option (CK_FUNCTION_LIST_PTR module, - const char *field); - -P11_KIT_DEPRECATED_FOR (module->C_Initialize) -CK_RV p11_kit_initialize_module (CK_FUNCTION_LIST_PTR module); - -P11_KIT_DEPRECATED_FOR (module->C_Finalize) -CK_RV p11_kit_finalize_module (CK_FUNCTION_LIST_PTR module); - -P11_KIT_DEPRECATED_FOR (p11_kit_module_load) -CK_RV p11_kit_load_initialize_module (const char *module_path, - CK_FUNCTION_LIST_PTR *module); - -#endif /* P11_KIT_DISABLE_DEPRECATED */ - -#undef P11_KIT_DEPRECATED_FOR - -#ifdef __cplusplus -} /* extern "C" */ -#endif - -#endif /* __P11_KIT_DEPRECATED_H__ */ diff --git a/p11-kit/docs.h b/p11-kit/docs.h deleted file mode 100644 index 7b29e3d..0000000 --- a/p11-kit/docs.h +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@redhat.com> - */ - -/* This header is not used by anything, and merely to help gtk-doc be sane */ - -#define P11_KIT_MODULE_UNMANAGED 1 -#define P11_KIT_MODULE_CRITICAL 1 diff --git a/p11-kit/fixtures/package-modules/four.module b/p11-kit/fixtures/package-modules/four.module deleted file mode 100644 index 933af2b..0000000 --- a/p11-kit/fixtures/package-modules/four.module +++ /dev/null @@ -1,5 +0,0 @@ - -module: mock-four.so -disable-in: test-disable, test-other -priority: 4 -trust-policy: no
\ No newline at end of file diff --git a/p11-kit/fixtures/package-modules/win32/four.module b/p11-kit/fixtures/package-modules/win32/four.module deleted file mode 100644 index 6dc87c9..0000000 --- a/p11-kit/fixtures/package-modules/win32/four.module +++ /dev/null @@ -1,4 +0,0 @@ - -module: mock-four.dll -disable-in: test-disable, test-other -priority: 4
\ No newline at end of file diff --git a/p11-kit/fixtures/system-modules/one.module b/p11-kit/fixtures/system-modules/one.module deleted file mode 100644 index 5f49a8f..0000000 --- a/p11-kit/fixtures/system-modules/one.module +++ /dev/null @@ -1,5 +0,0 @@ - -module: mock-one.so -setting: system1 -trust-policy: yes -number: 18 diff --git a/p11-kit/fixtures/system-modules/two-duplicate.module b/p11-kit/fixtures/system-modules/two-duplicate.module deleted file mode 100644 index 756af69..0000000 --- a/p11-kit/fixtures/system-modules/two-duplicate.module +++ /dev/null @@ -1,4 +0,0 @@ - -# This is a duplicate of the 'two' module -module: mock-two.so -# no priority, use name
\ No newline at end of file diff --git a/p11-kit/fixtures/system-modules/two.badname b/p11-kit/fixtures/system-modules/two.badname deleted file mode 100644 index eec3af0..0000000 --- a/p11-kit/fixtures/system-modules/two.badname +++ /dev/null @@ -1,6 +0,0 @@ -# This module doesn't have a .module extension, but p11-kit doesn't yet -# enforce the naming, just warns, so it should still be loaded - -module: mock-two.so -setting: system2 -# no priority, use name
\ No newline at end of file diff --git a/p11-kit/fixtures/system-modules/win32/one.module b/p11-kit/fixtures/system-modules/win32/one.module deleted file mode 100644 index d153ce5..0000000 --- a/p11-kit/fixtures/system-modules/win32/one.module +++ /dev/null @@ -1,4 +0,0 @@ - -module: mock-one.dll -setting: system1 -# no order, use name
\ No newline at end of file diff --git a/p11-kit/fixtures/system-modules/win32/two-duplicate.module b/p11-kit/fixtures/system-modules/win32/two-duplicate.module deleted file mode 100644 index 54ef1cc..0000000 --- a/p11-kit/fixtures/system-modules/win32/two-duplicate.module +++ /dev/null @@ -1,4 +0,0 @@ - -# This is a duplicate of the 'two' module -module: mock-two.dll -# no order, use name
\ No newline at end of file diff --git a/p11-kit/fixtures/system-modules/win32/two.badname b/p11-kit/fixtures/system-modules/win32/two.badname deleted file mode 100644 index af63cf9..0000000 --- a/p11-kit/fixtures/system-modules/win32/two.badname +++ /dev/null @@ -1,6 +0,0 @@ -# This module doesn't have a .module extension, but p11-kit doesn't yet -# enforce the naming, just warns, so it should still be loaded - -module: mock-two.dll -setting: system2 -# no order, use name
\ No newline at end of file diff --git a/p11-kit/fixtures/system-pkcs11.conf b/p11-kit/fixtures/system-pkcs11.conf deleted file mode 100644 index a3aa273..0000000 --- a/p11-kit/fixtures/system-pkcs11.conf +++ /dev/null @@ -1,6 +0,0 @@ - -# Merge in user config -user-config: merge - -# Another option -new: world
\ No newline at end of file diff --git a/p11-kit/fixtures/test-1.conf b/p11-kit/fixtures/test-1.conf deleted file mode 100644 index d4ae0a1..0000000 --- a/p11-kit/fixtures/test-1.conf +++ /dev/null @@ -1,6 +0,0 @@ -key1:value1 -with-whitespace : value-with-whitespace -with-colon: value-of-colon - -# A comment -embedded-comment: this is # not a comment diff --git a/p11-kit/fixtures/test-pinfile b/p11-kit/fixtures/test-pinfile deleted file mode 100644 index f646f3d..0000000 --- a/p11-kit/fixtures/test-pinfile +++ /dev/null @@ -1 +0,0 @@ -yogabbagabba
\ No newline at end of file diff --git a/p11-kit/fixtures/test-pinfile-large b/p11-kit/fixtures/test-pinfile-large deleted file mode 100644 index 506668d..0000000 --- a/p11-kit/fixtures/test-pinfile-large +++ /dev/null @@ -1,53 +0,0 @@ -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba -yogabbagabba yogabbagabba yogabbagabba yo
\ No newline at end of file diff --git a/p11-kit/fixtures/test-system-invalid.conf b/p11-kit/fixtures/test-system-invalid.conf deleted file mode 100644 index 344ee96..0000000 --- a/p11-kit/fixtures/test-system-invalid.conf +++ /dev/null @@ -1,3 +0,0 @@ - -# Invalid user-config setting -user-config: bad diff --git a/p11-kit/fixtures/test-system-merge.conf b/p11-kit/fixtures/test-system-merge.conf deleted file mode 100644 index 978427d..0000000 --- a/p11-kit/fixtures/test-system-merge.conf +++ /dev/null @@ -1,7 +0,0 @@ - -# Merge in user config -user-config: merge - -key1: system1 -key2: system2 -key3: system3
\ No newline at end of file diff --git a/p11-kit/fixtures/test-system-none.conf b/p11-kit/fixtures/test-system-none.conf deleted file mode 100644 index 2d43fa7..0000000 --- a/p11-kit/fixtures/test-system-none.conf +++ /dev/null @@ -1,8 +0,0 @@ - -# Only user config -user-config: none - -# These values will not be overridden -key1: system1 -key2: system2 -key3: system3
\ No newline at end of file diff --git a/p11-kit/fixtures/test-system-only.conf b/p11-kit/fixtures/test-system-only.conf deleted file mode 100644 index 589f1c7..0000000 --- a/p11-kit/fixtures/test-system-only.conf +++ /dev/null @@ -1,8 +0,0 @@ - -# Only user config -user-config: only - -# This stuff will be ignored -key1: system1 -key2: system2 -key3: system3
\ No newline at end of file diff --git a/p11-kit/fixtures/test-user-invalid.conf b/p11-kit/fixtures/test-user-invalid.conf deleted file mode 100644 index 344ee96..0000000 --- a/p11-kit/fixtures/test-user-invalid.conf +++ /dev/null @@ -1,3 +0,0 @@ - -# Invalid user-config setting -user-config: bad diff --git a/p11-kit/fixtures/test-user-only.conf b/p11-kit/fixtures/test-user-only.conf deleted file mode 100644 index 3224c01..0000000 --- a/p11-kit/fixtures/test-user-only.conf +++ /dev/null @@ -1,4 +0,0 @@ - -user-config: only -key2: user2 -key3: user3
\ No newline at end of file diff --git a/p11-kit/fixtures/test-user.conf b/p11-kit/fixtures/test-user.conf deleted file mode 100644 index 369544a..0000000 --- a/p11-kit/fixtures/test-user.conf +++ /dev/null @@ -1,3 +0,0 @@ - -key2: user2 -key3: user3
\ No newline at end of file diff --git a/p11-kit/fixtures/user-modules/one.module b/p11-kit/fixtures/user-modules/one.module deleted file mode 100644 index 5197daf..0000000 --- a/p11-kit/fixtures/user-modules/one.module +++ /dev/null @@ -1,4 +0,0 @@ - -setting: user1 -managed: yes -number: 33 diff --git a/p11-kit/fixtures/user-modules/three.module b/p11-kit/fixtures/user-modules/three.module deleted file mode 100644 index 3a2366d..0000000 --- a/p11-kit/fixtures/user-modules/three.module +++ /dev/null @@ -1,6 +0,0 @@ - -module: mock-three.so -setting: user3 - -enable-in: test-enable -priority: 3
\ No newline at end of file diff --git a/p11-kit/fixtures/user-modules/win32/one.module b/p11-kit/fixtures/user-modules/win32/one.module deleted file mode 100644 index c371e4a..0000000 --- a/p11-kit/fixtures/user-modules/win32/one.module +++ /dev/null @@ -1,2 +0,0 @@ - -setting: user1
\ No newline at end of file diff --git a/p11-kit/fixtures/user-modules/win32/three.module b/p11-kit/fixtures/user-modules/win32/three.module deleted file mode 100644 index 30a3b63..0000000 --- a/p11-kit/fixtures/user-modules/win32/three.module +++ /dev/null @@ -1,6 +0,0 @@ - -module: mock-three.dll -setting: user3 - -enable-in: test-enable -priority: 3
\ No newline at end of file diff --git a/p11-kit/frob-setuid.c b/p11-kit/frob-setuid.c deleted file mode 100644 index e546ece..0000000 --- a/p11-kit/frob-setuid.c +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@redhat.com> - */ - -#include "config.h" - -#include <assert.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - -#include "compat.h" -#include "p11-kit.h" - -int -main (void) -{ - CK_FUNCTION_LIST **modules; - CK_FUNCTION_LIST *module; - char *field; - char *name; - int ret; - int i; - - /* - * Use 'chmod ug+s frob-setuid' to change this program - * and test the output with/without setuid or setgid. - */ - - putenv ("P11_KIT_STRICT=1"); - - modules = p11_kit_modules_load_and_initialize (0); - assert (modules != NULL); - - /* This is a system configured module */ - module = p11_kit_module_for_name (modules, "one"); - assert (module != NULL); - - field = p11_kit_config_option (module, "setting"); - printf ("'setting' on module 'one': %s\n", field ? field : "(null)"); - - assert (field != NULL); - if (getauxval (AT_SECURE)) - assert (strcmp (field, "system1") == 0); - else - assert (strcmp (field, "user1") == 0); - - free (field); - - for (i = 0; modules[i] != NULL; i++) { - name = p11_kit_module_get_name (modules[i]); - printf ("%s\n", name); - free (name); - } - - field = p11_kit_config_option (module, "number"); - printf ("'number' on module 'one': %s\n", field ? field : "(null)"); - - ret = atoi (field ? field : "0"); - assert (ret != 0); - free (field); - - p11_kit_modules_finalize_and_release (modules); - return ret; -} diff --git a/p11-kit/iter.c b/p11-kit/iter.c deleted file mode 100644 index 4caf5d7..0000000 --- a/p11-kit/iter.c +++ /dev/null @@ -1,983 +0,0 @@ -/* - * Copyright (C) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@redhat.com> - */ - -#include "config.h" - -#include "array.h" -#include "attrs.h" -#include "debug.h" -#include "iter.h" -#include "pin.h" -#include "private.h" - -#include <assert.h> -#include <stdlib.h> -#include <string.h> - -typedef struct _Callback { - p11_kit_iter_callback func; - void *callback_data; - p11_kit_destroyer destroyer; - struct _Callback *next; -} Callback; - -/** - * P11KitIter: - * - * Used to iterate over PKCS\#11 objects. - */ -struct p11_kit_iter { - - /* Iterator matching data */ - CK_INFO match_module; - CK_SLOT_INFO match_slot; - CK_TOKEN_INFO match_token; - CK_ATTRIBUTE *match_attrs; - CK_SLOT_ID match_slot_id; - Callback *callbacks; - - /* The input modules */ - p11_array *modules; - - /* The results of C_GetSlotList */ - CK_SLOT_ID *slots; - CK_ULONG num_slots; - CK_ULONG saw_slots; - - /* The results of C_FindObjects */ - CK_OBJECT_HANDLE *objects; - CK_ULONG max_objects; - CK_ULONG num_objects; - CK_ULONG saw_objects; - - /* The current iteration */ - CK_FUNCTION_LIST_PTR module; - CK_SLOT_ID slot; - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE object; - CK_SLOT_INFO slot_info; - CK_TOKEN_INFO token_info; - - /* And various flags */ - unsigned int searching : 1; - unsigned int searched : 1; - unsigned int iterating : 1; - unsigned int match_nothing : 1; - unsigned int keep_session : 1; - unsigned int preload_results : 1; - unsigned int want_writable : 1; -}; - -/** - * P11KitIterBehavior: - * @P11_KIT_ITER_BUSY_SESSIONS: Allow the iterator's sessions to be - * in a busy state when the iterator returns an object. - * @P11_KIT_ITER_WANT_WRITABLE: Try to open read-write sessions when - * iterating over obojects. - * - * Various flags controlling the behavior of the iterator. - */ - -/** - * p11_kit_iter_new: - * @uri: (allow-none): a PKCS\#11 URI to filter on, or %NULL - * @behavior: various behavior flags for iterator - * - * Create a new PKCS\#11 iterator for iterating over objects. Only - * objects that match the @uri will be returned by the iterator. - * Relevant information in @uri is copied, and you need not keep - * @uri around. - * - * If no @uri is specified then the iterator will iterate over all - * objects, unless otherwise filtered. - * - * Returns: (transfer full): a new iterator, which should be freed - * with p11_kit_iter_free() - */ -P11KitIter * -p11_kit_iter_new (P11KitUri *uri, - P11KitIterBehavior behavior) -{ - P11KitIter *iter; - - iter = calloc (1, sizeof (P11KitIter)); - return_val_if_fail (iter != NULL, NULL); - - iter->modules = p11_array_new (NULL); - return_val_if_fail (iter->modules != NULL, NULL); - - iter->want_writable = !!(behavior & P11_KIT_ITER_WANT_WRITABLE); - iter->preload_results = !(behavior & P11_KIT_ITER_BUSY_SESSIONS); - - p11_kit_iter_set_uri (iter, uri); - return iter; -} - -/** - * p11_kit_iter_set_uri: - * @iter: the iterator - * @uri: (allow-none): a PKCS\#11 URI to filter on, or %NULL - * - * Set the PKCS\#11 uri for iterator. Only - * objects that match the @uri will be returned by the iterator. - * Relevant information in @uri is copied, and you need not keep - * @uri around. - * - * If no @uri is specified then the iterator will iterate over all - * objects, unless otherwise filtered. - * - * This function should be called at most once, and should be - * called before iterating begins. - * - */ -void -p11_kit_iter_set_uri (P11KitIter *iter, - P11KitUri *uri) -{ - CK_ATTRIBUTE *attrs; - CK_TOKEN_INFO *tinfo; - CK_SLOT_INFO *sinfo; - CK_INFO *minfo; - CK_ULONG count; - - return_if_fail (iter != NULL); - - if (uri != NULL) { - - if (p11_kit_uri_any_unrecognized (uri)) { - iter->match_nothing = 1; - - } else { - attrs = p11_kit_uri_get_attributes (uri, &count); - iter->match_attrs = p11_attrs_buildn (NULL, attrs, count); - - iter->match_slot_id = p11_kit_uri_get_slot_id (uri); - - minfo = p11_kit_uri_get_module_info (uri); - if (minfo != NULL) - memcpy (&iter->match_module, minfo, sizeof (CK_INFO)); - - sinfo = p11_kit_uri_get_slot_info (uri); - if (sinfo != NULL) - memcpy (&iter->match_slot, sinfo, sizeof (CK_SLOT_INFO)); - - tinfo = p11_kit_uri_get_token_info (uri); - if (tinfo != NULL) - memcpy (&iter->match_token, tinfo, sizeof (CK_TOKEN_INFO)); - } - } else { - /* Match any module version number and slot ID */ - memset (&iter->match_module, 0, sizeof (iter->match_module)); - iter->match_module.libraryVersion.major = (CK_BYTE)-1; - iter->match_module.libraryVersion.minor = (CK_BYTE)-1; - iter->match_slot_id = (CK_SLOT_ID)-1; - } -} - -/** - * p11_kit_destroyer: - * @data: data to destroy - * - * A callback called to free a resource. - */ - -/** - * p11_kit_iter_callback: - * @iter: the iterator - * @matches: (out): whether to match the current object - * @data: callback data - * - * A callback setup with p11_kit_iter_add_callback(). This callback is - * called for each object iterated. - * - * If the callback sets @matches to CK_FALSE, then this object is - * skipped and not matched by p11_kit_iter_next(). If you return - * anything but CKR_OK, then the iteration is stopped, and - * p11_kit_iter_next() returns the result code. - * - * Returns: CKR_OK to continue iterating, CKR_CANCEL to stop, or - * anything else to fail - */ - -/** - * p11_kit_iter_add_callback: - * @iter: the iterator - * @callback: a function to call for each iteration - * @callback_data: (allow-none): data to pass to the function - * @callback_destroy: (allow-none): used to cleanup the data - * - * Adds a callback to the iterator which will be called each time - * that an object is iterated. - * - * These callbacks can also perform filtering. If any callback - * indicates through it's <literal>matches</literal> argument that - * the object should not match, then that object will not be iterated - * as far as p11_kit_iter_next() is concerned. - * - * The callbacks will be called with the <literal>matches</literal> - * set to <literal>CK_TRUE</literal> and it's up to filters to change - * it to <literal>CK_FALSE</literal> when necessary. - */ -void -p11_kit_iter_add_callback (P11KitIter *iter, - p11_kit_iter_callback callback, - void *callback_data, - p11_kit_destroyer callback_destroy) -{ - Callback *cb; - - return_if_fail (iter != NULL); - return_if_fail (callback != NULL); - - cb = calloc (1, sizeof (Callback)); - return_if_fail (cb != NULL); - - cb->func = callback; - cb->destroyer = callback_destroy; - cb->callback_data = callback_data; - cb->next = iter->callbacks; - iter->callbacks = cb; -} - -/** - * p11_kit_iter_add_filter: - * @iter: the iterator - * @matching: (array length=count): the attributes that the objects should match - * @count: the number of attributes - * - * Add a filter to limit the objects that the iterator iterates over. - * - * Only objects matching the passed in attributes will be iterated. - * This function can be called multiple times. - * - * The @matching attributes are copied. - */ -void -p11_kit_iter_add_filter (P11KitIter *iter, - CK_ATTRIBUTE *matching, - CK_ULONG count) -{ - return_if_fail (iter != NULL); - return_if_fail (!iter->iterating); - - iter->match_attrs = p11_attrs_buildn (iter->match_attrs, matching, count); - return_if_fail (iter->match_attrs != NULL); -} - -static void -finish_object (P11KitIter *iter) -{ - iter->object = 0; -} - -static void -finish_slot (P11KitIter *iter) -{ - if (iter->session && !iter->keep_session) { - assert (iter->module != NULL); - (iter->module->C_CloseSession) (iter->session); - } - - iter->keep_session = 0; - iter->session = 0; - iter->searched = 0; - iter->searching = 0; - iter->slot = 0; -} - -static void -finish_module (P11KitIter *iter) -{ - iter->num_slots = 0; - iter->saw_slots = 0; - iter->module = NULL; -} - -static CK_RV -finish_iterating (P11KitIter *iter, - CK_RV rv) -{ - finish_object (iter); - finish_slot (iter); - finish_module (iter); - p11_array_clear (iter->modules); - - iter->iterating = 0; - return rv; -} - -/** - * p11_kit_iter_begin: - * @iter: the iterator - * @modules: (array zero-terminated=1): null-terminated list of - * modules to iterate over - * - * Begin iterating PKCS\#11 objects in the given @modules. - * - * The @modules arguments should be a null-terminated list of - * pointers to the modules' PKCS\#11 function pointers. - * - * For each module, all initialized slots will be iterated over, - * having sessions opened for each of them in turn, and searched - * for objects matching the search criteria. - */ -void -p11_kit_iter_begin (P11KitIter *iter, - CK_FUNCTION_LIST_PTR *modules) -{ - int i; - - return_if_fail (modules != NULL); - - finish_iterating (iter, CKR_OK); - - /* Use this module */ - for (i = 0; modules[i] != NULL; i++) { - if (!p11_array_push (iter->modules, modules[i])) - return_if_reached (); - } - - iter->iterating = 1; - iter->searched = 1; -} - -/** - * p11_kit_iter_begin_with: - * @iter: the iterator - * @module: the module to iterate over - * @slot: (allow-none): the slot to iterate objects in, or zero - * @session: (allow-none): the session to search for objects on, or zero - * - * Begin iterating PKCS\#11 objects in the given @module. - * - * If @slot is non-zero then the iteration will be limited to that - * slot. - * - * If @session is non-zero then the iteration will be limited to - * objects visible through that session, which implies that they - * are also limited to the slot which the session was opened for. - */ -void -p11_kit_iter_begin_with (P11KitIter *iter, - CK_FUNCTION_LIST_PTR module, - CK_SLOT_ID slot, - CK_SESSION_HANDLE session) -{ - CK_SESSION_INFO info; - CK_RV rv; - - finish_iterating (iter, CKR_OK); - - return_if_fail (module != NULL); - - if (session != 0) { - /* - * A currently active session. Initialize as if we're ready - * to search using this session. - */ - - /* If we have a session, but no slot, then look it up */ - if (slot == 0) { - assert (module != NULL); - rv = (module->C_GetSessionInfo) (session, &info); - if (rv == CKR_OK) - slot = info.slotID; - } - - /* So initialize as if we're ready to search */ - iter->session = session; - iter->slot = slot; - iter->module = module; - iter->keep_session = 1; - - } else if (slot != 0) { - - /* - * Limit to this slot. Initialize as if we're ready to use the - * slot from the slots list. - */ - - iter->module = module; - iter->slots = realloc (iter->slots, sizeof (CK_SLOT_ID)); - return_if_fail (iter->slots != NULL); - iter->slots[0] = slot; - iter->num_slots = 1; - iter->searched = 1; - - } else { - - /* - * Limit to this module. Initialize as if we're ready to use - * the module from the modules array. - */ - - assert (module != NULL); - p11_array_push (iter->modules, module); - iter->session = 0; - iter->slot = 0; - iter->searched = 1; - } - - iter->iterating = 1; -} - -static CK_RV -call_all_filters (P11KitIter *iter, - CK_BBOOL *matches) -{ - Callback *cb; - CK_RV rv; - - *matches = CK_TRUE; - - for (cb = iter->callbacks; cb != NULL; cb = cb->next) { - rv = (cb->func) (iter, matches, cb->callback_data); - if (rv != CKR_OK || !*matches) - return rv; - } - - return CKR_OK; -} - -static CK_RV -move_next_session (P11KitIter *iter) -{ - CK_ULONG session_flags; - CK_ULONG num_slots; - CK_INFO minfo; - CK_RV rv; - - finish_slot (iter); - - /* If we have no more slots, then move to next module */ - while (iter->saw_slots >= iter->num_slots) { - finish_module (iter); - - /* Iter is finished */ - if (iter->modules->num == 0) - return finish_iterating (iter, CKR_CANCEL); - - iter->module = iter->modules->elem[0]; - p11_array_remove (iter->modules, 0); - - /* Skip module if it doesn't match uri */ - assert (iter->module != NULL); - rv = (iter->module->C_GetInfo) (&minfo); - if (rv != CKR_OK || !p11_match_uri_module_info (&iter->match_module, &minfo)) - continue; - - rv = (iter->module->C_GetSlotList) (CK_TRUE, NULL, &num_slots); - if (rv != CKR_OK) - return finish_iterating (iter, rv); - - iter->slots = realloc (iter->slots, sizeof (CK_SLOT_ID) * (num_slots + 1)); - return_val_if_fail (iter->slots != NULL, CKR_HOST_MEMORY); - - rv = (iter->module->C_GetSlotList) (CK_TRUE, iter->slots, &num_slots); - if (rv != CKR_OK) - return finish_iterating (iter, rv); - - iter->num_slots = num_slots; - assert (iter->saw_slots == 0); - } - - /* Move to the next slot, and open a session on it */ - while (iter->saw_slots < iter->num_slots) { - iter->slot = iter->slots[iter->saw_slots++]; - - assert (iter->module != NULL); - if (iter->match_slot_id != (CK_SLOT_ID)-1 && iter->slot != iter->match_slot_id) - continue; - rv = (iter->module->C_GetSlotInfo) (iter->slot, &iter->slot_info); - if (rv != CKR_OK || !p11_match_uri_slot_info (&iter->match_slot, &iter->slot_info)) - continue; - rv = (iter->module->C_GetTokenInfo) (iter->slot, &iter->token_info); - if (rv != CKR_OK || !p11_match_uri_token_info (&iter->match_token, &iter->token_info)) - continue; - - session_flags = CKF_SERIAL_SESSION; - - /* Skip if the read/write on a read-only token */ - if (iter->want_writable && (iter->token_info.flags & CKF_WRITE_PROTECTED) == 0) - session_flags |= CKF_RW_SESSION; - - rv = (iter->module->C_OpenSession) (iter->slot, session_flags, - NULL, NULL, &iter->session); - if (rv != CKR_OK) - return finish_iterating (iter, rv); - - if (iter->session != 0) - return CKR_OK; - } - - /* Otherwise try again */ - return move_next_session (iter); -} - -/** - * p11_kit_iter_next: - * @iter: the iterator - * - * Iterate to the next matching object. - * - * To access the object, session and so on, use the p11_kit_iter_get_object(), - * p11_kit_iter_get_session(), and p11_kit_iter_get_module() functions. - * - * This call must only be called after either p11_kit_iter_begin() - * or p11_kit_iter_begin_with() have been called. - * - * Objects which are skipped by callbacks will not be returned here - * as matching objects. - * - * Returns: CKR_OK if an object matched, CKR_CANCEL if no more objects, or another error - */ -CK_RV -p11_kit_iter_next (P11KitIter *iter) -{ - CK_ULONG batch; - CK_ULONG count; - CK_BBOOL matches; - CK_RV rv; - - return_val_if_fail (iter->iterating, CKR_OPERATION_NOT_INITIALIZED); - - iter->object = 0; - - if (iter->match_nothing) - return finish_iterating (iter, CKR_CANCEL); - - /* - * If we have outstanding objects, then iterate one through those - * Note that we pass each object through the filters, and only - * assume it's iterated if it matches - */ - while (iter->saw_objects < iter->num_objects) { - iter->object = iter->objects[iter->saw_objects++]; - - rv = call_all_filters (iter, &matches); - if (rv != CKR_OK) - return finish_iterating (iter, rv); - - if (matches) - return CKR_OK; - } - - /* If we have finished searching then move to next session */ - if (iter->searched) { - rv = move_next_session (iter); - if (rv != CKR_OK) - return finish_iterating (iter, rv); - } - - /* Ready to start searching */ - if (!iter->searching && !iter->searched) { - count = p11_attrs_count (iter->match_attrs); - rv = (iter->module->C_FindObjectsInit) (iter->session, iter->match_attrs, count); - if (rv != CKR_OK) - return finish_iterating (iter, rv); - iter->searching = 1; - iter->searched = 0; - } - - /* If we have searched on this session then try to continue */ - if (iter->searching) { - assert (iter->module != NULL); - assert (iter->session != 0); - iter->num_objects = 0; - iter->saw_objects = 0; - - for (;;) { - if (iter->max_objects - iter->num_objects == 0) { - iter->max_objects = iter->max_objects ? iter->max_objects * 2 : 64; - iter->objects = realloc (iter->objects, iter->max_objects * sizeof (CK_ULONG)); - return_val_if_fail (iter->objects != NULL, CKR_HOST_MEMORY); - } - - batch = iter->max_objects - iter->num_objects; - rv = (iter->module->C_FindObjects) (iter->session, - iter->objects + iter->num_objects, - batch, &count); - if (rv != CKR_OK) - return finish_iterating (iter, rv); - - iter->num_objects += count; - - /* - * Done searching on this session, although there are still - * objects outstanding, which will be returned on next - * iterations. - */ - if (batch != count) { - iter->searching = 0; - iter->searched = 1; - (iter->module->C_FindObjectsFinal) (iter->session); - break; - } - - if (!iter->preload_results) - break; - } - } - - /* Try again */ - return p11_kit_iter_next (iter); -} - -/** - * p11_kit_iter_get_module: - * @iter: the iterator - * - * Get the module function pointers for the current matching object. - * - * This can only be called after p11_kit_iter_next() succeeds. - * - * Returns: the module which the current matching object is in - */ -CK_FUNCTION_LIST_PTR -p11_kit_iter_get_module (P11KitIter *iter) -{ - return_val_if_fail (iter != NULL, NULL); - return_val_if_fail (iter->iterating, 0); - return iter->module; -} - -/** - * p11_kit_iter_get_slot: - * @iter: the iterator - * - * Get the slot which the current matching object is on. - * - * This can only be called after p11_kit_iter_next() succeeds. - * - * Returns: the slot of the current matching object - */ -CK_SLOT_ID -p11_kit_iter_get_slot (P11KitIter *iter) -{ - return_val_if_fail (iter != NULL, 0); - return_val_if_fail (iter->iterating, 0); - return iter->slot; -} - -/** - * p11_kit_iter_get_slot_info: - * @iter: the iterator - * - * Get the slot info for the slot which the current matching object is on. - * - * This can only be called after p11_kit_iter_next() succeeds. - * - * Returns: the slot of the current matching object. - */ -CK_SLOT_INFO * -p11_kit_iter_get_slot_info (P11KitIter *iter) -{ - return_val_if_fail (iter != NULL, NULL); - return &iter->slot_info; -} - -/** - * p11_kit_iter_get_token: - * @iter: the iterator - * - * Get the token info for the token which the current matching object is on. - * - * This can only be called after p11_kit_iter_next() succeeds. - * - * Returns: the slot of the current matching object. - */ -CK_TOKEN_INFO * -p11_kit_iter_get_token (P11KitIter *iter) -{ - return_val_if_fail (iter != NULL, NULL); - return &iter->token_info; -} - -/** - * p11_kit_iter_get_session: - * @iter: the iterator - * - * Get the session which the current matching object is acessible - * through. - * - * This can only be called after p11_kit_iter_next() succeeds. - * - * The session may be closed after the next p11_kit_iter_next() call - * unless p11_kit_iter_keep_session() is called. - * - * Returns: the session used to find the current matching object - */ -CK_SESSION_HANDLE -p11_kit_iter_get_session (P11KitIter *iter) -{ - return_val_if_fail (iter != NULL, 0); - return_val_if_fail (iter->iterating, 0); - return iter->session; -} - -/** - * p11_kit_iter_get_object: - * @iter: the iterator - * - * Get the current matching object. - * - * This can only be called after p11_kit_iter_next() succeeds. - * - * Returns: the current matching object - */ -CK_OBJECT_HANDLE -p11_kit_iter_get_object (P11KitIter *iter) -{ - return_val_if_fail (iter != NULL, 0); - return iter->object; -} - -/** - * p11_kit_iter_destroy_object: - * @iter: the iterator - * - * Destroy the current matching object. - * - * This can only be called after p11_kit_iter_next() succeeds. - * - * Returns: CKR_OK or a failure code - */ -CK_RV -p11_kit_iter_destroy_object (P11KitIter *iter) -{ - return_val_if_fail (iter != NULL, CKR_GENERAL_ERROR); - return_val_if_fail (iter->iterating, CKR_GENERAL_ERROR); - return (iter->module->C_DestroyObject) (iter->session, iter->object); -} - -/** - * p11_kit_iter_get_attributes: - * @iter: the iterator - * @template: (array length=count) (inout): the attributes to get - * @count: the number of attributes - * - * Get attributes for the current matching object. - * - * This calls <literal>C_GetAttributeValue</literal> for the object - * currently iterated to. Return value and attribute memory behavior - * is identical to the PKCS\#11 <literal>C_GetAttributeValue</literal> - * function. - * - * You might choose to use p11_kit_iter_load_attributes() for a more - * helpful variant. - * - * This can only be called after p11_kit_iter_next() succeeds. - * - * Returns: The result from <literal>C_GetAttributeValue</literal>. - */ -CK_RV -p11_kit_iter_get_attributes (P11KitIter *iter, - CK_ATTRIBUTE *template, - CK_ULONG count) -{ - return_val_if_fail (iter != NULL, CKR_GENERAL_ERROR); - return_val_if_fail (iter->iterating, CKR_GENERAL_ERROR); - return_val_if_fail (iter->module != NULL, CKR_GENERAL_ERROR); - return_val_if_fail (iter->session != 0, CKR_GENERAL_ERROR); - return_val_if_fail (iter->object != 0, CKR_GENERAL_ERROR); - - return (iter->module->C_GetAttributeValue) (iter->session, iter->object, - template, count); -} - -/** - * p11_kit_iter_load_attributes: - * @iter: the iterator - * @template: (array length=count) (inout): the attributes to load - * @count: the number of attributes - * - * Retrieve attributes for the current matching object. - * - * Each attribute in the array will be filled in with the value - * of that attribute retrieved from the object. After use the - * attribute value memory pointed to by the <literal>pValue</literal> - * of each attribute should be freed with the <literal>free<!-- -->()</literal> - * function. - * - * If the <literal>pValue</literal> of an attribute is not %NULL passed - * to this function, then it will be passed to - * <literal>realloc<!-- -->()</literal> to allocate the correct amount - * of space for the attribute value. - * - * If any attribute is not present on the object, or is sensitive and - * cannot be retrieved, then the <literal>pValue</literal> will be NULL. - * If <literal>pValue</literal> was not %NULL when passed to this function - * then it will be freed with <literal>free<!-- -->()</literal>. In these - * cases <literal>CKR_OK</literal> is returned. - * - * This can only be called after p11_kit_iter_next() succeeds. - * - * Returns: CKR_OK or a failure code - */ -CK_RV -p11_kit_iter_load_attributes (P11KitIter *iter, - CK_ATTRIBUTE *template, - CK_ULONG count) -{ - CK_ATTRIBUTE *original = NULL; - CK_ULONG i; - CK_RV rv; - - return_val_if_fail (iter != NULL, CKR_GENERAL_ERROR); - return_val_if_fail (iter->iterating, CKR_GENERAL_ERROR); - return_val_if_fail (iter->module != NULL, CKR_GENERAL_ERROR); - return_val_if_fail (iter->session != 0, CKR_GENERAL_ERROR); - return_val_if_fail (iter->object != 0, CKR_GENERAL_ERROR); - - if (count == 0) - return CKR_OK; - - original = memdup (template, count * sizeof (CK_ATTRIBUTE)); - return_val_if_fail (original != NULL, CKR_HOST_MEMORY); - - for (i = 0; i < count; i++) - template[i].pValue = NULL; - - rv = (iter->module->C_GetAttributeValue) (iter->session, iter->object, template, count); - - switch (rv) { - case CKR_OK: - case CKR_ATTRIBUTE_TYPE_INVALID: - case CKR_ATTRIBUTE_SENSITIVE: - case CKR_BUFFER_TOO_SMALL: - break; - default: - free (original); - return rv; - } - - for (i = 0; i < count; i++) { - if (template[i].ulValueLen == (CK_ULONG)-1 || - template[i].ulValueLen == 0) { - free (original[i].pValue); - - } else if (original[i].pValue != NULL && - template[i].ulValueLen == original[i].ulValueLen) { - template[i].pValue = original[i].pValue; - - } else { - template[i].pValue = realloc (original[i].pValue, template[i].ulValueLen); - return_val_if_fail (template[i].pValue != NULL, CKR_HOST_MEMORY); - } - } - - free (original); - - rv = (iter->module->C_GetAttributeValue) (iter->session, iter->object, template, count); - - switch (rv) { - case CKR_OK: - case CKR_ATTRIBUTE_TYPE_INVALID: - case CKR_ATTRIBUTE_SENSITIVE: - rv = CKR_OK; - break; - default: - return_val_if_fail (rv != CKR_BUFFER_TOO_SMALL, rv); - return rv; - } - - for (i = 0; i < count; i++) { - if (template[i].ulValueLen == (CK_ULONG)-1 || - template[i].ulValueLen == 0) { - free (template[i].pValue); - template[i].pValue = NULL; - } - } - - return rv; -} - -/** - * p11_kit_iter_keep_session: - * @iter: the iterator - * - * After calling this function the session open for iterating - * the current object will not be automatically closed by - * the iterator after later calls to p11_kit_iter_next() or - * p11_kit_iter_free(). - * - * It is the callers responsibility to close this session, - * after the iterator has been freed. The session may still be - * used by the iterator if further iterations are performed. - * - * This can only be called after p11_kit_iter_next() succeeds. - * - * Returns: the current session - */ -CK_SESSION_HANDLE -p11_kit_iter_keep_session (P11KitIter *iter) -{ - return_val_if_fail (iter != NULL, 0); - return_val_if_fail (iter->iterating, 0); - return_val_if_fail (iter->session != 0, 0); - - iter->keep_session = 1; - return iter->session; -} - -/** - * p11_kit_iter_free: - * @iter: the iterator - * - * Frees the iterator and all resources, such as sessions - * or callbacks held by the iterator. - */ -void -p11_kit_iter_free (P11KitIter *iter) -{ - Callback *cb, *next; - - if (iter == NULL) - return; - - finish_iterating (iter, CKR_OK); - p11_array_free (iter->modules); - p11_attrs_free (iter->match_attrs); - free (iter->objects); - free (iter->slots); - - for (cb = iter->callbacks; cb != NULL; cb = next) { - next = cb->next; - if (cb->destroyer) - (cb->destroyer) (cb->callback_data); - free (cb); - } - - free (iter); -} diff --git a/p11-kit/iter.h b/p11-kit/iter.h deleted file mode 100644 index 3f51041..0000000 --- a/p11-kit/iter.h +++ /dev/null @@ -1,117 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat, Inc - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@redhat.com> - */ - -#ifndef P11_KIT_ITER_H -#define P11_KIT_ITER_H - -#include "p11-kit/p11-kit.h" -#include "p11-kit/pkcs11.h" -#include "p11-kit/uri.h" - -#ifdef __cplusplus -extern "C" { -#endif - -#ifdef P11_KIT_FUTURE_UNSTABLE_API - -typedef struct p11_kit_iter P11KitIter; -typedef P11KitIter p11_kit_iter; - -typedef enum { - P11_KIT_ITER_BUSY_SESSIONS = 1 << 1, - P11_KIT_ITER_WANT_WRITABLE = 1 << 2, -} P11KitIterBehavior; - -typedef CK_RV (* p11_kit_iter_callback) (P11KitIter *iter, - CK_BBOOL *matches, - void *data); - -P11KitIter * p11_kit_iter_new (P11KitUri *uri, - P11KitIterBehavior behavior); - -void p11_kit_iter_free (P11KitIter *iter); - -void p11_kit_iter_add_callback (P11KitIter *iter, - p11_kit_iter_callback callback, - void *callback_data, - p11_kit_destroyer callback_destroy); - -void p11_kit_iter_add_filter (P11KitIter *iter, - CK_ATTRIBUTE *matching, - CK_ULONG count); - -void p11_kit_iter_set_uri (P11KitIter *iter, - P11KitUri *uri); - -void p11_kit_iter_begin (P11KitIter *iter, - CK_FUNCTION_LIST_PTR *modules); - -void p11_kit_iter_begin_with (P11KitIter *iter, - CK_FUNCTION_LIST_PTR module, - CK_SLOT_ID slot, - CK_SESSION_HANDLE session); - -CK_RV p11_kit_iter_next (P11KitIter *iter); - -CK_FUNCTION_LIST_PTR p11_kit_iter_get_module (P11KitIter *iter); - -CK_SLOT_ID p11_kit_iter_get_slot (P11KitIter *iter); - -CK_SLOT_INFO * p11_kit_iter_get_slot_info (P11KitIter *iter); - -CK_TOKEN_INFO * p11_kit_iter_get_token (P11KitIter *iter); - -CK_SESSION_HANDLE p11_kit_iter_get_session (P11KitIter *iter); - -CK_OBJECT_HANDLE p11_kit_iter_get_object (P11KitIter *iter); - -CK_RV p11_kit_iter_get_attributes (P11KitIter *iter, - CK_ATTRIBUTE *template, - CK_ULONG count); - -CK_RV p11_kit_iter_load_attributes (P11KitIter *iter, - CK_ATTRIBUTE *template, - CK_ULONG count); - -CK_SESSION_HANDLE p11_kit_iter_keep_session (P11KitIter *iter); - -CK_RV p11_kit_iter_destroy_object (P11KitIter *iter); - -#endif /* P11_KIT_FUTURE_UNSTABLE_API */ - -#ifdef __cplusplus -} /* extern "C" */ -#endif - -#endif /* P11_KIT_ITER_H */ diff --git a/p11-kit/lists.c b/p11-kit/lists.c deleted file mode 100644 index 5804be2..0000000 --- a/p11-kit/lists.c +++ /dev/null @@ -1,290 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@collabora.co.uk> - */ - -#include "config.h" - -#include "compat.h" -#include "debug.h" - -#include <assert.h> -#include <ctype.h> -#include <string.h> -#include <stdio.h> -#include <stdlib.h> -#include <unistd.h> - -#include "message.h" -#include "p11-kit.h" -#include "tool.h" -#include "uri.h" - -int p11_kit_list_modules (int argc, - char *argv[]); - -bool verbose = false; - -static const char HEXC_LOWER[] = "0123456789abcdef"; - -static char * -hex_encode (const unsigned char *data, - size_t n_data) -{ - char *result; - size_t i; - size_t o; - - result = malloc (n_data * 3 + 1); - if (result == NULL) - return NULL; - - for (i = 0, o = 0; i < n_data; i++) { - if (i > 0) - result[o++] = ':'; - result[o++] = HEXC_LOWER[data[i] >> 4 & 0xf]; - result[o++] = HEXC_LOWER[data[i] & 0xf]; - } - - result[o] = 0; - return result; -} - -static bool -is_ascii_string (const unsigned char *data, - size_t n_data) -{ - size_t i; - - for (i = 0; i < n_data; i++) { - if (!isascii (data[i]) && - (data[i] < 0x20 && !isspace (data[i]))) - return false; - } - - return true; -} - -static void -print_token_info (CK_FUNCTION_LIST_PTR module, CK_SLOT_ID slot_id) -{ - CK_TOKEN_INFO info; - char *value; - CK_RV rv; - - rv = (module->C_GetTokenInfo) (slot_id, &info); - if (rv != CKR_OK) { - p11_message ("couldn't load module info: %s", p11_kit_strerror (rv)); - return; - } - - value = p11_kit_space_strdup (info.label, sizeof (info.label)); - printf (" token: %s\n", value); - free (value); - - value = p11_kit_space_strdup (info.manufacturerID, sizeof (info.manufacturerID)); - printf (" manufacturer: %s\n", value); - free (value); - - value = p11_kit_space_strdup (info.model, sizeof (info.model)); - printf (" model: %s\n", value); - free (value); - - if (is_ascii_string (info.serialNumber, sizeof (info.serialNumber))) - value = p11_kit_space_strdup (info.serialNumber, sizeof (info.serialNumber)); - else - value = hex_encode (info.serialNumber, sizeof (info.serialNumber)); - printf (" serial-number: %s\n", value); - free (value); - - if (info.hardwareVersion.major || info.hardwareVersion.minor) - printf (" hardware-version: %d.%d\n", - info.hardwareVersion.major, - info.hardwareVersion.minor); - - if (info.firmwareVersion.major || info.firmwareVersion.minor) - printf (" firmware-version: %d.%d\n", - info.firmwareVersion.major, - info.firmwareVersion.minor); - - printf (" flags:\n"); - #define X(x, y) if (info.flags & (x)) printf (" %s\n", (y)) - X(CKF_RNG, "rng"); - X(CKF_WRITE_PROTECTED, "write-protected"); - X(CKF_LOGIN_REQUIRED, "login-required"); - X(CKF_USER_PIN_INITIALIZED, "user-pin-initialized"); - X(CKF_RESTORE_KEY_NOT_NEEDED, "restore-key-not-needed"); - X(CKF_CLOCK_ON_TOKEN, "clock-on-token"); - X(CKF_PROTECTED_AUTHENTICATION_PATH, "protected-authentication-path"); - X(CKF_DUAL_CRYPTO_OPERATIONS, "dual-crypto-operations"); - X(CKF_TOKEN_INITIALIZED, "token-initialized"); - X(CKF_SECONDARY_AUTHENTICATION, "secondary-authentication"); - X(CKF_USER_PIN_COUNT_LOW, "user-pin-count-low"); - X(CKF_USER_PIN_FINAL_TRY, "user-pin-final-try"); - X(CKF_USER_PIN_LOCKED, "user-pin-locked"); - X(CKF_USER_PIN_TO_BE_CHANGED, "user-pin-to-be-changed"); - X(CKF_SO_PIN_COUNT_LOW, "so-pin-count-low"); - X(CKF_SO_PIN_FINAL_TRY, "so-pin-final-try"); - X(CKF_SO_PIN_LOCKED, "so-pin-locked"); - X(CKF_SO_PIN_TO_BE_CHANGED, "so-pin-to-be-changed"); - #undef X -} - -static void -print_module_info (CK_FUNCTION_LIST_PTR module) -{ - CK_SLOT_ID slot_list[256]; - CK_ULONG i, count; - CK_INFO info; - char *value; - CK_RV rv; - - rv = (module->C_GetInfo) (&info); - if (rv != CKR_OK) { - p11_message ("couldn't load module info: %s", p11_kit_strerror (rv)); - return; - } - - value = p11_kit_space_strdup (info.libraryDescription, - sizeof (info.libraryDescription)); - printf (" library-description: %s\n", value); - free (value); - - value = p11_kit_space_strdup (info.manufacturerID, - sizeof (info.manufacturerID)); - printf (" library-manufacturer: %s\n", value); - free (value); - - printf (" library-version: %d.%d\n", - info.libraryVersion.major, - info.libraryVersion.minor); - - count = sizeof (slot_list) / sizeof (slot_list[0]); - rv = (module->C_GetSlotList) (CK_TRUE, slot_list, &count); - if (rv != CKR_OK) { - p11_message ("couldn't load module info: %s", p11_kit_strerror (rv)); - return; - } - - for (i = 0; i < count; i++) - print_token_info (module, slot_list[i]); -} - -static int -print_modules (void) -{ - CK_FUNCTION_LIST_PTR *module_list; - char *name; - char *path; - int i; - - module_list = p11_kit_modules_load_and_initialize (0); - if (!module_list) - return 1; - - for (i = 0; module_list[i]; i++) { - name = p11_kit_module_get_name (module_list[i]); - path = p11_kit_config_option (module_list[i], "module"); - - printf ("%s: %s\n", - name ? name : "(null)", - path ? path : "(null)"); - print_module_info (module_list[i]); - - free (name); - free (path); - } - - p11_kit_modules_finalize_and_release (module_list); - return 0; -} - -int -p11_kit_list_modules (int argc, - char *argv[]) -{ - int opt; - - enum { - opt_verbose = 'v', - opt_quiet = 'q', - opt_list = 'l', - opt_help = 'h', - }; - - struct option options[] = { - { "verbose", no_argument, NULL, opt_verbose }, - { "quiet", no_argument, NULL, opt_quiet }, - { "list", no_argument, NULL, opt_list }, - { "help", no_argument, NULL, opt_help }, - { 0 }, - }; - - p11_tool_desc usages[] = { - { 0, "usage: p11-kit list" }, - { opt_verbose, "show verbose debug output", }, - { opt_quiet, "suppress command output", }, - { 0 }, - }; - - while ((opt = p11_tool_getopt (argc, argv, options)) != -1) { - switch (opt) { - - case opt_verbose: - p11_kit_be_loud (); - break; - - case opt_quiet: - p11_kit_be_quiet (); - break; - - case opt_list: - break; - - case opt_help: - p11_tool_usage (usages, options); - return 0; - case '?': - return 2; - default: - assert_not_reached (); - break; - } - } - - if (argc - optind != 0) { - p11_message ("extra arguments specified"); - return 2; - } - - return print_modules (); -} diff --git a/p11-kit/log.c b/p11-kit/log.c deleted file mode 100644 index 19377b2..0000000 --- a/p11-kit/log.c +++ /dev/null @@ -1,2022 +0,0 @@ -/* - * Copyright (c) 2007, Stefan Walter - * Copyright (c) 2013, Red Hat Inc. - * - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * - * CONTRIBUTORS - * Stef Walter <stef@memberwebs.com> - */ - -#include "config.h" - -#include "attrs.h" -#include "buffer.h" -#include "constants.h" -#include "debug.h" -#include "log.h" -#include "p11-kit.h" -#include "virtual.h" - -#include <sys/types.h> -#include <stdlib.h> -#include <stdio.h> -#include <string.h> -#include <errno.h> -#include <stdarg.h> - -bool p11_log_force = false; -bool p11_log_output = true; - -typedef struct { - p11_virtual virt; - CK_X_FUNCTION_LIST *lower; - p11_destroyer destroyer; -} LogData; - -#define LOG_FLAG(buf, flags, had, flag) \ - if ((flags & flag) == flag) { \ - p11_buffer_add (buf, had ? " | " : " = ", 3); \ - p11_buffer_add (buf, #flag, -1); \ - had++; \ - } - -static void -log_CKM (p11_buffer *buf, - CK_MECHANISM_TYPE v) -{ - char temp[32]; - const char *string; - - string = p11_constant_name (p11_constant_mechanisms, v); - if (string == NULL) { - snprintf (temp, sizeof (temp), "CKM_0x%08lX", v); - p11_buffer_add (buf, temp, -1); - } else { - p11_buffer_add (buf, string, -1); - } -} - -static void -log_CKS (p11_buffer *buf, - CK_STATE v) -{ - char temp[32]; - const char *string; - - string = p11_constant_name (p11_constant_states, v); - if (string == NULL) { - snprintf (temp, sizeof (temp), "CKS_0x%08lX", v); - p11_buffer_add (buf, temp, -1); - } else { - p11_buffer_add (buf, string, -1); - } -} - -static void -log_CKU (p11_buffer *buf, - CK_USER_TYPE v) -{ - char temp[32]; - const char *string; - - string = p11_constant_name (p11_constant_users, v); - if (string == NULL) { - snprintf (temp, sizeof (temp), "CKU_0x%08lX", v); - p11_buffer_add (buf, temp, -1); - } else { - p11_buffer_add (buf, string, -1); - } -} - -static void -log_CKR (p11_buffer *buf, - CK_RV v) -{ - char temp[32]; - const char *string; - - string = p11_constant_name (p11_constant_returns, v); - if (string == NULL) { - snprintf (temp, sizeof (temp), "CKR_0x%08lX", v); - p11_buffer_add (buf, temp, -1); - } else { - p11_buffer_add (buf, string, -1); - } -} - -static void -log_some_bytes (p11_buffer *buf, - CK_BYTE_PTR arr, - CK_ULONG num) -{ - CK_ULONG i; - char temp[128]; - char *p, *e; - CK_BYTE ch; - - if(!arr) { - p11_buffer_add (buf, "NULL", 4); - return; - } else if (num == (CK_ULONG)-1) { - p11_buffer_add (buf, "????", 4); - return; - } - - temp[0] = '\"'; - p = temp + 1; - e = temp + (sizeof (temp) - 8); - - for(i = 0; i < num && p < e; ++i, ++p) { - ch = arr[i]; - if (ch == '\t') { - p[0] = '\\'; p[1] = 't'; - ++p; - } else if (ch == '\n') { - p[0] = '\\'; p[1] = 'n'; - ++p; - } else if (ch == '\r') { - p[0] = '\\'; p[1] = 'r'; - ++p; - } else if (ch >= 32 && ch < 127) { - *p = ch; - } else { - p[0] = '\\'; - p[1] = 'x'; - sprintf(p + 2, "%02X", ch); - p += 3; - } - } - - *p = 0; - if (p >= e) - strcpy (e, "..."); - strcat (p, "\""); - p11_buffer_add (buf, temp, -1); -} - -static void -log_pointer (p11_buffer *buf, - const char *pref, - const char *name, - CK_VOID_PTR val, - CK_RV status) -{ - char temp[32]; - - if (status != CKR_OK) - return; - - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = ", 3); - if (val == NULL) { - p11_buffer_add (buf, "NULL\n", 5); - } else { - snprintf (temp, sizeof (temp), "0x%08lX\n", (unsigned long)(size_t)val); - p11_buffer_add (buf, temp, -1); - } -} - -static void -log_attribute_types (p11_buffer *buf, - const char *pref, - const char *name, - CK_ATTRIBUTE_PTR arr, - CK_ULONG num, - CK_RV status) -{ - const char *string; - char temp[32]; - CK_ULONG i; - - if (status == CKR_BUFFER_TOO_SMALL) { - arr = NULL; - status = CKR_OK; - } - if (status != CKR_OK) - return; - - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = ", 3); - if (arr == NULL) { - snprintf (temp, sizeof (temp), "(%lu) NONE\n", num); - p11_buffer_add (buf, temp, -1); - } else { - snprintf (temp, sizeof (temp), "(%lu) [ ", num); - p11_buffer_add (buf, temp, -1); - for (i = 0; i < num; i++) { - if (i > 0) - p11_buffer_add (buf, ", ", 2); - string = p11_constant_name (p11_constant_types, arr[i].type); - if (string != NULL) { - p11_buffer_add (buf, string, -1); - } else { - snprintf (temp, sizeof (temp), "CKA_0x%08lX", arr[i].type); - p11_buffer_add (buf, temp, -1); - } - } - - p11_buffer_add (buf, " ]\n", 3); - } -} - -static void -log_attribute_array (p11_buffer *buf, - const char *pref, - const char *name, - CK_ATTRIBUTE_PTR arr, - CK_ULONG num, - CK_RV status) -{ - char temp[32]; - - if (status == CKR_BUFFER_TOO_SMALL) { - arr = NULL; - status = CKR_OK; - } - if (status != CKR_OK) - return; - - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = ", 3); - if (arr == NULL) { - snprintf (temp, sizeof (temp), "(%lu) NONE\n", num); - p11_buffer_add (buf, temp, -1); - } else { - p11_attrs_format (buf, arr, num); - p11_buffer_add (buf, "\n", 1); - } -} - -static void -log_bool (p11_buffer *buf, - const char *pref, - const char *name, - CK_BBOOL val, - CK_RV status) -{ - if (status == CKR_OK) { - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = ", 3); - p11_buffer_add (buf, val ? "CK_TRUE" : "CK_FALSE", -1); - p11_buffer_add (buf, "\n", 1); - } -} - -static void -log_byte_array (p11_buffer *buf, - const char *pref, - const char *name, - CK_BYTE_PTR arr, - CK_ULONG_PTR num, - CK_RV status) -{ - char temp[32]; - - if (status == CKR_BUFFER_TOO_SMALL) { - arr = NULL; - status = CKR_OK; - } - - if (status != CKR_OK) - return; - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = ", 3); - if (num == NULL) { - p11_buffer_add (buf, "(?) NOTHING\n", -1); - } else if (arr == NULL) { - snprintf (temp, sizeof (temp), "(%lu) NOTHING\n", *num); - p11_buffer_add (buf, temp, -1); - } else { - snprintf (temp, sizeof (temp), "(%lu) ", *num); - p11_buffer_add (buf, temp, -1); - log_some_bytes (buf, arr, *num); - p11_buffer_add (buf, "\n", 1); - } -} - -static void -log_info (p11_buffer *buf, - const char *pref, - const char *name, - CK_INFO_PTR info, - CK_RV status) -{ - char temp[32]; - - if (status != CKR_OK) - return; - if (info == NULL) { - log_pointer (buf, pref, name, info, status); - } else { - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = {\n", 5); - p11_buffer_add (buf, "\tcryptokiVersion: ", -1); - snprintf (temp, sizeof (temp), "%u.%u", (unsigned int)info->cryptokiVersion.major, - (unsigned int)info->cryptokiVersion.minor); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n\tmanufacturerID: \"", -1); - p11_buffer_add (buf, info->manufacturerID, p11_kit_space_strlen (info->manufacturerID, sizeof (info->manufacturerID))); - p11_buffer_add (buf, "\"\n\tflags: ", -1); - snprintf (temp, sizeof (temp), "%lX", info->flags); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n\tlibraryDescription: \"", -1); - p11_buffer_add (buf, info->libraryDescription, p11_kit_space_strlen (info->libraryDescription, sizeof (info->libraryDescription))); - p11_buffer_add (buf, "\"\n\tlibraryVersion: ", -1); - snprintf (temp, sizeof (temp), "%u.%u", (unsigned int)info->libraryVersion.major, - (unsigned int)info->libraryVersion.minor); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n }\n", -1); - } -} - -static void -log_pInitArgs (p11_buffer *buf, - const char *pref, - const char *name, - CK_VOID_PTR pInitArgs, - CK_RV status) -{ - char temp[32]; - int had = 0; - - if (status != CKR_OK) - return; - if (pInitArgs == NULL) - log_pointer (buf, pref, name, pInitArgs, status); - else { - CK_C_INITIALIZE_ARGS *args = (CK_C_INITIALIZE_ARGS*)pInitArgs; - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = {\n", 5); - p11_buffer_add (buf, "\tCreateMutex: ", -1); - snprintf (temp, sizeof (temp), "0x%08lX", (unsigned long)(size_t)args->CreateMutex); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n\tDestroyMutex: ", -1); - snprintf (temp, sizeof (temp), "0x%08lX", (unsigned long)(size_t)args->DestroyMutex); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n\tLockMutex: ", -1); - snprintf (temp, sizeof (temp), "0x%08lX", (unsigned long)(size_t)args->LockMutex); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n\tUnlockMutex: ", -1); - snprintf (temp, sizeof (temp), "0x%08lX", (unsigned long)(size_t)args->UnlockMutex); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n\tflags: ", -1); - snprintf (temp, sizeof (temp), "%lX", args->flags); - LOG_FLAG (buf, args->flags, had, CKF_OS_LOCKING_OK); - p11_buffer_add (buf, "\n\treserved: ", -1); - snprintf (temp, sizeof (temp), "0x%08lX", (unsigned long)(size_t)args->pReserved); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n }\n", -1); - } -} - -static void -log_mechanism_info (p11_buffer *buf, - const char *pref, - const char *name, - CK_MECHANISM_INFO_PTR info, - CK_RV status) -{ - char temp[32]; - int had = 0; - - if (status != CKR_OK) - return; - if (info == NULL) { - log_pointer (buf, pref, name, info, status); - } else { - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = {\n", 5); - p11_buffer_add (buf, "\tulMinKeySize: ", -1); - snprintf (temp, sizeof (temp), "%lu", info->ulMinKeySize); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n\tulMaxKeySize: ", -1); - snprintf (temp, sizeof (temp), "%lu", info->ulMaxKeySize); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n\tflags: ", -1); - snprintf (temp, sizeof (temp), "%lX", info->flags); - p11_buffer_add (buf, temp, -1); - LOG_FLAG (buf, info->flags, had, CKF_HW); - LOG_FLAG (buf, info->flags, had, CKF_ENCRYPT); - LOG_FLAG (buf, info->flags, had, CKF_DECRYPT); - LOG_FLAG (buf, info->flags, had, CKF_DIGEST); - LOG_FLAG (buf, info->flags, had, CKF_SIGN); - LOG_FLAG (buf, info->flags, had, CKF_SIGN_RECOVER); - LOG_FLAG (buf, info->flags, had, CKF_VERIFY); - LOG_FLAG (buf, info->flags, had, CKF_VERIFY_RECOVER); - LOG_FLAG (buf, info->flags, had, CKF_GENERATE); - LOG_FLAG (buf, info->flags, had, CKF_GENERATE_KEY_PAIR); - LOG_FLAG (buf, info->flags, had, CKF_WRAP); - LOG_FLAG (buf, info->flags, had, CKF_UNWRAP); - LOG_FLAG (buf, info->flags, had, CKF_DERIVE); - LOG_FLAG (buf, info->flags, had, CKF_EXTENSION); - p11_buffer_add (buf, "\n }\n", -1); - } -} - -static void -log_mechanism (p11_buffer *buf, - const char *pref, - const char *name, - CK_MECHANISM_PTR mech, - CK_RV status) -{ - char temp[32]; - - if (status != CKR_OK) - return; - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = {\n", 5); - p11_buffer_add (buf, "\tmechanism: ", -1); - log_CKM (buf, mech->mechanism); - p11_buffer_add (buf, "\n\tpParameter: ", -1); - snprintf (temp, sizeof (temp), "(%lu) ", mech->ulParameterLen); - p11_buffer_add (buf, temp, -1); - log_some_bytes (buf, mech->pParameter, mech->ulParameterLen); - p11_buffer_add (buf, "\n }\n", -1); -} - -static void -log_mechanism_type (p11_buffer *buf, - const char *pref, - const char *name, - CK_MECHANISM_TYPE val, - CK_RV status) -{ - if (status != CKR_OK) - return; - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = ", 3); - log_CKM (buf, val); - p11_buffer_add (buf, "\n", 1); -} - -static void -log_mechanism_type_array (p11_buffer *buf, - const char *pref, - const char *name, - CK_MECHANISM_TYPE_PTR arr, - CK_ULONG_PTR num, - CK_RV status) -{ - char temp[32]; - CK_ULONG i; - - if (status == CKR_BUFFER_TOO_SMALL) { - arr = NULL; - status = CKR_OK; - } - if (status != CKR_OK) - return; - - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = ", 3); - if (num == NULL) { - p11_buffer_add (buf, "(?) NO-VALUES\n", -1); - } else if (arr == NULL) { - snprintf (temp, sizeof (temp), "(%lu) NO-VALUES\n", *num); - p11_buffer_add (buf, temp, -1); - } else { - snprintf (temp, sizeof (temp), "(%lu) [ ", *num); - p11_buffer_add (buf, temp, -1); - for(i = 0; i < *num; ++i) { - if (i > 0) - p11_buffer_add (buf, ", ", 2); - log_CKM (buf, arr[i]); - } - p11_buffer_add (buf, " ]\n", 3); - } -} - -static void -log_session_info (p11_buffer *buf, - const char *pref, - const char *name, - CK_SESSION_INFO_PTR info, - CK_RV status) -{ - char temp[32]; - int had = 0; - - if (status != CKR_OK) - return; - if (info == NULL) { - log_pointer (buf, pref, name, info, status); - } else { - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = {\n", 5); - p11_buffer_add (buf, "\tslotID: ", -1); - snprintf (temp, sizeof (temp), "SL%lu", info->slotID); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n\tstate: ", -1); - log_CKS (buf, info->state); - p11_buffer_add (buf, "\n\tflags: ", -1); - snprintf (temp, sizeof (temp), "%lX", info->flags); - p11_buffer_add (buf, temp, -1); - LOG_FLAG (buf, info->flags, had, CKF_SERIAL_SESSION); - LOG_FLAG (buf, info->flags, had, CKF_RW_SESSION); - p11_buffer_add (buf, "\n\tulDeviceError: ", -1); - snprintf (temp, sizeof (temp), "%lu", info->ulDeviceError); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n }\n", -1); - } -} - -static void -log_slot_info (p11_buffer *buf, - const char *pref, - const char *name, - CK_SLOT_INFO_PTR info, - CK_RV status) -{ - char temp[32]; - int had = 0; - - if (status != CKR_OK) - return; - if (info == NULL) { - log_pointer (buf, pref, name, info, status); - } else { - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = {\n", 5); - p11_buffer_add (buf, "\tslotDescription: \"", -1); - p11_buffer_add (buf, info->slotDescription, p11_kit_space_strlen (info->slotDescription, sizeof (info->slotDescription))); - p11_buffer_add (buf, "\"\n\tmanufacturerID: \"", -1); - p11_buffer_add (buf, info->manufacturerID, p11_kit_space_strlen (info->manufacturerID, sizeof (info->manufacturerID))); - p11_buffer_add (buf, "\"\n\tflags: ", -1); - snprintf (temp, sizeof (temp), "%lu", info->flags); - p11_buffer_add (buf, temp, -1); - LOG_FLAG (buf, info->flags, had, CKF_TOKEN_PRESENT); - LOG_FLAG (buf, info->flags, had, CKF_REMOVABLE_DEVICE); - LOG_FLAG (buf, info->flags, had, CKF_HW_SLOT); - p11_buffer_add (buf, "\n\thardwareVersion: ", -1); - snprintf (temp, sizeof (temp), "%u.%u", (unsigned int)info->hardwareVersion.major, - (unsigned int)info->hardwareVersion.minor); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n\tfirmwareVersion: ", -1); - snprintf (temp, sizeof (temp), "%u.%u", (unsigned int)info->firmwareVersion.major, - (unsigned int)info->firmwareVersion.minor); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n }\n", -1); - } -} - -static void -log_string (p11_buffer *buf, - const char *pref, - const char *name, - CK_UTF8CHAR_PTR str, - const CK_RV status) -{ - if (status != CKR_OK) - return; - if (str == NULL) { - log_pointer (buf, pref, name, str, status); - } else { - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = \"", 4); - p11_buffer_add (buf, str, -1); - p11_buffer_add (buf, "\"\n", 2); - } -} - -static void -log_token_number (p11_buffer *buf, - CK_ULONG number) -{ - char temp[32]; - - if (number == 0) { - p11_buffer_add (buf, "CK_UNAVAILABLE_INFORMATION", -1); - } else if (number == (CK_ULONG)-1) { - p11_buffer_add (buf, "CK_EFFECTIVELY_INFINITE", -1); - } else { - snprintf (temp, sizeof (temp), "%lu", number); - p11_buffer_add (buf, temp, -1); - } -} - -static void -log_token_info (p11_buffer *buf, - const char *pref, - const char *name, - CK_TOKEN_INFO_PTR info, - CK_RV status) -{ - char temp[32]; - int had = 0; - - if (status != CKR_OK) - return; - if (info == NULL) { - log_pointer (buf, pref, name, info, status); - } else { - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = {\n", 5); - p11_buffer_add (buf, "\tlabel: \"", -1); - p11_buffer_add (buf, info->label, p11_kit_space_strlen (info->label, sizeof (info->label))); - p11_buffer_add (buf, "\"\n\tmanufacturerID: \"", -1); - p11_buffer_add (buf, info->manufacturerID, p11_kit_space_strlen (info->manufacturerID, sizeof (info->manufacturerID))); - p11_buffer_add (buf, "\"\n\tmodel: \"", -1); - p11_buffer_add (buf, info->model, p11_kit_space_strlen (info->model, sizeof (info->model))); - p11_buffer_add (buf, "\"\n\tserialNumber: \"", -1); - p11_buffer_add (buf, info->serialNumber, p11_kit_space_strlen (info->serialNumber, sizeof (info->serialNumber))); - p11_buffer_add (buf, "\"\n\tflags: ", -1); - snprintf (temp, sizeof (temp), "%lu", info->flags); - p11_buffer_add (buf, temp, -1); - LOG_FLAG (buf, info->flags, had, CKF_RNG); - LOG_FLAG (buf, info->flags, had, CKF_WRITE_PROTECTED); - LOG_FLAG (buf, info->flags, had, CKF_LOGIN_REQUIRED); - LOG_FLAG (buf, info->flags, had, CKF_USER_PIN_INITIALIZED); - LOG_FLAG (buf, info->flags, had, CKF_RESTORE_KEY_NOT_NEEDED); - LOG_FLAG (buf, info->flags, had, CKF_CLOCK_ON_TOKEN); - LOG_FLAG (buf, info->flags, had, CKF_PROTECTED_AUTHENTICATION_PATH); - LOG_FLAG (buf, info->flags, had, CKF_DUAL_CRYPTO_OPERATIONS); - LOG_FLAG (buf, info->flags, had, CKF_TOKEN_INITIALIZED); - LOG_FLAG (buf, info->flags, had, CKF_SECONDARY_AUTHENTICATION); - LOG_FLAG (buf, info->flags, had, CKF_USER_PIN_COUNT_LOW); - LOG_FLAG (buf, info->flags, had, CKF_USER_PIN_FINAL_TRY); - LOG_FLAG (buf, info->flags, had, CKF_USER_PIN_LOCKED); - LOG_FLAG (buf, info->flags, had, CKF_USER_PIN_TO_BE_CHANGED); - LOG_FLAG (buf, info->flags, had, CKF_SO_PIN_COUNT_LOW); - LOG_FLAG (buf, info->flags, had, CKF_SO_PIN_FINAL_TRY); - LOG_FLAG (buf, info->flags, had, CKF_SO_PIN_LOCKED); - LOG_FLAG (buf, info->flags, had, CKF_SO_PIN_TO_BE_CHANGED); - if (!had) { - snprintf (temp, sizeof (temp), "%lu", info->flags); - p11_buffer_add (buf, temp, -1); - } - - p11_buffer_add (buf, "\n\tulMaxSessionCount: ", -1); - log_token_number (buf, info->ulMaxSessionCount); - p11_buffer_add (buf, "\n\tulSessionCount: ", -1); - snprintf (temp, sizeof (temp), "%lu", info->ulSessionCount); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n\tulMaxRwSessionCount: ", -1); - log_token_number (buf, info->ulMaxSessionCount); - p11_buffer_add (buf, "\n\tulRwSessionCount: ", -1); - snprintf (temp, sizeof (temp), "%lu", info->ulRwSessionCount); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n\tulMaxPinLen: ", -1); - snprintf (temp, sizeof (temp), "%lu", info->ulMaxPinLen); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n\tulMinPinLen: ", -1); - snprintf (temp, sizeof (temp), "%lu", info->ulMinPinLen); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n\tulTotalPublicMemory: ", -1); - log_token_number (buf, info->ulMaxSessionCount); - p11_buffer_add (buf, "\n\tulFreePublicMemory: ", -1); - log_token_number (buf, info->ulMaxSessionCount); - p11_buffer_add (buf, "\n\tulTotalPrivateMemory: ", -1); - log_token_number (buf, info->ulMaxSessionCount); - p11_buffer_add (buf, "\n\tulFreePrivateMemory: ", -1); - log_token_number (buf, info->ulMaxSessionCount); - p11_buffer_add (buf, "\n\tulFreePrivateMemory: ", -1); - log_token_number (buf, info->ulMaxSessionCount); - p11_buffer_add (buf, "\n\thardwareVersion: ", -1); - snprintf (temp, sizeof (temp), "%u.%u", (unsigned int)info->hardwareVersion.major, - (unsigned int)info->hardwareVersion.minor); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n\tfirmwareVersion: ", -1); - snprintf (temp, sizeof (temp), "%u.%u", (unsigned int)info->firmwareVersion.major, - (unsigned int)info->firmwareVersion.minor); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n\tutcTime: ", -1); - p11_buffer_add (buf, (info->flags & CKF_CLOCK_ON_TOKEN) ? (const char*)info->utcTime : "", -1); - p11_buffer_add (buf, "\n }\n", -1); - } -} - -static void -log_ulong (p11_buffer *buf, - const char *pref, - const char *name, - CK_ULONG val, - const char* npref, - CK_RV status) -{ - char temp[32]; - - if (!npref) - npref = ""; - if (status == CKR_OK) { - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = ", 3); - p11_buffer_add (buf, npref, -1); - snprintf (temp, sizeof (temp), "%lu", val); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n", 1); - } -} - -static void -log_ulong_array (p11_buffer *buf, - const char *pref, - const char *name, - CK_ULONG_PTR arr, - CK_ULONG_PTR num, - const char *npref, - CK_RV status) -{ - char temp[32]; - CK_ULONG i; - - if (status == CKR_BUFFER_TOO_SMALL) { - arr = NULL; - status = CKR_OK; - } - - if (status != CKR_OK) - return; - if (npref == NULL) - npref = ""; - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = ", 3); - if (num == NULL) { - p11_buffer_add (buf, "(?) NO-VALUES\n", -1); - } else if (arr == NULL) { - snprintf (temp, sizeof (temp), "(%lu) NO-VALUES\n", *num); - p11_buffer_add (buf, temp, -1); - } else { - snprintf (temp, sizeof (temp), "(%lu) [ ", *num); - p11_buffer_add (buf, temp, -1); - for (i = 0; i < *num; ++i) { - if (i > 0) - p11_buffer_add (buf, ", ", 2); - p11_buffer_add (buf, npref, -1); - snprintf (temp, sizeof (temp), "%lu", arr[i]); - p11_buffer_add (buf, temp, -1); - } - p11_buffer_add (buf, " ]\n", 3); - } -} - -static void -log_ulong_pointer (p11_buffer *buf, - const char *pref, - const char *name, - CK_ULONG_PTR val, - const char *npref, - CK_RV status) -{ - char temp[32]; - - if (status != CKR_OK) - return; - if (npref == NULL) - npref = ""; - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = ", 3); - if (val == NULL) { - p11_buffer_add (buf, "NULL\n", 5); - } else { - snprintf (temp, sizeof (temp), "0x%08lX", (unsigned long)(size_t)val); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, " = ", 3); - p11_buffer_add (buf, npref, -1); - snprintf (temp, sizeof (temp), "%lu", *val); - p11_buffer_add (buf, temp, -1); - p11_buffer_add (buf, "\n", 1); - } -} - -static void -log_user_type (p11_buffer *buf, - const char *pref, - const char *name, - CK_USER_TYPE val, - CK_RV status) -{ - if (status != CKR_OK) - return; - p11_buffer_add (buf, pref, -1); - p11_buffer_add (buf, name, -1); - p11_buffer_add (buf, " = ", 3); - log_CKU (buf, val); - p11_buffer_add (buf, "\n", 1); -} - -static void -flush_buffer (p11_buffer *buf) -{ - if (p11_log_output) { - fwrite (buf->data, 1, buf->len, stderr); - fflush (stderr); - } - p11_buffer_reset (buf, 128); -} - -#define BEGIN_CALL(name) \ - { \ - LogData *_log = (LogData *)self; \ - const char* _name = "C_" #name; \ - p11_buffer _buf; \ - CK_X_##name _func = _log->lower->C_##name; \ - CK_RV _ret = CKR_OK; \ - p11_buffer_init_null (&_buf, 128); \ - return_val_if_fail (_func != NULL, CKR_DEVICE_ERROR); \ - p11_buffer_add (&_buf, _name, -1); \ - p11_buffer_add (&_buf, "\n", 1); \ - self = _log->lower; - -#define PROCESS_CALL(args) \ - flush_buffer (&_buf); \ - _ret = (_func) args; - -#define DONE_CALL \ - p11_buffer_add (&_buf, _name, -1); \ - p11_buffer_add (&_buf, " = ", 3); \ - log_CKR (&_buf, _ret); \ - p11_buffer_add (&_buf, "\n", 1); \ - flush_buffer (&_buf); \ - p11_buffer_uninit (&_buf); \ - return _ret; \ - } - -#define LIN " IN: " -#define LOUT " OUT: " - -#define IN_ATTRIBUTE_ARRAY(a, n) \ - log_attribute_types (&_buf, LIN, #a, a, n, CKR_OK); - -#define IN_BOOL(a) \ - log_bool (&_buf, LIN, #a, a, CKR_OK); - -#define IN_BYTE_ARRAY(a, n) \ - log_byte_array (&_buf, LIN, #a, a, &n, CKR_OK); - -#define IN_HANDLE(a) \ - log_ulong (&_buf, LIN, #a, a, "H", CKR_OK); - -#define IN_INIT_ARGS(a) \ - log_pInitArgs (&_buf, LIN, #a, a, CKR_OK); - -#define IN_POINTER(a) \ - log_pointer (&_buf, LIN, #a, a, CKR_OK); - -#define IN_MECHANISM(a) \ - log_mechanism (&_buf, LIN, #a, a, CKR_OK); - -#define IN_MECHANISM_TYPE(a) \ - log_mechanism_type (&_buf, LIN, #a, a, CKR_OK); - -#define IN_SESSION(a) \ - log_ulong (&_buf, LIN, #a, a, "S", CKR_OK); - -#define IN_SLOT_ID(a) \ - log_ulong (&_buf, LIN, #a, a, "SL", CKR_OK); - -#define IN_STRING(a) \ - log_string (&_buf, LIN, #a, a, CKR_OK); - -#define IN_ULONG(a) \ - log_ulong (&_buf, LIN, #a, a, NULL, CKR_OK); - -#define IN_ULONG_PTR(a) \ - log_ulong_pointer (&_buf, LIN, #a, a, NULL, CKR_OK); - -#define IN_USER_TYPE(a) \ - log_user_type (&_buf, LIN, #a, a, CKR_OK); - -#define OUT_ATTRIBUTE_ARRAY(a, n) \ - log_attribute_array (&_buf, LOUT, #a, a, n, _ret); - -#define OUT_BYTE_ARRAY(a, n) \ - log_byte_array(&_buf, LOUT, #a, a, n, _ret); - -#define OUT_HANDLE(a) \ - log_ulong_pointer (&_buf, LOUT, #a, a, "H", _ret); - -#define OUT_HANDLE_ARRAY(a, n) \ - log_ulong_array (&_buf, LOUT, #a, a, n, "H", _ret); - -#define OUT_INFO(a) \ - log_info (&_buf, LOUT, #a, a, _ret); - -#define OUT_MECHANISM_INFO(a) \ - log_mechanism_info (&_buf, LOUT, #a, a, _ret); - -#define OUT_MECHANISM_TYPE_ARRAY(a, n) \ - log_mechanism_type_array (&_buf, LOUT, #a, a, n, _ret); - -#define OUT_POINTER(a) \ - log_pointer (&_buf, LOUT, #a, a, _ret); - -#define OUT_SESSION(a) \ - log_ulong_pointer (&_buf, LOUT, #a, a, "S", _ret); - -#define OUT_SESSION_INFO(a) \ - log_session_info (&_buf, LOUT, #a, a, _ret); - -#define OUT_SLOT_ID_ARRAY(a, n) \ - log_ulong_array (&_buf, LOUT, #a, a, n, "SL", _ret); - -#define OUT_SLOT_ID(a) \ - log_ulong_pointer (&_buf, LOUT, #a, a, "SL", _ret); - -#define OUT_SLOT_INFO(a) \ - log_slot_info (&_buf, LOUT, #a, a, _ret); - -#define OUT_TOKEN_INFO(a) \ - log_token_info (&_buf, LOUT, #a, a, _ret); - -#define OUT_ULONG(a) \ - log_ulong_pointer (&_buf, LOUT, #a, a, NULL, _ret); - -#define OUT_ULONG_ARRAY(a, n) \ - log_ulong_array (&_buf, LOUT, #a, a, n, NULL, _ret); - - - -/* ---------------------------------------------------------------- */ - -static CK_RV -log_C_Initialize (CK_X_FUNCTION_LIST *self, - CK_VOID_PTR pInitArgs) -{ - BEGIN_CALL (Initialize) - IN_INIT_ARGS (pInitArgs) - PROCESS_CALL ((self, pInitArgs)) - DONE_CALL -} - -static CK_RV -log_C_Finalize (CK_X_FUNCTION_LIST *self, - CK_VOID_PTR pReserved) -{ - BEGIN_CALL (Finalize) - IN_POINTER (pReserved) - PROCESS_CALL ((self, pReserved)) - DONE_CALL -} - -static CK_RV -log_C_GetInfo (CK_X_FUNCTION_LIST *self, - CK_INFO_PTR pInfo) -{ - BEGIN_CALL (GetInfo) - PROCESS_CALL ((self, pInfo)) - OUT_INFO (pInfo) - DONE_CALL -} - -static CK_RV -log_C_GetSlotList (CK_X_FUNCTION_LIST *self, - CK_BBOOL tokenPresent, - CK_SLOT_ID_PTR pSlotList, - CK_ULONG_PTR pulCount) -{ - BEGIN_CALL (GetSlotList) - IN_BOOL (tokenPresent) - IN_ULONG_PTR (pulCount) - PROCESS_CALL ((self, tokenPresent, pSlotList, pulCount)) - OUT_SLOT_ID_ARRAY (pSlotList, pulCount) - DONE_CALL -} - -static CK_RV -log_C_GetSlotInfo (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slotID, - CK_SLOT_INFO_PTR pInfo) -{ - BEGIN_CALL (GetSlotInfo) - IN_SLOT_ID (slotID) - PROCESS_CALL ((self, slotID, pInfo)) - OUT_SLOT_INFO (pInfo) - DONE_CALL -} - -static CK_RV -log_C_GetTokenInfo (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slotID, - CK_TOKEN_INFO_PTR pInfo) -{ - BEGIN_CALL (GetTokenInfo) - IN_SLOT_ID (slotID) - PROCESS_CALL ((self, slotID, pInfo)) - OUT_TOKEN_INFO (pInfo) - DONE_CALL -} - -static CK_RV -log_C_GetMechanismList (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slotID, - CK_MECHANISM_TYPE_PTR pMechanismList, - CK_ULONG_PTR pulCount) -{ - BEGIN_CALL (GetMechanismList) - IN_SLOT_ID (slotID) - IN_ULONG_PTR (pulCount) - PROCESS_CALL ((self, slotID, pMechanismList, pulCount)) - OUT_MECHANISM_TYPE_ARRAY (pMechanismList, pulCount) - DONE_CALL -} - -static CK_RV -log_C_GetMechanismInfo (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slotID, - CK_MECHANISM_TYPE type, - CK_MECHANISM_INFO_PTR pInfo) -{ - BEGIN_CALL (GetMechanismInfo) - IN_SLOT_ID (slotID) - IN_MECHANISM_TYPE (type) - PROCESS_CALL ((self, slotID, type, pInfo)) - OUT_MECHANISM_INFO (pInfo) - DONE_CALL -} - -static CK_RV -log_C_InitToken (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slotID, - CK_UTF8CHAR_PTR pPin, - CK_ULONG ulPinLen, - CK_UTF8CHAR_PTR pLabel) -{ - BEGIN_CALL (InitToken) - IN_SLOT_ID (slotID) - IN_BYTE_ARRAY (pPin, ulPinLen) - IN_STRING (pLabel) - PROCESS_CALL ((self, slotID, pPin, ulPinLen, pLabel)) - DONE_CALL -} - -static CK_RV -log_C_WaitForSlotEvent (CK_X_FUNCTION_LIST *self, - CK_FLAGS flags, - CK_SLOT_ID_PTR pSlot, - CK_VOID_PTR pReserved) -{ - char temp[32]; - int had = 0; - - BEGIN_CALL (WaitForSlotEvent) - p11_buffer_add (&_buf, " IN: flags = ", -1); - snprintf (temp, sizeof (temp), "%lu", flags); - p11_buffer_add (&_buf, temp, -1); - LOG_FLAG (&_buf, flags, had, CKF_DONT_BLOCK); - p11_buffer_add (&_buf, "\n", 1); - PROCESS_CALL ((self, flags, pSlot, pReserved)) - OUT_SLOT_ID (pSlot) - OUT_POINTER (pReserved) - DONE_CALL -} - -static CK_RV -log_C_OpenSession (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slotID, - CK_FLAGS flags, - CK_VOID_PTR pApplication, - CK_NOTIFY Notify, - CK_SESSION_HANDLE_PTR phSession) -{ - char temp[32]; - int had = 0; - - BEGIN_CALL (OpenSession) - IN_SLOT_ID (slotID) - p11_buffer_add (&_buf, " IN: flags = ", -1); - snprintf (temp, sizeof (temp), "%lu", flags); - p11_buffer_add (&_buf, temp, -1); - LOG_FLAG (&_buf, flags, had, CKF_SERIAL_SESSION); - LOG_FLAG (&_buf, flags, had, CKF_RW_SESSION); - p11_buffer_add (&_buf, "\n", 1); - IN_POINTER (pApplication); - IN_POINTER (Notify); - PROCESS_CALL ((self, slotID, flags, pApplication, Notify, phSession)); - OUT_SESSION (phSession) - DONE_CALL -} - -static CK_RV -log_C_CloseSession (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession) -{ - BEGIN_CALL (CloseSession) - IN_SESSION (hSession) - PROCESS_CALL ((self, hSession)) - DONE_CALL -} - -static CK_RV -log_C_CloseAllSessions (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slotID) -{ - BEGIN_CALL (CloseAllSessions) - IN_SLOT_ID (slotID) - PROCESS_CALL ((self, slotID)) - DONE_CALL -} - -static CK_RV -log_C_GetSessionInfo (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_SESSION_INFO_PTR pInfo) -{ - BEGIN_CALL (GetSessionInfo) - IN_SESSION (hSession) - PROCESS_CALL ((self, hSession, pInfo)) - OUT_SESSION_INFO (pInfo) - DONE_CALL -} - -static CK_RV -log_C_InitPIN (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_UTF8CHAR_PTR pPin, - CK_ULONG ulPinLen) -{ - BEGIN_CALL (InitPIN) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pPin, ulPinLen) - PROCESS_CALL ((self, hSession, pPin, ulPinLen)) - DONE_CALL -} - -static CK_RV -log_C_SetPIN (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_UTF8CHAR_PTR pOldPin, - CK_ULONG ulOldLen, - CK_UTF8CHAR_PTR pNewPin, - CK_ULONG ulNewLen) -{ - BEGIN_CALL (SetPIN) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pOldPin, ulOldLen) - IN_BYTE_ARRAY (pNewPin, ulNewLen); - PROCESS_CALL ((self, hSession, pOldPin, ulOldLen, pNewPin, ulNewLen)) - DONE_CALL -} - -static CK_RV -log_C_GetOperationState (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pOperationState, - CK_ULONG_PTR pulOperationStateLen) -{ - BEGIN_CALL (GetOperationState) - IN_SESSION (hSession) - IN_ULONG_PTR (pulOperationStateLen) - PROCESS_CALL ((self, hSession, pOperationState, pulOperationStateLen)) - OUT_BYTE_ARRAY (pOperationState, pulOperationStateLen) - DONE_CALL -} - -static CK_RV -log_C_SetOperationState (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pOperationState, - CK_ULONG ulOperationStateLen, - CK_OBJECT_HANDLE hEncryptionKey, - CK_OBJECT_HANDLE hAuthenticationKey) -{ - BEGIN_CALL (SetOperationState) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pOperationState, ulOperationStateLen) - IN_HANDLE (hEncryptionKey) - IN_HANDLE (hAuthenticationKey) - PROCESS_CALL ((self, hSession, pOperationState, ulOperationStateLen, hEncryptionKey, hAuthenticationKey)) - DONE_CALL -} - -static CK_RV -log_C_Login (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_USER_TYPE userType, - CK_UTF8CHAR_PTR pPin, - CK_ULONG ulPinLen) -{ - BEGIN_CALL (Login) - IN_SESSION (hSession) - IN_USER_TYPE (userType) - IN_BYTE_ARRAY (pPin, ulPinLen); - PROCESS_CALL ((self, hSession, userType, pPin, ulPinLen)) - DONE_CALL -} - -static CK_RV -log_C_Logout (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession) -{ - BEGIN_CALL (Logout) - IN_SESSION (hSession) - PROCESS_CALL ((self, hSession)) - DONE_CALL -} - -static CK_RV -log_C_CreateObject (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount, - CK_OBJECT_HANDLE_PTR phObject) -{ - BEGIN_CALL (CreateObject) - IN_SESSION (hSession) - IN_ATTRIBUTE_ARRAY (pTemplate, ulCount) - PROCESS_CALL ((self, hSession, pTemplate, ulCount, phObject)) - OUT_HANDLE (phObject) - DONE_CALL -} - -static CK_RV -log_C_CopyObject (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount, - CK_OBJECT_HANDLE_PTR phNewObject) -{ - BEGIN_CALL (CopyObject) - IN_SESSION (hSession) - IN_HANDLE (hObject) - IN_ATTRIBUTE_ARRAY (pTemplate, ulCount) - PROCESS_CALL ((self, hSession, hObject, pTemplate, ulCount, phNewObject)) - OUT_HANDLE (phNewObject) - DONE_CALL -} - - -static CK_RV -log_C_DestroyObject (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject) -{ - BEGIN_CALL (DestroyObject); - IN_SESSION (hSession) - IN_HANDLE (hObject) - PROCESS_CALL ((self, hSession, hObject)) - DONE_CALL -} - -static CK_RV -log_C_GetObjectSize (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject, - CK_ULONG_PTR size) -{ - BEGIN_CALL (GetObjectSize); - IN_SESSION (hSession) - IN_HANDLE (hObject) - PROCESS_CALL ((self, hSession, hObject, size)) - OUT_ULONG (size) - DONE_CALL -} - -static CK_RV -log_C_GetAttributeValue (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount) -{ - BEGIN_CALL (GetAttributeValue) - IN_SESSION (hSession) - IN_HANDLE (hObject) - IN_ATTRIBUTE_ARRAY (pTemplate, ulCount) - PROCESS_CALL ((self, hSession, hObject, pTemplate, ulCount)) - OUT_ATTRIBUTE_ARRAY (pTemplate, ulCount) - DONE_CALL -} - -static CK_RV -log_C_SetAttributeValue (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount) -{ - BEGIN_CALL (SetAttributeValue) - IN_SESSION (hSession) - IN_HANDLE (hObject) - IN_ATTRIBUTE_ARRAY (pTemplate, ulCount) - PROCESS_CALL ((self, hSession, hObject, pTemplate, ulCount)) - DONE_CALL -} - -static CK_RV -log_C_FindObjectsInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount) -{ - BEGIN_CALL (FindObjectsInit) - IN_SESSION (hSession) - IN_ATTRIBUTE_ARRAY (pTemplate, ulCount) - PROCESS_CALL ((self, hSession, pTemplate, ulCount)) - DONE_CALL -} - -static CK_RV -log_C_FindObjects (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE_PTR object, - CK_ULONG max_object_count, - CK_ULONG_PTR object_count) -{ - BEGIN_CALL (FindObjects) - IN_SESSION (hSession) - IN_ULONG (max_object_count) - PROCESS_CALL ((self, hSession, object, max_object_count, object_count)) - OUT_HANDLE_ARRAY (object, object_count) - DONE_CALL -} - -static CK_RV -log_C_FindObjectsFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession) -{ - BEGIN_CALL (FindObjectsFinal) - IN_SESSION (hSession) - PROCESS_CALL ((self, hSession)) - DONE_CALL -} - -static CK_RV -log_C_EncryptInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey) -{ - BEGIN_CALL (EncryptInit) - IN_SESSION (hSession) - IN_MECHANISM (pMechanism) - IN_HANDLE (hKey) - PROCESS_CALL ((self, hSession, pMechanism, hKey)) - DONE_CALL -} - -static CK_RV -log_C_Encrypt (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pData, - CK_ULONG ulDataLen, - CK_BYTE_PTR pEncryptedData, - CK_ULONG_PTR pulEncryptedDataLen) -{ - BEGIN_CALL (Encrypt) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pData, ulDataLen) - PROCESS_CALL ((self, hSession, pData, ulDataLen, pEncryptedData, pulEncryptedDataLen)) - OUT_BYTE_ARRAY (pEncryptedData, pulEncryptedDataLen) - DONE_CALL -} - -static CK_RV -log_C_EncryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pPart, - CK_ULONG ulPartLen, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG_PTR pulEncryptedPartLen) -{ - BEGIN_CALL (EncryptUpdate) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pPart, ulPartLen) - PROCESS_CALL ((self, hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen)) - OUT_BYTE_ARRAY (pEncryptedPart, pulEncryptedPartLen) - DONE_CALL -} - -static CK_RV -log_C_EncryptFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pLastEncryptedPart, - CK_ULONG_PTR pulLastEncryptedPartLen) -{ - BEGIN_CALL (EncryptFinal) - IN_SESSION (hSession) - PROCESS_CALL ((self, hSession, pLastEncryptedPart, pulLastEncryptedPartLen)) - OUT_BYTE_ARRAY (pLastEncryptedPart, pulLastEncryptedPartLen) - DONE_CALL -} - -static CK_RV -log_C_DecryptInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey) -{ - BEGIN_CALL (DecryptInit) - IN_SESSION (hSession) - IN_MECHANISM (pMechanism) - IN_HANDLE (hKey) - PROCESS_CALL ((self, hSession, pMechanism, hKey)) - DONE_CALL -} - -static CK_RV -log_C_Decrypt (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pEncryptedData, - CK_ULONG ulEncryptedDataLen, - CK_BYTE_PTR pData, - CK_ULONG_PTR pulDataLen) -{ - BEGIN_CALL (Decrypt) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pEncryptedData, ulEncryptedDataLen) - PROCESS_CALL ((self, hSession, pEncryptedData, ulEncryptedDataLen, pData, pulDataLen)) - OUT_BYTE_ARRAY (pData, pulDataLen) - DONE_CALL -} - -static CK_RV -log_C_DecryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG ulEncryptedPartLen, - CK_BYTE_PTR pPart, - CK_ULONG_PTR pulPartLen) -{ - BEGIN_CALL (DecryptUpdate) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pEncryptedPart, ulEncryptedPartLen) - PROCESS_CALL ((self, hSession, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen)) - OUT_BYTE_ARRAY (pPart, pulPartLen) - DONE_CALL -} - -static CK_RV -log_C_DecryptFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pLastPart, - CK_ULONG_PTR pulLastPartLen) -{ - BEGIN_CALL (DecryptFinal) - IN_SESSION (hSession) - PROCESS_CALL ((self, hSession, pLastPart, pulLastPartLen)) - OUT_BYTE_ARRAY (pLastPart, pulLastPartLen) - DONE_CALL -} - -static CK_RV -log_C_DigestInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism) -{ - BEGIN_CALL (DigestInit) - IN_SESSION (hSession) - IN_MECHANISM (pMechanism) - PROCESS_CALL ((self, hSession, pMechanism)) - DONE_CALL -} - -static CK_RV -log_C_Digest (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pData, - CK_ULONG ulDataLen, - CK_BYTE_PTR pDigest, - CK_ULONG_PTR pulDigestLen) -{ - BEGIN_CALL (Digest) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pData, ulDataLen) - PROCESS_CALL ((self, hSession, pData, ulDataLen, pDigest, pulDigestLen)) - OUT_BYTE_ARRAY (pDigest, pulDigestLen) - DONE_CALL -} - -static CK_RV -log_C_DigestUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pPart, - CK_ULONG ulPartLen) -{ - BEGIN_CALL (DigestUpdate) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pPart, ulPartLen) - PROCESS_CALL ((self, hSession, pPart, ulPartLen)) - DONE_CALL -} - -static CK_RV -log_C_DigestKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hKey) -{ - BEGIN_CALL (DigestKey) - IN_SESSION (hSession) - IN_HANDLE (hKey) - PROCESS_CALL ((self, hSession, hKey)) - DONE_CALL -} - -static CK_RV -log_C_DigestFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pDigest, - CK_ULONG_PTR pulDigestLen) -{ - BEGIN_CALL (DigestFinal) - IN_SESSION (hSession) - PROCESS_CALL ((self, hSession, pDigest, pulDigestLen)) - OUT_BYTE_ARRAY (pDigest, pulDigestLen) - DONE_CALL -} - -static CK_RV -log_C_SignInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey) -{ - BEGIN_CALL (SignInit) - IN_SESSION (hSession) - IN_MECHANISM (pMechanism) - IN_HANDLE (hKey) - PROCESS_CALL ((self, hSession, pMechanism, hKey)) - DONE_CALL -} - -static CK_RV -log_C_Sign (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pData, - CK_ULONG ulDataLen, - CK_BYTE_PTR pSignature, - CK_ULONG_PTR pulSignatureLen) -{ - BEGIN_CALL (Sign) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pData, ulDataLen) - PROCESS_CALL ((self, hSession, pData, ulDataLen, pSignature, pulSignatureLen)) - OUT_BYTE_ARRAY (pSignature, pulSignatureLen) - DONE_CALL -} - -static CK_RV -log_C_SignUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pPart, - CK_ULONG ulPartLen) -{ - BEGIN_CALL (SignUpdate) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pPart, ulPartLen) - PROCESS_CALL ((self, hSession, pPart, ulPartLen)) - DONE_CALL -} - -static CK_RV -log_C_SignFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pSignature, - CK_ULONG_PTR pulSignatureLen) -{ - BEGIN_CALL (SignFinal) - IN_SESSION (hSession) - PROCESS_CALL ((self, hSession, pSignature, pulSignatureLen)) - OUT_BYTE_ARRAY (pSignature, pulSignatureLen) - DONE_CALL -} - -static CK_RV -log_C_SignRecoverInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey) -{ - BEGIN_CALL (SignRecoverInit) - IN_SESSION (hSession) - IN_MECHANISM (pMechanism) - IN_HANDLE (hKey) - PROCESS_CALL ((self, hSession, pMechanism, hKey)) - DONE_CALL -} - -static CK_RV -log_C_SignRecover (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pData, - CK_ULONG ulDataLen, - CK_BYTE_PTR pSignature, - CK_ULONG_PTR pulSignatureLen) -{ - BEGIN_CALL (SignRecover) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pData, ulDataLen) - PROCESS_CALL ((self, hSession, pData, ulDataLen, pSignature, pulSignatureLen)) - OUT_BYTE_ARRAY (pSignature, pulSignatureLen) - DONE_CALL -} - -static CK_RV -log_C_VerifyInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey) -{ - BEGIN_CALL (VerifyInit); - IN_SESSION (hSession) - IN_MECHANISM (pMechanism) - IN_HANDLE (hKey) - PROCESS_CALL ((self, hSession, pMechanism, hKey)) - DONE_CALL -} - -static CK_RV -log_C_Verify (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pData, - CK_ULONG ulDataLen, - CK_BYTE_PTR pSignature, - CK_ULONG ulSignatureLen) -{ - BEGIN_CALL (Verify) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pData, ulDataLen) - IN_BYTE_ARRAY (pSignature, ulSignatureLen) - PROCESS_CALL ((self, hSession, pData, ulDataLen, pSignature, ulSignatureLen)) - DONE_CALL -} - -static CK_RV -log_C_VerifyUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pPart, - CK_ULONG ulPartLen) -{ - BEGIN_CALL (VerifyUpdate) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pPart, ulPartLen) - PROCESS_CALL ((self, hSession, pPart, ulPartLen)) - DONE_CALL -} - -static CK_RV -log_C_VerifyFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pSignature, - CK_ULONG ulSignatureLen) -{ - BEGIN_CALL (VerifyFinal) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pSignature, ulSignatureLen); - PROCESS_CALL ((self, hSession, pSignature, ulSignatureLen)) - DONE_CALL -} - -static CK_RV -log_C_VerifyRecoverInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hKey) -{ - BEGIN_CALL (VerifyRecoverInit) - IN_SESSION (hSession) - IN_MECHANISM (pMechanism) - IN_HANDLE (hKey) - PROCESS_CALL ((self, hSession, pMechanism, hKey)) - DONE_CALL -} - -static CK_RV -log_C_VerifyRecover (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pSignature, - CK_ULONG ulSignatureLen, - CK_BYTE_PTR pData, - CK_ULONG_PTR pulDataLen) -{ - BEGIN_CALL (VerifyRecover) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pSignature, ulSignatureLen) - PROCESS_CALL ((self, hSession, pSignature, ulSignatureLen, pData, pulDataLen)) - OUT_BYTE_ARRAY (pData, pulDataLen) - DONE_CALL -} - -static CK_RV -log_C_DigestEncryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pPart, - CK_ULONG ulPartLen, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG_PTR pulEncryptedPartLen) -{ - BEGIN_CALL (DigestEncryptUpdate); - IN_SESSION (hSession) - IN_BYTE_ARRAY (pPart, ulPartLen) - PROCESS_CALL ((self, hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen)) - OUT_BYTE_ARRAY (pEncryptedPart, pulEncryptedPartLen) - DONE_CALL -} - -static CK_RV -log_C_DecryptDigestUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG ulEncryptedPartLen, - CK_BYTE_PTR pPart, - CK_ULONG_PTR pulPartLen) -{ - BEGIN_CALL (DecryptDigestUpdate) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pEncryptedPart, ulEncryptedPartLen) - PROCESS_CALL ((self, hSession, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen)) - OUT_BYTE_ARRAY (pPart, pulPartLen) - DONE_CALL -} - -static CK_RV -log_C_SignEncryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pPart, - CK_ULONG ulPartLen, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG_PTR pulEncryptedPartLen) -{ - BEGIN_CALL (SignEncryptUpdate) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pPart, ulPartLen) - PROCESS_CALL ((self, hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen)) - OUT_BYTE_ARRAY (pEncryptedPart, pulEncryptedPartLen) - DONE_CALL -} - -static CK_RV -log_C_DecryptVerifyUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pEncryptedPart, - CK_ULONG ulEncryptedPartLen, - CK_BYTE_PTR pPart, - CK_ULONG_PTR pulPartLen) -{ - BEGIN_CALL (DecryptVerifyUpdate) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pEncryptedPart, ulEncryptedPartLen) - PROCESS_CALL ((self, hSession, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen)) - OUT_BYTE_ARRAY (pPart, pulPartLen) - DONE_CALL -} - -static CK_RV -log_C_GenerateKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulCount, - CK_OBJECT_HANDLE_PTR phKey) -{ - BEGIN_CALL (GenerateKey) - IN_SESSION (hSession) - IN_MECHANISM (pMechanism) - IN_ATTRIBUTE_ARRAY (pTemplate, ulCount) - PROCESS_CALL ((self, hSession, pMechanism, pTemplate, ulCount, phKey)) - OUT_HANDLE (phKey) - DONE_CALL -} - -static CK_RV -log_C_GenerateKeyPair (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_ATTRIBUTE_PTR pPublicKeyTemplate, - CK_ULONG ulPublicKeyAttributeCount, - CK_ATTRIBUTE_PTR pPrivateKeyTemplate, - CK_ULONG ulPrivateKeyAttributeCount, - CK_OBJECT_HANDLE_PTR phPublicKey, - CK_OBJECT_HANDLE_PTR phPrivateKey) -{ - BEGIN_CALL (GenerateKeyPair) - IN_SESSION (hSession) - IN_MECHANISM (pMechanism) - IN_ATTRIBUTE_ARRAY (pPublicKeyTemplate, ulPublicKeyAttributeCount) - IN_ATTRIBUTE_ARRAY (pPrivateKeyTemplate, ulPrivateKeyAttributeCount) - PROCESS_CALL ((self, hSession, pMechanism, pPublicKeyTemplate, ulPublicKeyAttributeCount, - pPrivateKeyTemplate, ulPrivateKeyAttributeCount, phPublicKey, phPrivateKey)) - OUT_HANDLE (phPublicKey) - OUT_HANDLE (phPrivateKey) - DONE_CALL -} - -static CK_RV -log_C_WrapKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hWrappingKey, - CK_OBJECT_HANDLE hKey, - CK_BYTE_PTR pWrappedKey, - CK_ULONG_PTR pulWrappedKeyLen) -{ - BEGIN_CALL (WrapKey) - IN_SESSION (hSession) - IN_MECHANISM (pMechanism) - IN_HANDLE (hWrappingKey) - IN_HANDLE (hKey) - PROCESS_CALL ((self, hSession, pMechanism, hWrappingKey, hKey, pWrappedKey, pulWrappedKeyLen)) - OUT_BYTE_ARRAY (pWrappedKey, pulWrappedKeyLen) - DONE_CALL -} - -static CK_RV -log_C_UnwrapKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hUnwrappingKey, - CK_BYTE_PTR pWrappedKey, - CK_ULONG ulWrappedKeyLen, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_OBJECT_HANDLE_PTR phKey) -{ - BEGIN_CALL (UnwrapKey) - IN_SESSION (hSession) - IN_MECHANISM (pMechanism) - IN_HANDLE (hUnwrappingKey) - IN_BYTE_ARRAY (pWrappedKey, ulWrappedKeyLen) - IN_ATTRIBUTE_ARRAY (pTemplate, ulAttributeCount) - PROCESS_CALL ((self, hSession, pMechanism, hUnwrappingKey, pWrappedKey, - ulWrappedKeyLen, pTemplate, ulAttributeCount, phKey)) - OUT_HANDLE (phKey) - DONE_CALL -} - -static CK_RV -log_C_DeriveKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_MECHANISM_PTR pMechanism, - CK_OBJECT_HANDLE hBaseKey, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_OBJECT_HANDLE_PTR phObject) -{ - BEGIN_CALL (DeriveKey) - IN_SESSION (hSession) - IN_MECHANISM (pMechanism) - IN_HANDLE (hBaseKey) - IN_ATTRIBUTE_ARRAY (pTemplate, ulAttributeCount) - PROCESS_CALL ((self, hSession, pMechanism, hBaseKey, pTemplate, ulAttributeCount, phObject)) - OUT_HANDLE (phObject) - DONE_CALL -} - -static CK_RV -log_C_SeedRandom (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pSeed, - CK_ULONG ulSeedLen) -{ - BEGIN_CALL (SeedRandom) - IN_SESSION (hSession) - IN_BYTE_ARRAY (pSeed, ulSeedLen); - PROCESS_CALL ((self, hSession, pSeed, ulSeedLen)) - DONE_CALL -} - -static CK_RV -log_C_GenerateRandom (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE hSession, - CK_BYTE_PTR pRandomData, - CK_ULONG ulRandomLen) -{ - BEGIN_CALL (GenerateRandom) - IN_SESSION (hSession) - IN_ULONG (ulRandomLen) - PROCESS_CALL ((self, hSession, pRandomData, ulRandomLen)) - OUT_BYTE_ARRAY (pRandomData, &ulRandomLen) - DONE_CALL -} - -static CK_X_FUNCTION_LIST log_functions = { - { -1, -1 }, - log_C_Initialize, - log_C_Finalize, - log_C_GetInfo, - log_C_GetSlotList, - log_C_GetSlotInfo, - log_C_GetTokenInfo, - log_C_GetMechanismList, - log_C_GetMechanismInfo, - log_C_InitToken, - log_C_InitPIN, - log_C_SetPIN, - log_C_OpenSession, - log_C_CloseSession, - log_C_CloseAllSessions, - log_C_GetSessionInfo, - log_C_GetOperationState, - log_C_SetOperationState, - log_C_Login, - log_C_Logout, - log_C_CreateObject, - log_C_CopyObject, - log_C_DestroyObject, - log_C_GetObjectSize, - log_C_GetAttributeValue, - log_C_SetAttributeValue, - log_C_FindObjectsInit, - log_C_FindObjects, - log_C_FindObjectsFinal, - log_C_EncryptInit, - log_C_Encrypt, - log_C_EncryptUpdate, - log_C_EncryptFinal, - log_C_DecryptInit, - log_C_Decrypt, - log_C_DecryptUpdate, - log_C_DecryptFinal, - log_C_DigestInit, - log_C_Digest, - log_C_DigestUpdate, - log_C_DigestKey, - log_C_DigestFinal, - log_C_SignInit, - log_C_Sign, - log_C_SignUpdate, - log_C_SignFinal, - log_C_SignRecoverInit, - log_C_SignRecover, - log_C_VerifyInit, - log_C_Verify, - log_C_VerifyUpdate, - log_C_VerifyFinal, - log_C_VerifyRecoverInit, - log_C_VerifyRecover, - log_C_DigestEncryptUpdate, - log_C_DecryptDigestUpdate, - log_C_SignEncryptUpdate, - log_C_DecryptVerifyUpdate, - log_C_GenerateKey, - log_C_GenerateKeyPair, - log_C_WrapKey, - log_C_UnwrapKey, - log_C_DeriveKey, - log_C_SeedRandom, - log_C_GenerateRandom, - log_C_WaitForSlotEvent, -}; - -void -p11_log_release (void *data) -{ - LogData *log = (LogData *)data; - - return_if_fail (data != NULL); - p11_virtual_uninit (&log->virt); - free (log); -} - -p11_virtual * -p11_log_subclass (p11_virtual *lower, - p11_destroyer destroyer) -{ - LogData *log; - - log = calloc (1, sizeof (LogData)); - return_val_if_fail (log != NULL, NULL); - - p11_virtual_init (&log->virt, &log_functions, lower, destroyer); - log->lower = &lower->funcs; - return &log->virt; -} diff --git a/p11-kit/log.h b/p11-kit/log.h deleted file mode 100644 index d8169e8..0000000 --- a/p11-kit/log.h +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * - * CONTRIBUTORS - * Stef Walter <stef@thewalter.net> - */ - -#ifndef P11_LOG_H_ -#define P11_LOG_H_ - -#include "virtual.h" - -p11_virtual * p11_log_subclass (p11_virtual *lower, - p11_destroyer destroyer); - -void p11_log_release (void *logger); - -extern bool p11_log_force; - -extern bool p11_log_output; - -#endif /* P11_LOG_H_ */ diff --git a/p11-kit/messages.c b/p11-kit/messages.c deleted file mode 100644 index 3190fce..0000000 --- a/p11-kit/messages.c +++ /dev/null @@ -1,242 +0,0 @@ -/* - * Copyright (C) 2011 Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@collabora.co.uk> - */ - -#include "config.h" - -#include "pkcs11.h" -#include "p11-kit.h" - -/** - * SECTION:p11-kit-util - * @title: Utilities - * @short_description: PKCS\#11 utilities - * - * Utility functions for working with PKCS\#11. - */ - -#ifdef ENABLE_NLS -#include <libintl.h> -#define _(x) dgettext(PACKAGE_NAME, x) -#else -#define _(x) x -#endif - -/** - * p11_kit_strerror: - * @rv: The code to get a message for. - * - * Get a message for a PKCS\#11 return value or error code. Do not - * pass CKR_OK or other such non errors to this function. - * - * Returns: The user readable and localized message. - **/ -const char* -p11_kit_strerror (CK_RV rv) -{ - switch (rv) { - - /* These are not really errors, or not current */ - case CKR_OK: - case CKR_NO_EVENT: - case CKR_FUNCTION_NOT_PARALLEL: - case CKR_SESSION_PARALLEL_NOT_SUPPORTED: - return ""; - - case CKR_CANCEL: - case CKR_FUNCTION_CANCELED: - return _("The operation was cancelled"); - - case CKR_HOST_MEMORY: - return _("Insufficient memory available"); - case CKR_SLOT_ID_INVALID: - return _("The specified slot ID is not valid"); - case CKR_GENERAL_ERROR: - return _("Internal error"); - case CKR_FUNCTION_FAILED: - return _("The operation failed"); - case CKR_ARGUMENTS_BAD: - return _("Invalid arguments"); - case CKR_NEED_TO_CREATE_THREADS: - return _("The module cannot create needed threads"); - case CKR_CANT_LOCK: - return _("The module cannot lock data properly"); - case CKR_ATTRIBUTE_READ_ONLY: - return _("The field is read-only"); - case CKR_ATTRIBUTE_SENSITIVE: - return _("The field is sensitive and cannot be revealed"); - case CKR_ATTRIBUTE_TYPE_INVALID: - return _("The field is invalid or does not exist"); - case CKR_ATTRIBUTE_VALUE_INVALID: - return _("Invalid value for field"); - case CKR_DATA_INVALID: - return _("The data is not valid or unrecognized"); - case CKR_DATA_LEN_RANGE: - return _("The data is too long"); - case CKR_DEVICE_ERROR: - return _("An error occurred on the device"); - case CKR_DEVICE_MEMORY: - return _("Insufficient memory available on the device"); - case CKR_DEVICE_REMOVED: - return _("The device was removed or unplugged"); - case CKR_ENCRYPTED_DATA_INVALID: - return _("The encrypted data is not valid or unrecognized"); - case CKR_ENCRYPTED_DATA_LEN_RANGE: - return _("The encrypted data is too long"); - case CKR_FUNCTION_NOT_SUPPORTED: - return _("This operation is not supported"); - case CKR_KEY_HANDLE_INVALID: - return _("The key is missing or invalid"); - case CKR_KEY_SIZE_RANGE: - return _("The key is the wrong size"); - case CKR_KEY_TYPE_INCONSISTENT: - return _("The key is of the wrong type"); - case CKR_KEY_NOT_NEEDED: - return _("No key is needed"); - case CKR_KEY_CHANGED: - return _("The key is different than before"); - case CKR_KEY_NEEDED: - return _("A key is needed"); - case CKR_KEY_INDIGESTIBLE: - return _("Cannot include the key in the digest"); - case CKR_KEY_FUNCTION_NOT_PERMITTED: - return _("This operation cannot be done with this key"); - case CKR_KEY_NOT_WRAPPABLE: - return _("The key cannot be wrapped"); - case CKR_KEY_UNEXTRACTABLE: - return _("Cannot export this key"); - case CKR_MECHANISM_INVALID: - return _("The crypto mechanism is invalid or unrecognized"); - case CKR_MECHANISM_PARAM_INVALID: - return _("The crypto mechanism has an invalid argument"); - case CKR_OBJECT_HANDLE_INVALID: - return _("The object is missing or invalid"); - case CKR_OPERATION_ACTIVE: - return _("Another operation is already taking place"); - case CKR_OPERATION_NOT_INITIALIZED: - return _("No operation is taking place"); - case CKR_PIN_INCORRECT: - return _("The password or PIN is incorrect"); - case CKR_PIN_INVALID: - return _("The password or PIN is invalid"); - case CKR_PIN_LEN_RANGE: - return _("The password or PIN is of an invalid length"); - case CKR_PIN_EXPIRED: - return _("The password or PIN has expired"); - case CKR_PIN_LOCKED: - return _("The password or PIN is locked"); - case CKR_SESSION_CLOSED: - return _("The session is closed"); - case CKR_SESSION_COUNT: - return _("Too many sessions are active"); - case CKR_SESSION_HANDLE_INVALID: - return _("The session is invalid"); - case CKR_SESSION_READ_ONLY: - return _("The session is read-only"); - case CKR_SESSION_EXISTS: - return _("An open session exists"); - case CKR_SESSION_READ_ONLY_EXISTS: - return _("A read-only session exists"); - case CKR_SESSION_READ_WRITE_SO_EXISTS: - return _("An administrator session exists"); - case CKR_SIGNATURE_INVALID: - return _("The signature is bad or corrupted"); - case CKR_SIGNATURE_LEN_RANGE: - return _("The signature is unrecognized or corrupted"); - case CKR_TEMPLATE_INCOMPLETE: - return _("Certain required fields are missing"); - case CKR_TEMPLATE_INCONSISTENT: - return _("Certain fields have invalid values"); - case CKR_TOKEN_NOT_PRESENT: - return _("The device is not present or unplugged"); - case CKR_TOKEN_NOT_RECOGNIZED: - return _("The device is invalid or unrecognizable"); - case CKR_TOKEN_WRITE_PROTECTED: - return _("The device is write protected"); - case CKR_UNWRAPPING_KEY_HANDLE_INVALID: - return _("Cannot import because the key is invalid"); - case CKR_UNWRAPPING_KEY_SIZE_RANGE: - return _("Cannot import because the key is of the wrong size"); - case CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT: - return _("Cannot import because the key is of the wrong type"); - case CKR_USER_ALREADY_LOGGED_IN: - return _("You are already logged in"); - case CKR_USER_NOT_LOGGED_IN: - return _("No user has logged in"); - case CKR_USER_PIN_NOT_INITIALIZED: - return _("The user's password or PIN is not set"); - case CKR_USER_TYPE_INVALID: - return _("The user is of an invalid type"); - case CKR_USER_ANOTHER_ALREADY_LOGGED_IN: - return _("Another user is already logged in"); - case CKR_USER_TOO_MANY_TYPES: - return _("Too many users of different types are logged in"); - case CKR_WRAPPED_KEY_INVALID: - return _("Cannot import an invalid key"); - case CKR_WRAPPED_KEY_LEN_RANGE: - return _("Cannot import a key of the wrong size"); - case CKR_WRAPPING_KEY_HANDLE_INVALID: - return _("Cannot export because the key is invalid"); - case CKR_WRAPPING_KEY_SIZE_RANGE: - return _("Cannot export because the key is of the wrong size"); - case CKR_WRAPPING_KEY_TYPE_INCONSISTENT: - return _("Cannot export because the key is of the wrong type"); - case CKR_RANDOM_SEED_NOT_SUPPORTED: - return _("Unable to initialize the random number generator"); - case CKR_RANDOM_NO_RNG: - return _("No random number generator available"); - case CKR_DOMAIN_PARAMS_INVALID: - return _("The crypto mechanism has an invalid parameter"); - case CKR_BUFFER_TOO_SMALL: - return _("Not enough space to store the result"); - case CKR_SAVED_STATE_INVALID: - return _("The saved state is invalid"); - case CKR_INFORMATION_SENSITIVE: - return _("The information is sensitive and cannot be revealed"); - case CKR_STATE_UNSAVEABLE: - return _("The state cannot be saved"); - case CKR_CRYPTOKI_NOT_INITIALIZED: - return _("The module has not been initialized"); - case CKR_CRYPTOKI_ALREADY_INITIALIZED: - return _("The module has already been initialized"); - case CKR_MUTEX_BAD: - return _("Cannot lock data"); - case CKR_MUTEX_NOT_LOCKED: - return _("The data cannot be locked"); - case CKR_FUNCTION_REJECTED: - return _("The request was rejected by the user"); - - default: - return _("Unknown error"); - } -} diff --git a/p11-kit/mock-module-ep.c b/p11-kit/mock-module-ep.c deleted file mode 100644 index 9ba739a..0000000 --- a/p11-kit/mock-module-ep.c +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright (c) 2012 Stefan Walter - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stef@thewalter.net> - */ - -#include "config.h" - -#define CRYPTOKI_EXPORTS 1 -#include "pkcs11.h" - -#include "mock.h" - -#ifdef OS_WIN32 -__declspec(dllexport) -#endif -CK_RV -C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) -{ - mock_module_init (); - mock_module_no_slots.C_GetFunctionList = C_GetFunctionList; - if (list == NULL) - return CKR_ARGUMENTS_BAD; - *list = &mock_module; - return CKR_OK; -} diff --git a/p11-kit/mock-module-ep2.c b/p11-kit/mock-module-ep2.c deleted file mode 100644 index ee71711..0000000 --- a/p11-kit/mock-module-ep2.c +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright (c) 2012 Stefan Walter - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stef@thewalter.net> - */ - -#include "config.h" - -#define CRYPTOKI_EXPORTS 1 -#include "pkcs11.h" - -#include "mock.h" - -#include <stdio.h> - -#ifdef OS_WIN32 -__declspec(dllexport) -#endif -CK_RV -C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) -{ - mock_module_init (); - mock_module.C_GetFunctionList = C_GetFunctionList; - if (list == NULL) - return CKR_ARGUMENTS_BAD; - *list = &mock_module; - return CKR_OK; -} diff --git a/p11-kit/mock-module-ep3.c b/p11-kit/mock-module-ep3.c deleted file mode 100644 index 4bf403c..0000000 --- a/p11-kit/mock-module-ep3.c +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright (c) 2012 Stefan Walter - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stef@thewalter.net> - */ - -#include "config.h" - -#define CRYPTOKI_EXPORTS 1 -#include "pkcs11.h" - -#include "mock.h" -#include "test.h" - -#include <stdio.h> - -static CK_RV -override_initialize (CK_VOID_PTR init_args) -{ - CK_C_INITIALIZE_ARGS_PTR args = init_args; - - assert_str_eq ("initialize-arg", args->pReserved); - - return mock_C_Initialize (init_args); -} - -#ifdef OS_WIN32 -__declspec(dllexport) -#endif -CK_RV -C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) -{ - mock_module_init (); - mock_module.C_GetFunctionList = C_GetFunctionList; - if (list == NULL) - return CKR_ARGUMENTS_BAD; - mock_module.C_Initialize = override_initialize; - *list = &mock_module; - return CKR_OK; -} diff --git a/p11-kit/modules.c b/p11-kit/modules.c deleted file mode 100644 index 6e15c1d..0000000 --- a/p11-kit/modules.c +++ /dev/null @@ -1,2704 +0,0 @@ -/* - * Copyright (C) 2008 Stefan Walter - * Copyright (C) 2011 Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@collabora.co.uk> - */ - -#include "config.h" - -/* We use and define deprecated functions here */ -#define P11_KIT_NO_DEPRECATIONS -#define P11_DEBUG_FLAG P11_DEBUG_LIB - -#include "conf.h" -#include "debug.h" -#include "dict.h" -#include "library.h" -#include "log.h" -#include "message.h" -#include "modules.h" -#include "path.h" -#include "pkcs11.h" -#include "p11-kit.h" -#include "private.h" -#include "proxy.h" -#include "rpc.h" -#include "virtual.h" - -#include <sys/stat.h> -#include <sys/types.h> - -#include <assert.h> -#include <ctype.h> -#include <dirent.h> -#include <errno.h> -#include <limits.h> -#include <stdarg.h> -#include <stddef.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> - -/** - * SECTION:p11-kit - * @title: Modules - * @short_description: Module loading and initializing - * - * PKCS\#11 modules are used by crypto libraries and applications to access - * crypto objects (like keys and certificates) and to perform crypto operations. - * - * In order for applications to behave consistently with regard to the user's - * installed PKCS\#11 modules, each module must be configured so that applications - * or libraries know that they should load it. - * - * When multiple consumers of a module (such as libraries or applications) are - * in the same process, coordination of the initialization and finalization - * of PKCS\#11 modules is required. To do this modules are managed by p11-kit. - * This means that various unsafe methods are coordinated between callers. Unmanaged - * modules are simply the raw PKCS\#11 module pointers without p11-kit getting in the - * way. It is highly recommended that the default managed behavior is used. - * - * The functions here provide support for initializing configured modules. The - * p11_kit_modules_load() function should be used to load and initialize - * the configured modules. When done, the p11_kit_modules_release() function - * should be used to release those modules and associated resources. - * - * In addition p11_kit_config_option() can be used to access other parts - * of the module configuration. - * - * If a consumer wishes to load an arbitrary PKCS\#11 module that's not - * configured use p11_kit_module_load() to do so. And use p11_kit_module_release() - * to later release it. - * - * Modules are represented by a pointer to their <code>CK_FUNCTION_LIST</code> - * entry points. - */ - -/** - * SECTION:p11-kit-deprecated - * @title: Deprecated - * @short_description: Deprecated functions - * - * These functions have been deprecated from p11-kit and are not recommended for - * general usage. In large part they were deprecated because they did not adequately - * insulate multiple callers of a PKCS\#11 module from another, and could not - * support the 'managed' mode needed to do this. - */ - -/** - * P11_KIT_MODULE_UNMANAGED: - * - * Module is loaded in non 'managed' mode. This is not recommended, - * disables many features, and prevents coordination between multiple - * callers of the same module. - */ - -/** - * P11_KIT_MODULE_CRITICAL: - * - * Flag to load a module in 'critical' mode. Failure to load a critical module - * will prevent all other modules from loading. A failure when loading a - * non-critical module skips that module. - */ - -typedef struct _Module { - /* - * When using managed modules, this forms the base of the - * virtual stack into which all the other modules call. This is also - * the first field in this structure so we can cast between them. - */ - p11_virtual virt; - - /* The initialize args built from configuration */ - CK_C_INITIALIZE_ARGS init_args; - int ref_count; - int init_count; - - /* Registered modules */ - char *name; - char *filename; - p11_dict *config; - bool critical; - - /* - * This is a pointer to the actual dl shared module, or perhaps - * the RPC client context. - */ - void *loaded_module; - p11_kit_destroyer loaded_destroy; - - /* Initialization, mutex must be held */ - p11_mutex_t initialize_mutex; - unsigned int initialize_called; - p11_thread_id_t initialize_thread; -} Module; - -/* - * Shared data between threads, protected by the mutex, a structure so - * we can audit thread safety easier. - */ -static struct _Shared { - p11_dict *modules; - p11_dict *unmanaged_by_funcs; - p11_dict *managed_by_closure; - p11_dict *config; -} gl = { NULL, NULL }; - -/* These are global variables to be overridden in tests */ -const char *p11_config_system_file = P11_SYSTEM_CONFIG_FILE; -const char *p11_config_user_file = P11_USER_CONFIG_FILE; -const char *p11_config_package_modules = P11_PACKAGE_CONFIG_MODULES; -const char *p11_config_system_modules = P11_SYSTEM_CONFIG_MODULES; -const char *p11_config_user_modules = P11_USER_CONFIG_MODULES; - -/* ----------------------------------------------------------------------------- - * P11-KIT FUNCTIONALITY - */ - -static CK_RV -create_mutex (CK_VOID_PTR_PTR mut) -{ - p11_mutex_t *pmutex; - - return_val_if_fail (mut != NULL, CKR_ARGUMENTS_BAD); - - pmutex = malloc (sizeof (p11_mutex_t)); - return_val_if_fail (pmutex != NULL, CKR_HOST_MEMORY); - - p11_mutex_init (pmutex); - *mut = pmutex; - return CKR_OK; -} - -static CK_RV -destroy_mutex (CK_VOID_PTR mut) -{ - p11_mutex_t *pmutex = mut; - - return_val_if_fail (mut != NULL, CKR_MUTEX_BAD); - - p11_mutex_uninit (pmutex); - free (pmutex); - return CKR_OK; -} - -static CK_RV -lock_mutex (CK_VOID_PTR mut) -{ - p11_mutex_t *pmutex = mut; - - return_val_if_fail (mut != NULL, CKR_MUTEX_BAD); - - p11_mutex_lock (pmutex); - return CKR_OK; -} - -static CK_RV -unlock_mutex (CK_VOID_PTR mut) -{ - p11_mutex_t *pmutex = mut; - - return_val_if_fail (mut != NULL, CKR_MUTEX_BAD); - - p11_mutex_unlock (pmutex); - return CKR_OK; -} - -static void -free_module_unlocked (void *data) -{ - Module *mod = data; - - assert (mod != NULL); - - /* Module must have no outstanding references */ - assert (mod->ref_count == 0); - - if (mod->init_count > 0) { - p11_debug_precond ("module unloaded without C_Finalize having been " - "called for each C_Initialize"); - } else { - assert (mod->initialize_thread == 0); - } - - if (mod->loaded_destroy) - mod->loaded_destroy (mod->loaded_module); - - p11_mutex_uninit (&mod->initialize_mutex); - p11_dict_free (mod->config); - free (mod->name); - free (mod->filename); - free (mod); -} - -static Module * -alloc_module_unlocked (void) -{ - Module *mod; - - mod = calloc (1, sizeof (Module)); - return_val_if_fail (mod != NULL, NULL); - - mod->init_args.CreateMutex = create_mutex; - mod->init_args.DestroyMutex = destroy_mutex; - mod->init_args.LockMutex = lock_mutex; - mod->init_args.UnlockMutex = unlock_mutex; - mod->init_args.flags = CKF_OS_LOCKING_OK; - p11_mutex_init (&mod->initialize_mutex); - - /* - * The default for configured modules is non-critical, but for - * modules loaded explicitly, and not from config, we treat them - * as critical. So this gets overridden for configured modules - * later when the config is loaded. - */ - mod->critical = true; - - return mod; -} - -static CK_RV -dlopen_and_get_function_list (Module *mod, - const char *path, - CK_FUNCTION_LIST **funcs) -{ - CK_C_GetFunctionList gfl; - dl_module_t dl; - char *error; - CK_RV rv; - - assert (mod != NULL); - assert (path != NULL); - assert (funcs != NULL); - - dl = p11_dl_open (path); - if (dl == NULL) { - error = p11_dl_error (); - p11_message ("couldn't load module: %s: %s", path, error); - free (error); - return CKR_GENERAL_ERROR; - } - - /* When the Module goes away, dlclose the loaded module */ - mod->loaded_destroy = (p11_kit_destroyer)p11_dl_close; - mod->loaded_module = dl; - - gfl = p11_dl_symbol (dl, "C_GetFunctionList"); - if (!gfl) { - error = p11_dl_error (); - p11_message ("couldn't find C_GetFunctionList entry point in module: %s: %s", - path, error); - free (error); - return CKR_GENERAL_ERROR; - } - - rv = gfl (funcs); - if (rv != CKR_OK) { - p11_message ("call to C_GetFunctiontList failed in module: %s: %s", - path, p11_kit_strerror (rv)); - return rv; - } - - if (p11_proxy_module_check (*funcs)) { - p11_message ("refusing to load the p11-kit-proxy.so module as a registered module"); - return CKR_FUNCTION_FAILED; - } - - p11_virtual_init (&mod->virt, &p11_virtual_base, *funcs, NULL); - p11_debug ("opened module: %s", path); - return CKR_OK; -} - -static CK_RV -load_module_from_file_inlock (const char *name, - const char *path, - Module **result) -{ - CK_FUNCTION_LIST *funcs; - char *expand = NULL; - Module *mod; - Module *prev; - CK_RV rv; - - assert (path != NULL); - assert (result != NULL); - - mod = alloc_module_unlocked (); - return_val_if_fail (mod != NULL, CKR_HOST_MEMORY); - - if (!p11_path_absolute (path)) { - p11_debug ("module path is relative, loading from: %s", P11_MODULE_PATH); - path = expand = p11_path_build (P11_MODULE_PATH, path, NULL); - return_val_if_fail (path != NULL, CKR_HOST_MEMORY); - } - - p11_debug ("loading module %s%sfrom path: %s", - name ? name : "", name ? " " : "", path); - - mod->filename = strdup (path); - - rv = dlopen_and_get_function_list (mod, path, &funcs); - free (expand); - - if (rv != CKR_OK) { - free_module_unlocked (mod); - return rv; - } - - /* Do we have a previous one like this, if so ignore load */ - prev = p11_dict_get (gl.unmanaged_by_funcs, funcs); - - /* If same module was loaded previously, just take over config */ - if (prev != NULL) { - if (!name || prev->name || prev->config) - p11_debug ("duplicate module %s, using previous", name); - free_module_unlocked (mod); - mod = prev; - - /* This takes ownership of the module */ - } else if (!p11_dict_set (gl.modules, mod, mod) || - !p11_dict_set (gl.unmanaged_by_funcs, funcs, mod)) { - return_val_if_reached (CKR_HOST_MEMORY); - } - - *result= mod; - return CKR_OK; -} - -static CK_RV -setup_module_for_remote_inlock (const char *name, - const char *remote, - Module **result) -{ - p11_rpc_transport *rpc; - Module *mod; - - p11_debug ("remoting module %s using: %s", name, remote); - - mod = alloc_module_unlocked (); - return_val_if_fail (mod != NULL, CKR_HOST_MEMORY); - - rpc = p11_rpc_transport_new (&mod->virt, remote, name); - if (rpc == NULL) { - free_module_unlocked (mod); - return CKR_DEVICE_ERROR; - } - - mod->filename = NULL; - mod->loaded_module = rpc; - mod->loaded_destroy = p11_rpc_transport_free; - - /* This takes ownership of the module */ - if (!p11_dict_set (gl.modules, mod, mod)) - return_val_if_reached (CKR_HOST_MEMORY); - - *result = mod; - return CKR_OK; -} - -static int -is_list_delimiter (char ch) -{ - return ch == ',' || isspace (ch); -} - -static bool -is_string_in_list (const char *list, - const char *string) -{ - const char *where; - - where = strstr (list, string); - if (where == NULL) - return false; - - /* Has to be at beginning/end of string, and delimiter before/after */ - if (where != list && !is_list_delimiter (*(where - 1))) - return false; - - where += strlen (string); - return (*where == '\0' || is_list_delimiter (*where)); -} - -static bool -is_module_enabled_unlocked (const char *name, - p11_dict *config) -{ - const char *progname; - const char *enable_in; - const char *disable_in; - bool enable = false; - - enable_in = p11_dict_get (config, "enable-in"); - disable_in = p11_dict_get (config, "disable-in"); - - /* Defaults to enabled if neither of these are set */ - if (!enable_in && !disable_in) - return true; - - progname = _p11_get_progname_unlocked (); - if (enable_in && disable_in) - p11_message ("module '%s' has both enable-in and disable-in options", name); - if (enable_in) - enable = (progname != NULL && is_string_in_list (enable_in, progname)); - else if (disable_in) - enable = (progname == NULL || !is_string_in_list (disable_in, progname)); - - p11_debug ("%s module '%s' running in '%s'", - enable ? "enabled" : "disabled", - name, - progname ? progname : "(null)"); - return enable; -} - -static CK_RV -take_config_and_load_module_inlock (char **name, - p11_dict **config, - bool critical) -{ - const char *filename = NULL; - const char *remote = NULL; - CK_RV rv = CKR_OK; - Module *mod; - - assert (name); - assert (*name); - assert (config); - assert (*config); - - if (!is_module_enabled_unlocked (*name, *config)) - goto out; - - remote = p11_dict_get (*config, "remote"); - if (remote == NULL) { - filename = p11_dict_get (*config, "module"); - if (filename == NULL) { - p11_debug ("no module path for module, skipping: %s", *name); - goto out; - } - } - - if (remote != NULL) { - rv = setup_module_for_remote_inlock (*name, remote, &mod); - if (rv != CKR_OK) - goto out; - - } else { - - rv = load_module_from_file_inlock (*name, filename, &mod); - if (rv != CKR_OK) - goto out; - } - - /* - * We support setting of CK_C_INITIALIZE_ARGS.pReserved from - * 'x-init-reserved' setting in the config. This only works with specific - * PKCS#11 modules, and is non-standard use of that field. - */ - mod->init_args.pReserved = p11_dict_get (*config, "x-init-reserved"); - - /* Take ownership of thes evariables */ - p11_dict_free (mod->config); - mod->config = *config; - *config = NULL; - free (mod->name); - mod->name = *name; - *name = NULL; - mod->critical = critical; - -out: - return rv; -} - -static CK_RV -load_registered_modules_unlocked (void) -{ - p11_dictiter iter; - p11_dict *configs; - void *key; - char *name; - p11_dict *config; - int mode; - CK_RV rv; - bool critical; - - if (gl.config) - return CKR_OK; - - /* Load the global configuration files */ - config = _p11_conf_load_globals (p11_config_system_file, p11_config_user_file, &mode); - if (config == NULL) - return CKR_GENERAL_ERROR; - - assert (mode != CONF_USER_INVALID); - - configs = _p11_conf_load_modules (mode, - p11_config_package_modules, - p11_config_system_modules, - p11_config_user_modules); - if (configs == NULL) { - rv = CKR_GENERAL_ERROR; - p11_dict_free (config); - return rv; - } - - assert (gl.config == NULL); - gl.config = config; - - /* - * Now go through each config and turn it into a module. As we iterate - * we steal the values of the config. - */ - p11_dict_iterate (configs, &iter); - while (p11_dict_next (&iter, &key, NULL)) { - if (!p11_dict_steal (configs, key, (void**)&name, (void**)&config)) - assert_not_reached (); - - /* Is this a critical module, should abort loading of others? */ - critical = _p11_conf_parse_boolean (p11_dict_get (config, "critical"), false); - rv = take_config_and_load_module_inlock (&name, &config, critical); - - /* - * These variables will be cleared if ownership is transeferred - * by the above function call. - */ - p11_dict_free (config); - - if (critical && rv != CKR_OK) { - p11_message ("aborting initialization because module '%s' was marked as critical", - name); - p11_dict_free (configs); - free (name); - return rv; - } - - free (name); - } - - p11_dict_free (configs); - return CKR_OK; -} - -static CK_RV -initialize_module_inlock_reentrant (Module *mod, CK_C_INITIALIZE_ARGS *init_args) -{ - CK_RV rv = CKR_OK; - p11_thread_id_t self; - - assert (mod); - - self = p11_thread_id_self (); - - if (mod->initialize_thread == self) { - p11_message ("p11-kit initialization called recursively"); - return CKR_FUNCTION_FAILED; - } - - /* - * Increase ref first, so module doesn't get freed out from - * underneath us when the mutex is unlocked below. - */ - ++mod->ref_count; - mod->initialize_thread = self; - - /* Change over to the module specific mutex */ - p11_unlock (); - p11_mutex_lock (&mod->initialize_mutex); - - if (mod->initialize_called != p11_forkid) { - p11_debug ("C_Initialize: calling"); - - /* The init_args argument takes precedence over mod->init_args */ - if (init_args == NULL) - init_args = &mod->init_args; - - rv = mod->virt.funcs.C_Initialize (&mod->virt.funcs, - init_args); - - p11_debug ("C_Initialize: result: %lu", rv); - - /* Module was initialized and C_Finalize should be called */ - if (rv == CKR_OK) - mod->initialize_called = p11_forkid; - else - mod->initialize_called = 0; - - /* Module was already initialized, we don't call C_Finalize */ - if (rv == CKR_CRYPTOKI_ALREADY_INITIALIZED) - rv = CKR_OK; - } - - p11_mutex_unlock (&mod->initialize_mutex); - p11_lock (); - - if (rv == CKR_OK) { - /* Matches the ref count in finalize_module_inlock_reentrant() */ - if (mod->init_count == 0) - mod->ref_count++; - mod->init_count++; - } - - mod->ref_count--; - mod->initialize_thread = 0; - return rv; -} - -static CK_RV -init_globals_unlocked (void) -{ - static bool once = false; - - if (!gl.modules) { - gl.modules = p11_dict_new (p11_dict_direct_hash, - p11_dict_direct_equal, - free_module_unlocked, NULL); - return_val_if_fail (gl.modules != NULL, CKR_HOST_MEMORY); - } - - if (!gl.unmanaged_by_funcs) { - gl.unmanaged_by_funcs = p11_dict_new (p11_dict_direct_hash, - p11_dict_direct_equal, - NULL, NULL); - return_val_if_fail (gl.unmanaged_by_funcs != NULL, CKR_HOST_MEMORY); - } - - if (!gl.managed_by_closure) { - gl.managed_by_closure = p11_dict_new (p11_dict_direct_hash, - p11_dict_direct_equal, - NULL, NULL); - return_val_if_fail (gl.managed_by_closure != NULL, CKR_HOST_MEMORY); - } - - if (once) - return CKR_OK; - - once = true; - - return CKR_OK; -} - -static void -free_modules_when_no_refs_unlocked (void) -{ - Module *mod; - p11_dictiter iter; - - /* Check if any modules have a ref count */ - p11_dict_iterate (gl.modules, &iter); - while (p11_dict_next (&iter, (void **)&mod, NULL)) { - if (mod->ref_count) - return; - } - - p11_dict_free (gl.unmanaged_by_funcs); - gl.unmanaged_by_funcs = NULL; - - p11_dict_free (gl.managed_by_closure); - gl.managed_by_closure = NULL; - - p11_dict_free (gl.modules); - gl.modules = NULL; - - p11_dict_free (gl.config); - gl.config = NULL; -} - -static CK_RV -finalize_module_inlock_reentrant (Module *mod) -{ - assert (mod); - - /* - * We leave module info around until all are finalized - * so we can encounter these zombie Module structures. - */ - if (mod->ref_count == 0) - return CKR_ARGUMENTS_BAD; - - if (--mod->init_count > 0) - return CKR_OK; - - /* - * Because of the mutex unlock below, we temporarily increase - * the ref count. This prevents module from being freed out - * from ounder us. - */ - - p11_unlock (); - p11_mutex_lock (&mod->initialize_mutex); - - if (mod->initialize_called == p11_forkid) { - mod->virt.funcs.C_Finalize (&mod->virt.funcs, NULL); - mod->initialize_called = 0; - } - - p11_mutex_unlock (&mod->initialize_mutex); - p11_lock (); - - /* Match the ref increment in initialize_module_inlock_reentrant() */ - mod->ref_count--; - - free_modules_when_no_refs_unlocked (); - return CKR_OK; -} - -static CK_RV -initialize_registered_inlock_reentrant (void) -{ - p11_dictiter iter; - Module *mod; - CK_RV rv; - - /* - * This is only called by deprecated code. The caller expects all - * configured and enabled modules to be initialized. - */ - - rv = init_globals_unlocked (); - if (rv != CKR_OK) - return rv; - - rv = load_registered_modules_unlocked (); - if (rv == CKR_OK) { - p11_dict_iterate (gl.unmanaged_by_funcs, &iter); - while (rv == CKR_OK && p11_dict_next (&iter, NULL, (void **)&mod)) { - - /* Skip all modules that aren't registered or enabled */ - if (mod->name == NULL || !is_module_enabled_unlocked (mod->name, mod->config)) - continue; - - rv = initialize_module_inlock_reentrant (mod, NULL); - if (rv != CKR_OK) { - if (mod->critical) { - p11_message ("initialization of critical module '%s' failed: %s", - mod->name, p11_kit_strerror (rv)); - } else { - p11_message ("skipping module '%s' whose initialization failed: %s", - mod->name, p11_kit_strerror (rv)); - rv = CKR_OK; - } - } - } - } - - return rv; -} - -static Module * -module_for_functions_inlock (CK_FUNCTION_LIST *funcs) -{ - if (p11_virtual_is_wrapper (funcs)) - return p11_dict_get (gl.managed_by_closure, funcs); - else - return p11_dict_get (gl.unmanaged_by_funcs, funcs); -} - -static CK_FUNCTION_LIST * -unmanaged_for_module_inlock (Module *mod) -{ - CK_FUNCTION_LIST *funcs; - - funcs = mod->virt.lower_module; - if (p11_dict_get (gl.unmanaged_by_funcs, funcs) == mod) - return funcs; - - return NULL; -} - -/** - * p11_kit_initialize_registered: - * - * Initialize all the registered PKCS\#11 modules. - * - * If this is the first time this function is called multiple times - * consecutively within a single process, then it merely increments an - * initialization reference count for each of these modules. - * - * Use p11_kit_finalize_registered() to finalize these registered modules once - * the caller is done with them. - * - * If this function fails, then an error message will be available via the - * p11_kit_message() function. - * - * Deprecated: Since: 0.19.0: Use p11_kit_modules_load() instead. - * - * Returns: CKR_OK if the initialization succeeded, or an error code. - */ -CK_RV -p11_kit_initialize_registered (void) -{ - CK_RV rv; - - p11_library_init_once (); - - /* WARNING: This function must be reentrant */ - p11_debug ("in"); - - p11_lock (); - - p11_message_clear (); - - /* WARNING: Reentrancy can occur here */ - rv = initialize_registered_inlock_reentrant (); - - _p11_kit_default_message (rv); - - p11_unlock (); - - /* Cleanup any partial initialization */ - if (rv != CKR_OK) - p11_kit_finalize_registered (); - - p11_debug ("out: %lu", rv); - return rv; -} - -static CK_RV -finalize_registered_inlock_reentrant (void) -{ - Module *mod; - p11_dictiter iter; - Module **to_finalize; - int i, count; - - /* - * This is only called from deprecated code. The caller expects all - * modules initialized earlier to be finalized (once). If non-critical - * modules failed to initialize, then it is not possible to completely - * guarantee the internal state. - */ - - if (!gl.modules) - return CKR_CRYPTOKI_NOT_INITIALIZED; - - /* WARNING: This function must be reentrant */ - - to_finalize = calloc (p11_dict_size (gl.unmanaged_by_funcs), sizeof (Module *)); - if (!to_finalize) - return CKR_HOST_MEMORY; - - count = 0; - p11_dict_iterate (gl.unmanaged_by_funcs, &iter); - while (p11_dict_next (&iter, NULL, (void **)&mod)) { - - /* Skip all modules that aren't registered */ - if (mod->name && mod->init_count) - to_finalize[count++] = mod; - } - - p11_debug ("finalizing %d modules", count); - - for (i = 0; i < count; ++i) { - /* WARNING: Reentrant calls can occur here */ - finalize_module_inlock_reentrant (to_finalize[i]); - } - - free (to_finalize); - - /* In case nothing loaded, free up internal memory */ - if (count == 0) - free_modules_when_no_refs_unlocked (); - - return CKR_OK; -} - -/** - * p11_kit_finalize_registered: - * - * Finalize all the registered PKCS\#11 modules. These should have been - * initialized with p11_kit_initialize_registered(). - * - * If p11_kit_initialize_registered() has been called more than once in this - * process, then this function must be called the same number of times before - * actual finalization will occur. - * - * If this function fails, then an error message will be available via the - * p11_kit_message() function. - * - * Deprecated: Since 0.19.0: Use p11_kit_modules_release() instead. - * - * Returns: CKR_OK if the finalization succeeded, or an error code. - */ - -CK_RV -p11_kit_finalize_registered (void) -{ - CK_RV rv; - - p11_library_init_once (); - - /* WARNING: This function must be reentrant */ - p11_debug ("in"); - - p11_lock (); - - p11_message_clear (); - - /* WARNING: Reentrant calls can occur here */ - rv = finalize_registered_inlock_reentrant (); - - _p11_kit_default_message (rv); - - p11_unlock (); - - p11_debug ("out: %lu", rv); - return rv; -} - -static int -compar_priority (const void *one, - const void *two) -{ - CK_FUNCTION_LIST_PTR f1 = *((CK_FUNCTION_LIST_PTR *)one); - CK_FUNCTION_LIST_PTR f2 = *((CK_FUNCTION_LIST_PTR *)two); - Module *m1, *m2; - const char *v1, *v2; - int o1, o2; - - m1 = module_for_functions_inlock (f1); - m2 = module_for_functions_inlock (f2); - assert (m1 != NULL && m2 != NULL); - - v1 = p11_dict_get (m1->config, "priority"); - v2 = p11_dict_get (m2->config, "priority"); - - o1 = atoi (v1 ? v1 : "0"); - o2 = atoi (v2 ? v2 : "0"); - - /* Priority is in descending order, highest first */ - if (o1 != o2) - return o1 > o2 ? -1 : 1; - - /* - * Otherwise use the names alphabetically in ascending order. This - * is really just to provide consistency between various loads of - * the configuration. - */ - if (m1->name == m2->name) - return 0; - if (!m1->name) - return -1; - if (!m2->name) - return 1; - return strcmp (m1->name, m2->name); -} - -static void -sort_modules_by_priority (CK_FUNCTION_LIST_PTR *modules, - int count) -{ - qsort (modules, count, sizeof (CK_FUNCTION_LIST_PTR), compar_priority); -} - -static CK_FUNCTION_LIST ** -list_registered_modules_inlock (void) -{ - CK_FUNCTION_LIST **result = NULL; - CK_FUNCTION_LIST *funcs; - Module *mod; - p11_dictiter iter; - int i = 0; - - /* - * This is only called by deprecated code. The caller expects to get - * a list of all registered enabled modules that have been initialized. - */ - - if (gl.unmanaged_by_funcs) { - result = calloc (p11_dict_size (gl.unmanaged_by_funcs) + 1, - sizeof (CK_FUNCTION_LIST *)); - return_val_if_fail (result != NULL, NULL); - - p11_dict_iterate (gl.unmanaged_by_funcs, &iter); - while (p11_dict_next (&iter, (void **)&funcs, (void **)&mod)) { - - /* - * We don't include unreferenced modules. We don't include - * modules that have been initialized but aren't in the - * registry. These have a NULL name. - * - * In addition we check again that the module isn't disabled - * using enable-in or disable-in. This is because a caller - * can change the progname we recognize the process as after - * having initialized. This is a corner case, but want to make - * sure to cover it. - */ - if (mod->ref_count && mod->name && mod->init_count && - is_module_enabled_unlocked (mod->name, mod->config)) { - result[i++] = funcs; - } - } - - sort_modules_by_priority (result, i); - } - - return result; -} - -/** - * p11_kit_registered_modules: - * - * Get a list of all the registered PKCS\#11 modules. This list will be valid - * once the p11_kit_initialize_registered() function has been called. - * - * The returned value is a <code>NULL</code> terminated array of - * <code>CK_FUNCTION_LIST_PTR</code> pointers. - * - * The returned modules are unmanaged. - * - * Deprecated: Since 0.19.0: Use p11_kit_modules_load() instead. - * - * Returns: A list of all the registered modules. Use the free() function to - * free the list. - */ -CK_FUNCTION_LIST_PTR_PTR -p11_kit_registered_modules (void) -{ - CK_FUNCTION_LIST_PTR_PTR result; - - p11_library_init_once (); - - p11_lock (); - - p11_message_clear (); - - result = list_registered_modules_inlock (); - - p11_unlock (); - - return result; -} - -/** - * p11_kit_registered_module_to_name: - * @module: pointer to a registered module - * - * Get the name of a registered PKCS\#11 module. - * - * You can use p11_kit_registered_modules() to get a list of all the registered - * modules. This name is specified by the registered module configuration. - * - * Deprecated: Since 0.19.0: Use p11_kit_module_get_name() instead. - * - * Returns: A newly allocated string containing the module name, or - * <code>NULL</code> if no such registered module exists. Use free() to - * free this string. - */ -char* -p11_kit_registered_module_to_name (CK_FUNCTION_LIST_PTR module) -{ - return_val_if_fail (module != NULL, NULL); - return p11_kit_module_get_name (module); -} - -/** - * p11_kit_module_get_name: - * @module: pointer to a loaded module - * - * Get the configured name of the PKCS\#11 module. - * - * Configured modules are loaded by p11_kit_modules_load(). The module - * passed to this function can be either managed or unmanaged. Non - * configured modules will return %NULL. - * - * Use free() to release the return value when you're done with it. - * - * Returns: a newly allocated string containing the module name, or - * <code>NULL</code> if the module is not a configured module - */ -char * -p11_kit_module_get_name (CK_FUNCTION_LIST *module) -{ - Module *mod; - char *name = NULL; - - return_val_if_fail (module != NULL, NULL); - - p11_library_init_once (); - - p11_lock (); - - p11_message_clear (); - - if (gl.modules) { - mod = module_for_functions_inlock (module); - if (mod && mod->name) - name = strdup (mod->name); - } - - p11_unlock (); - - return name; -} - -/** - * p11_kit_module_get_filename: - * @module: pointer to a loaded module - * - * Get the configured name of the PKCS\#11 module. - * - * Configured modules are loaded by p11_kit_modules_load(). The module - * passed to this function can be either managed or unmanaged. Non - * configured modules will return %NULL. - * - * Use free() to release the return value when you're done with it. - * - * Returns: a newly allocated string containing the module name, or - * <code>NULL</code> if the module is not a configured module - */ -char * -p11_kit_module_get_filename (CK_FUNCTION_LIST *module) -{ - Module *mod; - char *name = NULL; - - return_val_if_fail (module != NULL, NULL); - - p11_library_init_once (); - - p11_lock (); - - p11_message_clear (); - - if (gl.modules) { - mod = module_for_functions_inlock (module); - if (mod && mod->filename) - name = strdup (mod->filename); - } - - p11_unlock (); - - return name; -} - -static const char * -module_get_option_inlock (Module *mod, - const char *option) -{ - p11_dict *config; - - if (mod == NULL) - config = gl.config; - else - config = mod->config; - if (config == NULL) - return NULL; - return p11_dict_get (config, option); -} - -/** - * p11_kit_module_get_flags: - * @module: the module - * - * Get the flags for this module. - * - * The %P11_KIT_MODULE_UNMANAGED flag will be set if the module is not - * managed by p11-kit. It is a raw PKCS\#11 module function list. - * - * The %P11_KIT_MODULE_CRITICAL flag will be set if the module is configured - * to be critical, and not be skipped over if it fails to initialize or - * load. This flag is also set for modules that are not configured, but have - * been loaded in another fashion. - * - * Returns: the flags for the module - */ -int -p11_kit_module_get_flags (CK_FUNCTION_LIST *module) -{ - const char *trusted; - Module *mod; - int flags = 0; - - return_val_if_fail (module != NULL, 0); - - p11_library_init_once (); - - p11_lock (); - - p11_message_clear (); - - if (gl.modules) { - if (p11_virtual_is_wrapper (module)) { - mod = p11_dict_get (gl.managed_by_closure, module); - } else { - flags |= P11_KIT_MODULE_UNMANAGED; - mod = p11_dict_get (gl.unmanaged_by_funcs, module); - } - if (!mod || mod->critical) - flags |= P11_KIT_MODULE_CRITICAL; - if (mod) { - trusted = module_get_option_inlock (mod, "trust-policy"); - if (_p11_conf_parse_boolean (trusted, false)) - flags |= P11_KIT_MODULE_TRUSTED; - } - } - - p11_unlock (); - - return flags; -} - -/** - * p11_kit_registered_name_to_module: - * @name: name of a registered module - * - * Lookup a registered PKCS\#11 module by its name. This name is specified by - * the registered module configuration. - * - * Deprecated: Since 0.19.0: Use p11_kit_module_for_name() instead. - * - * Returns: a pointer to a PKCS\#11 module, or <code>NULL</code> if this name was - * not found. - */ -CK_FUNCTION_LIST_PTR -p11_kit_registered_name_to_module (const char *name) -{ - CK_FUNCTION_LIST_PTR module = NULL; - CK_FUNCTION_LIST_PTR funcs; - p11_dictiter iter; - Module *mod; - - return_val_if_fail (name != NULL, NULL); - - p11_lock (); - - p11_message_clear (); - - if (gl.modules) { - - assert (name); - - p11_dict_iterate (gl.unmanaged_by_funcs, &iter); - while (p11_dict_next (&iter, (void **)&funcs, (void **)&mod)) { - if (mod->ref_count && mod->name && strcmp (name, mod->name) == 0) { - module = funcs; - break; - } - } - } - - p11_unlock (); - - return module; -} - -/** - * p11_kit_module_for_name: - * @modules: a list of modules to look through - * @name: the name of the module to find - * - * Look through the list of @modules and return the module whose @name - * matches. - * - * Only configured modules have names. Configured modules are loaded by - * p11_kit_modules_load(). The module passed to this function can be either - * managed or unmanaged. - * - * The return value is not copied or duplicated in anyway. It is still - * 'owned' by the @modules list. - * - * Returns: the module which matches the name, or %NULL if no match. - */ -CK_FUNCTION_LIST * -p11_kit_module_for_name (CK_FUNCTION_LIST **modules, - const char *name) -{ - CK_FUNCTION_LIST *ret = NULL; - Module *mod; - int i; - - return_val_if_fail (name != NULL, NULL); - - if (!modules) - return NULL; - - p11_library_init_once (); - - p11_lock (); - - p11_message_clear (); - - for (i = 0; gl.modules && modules[i] != NULL; i++) { - mod = module_for_functions_inlock (modules[i]); - if (mod && mod->name && strcmp (mod->name, name) == 0) { - ret = modules[i]; - break; - } - } - - p11_unlock (); - - return ret; -} - -/** - * p11_kit_registered_option: - * @module: a pointer to a registered module - * @field: the name of the option to lookup. - * - * Lookup a configured option for a registered PKCS\#11 module. If a - * <code>NULL</code> module argument is specified, then this will lookup - * the configuration option in the global config file. - * - * Deprecated: Since 0.19.0: Use p11_kit_config_option() instead. - * - * Returns: A newly allocated string containing the option value, or - * <code>NULL</code> if the registered module or the option were not found. - * Use free() to free the returned string. - */ -char* -p11_kit_registered_option (CK_FUNCTION_LIST_PTR module, const char *field) -{ - Module *mod = NULL; - char *option = NULL; - const char *value; - - return_val_if_fail (field != NULL, NULL); - - p11_library_init_once (); - - p11_lock (); - - p11_message_clear (); - - if (module == NULL) - mod = NULL; - else - mod = gl.unmanaged_by_funcs ? p11_dict_get (gl.unmanaged_by_funcs, module) : NULL; - - value = module_get_option_inlock (mod, field); - if (value) - option = strdup (value); - - p11_unlock (); - - return option; -} - -/** - * p11_kit_config_option: - * @module: the module to retrieve the option for, or %NULL for global options - * @option: the option to retrieve - * - * Retrieve the value for a configured option. - * - * If @module is %NULL, then the global option with the given name will - * be retrieved. Otherwise @module should point to a configured loaded module. - * If no such @option or configured @module exists, then %NULL will be returned. - * - * Use free() to release the returned value. - * - * Returns: the option value or %NULL - */ -char * -p11_kit_config_option (CK_FUNCTION_LIST *module, - const char *option) -{ - Module *mod = NULL; - const char *value = NULL; - char *ret = NULL; - - return_val_if_fail (option != NULL, NULL); - - p11_library_init_once (); - - p11_lock (); - - p11_message_clear (); - - if (gl.modules) { - if (module != NULL) { - mod = module_for_functions_inlock (module); - if (mod == NULL) - goto cleanup; - } - - value = module_get_option_inlock (mod, option); - if (value) - ret = strdup (value); - } - - -cleanup: - p11_unlock (); - return ret; -} - -typedef struct { - p11_virtual virt; - Module *mod; - unsigned int initialized; - p11_dict *sessions; -} Managed; - -static CK_RV -managed_C_Initialize (CK_X_FUNCTION_LIST *self, - CK_VOID_PTR init_args) -{ - Managed *managed = ((Managed *)self); - p11_dict *sessions; - CK_RV rv; - - p11_debug ("in"); - p11_lock (); - - if (managed->initialized == p11_forkid) { - rv = CKR_CRYPTOKI_ALREADY_INITIALIZED; - - } else { - sessions = p11_dict_new (p11_dict_ulongptr_hash, - p11_dict_ulongptr_equal, - free, free); - if (!sessions) - rv = CKR_HOST_MEMORY; - else - rv = initialize_module_inlock_reentrant (managed->mod, init_args); - if (rv == CKR_OK) { - if (managed->sessions) - p11_dict_free (managed->sessions); - managed->sessions = sessions; - managed->initialized = p11_forkid; - } else { - p11_dict_free (sessions); - } - } - - p11_unlock (); - p11_debug ("out: %lu", rv); - - return rv; -} - -static CK_RV -managed_track_session_inlock (p11_dict *sessions, - CK_SLOT_ID slot_id, - CK_SESSION_HANDLE session) -{ - void *key; - void *value; - - key = memdup (&session, sizeof (CK_SESSION_HANDLE)); - return_val_if_fail (key != NULL, CKR_HOST_MEMORY); - - value = memdup (&slot_id, sizeof (CK_SESSION_HANDLE)); - return_val_if_fail (value != NULL, CKR_HOST_MEMORY); - - if (!p11_dict_set (sessions, key, value)) - return_val_if_reached (CKR_HOST_MEMORY); - - return CKR_OK; -} - -static void -managed_untrack_session_inlock (p11_dict *sessions, - CK_SESSION_HANDLE session) -{ - p11_dict_remove (sessions, &session); -} - -static CK_SESSION_HANDLE * -managed_steal_sessions_inlock (p11_dict *sessions, - bool matching_slot_id, - CK_SLOT_ID slot_id, - int *count) -{ - CK_SESSION_HANDLE *stolen; - CK_SESSION_HANDLE *key; - CK_SLOT_ID *value; - p11_dictiter iter; - int at, i; - - assert (sessions != NULL); - assert (count != NULL); - - stolen = calloc (p11_dict_size (sessions), sizeof (CK_SESSION_HANDLE)); - return_val_if_fail (stolen != NULL, NULL); - - at = 0; - p11_dict_iterate (sessions, &iter); - while (p11_dict_next (&iter, (void **)&key, (void **)&value)) { - if (!matching_slot_id || slot_id == *value) - stolen[at++] = *key; - } - - /* Removed them all, clear the whole array */ - if (at == p11_dict_size (sessions)) { - p11_dict_clear (sessions); - - /* Only removed some, go through and remove those */ - } else { - for (i = 0; i < at; i++) { - if (!p11_dict_remove (sessions, stolen + at)) - assert_not_reached (); - } - } - - *count = at; - return stolen; -} - -static void -managed_close_sessions (CK_X_FUNCTION_LIST *funcs, - CK_SESSION_HANDLE *stolen, - int count) -{ - CK_RV rv; - int i; - - for (i = 0; i < count; i++) { - rv = funcs->C_CloseSession (funcs, stolen[i]); - if (rv != CKR_OK) - p11_message ("couldn't close session: %s", p11_kit_strerror (rv)); - } -} - -static CK_RV -managed_C_Finalize (CK_X_FUNCTION_LIST *self, - CK_VOID_PTR reserved) -{ - Managed *managed = ((Managed *)self); - CK_SESSION_HANDLE *sessions; - int count; - CK_RV rv; - - p11_debug ("in"); - p11_lock (); - - if (managed->initialized == 0) { - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - - } else if (managed->initialized != p11_forkid) { - /* - * In theory we should be returning CKR_CRYPTOKI_NOT_INITIALIZED here - * but enough callers are not completely aware of their forking. - * So we just clean up any state we have, rather than forcing callers - * to initialize just to finalize. - */ - p11_debug ("finalizing module in wrong process, skipping C_Finalize"); - rv = CKR_OK; - - } else { - sessions = managed_steal_sessions_inlock (managed->sessions, false, 0, &count); - - if (sessions && count) { - /* WARNING: reentrancy can occur here */ - p11_unlock (); - managed_close_sessions (&managed->mod->virt.funcs, sessions, count); - p11_lock (); - } - - free (sessions); - - /* WARNING: reentrancy can occur here */ - rv = finalize_module_inlock_reentrant (managed->mod); - } - - if (rv == CKR_OK) { - managed->initialized = 0; - p11_dict_free (managed->sessions); - managed->sessions = NULL; - } - - p11_unlock (); - p11_debug ("out: %lu", rv); - - return rv; -} - -static CK_RV -managed_C_OpenSession (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_FLAGS flags, - CK_VOID_PTR application, - CK_NOTIFY notify, - CK_SESSION_HANDLE_PTR session) -{ - Managed *managed = ((Managed *)self); - CK_RV rv; - - return_val_if_fail (session != NULL, CKR_ARGUMENTS_BAD); - - self = &managed->mod->virt.funcs; - rv = self->C_OpenSession (self, slot_id, flags, application, notify, session); - - if (rv == CKR_OK) { - p11_lock (); - rv = managed_track_session_inlock (managed->sessions, slot_id, *session); - p11_unlock (); - } - - return rv; -} - -static CK_RV -managed_C_CloseSession (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session) -{ - Managed *managed = ((Managed *)self); - CK_RV rv; - - self = &managed->mod->virt.funcs; - rv = self->C_CloseSession (self, session); - - if (rv == CKR_OK) { - p11_lock (); - managed_untrack_session_inlock (managed->sessions, session); - p11_unlock (); - } - - return rv; -} - -static CK_RV -managed_C_CloseAllSessions (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id) -{ - Managed *managed = ((Managed *)self); - CK_SESSION_HANDLE *stolen; - int count; - - p11_lock (); - stolen = managed_steal_sessions_inlock (managed->sessions, true, slot_id, &count); - p11_unlock (); - - self = &managed->mod->virt.funcs; - managed_close_sessions (self, stolen, count); - if (stolen) { - free (stolen); - return CKR_OK; - } else { - return CKR_GENERAL_ERROR; - } - -} - -static void -managed_free_inlock (void *data) -{ - Managed *managed = data; - managed->mod->ref_count--; - free (managed); -} - -static p11_virtual * -managed_create_inlock (Module *mod) -{ - Managed *managed; - - managed = calloc (1, sizeof (Managed)); - return_val_if_fail (managed != NULL, NULL); - - p11_virtual_init (&managed->virt, &p11_virtual_stack, - &mod->virt, NULL); - managed->virt.funcs.C_Initialize = managed_C_Initialize; - managed->virt.funcs.C_Finalize = managed_C_Finalize; - managed->virt.funcs.C_CloseAllSessions = managed_C_CloseAllSessions; - managed->virt.funcs.C_CloseSession = managed_C_CloseSession; - managed->virt.funcs.C_OpenSession = managed_C_OpenSession; - managed->mod = mod; - mod->ref_count++; - - return &managed->virt; -} - -static bool -lookup_managed_option (Module *mod, - bool supported, - const char *option, - bool def_value) -{ - const char *string; - bool value; - - string = module_get_option_inlock (NULL, option); - if (!string) - string = module_get_option_inlock (mod, option); - if (!string) { - if (!supported) - return false; - return def_value; - } - - value = _p11_conf_parse_boolean (string, def_value); - - if (!supported && value != supported) { - if (!p11_virtual_can_wrap ()) { - /* - * This is because libffi dependency was not built. The libffi dependency - * is highly recommended and building without it results in a large loss - * of functionality. - */ - p11_message ("the '%s' option for module '%s' is not supported on this system", - option, mod->name); - } else { - /* - * This is because the module is running in unmanaged mode, so turn off the - */ - p11_message ("the '%s' option for module '%s' is only supported for managed modules", - option, mod->name); - } - return false; - } - - return value; -} - -static CK_RV -release_module_inlock_rentrant (CK_FUNCTION_LIST *module, - const char *caller_func) -{ - Module *mod; - - assert (module != NULL); - - /* See if a managed module, and finalize if so */ - if (p11_virtual_is_wrapper (module)) { - mod = p11_dict_get (gl.managed_by_closure, module); - if (mod != NULL) { - if (!p11_dict_remove (gl.managed_by_closure, module)) - assert_not_reached (); - p11_virtual_unwrap (module); - } - - /* If an unmanaged module then caller should have finalized */ - } else { - mod = p11_dict_get (gl.unmanaged_by_funcs, module); - } - - if (mod == NULL) { - p11_debug_precond ("invalid module pointer passed to %s", caller_func); - return CKR_ARGUMENTS_BAD; - } - - /* Matches the ref in prepare_module_inlock_reentrant() */ - mod->ref_count--; - return CKR_OK; -} - -CK_RV -p11_modules_release_inlock_reentrant (CK_FUNCTION_LIST **modules) -{ - CK_RV ret = CKR_OK; - CK_RV rv; - int i; - - for (i = 0; modules[i] != NULL; i++) { - rv = release_module_inlock_rentrant (modules[i], __PRETTY_FUNCTION__); - if (rv != CKR_OK) - ret = rv; - } - - free (modules); - - /* In case nothing loaded, free up internal memory */ - free_modules_when_no_refs_unlocked (); - - return ret; -} - -static CK_RV -prepare_module_inlock_reentrant (Module *mod, - int flags, - CK_FUNCTION_LIST **module) -{ - p11_destroyer destroyer; - const char *trusted; - p11_virtual *virt; - bool is_managed; - bool with_log; - - assert (module != NULL); - - if (flags & P11_KIT_MODULE_TRUSTED) { - trusted = module_get_option_inlock (mod, "trust-policy"); - if (!_p11_conf_parse_boolean (trusted, false)) - return CKR_FUNCTION_NOT_SUPPORTED; - } - - if (flags & P11_KIT_MODULE_UNMANAGED) { - is_managed = false; - with_log = false; - } else { - is_managed = lookup_managed_option (mod, p11_virtual_can_wrap (), "managed", true); - with_log = lookup_managed_option (mod, is_managed, "log-calls", false); - } - - if (is_managed) { - virt = managed_create_inlock (mod); - return_val_if_fail (virt != NULL, CKR_HOST_MEMORY); - destroyer = managed_free_inlock; - - /* Add the logger if configured */ - if (p11_log_force || with_log) { - virt = p11_log_subclass (virt, destroyer); - destroyer = p11_log_release; - } - - *module = p11_virtual_wrap (virt, destroyer); - return_val_if_fail (*module != NULL, CKR_GENERAL_ERROR); - - if (!p11_dict_set (gl.managed_by_closure, *module, mod)) - return_val_if_reached (CKR_HOST_MEMORY); - - } else { - *module = unmanaged_for_module_inlock (mod); - if (*module == NULL) - return CKR_FUNCTION_NOT_SUPPORTED; - } - - /* Matches the deref in release_module_inlock_rentrant() */ - mod->ref_count++; - return CKR_OK; -} - -CK_RV -p11_modules_load_inlock_reentrant (int flags, - CK_FUNCTION_LIST ***results) -{ - CK_FUNCTION_LIST **modules; - Module *mod; - p11_dictiter iter; - CK_RV rv; - int at; - - rv = init_globals_unlocked (); - if (rv != CKR_OK) - return rv; - - rv = load_registered_modules_unlocked (); - if (rv != CKR_OK) - return rv; - - modules = calloc (p11_dict_size (gl.modules) + 1, sizeof (CK_FUNCTION_LIST *)); - return_val_if_fail (modules != NULL, CKR_HOST_MEMORY); - - at = 0; - rv = CKR_OK; - - p11_dict_iterate (gl.modules, &iter); - while (p11_dict_next (&iter, NULL, (void **)&mod)) { - - /* - * We don't include unreferenced modules. We don't include - * modules that have been initialized but aren't in the - * registry. These have a NULL name. - * - * In addition we check again that the module isn't disabled - * using enable-in or disable-in. This is because a caller - * can change the progname we recognize the process as after - * having initialized. This is a corner case, but want to make - * sure to cover it. - */ - if (!mod->name || !is_module_enabled_unlocked (mod->name, mod->config)) - continue; - - rv = prepare_module_inlock_reentrant (mod, flags, modules + at); - if (rv == CKR_OK) - at++; - else if (rv == CKR_FUNCTION_NOT_SUPPORTED) - rv = CKR_OK; - else - break; - } - - modules[at] = NULL; - - if (rv != CKR_OK) { - p11_modules_release_inlock_reentrant (modules); - return rv; - } - - sort_modules_by_priority (modules, at); - *results = modules; - return CKR_OK; -} - -/** - * p11_kit_modules_load: - * @reserved: set to %NULL - * @flags: flags to use to load the module - * - * Load the configured PKCS\#11 modules. - * - * If @flags contains the %P11_KIT_MODULE_UNMANAGED flag, then the - * modules will be not be loaded in 'managed' mode regardless of its - * configuration. This is not recommended for general usage. - * - * If @flags contains the %P11_KIT_MODULE_CRITICAL flag then the - * modules will all be treated as 'critical', regardless of the module - * configuration. This means that a failure to load any module will - * cause this function to fail. - * - * For unmanaged modules there is no guarantee to the state of the - * modules. Other callers may be using the modules. Using unmanaged - * modules haphazardly is not recommended for this reason. Some - * modules (such as those configured with RPC) cannot be loaded in - * unmanaged mode, and will be skipped. - * - * Use p11_kit_modules_release() to release the modules returned by - * this function. - * - * If this function fails, then an error message will be available via the - * p11_kit_message() function. - * - * Returns: a null terminated list of modules represented as PKCS\#11 - * function lists, or %NULL on failure - */ -CK_FUNCTION_LIST ** -p11_kit_modules_load (const char *reserved, - int flags) -{ - CK_FUNCTION_LIST **modules; - CK_RV rv; - - /* progname attribute not implemented yet */ - return_val_if_fail (reserved == NULL, NULL); - - p11_library_init_once (); - - /* WARNING: This function must be reentrant */ - p11_debug ("in"); - - p11_lock (); - - p11_message_clear (); - - /* WARNING: Reentrancy can occur here */ - rv = p11_modules_load_inlock_reentrant (flags, &modules); - - p11_unlock (); - - if (rv != CKR_OK) - modules = NULL; - - p11_debug ("out: %s", modules ? "success" : "fail"); - return modules; -} - -/** - * p11_kit_modules_initialize: - * @modules: a %NULL terminated list of modules - * @failure_callback: called with modules that fail to initialize - * - * Initialize all the modules in the @modules list by calling their - * <literal>C_Initialize</literal> function. - * - * For managed modules the <literal>C_Initialize</literal> function - * is overridden so that multiple callers can initialize the same - * modules. In addition for managed modules multiple callers can - * initialize from different threads, and still guarantee consistent - * thread-safe behavior. - * - * For unmanaged modules if multiple callers try to initialize - * a module, then one of the calls will return - * <literal>CKR_CRYPTOKI_ALREADY_INITIALIZED</literal> according to the - * PKCS\#11 specification. In addition there are no guarantees that - * thread-safe behavior will occur if multiple callers initialize from - * different threads. - * - * When a module fails to initialize it is removed from the @modules list. - * If the @failure_callback is not %NULL then it is called with the modules that - * fail to initialize. For example, you may pass p11_kit_module_release() - * as a @failure_callback if the @modules list was loaded wit p11_kit_modules_load(). - * - * The return value will return the failure code of the last critical - * module that failed to initialize. Non-critical module failures do not affect - * the return value. If no critical modules failed to initialize then the - * return value will be <literal>CKR_OK</literal>. - * - * When modules are removed, the list will be %NULL terminated at the - * appropriate place so it can continue to be used as a modules list. - * - * This function does not accept a <code>CK_C_INITIALIZE_ARGS</code> argument. - * Custom initialization arguments cannot be supported when multiple consumers - * load the same module. - * - * Returns: <literal>CKR_OK</literal> or the failure code of the last critical - * module that failed to initialize. - */ -CK_RV -p11_kit_modules_initialize (CK_FUNCTION_LIST **modules, - p11_kit_destroyer failure_callback) -{ - CK_RV ret = CKR_OK; - CK_RV rv; - bool critical; - char *name; - int i, out; - - return_val_if_fail (modules != NULL, CKR_ARGUMENTS_BAD); - - for (i = 0, out = 0; modules[i] != NULL; i++, out++) { - rv = modules[i]->C_Initialize (NULL); - if (rv != CKR_OK) { - name = p11_kit_module_get_name (modules[i]); - if (name == NULL) - name = strdup ("(unknown)"); - return_val_if_fail (name != NULL, CKR_HOST_MEMORY); - critical = (p11_kit_module_get_flags (modules[i]) & P11_KIT_MODULE_CRITICAL); - p11_message ("%s: module failed to initialize%s: %s", - name, critical ? "" : ", skipping", p11_kit_strerror (rv)); - if (critical) - ret = rv; - if (failure_callback) - failure_callback (modules[i]); - out--; - free (name); - } else { - modules[out] = modules[i]; - } - } - - /* NULL terminate after above changes */ - modules[out] = NULL; - return ret; -} - -/** - * p11_kit_modules_load_and_initialize: - * @flags: flags to use to load the modules - * - * Load and initialize configured modules. - * - * If a critical module fails to load or initialize then the function will - * return <literal>NULL</literal>. Non-critical modules will be skipped - * and not included in the returned module list. - * - * Use p11_kit_modules_finalize_and_release() when you're done with the - * modules returned by this function. - * - * Returns: a <literal>NULL</literal> terminated list of modules, or - * <literal>NULL</literal> on failure - */ -CK_FUNCTION_LIST ** -p11_kit_modules_load_and_initialize (int flags) -{ - CK_FUNCTION_LIST **modules; - CK_RV rv; - - modules = p11_kit_modules_load (NULL, flags); - if (modules == NULL) - return NULL; - - rv = p11_kit_modules_initialize (modules, (p11_destroyer)p11_kit_module_release); - if (rv != CKR_OK) { - p11_kit_modules_release (modules); - modules = NULL; - } - - return modules; -} - -/** - * p11_kit_modules_finalize: - * @modules: a <literal>NULL</literal> terminated list of modules - * - * Finalize each module in the @modules list by calling its - * <literal>C_Finalize</literal> function. Regardless of failures, all - * @modules will have their <literal>C_Finalize</literal> function called. - * - * If a module returns a failure from its <literal>C_Finalize</literal> - * method it will be returned. If multiple modules fail, the last failure - * will be returned. - * - * For managed modules the <literal>C_Finalize</literal> function - * is overridden so that multiple callers can finalize the same - * modules. In addition for managed modules multiple callers can - * finalize from different threads, and still guarantee consistent - * thread-safe behavior. - * - * For unmanaged modules if multiple callers try to finalize - * a module, then one of the calls will return - * <literal>CKR_CRYPTOKI_NOT_INITIALIZED</literal> according to the - * PKCS\#11 specification. In addition there are no guarantees that - * thread-safe behavior will occur if multiple callers finalize from - * different threads. - * - * Returns: <literal>CKR_OK</literal> or the failure code of the last - * module that failed to finalize - */ -CK_RV -p11_kit_modules_finalize (CK_FUNCTION_LIST **modules) -{ - CK_RV ret = CKR_OK; - CK_RV rv; - char *name; - int i; - - return_val_if_fail (modules != NULL, CKR_ARGUMENTS_BAD); - - for (i = 0; modules[i] != NULL; i++) { - rv = modules[i]->C_Finalize (NULL); - if (rv != CKR_OK) { - name = p11_kit_module_get_name (modules[i]); - p11_message ("%s: module failed to finalize: %s", - name ? name : "(unknown)", p11_kit_strerror (rv)); - free (name); - ret = rv; - } - } - - return ret; -} - -/** - * p11_kit_modules_release: - * @modules: the modules to release - * - * Release the a set of loaded PKCS\#11 modules. - * - * The modules may be either managed or unmanaged. The array containing - * the module pointers is also freed by this function. - * - * Managed modules will not be actually released until all - * callers using them have done so. If the modules were initialized, they - * should have been finalized first. - */ -void -p11_kit_modules_release (CK_FUNCTION_LIST **modules) -{ - p11_library_init_once (); - - return_if_fail (modules != NULL); - - /* WARNING: This function must be reentrant */ - p11_debug ("in"); - - p11_lock (); - - p11_message_clear (); - p11_modules_release_inlock_reentrant (modules); - - p11_unlock (); - - p11_debug ("out"); -} - -/** - * p11_kit_modules_finalize_and_release: - * @modules: the modules to release - * - * Finalize and then release the a set of loaded PKCS\#11 modules. - * - * The modules may be either managed or unmanaged. The array containing - * the module pointers is also freed by this function. - * - * Modules are released even if their finalization returns an error code. - * Managed modules will not be actually finalized or released until all - * callers using them have done so. - * - * For managed modules the <literal>C_Finalize</literal> function - * is overridden so that multiple callers can finalize the same - * modules. In addition for managed modules multiple callers can - * finalize from different threads, and still guarantee consistent - * thread-safe behavior. - * - * For unmanaged modules if multiple callers try to finalize - * a module, then one of the calls will return - * <literal>CKR_CRYPTOKI_NOT_INITIALIZED</literal> according to the - * PKCS\#11 specification. In addition there are no guarantees that - * thread-safe behavior will occur if multiple callers initialize from - * different threads. - */ -void -p11_kit_modules_finalize_and_release (CK_FUNCTION_LIST **modules) -{ - return_if_fail (modules != NULL); - p11_kit_modules_finalize (modules); - p11_kit_modules_release (modules); -} - -/** - * p11_kit_initialize_module: - * @module: loaded module to initialize. - * - * Initialize an arbitrary PKCS\#11 module. Normally using the - * p11_kit_initialize_registered() is preferred. - * - * Using this function to initialize modules allows coordination between - * multiple users of the same module in a single process. It should be called - * on modules that have been loaded (with dlopen() for example) but not yet - * initialized. The caller should not yet have called the module's - * <code>C_Initialize</code> method. This function will call - * <code>C_Initialize</code> as necessary. - * - * Subsequent calls to this function for the same module will result in an - * initialization count being incremented for the module. It is safe (although - * usually unnecessary) to use this function on registered modules. - * - * The module must be finalized with p11_kit_finalize_module() instead of - * calling its <code>C_Finalize</code> method directly. - * - * This function does not accept a <code>CK_C_INITIALIZE_ARGS</code> argument. - * Custom initialization arguments cannot be supported when multiple consumers - * load the same module. - * - * If this function fails, then an error message will be available via the - * p11_kit_message() function. - * - * Deprecated: Since 0.19.0: Use p11_kit_module_initialize() instead. - * - * Returns: CKR_OK if the initialization was successful. - */ -CK_RV -p11_kit_initialize_module (CK_FUNCTION_LIST_PTR module) -{ - CK_FUNCTION_LIST_PTR result; - Module *mod; - int flags; - CK_RV rv; - - return_val_if_fail (module != NULL, CKR_ARGUMENTS_BAD); - - p11_library_init_once (); - - /* WARNING: This function must be reentrant for the same arguments */ - p11_debug ("in"); - - p11_lock (); - - p11_message_clear (); - - flags = P11_KIT_MODULE_CRITICAL | P11_KIT_MODULE_UNMANAGED; - rv = p11_module_load_inlock_reentrant (module, flags, &result); - - /* An unmanaged module should return the same pointer */ - assert (rv != CKR_OK || result == module); - - if (rv == CKR_OK) { - mod = p11_dict_get (gl.unmanaged_by_funcs, module); - assert (mod != NULL); - rv = initialize_module_inlock_reentrant (mod, NULL); - if (rv != CKR_OK) { - p11_message ("module initialization failed: %s", p11_kit_strerror (rv)); - p11_module_release_inlock_reentrant (module); - } - } - - p11_unlock (); - - p11_debug ("out: %lu", rv); - return rv; -} - -CK_RV -p11_module_load_inlock_reentrant (CK_FUNCTION_LIST *module, - int flags, - CK_FUNCTION_LIST **result) -{ - Module *allocated = NULL; - Module *mod; - CK_RV rv = CKR_OK; - - rv = init_globals_unlocked (); - if (rv == CKR_OK) { - - mod = p11_dict_get (gl.unmanaged_by_funcs, module); - if (mod == NULL) { - p11_debug ("allocating new module"); - allocated = mod = alloc_module_unlocked (); - return_val_if_fail (mod != NULL, CKR_HOST_MEMORY); - p11_virtual_init (&mod->virt, &p11_virtual_base, module, NULL); - } - - /* If this was newly allocated, add it to the list */ - if (allocated) { - if (!p11_dict_set (gl.modules, allocated, allocated) || - !p11_dict_set (gl.unmanaged_by_funcs, module, allocated)) - return_val_if_reached (CKR_HOST_MEMORY); - allocated = NULL; - } - - /* WARNING: Reentrancy can occur here */ - rv = prepare_module_inlock_reentrant (mod, flags, result); - - free (allocated); - } - - /* - * If initialization failed, we may need to cleanup. - * If we added this module above, then this will - * clean things up as expected. - */ - if (rv != CKR_OK) - free_modules_when_no_refs_unlocked (); - - _p11_kit_default_message (rv); - return rv; -} - -/** - * p11_kit_module_load: - * @module_path: relative or full file path of module library - * @flags: flags to use when loading the module - * - * Load an arbitrary PKCS\#11 module from a dynamic library file, and - * initialize it. Normally using the p11_kit_modules_load() function - * is preferred. - * - * A full file path or just (path/)filename relative to - * P11_MODULE_PATH are accepted. - * - * Using this function to load modules allows coordination between multiple - * callers of the same module in a single process. If @flags contains the - * %P11_KIT_MODULE_UNMANAGED flag, then the modules will be not be loaded - * in 'managed' mode and not be coordinated. This is not recommended - * for general usage. - * - * Subsequent calls to this function for the same module will result in an - * initialization count being incremented for the module. It is safe (although - * usually unnecessary) to use this function on registered modules. - * - * The module should be released with p11_kit_module_release(). - * - * If this function fails, then an error message will be available via the - * p11_kit_message() function. - * - * Returns: the loaded module PKCS\#11 functions or %NULL on failure - */ -CK_FUNCTION_LIST * -p11_kit_module_load (const char *module_path, - int flags) -{ - CK_FUNCTION_LIST *module = NULL; - CK_RV rv; - Module *mod; - - return_val_if_fail (module_path != NULL, NULL); - - p11_library_init_once (); - - /* WARNING: This function must be reentrant for the same arguments */ - p11_debug ("in: %s", module_path); - - p11_lock (); - - p11_message_clear (); - - rv = init_globals_unlocked (); - if (rv == CKR_OK) { - - rv = load_module_from_file_inlock (NULL, module_path, &mod); - if (rv == CKR_OK) { - /* WARNING: Reentrancy can occur here */ - rv = prepare_module_inlock_reentrant (mod, flags, &module); - if (rv != CKR_OK) - module = NULL; - } - } - - /* - * If initialization failed, we may need to cleanup. - * If we added this module above, then this will - * clean things up as expected. - */ - if (rv != CKR_OK) - free_modules_when_no_refs_unlocked (); - - p11_unlock (); - - p11_debug ("out: %s", module ? "success" : "fail"); - return module; - -} - -/** - * p11_kit_finalize_module: - * @module: loaded module to finalize. - * - * Finalize an arbitrary PKCS\#11 module. The module must have been initialized - * using p11_kit_initialize_module(). In most cases callers will want to use - * p11_kit_finalize_registered() instead of this function. - * - * Using this function to finalize modules allows coordination between - * multiple users of the same module in a single process. The caller should not - * call the module's <code>C_Finalize</code> method. This function will call - * <code>C_Finalize</code> as necessary. - * - * If the module was initialized more than once, then this function will - * decrement an initialization count for the module. When the count reaches zero - * the module will be truly finalized. It is safe (although usually unnecessary) - * to use this function on registered modules if (and only if) they were - * initialized using p11_kit_initialize_module() for some reason. - * - * If this function fails, then an error message will be available via the - * p11_kit_message() function. - * - * Deprecated: Since 0.19.0: Use p11_kit_module_finalize() and - * p11_kit_module_release() instead. - * - * Returns: CKR_OK if the finalization was successful. - */ -CK_RV -p11_kit_finalize_module (CK_FUNCTION_LIST *module) -{ - Module *mod; - CK_RV rv = CKR_OK; - - return_val_if_fail (module != NULL, CKR_ARGUMENTS_BAD); - - p11_library_init_once (); - - /* WARNING: This function must be reentrant for the same arguments */ - p11_debug ("in"); - - p11_lock (); - - p11_message_clear (); - - mod = gl.unmanaged_by_funcs ? p11_dict_get (gl.unmanaged_by_funcs, module) : NULL; - if (mod == NULL) { - p11_debug ("module not found"); - rv = CKR_ARGUMENTS_BAD; - } else { - /* WARNING: Rentrancy can occur here */ - rv = finalize_module_inlock_reentrant (mod); - } - - _p11_kit_default_message (rv); - - p11_unlock (); - - p11_debug ("out: %lu", rv); - return rv; -} - -/** - * p11_kit_module_initialize: - * @module: the module to initialize - * - * Initialize a PKCS\#11 module by calling its <literal>C_Initialize</literal> - * function. - * - * For managed modules the <literal>C_Initialize</literal> function - * is overridden so that multiple callers can initialize the same - * modules. In addition for managed modules multiple callers can - * initialize from different threads, and still guarantee consistent - * thread-safe behavior. - * - * For unmanaged modules if multiple callers try to initialize - * a module, then one of the calls will return - * <literal>CKR_CRYPTOKI_ALREADY_INITIALIZED</literal> according to the - * PKCS\#11 specification. In addition there are no guarantees that - * thread-safe behavior will occur if multiple callers initialize from - * different threads. - * - * This function does not accept a <code>CK_C_INITIALIZE_ARGS</code> argument. - * Custom initialization arguments cannot be supported when multiple consumers - * load the same module. - * - * Returns: <literal>CKR_OK</literal> or a failure code - */ -CK_RV -p11_kit_module_initialize (CK_FUNCTION_LIST *module) -{ - char *name; - CK_RV rv; - - return_val_if_fail (module != NULL, CKR_ARGUMENTS_BAD); - - rv = module->C_Initialize (NULL); - if (rv != CKR_OK) { - name = p11_kit_module_get_name (module); - p11_message ("%s: module failed to initialize: %s", - name ? name : "(unknown)", p11_kit_strerror (rv)); - free (name); - } - - return rv; -} - -/** - * p11_kit_module_finalize: - * @module: the module to finalize - * - * Finalize a PKCS\#11 module by calling its <literal>C_Finalize</literal> - * function. - * - * For managed modules the <literal>C_Finalize</literal> function - * is overridden so that multiple callers can finalize the same - * modules. In addition for managed modules multiple callers can - * finalize from different threads, and still guarantee consistent - * thread-safe behavior. - * - * For unmanaged modules if multiple callers try to finalize - * a module, then one of the calls will return - * <literal>CKR_CRYPTOKI_NOT_INITIALIZED</literal> according to the - * PKCS\#11 specification. In addition there are no guarantees that - * thread-safe behavior will occur if multiple callers finalize from - * different threads. - * - * Returns: <literal>CKR_OK</literal> or a failure code - */ -CK_RV -p11_kit_module_finalize (CK_FUNCTION_LIST *module) -{ - char *name; - CK_RV rv; - - return_val_if_fail (module != NULL, CKR_ARGUMENTS_BAD); - - rv = module->C_Finalize (NULL); - if (rv != CKR_OK) { - name = p11_kit_module_get_name (module); - p11_message ("%s: module failed to finalize: %s", - name ? name : "(unknown)", p11_kit_strerror (rv)); - free (name); - } - - return rv; - -} - - -/** - * p11_kit_module_release: - * @module: the module to release - * - * Release the a loaded PKCS\#11 modules. - * - * The module may be either managed or unmanaged. The <literal>C_Finalize</literal> - * function will be called if no other callers are using this module. - */ -void -p11_kit_module_release (CK_FUNCTION_LIST *module) -{ - return_if_fail (module != NULL); - - p11_library_init_once (); - - /* WARNING: This function must be reentrant for the same arguments */ - p11_debug ("in"); - - p11_lock (); - - p11_message_clear (); - - release_module_inlock_rentrant (module, __PRETTY_FUNCTION__); - - p11_unlock (); - - p11_debug ("out"); -} - -CK_RV -p11_module_release_inlock_reentrant (CK_FUNCTION_LIST *module) -{ - return release_module_inlock_rentrant (module, __PRETTY_FUNCTION__); -} - -/** - * p11_kit_load_initialize_module: - * @module_path: full file path of module library - * @module: location to place loaded module pointer - * - * Load an arbitrary PKCS\#11 module from a dynamic library file, and - * initialize it. Normally using the p11_kit_initialize_registered() function - * is preferred. - * - * Using this function to load and initialize modules allows coordination between - * multiple users of the same module in a single process. The caller should not - * call the module's <code>C_Initialize</code> method. This function will call - * <code>C_Initialize</code> as necessary. - * - * If a module has already been loaded, then use of this function is unnecesasry. - * Instead use the p11_kit_initialize_module() function to initialize it. - * - * Subsequent calls to this function for the same module will result in an - * initialization count being incremented for the module. It is safe (although - * usually unnecessary) to use this function on registered modules. - * - * The module must be finalized with p11_kit_finalize_module() instead of - * calling its <code>C_Finalize</code> method directly. - * - * This function does not accept a <code>CK_C_INITIALIZE_ARGS</code> argument. - * Custom initialization arguments cannot be supported when multiple consumers - * load the same module. - * - * If this function fails, then an error message will be available via the - * p11_kit_message() function. - * - * Deprecated: Since 0.19.0: Use p11_kit_module_load() instead. - * - * Returns: CKR_OK if the initialization was successful. - */ -CK_RV -p11_kit_load_initialize_module (const char *module_path, - CK_FUNCTION_LIST_PTR_PTR module) -{ - Module *mod; - CK_RV rv = CKR_OK; - - return_val_if_fail (module_path != NULL, CKR_ARGUMENTS_BAD); - return_val_if_fail (module != NULL, CKR_ARGUMENTS_BAD); - - p11_library_init_once (); - - /* WARNING: This function must be reentrant for the same arguments */ - p11_debug ("in: %s", module_path); - - p11_lock (); - - p11_message_clear (); - - rv = init_globals_unlocked (); - if (rv == CKR_OK) { - - rv = load_module_from_file_inlock (NULL, module_path, &mod); - if (rv == CKR_OK) { - - /* WARNING: Reentrancy can occur here */ - rv = initialize_module_inlock_reentrant (mod, NULL); - } - } - - if (rv == CKR_OK && module) { - *module = unmanaged_for_module_inlock (mod); - assert (*module != NULL); - } - - /* - * If initialization failed, we may need to cleanup. - * If we added this module above, then this will - * clean things up as expected. - */ - if (rv != CKR_OK) - free_modules_when_no_refs_unlocked (); - - _p11_kit_default_message (rv); - - p11_unlock (); - - p11_debug ("out: %lu", rv); - return rv; -} diff --git a/p11-kit/modules.h b/p11-kit/modules.h deleted file mode 100644 index ca8dac3..0000000 --- a/p11-kit/modules.h +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@redhat.com> - */ - -#ifndef __P11_MODULES_H__ -#define __P11_MODULES_H__ - -#include "pkcs11.h" - -CK_RV p11_modules_load_inlock_reentrant (int flags, - CK_FUNCTION_LIST_PTR **results); - -CK_RV p11_modules_release_inlock_reentrant (CK_FUNCTION_LIST_PTR *modules); - -CK_RV p11_module_load_inlock_reentrant (CK_FUNCTION_LIST_PTR module, - int flags, - CK_FUNCTION_LIST_PTR *result); - -CK_RV p11_module_release_inlock_reentrant (CK_FUNCTION_LIST_PTR module); - -#endif /* __P11_MODULES_H__ */ diff --git a/p11-kit/p11-kit-1.pc.in b/p11-kit/p11-kit-1.pc.in deleted file mode 100644 index d0d378d..0000000 --- a/p11-kit/p11-kit-1.pc.in +++ /dev/null @@ -1,22 +0,0 @@ -prefix=@prefix@ -exec_prefix=@exec_prefix@ -libdir=@libdir@ -includedir=@includedir@ -datarootdir=@datarootdir@ -datadir=@datadir@ -pkgdatadir=@datadir@/p11-kit -sysconfdir=@sysconfdir@ -p11_module_configs=@p11_package_config_modules@ -p11_module_path=@p11_module_path@ -proxy_module=@libdir@/p11-kit-proxy.so - -# This is for compatibility. Other packages were using this to determine -# the directory they should install their module configs to, so override -# this and redirect them to the new location -p11_system_config_modules=@p11_package_config_modules@ - -Name: p11-kit -Description: Library and proxy module for properly loading and sharing PKCS#11 modules. -Version: @VERSION@ -Libs: -L${libdir} -lp11-kit -Cflags: -I${includedir}/p11-kit-1 diff --git a/p11-kit/p11-kit.c b/p11-kit/p11-kit.c deleted file mode 100644 index a7b9212..0000000 --- a/p11-kit/p11-kit.c +++ /dev/null @@ -1,135 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@collabora.co.uk> - */ - -#include "config.h" - -#include "compat.h" -#include "debug.h" -#include "message.h" -#include "path.h" -#include "p11-kit.h" - -#include <assert.h> -#include <ctype.h> -#include <errno.h> -#include <getopt.h> -#include <string.h> -#include <stdio.h> -#include <stdlib.h> -#include <unistd.h> - -#include "tool.h" - -int p11_kit_list_modules (int argc, - char *argv[]); - -int p11_kit_trust (int argc, - char *argv[]); - -int p11_kit_external (int argc, - char *argv[]); - -static const p11_tool_command commands[] = { - { "list-modules", p11_kit_list_modules, "List modules and tokens" }, - { "remote", p11_kit_external, "Run a specific PKCS#11 module remotely" }, - { P11_TOOL_FALLBACK, p11_kit_external, NULL }, - { 0, } -}; - -int -p11_kit_trust (int argc, - char *argv[]) -{ - char **args; - - args = calloc (argc + 2, sizeof (char *)); - return_val_if_fail (args != NULL, 1); - - args[0] = BINDIR "/trust"; - memcpy (args + 1, argv, sizeof (char *) * argc); - args[argc + 1] = NULL; - - execv (args[0], args); - - /* At this point we have no command */ - p11_message_err (errno, "couldn't run trust tool"); - - free (args); - return 2; -} - -int -p11_kit_external (int argc, - char *argv[]) -{ - const char *private_dir; - char *filename; - char *path; - - /* These are trust commands, send them to that tool */ - if (strcmp (argv[0], "extract") == 0) { - return p11_kit_trust (argc, argv); - } else if (strcmp (argv[0], "extract-trust") == 0) { - argv[0] = "extract-compat"; - return p11_kit_trust (argc, argv); - } - - if (asprintf (&filename, "p11-kit-%s", argv[0]) < 0) - return_val_if_reached (1); - - private_dir = secure_getenv ("P11_KIT_PRIVATEDIR"); - if (!private_dir || !private_dir[0]) - private_dir = PRIVATEDIR; - - /* Add our libexec directory to the path */ - path = p11_path_build (private_dir, filename, NULL); - return_val_if_fail (path != NULL, 1); - - argv[argc] = NULL; - execv (path, argv); - - /* At this point we have no command */ - p11_message ("'%s' is not a valid command. See 'p11-kit --help'", argv[0]); - - free (filename); - free (path); - return 2; -} - -int -main (int argc, - char *argv[]) -{ - return p11_tool_main (argc, argv, commands); -} diff --git a/p11-kit/p11-kit.h b/p11-kit/p11-kit.h deleted file mode 100644 index a266c35..0000000 --- a/p11-kit/p11-kit.h +++ /dev/null @@ -1,122 +0,0 @@ -/* - * Copyright (c) 2011 Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@collabora.co.uk> - */ - -#ifndef __P11_KIT_H__ -#define __P11_KIT_H__ - -#include "p11-kit/pkcs11.h" - -/* - * If the caller is using the PKCS#11 GNU calling convention, then we cater - * to that here. - */ -#ifdef CRYPTOKI_GNU -typedef ck_rv_t CK_RV; -typedef struct ck_function_list* CK_FUNCTION_LIST_PTR; -typedef struct ck_function_list CK_FUNCTION_LIST; -#endif - -#include "p11-kit/deprecated.h" - -#ifdef __cplusplus -extern "C" { -#endif - -enum { - P11_KIT_MODULE_UNMANAGED = 1 << 0, - P11_KIT_MODULE_CRITICAL = 1 << 1, - P11_KIT_MODULE_TRUSTED = 1 << 2, -}; - -typedef void (* p11_kit_destroyer) (void *data); - -CK_FUNCTION_LIST ** p11_kit_modules_load (const char *reserved, - int flags); - -CK_RV p11_kit_modules_initialize (CK_FUNCTION_LIST **modules, - p11_kit_destroyer failure_callback); - -CK_FUNCTION_LIST ** p11_kit_modules_load_and_initialize (int flags); - -CK_RV p11_kit_modules_finalize (CK_FUNCTION_LIST **modules); - -void p11_kit_modules_release (CK_FUNCTION_LIST **modules); - -void p11_kit_modules_finalize_and_release (CK_FUNCTION_LIST **modules); - -CK_FUNCTION_LIST * p11_kit_module_for_name (CK_FUNCTION_LIST **modules, - const char *name); - -char * p11_kit_module_get_filename (CK_FUNCTION_LIST *module); -char * p11_kit_module_get_name (CK_FUNCTION_LIST *module); - -int p11_kit_module_get_flags (CK_FUNCTION_LIST *module); - -CK_FUNCTION_LIST * p11_kit_module_load (const char *module_path, - int flags); - -CK_RV p11_kit_module_initialize (CK_FUNCTION_LIST *module); - -CK_RV p11_kit_module_finalize (CK_FUNCTION_LIST *module); - -void p11_kit_module_release (CK_FUNCTION_LIST *module); - -char * p11_kit_config_option (CK_FUNCTION_LIST *module, - const char *option); - -const char* p11_kit_strerror (CK_RV rv); - -size_t p11_kit_space_strlen (const unsigned char *string, - size_t max_length); - -char* p11_kit_space_strdup (const unsigned char *string, - size_t max_length); - -void p11_kit_be_quiet (void); - -void p11_kit_be_loud (void); - -#ifdef P11_KIT_FUTURE_UNSTABLE_API - -void p11_kit_set_progname (const char *progname); - -#endif - -const char * p11_kit_message (void); - -#ifdef __cplusplus -} /* extern "C" */ -#endif - -#endif /* __P11_KIT_H__ */ diff --git a/p11-kit/pin.c b/p11-kit/pin.c deleted file mode 100644 index 2fca6bc..0000000 --- a/p11-kit/pin.c +++ /dev/null @@ -1,704 +0,0 @@ -/* - * Copyright (C) 2011 Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@collabora.co.uk> - */ - -#include "config.h" - -#define P11_DEBUG_FLAG P11_DEBUG_PIN -#include "debug.h" -#include "dict.h" -#include "library.h" -#include "message.h" -#include "pkcs11.h" -#include "p11-kit.h" -#include "pin.h" -#include "private.h" -#include "array.h" - -#include <assert.h> -#include <errno.h> -#include <fcntl.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> - -/** - * SECTION:p11-kit-pin - * @title: PIN Callbacks - * @short_description: PIN Callbacks - * - * Applications can register a callback which will be called to provide a - * password associated with a given pin source. - * - * PKCS\#11 URIs can contain a 'pin-source' attribute. The value of this attribute - * is application dependent, but often references a file containing a PIN to - * use. - * - * Using these functions, an applications or libraries can register a - * callback with p11_kit_pin_register_callback() to be called when a given - * 'pin-source' attribute value is requested. The application can then prompt - * the user or retrieve a PIN for the given context. These registered - * callbacks are only relevant and valid within the current process. - * - * A fallback callback can be registered by passing the %P11_KIT_PIN_FALLBACK - * value to p11_kit_pin_register_callback(). This fallback callback will be - * called for every 'pin-source' attribute request for which no callback has been - * directly registered. - * - * To request a PIN for a given 'pin-source' attribute, use the - * p11_kit_pin_request() function. If this function returns %NULL then either - * no callbacks were registered or none of them could handle the request. - * - * If multiple callbacks are registered for the same PIN source, then they are - * called in last-registered-first-called order. They are called in turn until - * one of them can handle the request. Fallback callbacks are not called if - * a callback was registered specifically for a requested 'pin-source' attribute. - * - * PINs themselves are handled inside of P11KitPin structures. These are thread - * safe and allow the callback to specify how the PIN is stored in memory - * and freed. A callback can use p11_kit_pin_new_for_string() or related - * functions to create a PIN to be returned. - * - * For example in order to handle the following PKCS\#11 URI with a 'pin-source' - * attribute - * - * <code><literallayout> - * pkcs11:id=\%69\%95\%3e\%5c\%f4\%bd\%ec\%91;pin-source=my-application - * </literallayout></code> - * - * an application could register a callback like this: - * - * <informalexample><programlisting> - * static P11KitPin* - * my_application_pin_callback (const char *pin_source, P11KitUri *pin_uri, - * const char *pin_description, P11KitPinFlags pin_flags, - * void *callback_data) - * { - * return p11_kit_pin_new_from_string ("pin-value"); - * } - * - * p11_kit_pin_register_callback ("my-application", my_application_pin_callback, - * NULL, NULL); - * </programlisting></informalexample> - */ - -/** - * P11KitPinFlags: - * @P11_KIT_PIN_FLAGS_USER_LOGIN: The PIN is for a PKCS\#11 user type login. - * @P11_KIT_PIN_FLAGS_SO_LOGIN: The PIN is for a PKCS\#11 security officer type login. - * @P11_KIT_PIN_FLAGS_CONTEXT_LOGIN: The PIN is for a PKCS\#11 contect specific type login. - * @P11_KIT_PIN_FLAGS_RETRY: The PIN is being requested again, due to an invalid previous PIN. - * @P11_KIT_PIN_FLAGS_MANY_TRIES: The PIN has failed too many times, and few tries are left. - * @P11_KIT_PIN_FLAGS_FINAL_TRY: The PIN has failed too many times, and this is the last try. - * - * Flags that are passed to p11_kit_pin_request() and registered callbacks. - */ - -/** - * P11_KIT_PIN_FALLBACK: - * - * Used with p11_kit_pin_register_callback() to register a fallback callback. - * This callback will be called if no other callback is registered for a 'pin-source'. - */ - -typedef struct _PinCallback { - /* Only used/modified within the lock */ - int refs; - - /* Readonly after construct */ - p11_kit_pin_callback func; - void *user_data; - p11_kit_pin_destroy_func destroy; -} PinCallback; - -/* - * Shared data between threads, protected by the mutex, a structure so - * we can audit thread safety easier. - */ -static struct _Shared { - p11_dict *pin_sources; -} gl = { NULL }; - -static void* -ref_pin_callback (void *pointer) -{ - PinCallback *cb = pointer; - cb->refs++; - return pointer; -} - -static void -unref_pin_callback (void *pointer) -{ - PinCallback *cb = pointer; - assert (cb->refs >= 1); - - cb->refs--; - if (cb->refs == 0) { - if (cb->destroy) - (cb->destroy) (cb->user_data); - free (cb); - } -} - -static bool -register_callback_unlocked (const char *pin_source, - PinCallback *cb) -{ - p11_array *callbacks = NULL; - char *name; - - name = strdup (pin_source); - return_val_if_fail (name != NULL, false); - - if (gl.pin_sources == NULL) { - gl.pin_sources = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, - free, (p11_destroyer)p11_array_free); - return_val_if_fail (gl.pin_sources != NULL, false); - } - - if (gl.pin_sources != NULL) - callbacks = p11_dict_get (gl.pin_sources, name); - - if (callbacks == NULL) { - callbacks = p11_array_new (unref_pin_callback); - return_val_if_fail (callbacks != NULL, false); - if (!p11_dict_set (gl.pin_sources, name, callbacks)) - return_val_if_reached (false); - name = NULL; - } - - if (!p11_array_push (callbacks, cb)) - return_val_if_reached (false); - - free (name); - return true; -} - -/** - * p11_kit_pin_register_callback: - * @pin_source: the 'pin-source' attribute this this callback is for - * @callback: the callback function - * @callback_data: data that will be passed to the callback - * @callback_destroy: a function that will be called with @callback_data when - * the callback is unregistered. - * - * Register a callback to handle PIN requests for a given 'pin-source' attribute. - * If @pin_source is set to P11_KIT_PIN_FALLBACK then this will be a fallback - * callback and will be called for requests for which no other callback has - * been specifically registered. - * - * If multiple callbacks are registered for the same @pin_source value, then - * the last registered callback will be the first to be called. - * - * Returns: Returns negative if registering fails. - */ -int -p11_kit_pin_register_callback (const char *pin_source, - p11_kit_pin_callback callback, - void *callback_data, - p11_kit_pin_destroy_func callback_destroy) -{ - PinCallback *cb; - bool ret; - - return_val_if_fail (pin_source != NULL, -1); - return_val_if_fail (callback != NULL, -1); - - cb = calloc (1, sizeof (PinCallback)); - return_val_if_fail (cb != NULL, -1); - - cb->refs = 1; - cb->func = callback; - cb->user_data = callback_data; - cb->destroy = callback_destroy; - - p11_lock (); - - ret = register_callback_unlocked (pin_source, cb); - - p11_unlock (); - - return ret ? 0 : -1; -} - -/** - * p11_kit_pin_unregister_callback: - * @pin_source: the 'pin-source' attribute the callback was registered for - * @callback: the callback function that was registered - * @callback_data: data that was registered for the callback - * - * Unregister a callback that was previously registered with the - * p11_kit_pin_register_callback() function. If more than one registered - * callback matches the given arguments, then only one of those will be - * removed. - */ -void -p11_kit_pin_unregister_callback (const char *pin_source, - p11_kit_pin_callback callback, - void *callback_data) -{ - PinCallback *cb; - p11_array *callbacks; - unsigned int i; - - return_if_fail (pin_source != NULL); - return_if_fail (callback != NULL); - - p11_lock (); - - if (gl.pin_sources) { - callbacks = p11_dict_get (gl.pin_sources, pin_source); - if (callbacks) { - for (i = 0; i < callbacks->num; i++) { - cb = callbacks->elem[i]; - if (cb->func == callback && cb->user_data == callback_data) { - p11_array_remove (callbacks, i); - break; - } - } - - if (callbacks->num == 0) - p11_dict_remove (gl.pin_sources, pin_source); - } - - /* When there are no more pin sources, get rid of the hash table */ - if (p11_dict_size (gl.pin_sources) == 0) { - p11_dict_free (gl.pin_sources); - gl.pin_sources = NULL; - } - } - - p11_unlock (); -} - -/** - * p11_kit_pin_request: - * @pin_source: the 'pin-source' attribute that is being requested - * @pin_uri: a PKCS\#11 URI that the PIN is being requested for, optionally %NULL. - * @pin_description: a description of what the PIN is for, must not be %NULL. - * @pin_flags: various flags for this request - * - * Request a PIN for a given 'pin-source' attribute. The result depends on the - * registered callbacks. - * - * If not %NULL, then the @pin_uri attribute should point to the thing that the - * PIN is being requested for. In most use cases this should be a PKCS\#11 URI - * pointing to a token. - * - * The @pin_description should always be specified. It is a string describing - * what the PIN is for. For example this would be the token label, if the PIN - * is for a token. - * - * If more than one callback is registered for the @pin_source, then the latest - * registered one will be called first. If that callback does not return a - * PIN, then the next will be called in turn. - * - * If no callback is registered for @pin_source, then the fallback callbacks will - * be invoked in the same way. The fallback callbacks will not be called if any - * callback has been registered specifically for @pin_source. - * - * The PIN returned should be released with p11_kit_pin_unref(). - * - * Returns: the PIN which should be released with p11_kit_pin_unref(), or %NULL - * if no callback was registered or could proivde a PIN - */ -P11KitPin * -p11_kit_pin_request (const char *pin_source, - P11KitUri *pin_uri, - const char *pin_description, - P11KitPinFlags pin_flags) -{ - PinCallback **snapshot = NULL; - unsigned int snapshot_count = 0; - p11_array *callbacks; - P11KitPin *pin; - unsigned int i; - - return_val_if_fail (pin_source != NULL, NULL); - - p11_lock (); - - /* Find and ref the pin source data */ - if (gl.pin_sources) { - callbacks = p11_dict_get (gl.pin_sources, pin_source); - - /* If we didn't find any snapshots try the global ones */ - if (callbacks == NULL) - callbacks = p11_dict_get (gl.pin_sources, P11_KIT_PIN_FALLBACK); - - if (callbacks != NULL && callbacks->num) { - snapshot = memdup (callbacks->elem, sizeof (void *) * callbacks->num); - snapshot_count = callbacks->num; - for (i = 0; snapshot && i < snapshot_count; i++) - ref_pin_callback (snapshot[i]); - } - } - - p11_unlock (); - - if (snapshot == NULL) - return NULL; - - for (pin = NULL, i = snapshot_count; pin == NULL && i > 0; i--) { - pin = (snapshot[i - 1]->func) (pin_source, pin_uri, pin_description, pin_flags, - snapshot[i - 1]->user_data); - } - - p11_lock (); - for (i = 0; i < snapshot_count; i++) - unref_pin_callback (snapshot[i]); - free (snapshot); - p11_unlock (); - - return pin; -} - -/** - * p11_kit_pin_callback: - * @pin_source: a 'pin-source' attribute string - * @pin_uri: a PKCS\#11 URI that the PIN is for, or %NULL - * @pin_description: a descrption of what the PIN is for - * @pin_flags: flags describing the PIN request - * @callback_data: data that was provided when registering this callback - * - * Represents a PIN callback function. - * - * The various arguments are the same as the ones passed to - * p11_kit_pin_request(). The @callback_data argument was the one passed to - * p11_kit_pin_register_callback() when registering this callback. - * - * The function should return %NULL if it could not provide a PIN, either - * because of an error or a user cancellation. - * - * If a PIN is returned, it will be unreferenced by the caller. So it should be - * either newly allocated, or referenced before returning. - * - * Returns: A PIN or %NULL - */ - -/** - * p11_kit_pin_destroy_func: - * @data: the data to destroy - * - * A function called to free or cleanup @data. - */ - -/** - * p11_kit_pin_file_callback: - * @pin_source: a 'pin-source' attribute string - * @pin_uri: a PKCS\#11 URI that the PIN is for, or %NULL - * @pin_description: a descrption of what the PIN is for - * @pin_flags: flags describing the PIN request - * @callback_data: unused, should be %NULL - * - * This is a PIN callback function that looks up the 'pin-source' attribute in - * a file with that name. This can be used to enable the normal PKCS\#11 URI - * behavior described in the RFC. - * - * If @pin_flags contains the %P11_KIT_PIN_FLAGS_RETRY flag, then this - * callback will always return %NULL. This is to prevent endless loops - * where an application is expecting to interact with a prompter, but - * instead is interacting with this callback reading a file over and over. - * - * This callback fails on files larger than 4 Kilobytes. - * - * This callback is not registered by default. It may have security - * implications depending on the source of the PKCS\#11 URI and the PKCS\#11 - * in use. To register it, use code like the following: - * - * <informalexample><programlisting> - * p11_kit_pin_register_callback (P11_KIT_PIN_FALLBACK, p11_kit_pin_file_callback, - * NULL, NULL); - * </programlisting></informalexample> - * - * Returns: a referenced PIN with the file contents, or %NULL if the file - * could not be read - */ -P11KitPin * -p11_kit_pin_file_callback (const char *pin_source, - P11KitUri *pin_uri, - const char *pin_description, - P11KitPinFlags pin_flags, - void *callback_data) -{ - const size_t block = 1024; - unsigned char *buffer; - unsigned char *memory; - size_t used, allocated; - int error = 0; - int fd; - int res; - - return_val_if_fail (pin_source != NULL, NULL); - - /* We don't support retries */ - if (pin_flags & P11_KIT_PIN_FLAGS_RETRY) - return NULL; - - fd = open (pin_source, O_BINARY | O_RDONLY | O_CLOEXEC); - if (fd == -1) - return NULL; - - buffer = NULL; - used = 0; - allocated = 0; - - for (;;) { - if (used + block > 4096) { - error = EFBIG; - break; - } - if (used + block > allocated) { - memory = realloc (buffer, used + block); - if (memory == NULL) { - error = ENOMEM; - break; - } - buffer = memory; - allocated = used + block; - } - - res = read (fd, buffer + used, allocated - used); - if (res < 0) { - if (errno == EAGAIN) - continue; - error = errno; - break; - } else if (res == 0) { - break; - } else { - used += res; - } - } - - close (fd); - - if (error != 0) { - free (buffer); - errno = error; - return NULL; - } - - return p11_kit_pin_new_for_buffer (buffer, used, free); -} - -/** - * P11KitPin: - * - * A structure representing a PKCS\#11 PIN. There are no public fields - * visible in this structure. Use the various accessor functions. - */ -struct p11_kit_pin { - int ref_count; - unsigned char *buffer; - size_t length; - p11_kit_pin_destroy_func destroy; -}; - -/** - * p11_kit_pin_new: - * @value: the value of the PIN - * @length: the length of @value - * - * Create a new P11KitPin with the given PIN value. This function is - * usually used from within registered PIN callbacks. - * - * Exactly @length bytes from @value are used. Null terminated strings, - * or encodings are not considered. A copy of the @value will be made. - * - * Returns: The newly allocated P11KitPin, which should be freed with - * p11_kit_pin_unref() when no longer needed. - */ -P11KitPin * -p11_kit_pin_new (const unsigned char *value, size_t length) -{ - unsigned char *copy; - P11KitPin *pin; - - copy = malloc (length); - return_val_if_fail (copy != NULL, NULL); - - memcpy (copy, value, length); - pin = p11_kit_pin_new_for_buffer (copy, length, free); - return_val_if_fail (pin != NULL, NULL); - - return pin; -} - -/** - * p11_kit_pin_new_for_string: - * @value: the value of the PIN - * - * Create a new P11KitPin for the given null-terminated string, such as a - * password. This function is usually used from within registered - * PIN callbacks. - * - * The PIN will consist of the string not including the null terminator. - * String encoding is not considered. A copy of the @value will be made. - * - * Returns: The newly allocated P11KitPin, which should be freed with - * p11_kit_pin_unref() when no longer needed. - */ -P11KitPin * -p11_kit_pin_new_for_string (const char *value) -{ - return p11_kit_pin_new ((const unsigned char *)value, strlen (value)); -} - -/** - * p11_kit_pin_new_for_buffer: - * @buffer: the value of the PIN - * @length: the length of @buffer - * @destroy: if not %NULL, then called when PIN is destroyed. - * - * Create a new P11KitPin which will use @buffer for the PIN value. - * This function is usually used from within registered PIN callbacks. - * - * The buffer will not be copied. String encodings and null characters - * are not considered. - * - * When the last reference to this PIN is lost, then the @destroy callback - * function will be called passing @buffer as an argument. This allows the - * caller to use a buffer as a PIN without copying it. - * - * <informalexample><programlisting> - * char *buffer = malloc (128); - * P11KitPin *pin; - * .... - * pin = p11_kit_pin_new_for_buffer (buffer, 128, free); - * </programlisting></informalexample> - * - * Returns: The newly allocated P11KitPin, which should be freed with - * p11_kit_pin_unref() when no longer needed. - */ -P11KitPin * -p11_kit_pin_new_for_buffer (unsigned char *buffer, size_t length, - p11_kit_pin_destroy_func destroy) -{ - P11KitPin *pin; - - pin = calloc (1, sizeof (P11KitPin)); - return_val_if_fail (pin != NULL, NULL); - - pin->ref_count = 1; - pin->buffer = buffer; - pin->length = length; - pin->destroy = destroy; - - return pin; -} - -/** - * p11_kit_pin_get_value: - * @pin: the P11KitPin - * @length: a location to return the value length - * - * Get the PIN value from a P11KitPin. @length will be set to the - * length of the value. - * - * The value returned is owned by the P11KitPin and should not be modified. - * It remains valid as long as a reference to the PIN is held. The PIN value - * will not contain an extra null-terminator character. - * - * Returns: the value for the PIN. - */ -const unsigned char * -p11_kit_pin_get_value (P11KitPin *pin, size_t *length) -{ - if (length) - *length = pin->length; - return pin->buffer; -} - -/** - * p11_kit_pin_get_length - * @pin: the P11KitPin - * - * Get the length of the PIN value from a P11KitPin. - * - * Returns: the length of the PIN value. - */ -size_t -p11_kit_pin_get_length (P11KitPin *pin) -{ - return pin->length; -} - -/** - * p11_kit_pin_ref: - * @pin: the P11KitPin - * - * Add a reference to a P11KitPin. This should be matched with a later call - * to p11_kit_pin_unref(). As long as at least one reference is held, the PIN - * will remain valid and in memory. - * - * Returns: the @pin pointer, for convenience sake. - */ -P11KitPin * -p11_kit_pin_ref (P11KitPin *pin) -{ - p11_lock (); - - pin->ref_count++; - - p11_unlock (); - - return pin; -} - -/** - * p11_kit_pin_unref: - * @pin: the P11KitPin - * - * Remove a reference from a P11KitPin. When all references have been removed - * then the PIN will be freed and will no longer be in memory. - */ -void -p11_kit_pin_unref (P11KitPin *pin) -{ - bool last = false; - - p11_lock (); - - last = (pin->ref_count == 1); - pin->ref_count--; - - p11_unlock (); - - if (last) { - if (pin->destroy) - (pin->destroy) (pin->buffer); - free (pin); - } -} diff --git a/p11-kit/pin.h b/p11-kit/pin.h deleted file mode 100644 index 3b6806d..0000000 --- a/p11-kit/pin.h +++ /dev/null @@ -1,107 +0,0 @@ -/* - * Copyright (c) 2011 Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@collabora.co.uk> - */ - -#ifndef P11_KIT_PIN_H -#define P11_KIT_PIN_H - -#include <p11-kit/uri.h> - -#ifdef __cplusplus -extern "C" { -#endif - -typedef struct p11_kit_pin P11KitPin; - -typedef enum { - P11_KIT_PIN_FLAGS_USER_LOGIN = 1<<0, - P11_KIT_PIN_FLAGS_SO_LOGIN = 1<<1, - P11_KIT_PIN_FLAGS_CONTEXT_LOGIN = 1<<2, - P11_KIT_PIN_FLAGS_RETRY = 1<<3, - P11_KIT_PIN_FLAGS_MANY_TRIES = 1<<4, - P11_KIT_PIN_FLAGS_FINAL_TRY = 1<<5 -} P11KitPinFlags; - -#define P11_KIT_PIN_FALLBACK "" - -typedef void (*p11_kit_pin_destroy_func) (void *data); - -P11KitPin* p11_kit_pin_new (const unsigned char *value, - size_t length); - -P11KitPin* p11_kit_pin_new_for_string (const char *value); - -P11KitPin* p11_kit_pin_new_for_buffer (unsigned char *buffer, - size_t length, - p11_kit_pin_destroy_func destroy); - -P11KitPin* p11_kit_pin_ref (P11KitPin *pin); - -void p11_kit_pin_unref (P11KitPin *pin); - -const unsigned char * p11_kit_pin_get_value (P11KitPin *pin, - size_t *length); - -size_t p11_kit_pin_get_length (P11KitPin *pin); - -typedef P11KitPin* (*p11_kit_pin_callback) (const char *pin_source, - P11KitUri *pin_uri, - const char *pin_description, - P11KitPinFlags pin_flags, - void *callback_data); - -int p11_kit_pin_register_callback (const char *pin_source, - p11_kit_pin_callback callback, - void *callback_data, - p11_kit_pin_destroy_func callback_destroy); - -void p11_kit_pin_unregister_callback (const char *pin_source, - p11_kit_pin_callback callback, - void *callback_data); - -P11KitPin* p11_kit_pin_request (const char *pin_source, - P11KitUri *pin_uri, - const char *pin_description, - P11KitPinFlags pin_flags); - -P11KitPin* p11_kit_pin_file_callback (const char *pin_source, - P11KitUri *pin_uri, - const char *pin_description, - P11KitPinFlags pin_flags, - void *callback_data); - -#ifdef __cplusplus -} /* extern "C" */ -#endif - -#endif /* P11_KIT_URI_H */ diff --git a/p11-kit/pkcs11.conf.example.in b/p11-kit/pkcs11.conf.example.in deleted file mode 100644 index 96d0a08..0000000 --- a/p11-kit/pkcs11.conf.example.in +++ /dev/null @@ -1,9 +0,0 @@ -# This is an example @p11_system_config_file@ file. Copy it into -# place before use. - -# This setting controls whether to load user configuration from the -# @p11_user_config@ directory. Possible values: -# none: No user configuration -# merge: Merge the user config over the system configuration (default) -# only: Only user configuration, ignore system configuration -user-config: merge diff --git a/p11-kit/pkcs11.h b/p11-kit/pkcs11.h deleted file mode 100644 index 245f379..0000000 --- a/p11-kit/pkcs11.h +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat, Inc - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@redhat.com> - */ - -/* - * This is so that we can use the path <p11-kit/pkcs11.h> in our installed - * headers, but still have the actual file live in our common/ subdirectory. - */ - -#include "common/pkcs11.h" diff --git a/p11-kit/print-messages.c b/p11-kit/print-messages.c deleted file mode 100644 index 5870ad1..0000000 --- a/p11-kit/print-messages.c +++ /dev/null @@ -1,137 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met); - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@collabora.co.uk> - */ - -#include "config.h" - -#include <assert.h> -#include <string.h> -#include <stdio.h> -#include <stdlib.h> - -#include "p11-kit.h" - -int -main (int argc, char *argv[]) -{ - if (argc != 1) { - fprintf (stderr, "usage: print-messages\n"); - exit (2); - } - - #define X(x) printf ("%s: %s\n", #x, p11_kit_strerror (x)) - X(CKR_CANCEL); - X(CKR_FUNCTION_CANCELED); - X(CKR_HOST_MEMORY); - X(CKR_SLOT_ID_INVALID); - X(CKR_GENERAL_ERROR); - X(CKR_FUNCTION_FAILED); - X(CKR_ARGUMENTS_BAD); - X(CKR_NEED_TO_CREATE_THREADS); - X(CKR_CANT_LOCK); - X(CKR_ATTRIBUTE_READ_ONLY); - X(CKR_ATTRIBUTE_SENSITIVE); - X(CKR_ATTRIBUTE_TYPE_INVALID); - X(CKR_ATTRIBUTE_VALUE_INVALID); - X(CKR_DATA_INVALID); - X(CKR_DATA_LEN_RANGE); - X(CKR_DEVICE_ERROR); - X(CKR_DEVICE_MEMORY); - X(CKR_DEVICE_REMOVED); - X(CKR_ENCRYPTED_DATA_INVALID); - X(CKR_ENCRYPTED_DATA_LEN_RANGE); - X(CKR_FUNCTION_NOT_SUPPORTED); - X(CKR_KEY_HANDLE_INVALID); - X(CKR_KEY_SIZE_RANGE); - X(CKR_KEY_TYPE_INCONSISTENT); - X(CKR_KEY_NOT_NEEDED); - X(CKR_KEY_CHANGED); - X(CKR_KEY_NEEDED); - X(CKR_KEY_INDIGESTIBLE); - X(CKR_KEY_FUNCTION_NOT_PERMITTED); - X(CKR_KEY_NOT_WRAPPABLE); - X(CKR_KEY_UNEXTRACTABLE); - X(CKR_MECHANISM_INVALID); - X(CKR_MECHANISM_PARAM_INVALID); - X(CKR_OBJECT_HANDLE_INVALID); - X(CKR_OPERATION_ACTIVE); - X(CKR_OPERATION_NOT_INITIALIZED); - X(CKR_PIN_INCORRECT); - X(CKR_PIN_INVALID); - X(CKR_PIN_LEN_RANGE); - X(CKR_PIN_EXPIRED); - X(CKR_PIN_LOCKED); - X(CKR_SESSION_CLOSED); - X(CKR_SESSION_COUNT); - X(CKR_SESSION_HANDLE_INVALID); - X(CKR_SESSION_READ_ONLY); - X(CKR_SESSION_EXISTS); - X(CKR_SESSION_READ_ONLY_EXISTS); - X(CKR_SESSION_READ_WRITE_SO_EXISTS); - X(CKR_SIGNATURE_INVALID); - X(CKR_SIGNATURE_LEN_RANGE); - X(CKR_TEMPLATE_INCOMPLETE); - X(CKR_TEMPLATE_INCONSISTENT); - X(CKR_TOKEN_NOT_PRESENT); - X(CKR_TOKEN_NOT_RECOGNIZED); - X(CKR_TOKEN_WRITE_PROTECTED); - X(CKR_UNWRAPPING_KEY_HANDLE_INVALID); - X(CKR_UNWRAPPING_KEY_SIZE_RANGE); - X(CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT); - X(CKR_USER_ALREADY_LOGGED_IN); - X(CKR_USER_NOT_LOGGED_IN); - X(CKR_USER_PIN_NOT_INITIALIZED); - X(CKR_USER_TYPE_INVALID); - X(CKR_USER_ANOTHER_ALREADY_LOGGED_IN); - X(CKR_USER_TOO_MANY_TYPES); - X(CKR_WRAPPED_KEY_INVALID); - X(CKR_WRAPPED_KEY_LEN_RANGE); - X(CKR_WRAPPING_KEY_HANDLE_INVALID); - X(CKR_WRAPPING_KEY_SIZE_RANGE); - X(CKR_WRAPPING_KEY_TYPE_INCONSISTENT); - X(CKR_RANDOM_SEED_NOT_SUPPORTED); - X(CKR_RANDOM_NO_RNG); - X(CKR_DOMAIN_PARAMS_INVALID); - X(CKR_BUFFER_TOO_SMALL); - X(CKR_SAVED_STATE_INVALID); - X(CKR_INFORMATION_SENSITIVE); - X(CKR_STATE_UNSAVEABLE); - X(CKR_CRYPTOKI_NOT_INITIALIZED); - X(CKR_CRYPTOKI_ALREADY_INITIALIZED); - X(CKR_MUTEX_BAD); - X(CKR_MUTEX_NOT_LOCKED); - X(CKR_FUNCTION_REJECTED); - #undef X - - return 0; -} diff --git a/p11-kit/private.h b/p11-kit/private.h deleted file mode 100644 index b363b17..0000000 --- a/p11-kit/private.h +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright (c) 2011 Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@collabora.co.uk> - */ - -#ifndef __P11_KIT_PRIVATE_H__ -#define __P11_KIT_PRIVATE_H__ - -#include "compat.h" -#include "pkcs11.h" - -/* These are global variables to be overridden in tests */ -extern const char *p11_config_system_file; -extern const char *p11_config_user_file; -extern const char *p11_config_package_modules; -extern const char *p11_config_system_modules; -extern const char *p11_config_user_modules; - -CK_RV _p11_load_config_files_unlocked (const char *system_conf, - const char *user_conf, - int *user_mode); - -void _p11_kit_default_message (CK_RV rv); - -const char * _p11_get_progname_unlocked (void); - -void _p11_set_progname_unlocked (const char *progname); - -int p11_match_uri_module_info (CK_INFO_PTR one, - CK_INFO_PTR two); - -int p11_match_uri_slot_info (CK_SLOT_INFO_PTR one, - CK_SLOT_INFO_PTR two); - -int p11_match_uri_token_info (CK_TOKEN_INFO_PTR one, - CK_TOKEN_INFO_PTR two); - -#endif /* __P11_KIT_PRIVATE_H__ */ diff --git a/p11-kit/proxy.c b/p11-kit/proxy.c deleted file mode 100644 index c554511..0000000 --- a/p11-kit/proxy.c +++ /dev/null @@ -1,2425 +0,0 @@ -/* - * Copyright (C) 2008 Stefan Walter - * Copyright (C) 2011 Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@collabora.co.uk> - */ - -#include "config.h" - -#include "compat.h" -#define P11_DEBUG_FLAG P11_DEBUG_PROXY -#define CRYPTOKI_EXPORTS - -#include "debug.h" -#include "dict.h" -#include "library.h" -#include "message.h" -#include "modules.h" -#include "pkcs11.h" -#include "pkcs11x.h" -#include "p11-kit.h" -#include "private.h" -#include "proxy.h" -#include "virtual.h" - -#include <sys/types.h> -#include <assert.h> -#include <errno.h> -#include <stdarg.h> -#include <stddef.h> -#include <stdlib.h> -#include <stdio.h> -#include <string.h> - -/* Start wrap slots slightly higher for testing */ -#define MAPPING_OFFSET 0x10 -#define FIRST_HANDLE 0x10 - -typedef struct _Mapping { - CK_SLOT_ID wrap_slot; - CK_SLOT_ID real_slot; - CK_FUNCTION_LIST_PTR funcs; -} Mapping; - -typedef struct _Session { - CK_SESSION_HANDLE wrap_session; - CK_SESSION_HANDLE real_session; - CK_SLOT_ID wrap_slot; -} Session; - -typedef struct { - int refs; - Mapping *mappings; - unsigned int n_mappings; - p11_dict *sessions; - CK_FUNCTION_LIST **inited; - unsigned int forkid; -} Proxy; - -typedef struct _State { - p11_virtual virt; - struct _State *next; - CK_FUNCTION_LIST *wrapped; - CK_ULONG last_handle; - Proxy *px; -} State; - -static CK_FUNCTION_LIST **all_modules = NULL; -static State *all_instances = NULL; -static State global = { { { { -1, -1 }, NULL, }, }, NULL, NULL, FIRST_HANDLE, NULL }; - -#define PROXY_VALID(px) ((px) && (px)->forkid == p11_forkid) -#define PROXY_FORKED(px) ((px) && (px)->forkid != p11_forkid) - -#define MANUFACTURER_ID "PKCS#11 Kit " -#define LIBRARY_DESCRIPTION "PKCS#11 Kit Proxy Module " -#define LIBRARY_VERSION_MAJOR 1 -#define LIBRARY_VERSION_MINOR 1 - -/* ----------------------------------------------------------------------------- - * PKCS#11 PROXY MODULE - */ - -static CK_RV -map_slot_unlocked (Proxy *px, - CK_SLOT_ID slot, - Mapping *mapping) -{ - assert (px != NULL); - assert (mapping != NULL); - - if (slot < MAPPING_OFFSET) - return CKR_SLOT_ID_INVALID; - slot -= MAPPING_OFFSET; - - if (slot > px->n_mappings) { - return CKR_SLOT_ID_INVALID; - } else { - assert (px->mappings); - memcpy (mapping, &px->mappings[slot], sizeof (Mapping)); - return CKR_OK; - } -} - -static CK_RV -map_slot_to_real (Proxy *px, - CK_SLOT_ID_PTR slot, - Mapping *mapping) -{ - CK_RV rv; - - assert (mapping != NULL); - - p11_lock (); - - if (!PROXY_VALID (px)) - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - else - rv = map_slot_unlocked (px, *slot, mapping); - if (rv == CKR_OK) - *slot = mapping->real_slot; - - p11_unlock (); - - return rv; -} - -static CK_RV -map_session_to_real (Proxy *px, - CK_SESSION_HANDLE_PTR handle, - Mapping *mapping, - Session *session) -{ - CK_RV rv = CKR_OK; - Session *sess; - - assert (handle != NULL); - assert (mapping != NULL); - - p11_lock (); - - if (!PROXY_VALID (px)) { - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - } else { - assert (px->sessions); - sess = p11_dict_get (px->sessions, handle); - if (sess != NULL) { - *handle = sess->real_session; - rv = map_slot_unlocked (px, sess->wrap_slot, mapping); - if (session != NULL) - memcpy (session, sess, sizeof (Session)); - } else { - rv = CKR_SESSION_HANDLE_INVALID; - } - } - - p11_unlock (); - - return rv; -} - -static void -proxy_free (Proxy *py, unsigned finalize) -{ - if (py) { - if (finalize) - p11_kit_modules_finalize (py->inited); - free (py->inited); - p11_dict_free (py->sessions); - free (py->mappings); - free (py); - } -} - -static CK_RV -proxy_C_Finalize (CK_X_FUNCTION_LIST *self, - CK_VOID_PTR reserved) -{ - Proxy *py = NULL; - State *state = (State *)self; - CK_RV rv = CKR_OK; - - p11_debug ("in"); - - /* WARNING: This function must be reentrant */ - - if (reserved) { - rv = CKR_ARGUMENTS_BAD; - - } else { - p11_lock (); - - if (!PROXY_VALID (state->px)) { - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - py = state->px; - state->px = NULL; - } else if (state->px->refs-- == 1) { - py = state->px; - state->px = NULL; - } - - p11_unlock (); - - proxy_free (py, 1); - } - - p11_debug ("out: %lu", rv); - return rv; -} - -static CK_FUNCTION_LIST ** -modules_dup (CK_FUNCTION_LIST **modules) -{ - int count = 0; - - while (modules[count] != NULL) - count++; - - return memdup (modules, sizeof (CK_FUNCTION_LIST *) * (count + 1)); -} - -static CK_RV -proxy_create (Proxy **res) -{ - CK_FUNCTION_LIST_PTR *f; - CK_FUNCTION_LIST_PTR funcs; - CK_SLOT_ID_PTR slots; - CK_ULONG i, count; - CK_RV rv = CKR_OK; - Proxy *py; - - py = calloc (1, sizeof (Proxy)); - return_val_if_fail (py != NULL, CKR_HOST_MEMORY); - - py->forkid = p11_forkid; - - py->inited = modules_dup (all_modules); - return_val_if_fail (py->inited != NULL, CKR_HOST_MEMORY); - - rv = p11_kit_modules_initialize (py->inited, NULL); - - if (rv == CKR_OK) { - for (f = py->inited; *f; ++f) { - funcs = *f; - assert (funcs != NULL); - slots = NULL; - - /* Ask module for its slots */ - rv = (funcs->C_GetSlotList) (FALSE, NULL, &count); - if (rv == CKR_OK && count) { - slots = calloc (sizeof (CK_SLOT_ID), count); - rv = (funcs->C_GetSlotList) (FALSE, slots, &count); - } - - if (rv != CKR_OK) { - free (slots); - break; - } - - return_val_if_fail (count == 0 || slots != NULL, CKR_GENERAL_ERROR); - - py->mappings = realloc (py->mappings, sizeof (Mapping) * (py->n_mappings + count)); - return_val_if_fail (py->mappings != NULL, CKR_HOST_MEMORY); - - /* And now add a mapping for each of those slots */ - for (i = 0; i < count; ++i) { - py->mappings[py->n_mappings].funcs = funcs; - py->mappings[py->n_mappings].wrap_slot = py->n_mappings + MAPPING_OFFSET; - py->mappings[py->n_mappings].real_slot = slots[i]; - ++py->n_mappings; - } - - free (slots); - } - } - - if (rv != CKR_OK) { - proxy_free (py, 1); - return rv; - } - - py->sessions = p11_dict_new (p11_dict_ulongptr_hash, p11_dict_ulongptr_equal, NULL, free); - return_val_if_fail (py->sessions != NULL, CKR_HOST_MEMORY); - py->refs = 1; - - *res = py; - return CKR_OK; -} - -static CK_RV -proxy_C_Initialize (CK_X_FUNCTION_LIST *self, - CK_VOID_PTR init_args) -{ - State *state = (State *)self; - bool initialize = false; - Proxy *py; - CK_RV rv; - - p11_library_init_once (); - - /* WARNING: This function must be reentrant */ - - p11_debug ("in"); - - p11_lock (); - - if (!PROXY_VALID (state->px)) { - unsigned call_finalize = 1; - - initialize = true; - if (PROXY_FORKED(state->px)) - call_finalize = 0; - proxy_free (state->px, call_finalize); - - state->px = NULL; - } else { - state->px->refs++; - } - - p11_unlock (); - - if (!initialize) { - p11_debug ("out: already: %lu", CKR_OK); - return CKR_OK; - } - - rv = proxy_create (&py); - if (rv != CKR_OK) { - p11_debug ("out: %lu", rv); - return rv; - } - - p11_lock (); - - if (state->px == NULL) { - state->px = py; - py = NULL; - } - - p11_unlock (); - - proxy_free (py, 1); - p11_debug ("out: 0"); - return rv; -} - -static CK_RV -proxy_C_GetInfo (CK_X_FUNCTION_LIST *self, - CK_INFO_PTR info) -{ - State *state = (State *)self; - CK_RV rv = CKR_OK; - - p11_library_init_once (); - - return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD); - - p11_lock (); - - if (!PROXY_VALID (state->px)) - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - - p11_unlock (); - - if (rv != CKR_OK) - return rv; - - memset (info, 0, sizeof (CK_INFO)); - info->cryptokiVersion.major = CRYPTOKI_VERSION_MAJOR; - info->cryptokiVersion.minor = CRYPTOKI_VERSION_MINOR; - info->libraryVersion.major = LIBRARY_VERSION_MAJOR; - info->libraryVersion.minor = LIBRARY_VERSION_MINOR; - info->flags = 0; - strncpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32); - strncpy ((char*)info->libraryDescription, LIBRARY_DESCRIPTION, 32); - return CKR_OK; -} - -static CK_RV -proxy_C_GetSlotList (CK_X_FUNCTION_LIST *self, - CK_BBOOL token_present, - CK_SLOT_ID_PTR slot_list, - CK_ULONG_PTR count) -{ - State *state = (State *)self; - CK_SLOT_INFO info; - Mapping *mapping; - CK_ULONG index; - CK_RV rv = CKR_OK; - unsigned int i; - - return_val_if_fail (count != NULL, CKR_ARGUMENTS_BAD); - - p11_lock (); - - if (!PROXY_VALID (state->px)) { - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - } else { - index = 0; - - /* Go through and build up a map */ - for (i = 0; i < state->px->n_mappings; ++i) { - mapping = &state->px->mappings[i]; - - /* Skip ones without a token if requested */ - if (token_present) { - rv = (mapping->funcs->C_GetSlotInfo) (mapping->real_slot, &info); - if (rv != CKR_OK) - break; - if (!(info.flags & CKF_TOKEN_PRESENT)) - continue; - } - - /* Fill in the slot if we can */ - if (slot_list && *count > index) - slot_list[index] = mapping->wrap_slot; - - ++index; - } - - if (slot_list && *count < index) - rv = CKR_BUFFER_TOO_SMALL; - - *count = index; - } - - p11_unlock (); - - return rv; -} - -static CK_RV -proxy_C_GetSlotInfo (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID id, - CK_SLOT_INFO_PTR info) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_slot_to_real (state->px, &id, &map); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GetSlotInfo) (id, info); -} - -static CK_RV -proxy_C_GetTokenInfo (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID id, - CK_TOKEN_INFO_PTR info) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_slot_to_real (state->px, &id, &map); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GetTokenInfo) (id, info); -} - -static CK_RV -proxy_C_GetMechanismList (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID id, - CK_MECHANISM_TYPE_PTR mechanism_list, - CK_ULONG_PTR count) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_slot_to_real (state->px, &id, &map); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GetMechanismList) (id, mechanism_list, count); -} - -static CK_RV -proxy_C_GetMechanismInfo (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID id, - CK_MECHANISM_TYPE type, - CK_MECHANISM_INFO_PTR info) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_slot_to_real (state->px, &id, &map); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GetMechanismInfo) (id, type, info); -} - -static CK_RV -proxy_C_InitToken (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID id, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len, - CK_UTF8CHAR_PTR label) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_slot_to_real (state->px, &id, &map); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_InitToken) (id, pin, pin_len, label); -} - -static CK_RV -proxy_C_WaitForSlotEvent (CK_X_FUNCTION_LIST *self, - CK_FLAGS flags, - CK_SLOT_ID_PTR slot, - CK_VOID_PTR reserved) -{ - return CKR_FUNCTION_NOT_SUPPORTED; -} - -static CK_RV -proxy_C_OpenSession (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID id, - CK_FLAGS flags, - CK_VOID_PTR user_data, - CK_NOTIFY callback, - CK_SESSION_HANDLE_PTR handle) -{ - State *state = (State *)self; - Session *sess; - Mapping map; - CK_RV rv; - - return_val_if_fail (handle != NULL, CKR_ARGUMENTS_BAD); - - rv = map_slot_to_real (state->px, &id, &map); - if (rv != CKR_OK) - return rv; - - rv = (map.funcs->C_OpenSession) (id, flags, user_data, callback, handle); - - if (rv == CKR_OK) { - p11_lock (); - - if (!PROXY_VALID (state->px)) { - /* - * The underlying module should have returned an error, so this - * code should never be reached with properly behaving modules. - * That's why we don't cleanup and close the newly opened session here - * or anything like that. - */ - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - - } else { - sess = calloc (1, sizeof (Session)); - sess->wrap_slot = map.wrap_slot; - sess->real_session = *handle; - sess->wrap_session = ++state->last_handle; /* TODO: Handle wrapping, and then collisions */ - p11_dict_set (state->px->sessions, &sess->wrap_session, sess); - *handle = sess->wrap_session; - } - - p11_unlock (); - } - - return rv; -} - -static CK_RV -proxy_C_CloseSession (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle) -{ - State *state = (State *)self; - CK_SESSION_HANDLE key; - Mapping map; - CK_RV rv; - - key = handle; - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - rv = (map.funcs->C_CloseSession) (handle); - - if (rv == CKR_OK) { - p11_lock (); - - if (state->px) - p11_dict_remove (state->px->sessions, &key); - - p11_unlock (); - } - - return rv; -} - -static CK_RV -proxy_C_CloseAllSessions (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID id) -{ - State *state = (State *)self; - CK_SESSION_HANDLE_PTR to_close; - CK_RV rv = CKR_OK; - Session *sess; - CK_ULONG i, count = 0; - p11_dictiter iter; - - p11_lock (); - - if (!PROXY_VALID (state->px)) { - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - } else { - assert (state->px->sessions != NULL); - to_close = calloc (sizeof (CK_SESSION_HANDLE), p11_dict_size (state->px->sessions)); - if (!to_close) { - rv = CKR_HOST_MEMORY; - } else { - p11_dict_iterate (state->px->sessions, &iter); - count = 0; - while (p11_dict_next (&iter, NULL, (void**)&sess)) { - if (sess->wrap_slot == id && to_close) - to_close[count++] = sess->wrap_session; - } - } - } - - p11_unlock (); - - if (rv != CKR_OK) - return rv; - - for (i = 0; i < count; ++i) - proxy_C_CloseSession (self, to_close[i]); - - free (to_close); - return CKR_OK; -} - -static CK_RV -proxy_C_GetFunctionStatus (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GetFunctionStatus) (handle); -} - -static CK_RV -proxy_C_CancelFunction (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_CancelFunction) (handle); -} - -static CK_RV -proxy_C_GetSessionInfo (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_SESSION_INFO_PTR info) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - if (info == NULL) - return CKR_ARGUMENTS_BAD; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - - rv = (map.funcs->C_GetSessionInfo) (handle, info); - if (rv == CKR_OK) - info->slotID = map.wrap_slot; - - return rv; -} - -static CK_RV -proxy_C_InitPIN (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - - return (map.funcs->C_InitPIN) (handle, pin, pin_len); -} - -static CK_RV -proxy_C_SetPIN (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_UTF8CHAR_PTR old_pin, - CK_ULONG old_pin_len, - CK_UTF8CHAR_PTR new_pin, - CK_ULONG new_pin_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - - return (map.funcs->C_SetPIN) (handle, old_pin, old_pin_len, new_pin, new_pin_len); -} - -static CK_RV -proxy_C_GetOperationState (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR operation_state, - CK_ULONG_PTR operation_state_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GetOperationState) (handle, operation_state, operation_state_len); -} - -static CK_RV -proxy_C_SetOperationState (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR operation_state, - CK_ULONG operation_state_len, - CK_OBJECT_HANDLE encryption_key, - CK_OBJECT_HANDLE authentication_key) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_SetOperationState) (handle, operation_state, operation_state_len, encryption_key, authentication_key); -} - -static CK_RV -proxy_C_Login (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_USER_TYPE user_type, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - - return (map.funcs->C_Login) (handle, user_type, pin, pin_len); -} - -static CK_RV -proxy_C_Logout (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_Logout) (handle); -} - -static CK_RV -proxy_C_CreateObject (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR new_object) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - - return (map.funcs->C_CreateObject) (handle, template, count, new_object); -} - -static CK_RV -proxy_C_CopyObject (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR new_object) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_CopyObject) (handle, object, template, count, new_object); -} - -static CK_RV -proxy_C_DestroyObject (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE object) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DestroyObject) (handle, object); -} - -static CK_RV -proxy_C_GetObjectSize (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE object, - CK_ULONG_PTR size) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GetObjectSize) (handle, object, size); -} - -static CK_RV -proxy_C_GetAttributeValue (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GetAttributeValue) (handle, object, template, count); -} - -static CK_RV -proxy_C_SetAttributeValue (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_SetAttributeValue) (handle, object, template, count); -} - -static CK_RV -proxy_C_FindObjectsInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_FindObjectsInit) (handle, template, count); -} - -static CK_RV -proxy_C_FindObjects (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE_PTR objects, - CK_ULONG max_count, - CK_ULONG_PTR count) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_FindObjects) (handle, objects, max_count, count); -} - -static CK_RV -proxy_C_FindObjectsFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_FindObjectsFinal) (handle); -} - -static CK_RV -proxy_C_EncryptInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_EncryptInit) (handle, mechanism, key); -} - -static CK_RV -proxy_C_Encrypt (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR input, - CK_ULONG input_len, - CK_BYTE_PTR encrypted_data, - CK_ULONG_PTR encrypted_data_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_Encrypt) (handle, input, input_len, encrypted_data, encrypted_data_len); -} - -static CK_RV -proxy_C_EncryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR encrypted_part, - CK_ULONG_PTR encrypted_part_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_EncryptUpdate) (handle, part, part_len, encrypted_part, encrypted_part_len); -} - -static CK_RV -proxy_C_EncryptFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR last_part, - CK_ULONG_PTR last_part_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_EncryptFinal) (handle, last_part, last_part_len); -} - -static CK_RV -proxy_C_DecryptInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DecryptInit) (handle, mechanism, key); -} - -static CK_RV -proxy_C_Decrypt (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR enc_data, - CK_ULONG enc_data_len, - CK_BYTE_PTR output, - CK_ULONG_PTR output_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_Decrypt) (handle, enc_data, enc_data_len, output, output_len); -} - -static CK_RV -proxy_C_DecryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DecryptUpdate) (handle, enc_part, enc_part_len, part, part_len); -} - -static CK_RV -proxy_C_DecryptFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR last_part, - CK_ULONG_PTR last_part_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DecryptFinal) (handle, last_part, last_part_len); -} - -static CK_RV -proxy_C_DigestInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DigestInit) (handle, mechanism); -} - -static CK_RV -proxy_C_Digest (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR input, - CK_ULONG input_len, - CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_Digest) (handle, input, input_len, digest, digest_len); -} - -static CK_RV -proxy_C_DigestUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DigestUpdate) (handle, part, part_len); -} - -static CK_RV -proxy_C_DigestKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE key) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DigestKey) (handle, key); -} - -static CK_RV -proxy_C_DigestFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DigestFinal) (handle, digest, digest_len); -} - -static CK_RV -proxy_C_SignInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_SignInit) (handle, mechanism, key); -} - -static CK_RV -proxy_C_Sign (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR input, - CK_ULONG input_len, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_Sign) (handle, input, input_len, signature, signature_len); -} - -static CK_RV -proxy_C_SignUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_SignUpdate) (handle, part, part_len); -} - -static CK_RV -proxy_C_SignFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_SignFinal) (handle, signature, signature_len); -} - -static CK_RV -proxy_C_SignRecoverInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_SignRecoverInit) (handle, mechanism, key); -} - -static CK_RV -proxy_C_SignRecover (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR input, - CK_ULONG input_len, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_SignRecover) (handle, input, input_len, signature, signature_len); -} - -static CK_RV -proxy_C_VerifyInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_VerifyInit) (handle, mechanism, key); -} - -static CK_RV -proxy_C_Verify (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR input, - CK_ULONG input_len, - CK_BYTE_PTR signature, - CK_ULONG signature_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_Verify) (handle, input, input_len, signature, signature_len); -} - -static CK_RV -proxy_C_VerifyUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_VerifyUpdate) (handle, part, part_len); -} - -static CK_RV -proxy_C_VerifyFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR signature, - CK_ULONG signature_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_VerifyFinal) (handle, signature, signature_len); -} - -static CK_RV -proxy_C_VerifyRecoverInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_VerifyRecoverInit) (handle, mechanism, key); -} - -static CK_RV -proxy_C_VerifyRecover (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR signature, - CK_ULONG signature_len, - CK_BYTE_PTR output, - CK_ULONG_PTR output_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_VerifyRecover) (handle, signature, signature_len, output, output_len); -} - -static CK_RV -proxy_C_DigestEncryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR enc_part, - CK_ULONG_PTR enc_part_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DigestEncryptUpdate) (handle, part, part_len, enc_part, enc_part_len); -} - -static CK_RV -proxy_C_DecryptDigestUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DecryptDigestUpdate) (handle, enc_part, enc_part_len, part, part_len); -} - -static CK_RV -proxy_C_SignEncryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR enc_part, - CK_ULONG_PTR enc_part_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_SignEncryptUpdate) (handle, part, part_len, enc_part, enc_part_len); -} - -static CK_RV -proxy_C_DecryptVerifyUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DecryptVerifyUpdate) (handle, enc_part, enc_part_len, part, part_len); -} - -static CK_RV -proxy_C_GenerateKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GenerateKey) (handle, mechanism, template, count, key); -} - -static CK_RV -proxy_C_GenerateKeyPair (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR pub_template, - CK_ULONG pub_count, - CK_ATTRIBUTE_PTR priv_template, - CK_ULONG priv_count, - CK_OBJECT_HANDLE_PTR pub_key, - CK_OBJECT_HANDLE_PTR priv_key) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GenerateKeyPair) (handle, mechanism, pub_template, pub_count, priv_template, priv_count, pub_key, priv_key); -} - -static CK_RV -proxy_C_WrapKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE wrapping_key, - CK_OBJECT_HANDLE key, - CK_BYTE_PTR wrapped_key, - CK_ULONG_PTR wrapped_key_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_WrapKey) (handle, mechanism, wrapping_key, key, wrapped_key, wrapped_key_len); -} - -static CK_RV -proxy_C_UnwrapKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE unwrapping_key, - CK_BYTE_PTR wrapped_key, - CK_ULONG wrapped_key_len, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_UnwrapKey) (handle, mechanism, unwrapping_key, wrapped_key, wrapped_key_len, template, count, key); -} - -static CK_RV -proxy_C_DeriveKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE base_key, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DeriveKey) (handle, mechanism, base_key, template, count, key); -} - -static CK_RV -proxy_C_SeedRandom (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR seed, - CK_ULONG seed_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_SeedRandom) (handle, seed, seed_len); -} - -static CK_RV -proxy_C_GenerateRandom (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE handle, - CK_BYTE_PTR random_data, - CK_ULONG random_len) -{ - State *state = (State *)self; - Mapping map; - CK_RV rv; - - rv = map_session_to_real (state->px, &handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GenerateRandom) (handle, random_data, random_len); -} - -/* -------------------------------------------------------------------- - * Global module functions - */ - -static CK_FUNCTION_LIST module_functions; - -static CK_RV -module_C_Initialize (CK_VOID_PTR init_args) -{ - return proxy_C_Initialize (&global.virt.funcs, init_args); -} - -static CK_RV -module_C_Finalize (CK_VOID_PTR reserved) -{ - return proxy_C_Finalize (&global.virt.funcs, reserved); -} - -static CK_RV -module_C_GetInfo (CK_INFO_PTR info) -{ - return proxy_C_GetInfo (&global.virt.funcs, info); -} - -static CK_RV -module_C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) -{ - return_val_if_fail (list != NULL, CKR_ARGUMENTS_BAD); - *list = &module_functions; - return CKR_OK; -} - -static CK_RV -module_C_GetSlotList (CK_BBOOL token_present, - CK_SLOT_ID_PTR slot_list, - CK_ULONG_PTR count) -{ - return proxy_C_GetSlotList (&global.virt.funcs, token_present, slot_list, count); -} - -static CK_RV -module_C_GetSlotInfo (CK_SLOT_ID id, - CK_SLOT_INFO_PTR info) -{ - return proxy_C_GetSlotInfo (&global.virt.funcs, id, info); -} - -static CK_RV -module_C_GetTokenInfo (CK_SLOT_ID id, - CK_TOKEN_INFO_PTR info) -{ - return proxy_C_GetTokenInfo (&global.virt.funcs, id, info); -} - -static CK_RV -module_C_GetMechanismList (CK_SLOT_ID id, - CK_MECHANISM_TYPE_PTR mechanism_list, - CK_ULONG_PTR count) -{ - return proxy_C_GetMechanismList (&global.virt.funcs, id, mechanism_list, count); -} - -static CK_RV -module_C_GetMechanismInfo (CK_SLOT_ID id, - CK_MECHANISM_TYPE type, - CK_MECHANISM_INFO_PTR info) -{ - return proxy_C_GetMechanismInfo (&global.virt.funcs, id, type, info); -} - -static CK_RV -module_C_InitToken (CK_SLOT_ID id, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len, - CK_UTF8CHAR_PTR label) -{ - return proxy_C_InitToken (&global.virt.funcs, id, pin, pin_len, label); -} - -static CK_RV -module_C_WaitForSlotEvent (CK_FLAGS flags, - CK_SLOT_ID_PTR slot, - CK_VOID_PTR reserved) -{ - return proxy_C_WaitForSlotEvent (&global.virt.funcs, flags, slot, reserved); -} - -static CK_RV -module_C_OpenSession (CK_SLOT_ID id, - CK_FLAGS flags, - CK_VOID_PTR user_data, - CK_NOTIFY callback, - CK_SESSION_HANDLE_PTR handle) -{ - return proxy_C_OpenSession (&global.virt.funcs, id, flags, user_data, callback, - handle); -} - -static CK_RV -module_C_CloseSession (CK_SESSION_HANDLE handle) -{ - return proxy_C_CloseSession (&global.virt.funcs, handle); -} - -static CK_RV -module_C_CloseAllSessions (CK_SLOT_ID id) -{ - return proxy_C_CloseAllSessions (&global.virt.funcs, id); -} - -static CK_RV -module_C_GetFunctionStatus (CK_SESSION_HANDLE handle) -{ - return proxy_C_GetFunctionStatus (&global.virt.funcs, handle); -} - -static CK_RV -module_C_CancelFunction (CK_SESSION_HANDLE handle) -{ - return proxy_C_CancelFunction (&global.virt.funcs, handle); -} - -static CK_RV -module_C_GetSessionInfo (CK_SESSION_HANDLE handle, - CK_SESSION_INFO_PTR info) -{ - return proxy_C_GetSessionInfo (&global.virt.funcs, handle, info); -} - -static CK_RV -module_C_InitPIN (CK_SESSION_HANDLE handle, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len) -{ - return proxy_C_InitPIN (&global.virt.funcs, handle, pin, pin_len); -} - -static CK_RV -module_C_SetPIN (CK_SESSION_HANDLE handle, - CK_UTF8CHAR_PTR old_pin, - CK_ULONG old_pin_len, - CK_UTF8CHAR_PTR new_pin, - CK_ULONG new_pin_len) -{ - return proxy_C_SetPIN (&global.virt.funcs, handle, old_pin, old_pin_len, new_pin, - new_pin_len); -} - -static CK_RV -module_C_GetOperationState (CK_SESSION_HANDLE handle, - CK_BYTE_PTR operation_state, - CK_ULONG_PTR operation_state_len) -{ - return proxy_C_GetOperationState (&global.virt.funcs, handle, operation_state, - operation_state_len); -} - -static CK_RV -module_C_SetOperationState (CK_SESSION_HANDLE handle, - CK_BYTE_PTR operation_state, - CK_ULONG operation_state_len, - CK_OBJECT_HANDLE encryption_key, - CK_OBJECT_HANDLE authentication_key) -{ - return proxy_C_SetOperationState (&global.virt.funcs, handle, operation_state, - operation_state_len, encryption_key, - authentication_key); -} - -static CK_RV -module_C_Login (CK_SESSION_HANDLE handle, - CK_USER_TYPE user_type, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len) -{ - return proxy_C_Login (&global.virt.funcs, handle, user_type, pin, pin_len); -} - -static CK_RV -module_C_Logout (CK_SESSION_HANDLE handle) -{ - return proxy_C_Logout (&global.virt.funcs, handle); -} - -static CK_RV -module_C_CreateObject (CK_SESSION_HANDLE handle, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR new_object) -{ - return proxy_C_CreateObject (&global.virt.funcs, handle, template, count, - new_object); -} - -static CK_RV -module_C_CopyObject (CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR new_object) -{ - return proxy_C_CopyObject (&global.virt.funcs, handle, object, template, count, - new_object); -} - -static CK_RV -module_C_DestroyObject (CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE object) -{ - return proxy_C_DestroyObject (&global.virt.funcs, handle, object); -} - -static CK_RV -module_C_GetObjectSize (CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE object, - CK_ULONG_PTR size) -{ - return proxy_C_GetObjectSize (&global.virt.funcs, handle, object, size); -} - -static CK_RV -module_C_GetAttributeValue (CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - return proxy_C_GetAttributeValue (&global.virt.funcs, handle, object, template, - count); -} - -static CK_RV -module_C_SetAttributeValue (CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - return proxy_C_SetAttributeValue (&global.virt.funcs, handle, object, template, - count); -} - -static CK_RV -module_C_FindObjectsInit (CK_SESSION_HANDLE handle, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - return proxy_C_FindObjectsInit (&global.virt.funcs, handle, template, count); -} - -static CK_RV -module_C_FindObjects (CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE_PTR objects, - CK_ULONG max_count, - CK_ULONG_PTR count) -{ - return proxy_C_FindObjects (&global.virt.funcs, handle, objects, max_count, count); -} - -static CK_RV -module_C_FindObjectsFinal (CK_SESSION_HANDLE handle) -{ - return proxy_C_FindObjectsFinal (&global.virt.funcs, handle); -} - -static CK_RV -module_C_EncryptInit (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return proxy_C_EncryptInit (&global.virt.funcs, handle, mechanism, key); -} - -static CK_RV -module_C_Encrypt (CK_SESSION_HANDLE handle, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR encrypted_data, - CK_ULONG_PTR encrypted_data_len) -{ - return proxy_C_Encrypt (&global.virt.funcs, handle, data, data_len, - encrypted_data, encrypted_data_len); -} - -static CK_RV -module_C_EncryptUpdate (CK_SESSION_HANDLE handle, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR encrypted_part, - CK_ULONG_PTR encrypted_part_len) -{ - return proxy_C_EncryptUpdate (&global.virt.funcs, handle, part, part_len, - encrypted_part, encrypted_part_len); -} - -static CK_RV -module_C_EncryptFinal (CK_SESSION_HANDLE handle, - CK_BYTE_PTR last_part, - CK_ULONG_PTR last_part_len) -{ - return proxy_C_EncryptFinal (&global.virt.funcs, handle, last_part, last_part_len); -} - -static CK_RV -module_C_DecryptInit (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return proxy_C_DecryptInit (&global.virt.funcs, handle, mechanism, key); -} - -static CK_RV -module_C_Decrypt (CK_SESSION_HANDLE handle, - CK_BYTE_PTR enc_data, - CK_ULONG enc_data_len, - CK_BYTE_PTR data, - CK_ULONG_PTR data_len) -{ - return proxy_C_Decrypt (&global.virt.funcs, handle, enc_data, enc_data_len, - data, data_len); -} - -static CK_RV -module_C_DecryptUpdate (CK_SESSION_HANDLE handle, - CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - return proxy_C_DecryptUpdate (&global.virt.funcs, handle, enc_part, enc_part_len, - part, part_len); -} - -static CK_RV -module_C_DecryptFinal (CK_SESSION_HANDLE handle, - CK_BYTE_PTR last_part, - CK_ULONG_PTR last_part_len) -{ - return proxy_C_DecryptFinal (&global.virt.funcs, handle, last_part, last_part_len); -} - -static CK_RV -module_C_DigestInit (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism) -{ - return proxy_C_DigestInit (&global.virt.funcs, handle, mechanism); -} - -static CK_RV -module_C_Digest (CK_SESSION_HANDLE handle, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len) -{ - return proxy_C_Digest (&global.virt.funcs, handle, data, data_len, digest, - digest_len); -} - -static CK_RV -module_C_DigestUpdate (CK_SESSION_HANDLE handle, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - return proxy_C_DigestUpdate (&global.virt.funcs, handle, part, part_len); -} - -static CK_RV -module_C_DigestKey (CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE key) -{ - return proxy_C_DigestKey (&global.virt.funcs, handle, key); -} - -static CK_RV -module_C_DigestFinal (CK_SESSION_HANDLE handle, - CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len) -{ - return proxy_C_DigestFinal (&global.virt.funcs, handle, digest, digest_len); -} - -static CK_RV -module_C_SignInit (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return proxy_C_SignInit (&global.virt.funcs, handle, mechanism, key); -} - -static CK_RV -module_C_Sign (CK_SESSION_HANDLE handle, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - return proxy_C_Sign (&global.virt.funcs, handle, data, data_len, signature, - signature_len); -} - -static CK_RV -module_C_SignUpdate (CK_SESSION_HANDLE handle, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - return proxy_C_SignUpdate (&global.virt.funcs, handle, part, part_len); -} - -static CK_RV -module_C_SignFinal (CK_SESSION_HANDLE handle, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - return proxy_C_SignFinal (&global.virt.funcs, handle, signature, signature_len); -} - -static CK_RV -module_C_SignRecoverInit (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return proxy_C_SignRecoverInit (&global.virt.funcs, handle, mechanism, key); -} - -static CK_RV -module_C_SignRecover (CK_SESSION_HANDLE handle, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - return proxy_C_SignRecover (&global.virt.funcs, handle, data, data_len, - signature, signature_len); -} - -static CK_RV -module_C_VerifyInit (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return proxy_C_VerifyInit (&global.virt.funcs, handle, mechanism, key); -} - -static CK_RV -module_C_Verify (CK_SESSION_HANDLE handle, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR signature, - CK_ULONG signature_len) -{ - return proxy_C_Verify (&global.virt.funcs, handle, data, data_len, signature, - signature_len); -} - -static CK_RV -module_C_VerifyUpdate (CK_SESSION_HANDLE handle, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - return proxy_C_VerifyUpdate (&global.virt.funcs, handle, part, part_len); -} - -static CK_RV -module_C_VerifyFinal (CK_SESSION_HANDLE handle, - CK_BYTE_PTR signature, - CK_ULONG signature_len) -{ - return proxy_C_VerifyFinal (&global.virt.funcs, handle, signature, signature_len); -} - -static CK_RV -module_C_VerifyRecoverInit (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return proxy_C_VerifyRecoverInit (&global.virt.funcs, handle, mechanism, key); -} - -static CK_RV -module_C_VerifyRecover (CK_SESSION_HANDLE handle, - CK_BYTE_PTR signature, - CK_ULONG signature_len, - CK_BYTE_PTR data, - CK_ULONG_PTR data_len) -{ - return proxy_C_VerifyRecover (&global.virt.funcs, handle, signature, signature_len, - data, data_len); -} - -static CK_RV -module_C_DigestEncryptUpdate (CK_SESSION_HANDLE handle, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR enc_part, - CK_ULONG_PTR enc_part_len) -{ - return proxy_C_DigestEncryptUpdate (&global.virt.funcs, handle, part, part_len, - enc_part, enc_part_len); -} - -static CK_RV -module_C_DecryptDigestUpdate (CK_SESSION_HANDLE handle, - CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - return proxy_C_DecryptDigestUpdate (&global.virt.funcs, handle, enc_part, - enc_part_len, part, part_len); -} - -static CK_RV -module_C_SignEncryptUpdate (CK_SESSION_HANDLE handle, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR enc_part, - CK_ULONG_PTR enc_part_len) -{ - return proxy_C_SignEncryptUpdate (&global.virt.funcs, handle, part, part_len, - enc_part, enc_part_len); -} - -static CK_RV -module_C_DecryptVerifyUpdate (CK_SESSION_HANDLE handle, - CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - return proxy_C_DecryptVerifyUpdate (&global.virt.funcs, handle, enc_part, - enc_part_len, part, part_len); -} - -static CK_RV -module_C_GenerateKey (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - return proxy_C_GenerateKey (&global.virt.funcs, handle, mechanism, template, count, - key); -} - -static CK_RV -module_C_GenerateKeyPair (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR pub_template, - CK_ULONG pub_count, - CK_ATTRIBUTE_PTR priv_template, - CK_ULONG priv_count, - CK_OBJECT_HANDLE_PTR pub_key, - CK_OBJECT_HANDLE_PTR priv_key) -{ - return proxy_C_GenerateKeyPair (&global.virt.funcs, handle, mechanism, pub_template, - pub_count, priv_template, priv_count, - pub_key, priv_key); -} - -static CK_RV -module_C_WrapKey (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE wrapping_key, - CK_OBJECT_HANDLE key, - CK_BYTE_PTR wrapped_key, - CK_ULONG_PTR wrapped_key_len) -{ - return proxy_C_WrapKey (&global.virt.funcs, handle, mechanism, wrapping_key, - key, wrapped_key, wrapped_key_len); -} - -static CK_RV -module_C_UnwrapKey (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE unwrapping_key, - CK_BYTE_PTR wrapped_key, - CK_ULONG wrapped_key_len, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - return proxy_C_UnwrapKey (&global.virt.funcs, handle, mechanism, unwrapping_key, - wrapped_key, wrapped_key_len, template, - count, key); -} - -static CK_RV -module_C_DeriveKey (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE base_key, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - return proxy_C_DeriveKey (&global.virt.funcs, handle, mechanism, base_key, - template, count, key); -} - -static CK_RV -module_C_SeedRandom (CK_SESSION_HANDLE handle, - CK_BYTE_PTR seed, - CK_ULONG seed_len) -{ - return proxy_C_SeedRandom (&global.virt.funcs, handle, seed, seed_len); -} - -static CK_RV -module_C_GenerateRandom (CK_SESSION_HANDLE handle, - CK_BYTE_PTR random_data, - CK_ULONG random_len) -{ - return proxy_C_GenerateRandom (&global.virt.funcs, handle, random_data, random_len); -} - -/* -------------------------------------------------------------------- - * MODULE ENTRY POINT - */ - -static CK_FUNCTION_LIST module_functions = { - { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, - module_C_Initialize, - module_C_Finalize, - module_C_GetInfo, - module_C_GetFunctionList, - module_C_GetSlotList, - module_C_GetSlotInfo, - module_C_GetTokenInfo, - module_C_GetMechanismList, - module_C_GetMechanismInfo, - module_C_InitToken, - module_C_InitPIN, - module_C_SetPIN, - module_C_OpenSession, - module_C_CloseSession, - module_C_CloseAllSessions, - module_C_GetSessionInfo, - module_C_GetOperationState, - module_C_SetOperationState, - module_C_Login, - module_C_Logout, - module_C_CreateObject, - module_C_CopyObject, - module_C_DestroyObject, - module_C_GetObjectSize, - module_C_GetAttributeValue, - module_C_SetAttributeValue, - module_C_FindObjectsInit, - module_C_FindObjects, - module_C_FindObjectsFinal, - module_C_EncryptInit, - module_C_Encrypt, - module_C_EncryptUpdate, - module_C_EncryptFinal, - module_C_DecryptInit, - module_C_Decrypt, - module_C_DecryptUpdate, - module_C_DecryptFinal, - module_C_DigestInit, - module_C_Digest, - module_C_DigestUpdate, - module_C_DigestKey, - module_C_DigestFinal, - module_C_SignInit, - module_C_Sign, - module_C_SignUpdate, - module_C_SignFinal, - module_C_SignRecoverInit, - module_C_SignRecover, - module_C_VerifyInit, - module_C_Verify, - module_C_VerifyUpdate, - module_C_VerifyFinal, - module_C_VerifyRecoverInit, - module_C_VerifyRecover, - module_C_DigestEncryptUpdate, - module_C_DecryptDigestUpdate, - module_C_SignEncryptUpdate, - module_C_DecryptVerifyUpdate, - module_C_GenerateKey, - module_C_GenerateKeyPair, - module_C_WrapKey, - module_C_UnwrapKey, - module_C_DeriveKey, - module_C_SeedRandom, - module_C_GenerateRandom, - module_C_GetFunctionStatus, - module_C_CancelFunction, - module_C_WaitForSlotEvent -}; - -static CK_X_FUNCTION_LIST proxy_functions = { - { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, - proxy_C_Initialize, - proxy_C_Finalize, - proxy_C_GetInfo, - proxy_C_GetSlotList, - proxy_C_GetSlotInfo, - proxy_C_GetTokenInfo, - proxy_C_GetMechanismList, - proxy_C_GetMechanismInfo, - proxy_C_InitToken, - proxy_C_InitPIN, - proxy_C_SetPIN, - proxy_C_OpenSession, - proxy_C_CloseSession, - proxy_C_CloseAllSessions, - proxy_C_GetSessionInfo, - proxy_C_GetOperationState, - proxy_C_SetOperationState, - proxy_C_Login, - proxy_C_Logout, - proxy_C_CreateObject, - proxy_C_CopyObject, - proxy_C_DestroyObject, - proxy_C_GetObjectSize, - proxy_C_GetAttributeValue, - proxy_C_SetAttributeValue, - proxy_C_FindObjectsInit, - proxy_C_FindObjects, - proxy_C_FindObjectsFinal, - proxy_C_EncryptInit, - proxy_C_Encrypt, - proxy_C_EncryptUpdate, - proxy_C_EncryptFinal, - proxy_C_DecryptInit, - proxy_C_Decrypt, - proxy_C_DecryptUpdate, - proxy_C_DecryptFinal, - proxy_C_DigestInit, - proxy_C_Digest, - proxy_C_DigestUpdate, - proxy_C_DigestKey, - proxy_C_DigestFinal, - proxy_C_SignInit, - proxy_C_Sign, - proxy_C_SignUpdate, - proxy_C_SignFinal, - proxy_C_SignRecoverInit, - proxy_C_SignRecover, - proxy_C_VerifyInit, - proxy_C_Verify, - proxy_C_VerifyUpdate, - proxy_C_VerifyFinal, - proxy_C_VerifyRecoverInit, - proxy_C_VerifyRecover, - proxy_C_DigestEncryptUpdate, - proxy_C_DecryptDigestUpdate, - proxy_C_SignEncryptUpdate, - proxy_C_DecryptVerifyUpdate, - proxy_C_GenerateKey, - proxy_C_GenerateKeyPair, - proxy_C_WrapKey, - proxy_C_UnwrapKey, - proxy_C_DeriveKey, - proxy_C_SeedRandom, - proxy_C_GenerateRandom, - proxy_C_WaitForSlotEvent, -}; - -#ifdef OS_WIN32 -__declspec(dllexport) -#endif -CK_RV -C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) -{ - CK_FUNCTION_LIST_PTR module = NULL; - CK_FUNCTION_LIST **loaded; - State *state; - CK_RV rv = CKR_OK; - - p11_library_init_once (); - p11_lock (); - - if (all_modules == NULL) { - /* WARNING: Reentrancy can occur here */ - rv = p11_modules_load_inlock_reentrant (0, &loaded); - if (rv == CKR_OK) { - if (all_modules == NULL) - all_modules = loaded; - else - p11_modules_release_inlock_reentrant (loaded); - } - } - - if (rv == CKR_OK && p11_virtual_can_wrap ()) { - state = calloc (1, sizeof (State)); - if (!state) { - rv = CKR_HOST_MEMORY; - - } else { - p11_virtual_init (&state->virt, &proxy_functions, state, NULL); - state->last_handle = FIRST_HANDLE; - - module = p11_virtual_wrap (&state->virt, free); - if (module == NULL) { - rv = CKR_GENERAL_ERROR; - - } else { - state->wrapped = module; - state->next = all_instances; - all_instances = state; - } - } - } - - if (rv == CKR_OK) { - if (module == NULL) - module = &module_functions; - - /* We use this as a check below */ - module->C_WaitForSlotEvent = module_C_WaitForSlotEvent; - *list = module; - } - - p11_unlock (); - - return rv; -} - -void -p11_proxy_module_cleanup (void) -{ - State *state, *next; - - state = all_instances; - all_instances = NULL; - - for (; state != NULL; state = next) { - next = state->next; - p11_virtual_unwrap (state->wrapped); - } - - if (all_modules) { - p11_kit_modules_release (all_modules); - all_modules = NULL; - } -} - -bool -p11_proxy_module_check (CK_FUNCTION_LIST_PTR module) -{ - return (module->C_WaitForSlotEvent == module_C_WaitForSlotEvent); -} diff --git a/p11-kit/proxy.h b/p11-kit/proxy.h deleted file mode 100644 index f3d56d7..0000000 --- a/p11-kit/proxy.h +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@redhat.com> - */ - -#ifndef __P11_PROXY_H__ -#define __P11_PROXY_H__ - -bool p11_proxy_module_check (CK_FUNCTION_LIST_PTR module); - -void p11_proxy_module_cleanup (void); - - -#endif /* __P11_PROXY_H__ */ diff --git a/p11-kit/remote.c b/p11-kit/remote.c deleted file mode 100644 index 7717277..0000000 --- a/p11-kit/remote.c +++ /dev/null @@ -1,111 +0,0 @@ -/* - * Copyright (C) 2014 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@redhat.com> - */ - -#include "config.h" - -#include "compat.h" -#include "debug.h" -#include "message.h" -#include "p11-kit.h" -#include "remote.h" -#include "tool.h" - -#include <assert.h> -#include <errno.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> - -int -main (int argc, - char *argv[]) -{ - CK_FUNCTION_LIST *module; - int opt; - int ret; - - enum { - opt_verbose = 'v', - opt_help = 'h', - }; - - struct option options[] = { - { "verbose", no_argument, NULL, opt_verbose }, - { "help", no_argument, NULL, opt_help }, - { 0 }, - }; - - p11_tool_desc usages[] = { - { 0, "usage: p11-kit remote <module>" }, - { 0 }, - }; - - while ((opt = p11_tool_getopt (argc, argv, options)) != -1) { - switch (opt) { - case opt_verbose: - p11_kit_be_loud (); - break; - case opt_help: - case '?': - p11_tool_usage (usages, options); - return 0; - default: - assert_not_reached (); - break; - } - } - - argc -= optind; - argv += optind; - - if (argc != 1) { - p11_message ("specify the module to remote"); - return 2; - } - - if (isatty (0)) { - p11_message ("the 'remote' tool is not meant to be run from a terminal"); - return 2; - } - - module = p11_kit_module_load (argv[0], 0); - if (module == NULL) - return 1; - - ret = p11_kit_remote_serve_module (module, 0, 1); - p11_kit_module_release (module); - - return ret; -} diff --git a/p11-kit/remote.h b/p11-kit/remote.h deleted file mode 100644 index 12cbe6d..0000000 --- a/p11-kit/remote.h +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright (c) 2014 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@redhat.com> - */ - -#ifndef __P11_KIT_REMOTE_H__ -#define __P11_KIT_REMOTE_H__ - -#include "p11-kit/p11-kit.h" - -#ifdef __cplusplus -extern "C" { -#endif - -#ifdef P11_KIT_FUTURE_UNSTABLE_API - -int p11_kit_remote_serve_module (CK_FUNCTION_LIST *module, - int in_fd, - int out_fd); - -#endif - -#ifdef __cplusplus -} /* extern "C" */ -#endif - -#endif /* __P11_KIT_REMOTE_H__ */ diff --git a/p11-kit/rpc-client.c b/p11-kit/rpc-client.c deleted file mode 100644 index c69dcfd..0000000 --- a/p11-kit/rpc-client.c +++ /dev/null @@ -1,2104 +0,0 @@ -/* - * Copyright (C) 2008 Stefan Walter - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@gnome.org> - */ - -#include "config.h" - -#define P11_DEBUG_FLAG P11_DEBUG_RPC -#include "debug.h" -#include "pkcs11.h" -#include "pkcs11x.h" -#include "library.h" -#include "message.h" -#include "private.h" -#include "rpc.h" -#include "rpc-message.h" -#include "virtual.h" - -#include <assert.h> -#include <string.h> -#include <unistd.h> - -/* The error used by us when parsing of rpc message fails */ -#define PARSE_ERROR CKR_DEVICE_ERROR - -typedef struct { - p11_mutex_t mutex; - p11_rpc_client_vtable *vtable; - unsigned int initialized_forkid; - bool initialize_done; -} rpc_client; - -/* Allocator for call session buffers */ -static void * -log_allocator (void *pointer, - size_t size) -{ - void *result = realloc (pointer, (size_t)size); - return_val_if_fail (!size || result != NULL, NULL); - return result; -} - -static CK_RV -call_prepare (rpc_client *module, - p11_rpc_message *msg, - int call_id) -{ - p11_buffer *buffer; - - assert (module != NULL); - assert (msg != NULL); - - if (module->initialized_forkid != p11_forkid) - return CKR_CRYPTOKI_NOT_INITIALIZED; - if (!module->initialize_done) - return CKR_DEVICE_REMOVED; - - buffer = p11_rpc_buffer_new_full (64, log_allocator, free); - return_val_if_fail (buffer != NULL, CKR_GENERAL_ERROR); - - /* We use the same buffer for reading and writing */ - p11_rpc_message_init (msg, buffer, buffer); - - /* Put in the Call ID and signature */ - if (!p11_rpc_message_prep (msg, call_id, P11_RPC_REQUEST)) - return_val_if_reached (CKR_HOST_MEMORY); - - p11_debug ("prepared call: %d", call_id); - return CKR_OK; -} - -static CK_RV -call_run (rpc_client *module, - p11_rpc_message *msg) -{ - CK_RV ret = CKR_OK; - CK_ULONG ckerr; - - int call_id; - - assert (module != NULL); - assert (msg != NULL); - - /* Did building the call fail? */ - if (p11_buffer_failed (msg->output)) - return_val_if_reached (CKR_HOST_MEMORY); - - /* Make sure that the signature is valid */ - assert (p11_rpc_message_is_verified (msg)); - call_id = msg->call_id; - - /* Do the transport send and receive */ - assert (module->vtable->transport != NULL); - ret = (module->vtable->transport) (module->vtable, - msg->output, - msg->input); - - if (ret != CKR_OK) - return ret; - - if (!p11_rpc_message_parse (msg, P11_RPC_RESPONSE)) - return CKR_DEVICE_ERROR; - - /* If it's an error code then return it */ - if (msg->call_id == P11_RPC_CALL_ERROR) { - if (!p11_rpc_message_read_ulong (msg, &ckerr)) { - p11_message ("invalid rpc error response: too short"); - return CKR_DEVICE_ERROR; - } - - if (ckerr <= CKR_OK) { - p11_message ("invalid rpc error response: bad error code"); - return CKR_DEVICE_ERROR; - } - - /* An error code from the other side */ - return (CK_RV)ckerr; - } - - /* Make sure other side answered the right call */ - if (call_id != msg->call_id) { - p11_message ("invalid rpc response: call mismatch"); - return CKR_DEVICE_ERROR; - } - - assert (!p11_buffer_failed (msg->input)); - - p11_debug ("parsing response values"); - return CKR_OK; -} - -static CK_RV -call_done (rpc_client *module, - p11_rpc_message *msg, - CK_RV ret) -{ - assert (module != NULL); - assert (msg != NULL); - - /* Check for parsing errors that were not caught elsewhere */ - if (ret == CKR_OK) { - if (p11_buffer_failed (msg->input)) { - p11_message ("invalid rpc response: bad argument data"); - ret = CKR_GENERAL_ERROR; - } else { - /* Double check that the signature matched our decoding */ - assert (p11_rpc_message_is_verified (msg)); - } - } - - /* We used the same buffer for input/output, so this frees both */ - assert (msg->input == msg->output); - p11_rpc_buffer_free (msg->input); - - p11_rpc_message_clear (msg); - - return ret; -} - -/* ----------------------------------------------------------------------------- - * MODULE SPECIFIC PROTOCOL CODE - */ - -static CK_RV -proto_read_attribute_array (p11_rpc_message *msg, - CK_ATTRIBUTE_PTR arr, - CK_ULONG len) -{ - uint32_t i, num, value, type; - CK_ATTRIBUTE_PTR attr; - const unsigned char *attrval = NULL; - size_t attrlen = 0; - unsigned char validity; - CK_RV ret; - - assert (len != 0); - assert (msg != NULL); - assert (msg->input != NULL); - - /* Make sure this is in the right order */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "aA")); - - /* Get the number of items. We need this value to be correct */ - if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &num)) - return PARSE_ERROR; - - /* - * This should never happen in normal operation. It denotes a goof up - * on the other side of our RPC. We should be indicating the exact number - * of attributes to the other side. And it should respond with the same - * number. - */ - if (len != num) { - p11_message ("received an attribute array with wrong number of attributes"); - return PARSE_ERROR; - } - - ret = CKR_OK; - - /* We need to go ahead and read everything in all cases */ - for (i = 0; i < num; ++i) { - - /* The attribute type */ - p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &type); - - /* Attribute validity */ - p11_rpc_buffer_get_byte (msg->input, &msg->parsed, &validity); - - /* And the data itself */ - if (validity) { - if (p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &value) && - p11_rpc_buffer_get_byte_array (msg->input, &msg->parsed, &attrval, &attrlen)) { - if (attrval && value != attrlen) { - p11_message ("attribute length does not match attribute data"); - return PARSE_ERROR; - } - attrlen = value; - } - } - - /* Don't act on this data unless no errors */ - if (p11_buffer_failed (msg->input)) - break; - - /* Try and stuff it in the output data */ - if (arr) { - attr = &(arr[i]); - if (attr->type != type) { - p11_message ("returned attributes in invalid order"); - return PARSE_ERROR; - } - - if (validity) { - /* Just requesting the attribute size */ - if (!attr->pValue) { - attr->ulValueLen = attrlen; - - /* Wants attribute data, but too small */ - } else if (attr->ulValueLen < attrlen) { - attr->ulValueLen = attrlen; - ret = CKR_BUFFER_TOO_SMALL; - - /* Wants attribute data, value is null */ - } else if (attrval == NULL) { - attr->ulValueLen = 0; - - /* Wants attribute data, enough space */ - } else { - attr->ulValueLen = attrlen; - memcpy (attr->pValue, attrval, attrlen); - } - - /* Not a valid attribute */ - } else { - attr->ulValueLen = ((CK_ULONG)-1); - } - } - } - - if (p11_buffer_failed (msg->input)) - return PARSE_ERROR; - - /* Read in the code that goes along with these attributes */ - if (!p11_rpc_message_read_ulong (msg, &ret)) - return PARSE_ERROR; - - return ret; -} - -static CK_RV -proto_read_byte_array (p11_rpc_message *msg, - CK_BYTE_PTR arr, - CK_ULONG_PTR len, - CK_ULONG max) -{ - const unsigned char *val; - unsigned char valid; - uint32_t length; - size_t vlen; - - assert (len != NULL); - assert (msg != NULL); - assert (msg->input != NULL); - - /* Make sure this is in the right order */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "ay")); - - /* A single byte which determines whether valid or not */ - if (!p11_rpc_buffer_get_byte (msg->input, &msg->parsed, &valid)) - return PARSE_ERROR; - - /* If not valid, then just the length is encoded, this can signify CKR_BUFFER_TOO_SMALL */ - if (!valid) { - if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &length)) - return PARSE_ERROR; - - *len = length; - - if (arr) - return CKR_BUFFER_TOO_SMALL; - else - return CKR_OK; - } - - /* Get the actual bytes */ - if (!p11_rpc_buffer_get_byte_array (msg->input, &msg->parsed, &val, &vlen)) - return PARSE_ERROR; - - *len = vlen; - - /* Just asking us for size */ - if (!arr) - return CKR_OK; - - if (max < vlen) - return CKR_BUFFER_TOO_SMALL; - - /* Enough space, yay */ - memcpy (arr, val, vlen); - return CKR_OK; -} - -static CK_RV -proto_read_ulong_array (p11_rpc_message *msg, CK_ULONG_PTR arr, - CK_ULONG_PTR len, CK_ULONG max) -{ - uint32_t i, num; - uint64_t val; - unsigned char valid; - - assert (len != NULL); - assert (msg != NULL); - assert (msg->input != NULL); - - /* Make sure this is in the right order */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "au")); - - /* A single byte which determines whether valid or not */ - if (!p11_rpc_buffer_get_byte (msg->input, &msg->parsed, &valid)) - return PARSE_ERROR; - - /* Get the number of items. */ - if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &num)) - return PARSE_ERROR; - - *len = num; - - /* If not valid, then just the length is encoded, this can signify CKR_BUFFER_TOO_SMALL */ - if (!valid) { - if (arr) - return CKR_BUFFER_TOO_SMALL; - else - return CKR_OK; - } - - if (max < num) - return CKR_BUFFER_TOO_SMALL; - - /* We need to go ahead and read everything in all cases */ - for (i = 0; i < num; ++i) { - p11_rpc_buffer_get_uint64 (msg->input, &msg->parsed, &val); - if (arr) - arr[i] = (CK_ULONG)val; - } - - return p11_buffer_failed (msg->input) ? PARSE_ERROR : CKR_OK; -} - -/* Used to override the supported mechanisms in tests */ -CK_MECHANISM_TYPE *p11_rpc_mechanisms_override_supported = NULL; - -static bool -mechanism_has_sane_parameters (CK_MECHANISM_TYPE type) -{ - int i; - - /* This can be set from tests, to override default set of supported */ - if (p11_rpc_mechanisms_override_supported) { - for (i = 0; p11_rpc_mechanisms_override_supported[i] != 0; i++) { - if (p11_rpc_mechanisms_override_supported[i] == type) - return true; - } - - return false; - } - - /* This list is incomplete */ - switch (type) { - case CKM_RSA_PKCS_OAEP: - case CKM_RSA_PKCS_PSS: - return true; - default: - return false; - } -} - -static bool -mechanism_has_no_parameters (CK_MECHANISM_TYPE mech) -{ - /* This list is incomplete */ - - switch (mech) { - case CKM_RSA_PKCS_KEY_PAIR_GEN: - case CKM_RSA_X9_31_KEY_PAIR_GEN: - case CKM_RSA_PKCS: - case CKM_RSA_9796: - case CKM_RSA_X_509: - case CKM_RSA_X9_31: - case CKM_MD2_RSA_PKCS: - case CKM_MD5_RSA_PKCS: - case CKM_SHA1_RSA_PKCS: - case CKM_SHA256_RSA_PKCS: - case CKM_SHA384_RSA_PKCS: - case CKM_SHA512_RSA_PKCS: - case CKM_RIPEMD128_RSA_PKCS: - case CKM_RIPEMD160_RSA_PKCS: - case CKM_SHA1_RSA_X9_31: - case CKM_DSA_KEY_PAIR_GEN: - case CKM_DSA_PARAMETER_GEN: - case CKM_DSA: - case CKM_DSA_SHA1: - case CKM_FORTEZZA_TIMESTAMP: - case CKM_EC_KEY_PAIR_GEN: - case CKM_ECDSA: - case CKM_ECDSA_SHA1: - case CKM_DH_PKCS_KEY_PAIR_GEN: - case CKM_DH_PKCS_PARAMETER_GEN: - case CKM_X9_42_DH_KEY_PAIR_GEN: - case CKM_X9_42_DH_PARAMETER_GEN: - case CKM_KEA_KEY_PAIR_GEN: - case CKM_GENERIC_SECRET_KEY_GEN: - case CKM_RC2_KEY_GEN: - case CKM_RC4_KEY_GEN: - case CKM_RC4: - case CKM_RC5_KEY_GEN: - case CKM_AES_KEY_GEN: - case CKM_AES_ECB: - case CKM_AES_MAC: - case CKM_DES_KEY_GEN: - case CKM_DES2_KEY_GEN: - case CKM_DES3_KEY_GEN: - case CKM_CDMF_KEY_GEN: - case CKM_CAST_KEY_GEN: - case CKM_CAST3_KEY_GEN: - case CKM_CAST128_KEY_GEN: - case CKM_IDEA_KEY_GEN: - case CKM_SSL3_PRE_MASTER_KEY_GEN: - case CKM_TLS_PRE_MASTER_KEY_GEN: - case CKM_SKIPJACK_KEY_GEN: - case CKM_BATON_KEY_GEN: - case CKM_JUNIPER_KEY_GEN: - case CKM_RC2_ECB: - case CKM_DES_ECB: - case CKM_DES3_ECB: - case CKM_CDMF_ECB: - case CKM_CAST_ECB: - case CKM_CAST3_ECB: - case CKM_CAST128_ECB: - case CKM_RC5_ECB: - case CKM_IDEA_ECB: - case CKM_RC2_MAC: - case CKM_DES_MAC: - case CKM_DES3_MAC: - case CKM_CDMF_MAC: - case CKM_CAST_MAC: - case CKM_CAST3_MAC: - case CKM_RC5_MAC: - case CKM_IDEA_MAC: - case CKM_SSL3_MD5_MAC: - case CKM_SSL3_SHA1_MAC: - case CKM_SKIPJACK_WRAP: - case CKM_BATON_WRAP: - case CKM_JUNIPER_WRAP: - case CKM_MD2: - case CKM_MD2_HMAC: - case CKM_MD5: - case CKM_MD5_HMAC: - case CKM_SHA_1: - case CKM_SHA_1_HMAC: - case CKM_SHA256: - case CKM_SHA256_HMAC: - case CKM_SHA384: - case CKM_SHA384_HMAC: - case CKM_SHA512: - case CKM_SHA512_HMAC: - case CKM_FASTHASH: - case CKM_RIPEMD128: - case CKM_RIPEMD128_HMAC: - case CKM_RIPEMD160: - case CKM_RIPEMD160_HMAC: - case CKM_KEY_WRAP_LYNKS: - return true; - default: - return false; - }; -} - -static bool -mechanism_is_supported (CK_MECHANISM_TYPE mech) -{ - if (mechanism_has_no_parameters (mech) || - mechanism_has_sane_parameters (mech)) - return true; - return false; -} -static void -mechanism_list_purge (CK_MECHANISM_TYPE_PTR mechs, - CK_ULONG *n_mechs) -{ - int i; - - assert (mechs != NULL); - assert (n_mechs != NULL); - - for (i = 0; i < (int)(*n_mechs); ++i) { - if (!mechanism_is_supported (mechs[i])) { - - /* Remove the mechanism from the list */ - memmove (&mechs[i], &mechs[i + 1], - (*n_mechs - i) * sizeof (CK_MECHANISM_TYPE)); - - --(*n_mechs); - --i; - } - } -} - -static CK_RV -proto_write_mechanism (p11_rpc_message *msg, - CK_MECHANISM_PTR mech) -{ - assert (msg != NULL); - assert (mech != NULL); - assert (msg->output != NULL); - - /* Make sure this is in the right order */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "M")); - - /* The mechanism type */ - p11_rpc_buffer_add_uint32 (msg->output, mech->mechanism); - - /* - * PKCS#11 mechanism parameters are not easy to serialize. They're - * completely different for so many mechanisms, they contain - * pointers to arbitrary memory, and many callers don't initialize - * them completely or properly. - * - * We only support certain mechanisms. - * - * Also callers do yucky things like leaving parts of the structure - * pointing to garbage if they don't think it's going to be used. - */ - - if (mechanism_has_no_parameters (mech->mechanism)) - p11_rpc_buffer_add_byte_array (msg->output, NULL, 0); - else if (mechanism_has_sane_parameters (mech->mechanism)) - p11_rpc_buffer_add_byte_array (msg->output, mech->pParameter, - mech->ulParameterLen); - else - return CKR_MECHANISM_INVALID; - - return p11_buffer_failed (msg->output) ? CKR_HOST_MEMORY : CKR_OK; -} - -static CK_RV -proto_read_info (p11_rpc_message *msg, - CK_INFO_PTR info) -{ - assert (msg != NULL); - assert (info != NULL); - - if (!p11_rpc_message_read_version (msg, &info->cryptokiVersion) || - !p11_rpc_message_read_space_string (msg, info->manufacturerID, 32) || - !p11_rpc_message_read_ulong (msg, &info->flags) || - !p11_rpc_message_read_space_string (msg, info->libraryDescription, 32) || - !p11_rpc_message_read_version (msg, &info->libraryVersion)) - return PARSE_ERROR; - - return CKR_OK; -} - -static CK_RV -proto_read_slot_info (p11_rpc_message *msg, - CK_SLOT_INFO_PTR info) -{ - assert (msg != NULL); - assert (info != NULL); - - if (!p11_rpc_message_read_space_string (msg, info->slotDescription, 64) || - !p11_rpc_message_read_space_string (msg, info->manufacturerID, 32) || - !p11_rpc_message_read_ulong (msg, &info->flags) || - !p11_rpc_message_read_version (msg, &info->hardwareVersion) || - !p11_rpc_message_read_version (msg, &info->firmwareVersion)) - return PARSE_ERROR; - - return CKR_OK; -} - -static CK_RV -proto_read_token_info (p11_rpc_message *msg, - CK_TOKEN_INFO_PTR info) -{ - assert (msg != NULL); - assert (info != NULL); - - if (!p11_rpc_message_read_space_string (msg, info->label, 32) || - !p11_rpc_message_read_space_string (msg, info->manufacturerID, 32) || - !p11_rpc_message_read_space_string (msg, info->model, 16) || - !p11_rpc_message_read_space_string (msg, info->serialNumber, 16) || - !p11_rpc_message_read_ulong (msg, &info->flags) || - !p11_rpc_message_read_ulong (msg, &info->ulMaxSessionCount) || - !p11_rpc_message_read_ulong (msg, &info->ulSessionCount) || - !p11_rpc_message_read_ulong (msg, &info->ulMaxRwSessionCount) || - !p11_rpc_message_read_ulong (msg, &info->ulRwSessionCount) || - !p11_rpc_message_read_ulong (msg, &info->ulMaxPinLen) || - !p11_rpc_message_read_ulong (msg, &info->ulMinPinLen) || - !p11_rpc_message_read_ulong (msg, &info->ulTotalPublicMemory) || - !p11_rpc_message_read_ulong (msg, &info->ulFreePublicMemory) || - !p11_rpc_message_read_ulong (msg, &info->ulTotalPrivateMemory) || - !p11_rpc_message_read_ulong (msg, &info->ulFreePrivateMemory) || - !p11_rpc_message_read_version (msg, &info->hardwareVersion) || - !p11_rpc_message_read_version (msg, &info->firmwareVersion) || - !p11_rpc_message_read_space_string (msg, info->utcTime, 16)) - return PARSE_ERROR; - - return CKR_OK; -} - -static CK_RV -proto_read_mechanism_info (p11_rpc_message *msg, - CK_MECHANISM_INFO_PTR info) -{ - assert (msg != NULL); - assert (info != NULL); - - if (!p11_rpc_message_read_ulong (msg, &info->ulMinKeySize) || - !p11_rpc_message_read_ulong (msg, &info->ulMaxKeySize) || - !p11_rpc_message_read_ulong (msg, &info->flags)) - return PARSE_ERROR; - - return CKR_OK; -} - -static CK_RV -proto_read_sesssion_info (p11_rpc_message *msg, - CK_SESSION_INFO_PTR info) -{ - assert (msg != NULL); - assert (info != NULL); - - if (!p11_rpc_message_read_ulong (msg, &info->slotID) || - !p11_rpc_message_read_ulong (msg, &info->state) || - !p11_rpc_message_read_ulong (msg, &info->flags) || - !p11_rpc_message_read_ulong (msg, &info->ulDeviceError)) - return PARSE_ERROR; - - return CKR_OK; -} - -/* ------------------------------------------------------------------- - * CALL MACROS - */ - -#define BEGIN_CALL_OR(call_id, self, if_no_daemon) \ - p11_debug (#call_id ": enter"); \ - { \ - rpc_client *_mod = ((p11_virtual *)self)->lower_module; p11_rpc_message _msg; \ - CK_RV _ret = call_prepare (_mod, &_msg, P11_RPC_CALL_##call_id); \ - if (_ret == CKR_DEVICE_REMOVED) return (if_no_daemon); \ - if (_ret != CKR_OK) return _ret; - -#define PROCESS_CALL \ - _ret = call_run (_mod, &_msg); \ - if (_ret != CKR_OK) goto _cleanup; - -#define RETURN(ret) \ - _ret = ret; \ - goto _cleanup; - -#define END_CALL \ - _cleanup: \ - _ret = call_done (_mod, &_msg, _ret); \ - p11_debug ("ret: %lu", _ret); \ - return _ret; \ - } - -#define IN_BYTE(val) \ - if (!p11_rpc_message_write_byte (&_msg, val)) \ - { _ret = CKR_HOST_MEMORY; goto _cleanup; } - -#define IN_ULONG(val) \ - if (!p11_rpc_message_write_ulong (&_msg, val)) \ - { _ret = CKR_HOST_MEMORY; goto _cleanup; } - -#define IN_STRING(val) \ - if (!p11_rpc_message_write_zero_string (&_msg, val)) \ - { _ret = CKR_HOST_MEMORY; goto _cleanup; } - -#define IN_BYTE_BUFFER(arr, len) \ - if (len == NULL) \ - { _ret = CKR_ARGUMENTS_BAD; goto _cleanup; } \ - if (!p11_rpc_message_write_byte_buffer (&_msg, arr ? *len : 0)) \ - { _ret = CKR_HOST_MEMORY; goto _cleanup; } - -#define IN_BYTE_ARRAY(arr, len) \ - if (len != 0 && arr == NULL) \ - { _ret = CKR_ARGUMENTS_BAD; goto _cleanup; } \ - if (!p11_rpc_message_write_byte_array (&_msg, arr, len)) \ - { _ret = CKR_HOST_MEMORY; goto _cleanup; } - -#define IN_ULONG_BUFFER(arr, len) \ - if (len == NULL) \ - { _ret = CKR_ARGUMENTS_BAD; goto _cleanup; } \ - if (!p11_rpc_message_write_ulong_buffer (&_msg, arr ? *len : 0)) \ - { _ret = CKR_HOST_MEMORY; goto _cleanup; } - -#define IN_ULONG_ARRAY(arr, len) \ - if (len != 0 && arr == NULL) \ - { _ret = CKR_ARGUMENTS_BAD; goto _cleanup; }\ - if (!p11_rpc_message_write_ulong_array (&_msg, arr, len)) \ - { _ret = CKR_HOST_MEMORY; goto _cleanup; } - -#define IN_ATTRIBUTE_BUFFER(arr, num) \ - if (num != 0 && arr == NULL) \ - { _ret = CKR_ARGUMENTS_BAD; goto _cleanup; } \ - if (!p11_rpc_message_write_attribute_buffer (&_msg, (arr), (num))) \ - { _ret = CKR_HOST_MEMORY; goto _cleanup; } - -#define IN_ATTRIBUTE_ARRAY(arr, num) \ - if (num != 0 && arr == NULL) \ - { _ret = CKR_ARGUMENTS_BAD; goto _cleanup; } \ - if (!p11_rpc_message_write_attribute_array (&_msg, (arr), (num))) \ - { _ret = CKR_HOST_MEMORY; goto _cleanup; } - -#define IN_MECHANISM_TYPE(val) \ - if(!mechanism_is_supported (val)) \ - { _ret = CKR_MECHANISM_INVALID; goto _cleanup; } \ - if (!p11_rpc_message_write_ulong (&_msg, val)) \ - { _ret = CKR_HOST_MEMORY; goto _cleanup; } - -#define IN_MECHANISM(val) \ - if (val == NULL) \ - { _ret = CKR_ARGUMENTS_BAD; goto _cleanup; } \ - _ret = proto_write_mechanism (&_msg, val); \ - if (_ret != CKR_OK) goto _cleanup; - - - -#define OUT_ULONG(val) \ - if (val == NULL) \ - _ret = CKR_ARGUMENTS_BAD; \ - if (_ret == CKR_OK && !p11_rpc_message_read_ulong (&_msg, val)) \ - _ret = PARSE_ERROR; - -#define OUT_BYTE_ARRAY(arr, len) \ - if (len == NULL) \ - _ret = CKR_ARGUMENTS_BAD; \ - if (_ret == CKR_OK) \ - _ret = proto_read_byte_array (&_msg, (arr), (len), *(len)); - -#define OUT_ULONG_ARRAY(a, len) \ - if (len == NULL) \ - _ret = CKR_ARGUMENTS_BAD; \ - if (_ret == CKR_OK) \ - _ret = proto_read_ulong_array (&_msg, (a), (len), *(len)); - -#define OUT_ATTRIBUTE_ARRAY(arr, num) \ - if (_ret == CKR_OK) \ - _ret = proto_read_attribute_array (&_msg, (arr), (num)); - -#define OUT_INFO(info) \ - if (info == NULL) \ - _ret = CKR_ARGUMENTS_BAD; \ - if (_ret == CKR_OK) \ - _ret = proto_read_info (&_msg, info); - -#define OUT_SLOT_INFO(info) \ - if (info == NULL) \ - _ret = CKR_ARGUMENTS_BAD; \ - if (_ret == CKR_OK) \ - _ret = proto_read_slot_info (&_msg, info); - -#define OUT_TOKEN_INFO(info) \ - if (info == NULL) \ - _ret = CKR_ARGUMENTS_BAD; \ - if (_ret == CKR_OK) \ - _ret = proto_read_token_info (&_msg, info); - -#define OUT_SESSION_INFO(info) \ - if (info == NULL) \ - _ret = CKR_ARGUMENTS_BAD; \ - if (_ret == CKR_OK) \ - _ret = proto_read_sesssion_info (&_msg, info); - -#define OUT_MECHANISM_TYPE_ARRAY(arr, len) \ - if (len == NULL) \ - _ret = CKR_ARGUMENTS_BAD; \ - if (_ret == CKR_OK) \ - _ret = proto_read_ulong_array (&_msg, (arr), (len), *(len)); \ - if (_ret == CKR_OK && arr) \ - mechanism_list_purge (arr, len); - -#define OUT_MECHANISM_INFO(info) \ - if (info == NULL) \ - _ret = CKR_ARGUMENTS_BAD; \ - if (_ret == CKR_OK) \ - _ret = proto_read_mechanism_info (&_msg, info); - - -/* ------------------------------------------------------------------- - * INITIALIZATION and 'GLOBAL' CALLS - */ - -static CK_RV -rpc_C_Initialize (CK_X_FUNCTION_LIST *self, - CK_VOID_PTR init_args) -{ - rpc_client *module = ((p11_virtual *)self)->lower_module; - CK_C_INITIALIZE_ARGS_PTR args = NULL; - void *reserved = NULL; - CK_RV ret = CKR_OK; - p11_rpc_message msg; - - assert (module != NULL); - p11_debug ("C_Initialize: enter"); - - if (init_args != NULL) { - int supplied_ok; - - /* - * pReserved is either a string or NULL. Other cases - * should be rejected by the caller of this function. - */ - args = init_args; - - /* ALL supplied function pointers need to have the value either NULL or non-NULL. */ - supplied_ok = (args->CreateMutex == NULL && args->DestroyMutex == NULL && - args->LockMutex == NULL && args->UnlockMutex == NULL) || - (args->CreateMutex != NULL && args->DestroyMutex != NULL && - args->LockMutex != NULL && args->UnlockMutex != NULL); - if (!supplied_ok) { - p11_message ("invalid set of mutex calls supplied"); - return CKR_ARGUMENTS_BAD; - } - - /* - * When the CKF_OS_LOCKING_OK flag isn't set return an error. - * We must be able to use our mutex functionality. - */ - if (!(args->flags & CKF_OS_LOCKING_OK)) { - p11_message ("can't do without os locking"); - return CKR_CANT_LOCK; - } - - if (args->pReserved) - reserved = args->pReserved; - } - - p11_mutex_lock (&module->mutex); - - if (module->initialized_forkid != 0) { - /* This process has called C_Initialize already */ - if (p11_forkid == module->initialized_forkid) { - p11_message ("C_Initialize called twice for same process"); - ret = CKR_CRYPTOKI_ALREADY_INITIALIZED; - goto done; - } - } - - /* Call out to initialize client callback */ - assert (module->vtable->connect != NULL); - ret = (module->vtable->connect) (module->vtable, reserved); - - /* Successfully initialized */ - if (ret == CKR_OK) { - module->initialized_forkid = p11_forkid; - module->initialize_done = true; - - /* Server doesn't exist, initialize but don't call */ - } else if (ret == CKR_DEVICE_REMOVED) { - module->initialized_forkid = p11_forkid; - module->initialize_done = false; - ret = CKR_OK; - goto done; - - } else { - goto done; - } - - /* If we don't have read and write fds now, then initialize other side */ - ret = call_prepare (module, &msg, P11_RPC_CALL_C_Initialize); - if (ret == CKR_OK) - if (!p11_rpc_message_write_byte_array (&msg, P11_RPC_HANDSHAKE, P11_RPC_HANDSHAKE_LEN)) - ret = CKR_HOST_MEMORY; - if (ret == CKR_OK) { - if (!p11_rpc_message_write_byte (&msg, reserved != NULL)) - ret = CKR_HOST_MEMORY; - } - if (ret == CKR_OK) { - char *reserved_string = ""; - if (reserved != NULL) - reserved_string = (char *) reserved; - if (!p11_rpc_message_write_byte_array (&msg, (CK_BYTE_PTR) reserved_string, strlen (reserved_string) + 1)) - ret = CKR_HOST_MEMORY; - } - if (ret == CKR_OK) - ret = call_run (module, &msg); - call_done (module, &msg, ret); - -done: - /* If failed then unmark initialized */ - if (ret != CKR_OK && ret != CKR_CRYPTOKI_ALREADY_INITIALIZED) - module->initialized_forkid = 0; - - /* If we told our caller that we're initialized, but not really, then finalize */ - if (ret != CKR_OK && module->initialize_done) { - module->initialize_done = false; - assert (module->vtable->disconnect != NULL); - (module->vtable->disconnect) (module->vtable, reserved); - } - - p11_mutex_unlock (&module->mutex); - - p11_debug ("C_Initialize: %lu", ret); - return ret; -} - -static CK_RV -rpc_C_Finalize (CK_X_FUNCTION_LIST *self, - CK_VOID_PTR reserved) -{ - rpc_client *module = ((p11_virtual *)self)->lower_module; - CK_RV ret = CKR_OK; - p11_rpc_message msg; - - p11_debug ("C_Finalize: enter"); - return_val_if_fail (module->initialized_forkid == p11_forkid, CKR_CRYPTOKI_NOT_INITIALIZED); - return_val_if_fail (!reserved, CKR_ARGUMENTS_BAD); - - p11_mutex_lock (&module->mutex); - - if (module->initialize_done) { - ret = call_prepare (module, &msg, P11_RPC_CALL_C_Finalize); - if (ret == CKR_OK) - ret = call_run (module, &msg); - call_done (module, &msg, ret); - if (ret != CKR_OK) - p11_message ("finalizing rpc module returned an error: %lu", ret); - - module->initialize_done = false; - assert (module->vtable->disconnect != NULL); - (module->vtable->disconnect) (module->vtable, reserved); - } - - module->initialized_forkid = 0; - - p11_mutex_unlock (&module->mutex); - - p11_debug ("C_Finalize: %lu", CKR_OK); - return CKR_OK; -} - -static CK_RV -fill_stand_in_info (CK_INFO_PTR info) -{ - static CK_INFO stand_in_info = { - { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, - "p11-kit ", - 0, - "p11-kit (no connection) ", - { 1, 1 }, - }; - memcpy (info, &stand_in_info, sizeof (CK_INFO)); - return CKR_OK; - -} - -static CK_RV -rpc_C_GetInfo (CK_X_FUNCTION_LIST *self, - CK_INFO_PTR info) -{ - return_val_if_fail (info, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_GetInfo, self, fill_stand_in_info (info)); - PROCESS_CALL; - OUT_INFO (info); - END_CALL; -} - -static CK_RV -rpc_C_GetSlotList (CK_X_FUNCTION_LIST *self, - CK_BBOOL token_present, - CK_SLOT_ID_PTR slot_list, - CK_ULONG_PTR count) -{ - return_val_if_fail (count, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_GetSlotList, self, (*count = 0, CKR_OK)); - IN_BYTE (token_present); - IN_ULONG_BUFFER (slot_list, count); - PROCESS_CALL; - OUT_ULONG_ARRAY (slot_list, count); - END_CALL; -} - -static CK_RV -rpc_C_GetSlotInfo (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_SLOT_INFO_PTR info) -{ - return_val_if_fail (info, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_GetSlotInfo, self, CKR_SLOT_ID_INVALID); - IN_ULONG (slot_id); - PROCESS_CALL; - OUT_SLOT_INFO (info); - END_CALL; -} - -static CK_RV -rpc_C_GetTokenInfo (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_TOKEN_INFO_PTR info) -{ - return_val_if_fail (info, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_GetTokenInfo, self, CKR_SLOT_ID_INVALID); - IN_ULONG (slot_id); - PROCESS_CALL; - OUT_TOKEN_INFO (info); - END_CALL; -} - -static CK_RV -rpc_C_GetMechanismList (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_MECHANISM_TYPE_PTR mechanism_list, - CK_ULONG_PTR count) -{ - return_val_if_fail (count, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_GetMechanismList, self, CKR_SLOT_ID_INVALID); - IN_ULONG (slot_id); - IN_ULONG_BUFFER (mechanism_list, count); - PROCESS_CALL; - OUT_MECHANISM_TYPE_ARRAY (mechanism_list, count); - END_CALL; -} - -static CK_RV -rpc_C_GetMechanismInfo (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_MECHANISM_TYPE type, - CK_MECHANISM_INFO_PTR info) -{ - return_val_if_fail (info, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_GetMechanismInfo, self, CKR_SLOT_ID_INVALID); - IN_ULONG (slot_id); - IN_MECHANISM_TYPE (type); - PROCESS_CALL; - OUT_MECHANISM_INFO (info); - END_CALL; -} - -static CK_RV -rpc_C_InitToken (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_UTF8CHAR_PTR pin, CK_ULONG pin_len, - CK_UTF8CHAR_PTR label) -{ - BEGIN_CALL_OR (C_InitToken, self, CKR_SLOT_ID_INVALID); - IN_ULONG (slot_id); - IN_BYTE_ARRAY (pin, pin_len); - IN_STRING (label); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_WaitForSlotEvent (CK_X_FUNCTION_LIST *self, - CK_FLAGS flags, - CK_SLOT_ID_PTR slot, - CK_VOID_PTR reserved) -{ - return_val_if_fail (slot, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_WaitForSlotEvent, self, CKR_DEVICE_REMOVED); - IN_ULONG (flags); - PROCESS_CALL; - OUT_ULONG (slot); - END_CALL; -} - -static CK_RV -rpc_C_OpenSession (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_FLAGS flags, - CK_VOID_PTR user_data, - CK_NOTIFY callback, - CK_SESSION_HANDLE_PTR session) -{ - return_val_if_fail (session, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_OpenSession, self, CKR_SLOT_ID_INVALID); - IN_ULONG (slot_id); - IN_ULONG (flags); - PROCESS_CALL; - OUT_ULONG (session); - END_CALL; -} - -static CK_RV -rpc_C_CloseSession (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session) -{ - BEGIN_CALL_OR (C_CloseSession, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_CloseAllSessions (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id) -{ - BEGIN_CALL_OR (C_CloseAllSessions, self, CKR_SLOT_ID_INVALID); - IN_ULONG (slot_id); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_GetSessionInfo (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_SESSION_INFO_PTR info) -{ - return_val_if_fail (info, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_GetSessionInfo, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - PROCESS_CALL; - OUT_SESSION_INFO (info); - END_CALL; -} - -static CK_RV -rpc_C_InitPIN (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len) -{ - BEGIN_CALL_OR (C_InitPIN, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (pin, pin_len); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_SetPIN (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_UTF8CHAR_PTR old_pin, - CK_ULONG old_pin_len, - CK_UTF8CHAR_PTR new_pin, - CK_ULONG new_pin_len) -{ - BEGIN_CALL_OR (C_SetPIN, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (old_pin, old_pin_len); - IN_BYTE_ARRAY (new_pin, new_pin_len); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_GetOperationState (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR operation_state, - CK_ULONG_PTR operation_state_len) -{ - return_val_if_fail (operation_state_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_GetOperationState, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_BUFFER (operation_state, operation_state_len); - PROCESS_CALL; - OUT_BYTE_ARRAY (operation_state, operation_state_len); - END_CALL; -} - -static CK_RV -rpc_C_SetOperationState (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR operation_state, - CK_ULONG operation_state_len, - CK_OBJECT_HANDLE encryption_key, - CK_OBJECT_HANDLE authentication_key) -{ - BEGIN_CALL_OR (C_SetOperationState, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (operation_state, operation_state_len); - IN_ULONG (encryption_key); - IN_ULONG (authentication_key); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_Login (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_USER_TYPE user_type, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len) -{ - BEGIN_CALL_OR (C_Login, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_ULONG (user_type); - IN_BYTE_ARRAY (pin, pin_len); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_Logout (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session) -{ - BEGIN_CALL_OR (C_Logout, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_CreateObject (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR new_object) -{ - return_val_if_fail (new_object, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_CreateObject, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_ATTRIBUTE_ARRAY (template, count); - PROCESS_CALL; - OUT_ULONG (new_object); - END_CALL; -} - -static CK_RV -rpc_C_CopyObject (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR new_object) -{ - return_val_if_fail (new_object, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_CopyObject, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_ULONG (object); - IN_ATTRIBUTE_ARRAY (template, count); - PROCESS_CALL; - OUT_ULONG (new_object); - END_CALL; -} - - -static CK_RV -rpc_C_DestroyObject (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object) -{ - BEGIN_CALL_OR (C_DestroyObject, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_ULONG (object); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_GetObjectSize (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ULONG_PTR size) -{ - return_val_if_fail (size, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_GetObjectSize, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_ULONG (object); - PROCESS_CALL; - OUT_ULONG (size); - END_CALL; -} - -static CK_RV -rpc_C_GetAttributeValue (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - BEGIN_CALL_OR (C_GetAttributeValue, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_ULONG (object); - IN_ATTRIBUTE_BUFFER (template, count); - PROCESS_CALL; - OUT_ATTRIBUTE_ARRAY (template, count); - END_CALL; -} - -static CK_RV -rpc_C_SetAttributeValue (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - BEGIN_CALL_OR (C_SetAttributeValue, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_ULONG (object); - IN_ATTRIBUTE_ARRAY (template, count); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_FindObjectsInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - BEGIN_CALL_OR (C_FindObjectsInit, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_ATTRIBUTE_ARRAY (template, count); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_FindObjects (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE_PTR objects, - CK_ULONG max_count, - CK_ULONG_PTR count) -{ - /* HACK: To fix a stupid gcc warning */ - CK_ULONG_PTR address_of_max_count = &max_count; - - return_val_if_fail (count, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_FindObjects, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_ULONG_BUFFER (objects, address_of_max_count); - PROCESS_CALL; - *count = max_count; - OUT_ULONG_ARRAY (objects, count); - END_CALL; -} - -static CK_RV -rpc_C_FindObjectsFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session) -{ - BEGIN_CALL_OR (C_FindObjectsFinal, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_EncryptInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - BEGIN_CALL_OR (C_EncryptInit, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ULONG (key); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_Encrypt (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR encrypted_data, - CK_ULONG_PTR encrypted_data_len) -{ - return_val_if_fail (encrypted_data_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_Encrypt, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (data, data_len); - IN_BYTE_BUFFER (encrypted_data, encrypted_data_len); - PROCESS_CALL; - OUT_BYTE_ARRAY (encrypted_data, encrypted_data_len); - END_CALL; -} - -static CK_RV -rpc_C_EncryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR encrypted_part, - CK_ULONG_PTR encrypted_part_len) -{ - return_val_if_fail (encrypted_part_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_EncryptUpdate, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (part, part_len); - IN_BYTE_BUFFER (encrypted_part, encrypted_part_len); - PROCESS_CALL; - OUT_BYTE_ARRAY (encrypted_part, encrypted_part_len); - END_CALL; -} - -static CK_RV -rpc_C_EncryptFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR last_part, - CK_ULONG_PTR last_part_len) -{ - return_val_if_fail (last_part_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_EncryptFinal, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_BUFFER (last_part, last_part_len); - PROCESS_CALL; - OUT_BYTE_ARRAY (last_part, last_part_len); - END_CALL; -} - -static CK_RV -rpc_C_DecryptInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - BEGIN_CALL_OR (C_DecryptInit, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ULONG (key); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_Decrypt (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR enc_data, - CK_ULONG enc_data_len, - CK_BYTE_PTR data, - CK_ULONG_PTR data_len) -{ - return_val_if_fail (data_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_Decrypt, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (enc_data, enc_data_len); - IN_BYTE_BUFFER (data, data_len); - PROCESS_CALL; - OUT_BYTE_ARRAY (data, data_len); - END_CALL; -} - -static CK_RV -rpc_C_DecryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - return_val_if_fail (part_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_DecryptUpdate, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (enc_part, enc_part_len); - IN_BYTE_BUFFER (part, part_len); - PROCESS_CALL; - OUT_BYTE_ARRAY (part, part_len); - END_CALL; -} - -static CK_RV -rpc_C_DecryptFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR last_part, - CK_ULONG_PTR last_part_len) -{ - return_val_if_fail (last_part_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_DecryptFinal, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_BUFFER (last_part, last_part_len); - PROCESS_CALL; - OUT_BYTE_ARRAY (last_part, last_part_len); - END_CALL; -} - -static CK_RV -rpc_C_DigestInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism) -{ - BEGIN_CALL_OR (C_DigestInit, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_MECHANISM (mechanism); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_Digest (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len) -{ - return_val_if_fail (digest_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_Digest, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (data, data_len); - IN_BYTE_BUFFER (digest, digest_len); - PROCESS_CALL; - OUT_BYTE_ARRAY (digest, digest_len); - END_CALL; -} - -static CK_RV -rpc_C_DigestUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - BEGIN_CALL_OR (C_DigestUpdate, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (part, part_len); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_DigestKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE key) -{ - BEGIN_CALL_OR (C_DigestKey, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_ULONG (key); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_DigestFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len) -{ - return_val_if_fail (digest_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_DigestFinal, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_BUFFER (digest, digest_len); - PROCESS_CALL; - OUT_BYTE_ARRAY (digest, digest_len); - END_CALL; -} - -static CK_RV -rpc_C_SignInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - BEGIN_CALL_OR (C_SignInit, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ULONG (key); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_Sign (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_Sign, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (data, data_len); - IN_BYTE_BUFFER (signature, signature_len); - PROCESS_CALL; - OUT_BYTE_ARRAY (signature, signature_len); - END_CALL; -} - -static CK_RV -rpc_C_SignUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - return_val_if_fail (part_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_SignUpdate, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (part, part_len); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_SignFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_SignFinal, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_BUFFER (signature, signature_len); - PROCESS_CALL; - OUT_BYTE_ARRAY (signature, signature_len); - END_CALL; -} - -static CK_RV -rpc_C_SignRecoverInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - BEGIN_CALL_OR (C_SignRecoverInit, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ULONG (key); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_SignRecover (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR signature, CK_ULONG_PTR signature_len) -{ - return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_SignRecover, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (data, data_len); - IN_BYTE_BUFFER (signature, signature_len); - PROCESS_CALL; - OUT_BYTE_ARRAY (signature, signature_len); - END_CALL; -} - -static CK_RV -rpc_C_VerifyInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - BEGIN_CALL_OR (C_VerifyInit, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ULONG (key); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_Verify (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR signature, - CK_ULONG signature_len) -{ - BEGIN_CALL_OR (C_Verify, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (data, data_len); - IN_BYTE_ARRAY (signature, signature_len); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_VerifyUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - BEGIN_CALL_OR (C_VerifyUpdate, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (part, part_len); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_VerifyFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR signature, - CK_ULONG signature_len) -{ - BEGIN_CALL_OR (C_VerifyFinal, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (signature, signature_len); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_VerifyRecoverInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - BEGIN_CALL_OR (C_VerifyRecoverInit, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ULONG (key); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_VerifyRecover (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR signature, - CK_ULONG signature_len, - CK_BYTE_PTR data, - CK_ULONG_PTR data_len) -{ - return_val_if_fail (data_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_VerifyRecover, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (signature, signature_len); - IN_BYTE_BUFFER (data, data_len); - PROCESS_CALL; - OUT_BYTE_ARRAY (data, data_len); - END_CALL; -} - -static CK_RV -rpc_C_DigestEncryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR enc_part, - CK_ULONG_PTR enc_part_len) -{ - return_val_if_fail (enc_part_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_DigestEncryptUpdate, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (part, part_len); - IN_BYTE_BUFFER (enc_part, enc_part_len); - PROCESS_CALL; - OUT_BYTE_ARRAY (enc_part, enc_part_len); - END_CALL; -} - -static CK_RV -rpc_C_DecryptDigestUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - return_val_if_fail (part_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_DecryptDigestUpdate, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (enc_part, enc_part_len); - IN_BYTE_BUFFER (part, part_len); - PROCESS_CALL; - OUT_BYTE_ARRAY (part, part_len); - END_CALL; -} - -static CK_RV -rpc_C_SignEncryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR enc_part, - CK_ULONG_PTR enc_part_len) -{ - return_val_if_fail (enc_part_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_SignEncryptUpdate, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (part, part_len); - IN_BYTE_BUFFER (enc_part, enc_part_len); - PROCESS_CALL; - OUT_BYTE_ARRAY (enc_part, enc_part_len); - END_CALL; -} - -static CK_RV -rpc_C_DecryptVerifyUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - return_val_if_fail (part_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_DecryptVerifyUpdate, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (enc_part, enc_part_len); - IN_BYTE_BUFFER (part, part_len); - PROCESS_CALL; - OUT_BYTE_ARRAY (part, part_len); - END_CALL; -} - -static CK_RV -rpc_C_GenerateKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - BEGIN_CALL_OR (C_GenerateKey, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ATTRIBUTE_ARRAY (template, count); - PROCESS_CALL; - OUT_ULONG (key); - END_CALL; -} - -static CK_RV -rpc_C_GenerateKeyPair (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR pub_template, - CK_ULONG pub_count, - CK_ATTRIBUTE_PTR priv_template, - CK_ULONG priv_count, - CK_OBJECT_HANDLE_PTR pub_key, - CK_OBJECT_HANDLE_PTR priv_key) -{ - BEGIN_CALL_OR (C_GenerateKeyPair, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ATTRIBUTE_ARRAY (pub_template, pub_count); - IN_ATTRIBUTE_ARRAY (priv_template, priv_count); - PROCESS_CALL; - OUT_ULONG (pub_key); - OUT_ULONG (priv_key); - END_CALL; -} - -static CK_RV -rpc_C_WrapKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE wrapping_key, - CK_OBJECT_HANDLE key, - CK_BYTE_PTR wrapped_key, - CK_ULONG_PTR wrapped_key_len) -{ - return_val_if_fail (wrapped_key_len, CKR_ARGUMENTS_BAD); - - BEGIN_CALL_OR (C_WrapKey, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ULONG (wrapping_key); - IN_ULONG (key); - IN_BYTE_BUFFER (wrapped_key, wrapped_key_len); - PROCESS_CALL; - OUT_BYTE_ARRAY (wrapped_key, wrapped_key_len); - END_CALL; -} - -static CK_RV -rpc_C_UnwrapKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE unwrapping_key, - CK_BYTE_PTR wrapped_key, - CK_ULONG wrapped_key_len, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - BEGIN_CALL_OR (C_UnwrapKey, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ULONG (unwrapping_key); - IN_BYTE_ARRAY (wrapped_key, wrapped_key_len); - IN_ATTRIBUTE_ARRAY (template, count); - PROCESS_CALL; - OUT_ULONG (key); - END_CALL; -} - -static CK_RV -rpc_C_DeriveKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE base_key, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - BEGIN_CALL_OR (C_DeriveKey, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ULONG (base_key); - IN_ATTRIBUTE_ARRAY (template, count); - PROCESS_CALL; - OUT_ULONG (key); - END_CALL; -} - -static CK_RV -rpc_C_SeedRandom (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR seed, - CK_ULONG seed_len) -{ - BEGIN_CALL_OR (C_SeedRandom, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_ARRAY (seed, seed_len); - PROCESS_CALL; - END_CALL; -} - -static CK_RV -rpc_C_GenerateRandom (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR random_data, - CK_ULONG random_len) -{ - CK_ULONG_PTR address = &random_len; - - BEGIN_CALL_OR (C_GenerateRandom, self, CKR_SESSION_HANDLE_INVALID); - IN_ULONG (session); - IN_BYTE_BUFFER (random_data, address); - PROCESS_CALL; - OUT_BYTE_ARRAY (random_data, address); - END_CALL; -} - -static CK_X_FUNCTION_LIST rpc_functions = { - { -1, -1 }, - rpc_C_Initialize, - rpc_C_Finalize, - rpc_C_GetInfo, - rpc_C_GetSlotList, - rpc_C_GetSlotInfo, - rpc_C_GetTokenInfo, - rpc_C_GetMechanismList, - rpc_C_GetMechanismInfo, - rpc_C_InitToken, - rpc_C_InitPIN, - rpc_C_SetPIN, - rpc_C_OpenSession, - rpc_C_CloseSession, - rpc_C_CloseAllSessions, - rpc_C_GetSessionInfo, - rpc_C_GetOperationState, - rpc_C_SetOperationState, - rpc_C_Login, - rpc_C_Logout, - rpc_C_CreateObject, - rpc_C_CopyObject, - rpc_C_DestroyObject, - rpc_C_GetObjectSize, - rpc_C_GetAttributeValue, - rpc_C_SetAttributeValue, - rpc_C_FindObjectsInit, - rpc_C_FindObjects, - rpc_C_FindObjectsFinal, - rpc_C_EncryptInit, - rpc_C_Encrypt, - rpc_C_EncryptUpdate, - rpc_C_EncryptFinal, - rpc_C_DecryptInit, - rpc_C_Decrypt, - rpc_C_DecryptUpdate, - rpc_C_DecryptFinal, - rpc_C_DigestInit, - rpc_C_Digest, - rpc_C_DigestUpdate, - rpc_C_DigestKey, - rpc_C_DigestFinal, - rpc_C_SignInit, - rpc_C_Sign, - rpc_C_SignUpdate, - rpc_C_SignFinal, - rpc_C_SignRecoverInit, - rpc_C_SignRecover, - rpc_C_VerifyInit, - rpc_C_Verify, - rpc_C_VerifyUpdate, - rpc_C_VerifyFinal, - rpc_C_VerifyRecoverInit, - rpc_C_VerifyRecover, - rpc_C_DigestEncryptUpdate, - rpc_C_DecryptDigestUpdate, - rpc_C_SignEncryptUpdate, - rpc_C_DecryptVerifyUpdate, - rpc_C_GenerateKey, - rpc_C_GenerateKeyPair, - rpc_C_WrapKey, - rpc_C_UnwrapKey, - rpc_C_DeriveKey, - rpc_C_SeedRandom, - rpc_C_GenerateRandom, - rpc_C_WaitForSlotEvent, -}; - -static void -rpc_client_free (void *data) -{ - rpc_client *client = data; - p11_mutex_uninit (&client->mutex); - free (client); -} - -bool -p11_rpc_client_init (p11_virtual *virt, - p11_rpc_client_vtable *vtable) -{ - rpc_client *client; - - p11_message_clear (); - - return_val_if_fail (vtable != NULL, false); - return_val_if_fail (vtable->connect != NULL, false); - return_val_if_fail (vtable->transport != NULL, false); - return_val_if_fail (vtable->disconnect != NULL, false); - - P11_RPC_CHECK_CALLS (); - - client = calloc (1, sizeof (rpc_client)); - return_val_if_fail (client != NULL, false); - - p11_mutex_init (&client->mutex); - client->vtable = vtable; - - p11_virtual_init (virt, &rpc_functions, client, rpc_client_free); - return true; -} diff --git a/p11-kit/rpc-message.c b/p11-kit/rpc-message.c deleted file mode 100644 index b5ac528..0000000 --- a/p11-kit/rpc-message.c +++ /dev/null @@ -1,769 +0,0 @@ -/* - * Copyright (C) 2008 Stefan Walter - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@gnome.org> - */ - -#include "config.h" - -#include "debug.h" -#include "library.h" -#include "message.h" -#include "private.h" -#include "rpc-message.h" - -#include <assert.h> -#include <string.h> - -void -p11_rpc_message_init (p11_rpc_message *msg, - p11_buffer *input, - p11_buffer *output) -{ - assert (input != NULL); - assert (output != NULL); - assert (output->ffree != NULL); - assert (output->frealloc != NULL); - - memset (msg, 0, sizeof (*msg)); - - msg->output = output; - msg->input = input; -} - -void -p11_rpc_message_clear (p11_rpc_message *msg) -{ - void *allocated; - void **data; - - assert (msg != NULL); - - /* Free up the extra allocated memory */ - allocated = msg->extra; - while (allocated != NULL) { - data = (void **)allocated; - - /* Pointer to the next allocation */ - allocated = *data; - assert (msg->output->ffree); - (msg->output->ffree) (data); - } - - msg->output = NULL; - msg->input = NULL; - msg->extra = NULL; -} - -void * -p11_rpc_message_alloc_extra (p11_rpc_message *msg, - size_t length) -{ - void **data; - - assert (msg != NULL); - - if (length > 0x7fffffff) - return NULL; - - assert (msg->output->frealloc != NULL); - data = (msg->output->frealloc) (NULL, sizeof (void *) + length); - if (data == NULL) - return NULL; - - /* Munch up the memory to help catch bugs */ - memset (data, 0xff, sizeof (void *) + length); - - /* Store pointer to next allocated block at beginning */ - *data = msg->extra; - msg->extra = data; - - /* Data starts after first pointer */ - return (void *)(data + 1); -} - -bool -p11_rpc_message_prep (p11_rpc_message *msg, - int call_id, - p11_rpc_message_type type) -{ - int len; - - assert (type != 0); - assert (call_id >= P11_RPC_CALL_ERROR); - assert (call_id < P11_RPC_CALL_MAX); - - p11_buffer_reset (msg->output, 0); - msg->signature = NULL; - - /* The call id and signature */ - if (type == P11_RPC_REQUEST) - msg->signature = p11_rpc_calls[call_id].request; - else if (type == P11_RPC_RESPONSE) - msg->signature = p11_rpc_calls[call_id].response; - else - assert_not_reached (); - assert (msg->signature != NULL); - msg->sigverify = msg->signature; - - msg->call_id = call_id; - msg->call_type = type; - - /* Encode the two of them */ - p11_rpc_buffer_add_uint32 (msg->output, call_id); - if (msg->signature) { - len = strlen (msg->signature); - p11_rpc_buffer_add_byte_array (msg->output, (unsigned char*)msg->signature, len); - } - - msg->parsed = 0; - return !p11_buffer_failed (msg->output); -} - -bool -p11_rpc_message_parse (p11_rpc_message *msg, - p11_rpc_message_type type) -{ - const unsigned char *val; - size_t len; - uint32_t call_id; - - assert (msg != NULL); - assert (msg->input != NULL); - - msg->parsed = 0; - - /* Pull out the call identifier */ - if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &call_id)) { - p11_message ("invalid message: couldn't read call identifier"); - return false; - } - - msg->signature = msg->sigverify = NULL; - - /* The call id and signature */ - if (call_id >= P11_RPC_CALL_MAX) { - p11_message ("invalid message: bad call id: %d", call_id); - return false; - } - if (type == P11_RPC_REQUEST) - msg->signature = p11_rpc_calls[call_id].request; - else if (type == P11_RPC_RESPONSE) - msg->signature = p11_rpc_calls[call_id].response; - else - assert_not_reached (); - assert (msg->signature != NULL); - msg->call_id = call_id; - msg->call_type = type; - msg->sigverify = msg->signature; - - /* Verify the incoming signature */ - if (!p11_rpc_buffer_get_byte_array (msg->input, &msg->parsed, &val, &len)) { - p11_message ("invalid message: couldn't read signature"); - return false; - } - - if ((strlen (msg->signature) != len) || (memcmp (val, msg->signature, len) != 0)) { - p11_message ("invalid message: signature doesn't match"); - return false; - } - - return true; -} - -bool -p11_rpc_message_verify_part (p11_rpc_message *msg, - const char* part) -{ - int len; - bool ok; - - if (!msg->sigverify) - return true; - - len = strlen (part); - ok = (strncmp (msg->sigverify, part, len) == 0); - if (ok) - msg->sigverify += len; - return ok; -} - -bool -p11_rpc_message_write_attribute_buffer (p11_rpc_message *msg, - CK_ATTRIBUTE_PTR arr, - CK_ULONG num) -{ - CK_ATTRIBUTE_PTR attr; - CK_ULONG i; - - assert (num == 0 || arr != NULL); - assert (msg != NULL); - assert (msg->output != NULL); - - /* Make sure this is in the rigth order */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "fA")); - - /* Write the number of items */ - p11_rpc_buffer_add_uint32 (msg->output, num); - - for (i = 0; i < num; ++i) { - attr = &(arr[i]); - - /* The attribute type */ - p11_rpc_buffer_add_uint32 (msg->output, attr->type); - - /* And the attribute buffer length */ - p11_rpc_buffer_add_uint32 (msg->output, attr->pValue ? attr->ulValueLen : 0); - } - - return !p11_buffer_failed (msg->output); -} - -bool -p11_rpc_message_write_attribute_array (p11_rpc_message *msg, - CK_ATTRIBUTE_PTR arr, - CK_ULONG num) -{ - CK_ULONG i; - CK_ATTRIBUTE_PTR attr; - unsigned char validity; - - assert (num == 0 || arr != NULL); - assert (msg != NULL); - assert (msg->output != NULL); - - /* Make sure this is in the rigth order */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "aA")); - - /* Write the number of items */ - p11_rpc_buffer_add_uint32 (msg->output, num); - - for (i = 0; i < num; ++i) { - attr = &(arr[i]); - - /* The attribute type */ - p11_rpc_buffer_add_uint32 (msg->output, attr->type); - - /* Write out the attribute validity */ - validity = (((CK_LONG)attr->ulValueLen) == -1) ? 0 : 1; - p11_rpc_buffer_add_byte (msg->output, validity); - - /* The attribute length and value */ - if (validity) { - p11_rpc_buffer_add_uint32 (msg->output, attr->ulValueLen); - p11_rpc_buffer_add_byte_array (msg->output, attr->pValue, attr->ulValueLen); - } - } - - return !p11_buffer_failed (msg->output); -} - -bool -p11_rpc_message_read_byte (p11_rpc_message *msg, - CK_BYTE *val) -{ - assert (msg != NULL); - assert (msg->input != NULL); - - /* Make sure this is in the right order */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "y")); - return p11_rpc_buffer_get_byte (msg->input, &msg->parsed, val); -} - -bool -p11_rpc_message_write_byte (p11_rpc_message *msg, - CK_BYTE val) -{ - assert (msg != NULL); - assert (msg->output != NULL); - - /* Make sure this is in the right order */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "y")); - p11_rpc_buffer_add_byte (msg->output, val); - return !p11_buffer_failed (msg->output); -} - -bool -p11_rpc_message_read_ulong (p11_rpc_message *msg, - CK_ULONG *val) -{ - uint64_t v; - - assert (msg != NULL); - assert (msg->input != NULL); - - /* Make sure this is in the right order */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "u")); - - if (!p11_rpc_buffer_get_uint64 (msg->input, &msg->parsed, &v)) - return false; - if (val) - *val = (CK_ULONG)v; - return true; -} - -bool -p11_rpc_message_write_ulong (p11_rpc_message *msg, - CK_ULONG val) -{ - assert (msg != NULL); - assert (msg->output != NULL); - - /* Make sure this is in the rigth order */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "u")); - p11_rpc_buffer_add_uint64 (msg->output, val); - return !p11_buffer_failed (msg->output); -} - -bool -p11_rpc_message_write_byte_buffer (p11_rpc_message *msg, - CK_ULONG count) -{ - assert (msg != NULL); - assert (msg->output != NULL); - - /* Make sure this is in the right order */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "fy")); - p11_rpc_buffer_add_uint32 (msg->output, count); - return !p11_buffer_failed (msg->output); -} - -bool -p11_rpc_message_write_byte_array (p11_rpc_message *msg, - CK_BYTE_PTR arr, - CK_ULONG num) -{ - assert (msg != NULL); - assert (msg->output != NULL); - - /* Make sure this is in the right order */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "ay")); - - /* No array, no data, just length */ - if (!arr) { - p11_rpc_buffer_add_byte (msg->output, 0); - p11_rpc_buffer_add_uint32 (msg->output, num); - } else { - p11_rpc_buffer_add_byte (msg->output, 1); - p11_rpc_buffer_add_byte_array (msg->output, arr, num); - } - - return !p11_buffer_failed (msg->output); -} - -bool -p11_rpc_message_write_ulong_buffer (p11_rpc_message *msg, - CK_ULONG count) -{ - assert (msg != NULL); - assert (msg->output != NULL); - - /* Make sure this is in the right order */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "fu")); - p11_rpc_buffer_add_uint32 (msg->output, count); - return !p11_buffer_failed (msg->output); -} - -bool -p11_rpc_message_write_ulong_array (p11_rpc_message *msg, - CK_ULONG_PTR array, - CK_ULONG n_array) -{ - CK_ULONG i; - - assert (msg != NULL); - assert (msg->output != NULL); - - /* Check that we're supposed to have this at this point */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "au")); - - /* We send a byte which determines whether there's actual data present or not */ - p11_rpc_buffer_add_byte (msg->output, array ? 1 : 0); - p11_rpc_buffer_add_uint32 (msg->output, n_array); - - /* Now send the data if valid */ - if (array) { - for (i = 0; i < n_array; ++i) - p11_rpc_buffer_add_uint64 (msg->output, array[i]); - } - - return !p11_buffer_failed (msg->output); -} - -bool -p11_rpc_message_read_version (p11_rpc_message *msg, - CK_VERSION *version) -{ - assert (msg != NULL); - assert (msg->input != NULL); - assert (version != NULL); - - /* Check that we're supposed to have this at this point */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "v")); - - return p11_rpc_buffer_get_byte (msg->input, &msg->parsed, &version->major) && - p11_rpc_buffer_get_byte (msg->input, &msg->parsed, &version->minor); -} - -bool -p11_rpc_message_write_version (p11_rpc_message *msg, - CK_VERSION *version) -{ - assert (msg != NULL); - assert (msg->output != NULL); - assert (version != NULL); - - /* Check that we're supposed to have this at this point */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "v")); - - p11_rpc_buffer_add_byte (msg->output, version->major); - p11_rpc_buffer_add_byte (msg->output, version->minor); - - return !p11_buffer_failed (msg->output); -} - -bool -p11_rpc_message_read_space_string (p11_rpc_message *msg, - CK_UTF8CHAR *buffer, - CK_ULONG length) -{ - const unsigned char *data; - size_t n_data; - - assert (msg != NULL); - assert (msg->input != NULL); - assert (buffer != NULL); - assert (length != 0); - - assert (!msg->signature || p11_rpc_message_verify_part (msg, "s")); - - if (!p11_rpc_buffer_get_byte_array (msg->input, &msg->parsed, &data, &n_data)) - return false; - - if (n_data != length) { - p11_message ("invalid length space padded string received: %d != %d", - (int)length, (int)n_data); - return false; - } - - memcpy (buffer, data, length); - return true; -} - -bool -p11_rpc_message_write_space_string (p11_rpc_message *msg, - CK_UTF8CHAR *data, - CK_ULONG length) -{ - assert (msg != NULL); - assert (msg->output != NULL); - assert (data != NULL); - assert (length != 0); - - assert (!msg->signature || p11_rpc_message_verify_part (msg, "s")); - - p11_rpc_buffer_add_byte_array (msg->output, data, length); - return !p11_buffer_failed (msg->output); -} - -bool -p11_rpc_message_write_zero_string (p11_rpc_message *msg, - CK_UTF8CHAR *string) -{ - assert (msg != NULL); - assert (msg->output != NULL); - assert (string != NULL); - - assert (!msg->signature || p11_rpc_message_verify_part (msg, "z")); - - p11_rpc_buffer_add_byte_array (msg->output, string, - string ? strlen ((char *)string) : 0); - return !p11_buffer_failed (msg->output); -} - -static void * -log_allocator (void *pointer, - size_t size) -{ - void *result = realloc (pointer, (size_t)size); - return_val_if_fail (!size || result != NULL, NULL); - return result; -} - -p11_buffer * -p11_rpc_buffer_new (size_t reserve) -{ - return p11_rpc_buffer_new_full (reserve, log_allocator, free); -} - -p11_buffer * -p11_rpc_buffer_new_full (size_t reserve, - void * (* frealloc) (void *data, size_t size), - void (* ffree) (void *data)) -{ - p11_buffer *buffer; - - buffer = calloc (1, sizeof (p11_buffer)); - return_val_if_fail (buffer != NULL, NULL); - - p11_buffer_init_full (buffer, NULL, 0, 0, frealloc, ffree); - if (!p11_buffer_reset (buffer, reserve)) - return_val_if_reached (NULL); - - return buffer; -} - -void -p11_rpc_buffer_free (p11_buffer *buf) -{ - if (buf == NULL) - return; - - p11_buffer_uninit (buf); - free (buf); -} - -void -p11_rpc_buffer_add_byte (p11_buffer *buf, - unsigned char value) -{ - p11_buffer_add (buf, &value, 1); -} - -int -p11_rpc_buffer_get_byte (p11_buffer *buf, - size_t *offset, - unsigned char *val) -{ - unsigned char *ptr; - if (buf->len < 1 || *offset > buf->len - 1) { - p11_buffer_fail (buf); - return 0; - } - ptr = (unsigned char *)buf->data + *offset; - if (val != NULL) - *val = *ptr; - *offset = *offset + 1; - return 1; -} - -void -p11_rpc_buffer_encode_uint16 (unsigned char* data, - uint16_t value) -{ - data[0] = (value >> 8) & 0xff; - data[1] = (value >> 0) & 0xff; -} - -uint16_t -p11_rpc_buffer_decode_uint16 (unsigned char* data) -{ - uint16_t value = data[0] << 8 | data[1]; - return value; -} - -void -p11_rpc_buffer_add_uint16 (p11_buffer *buffer, - uint16_t value) -{ - size_t offset = buffer->len; - if (!p11_buffer_append (buffer, 2)) - return_if_reached (); - p11_rpc_buffer_set_uint16 (buffer, offset, value); -} - -bool -p11_rpc_buffer_set_uint16 (p11_buffer *buffer, - size_t offset, - uint16_t value) -{ - unsigned char *ptr; - if (buffer->len < 2 || offset > buffer->len - 2) { - p11_buffer_fail (buffer); - return false; - } - ptr = (unsigned char *)buffer->data + offset; - p11_rpc_buffer_encode_uint16 (ptr, value); - return true; -} - -bool -p11_rpc_buffer_get_uint16 (p11_buffer *buf, - size_t *offset, - uint16_t *value) -{ - unsigned char *ptr; - if (buf->len < 2 || *offset > buf->len - 2) { - p11_buffer_fail (buf); - return false; - } - ptr = (unsigned char*)buf->data + *offset; - if (value != NULL) - *value = p11_rpc_buffer_decode_uint16 (ptr); - *offset = *offset + 2; - return true; -} - -void -p11_rpc_buffer_encode_uint32 (unsigned char* data, - uint32_t value) -{ - data[0] = (value >> 24) & 0xff; - data[1] = (value >> 16) & 0xff; - data[2] = (value >> 8) & 0xff; - data[3] = (value >> 0) & 0xff; -} - -uint32_t -p11_rpc_buffer_decode_uint32 (unsigned char* ptr) -{ - uint32_t val = ptr[0] << 24 | ptr[1] << 16 | ptr[2] << 8 | ptr[3]; - return val; -} - -void -p11_rpc_buffer_add_uint32 (p11_buffer *buffer, - uint32_t value) -{ - size_t offset = buffer->len; - if (!p11_buffer_append (buffer, 4)) - return_val_if_reached (); - p11_rpc_buffer_set_uint32 (buffer, offset, value); -} - -bool -p11_rpc_buffer_set_uint32 (p11_buffer *buffer, - size_t offset, - uint32_t value) -{ - unsigned char *ptr; - if (buffer->len < 4 || offset > buffer->len - 4) { - p11_buffer_fail (buffer); - return false; - } - ptr = (unsigned char*)buffer->data + offset; - p11_rpc_buffer_encode_uint32 (ptr, value); - return true; -} - -bool -p11_rpc_buffer_get_uint32 (p11_buffer *buf, - size_t *offset, - uint32_t *value) -{ - unsigned char *ptr; - if (buf->len < 4 || *offset > buf->len - 4) { - p11_buffer_fail (buf); - return false; - } - ptr = (unsigned char*)buf->data + *offset; - if (value != NULL) - *value = p11_rpc_buffer_decode_uint32 (ptr); - *offset = *offset + 4; - return true; -} - -void -p11_rpc_buffer_add_uint64 (p11_buffer *buffer, - uint64_t value) -{ - p11_rpc_buffer_add_uint32 (buffer, ((value >> 32) & 0xffffffff)); - p11_rpc_buffer_add_uint32 (buffer, (value & 0xffffffff)); -} - -bool -p11_rpc_buffer_get_uint64 (p11_buffer *buf, - size_t *offset, - uint64_t *value) -{ - size_t off = *offset; - uint32_t a, b; - if (!p11_rpc_buffer_get_uint32 (buf, &off, &a) || - !p11_rpc_buffer_get_uint32 (buf, &off, &b)) - return false; - if (value != NULL) - *value = ((uint64_t)a) << 32 | b; - *offset = off; - return true; -} - -void -p11_rpc_buffer_add_byte_array (p11_buffer *buffer, - const unsigned char *data, - size_t length) -{ - if (data == NULL) { - p11_rpc_buffer_add_uint32 (buffer, 0xffffffff); - return; - } else if (length >= 0x7fffffff) { - p11_buffer_fail (buffer); - return; - } - p11_rpc_buffer_add_uint32 (buffer, length); - p11_buffer_add (buffer, data, length); -} - -bool -p11_rpc_buffer_get_byte_array (p11_buffer *buf, - size_t *offset, - const unsigned char **data, - size_t *length) -{ - size_t off = *offset; - uint32_t len; - if (!p11_rpc_buffer_get_uint32 (buf, &off, &len)) - return false; - if (len == 0xffffffff) { - *offset = off; - if (data) - *data = NULL; - if (length) - *length = 0; - return true; - } else if (len >= 0x7fffffff) { - p11_buffer_fail (buf); - return false; - } - - if (buf->len < len || *offset > buf->len - len) { - p11_buffer_fail (buf); - return false; - } - - if (data) - *data = (unsigned char *)buf->data + off; - if (length) - *length = len; - *offset = off + len; - - return true; -} diff --git a/p11-kit/rpc-message.h b/p11-kit/rpc-message.h deleted file mode 100644 index 9827097..0000000 --- a/p11-kit/rpc-message.h +++ /dev/null @@ -1,370 +0,0 @@ -/* - * Copyright (C) 2008 Stefan Walter - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@gnome.org> - */ - -#ifndef _RPC_MESSAGE_H -#define _RPC_MESSAGE_H - -#include <stdlib.h> -#include <stdarg.h> -#include <stdint.h> - -#include "buffer.h" -#include "pkcs11.h" - -/* The calls, must be in sync with array below */ -enum { - P11_RPC_CALL_ERROR = 0, - - P11_RPC_CALL_C_Initialize, - P11_RPC_CALL_C_Finalize, - P11_RPC_CALL_C_GetInfo, - P11_RPC_CALL_C_GetSlotList, - P11_RPC_CALL_C_GetSlotInfo, - P11_RPC_CALL_C_GetTokenInfo, - P11_RPC_CALL_C_GetMechanismList, - P11_RPC_CALL_C_GetMechanismInfo, - P11_RPC_CALL_C_InitToken, - P11_RPC_CALL_C_OpenSession, - P11_RPC_CALL_C_CloseSession, - P11_RPC_CALL_C_CloseAllSessions, - P11_RPC_CALL_C_GetSessionInfo, - P11_RPC_CALL_C_InitPIN, - P11_RPC_CALL_C_SetPIN, - P11_RPC_CALL_C_GetOperationState, - P11_RPC_CALL_C_SetOperationState, - P11_RPC_CALL_C_Login, - P11_RPC_CALL_C_Logout, - P11_RPC_CALL_C_CreateObject, - P11_RPC_CALL_C_CopyObject, - P11_RPC_CALL_C_DestroyObject, - P11_RPC_CALL_C_GetObjectSize, - P11_RPC_CALL_C_GetAttributeValue, - P11_RPC_CALL_C_SetAttributeValue, - P11_RPC_CALL_C_FindObjectsInit, - P11_RPC_CALL_C_FindObjects, - P11_RPC_CALL_C_FindObjectsFinal, - P11_RPC_CALL_C_EncryptInit, - P11_RPC_CALL_C_Encrypt, - P11_RPC_CALL_C_EncryptUpdate, - P11_RPC_CALL_C_EncryptFinal, - P11_RPC_CALL_C_DecryptInit, - P11_RPC_CALL_C_Decrypt, - P11_RPC_CALL_C_DecryptUpdate, - P11_RPC_CALL_C_DecryptFinal, - P11_RPC_CALL_C_DigestInit, - P11_RPC_CALL_C_Digest, - P11_RPC_CALL_C_DigestUpdate, - P11_RPC_CALL_C_DigestKey, - P11_RPC_CALL_C_DigestFinal, - P11_RPC_CALL_C_SignInit, - P11_RPC_CALL_C_Sign, - P11_RPC_CALL_C_SignUpdate, - P11_RPC_CALL_C_SignFinal, - P11_RPC_CALL_C_SignRecoverInit, - P11_RPC_CALL_C_SignRecover, - P11_RPC_CALL_C_VerifyInit, - P11_RPC_CALL_C_Verify, - P11_RPC_CALL_C_VerifyUpdate, - P11_RPC_CALL_C_VerifyFinal, - P11_RPC_CALL_C_VerifyRecoverInit, - P11_RPC_CALL_C_VerifyRecover, - P11_RPC_CALL_C_DigestEncryptUpdate, - P11_RPC_CALL_C_DecryptDigestUpdate, - P11_RPC_CALL_C_SignEncryptUpdate, - P11_RPC_CALL_C_DecryptVerifyUpdate, - P11_RPC_CALL_C_GenerateKey, - P11_RPC_CALL_C_GenerateKeyPair, - P11_RPC_CALL_C_WrapKey, - P11_RPC_CALL_C_UnwrapKey, - P11_RPC_CALL_C_DeriveKey, - P11_RPC_CALL_C_SeedRandom, - P11_RPC_CALL_C_GenerateRandom, - P11_RPC_CALL_C_WaitForSlotEvent, - - P11_RPC_CALL_MAX -}; - -typedef struct { - int call_id; - const char* name; - const char* request; - const char* response; -} p11_rpc_call; - -/* - * a_ = prefix denotes array of _ - * A = CK_ATTRIBUTE - * f_ = prefix denotes buffer for _ - * M = CK_MECHANISM - * u = CK_ULONG - * s = space padded string - * v = CK_VERSION - * y = CK_BYTE - * z = null terminated string - */ - -static const p11_rpc_call p11_rpc_calls[] = { - { P11_RPC_CALL_ERROR, "ERROR", NULL, "u" }, - { P11_RPC_CALL_C_Initialize, "C_Initialize", "ayyay", "" }, - { P11_RPC_CALL_C_Finalize, "C_Finalize", "", "" }, - { P11_RPC_CALL_C_GetInfo, "C_GetInfo", "", "vsusv" }, - { P11_RPC_CALL_C_GetSlotList, "C_GetSlotList", "yfu", "au" }, - { P11_RPC_CALL_C_GetSlotInfo, "C_GetSlotInfo", "u", "ssuvv" }, - { P11_RPC_CALL_C_GetTokenInfo, "C_GetTokenInfo", "u", "ssssuuuuuuuuuuuvvs" }, - { P11_RPC_CALL_C_GetMechanismList, "C_GetMechanismList", "ufu", "au" }, - { P11_RPC_CALL_C_GetMechanismInfo, "C_GetMechanismInfo", "uu", "uuu" }, - { P11_RPC_CALL_C_InitToken, "C_InitToken", "uayz", "" }, - { P11_RPC_CALL_C_OpenSession, "C_OpenSession", "uu", "u" }, - { P11_RPC_CALL_C_CloseSession, "C_CloseSession", "u", "" }, - { P11_RPC_CALL_C_CloseAllSessions, "C_CloseAllSessions", "u", "" }, - { P11_RPC_CALL_C_GetSessionInfo, "C_GetSessionInfo", "u", "uuuu" }, - { P11_RPC_CALL_C_InitPIN, "C_InitPIN", "uay", "" }, - { P11_RPC_CALL_C_SetPIN, "C_SetPIN", "uayay", "" }, - { P11_RPC_CALL_C_GetOperationState, "C_GetOperationState", "ufy", "ay" }, - { P11_RPC_CALL_C_SetOperationState, "C_SetOperationState", "uayuu", "" }, - { P11_RPC_CALL_C_Login, "C_Login", "uuay", "" }, - { P11_RPC_CALL_C_Logout, "C_Logout", "u", "" }, - { P11_RPC_CALL_C_CreateObject, "C_CreateObject", "uaA", "u" }, - { P11_RPC_CALL_C_CopyObject, "C_CopyObject", "uuaA", "u" }, - { P11_RPC_CALL_C_DestroyObject, "C_DestroyObject", "uu", "" }, - { P11_RPC_CALL_C_GetObjectSize, "C_GetObjectSize", "uu", "u" }, - { P11_RPC_CALL_C_GetAttributeValue, "C_GetAttributeValue", "uufA", "aAu" }, - { P11_RPC_CALL_C_SetAttributeValue, "C_SetAttributeValue", "uuaA", "" }, - { P11_RPC_CALL_C_FindObjectsInit, "C_FindObjectsInit", "uaA", "" }, - { P11_RPC_CALL_C_FindObjects, "C_FindObjects", "ufu", "au" }, - { P11_RPC_CALL_C_FindObjectsFinal, "C_FindObjectsFinal", "u", "" }, - { P11_RPC_CALL_C_EncryptInit, "C_EncryptInit", "uMu", "" }, - { P11_RPC_CALL_C_Encrypt, "C_Encrypt", "uayfy", "ay" }, - { P11_RPC_CALL_C_EncryptUpdate, "C_EncryptUpdate", "uayfy", "ay" }, - { P11_RPC_CALL_C_EncryptFinal, "C_EncryptFinal", "ufy", "ay" }, - { P11_RPC_CALL_C_DecryptInit, "C_DecryptInit", "uMu", "" }, - { P11_RPC_CALL_C_Decrypt, "C_Decrypt", "uayfy", "ay" }, - { P11_RPC_CALL_C_DecryptUpdate, "C_DecryptUpdate", "uayfy", "ay" }, - { P11_RPC_CALL_C_DecryptFinal, "C_DecryptFinal", "ufy", "ay" }, - { P11_RPC_CALL_C_DigestInit, "C_DigestInit", "uM", "" }, - { P11_RPC_CALL_C_Digest, "C_Digest", "uayfy", "ay" }, - { P11_RPC_CALL_C_DigestUpdate, "C_DigestUpdate", "uay", "" }, - { P11_RPC_CALL_C_DigestKey, "C_DigestKey", "uu", "" }, - { P11_RPC_CALL_C_DigestFinal, "C_DigestFinal", "ufy", "ay" }, - { P11_RPC_CALL_C_SignInit, "C_SignInit", "uMu", "" }, - { P11_RPC_CALL_C_Sign, "C_Sign", "uayfy", "ay" }, - { P11_RPC_CALL_C_SignUpdate, "C_SignUpdate", "uay", "" }, - { P11_RPC_CALL_C_SignFinal, "C_SignFinal", "ufy", "ay" }, - { P11_RPC_CALL_C_SignRecoverInit, "C_SignRecoverInit", "uMu", "" }, - { P11_RPC_CALL_C_SignRecover, "C_SignRecover", "uayfy", "ay" }, - { P11_RPC_CALL_C_VerifyInit, "C_VerifyInit", "uMu", "" }, - { P11_RPC_CALL_C_Verify, "C_Verify", "uayay", "" }, - { P11_RPC_CALL_C_VerifyUpdate, "C_VerifyUpdate", "uay", "" }, - { P11_RPC_CALL_C_VerifyFinal, "C_VerifyFinal", "uay", "" }, - { P11_RPC_CALL_C_VerifyRecoverInit, "C_VerifyRecoverInit", "uMu", "" }, - { P11_RPC_CALL_C_VerifyRecover, "C_VerifyRecover", "uayfy", "ay" }, - { P11_RPC_CALL_C_DigestEncryptUpdate, "C_DigestEncryptUpdate", "uayfy", "ay" }, - { P11_RPC_CALL_C_DecryptDigestUpdate, "C_DecryptDigestUpdate", "uayfy", "ay" }, - { P11_RPC_CALL_C_SignEncryptUpdate, "C_SignEncryptUpdate", "uayfy", "ay" }, - { P11_RPC_CALL_C_DecryptVerifyUpdate, "C_DecryptVerifyUpdate", "uayfy", "ay" }, - { P11_RPC_CALL_C_GenerateKey, "C_GenerateKey", "uMaA", "u" }, - { P11_RPC_CALL_C_GenerateKeyPair, "C_GenerateKeyPair", "uMaAaA", "uu" }, - { P11_RPC_CALL_C_WrapKey, "C_WrapKey", "uMuufy", "ay" }, - { P11_RPC_CALL_C_UnwrapKey, "C_UnwrapKey", "uMuayaA", "u" }, - { P11_RPC_CALL_C_DeriveKey, "C_DeriveKey", "uMuaA", "u" }, - { P11_RPC_CALL_C_SeedRandom, "C_SeedRandom", "uay", "" }, - { P11_RPC_CALL_C_GenerateRandom, "C_GenerateRandom", "ufy", "ay" }, - { P11_RPC_CALL_C_WaitForSlotEvent, "C_WaitForSlotEvent", "u", "u" }, -}; - -#ifdef _DEBUG -#define P11_RPC_CHECK_CALLS() \ - { int i; for (i = 0; i < P11_RPC_CALL_MAX; ++i) assert (p11_rpc_calls[i].call_id == i); } -#else -#define P11_RPC_CHECK_CALLS() -#endif - -#define P11_RPC_HANDSHAKE \ - ((unsigned char *)"PRIVATE-GNOME-KEYRING-PKCS11-PROTOCOL-V-1") -#define P11_RPC_HANDSHAKE_LEN \ - (strlen ((char *)P11_RPC_HANDSHAKE)) - -typedef enum _p11_rpc_message_type { - P11_RPC_REQUEST = 1, - P11_RPC_RESPONSE -} p11_rpc_message_type; - -typedef struct { - int call_id; - p11_rpc_message_type call_type; - const char *signature; - p11_buffer *input; - p11_buffer *output; - size_t parsed; - const char *sigverify; - void *extra; -} p11_rpc_message; - -void p11_rpc_message_init (p11_rpc_message *msg, - p11_buffer *input, - p11_buffer *output); - -void p11_rpc_message_clear (p11_rpc_message *msg); - -#define p11_rpc_message_is_verified(msg) (!(msg)->sigverify || (msg)->sigverify[0] == 0) - -void * p11_rpc_message_alloc_extra (p11_rpc_message *msg, - size_t length); - -bool p11_rpc_message_prep (p11_rpc_message *msg, - int call_id, - p11_rpc_message_type type); - -bool p11_rpc_message_parse (p11_rpc_message *msg, - p11_rpc_message_type type); - -bool p11_rpc_message_verify_part (p11_rpc_message *msg, - const char* part); - -bool p11_rpc_message_write_byte (p11_rpc_message *msg, - CK_BYTE val); - -bool p11_rpc_message_write_ulong (p11_rpc_message *msg, - CK_ULONG val); - -bool p11_rpc_message_write_zero_string (p11_rpc_message *msg, - CK_UTF8CHAR *string); - -bool p11_rpc_message_write_space_string (p11_rpc_message *msg, - CK_UTF8CHAR *buffer, - CK_ULONG length); - -bool p11_rpc_message_write_byte_buffer (p11_rpc_message *msg, - CK_ULONG count); - -bool p11_rpc_message_write_byte_array (p11_rpc_message *msg, - CK_BYTE_PTR arr, - CK_ULONG num); - -bool p11_rpc_message_write_ulong_buffer (p11_rpc_message *msg, - CK_ULONG count); - -bool p11_rpc_message_write_ulong_array (p11_rpc_message *msg, - CK_ULONG_PTR arr, - CK_ULONG num); - -bool p11_rpc_message_write_attribute_buffer (p11_rpc_message *msg, - CK_ATTRIBUTE_PTR arr, - CK_ULONG num); - -bool p11_rpc_message_write_attribute_array (p11_rpc_message *msg, - CK_ATTRIBUTE_PTR arr, - CK_ULONG num); - -bool p11_rpc_message_write_version (p11_rpc_message *msg, - CK_VERSION* version); - -bool p11_rpc_message_read_byte (p11_rpc_message *msg, - CK_BYTE* val); - -bool p11_rpc_message_read_ulong (p11_rpc_message *msg, - CK_ULONG* val); - -bool p11_rpc_message_read_space_string (p11_rpc_message *msg, - CK_UTF8CHAR* buffer, - CK_ULONG length); - -bool p11_rpc_message_read_version (p11_rpc_message *msg, - CK_VERSION* version); - -p11_buffer * p11_rpc_buffer_new (size_t reserve); - -p11_buffer * p11_rpc_buffer_new_full (size_t reserve, - void * (* frealloc) (void *data, size_t size), - void (* ffree) (void *data)); - -void p11_rpc_buffer_free (p11_buffer *buf); - -void p11_rpc_buffer_add_byte (p11_buffer *buf, - unsigned char value); - -int p11_rpc_buffer_get_byte (p11_buffer *buf, - size_t *offset, - unsigned char *val); - -void p11_rpc_buffer_encode_uint32 (unsigned char *data, - uint32_t value); - -uint32_t p11_rpc_buffer_decode_uint32 (unsigned char *data); - -void p11_rpc_buffer_add_uint32 (p11_buffer *buffer, - uint32_t value); - -bool p11_rpc_buffer_set_uint32 (p11_buffer *buffer, - size_t offset, - uint32_t value); - -bool p11_rpc_buffer_get_uint32 (p11_buffer *buf, - size_t *offset, - uint32_t *value); - -void p11_rpc_buffer_encode_uint16 (unsigned char *data, - uint16_t value); - -uint16_t p11_rpc_buffer_decode_uint16 (unsigned char *data); - -void p11_rpc_buffer_add_uint16 (p11_buffer *buffer, - uint16_t val); - -bool p11_rpc_buffer_set_uint16 (p11_buffer *buffer, - size_t offset, - uint16_t val); - -bool p11_rpc_buffer_get_uint16 (p11_buffer *buf, - size_t *offset, - uint16_t *val); - -void p11_rpc_buffer_add_byte_array (p11_buffer *buffer, - const unsigned char *val, - size_t len); - -bool p11_rpc_buffer_get_byte_array (p11_buffer *buf, - size_t *offset, - const unsigned char **val, - size_t *vlen); - -void p11_rpc_buffer_add_uint64 (p11_buffer *buffer, - uint64_t val); - -bool p11_rpc_buffer_get_uint64 (p11_buffer *buf, - size_t *offset, - uint64_t *val); - -#endif /* _RPC_MESSAGE_H */ diff --git a/p11-kit/rpc-server.c b/p11-kit/rpc-server.c deleted file mode 100644 index 225cc86..0000000 --- a/p11-kit/rpc-server.c +++ /dev/null @@ -1,2017 +0,0 @@ -/* - * Copyright (C) 2008 Stefan Walter - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@gnome.org> - */ - -#include "config.h" - -#define P11_DEBUG_FLAG P11_DEBUG_RPC -#include "debug.h" -#include "pkcs11.h" -#include "library.h" -#include "private.h" -#include "message.h" -#include "remote.h" -#include "rpc.h" -#include "rpc-message.h" - -#include <sys/types.h> -#include <sys/param.h> -#include <assert.h> -#include <errno.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> - -/* The error returned on protocol failures */ -#define PARSE_ERROR CKR_DEVICE_ERROR -#define PREP_ERROR CKR_DEVICE_MEMORY - -static CK_RV -proto_read_byte_buffer (p11_rpc_message *msg, - CK_BYTE_PTR *buffer, - CK_ULONG *n_buffer) -{ - uint32_t length; - - assert (msg != NULL); - assert (buffer != NULL); - assert (n_buffer != NULL); - assert (msg->input != NULL); - - /* Check that we're supposed to be reading this at this point */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "fy")); - - /* The number of ulongs there's room for on the other end */ - if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &length)) - return PARSE_ERROR; - - *n_buffer = length; - *buffer = NULL; - - /* If set to zero, then they just want the length */ - if (length == 0) - return CKR_OK; - - *buffer = p11_rpc_message_alloc_extra (msg, length * sizeof (CK_BYTE)); - if (*buffer == NULL) - return CKR_DEVICE_MEMORY; - - return CKR_OK; -} - -static CK_RV -proto_read_byte_array (p11_rpc_message *msg, - CK_BYTE_PTR *array, - CK_ULONG *n_array) -{ - const unsigned char *data; - unsigned char valid; - size_t n_data; - - assert (msg != NULL); - assert (msg->input != NULL); - - /* Check that we're supposed to have this at this point */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "ay")); - - /* Read out the byte which says whether data is present or not */ - if (!p11_rpc_buffer_get_byte (msg->input, &msg->parsed, &valid)) - return PARSE_ERROR; - - if (!valid) { - *array = NULL; - *n_array = 0; - return CKR_OK; - } - - /* Point our arguments into the buffer */ - if (!p11_rpc_buffer_get_byte_array (msg->input, &msg->parsed, &data, &n_data)) - return PARSE_ERROR; - - *array = (CK_BYTE_PTR)data; - *n_array = n_data; - return CKR_OK; -} - -static CK_RV -proto_write_byte_array (p11_rpc_message *msg, - CK_BYTE_PTR array, - CK_ULONG len, - CK_RV ret) -{ - assert (msg != NULL); - - /* - * When returning an byte array, in many cases we need to pass - * an invalid array along with a length, which signifies CKR_BUFFER_TOO_SMALL. - */ - - switch (ret) { - case CKR_BUFFER_TOO_SMALL: - array = NULL; - /* fall through */ - case CKR_OK: - break; - - /* Pass all other errors straight through */ - default: - return ret; - }; - - if (!p11_rpc_message_write_byte_array (msg, array, len)) - return PREP_ERROR; - - return CKR_OK; -} - -static CK_RV -proto_read_ulong_buffer (p11_rpc_message *msg, - CK_ULONG_PTR *buffer, - CK_ULONG *n_buffer) -{ - uint32_t length; - - assert (msg != NULL); - assert (buffer != NULL); - assert (n_buffer != NULL); - assert (msg->input != NULL); - - /* Check that we're supposed to be reading this at this point */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "fu")); - - /* The number of ulongs there's room for on the other end */ - if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &length)) - return PARSE_ERROR; - - *n_buffer = length; - *buffer = NULL; - - /* If set to zero, then they just want the length */ - if (length == 0) - return CKR_OK; - - *buffer = p11_rpc_message_alloc_extra (msg, length * sizeof (CK_ULONG)); - if (!*buffer) - return CKR_DEVICE_MEMORY; - - return CKR_OK; -} - -static CK_RV -proto_write_ulong_array (p11_rpc_message *msg, - CK_ULONG_PTR array, - CK_ULONG len, - CK_RV ret) -{ - assert (msg != NULL); - - /* - * When returning an ulong array, in many cases we need to pass - * an invalid array along with a length, which signifies CKR_BUFFER_TOO_SMALL. - */ - - switch (ret) { - case CKR_BUFFER_TOO_SMALL: - array = NULL; - /* fall through */ - case CKR_OK: - break; - - /* Pass all other errors straight through */ - default: - return ret; - }; - - if (!p11_rpc_message_write_ulong_array (msg, array, len)) - return PREP_ERROR; - - return CKR_OK; -} - -static CK_RV -proto_read_attribute_buffer (p11_rpc_message *msg, - CK_ATTRIBUTE_PTR *result, - CK_ULONG *n_result) -{ - CK_ATTRIBUTE_PTR attrs; - uint32_t n_attrs, i; - uint32_t value; - - assert (msg != NULL); - assert (result != NULL); - assert (n_result != NULL); - assert (msg->input != NULL); - - /* Make sure this is in the rigth order */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "fA")); - - /* Read the number of attributes */ - if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &n_attrs)) - return PARSE_ERROR; - - /* Allocate memory for the attribute structures */ - attrs = p11_rpc_message_alloc_extra (msg, n_attrs * sizeof (CK_ATTRIBUTE)); - if (attrs == NULL) - return CKR_DEVICE_MEMORY; - - /* Now go through and fill in each one */ - for (i = 0; i < n_attrs; ++i) { - - /* The attribute type */ - if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &value)) - return PARSE_ERROR; - - attrs[i].type = value; - - /* The number of bytes to allocate */ - if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &value)) - return PARSE_ERROR; - - if (value == 0) { - attrs[i].pValue = NULL; - attrs[i].ulValueLen = 0; - } else { - attrs[i].pValue = p11_rpc_message_alloc_extra (msg, value); - if (!attrs[i].pValue) - return CKR_DEVICE_MEMORY; - attrs[i].ulValueLen = value; - } - } - - *result = attrs; - *n_result = n_attrs; - return CKR_OK; -} - -static CK_RV -proto_read_attribute_array (p11_rpc_message *msg, - CK_ATTRIBUTE_PTR *result, - CK_ULONG *n_result) -{ - CK_ATTRIBUTE_PTR attrs; - const unsigned char *data; - unsigned char valid; - uint32_t n_attrs, i; - uint32_t value; - size_t n_data; - - assert (msg != NULL); - assert (result != NULL); - assert (n_result != NULL); - assert (msg->input != NULL); - - /* Make sure this is in the rigth order */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "aA")); - - /* Read the number of attributes */ - if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &n_attrs)) - return PARSE_ERROR; - - /* Allocate memory for the attribute structures */ - attrs = p11_rpc_message_alloc_extra (msg, n_attrs * sizeof (CK_ATTRIBUTE)); - if (attrs == NULL) - return CKR_DEVICE_MEMORY; - - /* Now go through and fill in each one */ - for (i = 0; i < n_attrs; ++i) { - - /* The attribute type */ - if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &value)) - return PARSE_ERROR; - - attrs[i].type = value; - - /* Whether this one is valid or not */ - if (!p11_rpc_buffer_get_byte (msg->input, &msg->parsed, &valid)) - return PARSE_ERROR; - - if (valid) { - if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &value)) - return PARSE_ERROR; - if (!p11_rpc_buffer_get_byte_array (msg->input, &msg->parsed, &data, &n_data)) - return PARSE_ERROR; - - if (data != NULL && n_data != value) { - p11_message ("attribute length and data do not match"); - return PARSE_ERROR; - } - - attrs[i].pValue = (CK_VOID_PTR)data; - attrs[i].ulValueLen = value; - } else { - attrs[i].pValue = NULL; - attrs[i].ulValueLen = -1; - } - } - - *result = attrs; - *n_result = n_attrs; - return CKR_OK; -} - -static CK_RV -proto_write_attribute_array (p11_rpc_message *msg, - CK_ATTRIBUTE_PTR array, - CK_ULONG len, - CK_RV ret) -{ - assert (msg != NULL); - - /* - * When returning an attribute array, certain errors aren't - * actually real errors, these are passed through to the other - * side along with the attribute array. - */ - - switch (ret) { - case CKR_ATTRIBUTE_SENSITIVE: - case CKR_ATTRIBUTE_TYPE_INVALID: - case CKR_BUFFER_TOO_SMALL: - case CKR_OK: - break; - - /* Pass all other errors straight through */ - default: - return ret; - }; - - if (!p11_rpc_message_write_attribute_array (msg, array, len) || - !p11_rpc_message_write_ulong (msg, ret)) - return PREP_ERROR; - - return CKR_OK; -} - -static CK_RV -proto_read_null_string (p11_rpc_message *msg, - CK_UTF8CHAR_PTR *val) -{ - const unsigned char *data; - size_t n_data; - - assert (msg != NULL); - assert (val != NULL); - assert (msg->input != NULL); - - /* Check that we're supposed to have this at this point */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "z")); - - if (!p11_rpc_buffer_get_byte_array (msg->input, &msg->parsed, &data, &n_data)) - return PARSE_ERROR; - - /* Allocate a block of memory for it */ - *val = p11_rpc_message_alloc_extra (msg, n_data + 1); - if (*val == NULL) - return CKR_DEVICE_MEMORY; - - memcpy (*val, data, n_data); - (*val)[n_data] = 0; - - return CKR_OK; -} - -static CK_RV -proto_read_mechanism (p11_rpc_message *msg, - CK_MECHANISM_PTR mech) -{ - const unsigned char *data; - uint32_t value; - size_t n_data; - - assert (msg != NULL); - assert (mech != NULL); - assert (msg->input != NULL); - - /* Make sure this is in the right order */ - assert (!msg->signature || p11_rpc_message_verify_part (msg, "M")); - - /* The mechanism type */ - if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &value)) - return PARSE_ERROR; - - /* The mechanism data */ - if (!p11_rpc_buffer_get_byte_array (msg->input, &msg->parsed, &data, &n_data)) - return PARSE_ERROR; - - mech->mechanism = value; - mech->pParameter = (CK_VOID_PTR)data; - mech->ulParameterLen = n_data; - return CKR_OK; -} - -static CK_RV -proto_write_info (p11_rpc_message *msg, - CK_INFO_PTR info) -{ - assert (msg != NULL); - assert (info != NULL); - - if (!p11_rpc_message_write_version (msg, &info->cryptokiVersion) || - !p11_rpc_message_write_space_string (msg, info->manufacturerID, 32) || - !p11_rpc_message_write_ulong (msg, info->flags) || - !p11_rpc_message_write_space_string (msg, info->libraryDescription, 32) || - !p11_rpc_message_write_version (msg, &info->libraryVersion)) - return PREP_ERROR; - - return CKR_OK; -} - -static CK_RV -proto_write_slot_info (p11_rpc_message *msg, - CK_SLOT_INFO_PTR info) -{ - assert (msg != NULL); - assert (info != NULL); - - if (!p11_rpc_message_write_space_string (msg, info->slotDescription, 64) || - !p11_rpc_message_write_space_string (msg, info->manufacturerID, 32) || - !p11_rpc_message_write_ulong (msg, info->flags) || - !p11_rpc_message_write_version (msg, &info->hardwareVersion) || - !p11_rpc_message_write_version (msg, &info->firmwareVersion)) - return PREP_ERROR; - - return CKR_OK; -} - -static CK_RV -proto_write_token_info (p11_rpc_message *msg, - CK_TOKEN_INFO_PTR info) -{ - assert (msg != NULL); - assert (info != NULL); - - if (!p11_rpc_message_write_space_string (msg, info->label, 32) || - !p11_rpc_message_write_space_string (msg, info->manufacturerID, 32) || - !p11_rpc_message_write_space_string (msg, info->model, 16) || - !p11_rpc_message_write_space_string (msg, info->serialNumber, 16) || - !p11_rpc_message_write_ulong (msg, info->flags) || - !p11_rpc_message_write_ulong (msg, info->ulMaxSessionCount) || - !p11_rpc_message_write_ulong (msg, info->ulSessionCount) || - !p11_rpc_message_write_ulong (msg, info->ulMaxRwSessionCount) || - !p11_rpc_message_write_ulong (msg, info->ulRwSessionCount) || - !p11_rpc_message_write_ulong (msg, info->ulMaxPinLen) || - !p11_rpc_message_write_ulong (msg, info->ulMinPinLen) || - !p11_rpc_message_write_ulong (msg, info->ulTotalPublicMemory) || - !p11_rpc_message_write_ulong (msg, info->ulFreePublicMemory) || - !p11_rpc_message_write_ulong (msg, info->ulTotalPrivateMemory) || - !p11_rpc_message_write_ulong (msg, info->ulFreePrivateMemory) || - !p11_rpc_message_write_version (msg, &info->hardwareVersion) || - !p11_rpc_message_write_version (msg, &info->firmwareVersion) || - !p11_rpc_message_write_space_string (msg, info->utcTime, 16)) - return PREP_ERROR; - - return CKR_OK; -} - -static CK_RV -proto_write_mechanism_info (p11_rpc_message *msg, - CK_MECHANISM_INFO_PTR info) -{ - assert (msg != NULL); - assert (info != NULL); - - if (!p11_rpc_message_write_ulong (msg, info->ulMinKeySize) || - !p11_rpc_message_write_ulong (msg, info->ulMaxKeySize) || - !p11_rpc_message_write_ulong (msg, info->flags)) - return PREP_ERROR; - - return CKR_OK; -} - -static CK_RV -proto_write_session_info (p11_rpc_message *msg, - CK_SESSION_INFO_PTR info) -{ - assert (msg != NULL); - assert (info != NULL); - - if (!p11_rpc_message_write_ulong (msg, info->slotID) || - !p11_rpc_message_write_ulong (msg, info->state) || - !p11_rpc_message_write_ulong (msg, info->flags) || - !p11_rpc_message_write_ulong (msg, info->ulDeviceError)) - return PREP_ERROR; - - return CKR_OK; -} - -static CK_RV -call_ready (p11_rpc_message *msg) -{ - assert (msg->output); - - /* - * Called right before invoking the actual PKCS#11 function - * Reading out of data is complete, get ready to write return values. - */ - - if (p11_buffer_failed (msg->output)) { - p11_message ("invalid request from module, probably too short"); \ - return PARSE_ERROR; - } - - assert (p11_rpc_message_is_verified (msg)); - - /* All done parsing input */ - msg->input = NULL; - - if (!p11_rpc_message_prep (msg, msg->call_id, P11_RPC_RESPONSE)) { - p11_message ("couldn't initialize rpc response"); - return CKR_DEVICE_MEMORY; - } - - return CKR_OK; -} - -/* ------------------------------------------------------------------- - * CALL MACROS - */ - -#define BEGIN_CALL(call_id) \ - p11_debug (#call_id ": enter"); \ - assert (msg != NULL); \ - assert (self != NULL); \ - { \ - CK_X_##call_id _func = self->C_##call_id; \ - CK_RV _ret = CKR_OK; \ - if (!_func) { _ret = CKR_GENERAL_ERROR; goto _cleanup; } - -#define PROCESS_CALL(args) \ - _ret = call_ready (msg); \ - if (_ret != CKR_OK) { goto _cleanup; } \ - _ret = _func args - -#define END_CALL \ - _cleanup: \ - p11_debug ("ret: %d", (int)_ret); \ - return _ret; \ - } - -#define IN_BYTE(val) \ - if (!p11_rpc_message_read_byte (msg, &val)) \ - { _ret = PARSE_ERROR; goto _cleanup; } - -#define IN_ULONG(val) \ - if (!p11_rpc_message_read_ulong (msg, &val)) \ - { _ret = PARSE_ERROR; goto _cleanup; } - -#define IN_STRING(val) \ - _ret = proto_read_null_string (msg, &val); \ - if (_ret != CKR_OK) goto _cleanup; - -#define IN_BYTE_BUFFER(buffer, buffer_len) \ - _ret = proto_read_byte_buffer (msg, &buffer, &buffer_len); \ - if (_ret != CKR_OK) goto _cleanup; - -#define IN_BYTE_ARRAY(buffer, buffer_len) \ - _ret = proto_read_byte_array (msg, &buffer, &buffer_len); \ - if (_ret != CKR_OK) goto _cleanup; - -#define IN_ULONG_BUFFER(buffer, buffer_len) \ - _ret = proto_read_ulong_buffer (msg, &buffer, &buffer_len); \ - if (_ret != CKR_OK) goto _cleanup; - -#define IN_ATTRIBUTE_BUFFER(buffer, buffer_len) \ - _ret = proto_read_attribute_buffer (msg, &buffer, &buffer_len); \ - if (_ret != CKR_OK) goto _cleanup; - -#define IN_ATTRIBUTE_ARRAY(attrs, n_attrs) \ - _ret = proto_read_attribute_array (msg, &attrs, &n_attrs); \ - if (_ret != CKR_OK) goto _cleanup; - -#define IN_MECHANISM(mech) \ - _ret = proto_read_mechanism (msg, &mech); \ - if (_ret != CKR_OK) goto _cleanup; - - -#define OUT_ULONG(val) \ - if (_ret == CKR_OK && !p11_rpc_message_write_ulong (msg, val)) \ - _ret = PREP_ERROR; - -#define OUT_BYTE_ARRAY(array, len) \ - /* Note how we filter return codes */ \ - _ret = proto_write_byte_array (msg, array, len, _ret); - -#define OUT_ULONG_ARRAY(array, len) \ - /* Note how we filter return codes */ \ - _ret = proto_write_ulong_array (msg, array, len, _ret); - -#define OUT_ATTRIBUTE_ARRAY(array, len) \ - /* Note how we filter return codes */ \ - _ret = proto_write_attribute_array (msg, array, len, _ret); - -#define OUT_INFO(val) \ - if (_ret == CKR_OK) \ - _ret = proto_write_info (msg, &val); - -#define OUT_SLOT_INFO(val) \ - if (_ret == CKR_OK) \ - _ret = proto_write_slot_info (msg, &val); - -#define OUT_TOKEN_INFO(val) \ - if (_ret == CKR_OK) \ - _ret = proto_write_token_info (msg, &val); - -#define OUT_MECHANISM_INFO(val) \ - if (_ret == CKR_OK) \ - _ret = proto_write_mechanism_info (msg, &val); - -#define OUT_SESSION_INFO(val) \ - if (_ret == CKR_OK) \ - _ret = proto_write_session_info (msg, &val); - -/* --------------------------------------------------------------------------- - * DISPATCH SPECIFIC CALLS - */ - -static CK_RV -rpc_C_Initialize (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_X_Initialize func; - CK_C_INITIALIZE_ARGS init_args; - CK_BYTE_PTR handshake; - CK_ULONG n_handshake; - CK_BYTE reserved_present = 0; - CK_BYTE_PTR reserved = NULL; - CK_ULONG n_reserved; - CK_RV ret = CKR_OK; - - p11_debug ("C_Initialize: enter"); - - assert (msg != NULL); - assert (self != NULL); - - ret = proto_read_byte_array (msg, &handshake, &n_handshake); - if (ret == CKR_OK) { - - /* Check to make sure the header matches */ - if (n_handshake != P11_RPC_HANDSHAKE_LEN || - memcmp (handshake, P11_RPC_HANDSHAKE, n_handshake) != 0) { - p11_message ("invalid handshake received from connecting module"); - ret = CKR_GENERAL_ERROR; - } - } - - if (ret == CKR_OK) { - if (!p11_rpc_message_read_byte (msg, &reserved_present)) - ret = PARSE_ERROR; - } - - if (ret == CKR_OK) { - ret = proto_read_byte_array (msg, &reserved, &n_reserved); - - assert (p11_rpc_message_is_verified (msg)); - } - - if (ret == CKR_OK) { - memset (&init_args, 0, sizeof (init_args)); - init_args.flags = CKF_OS_LOCKING_OK; - init_args.pReserved = reserved_present ? reserved : NULL; - - func = self->C_Initialize; - assert (func != NULL); - ret = (func) (self, &init_args); - - /* Empty response */ - if (ret == CKR_OK) - ret = call_ready (msg); - } - - p11_debug ("ret: %d", (int)ret); - return ret; -} - -static CK_RV -rpc_C_Finalize (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - BEGIN_CALL (Finalize); - PROCESS_CALL ((self, NULL)); - END_CALL; -} - -static CK_RV -rpc_C_GetInfo (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_INFO info; - - BEGIN_CALL (GetInfo); - PROCESS_CALL ((self, &info)); - OUT_INFO (info); - END_CALL; -} - -static CK_RV -rpc_C_GetSlotList (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_BBOOL token_present; - CK_SLOT_ID_PTR slot_list; - CK_ULONG count; - - BEGIN_CALL (GetSlotList); - IN_BYTE (token_present); - IN_ULONG_BUFFER (slot_list, count); - PROCESS_CALL ((self, token_present, slot_list, &count)); - OUT_ULONG_ARRAY (slot_list, count); - END_CALL; -} - -static CK_RV -rpc_C_GetSlotInfo (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SLOT_ID slot_id; - CK_SLOT_INFO info; - - BEGIN_CALL (GetSlotInfo); - IN_ULONG (slot_id); - PROCESS_CALL ((self, slot_id, &info)); - OUT_SLOT_INFO (info); - END_CALL; -} - -static CK_RV -rpc_C_GetTokenInfo (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SLOT_ID slot_id; - CK_TOKEN_INFO info; - - BEGIN_CALL (GetTokenInfo); - IN_ULONG (slot_id); - PROCESS_CALL ((self, slot_id, &info)); - OUT_TOKEN_INFO (info); - END_CALL; -} - -static CK_RV -rpc_C_GetMechanismList (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SLOT_ID slot_id; - CK_MECHANISM_TYPE_PTR mechanism_list; - CK_ULONG count; - - BEGIN_CALL (GetMechanismList); - IN_ULONG (slot_id); - IN_ULONG_BUFFER (mechanism_list, count); - PROCESS_CALL ((self, slot_id, mechanism_list, &count)); - OUT_ULONG_ARRAY (mechanism_list, count); - END_CALL; -} - -static CK_RV -rpc_C_GetMechanismInfo (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SLOT_ID slot_id; - CK_MECHANISM_TYPE type; - CK_MECHANISM_INFO info; - - BEGIN_CALL (GetMechanismInfo); - IN_ULONG (slot_id); - IN_ULONG (type); - PROCESS_CALL ((self, slot_id, type, &info)); - OUT_MECHANISM_INFO (info); - END_CALL; -} - -static CK_RV -rpc_C_InitToken (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SLOT_ID slot_id; - CK_UTF8CHAR_PTR pin; - CK_ULONG pin_len; - CK_UTF8CHAR_PTR label; - - BEGIN_CALL (InitToken); - IN_ULONG (slot_id); - IN_BYTE_ARRAY (pin, pin_len); - IN_STRING (label); - PROCESS_CALL ((self, slot_id, pin, pin_len, label)); - END_CALL; -} - -static CK_RV -rpc_C_WaitForSlotEvent (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_FLAGS flags; - CK_SLOT_ID slot_id; - - BEGIN_CALL (WaitForSlotEvent); - IN_ULONG (flags); - PROCESS_CALL ((self, flags, &slot_id, NULL)); - OUT_ULONG (slot_id); - END_CALL; -} - -static CK_RV -rpc_C_OpenSession (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SLOT_ID slot_id; - CK_FLAGS flags; - CK_SESSION_HANDLE session; - - BEGIN_CALL (OpenSession); - IN_ULONG (slot_id); - IN_ULONG (flags); - PROCESS_CALL ((self, slot_id, flags, NULL, NULL, &session)); - OUT_ULONG (session); - END_CALL; -} - - -static CK_RV -rpc_C_CloseSession (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - - BEGIN_CALL (CloseSession); - IN_ULONG (session); - PROCESS_CALL ((self, session)); - END_CALL; -} - -static CK_RV -rpc_C_CloseAllSessions (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SLOT_ID slot_id; - - /* Slot id becomes apartment so lower layers can tell clients apart. */ - - BEGIN_CALL (CloseAllSessions); - IN_ULONG (slot_id); - PROCESS_CALL ((self, slot_id)); - END_CALL; -} - -static CK_RV -rpc_C_GetSessionInfo (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_SESSION_INFO info; - - BEGIN_CALL (GetSessionInfo); - IN_ULONG (session); - PROCESS_CALL ((self, session, &info)); - OUT_SESSION_INFO (info); - END_CALL; -} - -static CK_RV -rpc_C_InitPIN (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_UTF8CHAR_PTR pin; - CK_ULONG pin_len; - - BEGIN_CALL (InitPIN); - IN_ULONG (session); - IN_BYTE_ARRAY (pin, pin_len); - PROCESS_CALL ((self, session, pin, pin_len)); - END_CALL; -} - -static CK_RV -rpc_C_SetPIN (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_UTF8CHAR_PTR old_pin; - CK_ULONG old_len; - CK_UTF8CHAR_PTR new_pin; - CK_ULONG new_len; - - BEGIN_CALL (SetPIN); - IN_ULONG (session); - IN_BYTE_ARRAY (old_pin, old_len); - IN_BYTE_ARRAY (new_pin, new_len); - PROCESS_CALL ((self, session, old_pin, old_len, new_pin, new_len)); - END_CALL; -} - -static CK_RV -rpc_C_GetOperationState (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR operation_state; - CK_ULONG operation_state_len; - - BEGIN_CALL (GetOperationState); - IN_ULONG (session); - IN_BYTE_BUFFER (operation_state, operation_state_len); - PROCESS_CALL ((self, session, operation_state, &operation_state_len)); - OUT_BYTE_ARRAY (operation_state, operation_state_len); - END_CALL; -} - -static CK_RV -rpc_C_SetOperationState (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR operation_state; - CK_ULONG operation_state_len; - CK_OBJECT_HANDLE encryption_key; - CK_OBJECT_HANDLE authentication_key; - - BEGIN_CALL (SetOperationState); - IN_ULONG (session); - IN_BYTE_ARRAY (operation_state, operation_state_len); - IN_ULONG (encryption_key); - IN_ULONG (authentication_key); - PROCESS_CALL ((self, session, operation_state, operation_state_len, encryption_key, authentication_key)); - END_CALL; -} - -static CK_RV -rpc_C_Login (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_USER_TYPE user_type; - CK_UTF8CHAR_PTR pin; - CK_ULONG pin_len; - - BEGIN_CALL (Login); - IN_ULONG (session); - IN_ULONG (user_type); - IN_BYTE_ARRAY (pin, pin_len); - PROCESS_CALL ((self, session, user_type, pin, pin_len)); - END_CALL; -} - -static CK_RV -rpc_C_Logout (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - - BEGIN_CALL (Logout); - IN_ULONG (session); - PROCESS_CALL ((self, session)); - END_CALL; -} - -static CK_RV -rpc_C_CreateObject (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_ATTRIBUTE_PTR template; - CK_ULONG count; - CK_OBJECT_HANDLE new_object; - - BEGIN_CALL (CreateObject); - IN_ULONG (session); - IN_ATTRIBUTE_ARRAY (template, count); - PROCESS_CALL ((self, session, template, count, &new_object)); - OUT_ULONG (new_object); - END_CALL; -} - -static CK_RV -rpc_C_CopyObject (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE object; - CK_ATTRIBUTE_PTR template; - CK_ULONG count; - CK_OBJECT_HANDLE new_object; - - BEGIN_CALL (CopyObject); - IN_ULONG (session); - IN_ULONG (object); - IN_ATTRIBUTE_ARRAY (template, count); - PROCESS_CALL ((self, session, object, template, count, &new_object)); - OUT_ULONG (new_object); - END_CALL; -} - -static CK_RV -rpc_C_DestroyObject (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE object; - - BEGIN_CALL (DestroyObject); - IN_ULONG (session); - IN_ULONG (object); - PROCESS_CALL ((self, session, object)); - END_CALL; -} - -static CK_RV -rpc_C_GetObjectSize (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE object; - CK_ULONG size; - - BEGIN_CALL (GetObjectSize); - IN_ULONG (session); - IN_ULONG (object); - PROCESS_CALL ((self, session, object, &size)); - OUT_ULONG (size); - END_CALL; -} - -static CK_RV -rpc_C_GetAttributeValue (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE object; - CK_ATTRIBUTE_PTR template; - CK_ULONG count; - - BEGIN_CALL (GetAttributeValue); - IN_ULONG (session); - IN_ULONG (object); - IN_ATTRIBUTE_BUFFER (template, count); - PROCESS_CALL ((self, session, object, template, count)); - OUT_ATTRIBUTE_ARRAY (template, count); - END_CALL; -} - -static CK_RV -rpc_C_SetAttributeValue (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE object; - CK_ATTRIBUTE_PTR template; - CK_ULONG count; - - BEGIN_CALL (SetAttributeValue); - IN_ULONG (session); - IN_ULONG (object); - IN_ATTRIBUTE_ARRAY (template, count); - PROCESS_CALL ((self, session, object, template, count)); - END_CALL; -} - -static CK_RV -rpc_C_FindObjectsInit (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_ATTRIBUTE_PTR template; - CK_ULONG count; - - BEGIN_CALL (FindObjectsInit); - IN_ULONG (session); - IN_ATTRIBUTE_ARRAY (template, count); - PROCESS_CALL ((self, session, template, count)); - END_CALL; -} - -static CK_RV -rpc_C_FindObjects (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE_PTR objects; - CK_ULONG max_object_count; - CK_ULONG object_count; - - BEGIN_CALL (FindObjects); - IN_ULONG (session); - IN_ULONG_BUFFER (objects, max_object_count); - PROCESS_CALL ((self, session, objects, max_object_count, &object_count)); - OUT_ULONG_ARRAY (objects, object_count); - END_CALL; -} - -static CK_RV -rpc_C_FindObjectsFinal (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - - BEGIN_CALL (FindObjectsFinal); - IN_ULONG (session); - PROCESS_CALL ((self, session)); - END_CALL; -} - -static CK_RV -rpc_C_EncryptInit (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; - CK_OBJECT_HANDLE key; - - BEGIN_CALL (EncryptInit); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ULONG (key); - PROCESS_CALL ((self, session, &mechanism, key)); - END_CALL; - -} - -static CK_RV -rpc_C_Encrypt (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR data; - CK_ULONG data_len; - CK_BYTE_PTR encrypted_data; - CK_ULONG encrypted_data_len; - - BEGIN_CALL (Encrypt); - IN_ULONG (session); - IN_BYTE_ARRAY (data, data_len); - IN_BYTE_BUFFER (encrypted_data, encrypted_data_len); - PROCESS_CALL ((self, session, data, data_len, encrypted_data, &encrypted_data_len)); - OUT_BYTE_ARRAY (encrypted_data, encrypted_data_len); - END_CALL; -} - -static CK_RV -rpc_C_EncryptUpdate (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR part; - CK_ULONG part_len; - CK_BYTE_PTR encrypted_part; - CK_ULONG encrypted_part_len; - - BEGIN_CALL (EncryptUpdate); - IN_ULONG (session); - IN_BYTE_ARRAY (part, part_len); - IN_BYTE_BUFFER (encrypted_part, encrypted_part_len); - PROCESS_CALL ((self, session, part, part_len, encrypted_part, &encrypted_part_len)); - OUT_BYTE_ARRAY (encrypted_part, encrypted_part_len); - END_CALL; -} - -static CK_RV -rpc_C_EncryptFinal (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR last_encrypted_part; - CK_ULONG last_encrypted_part_len; - - BEGIN_CALL (EncryptFinal); - IN_ULONG (session); - IN_BYTE_BUFFER (last_encrypted_part, last_encrypted_part_len); - PROCESS_CALL ((self, session, last_encrypted_part, &last_encrypted_part_len)); - OUT_BYTE_ARRAY (last_encrypted_part, last_encrypted_part_len); - END_CALL; -} - -static CK_RV -rpc_C_DecryptInit (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; - CK_OBJECT_HANDLE key; - - BEGIN_CALL (DecryptInit); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ULONG (key); - PROCESS_CALL ((self, session, &mechanism, key)); - END_CALL; -} - -static CK_RV -rpc_C_Decrypt (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR encrypted_data; - CK_ULONG encrypted_data_len; - CK_BYTE_PTR data; - CK_ULONG data_len; - - BEGIN_CALL (Decrypt); - IN_ULONG (session); - IN_BYTE_ARRAY (encrypted_data, encrypted_data_len); - IN_BYTE_BUFFER (data, data_len); - PROCESS_CALL ((self, session, encrypted_data, encrypted_data_len, data, &data_len)); - OUT_BYTE_ARRAY (data, data_len); - END_CALL; -} - -static CK_RV -rpc_C_DecryptUpdate (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR encrypted_part; - CK_ULONG encrypted_part_len; - CK_BYTE_PTR part; - CK_ULONG part_len; - - BEGIN_CALL (DecryptUpdate); - IN_ULONG (session); - IN_BYTE_ARRAY (encrypted_part, encrypted_part_len); - IN_BYTE_BUFFER (part, part_len); - PROCESS_CALL ((self, session, encrypted_part, encrypted_part_len, part, &part_len)); - OUT_BYTE_ARRAY (part, part_len); - END_CALL; -} - -static CK_RV -rpc_C_DecryptFinal (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR last_part; - CK_ULONG last_part_len; - - BEGIN_CALL (DecryptFinal); - IN_ULONG (session); - IN_BYTE_BUFFER (last_part, last_part_len); - PROCESS_CALL ((self, session, last_part, &last_part_len)); - OUT_BYTE_ARRAY (last_part, last_part_len); - END_CALL; -} - -static CK_RV -rpc_C_DigestInit (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; - - BEGIN_CALL (DigestInit); - IN_ULONG (session); - IN_MECHANISM (mechanism); - PROCESS_CALL ((self, session, &mechanism)); - END_CALL; -} - -static CK_RV -rpc_C_Digest (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR data; - CK_ULONG data_len; - CK_BYTE_PTR digest; - CK_ULONG digest_len; - - BEGIN_CALL (Digest); - IN_ULONG (session); - IN_BYTE_ARRAY (data, data_len); - IN_BYTE_BUFFER (digest, digest_len); - PROCESS_CALL ((self, session, data, data_len, digest, &digest_len)); - OUT_BYTE_ARRAY (digest, digest_len); - END_CALL; -} - -static CK_RV -rpc_C_DigestUpdate (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR part; - CK_ULONG part_len; - - BEGIN_CALL (DigestUpdate); - IN_ULONG (session); - IN_BYTE_ARRAY (part, part_len); - PROCESS_CALL ((self, session, part, part_len)); - END_CALL; -} - -static CK_RV -rpc_C_DigestKey (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE key; - - BEGIN_CALL (DigestKey); - IN_ULONG (session); - IN_ULONG (key); - PROCESS_CALL ((self, session, key)); - END_CALL; -} - -static CK_RV -rpc_C_DigestFinal (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR digest; - CK_ULONG digest_len; - - BEGIN_CALL (DigestFinal); - IN_ULONG (session); - IN_BYTE_BUFFER (digest, digest_len); - PROCESS_CALL ((self, session, digest, &digest_len)); - OUT_BYTE_ARRAY (digest, digest_len); - END_CALL; -} - -static CK_RV -rpc_C_SignInit (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; - CK_OBJECT_HANDLE key; - - BEGIN_CALL (SignInit); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ULONG (key); - PROCESS_CALL ((self, session, &mechanism, key)); - END_CALL; -} - -static CK_RV -rpc_C_Sign (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR part; - CK_ULONG part_len; - CK_BYTE_PTR signature; - CK_ULONG signature_len; - - BEGIN_CALL (Sign); - IN_ULONG (session); - IN_BYTE_ARRAY (part, part_len); - IN_BYTE_BUFFER (signature, signature_len); - PROCESS_CALL ((self, session, part, part_len, signature, &signature_len)); - OUT_BYTE_ARRAY (signature, signature_len); - END_CALL; - -} - -static CK_RV -rpc_C_SignUpdate (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR part; - CK_ULONG part_len; - - BEGIN_CALL (SignUpdate); - IN_ULONG (session); - IN_BYTE_ARRAY (part, part_len); - PROCESS_CALL ((self, session, part, part_len)); - END_CALL; -} - -static CK_RV -rpc_C_SignFinal (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR signature; - CK_ULONG signature_len; - - BEGIN_CALL (SignFinal); - IN_ULONG (session); - IN_BYTE_BUFFER (signature, signature_len); - PROCESS_CALL ((self, session, signature, &signature_len)); - OUT_BYTE_ARRAY (signature, signature_len); - END_CALL; -} - -static CK_RV -rpc_C_SignRecoverInit (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; - CK_OBJECT_HANDLE key; - - BEGIN_CALL (SignRecoverInit); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ULONG (key); - PROCESS_CALL ((self, session, &mechanism, key)); - END_CALL; -} - -static CK_RV -rpc_C_SignRecover (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR data; - CK_ULONG data_len; - CK_BYTE_PTR signature; - CK_ULONG signature_len; - - BEGIN_CALL (SignRecover); - IN_ULONG (session); - IN_BYTE_ARRAY (data, data_len); - IN_BYTE_BUFFER (signature, signature_len); - PROCESS_CALL ((self, session, data, data_len, signature, &signature_len)); - OUT_BYTE_ARRAY (signature, signature_len); - END_CALL; -} - -static CK_RV -rpc_C_VerifyInit (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; - CK_OBJECT_HANDLE key; - - BEGIN_CALL (VerifyInit); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ULONG (key); - PROCESS_CALL ((self, session, &mechanism, key)); - END_CALL; -} - -static CK_RV -rpc_C_Verify (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR data; - CK_ULONG data_len; - CK_BYTE_PTR signature; - CK_ULONG signature_len; - - BEGIN_CALL (Verify); - IN_ULONG (session); - IN_BYTE_ARRAY (data, data_len); - IN_BYTE_ARRAY (signature, signature_len); - PROCESS_CALL ((self, session, data, data_len, signature, signature_len)); - END_CALL; -} - -static CK_RV -rpc_C_VerifyUpdate (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR part; - CK_ULONG part_len; - - BEGIN_CALL (VerifyUpdate); - IN_ULONG (session); - IN_BYTE_ARRAY (part, part_len); - PROCESS_CALL ((self, session, part, part_len)); - END_CALL; -} - -static CK_RV -rpc_C_VerifyFinal (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR signature; - CK_ULONG signature_len; - - BEGIN_CALL (VerifyFinal); - IN_ULONG (session); - IN_BYTE_ARRAY (signature, signature_len); - PROCESS_CALL ((self, session, signature, signature_len)); - END_CALL; -} - -static CK_RV -rpc_C_VerifyRecoverInit (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; - CK_OBJECT_HANDLE key; - - BEGIN_CALL (VerifyRecoverInit); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ULONG (key); - PROCESS_CALL ((self, session, &mechanism, key)); - END_CALL; -} - -static CK_RV -rpc_C_VerifyRecover (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR signature; - CK_ULONG signature_len; - CK_BYTE_PTR data; - CK_ULONG data_len; - - BEGIN_CALL (VerifyRecover); - IN_ULONG (session); - IN_BYTE_ARRAY (signature, signature_len); - IN_BYTE_BUFFER (data, data_len); - PROCESS_CALL ((self, session, signature, signature_len, data, &data_len)); - OUT_BYTE_ARRAY (data, data_len); - END_CALL; -} - -static CK_RV -rpc_C_DigestEncryptUpdate (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR part; - CK_ULONG part_len; - CK_BYTE_PTR encrypted_part; - CK_ULONG encrypted_part_len; - - BEGIN_CALL (DigestEncryptUpdate); - IN_ULONG (session); - IN_BYTE_ARRAY (part, part_len); - IN_BYTE_BUFFER (encrypted_part, encrypted_part_len); - PROCESS_CALL ((self, session, part, part_len, encrypted_part, &encrypted_part_len)); - OUT_BYTE_ARRAY (encrypted_part, encrypted_part_len); - END_CALL; -} - -static CK_RV -rpc_C_DecryptDigestUpdate (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR encrypted_part; - CK_ULONG encrypted_part_len; - CK_BYTE_PTR part; - CK_ULONG part_len; - - BEGIN_CALL (DecryptDigestUpdate); - IN_ULONG (session); - IN_BYTE_ARRAY (encrypted_part, encrypted_part_len); - IN_BYTE_BUFFER (part, part_len); - PROCESS_CALL ((self, session, encrypted_part, encrypted_part_len, part, &part_len)); - OUT_BYTE_ARRAY (part, part_len); - END_CALL; -} - -static CK_RV -rpc_C_SignEncryptUpdate (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR part; - CK_ULONG part_len; - CK_BYTE_PTR encrypted_part; - CK_ULONG encrypted_part_len; - - BEGIN_CALL (SignEncryptUpdate); - IN_ULONG (session); - IN_BYTE_ARRAY (part, part_len); - IN_BYTE_BUFFER (encrypted_part, encrypted_part_len); - PROCESS_CALL ((self, session, part, part_len, encrypted_part, &encrypted_part_len)); - OUT_BYTE_ARRAY (encrypted_part, encrypted_part_len); - END_CALL; -} - -static CK_RV -rpc_C_DecryptVerifyUpdate (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR encrypted_part; - CK_ULONG encrypted_part_len; - CK_BYTE_PTR part; - CK_ULONG part_len; - - BEGIN_CALL (DecryptVerifyUpdate); - IN_ULONG (session); - IN_BYTE_ARRAY (encrypted_part, encrypted_part_len); - IN_BYTE_BUFFER (part, part_len); - PROCESS_CALL ((self, session, encrypted_part, encrypted_part_len, part, &part_len)); - OUT_BYTE_ARRAY (part, part_len); - END_CALL; -} - -static CK_RV -rpc_C_GenerateKey (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; - CK_ATTRIBUTE_PTR template; - CK_ULONG count; - CK_OBJECT_HANDLE key; - - BEGIN_CALL (GenerateKey); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ATTRIBUTE_ARRAY (template, count); - PROCESS_CALL ((self, session, &mechanism, template, count, &key)); - OUT_ULONG (key); - END_CALL; -} - -static CK_RV -rpc_C_GenerateKeyPair (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; - CK_ATTRIBUTE_PTR public_key_template; - CK_ULONG public_key_attribute_count; - CK_ATTRIBUTE_PTR private_key_template; - CK_ULONG private_key_attribute_count; - CK_OBJECT_HANDLE public_key; - CK_OBJECT_HANDLE private_key; - - BEGIN_CALL (GenerateKeyPair); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ATTRIBUTE_ARRAY (public_key_template, public_key_attribute_count); - IN_ATTRIBUTE_ARRAY (private_key_template, private_key_attribute_count); - PROCESS_CALL ((self, session, &mechanism, public_key_template, public_key_attribute_count, private_key_template, private_key_attribute_count, &public_key, &private_key)); - OUT_ULONG (public_key); - OUT_ULONG (private_key); - END_CALL; -} - -static CK_RV -rpc_C_WrapKey (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; - CK_OBJECT_HANDLE wrapping_key; - CK_OBJECT_HANDLE key; - CK_BYTE_PTR wrapped_key; - CK_ULONG wrapped_key_len; - - BEGIN_CALL (WrapKey); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ULONG (wrapping_key); - IN_ULONG (key); - IN_BYTE_BUFFER (wrapped_key, wrapped_key_len); - PROCESS_CALL ((self, session, &mechanism, wrapping_key, key, wrapped_key, &wrapped_key_len)); - OUT_BYTE_ARRAY (wrapped_key, wrapped_key_len); - END_CALL; -} - -static CK_RV -rpc_C_UnwrapKey (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; - CK_OBJECT_HANDLE unwrapping_key; - CK_BYTE_PTR wrapped_key; - CK_ULONG wrapped_key_len; - CK_ATTRIBUTE_PTR template; - CK_ULONG attribute_count; - CK_OBJECT_HANDLE key; - - BEGIN_CALL (UnwrapKey); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ULONG (unwrapping_key); - IN_BYTE_ARRAY (wrapped_key, wrapped_key_len); - IN_ATTRIBUTE_ARRAY (template, attribute_count); - PROCESS_CALL ((self, session, &mechanism, unwrapping_key, wrapped_key, wrapped_key_len, template, attribute_count, &key)); - OUT_ULONG (key); - END_CALL; -} - -static CK_RV -rpc_C_DeriveKey (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; - CK_OBJECT_HANDLE base_key; - CK_ATTRIBUTE_PTR template; - CK_ULONG attribute_count; - CK_OBJECT_HANDLE key; - - BEGIN_CALL (DeriveKey); - IN_ULONG (session); - IN_MECHANISM (mechanism); - IN_ULONG (base_key); - IN_ATTRIBUTE_ARRAY (template, attribute_count); - PROCESS_CALL ((self, session, &mechanism, base_key, template, attribute_count, &key)); - OUT_ULONG (key); - END_CALL; -} - -static CK_RV -rpc_C_SeedRandom (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR seed; - CK_ULONG seed_len; - - BEGIN_CALL (SeedRandom); - IN_ULONG (session); - IN_BYTE_ARRAY (seed, seed_len); - PROCESS_CALL ((self, session, seed, seed_len)); - END_CALL; -} - -static CK_RV -rpc_C_GenerateRandom (CK_X_FUNCTION_LIST *self, - p11_rpc_message *msg) -{ - CK_SESSION_HANDLE session; - CK_BYTE_PTR random_data; - CK_ULONG random_len; - - BEGIN_CALL (GenerateRandom); - IN_ULONG (session); - IN_BYTE_BUFFER (random_data, random_len); - PROCESS_CALL ((self, session, random_data, random_len)); - OUT_BYTE_ARRAY (random_data, random_len); - END_CALL; -} - -bool -p11_rpc_server_handle (CK_X_FUNCTION_LIST *self, - p11_buffer *request, - p11_buffer *response) -{ - p11_rpc_message msg; - CK_RV ret; - int req_id; - - return_val_if_fail (self != NULL, false); - return_val_if_fail (request != NULL, false); - return_val_if_fail (response != NULL, false); - - p11_message_clear (); - - p11_rpc_message_init (&msg, request, response); - - if (!p11_rpc_message_parse (&msg, P11_RPC_REQUEST)) { - p11_rpc_message_clear (&msg); - p11_message ("couldn't parse pkcs11 rpc message"); - return false; - } - - /* This should have been checked by the parsing code */ - assert (msg.call_id > P11_RPC_CALL_ERROR); - assert (msg.call_id < P11_RPC_CALL_MAX); - req_id = msg.call_id; - - switch(req_id) { - #define CASE_CALL(name) \ - case P11_RPC_CALL_##name: \ - ret = rpc_##name (self, &msg); \ - break; - CASE_CALL (C_Initialize) - CASE_CALL (C_Finalize) - CASE_CALL (C_GetInfo) - CASE_CALL (C_GetSlotList) - CASE_CALL (C_GetSlotInfo) - CASE_CALL (C_GetTokenInfo) - CASE_CALL (C_GetMechanismList) - CASE_CALL (C_GetMechanismInfo) - CASE_CALL (C_InitToken) - CASE_CALL (C_OpenSession) - CASE_CALL (C_CloseSession) - CASE_CALL (C_CloseAllSessions) - CASE_CALL (C_GetSessionInfo) - CASE_CALL (C_InitPIN) - CASE_CALL (C_SetPIN) - CASE_CALL (C_GetOperationState) - CASE_CALL (C_SetOperationState) - CASE_CALL (C_Login) - CASE_CALL (C_Logout) - CASE_CALL (C_CreateObject) - CASE_CALL (C_CopyObject) - CASE_CALL (C_DestroyObject) - CASE_CALL (C_GetObjectSize) - CASE_CALL (C_GetAttributeValue) - CASE_CALL (C_SetAttributeValue) - CASE_CALL (C_FindObjectsInit) - CASE_CALL (C_FindObjects) - CASE_CALL (C_FindObjectsFinal) - CASE_CALL (C_EncryptInit) - CASE_CALL (C_Encrypt) - CASE_CALL (C_EncryptUpdate) - CASE_CALL (C_EncryptFinal) - CASE_CALL (C_DecryptInit) - CASE_CALL (C_Decrypt) - CASE_CALL (C_DecryptUpdate) - CASE_CALL (C_DecryptFinal) - CASE_CALL (C_DigestInit) - CASE_CALL (C_Digest) - CASE_CALL (C_DigestUpdate) - CASE_CALL (C_DigestKey) - CASE_CALL (C_DigestFinal) - CASE_CALL (C_SignInit) - CASE_CALL (C_Sign) - CASE_CALL (C_SignUpdate) - CASE_CALL (C_SignFinal) - CASE_CALL (C_SignRecoverInit) - CASE_CALL (C_SignRecover) - CASE_CALL (C_VerifyInit) - CASE_CALL (C_Verify) - CASE_CALL (C_VerifyUpdate) - CASE_CALL (C_VerifyFinal) - CASE_CALL (C_VerifyRecoverInit) - CASE_CALL (C_VerifyRecover) - CASE_CALL (C_DigestEncryptUpdate) - CASE_CALL (C_DecryptDigestUpdate) - CASE_CALL (C_SignEncryptUpdate) - CASE_CALL (C_DecryptVerifyUpdate) - CASE_CALL (C_GenerateKey) - CASE_CALL (C_GenerateKeyPair) - CASE_CALL (C_WrapKey) - CASE_CALL (C_UnwrapKey) - CASE_CALL (C_DeriveKey) - CASE_CALL (C_SeedRandom) - CASE_CALL (C_GenerateRandom) - CASE_CALL (C_WaitForSlotEvent) - #undef CASE_CALL - default: - /* This should have been caught by the parse code */ - assert (0 && "Unchecked call"); - break; - }; - - if (p11_buffer_failed (msg.output)) { - p11_message ("out of memory error putting together message"); - p11_rpc_message_clear (&msg); - return false; - } - - /* A filled in response */ - if (ret == CKR_OK) { - - /* - * Since we're dealing with many many functions above generating - * these messages we want to make sure each of them actually - * does what it's supposed to. - */ - assert (p11_rpc_message_is_verified (&msg)); - assert (msg.call_type == P11_RPC_RESPONSE); - assert (msg.call_id == req_id); - assert (p11_rpc_calls[msg.call_id].response); - assert (strcmp (p11_rpc_calls[msg.call_id].response, msg.signature) == 0); - - /* Fill in an error respnose */ - } else { - if (!p11_rpc_message_prep (&msg, P11_RPC_CALL_ERROR, P11_RPC_RESPONSE) || - !p11_rpc_message_write_ulong (&msg, (uint32_t)ret) || - p11_buffer_failed (msg.output)) { - p11_message ("out of memory responding with error"); - p11_rpc_message_clear (&msg); - return false; - } - } - - p11_rpc_message_clear (&msg); - return true; -} - -int -p11_kit_remote_serve_module (CK_FUNCTION_LIST *module, - int in_fd, - int out_fd) -{ - p11_rpc_status status; - unsigned char version; - p11_virtual virt; - p11_buffer options; - p11_buffer buffer; - size_t state; - int ret = 1; - int code; - - return_val_if_fail (module != NULL, 1); - - p11_buffer_init (&options, 0); - p11_buffer_init (&buffer, 0); - - p11_virtual_init (&virt, &p11_virtual_base, module, NULL); - - switch (read (in_fd, &version, 1)) { - case 0: - goto out; - case 1: - if (version != 0) { - p11_message ("unspported version received: %d", (int)version); - goto out; - } - break; - default: - p11_message_err (errno, "couldn't read credential byte"); - goto out; - } - - version = 0; - switch (write (out_fd, &version, out_fd)) { - case 1: - break; - default: - p11_message_err (errno, "couldn't write credential byte"); - goto out; - } - - status = P11_RPC_OK; - while (status == P11_RPC_OK) { - state = 0; - code = 0; - - do { - status = p11_rpc_transport_read (in_fd, &state, &code, - &options, &buffer); - } while (status == P11_RPC_AGAIN); - - switch (status) { - case P11_RPC_OK: - break; - case P11_RPC_EOF: - ret = 0; - continue; - case P11_RPC_AGAIN: - assert_not_reached (); - case P11_RPC_ERROR: - p11_message_err (errno, "failed to read rpc message"); - goto out; - } - - if (!p11_rpc_server_handle (&virt.funcs, &buffer, &buffer)) { - p11_message ("unexpected error handling rpc message"); - goto out; - } - - state = 0; - options.len = 0; - do { - status = p11_rpc_transport_write (out_fd, &state, code, - &options, &buffer); - } while (status == P11_RPC_AGAIN); - - switch (status) { - case P11_RPC_OK: - break; - case P11_RPC_EOF: - case P11_RPC_AGAIN: - assert_not_reached (); - case P11_RPC_ERROR: - p11_message_err (errno, "failed to write rpc message"); - goto out; - } - } - -out: - p11_buffer_uninit (&buffer); - p11_buffer_uninit (&options); - - p11_virtual_uninit (&virt); - - return ret; -} diff --git a/p11-kit/rpc-transport.c b/p11-kit/rpc-transport.c deleted file mode 100644 index 5251e11..0000000 --- a/p11-kit/rpc-transport.c +++ /dev/null @@ -1,864 +0,0 @@ -/* - * Copyright (C) 2012 Stefan Walter - * Copyright (C) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@gnome.org> - */ - -#include "config.h" - -#include "argv.h" -#include "compat.h" -#define P11_DEBUG_FLAG P11_DEBUG_RPC -#include "debug.h" -#include "message.h" -#include "pkcs11.h" -#include "private.h" -#include "rpc.h" -#include "rpc-message.h" - -#include <sys/types.h> - -#include <assert.h> -#include <errno.h> -#include <fcntl.h> -#include <stdint.h> -#include <stdlib.h> -#include <string.h> - -#ifdef OS_UNIX -#include <sys/select.h> -#include <sys/socket.h> -#include <sys/wait.h> -#include <sys/un.h> -#include <signal.h> -#include <unistd.h> -#endif - -#ifdef OS_WIN32 -#include <winsock2.h> -#ifndef EWOULDBLOCK -#define EWOULDBLOCK WSAEWOULDBLOCK -#endif -#endif - -#ifndef EPROTO -#define EPROTO EIO -#endif - -typedef struct { - /* Never changes */ - int fd; - - /* Protected by the lock */ - p11_mutex_t write_lock; - int refs; - int last_code; - bool sent_creds; - - /* This data is protected by read mutex */ - p11_mutex_t read_lock; - bool read_creds; - uint32_t read_code; - uint32_t read_olen; - uint32_t read_dlen; -} rpc_socket; - -static rpc_socket * -rpc_socket_new (int fd) -{ - rpc_socket *sock; - - sock = calloc (1, sizeof (rpc_socket)); - return_val_if_fail (sock != NULL, NULL); - - sock->fd = fd; - sock->last_code = 0x10; - sock->read_creds = false; - sock->sent_creds = false; - sock->refs = 1; - - p11_mutex_init (&sock->write_lock); - p11_mutex_init (&sock->read_lock); - - return sock; -} - -#if 0 -static rpc_socket * -rpc_socket_ref (rpc_socket *sock) -{ - assert (sock != NULL); - - p11_mutex_lock (&sock->write_lock); - sock->refs++; - p11_mutex_unlock (&sock->write_lock); - - return sock; -} - -static bool -rpc_socket_is_open (rpc_socket *sock) -{ - assert (sock != NULL); - return sock->fd >= 0; -} -#endif - -static void -rpc_socket_close (rpc_socket *sock) -{ - assert (sock != NULL); - if (sock->fd != -1) - close (sock->fd); - sock->fd = -1; -} - -static void -rpc_socket_unref (rpc_socket *sock) -{ - int release = 0; - - assert (sock != NULL); - - p11_mutex_lock (&sock->write_lock); - if (--sock->refs == 0) - release = 1; - p11_mutex_unlock (&sock->write_lock); - - if (!release) - return; - - assert (sock != NULL); - assert (sock->refs == 0); - - rpc_socket_close (sock); - p11_mutex_uninit (&sock->write_lock); - p11_mutex_uninit (&sock->read_lock); -} - -static bool -write_all (int fd, - unsigned char* data, - size_t len) -{ - int r; - - while (len > 0) { - r = write (fd, data, len); - if (r == -1) { - if (errno == EPIPE) { - p11_message ("couldn't send data: closed connection"); - return false; - } else if (errno != EAGAIN && errno != EINTR) { - p11_message_err (errno, "couldn't send data"); - return false; - } - } else { - p11_debug ("wrote %d bytes", r); - data += r; - len -= r; - } - } - - return true; -} - -static bool -read_all (int fd, - unsigned char* data, - size_t len) -{ - int r; - - while (len > 0) { - r = read (fd, data, len); - if (r == 0) { - p11_message ("couldn't receive data: closed connection"); - return false; - } else if (r == -1) { - if (errno != EAGAIN && errno != EINTR) { - p11_message_err (errno, "couldn't receive data"); - return false; - } - } else { - p11_debug ("read %d bytes", r); - data += r; - len -= r; - } - } - - return true; -} - -static CK_RV -rpc_socket_write_inlock (rpc_socket *sock, - int code, - p11_buffer *options, - p11_buffer *buffer) -{ - unsigned char header[12]; - unsigned char dummy = '\0'; - - /* The socket is locked and referenced at this point */ - assert (buffer != NULL); - - /* Place holder byte, will later carry unix credentials (on some systems) */ - if (!sock->sent_creds) { - if (write_all (sock->fd, &dummy, 1) != 1) { - p11_message_err (errno, "couldn't send socket credentials"); - return CKR_DEVICE_ERROR; - } - sock->sent_creds = true; - } - - p11_rpc_buffer_encode_uint32 (header, code); - p11_rpc_buffer_encode_uint32 (header + 4, options->len); - p11_rpc_buffer_encode_uint32 (header + 8, buffer->len); - - if (!write_all (sock->fd, header, 12) || - !write_all (sock->fd, options->data, options->len) || - !write_all (sock->fd, buffer->data, buffer->len)) - return CKR_DEVICE_ERROR; - - return CKR_OK; -} - -static p11_rpc_status -write_at (int fd, - unsigned char *data, - size_t len, - size_t offset, - size_t *at) -{ - p11_rpc_status status; - ssize_t num; - size_t from; - int errn; - - assert (*at >= offset); - - if (*at >= offset + len) - return P11_RPC_OK; - - from = *at - offset; - assert (from < len); - - num = write (fd, data + from, len - from); - errn = errno; - - /* Update state */ - if (num > 0) - *at += num; - - /* Completely written out this block */ - if (num == len - from) { - p11_debug ("ok: wrote block of %d", (int)num); - status = P11_RPC_OK; - - /* Partially written out this block */ - } else if (num >= 0) { - p11_debug ("again: partial read of %d", (int)num); - status = P11_RPC_AGAIN; - - /* Didn't write out block due to transient issue */ - } else if (errn == EINTR || errn == EAGAIN || errn == EWOULDBLOCK) { - p11_debug ("again: due to %d", errn); - status = P11_RPC_AGAIN; - - /* Failure */ - } else { - p11_debug ("error: due to %d", errn); - status = P11_RPC_ERROR; - } - - errno = errn; - return status; -} - -p11_rpc_status -p11_rpc_transport_write (int fd, - size_t *state, - int call_code, - p11_buffer *options, - p11_buffer *buffer) -{ - unsigned char header[12] = { 0, }; - p11_rpc_status status; - - assert (state != NULL); - assert (options != NULL); - assert (buffer != NULL); - - if (*state < 12) { - p11_rpc_buffer_encode_uint32 (header, call_code); - p11_rpc_buffer_encode_uint32 (header + 4, options->len); - p11_rpc_buffer_encode_uint32 (header + 8, buffer->len); - } - - status = write_at (fd, header, 12, 0, state); - - if (status == P11_RPC_OK) { - status = write_at (fd, options->data, options->len, - 12, state); - } - - if (status == P11_RPC_OK) { - status = write_at (fd, buffer->data, buffer->len, - 12 + options->len, state); - } - - /* All done */ - if (status == P11_RPC_OK) - *state = 0; - - return status; -} - -static int -rpc_socket_read (rpc_socket *sock, - int *code, - p11_buffer *buffer) -{ - CK_RV ret = CKR_DEVICE_ERROR; - unsigned char header[12]; - unsigned char dummy; - fd_set rfds; - - assert (code != NULL); - assert (buffer != NULL); - - /* - * We are not in the main socket lock here, but the socket - * is referenced, and won't go away - */ - - p11_mutex_lock (&sock->read_lock); - - if (!sock->read_creds) { - if (read_all (sock->fd, &dummy, 1) != 1) { - p11_mutex_unlock (&sock->read_lock); - return CKR_DEVICE_ERROR; - } - sock->read_creds = true; - } - - for (;;) { - /* No message header has been read yet? ... read one in */ - if (sock->read_code == 0) { - if (!read_all (sock->fd, header, 12)) - break; - - /* Decode and check the message header */ - sock->read_code = p11_rpc_buffer_decode_uint32 (header); - sock->read_olen = p11_rpc_buffer_decode_uint32 (header + 4); - sock->read_dlen = p11_rpc_buffer_decode_uint32 (header + 8); - if (sock->read_code == 0) { - p11_message ("received invalid rpc header values: perhaps wrong protocol"); - break; - } - } - - /* If it's our header (or caller doesn't care), then yay! */ - if (*code == -1 || sock->read_code == *code) { - - /* We ignore the options, so read into the same as buffer */ - if (!p11_buffer_reset (buffer, sock->read_olen) || - !p11_buffer_reset (buffer, sock->read_dlen)) { - warn_if_reached (); - break; - } - - /* Read in the the options first, and then data */ - if (!read_all (sock->fd, buffer->data, sock->read_olen) || - !read_all (sock->fd, buffer->data, sock->read_dlen)) - break; - - buffer->len = sock->read_dlen; - *code = sock->read_code; - - /* Yay, we got our data, off we go */ - sock->read_code = 0; - sock->read_olen = 0; - sock->read_dlen = 0; - ret = CKR_OK; - break; - } - - /* Give another thread the chance to read data for this header */ - if (sock->read_code != 0) { - p11_debug ("received header in wrong thread"); - p11_mutex_unlock (&sock->read_lock); - - /* Used as a simple wait */ - FD_ZERO (&rfds); - FD_SET (sock->fd, &rfds); - if (select (sock->fd + 1, &rfds, NULL, NULL, NULL) < 0) - p11_message ("couldn't use select to wait on rpc socket"); - - p11_mutex_lock (&sock->read_lock); - } - } - - p11_mutex_unlock (&sock->read_lock); - return ret; -} - -static p11_rpc_status -read_at (int fd, - unsigned char *data, - size_t len, - size_t offset, - size_t *at) -{ - p11_rpc_status status; - int errn; - ssize_t num; - size_t from; - - assert (*at >= offset); - - if (*at >= offset + len) - return P11_RPC_OK; - - from = *at - offset; - assert (from < len); - - num = read (fd, data + from, len - from); - errn = errno; - - /* Update state */ - if (num > 0) - *at += num; - - /* Completely read out this block */ - if (num == len - from) { - p11_debug ("ok: read block of %d", (int)num); - status = P11_RPC_OK; - - /* Partially read out this block */ - } else if (num > 0) { - p11_debug ("again: partial read of %d", (int)num); - status = P11_RPC_AGAIN; - - /* End of file, valid if at offset zero */ - } else if (num == 0) { - if (offset == 0) { - p11_debug ("eof: read zero bytes"); - status = P11_RPC_EOF; - } else { - p11_debug ("error: early truncate"); - errn = EPROTO; - status = P11_RPC_ERROR; - } - - /* Didn't read out block due to transient issue */ - } else if (errn == EINTR || errn == EAGAIN || errn == EWOULDBLOCK) { - p11_debug ("again: due to %d", errn); - status = P11_RPC_AGAIN; - - /* Failure */ - } else { - p11_debug ("error: due to %d", errn); - status = P11_RPC_ERROR; - } - - errno = errn; - return status; -} - -p11_rpc_status -p11_rpc_transport_read (int fd, - size_t *state, - int *call_code, - p11_buffer *options, - p11_buffer *buffer) -{ - unsigned char *header; - p11_rpc_status status; - size_t len; - - assert (state != NULL); - assert (call_code != NULL); - assert (options != NULL); - assert (buffer != NULL); - - /* Reading the header, we read it into @buffer */ - if (*state < 12) { - if (!p11_buffer_reset (buffer, 12)) - return_val_if_reached (P11_RPC_ERROR); - status = read_at (fd, buffer->data, 12, 0, state); - if (status != P11_RPC_OK) - return status; - - /* Parse out the header */ - header = buffer->data; - *call_code = p11_rpc_buffer_decode_uint32 (header); - len = p11_rpc_buffer_decode_uint32 (header + 4); - if (!p11_buffer_reset (options, len)) - return_val_if_reached (P11_RPC_ERROR); - options->len = len; - len = p11_rpc_buffer_decode_uint32 (header + 8); - if (!p11_buffer_reset (buffer, len)) - return_val_if_reached (P11_RPC_ERROR); - buffer->len = len; - } - - /* At this point options has a valid len field */ - status = read_at (fd, options->data, options->len, 12, state); - if (status == P11_RPC_OK) { - status = read_at (fd, buffer->data, buffer->len, - 12 + options->len, state); - } - - if (status == P11_RPC_OK) - *state = 0; - - return status; -} - -struct _p11_rpc_transport { - p11_rpc_client_vtable vtable; - p11_destroyer destroyer; - rpc_socket *socket; - p11_buffer options; -}; - -static void -rpc_transport_disconnect (p11_rpc_client_vtable *vtable, - void *init_reserved) -{ - p11_rpc_transport *rpc = (p11_rpc_transport *)vtable; - - if (rpc->socket) { - rpc_socket_close (rpc->socket); - rpc_socket_unref (rpc->socket); - rpc->socket = NULL; - } -} - -static bool -rpc_transport_init (p11_rpc_transport *rpc, - const char *module_name, - p11_destroyer destroyer) -{ - rpc->destroyer = destroyer; - - p11_buffer_init_null (&rpc->options, 0); - p11_buffer_add (&rpc->options, module_name, -1); - return_val_if_fail (p11_buffer_ok (&rpc->options), false); - - return true; -} - -static void -rpc_transport_uninit (p11_rpc_transport *rpc) -{ - p11_buffer_uninit (&rpc->options); -} - -static CK_RV -rpc_transport_buffer (p11_rpc_client_vtable *vtable, - p11_buffer *request, - p11_buffer *response) -{ - p11_rpc_transport *rpc = (p11_rpc_transport *)vtable; - CK_RV rv = CKR_OK; - rpc_socket *sock; - int call_code; - - assert (rpc != NULL); - assert (request != NULL); - assert (response != NULL); - - sock = rpc->socket; - assert (sock != NULL); - - p11_mutex_lock (&sock->write_lock); - assert (sock->refs > 0); - sock->refs++; - - /* Get the next socket reply code */ - call_code = sock->last_code++; - - if (sock->fd == -1) - rv = CKR_DEVICE_ERROR; - if (rv == CKR_OK) - rv = rpc_socket_write_inlock (sock, call_code, &rpc->options, request); - - /* We unlock the socket mutex while reading a response */ - if (rv == CKR_OK) { - p11_mutex_unlock (&sock->write_lock); - - rv = rpc_socket_read (sock, &call_code, response); - - p11_mutex_lock (&sock->write_lock); - } - - if (rv != CKR_OK && sock->fd != -1) { - p11_message ("closing socket due to protocol failure"); - close (sock->fd); - sock->fd = -1; - } - - sock->refs--; - assert (sock->refs > 0); - p11_mutex_unlock (&sock->write_lock); - - return rv; -} - -#ifdef OS_UNIX - -typedef struct { - p11_rpc_transport base; - p11_array *argv; - pid_t pid; -} rpc_exec; - -static void -rpc_exec_wait_or_terminate (pid_t pid) -{ - bool terminated = false; - int status; - int sig; - int ret; - int i; - - - for (i = 0; i < 3 * 1000; i += 100) { - ret = waitpid (pid, &status, WNOHANG); - if (ret != 0) - break; - p11_sleep_ms (100); - } - - if (ret == 0) { - p11_message ("process %d did not exit, terminating", (int)pid); - kill (pid, SIGTERM); - terminated = true; - ret = waitpid (pid, &status, 0); - } - - if (ret < 0) { - p11_message_err (errno, "failed to wait for executed child: %d", (int)pid); - status = 0; - } else if (WIFEXITED (status)) { - status = WEXITSTATUS (status); - if (status == 0) - p11_debug ("process %d exited with status 0", (int)pid); - else - p11_message ("process %d exited with status %d", (int)pid, status); - } else if (WIFSIGNALED (status)) { - sig = WTERMSIG (status); - if (!terminated || sig != SIGTERM) - p11_message ("process %d was terminated with signal %d", (int)pid, sig); - } -} - -static void -rpc_exec_disconnect (p11_rpc_client_vtable *vtable, - void *fini_reserved) -{ - rpc_exec *rex = (rpc_exec *)vtable; - - if (rex->base.socket) - rpc_socket_close (rex->base.socket); - - if (rex->pid) - rpc_exec_wait_or_terminate (rex->pid); - rex->pid = 0; - - /* Do the common disconnect stuff */ - rpc_transport_disconnect (vtable, fini_reserved); -} - -static int -set_cloexec_on_fd (void *data, - int fd) -{ - int *max_fd = data; - if (fd >= *max_fd) - fcntl (fd, F_SETFD, FD_CLOEXEC); - return 0; -} - -static CK_RV -rpc_exec_connect (p11_rpc_client_vtable *vtable, - void *init_reserved) -{ - rpc_exec *rex = (rpc_exec *)vtable; - pid_t pid; - int max_fd; - int fds[2]; - int errn; - - p11_debug ("executing rpc transport: %s", (char *)rex->argv->elem[0]); - - if (socketpair (AF_UNIX, SOCK_STREAM, 0, fds) < 0) { - p11_message_err (errno, "failed to create pipe for remote"); - return CKR_DEVICE_ERROR; - } - - pid = fork (); - switch (pid) { - - /* Failure */ - case -1: - close (fds[0]); - close (fds[1]); - p11_message_err (errno, "failed to fork for remote"); - return CKR_DEVICE_ERROR; - - /* Child */ - case 0: - if (dup2 (fds[1], STDIN_FILENO) < 0 || - dup2 (fds[1], STDOUT_FILENO) < 0) { - errn = errno; - p11_message_err (errn, "couldn't dup file descriptors in remote child"); - _exit (errn); - } - - /* Close file descriptors, except for above on exec */ - max_fd = STDERR_FILENO + 1; - fdwalk (set_cloexec_on_fd, &max_fd); - execvp (rex->argv->elem[0], (char **)rex->argv->elem); - - errn = errno; - p11_message_err (errn, "couldn't execute program for rpc: %s", - (char *)rex->argv->elem[0]); - _exit (errn); - - /* The parent */ - default: - break; - } - - close (fds[1]); - rex->pid = pid; - rex->base.socket = rpc_socket_new (fds[0]); - return_val_if_fail (rex->base.socket != NULL, CKR_GENERAL_ERROR); - - return CKR_OK; -} - -static void -rpc_exec_free (void *data) -{ - rpc_exec *rex = data; - rpc_exec_disconnect (data, NULL); - rpc_transport_uninit (&rex->base); - p11_array_free (rex->argv); - free (rex); -} - -static void -on_argv_parsed (char *argument, - void *data) -{ - p11_array *argv = data; - - if (!p11_array_push (argv, strdup (argument))) - return_if_reached (); -} - -static p11_rpc_transport * -rpc_exec_init (const char *remote, - const char *name) -{ - p11_array *argv; - rpc_exec *rex; - - argv = p11_array_new (free); - if (!p11_argv_parse (remote, on_argv_parsed, argv) || argv->num < 1) { - p11_message ("invalid remote command line: %s", remote); - p11_array_free (argv); - return NULL; - } - - rex = calloc (1, sizeof (rpc_exec)); - return_val_if_fail (rex != NULL, NULL); - - p11_array_push (argv, NULL); - rex->argv = argv; - - rex->base.vtable.connect = rpc_exec_connect; - rex->base.vtable.disconnect = rpc_exec_disconnect; - rex->base.vtable.transport = rpc_transport_buffer; - rpc_transport_init (&rex->base, name, rpc_exec_free); - - p11_debug ("initialized rpc exec: %s", remote); - return &rex->base; -} - -#endif /* OS_UNIX */ - -p11_rpc_transport * -p11_rpc_transport_new (p11_virtual *virt, - const char *remote, - const char *name) -{ - p11_rpc_transport *rpc = NULL; - - return_val_if_fail (virt != NULL, NULL); - return_val_if_fail (remote != NULL, NULL); - return_val_if_fail (name != NULL, NULL); - -#ifdef OS_WIN32 - p11_message ("Windows not yet supported for remote"); - return NULL; -#endif - - /* This is a command we can execute */ - if (remote[0] == '|') { - rpc = rpc_exec_init (remote + 1, name); - - } else { - p11_message ("remote not supported: %s", remote); - return NULL; - } - - if (!p11_rpc_client_init (virt, &rpc->vtable)) - return_val_if_reached (NULL); - - return rpc; -} - -void -p11_rpc_transport_free (void *data) -{ - p11_rpc_transport *rpc = data; - - if (rpc != NULL) { - assert (rpc->destroyer); - (rpc->destroyer) (data); - } -} diff --git a/p11-kit/rpc.h b/p11-kit/rpc.h deleted file mode 100644 index b129e61..0000000 --- a/p11-kit/rpc.h +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright (C) 2012 Stefan Walter - * Copyright (C) 2013 Stefan Walter - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@gnome.org> - */ - -#ifndef __P11_RPC_H__ -#define __P11_RPC_H__ - -#include "pkcs11.h" -#include "buffer.h" -#include "virtual.h" - -typedef struct _p11_rpc_client_vtable p11_rpc_client_vtable; - -struct _p11_rpc_client_vtable { - void *data; - - CK_RV (* connect) (p11_rpc_client_vtable *vtable, - void *init_reserved); - - CK_RV (* transport) (p11_rpc_client_vtable *vtable, - p11_buffer *request, - p11_buffer *response); - - void (* disconnect) (p11_rpc_client_vtable *vtable, - void *fini_reserved); -}; - -bool p11_rpc_client_init (p11_virtual *virt, - p11_rpc_client_vtable *vtable); - -bool p11_rpc_server_handle (CK_X_FUNCTION_LIST *funcs, - p11_buffer *request, - p11_buffer *response); - -extern CK_MECHANISM_TYPE * p11_rpc_mechanisms_override_supported; - -typedef struct _p11_rpc_transport p11_rpc_transport; - -p11_rpc_transport * p11_rpc_transport_new (p11_virtual *virt, - const char *remote, - const char *name); - -void p11_rpc_transport_free (void *transport); - -typedef enum { - P11_RPC_OK, - P11_RPC_EOF, - P11_RPC_AGAIN, - P11_RPC_ERROR -} p11_rpc_status; - -p11_rpc_status p11_rpc_transport_read (int fd, - size_t *state, - int *call_code, - p11_buffer *options, - p11_buffer *buffer); - -p11_rpc_status p11_rpc_transport_write (int fd, - size_t *state, - int call_code, - p11_buffer *options, - p11_buffer *buffer); - -#endif /* __P11_RPC_H__ */ diff --git a/p11-kit/test-conf.c b/p11-kit/test-conf.c deleted file mode 100644 index 94b8b01..0000000 --- a/p11-kit/test-conf.c +++ /dev/null @@ -1,456 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@collabora.co.uk> - */ - -#include "config.h" -#include "test.h" - -#include <errno.h> -#include <stdlib.h> -#include <stdio.h> -#include <string.h> - -#include "conf.h" -#include "debug.h" -#include "message.h" -#include "p11-kit.h" -#include "private.h" - -#ifdef OS_UNIX -#include <sys/stat.h> -#include <sys/wait.h> -#include <unistd.h> -#endif - -static void -test_parse_conf_1 (void) -{ - p11_dict *map; - const char *value; - - map = _p11_conf_parse_file (SRCDIR "/p11-kit/fixtures/test-1.conf", NULL, 0); - assert_ptr_not_null (map); - - value = p11_dict_get (map, "key1"); - assert_str_eq ("value1", value); - - value = p11_dict_get (map, "with-colon"); - assert_str_eq ("value-of-colon", value); - - value = p11_dict_get (map, "with-whitespace"); - assert_str_eq ("value-with-whitespace", value); - - value = p11_dict_get (map, "embedded-comment"); - assert_str_eq ("this is # not a comment", value); - - p11_dict_free (map); -} - -static void -test_parse_ignore_missing (void) -{ - p11_dict *map; - - map = _p11_conf_parse_file (SRCDIR "/p11-kit/fixtures/non-existant.conf", NULL, CONF_IGNORE_MISSING); - assert_ptr_not_null (map); - - assert_num_eq (0, p11_dict_size (map)); - assert (p11_message_last () == NULL); - p11_dict_free (map); -} - -static void -test_parse_fail_missing (void) -{ - p11_dict *map; - - map = _p11_conf_parse_file (SRCDIR "/p11-kit/fixtures/non-existant.conf", NULL, 0); - assert (map == NULL); - assert_ptr_not_null (p11_message_last ()); -} - -static void -test_merge_defaults (void) -{ - p11_dict *values; - p11_dict *defaults; - - values = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, free); - defaults = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, free); - - p11_dict_set (values, strdup ("one"), strdup ("real1")); - p11_dict_set (values, strdup ("two"), strdup ("real2")); - - p11_dict_set (defaults, strdup ("two"), strdup ("default2")); - p11_dict_set (defaults, strdup ("three"), strdup ("default3")); - - if (!_p11_conf_merge_defaults (values, defaults)) - assert_not_reached (); - - p11_dict_free (defaults); - - assert_str_eq (p11_dict_get (values, "one"), "real1"); - assert_str_eq (p11_dict_get (values, "two"), "real2"); - assert_str_eq (p11_dict_get (values, "three"), "default3"); - - p11_dict_free (values); -} - -static void -test_load_globals_merge (void) -{ - int user_mode = -1; - p11_dict *config; - - p11_message_clear (); - - config = _p11_conf_load_globals (SRCDIR "/p11-kit/fixtures/test-system-merge.conf", - SRCDIR "/p11-kit/fixtures/test-user.conf", - &user_mode); - assert_ptr_not_null (config); - assert (NULL == p11_message_last ()); - assert_num_eq (CONF_USER_MERGE, user_mode); - - assert_str_eq (p11_dict_get (config, "key1"), "system1"); - assert_str_eq (p11_dict_get (config, "key2"), "user2"); - assert_str_eq (p11_dict_get (config, "key3"), "user3"); - - p11_dict_free (config); -} - -static void -test_load_globals_no_user (void) -{ - int user_mode = -1; - p11_dict *config; - - p11_message_clear (); - - config = _p11_conf_load_globals (SRCDIR "/p11-kit/fixtures/test-system-none.conf", - SRCDIR "/p11-kit/fixtures/test-user.conf", - &user_mode); - assert_ptr_not_null (config); - assert (NULL == p11_message_last ()); - assert_num_eq (CONF_USER_NONE, user_mode); - - assert_str_eq (p11_dict_get (config, "key1"), "system1"); - assert_str_eq (p11_dict_get (config, "key2"), "system2"); - assert_str_eq (p11_dict_get (config, "key3"), "system3"); - - p11_dict_free (config); -} - -static void -test_load_globals_user_sets_only (void) -{ - int user_mode = -1; - p11_dict *config; - - p11_message_clear (); - - config = _p11_conf_load_globals (SRCDIR "/p11-kit/fixtures/test-system-merge.conf", - SRCDIR "/p11-kit/fixtures/test-user-only.conf", - &user_mode); - assert_ptr_not_null (config); - assert (NULL == p11_message_last ()); - assert_num_eq (CONF_USER_ONLY, user_mode); - - assert (p11_dict_get (config, "key1") == NULL); - assert_str_eq (p11_dict_get (config, "key2"), "user2"); - assert_str_eq (p11_dict_get (config, "key3"), "user3"); - - p11_dict_free (config); -} - -static void -test_load_globals_system_sets_only (void) -{ - int user_mode = -1; - p11_dict *config; - - p11_message_clear (); - - config = _p11_conf_load_globals (SRCDIR "/p11-kit/fixtures/test-system-only.conf", - SRCDIR "/p11-kit/fixtures/test-user.conf", - &user_mode); - assert_ptr_not_null (config); - assert (NULL == p11_message_last ()); - assert_num_eq (CONF_USER_ONLY, user_mode); - - assert (p11_dict_get (config, "key1") == NULL); - assert_str_eq (p11_dict_get (config, "key2"), "user2"); - assert_str_eq (p11_dict_get (config, "key3"), "user3"); - - p11_dict_free (config); -} - -static void -test_load_globals_system_sets_invalid (void) -{ - int user_mode = -1; - p11_dict *config; - int error; - - p11_message_clear (); - - config = _p11_conf_load_globals (SRCDIR "/p11-kit/fixtures/test-system-invalid.conf", - SRCDIR "/p11-kit/fixtures/non-existant.conf", - &user_mode); - error = errno; - assert_ptr_eq (NULL, config); - assert_num_eq (EINVAL, error); - assert_ptr_not_null (p11_message_last ()); - - p11_dict_free (config); -} - -static void -test_load_globals_user_sets_invalid (void) -{ - int user_mode = -1; - p11_dict *config; - int error; - - p11_message_clear (); - - config = _p11_conf_load_globals (SRCDIR "/p11-kit/fixtures/test-system-merge.conf", - SRCDIR "/p11-kit/fixtures/test-user-invalid.conf", - &user_mode); - error = errno; - assert_ptr_eq (NULL, config); - assert_num_eq (EINVAL, error); - assert_ptr_not_null (p11_message_last ()); - - p11_dict_free (config); -} - -static bool -assert_msg_contains (const char *msg, - const char *text) -{ - return (msg && strstr (msg, text)) ? true : false; -} - -static void -test_load_modules_merge (void) -{ - p11_dict *configs; - p11_dict *config; - - p11_message_clear (); - - configs = _p11_conf_load_modules (CONF_USER_MERGE, - SRCDIR "/p11-kit/fixtures/package-modules", - SRCDIR "/p11-kit/fixtures/system-modules", - SRCDIR "/p11-kit/fixtures/user-modules"); - assert_ptr_not_null (configs); - assert (assert_msg_contains (p11_message_last (), "invalid config filename")); - - config = p11_dict_get (configs, "one"); - assert_ptr_not_null (config); - assert_str_eq ("mock-one.so", p11_dict_get (config, "module")); - assert_str_eq (p11_dict_get (config, "setting"), "user1"); - - config = p11_dict_get (configs, "two.badname"); - assert_ptr_not_null (config); - assert_str_eq ("mock-two.so", p11_dict_get (config, "module")); - assert_str_eq (p11_dict_get (config, "setting"), "system2"); - - config = p11_dict_get (configs, "three"); - assert_ptr_not_null (config); - assert_str_eq ("mock-three.so", p11_dict_get (config, "module")); - assert_str_eq (p11_dict_get (config, "setting"), "user3"); - - p11_dict_free (configs); -} - -static void -test_load_modules_user_none (void) -{ - p11_dict *configs; - p11_dict *config; - - p11_message_clear (); - - configs = _p11_conf_load_modules (CONF_USER_NONE, - SRCDIR "/p11-kit/fixtures/package-modules", - SRCDIR "/p11-kit/fixtures/system-modules", - SRCDIR "/p11-kit/fixtures/user-modules"); - assert_ptr_not_null (configs); - assert (assert_msg_contains (p11_message_last (), "invalid config filename")); - - config = p11_dict_get (configs, "one"); - assert_ptr_not_null (config); - assert_str_eq ("mock-one.so", p11_dict_get (config, "module")); - assert_str_eq (p11_dict_get (config, "setting"), "system1"); - - config = p11_dict_get (configs, "two.badname"); - assert_ptr_not_null (config); - assert_str_eq ("mock-two.so", p11_dict_get (config, "module")); - assert_str_eq (p11_dict_get (config, "setting"), "system2"); - - config = p11_dict_get (configs, "three"); - assert_ptr_eq (NULL, config); - - p11_dict_free (configs); -} - -static void -test_load_modules_user_only (void) -{ - p11_dict *configs; - p11_dict *config; - - p11_message_clear (); - - configs = _p11_conf_load_modules (CONF_USER_ONLY, - SRCDIR "/p11-kit/fixtures/package-modules", - SRCDIR "/p11-kit/fixtures/system-modules", - SRCDIR "/p11-kit/fixtures/user-modules"); - assert_ptr_not_null (configs); - assert_ptr_eq (NULL, (void *)p11_message_last ()); - - config = p11_dict_get (configs, "one"); - assert_ptr_not_null (config); - assert (p11_dict_get (config, "module") == NULL); - assert_str_eq (p11_dict_get (config, "setting"), "user1"); - - config = p11_dict_get (configs, "two.badname"); - assert_ptr_eq (NULL, config); - - config = p11_dict_get (configs, "three"); - assert_ptr_not_null (config); - assert_str_eq ("mock-three.so", p11_dict_get (config, "module")); - assert_str_eq (p11_dict_get (config, "setting"), "user3"); - - p11_dict_free (configs); -} - -static void -test_load_modules_no_user (void) -{ - p11_dict *configs; - p11_dict *config; - - p11_message_clear (); - - configs = _p11_conf_load_modules (CONF_USER_MERGE, - SRCDIR "/p11-kit/fixtures/package-modules", - SRCDIR "/p11-kit/fixtures/system-modules", - SRCDIR "/p11-kit/fixtures/non-existant"); - assert_ptr_not_null (configs); - assert (assert_msg_contains (p11_message_last (), "invalid config filename")); - - config = p11_dict_get (configs, "one"); - assert_ptr_not_null (config); - assert_str_eq ("mock-one.so", p11_dict_get (config, "module")); - assert_str_eq (p11_dict_get (config, "setting"), "system1"); - - config = p11_dict_get (configs, "two.badname"); - assert_ptr_not_null (config); - assert_str_eq ("mock-two.so", p11_dict_get (config, "module")); - assert_str_eq (p11_dict_get (config, "setting"), "system2"); - - config = p11_dict_get (configs, "three"); - assert_ptr_eq (NULL, config); - - p11_dict_free (configs); -} - -static void -test_parse_boolean (void) -{ - p11_message_quiet (); - - assert_num_eq (true, _p11_conf_parse_boolean ("yes", false)); - assert_num_eq (false, _p11_conf_parse_boolean ("no", true)); - assert_num_eq (true, _p11_conf_parse_boolean ("!!!", true)); -} - -#ifdef OS_UNIX - -static void -test_setuid (void) -{ - const char *args[] = { BUILDDIR "/frob-setuid", NULL, }; - char *path; - int ret; - - /* This is the 'number' setting set in one.module user configuration. */ - ret = p11_test_run_child (args, true); - assert_num_eq (ret, 33); - - path = p11_test_copy_setgid (args[0]); - if (path == NULL) - return; - - args[0] = path; - - /* This is the 'number' setting set in one.module system configuration. */ - ret = p11_test_run_child (args, true); - assert_num_eq (ret, 18); - - if (unlink (path) < 0) - assert_fail ("unlink failed", strerror (errno)); - free (path); -} - -#endif /* OS_UNIX */ - -int -main (int argc, - char *argv[]) -{ - p11_test (test_parse_conf_1, "/conf/test_parse_conf_1"); - p11_test (test_parse_ignore_missing, "/conf/test_parse_ignore_missing"); - p11_test (test_parse_fail_missing, "/conf/test_parse_fail_missing"); - p11_test (test_merge_defaults, "/conf/test_merge_defaults"); - p11_test (test_load_globals_merge, "/conf/test_load_globals_merge"); - p11_test (test_load_globals_no_user, "/conf/test_load_globals_no_user"); - p11_test (test_load_globals_system_sets_only, "/conf/test_load_globals_system_sets_only"); - p11_test (test_load_globals_user_sets_only, "/conf/test_load_globals_user_sets_only"); - p11_test (test_load_globals_system_sets_invalid, "/conf/test_load_globals_system_sets_invalid"); - p11_test (test_load_globals_user_sets_invalid, "/conf/test_load_globals_user_sets_invalid"); - p11_test (test_load_modules_merge, "/conf/test_load_modules_merge"); - p11_test (test_load_modules_no_user, "/conf/test_load_modules_no_user"); - p11_test (test_load_modules_user_only, "/conf/test_load_modules_user_only"); - p11_test (test_load_modules_user_none, "/conf/test_load_modules_user_none"); - p11_test (test_parse_boolean, "/conf/test_parse_boolean"); -#ifdef OS_UNIX - /* Don't run this test when under fakeroot */ - if (!getenv ("FAKED_MODE")) { - p11_test (test_setuid, "/conf/setuid"); - } -#endif - return p11_test_run (argc, argv); -} diff --git a/p11-kit/test-deprecated.c b/p11-kit/test-deprecated.c deleted file mode 100644 index c8b8001..0000000 --- a/p11-kit/test-deprecated.c +++ /dev/null @@ -1,513 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * Copyright (c) 2012 Red Hat Inc - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@redhat.com> - */ - -#define P11_KIT_NO_DEPRECATIONS - -#include "config.h" -#include "test.h" - -#include "dict.h" -#include "library.h" -#include "p11-kit.h" -#include "private.h" -#include "mock.h" - -#include <sys/types.h> - -#include <assert.h> -#include <errno.h> -#include <stdlib.h> -#include <stdio.h> -#include <string.h> -#include <time.h> -#include <unistd.h> - -static CK_FUNCTION_LIST_PTR_PTR -initialize_and_get_modules (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - CK_RV rv; - - rv = p11_kit_initialize_registered (); - assert_num_eq (CKR_OK, rv); - modules = p11_kit_registered_modules (); - assert (modules != NULL && modules[0] != NULL); - - return modules; -} - -static void -finalize_and_free_modules (CK_FUNCTION_LIST_PTR_PTR modules) -{ - CK_RV rv; - - free (modules); - rv = p11_kit_finalize_registered (); - assert_num_eq (CKR_OK, rv); - -} - -static void -test_no_duplicates (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - p11_dict *paths; - p11_dict *funcs; - char *path; - int i; - - modules = initialize_and_get_modules (); - paths = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); - funcs = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, NULL, NULL); - - /* The loaded modules should not contain duplicates */ - for (i = 0; modules[i] != NULL; i++) { - path = p11_kit_registered_option (modules[i], "module"); - - if (p11_dict_get (funcs, modules[i])) - assert_fail ("found duplicate function list pointer", NULL); - if (p11_dict_get (paths, path)) - assert_fail ("found duplicate path name", NULL); - - if (!p11_dict_set (funcs, modules[i], "")) - assert_not_reached (); - if (!p11_dict_set (paths, path, "")) - assert_not_reached (); - - free (path); - } - - p11_dict_free (paths); - p11_dict_free (funcs); - finalize_and_free_modules (modules); -} - -static CK_FUNCTION_LIST_PTR -lookup_module_with_name (CK_FUNCTION_LIST_PTR_PTR modules, - const char *name) -{ - CK_FUNCTION_LIST_PTR match = NULL; - CK_FUNCTION_LIST_PTR module; - char *module_name; - int i; - - for (i = 0; match == NULL && modules[i] != NULL; i++) { - module_name = p11_kit_registered_module_to_name (modules[i]); - assert_ptr_not_null (module_name); - if (strcmp (module_name, name) == 0) - match = modules[i]; - free (module_name); - } - - /* - * As a side effect, we should check that the results of this function - * matches the above search. - */ - module = p11_kit_registered_name_to_module (name); - if (module != match) - assert_fail ("different result from p11_kit_registered_name_to_module()", NULL); - - return match; -} - -static void -test_disable (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - - /* - * The module four should be present, as we don't match any prognames - * that it has disabled. - */ - - modules = initialize_and_get_modules (); - assert (lookup_module_with_name (modules, "four") != NULL); - finalize_and_free_modules (modules); - - /* - * The module two shouldn't have been loaded, because in its config - * file we have: - * - * disable-in: test-disable - */ - - p11_kit_set_progname ("test-disable"); - - modules = initialize_and_get_modules (); - assert (lookup_module_with_name (modules, "four") == NULL); - finalize_and_free_modules (modules); - - p11_kit_set_progname (NULL); -} - -static void -test_disable_later (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - CK_RV rv; - - /* - * The module two shouldn't be matched, because in its config - * file we have: - * - * disable-in: test-disable - */ - - rv = p11_kit_initialize_registered (); - assert_num_eq (CKR_OK, rv); - - p11_kit_set_progname ("test-disable"); - - modules = p11_kit_registered_modules (); - assert (modules != NULL && modules[0] != NULL); - - assert (lookup_module_with_name (modules, "two") == NULL); - finalize_and_free_modules (modules); - - p11_kit_set_progname (NULL); -} - -static void -test_enable (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - - /* - * The module three should not be present, as we don't match the current - * program. - */ - - modules = initialize_and_get_modules (); - assert (lookup_module_with_name (modules, "three") == NULL); - finalize_and_free_modules (modules); - - /* - * The module three should be loaded here , because in its config - * file we have: - * - * enable-in: test-enable - */ - - p11_kit_set_progname ("test-enable"); - - modules = initialize_and_get_modules (); - assert (lookup_module_with_name (modules, "three") != NULL); - finalize_and_free_modules (modules); - - p11_kit_set_progname (NULL); -} - -CK_FUNCTION_LIST module; - -#ifdef OS_UNIX - -#include <sys/wait.h> - -static CK_RV -mock_C_Initialize__with_fork (CK_VOID_PTR init_args) -{ - struct timespec ts = { 0, 100 * 1000 * 1000 }; - CK_RV rv; - pid_t child; - pid_t ret; - int status; - - rv = mock_C_Initialize (init_args); - assert (rv == CKR_OK); - - /* Fork during the initialization */ - child = fork (); - if (child == 0) { - close (1); - nanosleep (&ts, NULL); - exit (66); - } - - ret = waitpid (child, &status, 0); - assert (ret == child); - assert (WIFEXITED (status)); - assert (WEXITSTATUS (status) == 66); - - return CKR_OK; -} - -static void -test_fork_initialization (void) -{ - CK_RV rv; - - assert (!mock_module_initialized ()); - - /* Build up our own function list */ - memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); - module.C_Initialize = mock_C_Initialize__with_fork; - - rv = p11_kit_initialize_module (&module); - assert (rv == CKR_OK); - - rv = p11_kit_finalize_module (&module); - assert (rv == CKR_OK); - - assert (!mock_module_initialized ()); -} - -#endif /* OS_UNIX */ - -static CK_RV -mock_C_Initialize__with_recursive (CK_VOID_PTR init_args) -{ - /* Recursively initialize, this is broken */ - return p11_kit_initialize_module (&module); -} - -static void -test_recursive_initialization (void) -{ - CK_RV rv; - - assert (!mock_module_initialized ()); - - /* Build up our own function list */ - memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); - module.C_Initialize = mock_C_Initialize__with_recursive; - - rv = p11_kit_initialize_module (&module); - assert (rv == CKR_FUNCTION_FAILED); - - assert (!mock_module_initialized ()); -} - -static p11_mutex_t race_mutex; -static int initialization_count = 0; -static int finalization_count = 0; - -static CK_RV -mock_C_Initialize__threaded_race (CK_VOID_PTR init_args) -{ - /* Atomically increment value */ - p11_mutex_lock (&race_mutex); - initialization_count += 1; - p11_mutex_unlock (&race_mutex); - - p11_sleep_ms (100); - return CKR_OK; -} - -static CK_RV -mock_C_Finalize__threaded_race (CK_VOID_PTR reserved) -{ - /* Atomically increment value */ - p11_mutex_lock (&race_mutex); - finalization_count += 1; - p11_mutex_unlock (&race_mutex); - - p11_sleep_ms (100); - return CKR_OK; -} - -static void * -initialization_thread (void *data) -{ - CK_RV rv; - - assert_str_eq (data, "thread-data"); - rv = p11_kit_initialize_module (&module); - assert (rv == CKR_OK); - - return "thread-data"; -} - -static void * -finalization_thread (void *data) -{ - CK_RV rv; - - assert_str_eq (data, "thread-data"); - rv = p11_kit_finalize_module (&module); - assert (rv == CKR_OK); - - return "thread-data"; -} - -static void -test_threaded_initialization (void) -{ - static const int num_threads = 2; - p11_thread_t threads[num_threads]; - int ret; - int i; - - assert (!mock_module_initialized ()); - - /* Build up our own function list */ - memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); - module.C_Initialize = mock_C_Initialize__threaded_race; - module.C_Finalize = mock_C_Finalize__threaded_race; - - p11_mutex_lock (&race_mutex); - initialization_count = 0; - finalization_count = 0; - p11_mutex_unlock (&race_mutex); - - for (i = 0; i < num_threads; i++) { - ret = p11_thread_create (&threads[i], initialization_thread, "thread-data"); - assert_num_eq (0, ret); - assert (threads[i] != 0); - } - - for (i = 0; i < num_threads; i++) { - ret = p11_thread_join (threads[i]); - assert_num_eq (0, ret); - threads[i] = 0; - } - - for (i = 0; i < num_threads; i++) { - ret = p11_thread_create (&threads[i], finalization_thread, "thread-data"); - assert_num_eq (0, ret); - assert (threads[i] != 0); - } - - for (i = 0; i < num_threads; i++) { - ret = p11_thread_join (threads[i]); - assert_num_eq (0, ret); - threads[i] = 0; - } - - /* C_Initialize should have been called exactly once */ - p11_mutex_lock (&race_mutex); - assert_num_eq (1, initialization_count); - assert_num_eq (1, finalization_count); - p11_mutex_unlock (&race_mutex); - - assert (!mock_module_initialized ()); -} - -static CK_RV -mock_C_Initialize__test_mutexes (CK_VOID_PTR args) -{ - CK_C_INITIALIZE_ARGS_PTR init_args; - void *mutex = NULL; - CK_RV rv; - - rv = mock_C_Initialize (NULL); - if (rv != CKR_OK) - return rv; - - assert (args != NULL); - init_args = args; - - rv = (init_args->CreateMutex) (&mutex); - assert (rv == CKR_OK); - - rv = (init_args->LockMutex) (mutex); - assert (rv == CKR_OK); - - rv = (init_args->UnlockMutex) (mutex); - assert (rv == CKR_OK); - - rv = (init_args->DestroyMutex) (mutex); - assert (rv == CKR_OK); - - return CKR_OK; -} - -static void -test_mutexes (void) -{ - CK_RV rv; - - assert (!mock_module_initialized ()); - - /* Build up our own function list */ - memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); - module.C_Initialize = mock_C_Initialize__test_mutexes; - - rv = p11_kit_initialize_module (&module); - assert (rv == CKR_OK); - - rv = p11_kit_finalize_module (&module); - assert (rv == CKR_OK); - - assert (!mock_module_initialized ()); -} - -static void -test_load_and_initialize (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_INFO info; - CK_RV rv; - int ret; - - rv = p11_kit_load_initialize_module (BUILDDIR "/.libs/mock-one" SHLEXT, &module); - assert (rv == CKR_OK); - assert (module != NULL); - - rv = (module->C_GetInfo) (&info); - assert (rv == CKR_OK); - - ret = memcmp (info.manufacturerID, "MOCK MANUFACTURER ", 32); - assert (ret == 0); - - rv = p11_kit_finalize_module (module); - assert_num_eq (rv, CKR_OK); -} - -int -main (int argc, - char *argv[]) -{ - p11_mutex_init (&race_mutex); - mock_module_init (); - p11_library_init (); - - p11_test (test_no_duplicates, "/deprecated/test_no_duplicates"); - p11_test (test_disable, "/deprecated/test_disable"); - p11_test (test_disable_later, "/deprecated/test_disable_later"); - p11_test (test_enable, "/deprecated/test_enable"); - -#ifdef OS_UNIX - p11_test (test_fork_initialization, "/deprecated/test_fork_initialization"); -#endif - - p11_test (test_recursive_initialization, "/deprecated/test_recursive_initialization"); - p11_test (test_threaded_initialization, "/deprecated/test_threaded_initialization"); - p11_test (test_mutexes, "/deprecated/test_mutexes"); - p11_test (test_load_and_initialize, "/deprecated/test_load_and_initialize"); - - p11_kit_be_quiet (); - - return p11_test_run (argc, argv); -} diff --git a/p11-kit/test-init.c b/p11-kit/test-init.c deleted file mode 100644 index c4fcecb..0000000 --- a/p11-kit/test-init.c +++ /dev/null @@ -1,420 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@collabora.co.uk> - */ - -#include "config.h" -#include "test.h" - -#include <sys/types.h> - -#include "library.h" -#include "mock.h" -#include "modules.h" -#include "p11-kit.h" -#include "private.h" -#include "virtual.h" - -#include <assert.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <time.h> -#include <unistd.h> - -static CK_FUNCTION_LIST module; -static p11_mutex_t race_mutex; - -#ifdef OS_UNIX - -#include <sys/wait.h> - -static CK_RV -mock_C_Initialize__with_fork (CK_VOID_PTR init_args) -{ - struct timespec ts = { 0, 100 * 1000 * 1000 }; - CK_RV rv; - pid_t child; - pid_t ret; - int status; - - rv = mock_C_Initialize (init_args); - assert (rv == CKR_OK); - - /* Fork during the initialization */ - child = fork (); - if (child == 0) { - close (1); - nanosleep (&ts, NULL); - exit (66); - } - - ret = waitpid (child, &status, 0); - assert (ret == child); - assert (WIFEXITED (status)); - assert (WEXITSTATUS (status) == 66); - - return CKR_OK; -} - -static void -test_fork_initialization (void) -{ - CK_FUNCTION_LIST_PTR result; - CK_RV rv; - - mock_module_reset (); - - /* Build up our own function list */ - memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); - module.C_Initialize = mock_C_Initialize__with_fork; - - p11_lock (); - - rv = p11_module_load_inlock_reentrant (&module, 0, &result); - assert (rv == CKR_OK); - - p11_unlock (); - - rv = p11_kit_module_initialize (result); - assert (rv == CKR_OK); - - rv = p11_kit_module_finalize (result); - assert (rv == CKR_OK); - - p11_lock (); - - rv = p11_module_release_inlock_reentrant (result); - assert (rv == CKR_OK); - - p11_unlock (); -} - -#endif /* OS_UNIX */ - -static CK_FUNCTION_LIST *recursive_managed; - -static CK_RV -mock_C_Initialize__with_recursive (CK_VOID_PTR init_args) -{ - CK_RV rv; - - rv = mock_C_Initialize (init_args); - assert (rv == CKR_OK); - - return p11_kit_module_initialize (recursive_managed); -} - -static void -test_recursive_initialization (void) -{ - CK_RV rv; - - /* Build up our own function list */ - memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); - module.C_Initialize = mock_C_Initialize__with_recursive; - - p11_kit_be_quiet (); - - p11_lock (); - - rv = p11_module_load_inlock_reentrant (&module, 0, &recursive_managed); - assert (rv == CKR_OK); - - p11_unlock (); - - rv = p11_kit_module_initialize (recursive_managed); - assert_num_eq (CKR_FUNCTION_FAILED, rv); - - p11_lock (); - - rv = p11_module_release_inlock_reentrant (recursive_managed); - assert (rv == CKR_OK); - - p11_unlock (); - - p11_kit_be_loud (); -} - -static int initialization_count = 0; -static int finalization_count = 0; - -static CK_RV -mock_C_Initialize__threaded_race (CK_VOID_PTR init_args) -{ - /* Atomically increment value */ - p11_mutex_lock (&race_mutex); - initialization_count += 1; - p11_mutex_unlock (&race_mutex); - - p11_sleep_ms (100); - return CKR_OK; -} - -static CK_RV -mock_C_Finalize__threaded_race (CK_VOID_PTR reserved) -{ - /* Atomically increment value */ - p11_mutex_lock (&race_mutex); - finalization_count += 1; - p11_mutex_unlock (&race_mutex); - - p11_sleep_ms (100); - return CKR_OK; -} - -static void * -initialization_thread (void *data) -{ - CK_FUNCTION_LIST *module = data; - CK_RV rv; - - assert (module != NULL); - rv = p11_kit_module_initialize (module); - assert_num_eq (rv, CKR_OK); - - return module; -} - -static void * -finalization_thread (void *data) -{ - CK_FUNCTION_LIST *module = data; - CK_RV rv; - - assert (module != NULL); - rv = p11_kit_module_finalize (module); - assert_num_eq (rv, CKR_OK); - - return module; -} - -static void -test_threaded_initialization (void) -{ - static const int num_threads = 1; - CK_FUNCTION_LIST *data[num_threads]; - p11_thread_t threads[num_threads]; - CK_RV rv; - int ret; - int i; - - /* Build up our own function list */ - memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); - module.C_Initialize = mock_C_Initialize__threaded_race; - module.C_Finalize = mock_C_Finalize__threaded_race; - - memset (&data, 0, sizeof (data)); - - p11_mutex_lock (&race_mutex); - initialization_count = 0; - finalization_count = 0; - p11_mutex_unlock (&race_mutex); - - p11_lock (); - - for (i = 0; i < num_threads; i++) { - assert (data[i] == NULL); - rv = p11_module_load_inlock_reentrant (&module, 0, &data[i]); - assert (rv == CKR_OK); - } - - p11_unlock (); - - for (i = 0; i < num_threads; i++) { - ret = p11_thread_create (&threads[i], initialization_thread, data[i]); - assert_num_eq (0, ret); - assert (threads[i] != 0); - } - - for (i = 0; i < num_threads; i++) { - ret = p11_thread_join (threads[i]); - assert_num_eq (0, ret); - threads[i] = 0; - } - - for (i = 0; i < num_threads; i++) { - ret = p11_thread_create (&threads[i], finalization_thread, data[i]); - assert_num_eq (0, ret); - assert (threads[i] != 0); - } - - for (i = 0; i < num_threads; i++) { - ret = p11_thread_join (threads[i]); - assert_num_eq (0, ret); - threads[i] = 0; - } - - p11_lock (); - - for (i = 0; i < num_threads; i++) { - assert (data[i] != NULL); - rv = p11_module_release_inlock_reentrant (data[i]); - assert (rv == CKR_OK); - } - - p11_unlock (); - - /* C_Initialize should have been called exactly once */ - assert_num_eq (1, initialization_count); - assert_num_eq (1, finalization_count); -} - -static CK_RV -mock_C_Initialize__test_mutexes (CK_VOID_PTR args) -{ - CK_C_INITIALIZE_ARGS_PTR init_args; - void *mutex = NULL; - CK_RV rv; - - assert (args != NULL); - init_args = args; - - rv = (init_args->CreateMutex) (&mutex); - assert (rv == CKR_OK); - - rv = (init_args->LockMutex) (mutex); - assert (rv == CKR_OK); - - rv = (init_args->UnlockMutex) (mutex); - assert (rv == CKR_OK); - - rv = (init_args->DestroyMutex) (mutex); - assert (rv == CKR_OK); - - return CKR_OK; -} - -static void -test_mutexes (void) -{ - CK_FUNCTION_LIST_PTR result; - CK_RV rv; - - /* Build up our own function list */ - memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); - module.C_Initialize = mock_C_Initialize__test_mutexes; - - p11_lock (); - - rv = p11_module_load_inlock_reentrant (&module, 0, &result); - assert (rv == CKR_OK); - - rv = p11_module_release_inlock_reentrant (result); - assert (rv == CKR_OK); - - p11_unlock (); -} - -static void -test_load_and_initialize (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_INFO info; - CK_RV rv; - int ret; - - module = p11_kit_module_load (BUILDDIR "/.libs/mock-one" SHLEXT, 0); - assert (module != NULL); - - rv = p11_kit_module_initialize (module); - assert (rv == CKR_OK); - - rv = (module->C_GetInfo) (&info); - assert (rv == CKR_OK); - - ret = memcmp (info.manufacturerID, "MOCK MANUFACTURER ", 32); - assert (ret == 0); - - rv = p11_kit_module_finalize (module); - assert (rv == CKR_OK); - - p11_kit_module_release (module); -} - -static void -test_initalize_fail (void) -{ - CK_FUNCTION_LIST failer; - CK_FUNCTION_LIST *modules[3] = { &mock_module_no_slots, &failer, NULL }; - CK_RV rv; - - memcpy (&failer, &mock_module, sizeof (CK_FUNCTION_LIST)); - failer.C_Initialize = mock_C_Initialize__fails; - - mock_module_reset (); - p11_kit_be_quiet (); - - rv = p11_kit_modules_initialize (modules, NULL); - assert_num_eq (CKR_FUNCTION_FAILED, rv); - - p11_kit_be_loud (); - - /* Failed modules get removed from the list */ - assert_ptr_eq (&mock_module_no_slots, modules[0]); - assert_ptr_eq (NULL, modules[1]); - assert_ptr_eq (NULL, modules[2]); - - p11_kit_modules_finalize (modules); -} - -static void -test_finalize_fail (void) -{ - -} - -int -main (int argc, - char *argv[]) -{ - p11_mutex_init (&race_mutex); - mock_module_init (); - p11_library_init (); - - /* These only work when managed */ - if (p11_virtual_can_wrap ()) { - p11_test (test_recursive_initialization, "/init/test_recursive_initialization"); - p11_test (test_threaded_initialization, "/init/test_threaded_initialization"); - p11_test (test_mutexes, "/init/test_mutexes"); - p11_test (test_load_and_initialize, "/init/test_load_and_initialize"); - -#ifdef OS_UNIX - p11_test (test_fork_initialization, "/init/test_fork_initialization"); -#endif - } - - p11_test (test_initalize_fail, "/init/test_initalize_fail"); - p11_test (test_finalize_fail, "/init/test_finalize_fail"); - - return p11_test_run (argc, argv); -} diff --git a/p11-kit/test-iter.c b/p11-kit/test-iter.c deleted file mode 100644 index 3f5a76f..0000000 --- a/p11-kit/test-iter.c +++ /dev/null @@ -1,1512 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@collabora.co.uk> - */ - -#include "config.h" -#include "test.h" - -#define P11_KIT_FUTURE_UNSTABLE_API 1 - -#include "attrs.h" -#include "dict.h" -#include "iter.h" -#include "library.h" -#include "message.h" -#include "mock.h" - -#include <assert.h> -#include <string.h> -#include <stdio.h> -#include <stdlib.h> - -static CK_FUNCTION_LIST_PTR_PTR -initialize_and_get_modules (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - - p11_message_quiet (); - - modules = p11_kit_modules_load_and_initialize (0); - assert (modules != NULL && modules[0] != NULL); - - p11_message_loud (); - - return modules; -} - -static void -finalize_and_free_modules (CK_FUNCTION_LIST_PTR_PTR modules) -{ - p11_kit_modules_finalize (modules); - p11_kit_modules_release (modules); -} - -static int -has_handle (CK_ULONG *objects, - int count, - CK_ULONG handle) -{ - int i; - for (i = 0; i < count; i++) { - if (objects[i] == handle) - return 1; - } - - return 0; -} - - -static void -test_all (void) -{ - CK_OBJECT_HANDLE objects[128]; - CK_FUNCTION_LIST_PTR *modules; - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session; - CK_ULONG size; - P11KitIter *iter; - CK_RV rv; - int at; - - modules = initialize_and_get_modules (); - - iter = p11_kit_iter_new (NULL, P11_KIT_ITER_BUSY_SESSIONS); - p11_kit_iter_begin (iter, modules); - - at = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - assert (at < 128); - objects[at] = p11_kit_iter_get_object (iter); - - module = p11_kit_iter_get_module (iter); - assert_ptr_not_null (module); - - session = p11_kit_iter_get_session (iter); - assert (session != 0); - - /* Do something with the object */ - size = 0; - rv = (module->C_GetObjectSize) (session, objects[at], &size); - assert (rv == CKR_OK); - assert (size > 0); - - at++; - } - - assert (rv == CKR_CANCEL); - - /* Three modules, each with 1 slot, and 3 public objects */ - assert_num_eq (9, at); - - assert (has_handle (objects, at, MOCK_DATA_OBJECT)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX)); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static CK_RV -on_iter_callback (P11KitIter *iter, - CK_BBOOL *matches, - void *data) -{ - CK_OBJECT_HANDLE object; - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session; - CK_ULONG size; - CK_RV rv; - - assert_str_eq (data, "callback"); - - object = p11_kit_iter_get_object (iter); - if (object != MOCK_PUBLIC_KEY_CAPITALIZE && object != MOCK_PUBLIC_KEY_PREFIX) { - *matches = CK_FALSE; - return CKR_OK; - } - - module = p11_kit_iter_get_module (iter); - assert_ptr_not_null (module); - - session = p11_kit_iter_get_session (iter); - assert (session != 0); - - /* Do something with the object */ - size = 0; - rv = (module->C_GetObjectSize) (session, object, &size); - assert (rv == CKR_OK); - assert (size > 0); - - return CKR_OK; -} - -static void -test_callback (void) -{ - CK_OBJECT_HANDLE objects[128]; - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - CK_RV rv; - int at; - - modules = initialize_and_get_modules (); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_add_callback (iter, on_iter_callback, "callback", NULL); - p11_kit_iter_begin (iter, modules); - - at= 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - assert (at < 128); - objects[at] = p11_kit_iter_get_object (iter); - at++; - } - - assert (rv == CKR_CANCEL); - - /* Three modules, each with 1 slot, and 2 public keys */ - assert_num_eq (6, at); - - assert (!has_handle (objects, at, MOCK_DATA_OBJECT)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX)); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static CK_RV -on_callback_fail (P11KitIter *iter, - CK_BBOOL *matches, - void *data) -{ - return CKR_DATA_INVALID; -} - -static void -test_callback_fails (void) -{ - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - CK_RV rv; - int at; - - modules = initialize_and_get_modules (); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_add_callback (iter, on_callback_fail, "callback", NULL); - p11_kit_iter_begin (iter, modules); - - at= 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - at++; - - assert (rv == CKR_DATA_INVALID); - - /* Shouldn't have succeeded at all */ - assert_num_eq (0, at); - - p11_kit_iter_free (iter); - finalize_and_free_modules (modules); -} - -static void -on_destroy_increment (void *data) -{ - int *value = data; - (*value)++; -} - -static void -test_callback_destroyer (void) -{ - P11KitIter *iter; - int value = 1; - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_add_callback (iter, on_callback_fail, &value, on_destroy_increment); - p11_kit_iter_free (iter); - - assert_num_eq (2, value); -} - -static void -test_with_session (void) -{ - CK_OBJECT_HANDLE objects[128]; - CK_SESSION_HANDLE session; - CK_FUNCTION_LIST_PTR module; - CK_SLOT_ID slot; - P11KitIter *iter; - CK_RV rv; - int at; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert (rv == CKR_OK); - - rv = mock_C_OpenSession (MOCK_SLOT_ONE_ID, CKF_SERIAL_SESSION, NULL, NULL, &session); - assert (rv == CKR_OK); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin_with (iter, &mock_module, 0, session); - - at= 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - assert (at < 128); - objects[at] = p11_kit_iter_get_object (iter); - - slot = p11_kit_iter_get_slot (iter); - assert (slot == MOCK_SLOT_ONE_ID); - - module = p11_kit_iter_get_module (iter); - assert_ptr_eq (module, &mock_module); - - assert (session == p11_kit_iter_get_session (iter)); - at++; - } - - assert (rv == CKR_CANCEL); - - /* 1 modules, each with 1 slot, and 3 public objects */ - assert_num_eq (3, at); - - assert (has_handle (objects, at, MOCK_DATA_OBJECT)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX)); - - p11_kit_iter_free (iter); - - /* The session is still valid ... */ - rv = mock_module.C_CloseSession (session); - assert (rv == CKR_OK); - - rv = mock_module.C_Finalize (NULL); - assert (rv == CKR_OK); -} - -static void -test_with_slot (void) -{ - CK_OBJECT_HANDLE objects[128]; - CK_FUNCTION_LIST_PTR module; - CK_SLOT_ID slot; - P11KitIter *iter; - CK_RV rv; - int at; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert (rv == CKR_OK); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin_with (iter, &mock_module, MOCK_SLOT_ONE_ID, 0); - - at= 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - assert (at < 128); - objects[at] = p11_kit_iter_get_object (iter); - - slot = p11_kit_iter_get_slot (iter); - assert (slot == MOCK_SLOT_ONE_ID); - - module = p11_kit_iter_get_module (iter); - assert_ptr_eq (module, &mock_module); - at++; - } - - assert (rv == CKR_CANCEL); - - /* 1 modules, each with 1 slot, and 3 public objects */ - assert_num_eq (3, at); - - assert (has_handle (objects, at, MOCK_DATA_OBJECT)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX)); - - p11_kit_iter_free (iter); - - rv = (mock_module.C_Finalize) (NULL); - assert (rv == CKR_OK); -} - -static void -test_with_module (void) -{ - CK_OBJECT_HANDLE objects[128]; - CK_FUNCTION_LIST_PTR module; - P11KitIter *iter; - CK_RV rv; - int at; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert (rv == CKR_OK); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin_with (iter, &mock_module, 0, 0); - - at= 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - assert (at < 128); - objects[at] = p11_kit_iter_get_object (iter); - - module = p11_kit_iter_get_module (iter); - assert_ptr_eq (module, &mock_module); - at++; - } - - assert (rv == CKR_CANCEL); - - /* 1 modules, each with 1 slot, and 3 public objects */ - assert_num_eq (3, at); - - assert (has_handle (objects, at, MOCK_DATA_OBJECT)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX)); - - p11_kit_iter_free (iter); - - rv = mock_module.C_Finalize (NULL); - assert (rv == CKR_OK); -} - -static void -test_keep_session (void) -{ - CK_SESSION_HANDLE session; - P11KitIter *iter; - CK_RV rv; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert (rv == CKR_OK); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin_with (iter, &mock_module, 0, 0); - - rv = p11_kit_iter_next (iter); - assert (rv == CKR_OK); - - session = p11_kit_iter_keep_session (iter); - p11_kit_iter_free (iter); - - /* The session is still valid ... */ - rv = mock_module.C_CloseSession (session); - assert (rv == CKR_OK); - - rv = mock_module.C_Finalize (NULL); - assert (rv == CKR_OK); -} - -static void -test_unrecognized (void) -{ - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - P11KitUri *uri; - CK_RV rv; - int count; - - modules = initialize_and_get_modules (); - - uri = p11_kit_uri_new (); - p11_kit_uri_set_unrecognized (uri, 1); - iter = p11_kit_iter_new (uri, 0); - p11_kit_uri_free (uri); - - p11_kit_iter_begin (iter, modules); - - count = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - count++; - - assert (rv == CKR_CANCEL); - - /* Nothing should have matched */ - assert_num_eq (0, count); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_uri_with_type (void) -{ - CK_OBJECT_HANDLE objects[128]; - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - P11KitUri *uri; - CK_RV rv; - int at; - int ret; - - modules = initialize_and_get_modules (); - - uri = p11_kit_uri_new (); - ret = p11_kit_uri_parse ("pkcs11:object-type=public", P11_KIT_URI_FOR_OBJECT, uri); - assert_num_eq (ret, P11_KIT_URI_OK); - - iter = p11_kit_iter_new (uri, 0); - p11_kit_uri_free (uri); - - p11_kit_iter_begin (iter, modules); - - at = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - assert (at < 128); - objects[at] = p11_kit_iter_get_object (iter); - at++; - } - - assert (rv == CKR_CANCEL); - - /* Three modules, each with 1 slot, and 2 public keys */ - assert_num_eq (6, at); - - assert (!has_handle (objects, at, MOCK_DATA_OBJECT)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX)); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_set_uri (void) -{ - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - P11KitUri *uri; - CK_RV rv; - - modules = initialize_and_get_modules (); - - uri = p11_kit_uri_new (); - p11_kit_uri_set_unrecognized (uri, 1); - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_set_uri (iter, uri); - p11_kit_uri_free (uri); - - p11_kit_iter_begin (iter, modules); - - /* Nothing should have matched */ - rv = p11_kit_iter_next (iter); - assert_num_eq (rv, CKR_CANCEL); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_filter (void) -{ - CK_OBJECT_HANDLE objects[128]; - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - CK_RV rv; - int at; - - CK_BBOOL vfalse = CK_FALSE; - CK_OBJECT_CLASS public_key = CKO_PUBLIC_KEY; - CK_ATTRIBUTE attrs[] = { - { CKA_PRIVATE, &vfalse, sizeof (vfalse) }, - { CKA_CLASS, &public_key, sizeof (public_key) }, - }; - - modules = initialize_and_get_modules (); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_add_filter (iter, attrs, 2); - - p11_kit_iter_begin (iter, modules); - - at = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - assert (at < 128); - objects[at] = p11_kit_iter_get_object (iter); - at++; - } - - assert (rv == CKR_CANCEL); - - /* Three modules, each with 1 slot, and 2 public keys */ - assert_num_eq (6, at); - - assert (!has_handle (objects, at, MOCK_DATA_OBJECT)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE)); - assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX)); - assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX)); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_session_flags (void) -{ - CK_FUNCTION_LIST_PTR *modules; - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session; - CK_SESSION_INFO info; - P11KitIter *iter; - CK_RV rv; - - modules = initialize_and_get_modules (); - - iter = p11_kit_iter_new (NULL, P11_KIT_ITER_WANT_WRITABLE); - p11_kit_iter_begin (iter, modules); - - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - module = p11_kit_iter_get_module (iter); - assert_ptr_not_null (module); - - session = p11_kit_iter_get_session (iter); - assert (session != 0); - - rv = (module->C_GetSessionInfo) (session, &info); - assert (rv == CKR_OK); - - assert_num_eq (CKS_RW_PUBLIC_SESSION, info.state); - } - - assert (rv == CKR_CANCEL); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_module_match (void) -{ - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - P11KitUri *uri; - CK_RV rv; - int count; - int ret; - - modules = initialize_and_get_modules (); - - uri = p11_kit_uri_new (); - ret = p11_kit_uri_parse ("pkcs11:library-description=MOCK%20LIBRARY", P11_KIT_URI_FOR_MODULE, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - iter = p11_kit_iter_new (uri, 0); - p11_kit_uri_free (uri); - - p11_kit_iter_begin (iter, modules); - - count = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - count++; - - assert (rv == CKR_CANCEL); - - /* Three modules, each with 1 slot, and 3 public objects */ - assert_num_eq (9, count); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_module_mismatch (void) -{ - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - P11KitUri *uri; - CK_RV rv; - int count; - int ret; - - modules = initialize_and_get_modules (); - - uri = p11_kit_uri_new (); - ret = p11_kit_uri_parse ("pkcs11:library-description=blah", P11_KIT_URI_FOR_MODULE, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - iter = p11_kit_iter_new (uri, 0); - p11_kit_uri_free (uri); - - p11_kit_iter_begin (iter, modules); - - count = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - count++; - - assert (rv == CKR_CANCEL); - - /* Nothing should have matched */ - assert_num_eq (0, count); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_slot_match (void) -{ - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - P11KitUri *uri; - CK_RV rv; - int count; - int ret; - - modules = initialize_and_get_modules (); - - uri = p11_kit_uri_new (); - ret = p11_kit_uri_parse ("pkcs11:slot-manufacturer=TEST%20MANUFACTURER", P11_KIT_URI_FOR_SLOT, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - iter = p11_kit_iter_new (uri, 0); - p11_kit_uri_free (uri); - - p11_kit_iter_begin (iter, modules); - - count = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - count++; - - assert (rv == CKR_CANCEL); - - /* Three modules, each with 1 slot, and 3 public objects */ - assert_num_eq (9, count); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_slot_mismatch (void) -{ - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - P11KitUri *uri; - CK_RV rv; - int count; - int ret; - - modules = initialize_and_get_modules (); - - uri = p11_kit_uri_new (); - ret = p11_kit_uri_parse ("pkcs11:slot-manufacturer=blah", P11_KIT_URI_FOR_SLOT, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - iter = p11_kit_iter_new (uri, 0); - p11_kit_uri_free (uri); - - p11_kit_iter_begin (iter, modules); - - count = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - count++; - - assert (rv == CKR_CANCEL); - - /* Nothing should have matched */ - assert_num_eq (0, count); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_slot_match_by_id (void) -{ - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - P11KitUri *uri; - char *string; - CK_RV rv; - int count; - int ret; - - modules = initialize_and_get_modules (); - - uri = p11_kit_uri_new (); - ret = asprintf (&string, "pkcs11:slot-id=%lu", MOCK_SLOT_ONE_ID); - assert (ret > 0); - ret = p11_kit_uri_parse (string, P11_KIT_URI_FOR_SLOT, uri); - free (string); - assert_num_eq (P11_KIT_URI_OK, ret); - - iter = p11_kit_iter_new (uri, 0); - p11_kit_uri_free (uri); - - p11_kit_iter_begin (iter, modules); - - count = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - count++; - - assert (rv == CKR_CANCEL); - - /* Three modules, each with 1 slot, and 3 public objects */ - assert_num_eq (9, count); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_slot_mismatch_by_id (void) -{ - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - P11KitUri *uri; - CK_RV rv; - int count; - int ret; - - modules = initialize_and_get_modules (); - - uri = p11_kit_uri_new (); - ret = p11_kit_uri_parse ("pkcs11:slot-id=0", P11_KIT_URI_FOR_SLOT, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - iter = p11_kit_iter_new (uri, 0); - p11_kit_uri_free (uri); - - p11_kit_iter_begin (iter, modules); - - count = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - count++; - - assert (rv == CKR_CANCEL); - - /* Nothing should have matched */ - assert_num_eq (0, count); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_slot_info (void) -{ - CK_FUNCTION_LIST_PTR *modules; - CK_SLOT_INFO *info; - P11KitIter *iter; - char *string; - CK_RV rv; - - modules = initialize_and_get_modules (); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin (iter, modules); - - rv = p11_kit_iter_next (iter); - assert_num_eq (rv, CKR_OK); - - info = p11_kit_iter_get_slot_info (iter); - assert_ptr_not_null (info); - - string = p11_kit_space_strdup (info->slotDescription, - sizeof (info->slotDescription)); - assert_ptr_not_null (string); - - assert_str_eq (string, "TEST SLOT"); - - free (string); - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_token_match (void) -{ - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - P11KitUri *uri; - CK_RV rv; - int count; - int ret; - - modules = initialize_and_get_modules (); - - uri = p11_kit_uri_new (); - ret = p11_kit_uri_parse ("pkcs11:manufacturer=TEST%20MANUFACTURER", P11_KIT_URI_FOR_TOKEN, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - iter = p11_kit_iter_new (uri, 0); - p11_kit_uri_free (uri); - - p11_kit_iter_begin (iter, modules); - - count = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - count++; - - assert (rv == CKR_CANCEL); - - /* Three modules, each with 1 slot, and 3 public objects */ - assert_num_eq (9, count); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_token_mismatch (void) -{ - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - P11KitUri *uri; - CK_RV rv; - int count; - int ret; - - modules = initialize_and_get_modules (); - - uri = p11_kit_uri_new (); - ret = p11_kit_uri_parse ("pkcs11:manufacturer=blah", P11_KIT_URI_FOR_TOKEN, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - iter = p11_kit_iter_new (uri, 0); - p11_kit_uri_free (uri); - - p11_kit_iter_begin (iter, modules); - - count = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - count++; - - assert (rv == CKR_CANCEL); - - /* Nothing should have matched */ - assert_num_eq (0, count); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_token_info (void) -{ - CK_FUNCTION_LIST_PTR *modules; - CK_TOKEN_INFO *info; - P11KitIter *iter; - char *string; - CK_RV rv; - - modules = initialize_and_get_modules (); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin (iter, modules); - - rv = p11_kit_iter_next (iter); - assert_num_eq (rv, CKR_OK); - - info = p11_kit_iter_get_token (iter); - assert_ptr_not_null (info); - - string = p11_kit_space_strdup (info->label, sizeof (info->label)); - assert_ptr_not_null (string); - - assert_str_eq (string, "TEST LABEL"); - - free (string); - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_getslotlist_fail_first (void) -{ - CK_FUNCTION_LIST module; - P11KitIter *iter; - CK_RV rv; - int at; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert (rv == CKR_OK); - - memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); - module.C_GetSlotList = mock_C_GetSlotList__fail_first; - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin_with (iter, &module, 0, 0); - - at= 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - at++; - - assert (rv == CKR_VENDOR_DEFINED); - - /* Should fail on the first iteration */ - assert_num_eq (0, at); - - p11_kit_iter_free (iter); - - rv = mock_module.C_Finalize (NULL); - assert (rv == CKR_OK); -} - -static void -test_getslotlist_fail_late (void) -{ - CK_FUNCTION_LIST module; - P11KitIter *iter; - CK_RV rv; - int at; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert (rv == CKR_OK); - - memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); - module.C_GetSlotList = mock_C_GetSlotList__fail_late; - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin_with (iter, &module, 0, 0); - - at= 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - at++; - - assert (rv == CKR_VENDOR_DEFINED); - - /* Should fail on the first iteration */ - assert_num_eq (0, at); - - p11_kit_iter_free (iter); - - rv = mock_module.C_Finalize (NULL); - assert (rv == CKR_OK); -} - -static void -test_open_session_fail (void) -{ - CK_FUNCTION_LIST module; - P11KitIter *iter; - CK_RV rv; - int at; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert (rv == CKR_OK); - - memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); - module.C_OpenSession = mock_C_OpenSession__fails; - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin_with (iter, &module, 0, 0); - - at= 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - at++; - - assert (rv == CKR_DEVICE_ERROR); - - /* Should fail on the first iteration */ - assert_num_eq (0, at); - - p11_kit_iter_free (iter); - - rv = mock_module.C_Finalize (NULL); - assert (rv == CKR_OK); -} - -static void -test_find_init_fail (void) -{ - CK_FUNCTION_LIST module; - P11KitIter *iter; - CK_RV rv; - int at; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert (rv == CKR_OK); - - memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); - module.C_FindObjectsInit = mock_C_FindObjectsInit__fails; - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin_with (iter, &module, 0, 0); - - at= 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - at++; - - assert (rv == CKR_DEVICE_MEMORY); - - /* Should fail on the first iteration */ - assert_num_eq (0, at); - - p11_kit_iter_free (iter); - - rv = mock_module.C_Finalize (NULL); - assert (rv == CKR_OK); -} - -static void -test_find_objects_fail (void) -{ - CK_FUNCTION_LIST module; - P11KitIter *iter; - CK_RV rv; - int at; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert (rv == CKR_OK); - - memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); - module.C_FindObjects = mock_C_FindObjects__fails; - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin_with (iter, &module, 0, 0); - - at= 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) - at++; - - assert (rv == CKR_DEVICE_REMOVED); - - /* Should fail on the first iteration */ - assert_num_eq (0, at); - - p11_kit_iter_free (iter); - - rv = mock_module.C_Finalize (NULL); - assert (rv == CKR_OK); -} - -static void -test_get_attributes (void) -{ - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - CK_OBJECT_HANDLE object; - char label[128]; - CK_ULONG klass; - CK_ULONG ulong; - CK_RV rv; - int at; - - CK_ATTRIBUTE template[] = { - { CKA_CLASS, &klass, sizeof (klass) }, - { CKA_LABEL, label, sizeof (label) }, - { CKA_INVALID }, - }; - - CK_ATTRIBUTE attrs[3]; - - modules = initialize_and_get_modules (); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin (iter, modules); - - at = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - assert (sizeof (attrs) == sizeof (template)); - memcpy (&attrs, &template, sizeof (attrs)); - - rv = p11_kit_iter_get_attributes (iter, attrs, 2); - assert (rv == CKR_OK); - - object = p11_kit_iter_get_object (iter); - switch (object) { - case MOCK_DATA_OBJECT: - assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_DATA); - assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "TEST LABEL", -1)); - break; - case MOCK_PUBLIC_KEY_CAPITALIZE: - assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_PUBLIC_KEY); - assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "Public Capitalize Key", -1)); - break; - case MOCK_PUBLIC_KEY_PREFIX: - assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_PUBLIC_KEY); - assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "Public prefix key", -1)); - break; - default: - assert_fail ("Unknown object matched", NULL); - break; - } - - at++; - } - - assert (rv == CKR_CANCEL); - - /* Three modules, each with 1 slot, and 3 public objects */ - assert_num_eq (9, at); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - - - -static void -test_load_attributes (void) -{ - CK_FUNCTION_LIST_PTR *modules; - P11KitIter *iter; - CK_ATTRIBUTE *attrs; - CK_OBJECT_HANDLE object; - CK_ULONG ulong; - CK_RV rv; - int at; - - CK_ATTRIBUTE types[] = { - { CKA_CLASS }, - { CKA_LABEL }, - }; - - modules = initialize_and_get_modules (); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin (iter, modules); - - attrs = p11_attrs_buildn (NULL, types, 2); - - at = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - rv = p11_kit_iter_load_attributes (iter, attrs, 2); - assert (rv == CKR_OK); - - object = p11_kit_iter_get_object (iter); - switch (object) { - case MOCK_DATA_OBJECT: - assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_DATA); - assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "TEST LABEL", -1)); - break; - case MOCK_PUBLIC_KEY_CAPITALIZE: - assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_PUBLIC_KEY); - assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "Public Capitalize Key", -1)); - break; - case MOCK_PUBLIC_KEY_PREFIX: - assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_PUBLIC_KEY); - assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "Public prefix key", -1)); - break; - default: - assert_fail ("Unknown object matched", NULL); - break; - } - - at++; - } - - p11_attrs_free (attrs); - - assert (rv == CKR_CANCEL); - - /* Three modules, each with 1 slot, and 3 public objects */ - assert_num_eq (9, at); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -static void -test_load_attributes_none (void) -{ - CK_FUNCTION_LIST module; - P11KitIter *iter; - CK_ATTRIBUTE *attrs; - CK_RV rv; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert (rv == CKR_OK); - - memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin_with (iter, &module, 0, 0); - - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - attrs = p11_attrs_buildn (NULL, NULL, 0); - rv = p11_kit_iter_load_attributes (iter, attrs, 0); - assert (rv == CKR_OK); - p11_attrs_free (attrs); - } - - assert (rv == CKR_CANCEL); - - p11_kit_iter_free (iter); - - rv = mock_module.C_Finalize (NULL); - assert (rv == CKR_OK); -} - -static void -test_load_attributes_fail_first (void) -{ - CK_ATTRIBUTE label = { CKA_LABEL, }; - CK_FUNCTION_LIST module; - P11KitIter *iter; - CK_ATTRIBUTE *attrs; - CK_RV rv; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert (rv == CKR_OK); - - memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); - module.C_GetAttributeValue = mock_C_GetAttributeValue__fail_first; - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin_with (iter, &module, 0, 0); - - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - attrs = p11_attrs_build (NULL, &label, NULL); - rv = p11_kit_iter_load_attributes (iter, attrs, 1); - assert (rv == CKR_FUNCTION_REJECTED); - p11_attrs_free (attrs); - } - - assert (rv == CKR_CANCEL); - - p11_kit_iter_free (iter); - - rv = mock_module.C_Finalize (NULL); - assert (rv == CKR_OK); -} - -static void -test_load_attributes_fail_late (void) -{ - CK_ATTRIBUTE label = { CKA_LABEL, }; - CK_FUNCTION_LIST module; - P11KitIter *iter; - CK_ATTRIBUTE *attrs; - CK_RV rv; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert (rv == CKR_OK); - - memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); - module.C_GetAttributeValue = mock_C_GetAttributeValue__fail_late; - - iter = p11_kit_iter_new (NULL, 0); - p11_kit_iter_begin_with (iter, &module, 0, 0); - - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - attrs = p11_attrs_build (NULL, &label, NULL); - rv = p11_kit_iter_load_attributes (iter, attrs, 1); - assert (rv == CKR_FUNCTION_FAILED); - p11_attrs_free (attrs); - } - - assert (rv == CKR_CANCEL); - - p11_kit_iter_free (iter); - - rv = mock_module.C_Finalize (NULL); - assert (rv == CKR_OK); -} - -static void -test_many (void *flags) -{ - P11KitIterBehavior behavior; - CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE handle; - p11_dict *seen; - P11KitIter *iter; - CK_RV rv; - int count; - int i; - - static CK_OBJECT_CLASS data = CKO_DATA; - static CK_ATTRIBUTE object[] = { - { CKA_VALUE, "blah", 4 }, - { CKA_CLASS, &data, sizeof (data) }, - { CKA_ID, "ID1", 3 }, - { CKA_INVALID }, - }; - - behavior = 0; - if (strstr (flags, "busy-sessions")) - behavior |= P11_KIT_ITER_BUSY_SESSIONS; - - mock_module_reset (); - rv = mock_module.C_Initialize (NULL); - assert_num_eq (rv, CKR_OK); - - rv = mock_C_OpenSession (MOCK_SLOT_ONE_ID, CKF_SERIAL_SESSION, NULL, NULL, &session); - assert_num_eq (rv, CKR_OK); - - for (i = 0; i < 10000; i++) - mock_module_add_object (MOCK_SLOT_ONE_ID, object); - - seen = p11_dict_new (p11_dict_ulongptr_hash, p11_dict_ulongptr_equal, free, NULL); - iter = p11_kit_iter_new (NULL, behavior); - p11_kit_iter_add_filter (iter, object, 3); - p11_kit_iter_begin_with (iter, &mock_module, 0, session); - - count = 0; - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - handle = p11_kit_iter_get_object (iter); - assert (p11_dict_get (seen, &handle) == NULL); - if (!p11_dict_set (seen, memdup (&handle, sizeof (handle)), "x")) - assert_not_reached (); - count++; - } - - assert_num_eq (rv, CKR_CANCEL); - assert_num_eq (count, 10000); - - p11_kit_iter_free (iter); - p11_dict_free (seen); - - rv = mock_module.C_Finalize (NULL); - assert (rv == CKR_OK); -} - -static void -test_destroy_object (void) -{ - CK_FUNCTION_LIST **modules; - P11KitIter *iter; - CK_OBJECT_HANDLE object; - CK_SESSION_HANDLE session; - CK_FUNCTION_LIST *module; - CK_ULONG size; - CK_RV rv; - - modules = initialize_and_get_modules (); - - iter = p11_kit_iter_new (NULL, P11_KIT_ITER_WANT_WRITABLE); - - p11_kit_iter_begin (iter, modules); - - /* Should have matched */ - rv = p11_kit_iter_next (iter); - assert_num_eq (rv, CKR_OK); - - object = p11_kit_iter_get_object (iter); - session = p11_kit_iter_get_session (iter); - module = p11_kit_iter_get_module (iter); - - rv = (module->C_GetObjectSize) (session, object, &size); - assert_num_eq (rv, CKR_OK); - - rv = p11_kit_iter_destroy_object (iter); - assert_num_eq (rv, CKR_OK); - - rv = (module->C_GetObjectSize) (session, object, &size); - assert_num_eq (rv, CKR_OBJECT_HANDLE_INVALID); - - p11_kit_iter_free (iter); - - finalize_and_free_modules (modules); -} - -int -main (int argc, - char *argv[]) -{ - p11_library_init (); - mock_module_init (); - - p11_test (test_all, "/iter/test_all"); - p11_test (test_unrecognized, "/iter/test_unrecognized"); - p11_test (test_uri_with_type, "/iter/test_uri_with_type"); - p11_test (test_set_uri, "/iter/set-uri"); - p11_test (test_session_flags, "/iter/test_session_flags"); - p11_test (test_callback, "/iter/test_callback"); - p11_test (test_callback_fails, "/iter/test_callback_fails"); - p11_test (test_callback_destroyer, "/iter/test_callback_destroyer"); - p11_test (test_filter, "/iter/test_filter"); - p11_test (test_with_session, "/iter/test_with_session"); - p11_test (test_with_slot, "/iter/test_with_slot"); - p11_test (test_with_module, "/iter/test_with_module"); - p11_test (test_keep_session, "/iter/test_keep_session"); - p11_test (test_token_match, "/iter/test_token_match"); - p11_test (test_token_mismatch, "/iter/test_token_mismatch"); - p11_test (test_token_info, "/iter/token-info"); - p11_test (test_slot_match, "/iter/test_slot_match"); - p11_test (test_slot_mismatch, "/iter/test_slot_mismatch"); - p11_test (test_slot_match_by_id, "/iter/test_slot_match_by_id"); - p11_test (test_slot_mismatch_by_id, "/iter/test_slot_mismatch_by_id"); - p11_test (test_slot_info, "/iter/slot-info"); - p11_test (test_module_match, "/iter/test_module_match"); - p11_test (test_module_mismatch, "/iter/test_module_mismatch"); - p11_test (test_getslotlist_fail_first, "/iter/test_getslotlist_fail_first"); - p11_test (test_getslotlist_fail_late, "/iter/test_getslotlist_fail_late"); - p11_test (test_open_session_fail, "/iter/test_open_session_fail"); - p11_test (test_find_init_fail, "/iter/test_find_init_fail"); - p11_test (test_find_objects_fail, "/iter/test_find_objects_fail"); - p11_test (test_get_attributes, "/iter/get-attributes"); - p11_test (test_load_attributes, "/iter/test_load_attributes"); - p11_test (test_load_attributes_none, "/iter/test_load_attributes_none"); - p11_test (test_load_attributes_fail_first, "/iter/test_load_attributes_fail_first"); - p11_test (test_load_attributes_fail_late, "/iter/test_load_attributes_fail_late"); - p11_testx (test_many, "", "/iter/test-many"); - p11_testx (test_many, "busy-sessions", "/iter/test-many-busy"); - p11_test (test_destroy_object, "/iter/destroy-object"); - - return p11_test_run (argc, argv); -} diff --git a/p11-kit/test-log.c b/p11-kit/test-log.c deleted file mode 100644 index e7dab70..0000000 --- a/p11-kit/test-log.c +++ /dev/null @@ -1,112 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@redhat.com> - */ - -#include "config.h" -#include "test.h" - -#include "dict.h" -#include "library.h" -#include "log.h" -#include "mock.h" -#include "modules.h" -#include "p11-kit.h" -#include "virtual.h" - -#include <errno.h> -#include <stdlib.h> -#include <stdio.h> -#include <string.h> - -static CK_FUNCTION_LIST_PTR -setup_mock_module (CK_SESSION_HANDLE *session) -{ - CK_FUNCTION_LIST_PTR module; - CK_RV rv; - - p11_lock (); - p11_log_force = true; - - rv = p11_module_load_inlock_reentrant (&mock_module, 0, &module); - assert (rv == CKR_OK); - assert_ptr_not_null (module); - assert (p11_virtual_is_wrapper (module)); - - p11_unlock (); - - rv = p11_kit_module_initialize (module); - assert (rv == CKR_OK); - - if (session) { - rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, - CKF_RW_SESSION | CKF_SERIAL_SESSION, - NULL, NULL, session); - assert (rv == CKR_OK); - } - - return module; -} - -static void -teardown_mock_module (CK_FUNCTION_LIST_PTR module) -{ - CK_RV rv; - - rv = p11_kit_module_finalize (module); - assert (rv == CKR_OK); - - p11_lock (); - - rv = p11_module_release_inlock_reentrant (module); - assert (rv == CKR_OK); - - p11_unlock (); -} - -/* Bring in all the mock module tests */ -#include "test-mock.c" - -int -main (int argc, - char *argv[]) -{ - p11_library_init (); - mock_module_init (); - - test_mock_add_tests ("/log"); - - p11_kit_be_quiet (); - p11_log_output = false; - - return p11_test_run (argc, argv); -} diff --git a/p11-kit/test-managed.c b/p11-kit/test-managed.c deleted file mode 100644 index fc673ea..0000000 --- a/p11-kit/test-managed.c +++ /dev/null @@ -1,271 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@redhat.com> - */ - -#include "config.h" -#include "test.h" - -#include "dict.h" -#include "library.h" -#include "mock.h" -#include "modules.h" -#include "p11-kit.h" -#include "virtual.h" - -#include <sys/types.h> -#ifdef OS_UNIX -#include <sys/wait.h> -#endif -#include <errno.h> -#include <stdlib.h> -#include <stdio.h> -#include <string.h> - -static CK_FUNCTION_LIST_PTR -setup_mock_module (CK_SESSION_HANDLE *session) -{ - CK_FUNCTION_LIST_PTR module; - CK_RV rv; - - p11_lock (); - - rv = p11_module_load_inlock_reentrant (&mock_module, 0, &module); - assert (rv == CKR_OK); - assert_ptr_not_null (module); - assert (p11_virtual_is_wrapper (module)); - - p11_unlock (); - - rv = p11_kit_module_initialize (module); - assert (rv == CKR_OK); - - if (session) { - rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, - CKF_RW_SESSION | CKF_SERIAL_SESSION, - NULL, NULL, session); - assert (rv == CKR_OK); - } - - return module; -} - -static void -teardown_mock_module (CK_FUNCTION_LIST_PTR module) -{ - CK_RV rv; - - rv = p11_kit_module_finalize (module); - assert (rv == CKR_OK); - - p11_lock (); - - rv = p11_module_release_inlock_reentrant (module); - assert (rv == CKR_OK); - - p11_unlock (); -} - -static CK_RV -fail_C_Initialize (void *init_reserved) -{ - return CKR_FUNCTION_FAILED; -} - -static void -test_initialize_finalize (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_RV rv; - - p11_lock (); - - rv = p11_module_load_inlock_reentrant (&mock_module, 0, &module); - assert (rv == CKR_OK); - assert_ptr_not_null (module); - assert (p11_virtual_is_wrapper (module)); - - p11_unlock (); - - rv = module->C_Initialize (NULL); - assert (rv == CKR_OK); - - rv = module->C_Initialize (NULL); - assert (rv == CKR_CRYPTOKI_ALREADY_INITIALIZED); - - rv = module->C_Finalize (NULL); - assert (rv == CKR_OK); - - rv = module->C_Finalize (NULL); - assert (rv == CKR_CRYPTOKI_NOT_INITIALIZED); - - p11_lock (); - - rv = p11_module_release_inlock_reentrant (module); - assert (rv == CKR_OK); - - p11_unlock (); -} - -static void -test_initialize_fail (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_FUNCTION_LIST base; - CK_RV rv; - - memcpy (&base, &mock_module, sizeof (CK_FUNCTION_LIST)); - base.C_Initialize = fail_C_Initialize; - - p11_lock (); - - rv = p11_module_load_inlock_reentrant (&base, 0, &module); - assert (rv == CKR_OK); - - p11_unlock (); - - rv = p11_kit_module_initialize (module); - assert (rv == CKR_FUNCTION_FAILED); -} - -static void -test_separate_close_all_sessions (void) -{ - CK_FUNCTION_LIST *first; - CK_FUNCTION_LIST *second; - CK_SESSION_HANDLE s1; - CK_SESSION_HANDLE s2; - CK_SESSION_INFO info; - CK_RV rv; - - first = setup_mock_module (&s1); - second = setup_mock_module (&s2); - - rv = first->C_GetSessionInfo (s1, &info); - assert (rv == CKR_OK); - - rv = second->C_GetSessionInfo (s2, &info); - assert (rv == CKR_OK); - - first->C_CloseAllSessions (MOCK_SLOT_ONE_ID); - assert (rv == CKR_OK); - - rv = first->C_GetSessionInfo (s1, &info); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = second->C_GetSessionInfo (s2, &info); - assert (rv == CKR_OK); - - second->C_CloseAllSessions (MOCK_SLOT_ONE_ID); - assert (rv == CKR_OK); - - rv = first->C_GetSessionInfo (s1, &info); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = second->C_GetSessionInfo (s2, &info); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - teardown_mock_module (first); - teardown_mock_module (second); -} - -#ifdef OS_UNIX - -static void -test_fork_and_reinitialize (void) -{ - CK_FUNCTION_LIST *module; - CK_INFO info; - int status; - CK_RV rv; - pid_t pid; - int i; - - module = setup_mock_module (NULL); - assert_ptr_not_null (module); - - pid = fork (); - assert_num_cmp (pid, >=, 0); - - /* The child */ - if (pid == 0) { - rv = (module->C_Initialize) (NULL); - assert_num_eq (CKR_OK, rv); - - for (i = 0; i < 32; i++) { - rv = (module->C_GetInfo) (&info); - assert_num_eq (CKR_OK, rv); - } - - rv = (module->C_Finalize) (NULL); - assert_num_eq (CKR_OK, rv); - - _exit (66); - } - - for (i = 0; i < 128; i++) { - rv = (module->C_GetInfo) (&info); - assert_num_eq (CKR_OK, rv); - } - - assert_num_eq (waitpid (pid, &status, 0), pid); - assert_num_eq (WEXITSTATUS (status), 66); - - teardown_mock_module (module); -} - -#endif /* OS_UNIX */ - -/* Bring in all the mock module tests */ -#include "test-mock.c" - -int -main (int argc, - char *argv[]) -{ - mock_module_init (); - p11_library_init (); - - p11_test (test_initialize_finalize, "/managed/test_initialize_finalize"); - p11_test (test_initialize_fail, "/managed/test_initialize_fail"); - p11_test (test_separate_close_all_sessions, "/managed/test_separate_close_all_sessions"); - -#ifdef OS_UNIX - p11_test (test_fork_and_reinitialize, "/managed/fork-and-reinitialize"); -#endif - - test_mock_add_tests ("/managed"); - - p11_kit_be_quiet (); - - return p11_test_run (argc, argv); -} diff --git a/p11-kit/test-mock.c b/p11-kit/test-mock.c deleted file mode 100644 index 8454f1f..0000000 --- a/p11-kit/test-mock.c +++ /dev/null @@ -1,1685 +0,0 @@ -/* - * Copyright (c) 2012 Stefan Walter - * Copyright (c) 2012-2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stef@thewalter.net> - */ - -#include "test.h" - -#include "library.h" -#include "mock.h" -#include "p11-kit.h" - -#include <sys/types.h> -#include <string.h> -#include <stdio.h> -#include <stdlib.h> - -static void -test_get_info (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_INFO info; - CK_RV rv; - - module = setup_mock_module (NULL); - - rv = (module->C_GetInfo) (&info); - assert_num_eq (rv, CKR_OK); - assert_num_eq (MOCK_INFO.cryptokiVersion.major, info.cryptokiVersion.major); - assert_num_eq (MOCK_INFO.cryptokiVersion.minor, info.cryptokiVersion.minor); - assert (memcmp (MOCK_INFO.manufacturerID, info.manufacturerID, sizeof (info.manufacturerID)) == 0); - assert_num_eq (MOCK_INFO.flags, info.flags); - assert (memcmp (MOCK_INFO.libraryDescription, info.libraryDescription, sizeof (info.libraryDescription)) == 0); - assert_num_eq (MOCK_INFO.libraryVersion.major, info.libraryVersion.major); - assert_num_eq (MOCK_INFO.libraryVersion.minor, info.libraryVersion.minor); - - teardown_mock_module (module); -} - -static void -test_get_slot_list (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SLOT_ID slot_list[8]; - CK_ULONG count = 0; - CK_RV rv; - - module = setup_mock_module (NULL); - - /* Normal module has 2 slots, one with token present */ - rv = (module->C_GetSlotList) (CK_TRUE, NULL, &count); - assert (rv == CKR_OK); - assert_num_eq (MOCK_SLOTS_PRESENT, count); - rv = (module->C_GetSlotList) (CK_FALSE, NULL, &count); - assert (rv == CKR_OK); - assert_num_eq (MOCK_SLOTS_ALL, count); - - count = 8; - rv = (module->C_GetSlotList) (CK_TRUE, slot_list, &count); - assert (rv == CKR_OK); - assert_num_eq (MOCK_SLOTS_PRESENT, count); - assert_num_eq (MOCK_SLOT_ONE_ID, slot_list[0]); - - count = 8; - rv = (module->C_GetSlotList) (CK_FALSE, slot_list, &count); - assert (rv == CKR_OK); - assert_num_eq (MOCK_SLOTS_ALL, count); - assert_num_eq (MOCK_SLOT_ONE_ID, slot_list[0]); - assert_num_eq (MOCK_SLOT_TWO_ID, slot_list[1]); - - teardown_mock_module (module); -} - -static void -test_get_slot_info (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SLOT_INFO info; - char *string; - CK_RV rv; - - module = setup_mock_module (NULL); - - rv = (module->C_GetSlotInfo) (MOCK_SLOT_ONE_ID, &info); - assert (rv == CKR_OK); - string = p11_kit_space_strdup (info.slotDescription, sizeof (info.slotDescription)); - assert_str_eq ("TEST SLOT", string); - free (string); - string = p11_kit_space_strdup (info.manufacturerID, sizeof (info.manufacturerID)); - assert_str_eq ("TEST MANUFACTURER", string); - free (string); - assert_num_eq (CKF_TOKEN_PRESENT | CKF_REMOVABLE_DEVICE, info.flags); - assert_num_eq (55, info.hardwareVersion.major); - assert_num_eq (155, info.hardwareVersion.minor); - assert_num_eq (65, info.firmwareVersion.major); - assert_num_eq (165, info.firmwareVersion.minor); - - rv = (module->C_GetSlotInfo) (MOCK_SLOT_TWO_ID, &info); - assert (rv == CKR_OK); - assert_num_eq (CKF_REMOVABLE_DEVICE, info.flags); - - rv = (module->C_GetSlotInfo) (0, &info); - assert (rv == CKR_SLOT_ID_INVALID); - - teardown_mock_module (module); -} - -static void -test_get_token_info (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_TOKEN_INFO info; - char *string; - CK_RV rv; - - module = setup_mock_module (NULL); - - rv = (module->C_GetTokenInfo) (MOCK_SLOT_ONE_ID, &info); - assert (rv == CKR_OK); - - string = p11_kit_space_strdup (info.label, sizeof (info.label)); - assert_str_eq ("TEST LABEL", string); - free (string); - string = p11_kit_space_strdup (info.manufacturerID, sizeof (info.manufacturerID)); - assert_str_eq ("TEST MANUFACTURER", string); - free (string); - string = p11_kit_space_strdup (info.model, sizeof (info.model)); - assert_str_eq ("TEST MODEL", string); - free (string); - string = p11_kit_space_strdup (info.serialNumber, sizeof (info.serialNumber)); - assert_str_eq ("TEST SERIAL", string); - free (string); - assert_num_eq (CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED | CKF_CLOCK_ON_TOKEN | CKF_TOKEN_INITIALIZED, info.flags); - assert_num_eq (1, info.ulMaxSessionCount); - assert_num_eq (2, info.ulSessionCount); - assert_num_eq (3, info.ulMaxRwSessionCount); - assert_num_eq (4, info.ulRwSessionCount); - assert_num_eq (5, info.ulMaxPinLen); - assert_num_eq (6, info.ulMinPinLen); - assert_num_eq (7, info.ulTotalPublicMemory); - assert_num_eq (8, info.ulFreePublicMemory); - assert_num_eq (9, info.ulTotalPrivateMemory); - assert_num_eq (10, info.ulFreePrivateMemory); - assert_num_eq (75, info.hardwareVersion.major); - assert_num_eq (175, info.hardwareVersion.minor); - assert_num_eq (85, info.firmwareVersion.major); - assert_num_eq (185, info.firmwareVersion.minor); - assert (memcmp (info.utcTime, "1999052509195900", sizeof (info.utcTime)) == 0); - - rv = (module->C_GetTokenInfo) (MOCK_SLOT_TWO_ID, &info); - assert (rv == CKR_TOKEN_NOT_PRESENT); - - rv = (module->C_GetTokenInfo) (0, &info); - assert (rv == CKR_SLOT_ID_INVALID); - - teardown_mock_module (module); -} - -static void -test_get_mechanism_list (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_MECHANISM_TYPE mechs[8]; - CK_ULONG count = 0; - CK_RV rv; - - module = setup_mock_module (NULL); - - rv = (module->C_GetMechanismList) (MOCK_SLOT_ONE_ID, NULL, &count); - assert (rv == CKR_OK); - assert_num_eq (2, count); - rv = (module->C_GetMechanismList) (MOCK_SLOT_TWO_ID, NULL, &count); - assert (rv == CKR_TOKEN_NOT_PRESENT); - rv = (module->C_GetMechanismList) (0, NULL, &count); - assert (rv == CKR_SLOT_ID_INVALID); - - count = 8; - rv = (module->C_GetMechanismList) (MOCK_SLOT_ONE_ID, mechs, &count); - assert (rv == CKR_OK); - assert_num_eq (2, count); - assert_num_eq (mechs[0], CKM_MOCK_CAPITALIZE); - assert_num_eq (mechs[1], CKM_MOCK_PREFIX); - - teardown_mock_module (module); -} - -static void -test_get_mechanism_info (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_MECHANISM_INFO info; - CK_RV rv; - - module = setup_mock_module (NULL); - - rv = (module->C_GetMechanismInfo) (MOCK_SLOT_ONE_ID, CKM_MOCK_CAPITALIZE, &info); - assert_num_eq (rv, CKR_OK); - assert_num_eq (512, info.ulMinKeySize); - assert_num_eq (4096, info.ulMaxKeySize); - assert_num_eq (CKF_ENCRYPT | CKF_DECRYPT, info.flags); - - rv = (module->C_GetMechanismInfo) (MOCK_SLOT_ONE_ID, CKM_MOCK_PREFIX, &info); - assert (rv == CKR_OK); - assert_num_eq (2048, info.ulMinKeySize); - assert_num_eq (2048, info.ulMaxKeySize); - assert_num_eq (CKF_SIGN | CKF_VERIFY, info.flags); - - rv = (module->C_GetMechanismInfo) (MOCK_SLOT_TWO_ID, CKM_MOCK_PREFIX, &info); - assert (rv == CKR_TOKEN_NOT_PRESENT); - rv = (module->C_GetMechanismInfo) (MOCK_SLOT_ONE_ID, 0, &info); - assert (rv == CKR_MECHANISM_INVALID); - rv = (module->C_GetMechanismInfo) (0, CKM_MOCK_PREFIX, &info); - assert (rv == CKR_SLOT_ID_INVALID); - - teardown_mock_module (module); -} - -static void -test_init_token (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_RV rv; - - module = setup_mock_module (NULL); - - rv = (module->C_InitToken) (MOCK_SLOT_ONE_ID, (CK_UTF8CHAR_PTR)"TEST PIN", 8, (CK_UTF8CHAR_PTR)"TEST LABEL"); - assert (rv == CKR_OK); - - rv = (module->C_InitToken) (MOCK_SLOT_ONE_ID, (CK_UTF8CHAR_PTR)"OTHER", 5, (CK_UTF8CHAR_PTR)"TEST LABEL"); - assert (rv == CKR_PIN_INVALID); - rv = (module->C_InitToken) (MOCK_SLOT_TWO_ID, (CK_UTF8CHAR_PTR)"TEST PIN", 8, (CK_UTF8CHAR_PTR)"TEST LABEL"); - assert (rv == CKR_TOKEN_NOT_PRESENT); - rv = (module->C_InitToken) (0, (CK_UTF8CHAR_PTR)"TEST PIN", 8, (CK_UTF8CHAR_PTR)"TEST LABEL"); - assert (rv == CKR_SLOT_ID_INVALID); - - teardown_mock_module (module); -} - -static void -test_wait_for_slot_event (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SLOT_ID slot; - CK_RV rv; - -#ifdef MOCK_SKIP_WAIT_TEST - return; -#endif - - module = setup_mock_module (NULL); - - rv = (module->C_WaitForSlotEvent) (0, &slot, NULL); - assert (rv == CKR_OK); - assert_num_eq (slot, MOCK_SLOT_TWO_ID); - - rv = (module->C_WaitForSlotEvent) (CKF_DONT_BLOCK, &slot, NULL); - assert (rv == CKR_NO_EVENT); - - teardown_mock_module (module); -} - -static void -test_open_close_session (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_RV rv; - - module = setup_mock_module (NULL); - - rv = (module->C_OpenSession) (MOCK_SLOT_TWO_ID, CKF_SERIAL_SESSION, NULL, NULL, &session); - assert (rv == CKR_TOKEN_NOT_PRESENT); - rv = (module->C_OpenSession) (0, CKF_SERIAL_SESSION, NULL, NULL, &session); - assert (rv == CKR_SLOT_ID_INVALID); - - rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_SERIAL_SESSION, NULL, NULL, &session); - assert (rv == CKR_OK); - assert (session != 0); - - rv = (module->C_CloseSession) (session); - assert (rv == CKR_OK); - - rv = (module->C_CloseSession) (session); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - teardown_mock_module (module); -} - -static void -test_close_all_sessions (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_RV rv; - - module = setup_mock_module (NULL); - - rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_SERIAL_SESSION, NULL, NULL, &session); - assert (rv == CKR_OK); - assert (session != 0); - - rv = (module->C_CloseAllSessions) (MOCK_SLOT_ONE_ID); - assert (rv == CKR_OK); - - rv = (module->C_CloseSession) (session); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - teardown_mock_module (module); -} - -static void -test_get_function_status (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_GetFunctionStatus) (session); - assert (rv == CKR_FUNCTION_NOT_PARALLEL); - - teardown_mock_module (module); -} - -static void -test_cancel_function (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_CancelFunction) (session); - assert (rv == CKR_FUNCTION_NOT_PARALLEL); - - teardown_mock_module (module); -} - -static void -test_get_session_info (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_SESSION_INFO info; - CK_RV rv; - - module = setup_mock_module (NULL); - - rv = (module->C_GetSessionInfo) (0, &info); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_SERIAL_SESSION, NULL, NULL, &session); - assert (rv == CKR_OK); - assert (session != 0); - - rv = (module->C_GetSessionInfo) (session, &info); - assert (rv == CKR_OK); - assert_num_eq (MOCK_SLOT_ONE_ID, info.slotID); - assert_num_eq (CKS_RO_PUBLIC_SESSION, info.state); - assert_num_eq (CKF_SERIAL_SESSION, info.flags); - assert_num_eq (1414, info.ulDeviceError); - - rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_RW_SESSION | CKF_SERIAL_SESSION, NULL, NULL, &session); - assert (rv == CKR_OK); - assert (session != 0); - - rv = (module->C_GetSessionInfo) (session, &info); - assert (rv == CKR_OK); - assert_num_eq (MOCK_SLOT_ONE_ID, info.slotID); - assert_num_eq (CKS_RW_PUBLIC_SESSION, info.state); - assert_num_eq (CKF_SERIAL_SESSION | CKF_RW_SESSION, info.flags); - assert_num_eq (1414, info.ulDeviceError); - - teardown_mock_module (module); -} - -static void -test_init_pin (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_InitPIN) (0, (CK_UTF8CHAR_PTR)"TEST PIN", 8); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_InitPIN) (session, (CK_UTF8CHAR_PTR)"TEST PIN", 8); - assert (rv == CKR_OK); - - rv = (module->C_InitPIN) (session, (CK_UTF8CHAR_PTR)"OTHER", 5); - assert (rv == CKR_PIN_INVALID); - - teardown_mock_module (module); -} - -static void -test_set_pin (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_SetPIN) (0, (CK_UTF8CHAR_PTR)"booo", 4, (CK_UTF8CHAR_PTR)"TEST PIN", 8); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_SetPIN) (session, (CK_UTF8CHAR_PTR)"booo", 4, (CK_UTF8CHAR_PTR)"TEST PIN", 8); - assert (rv == CKR_OK); - - rv = (module->C_SetPIN) (session, (CK_UTF8CHAR_PTR)"other", 5, (CK_UTF8CHAR_PTR)"OTHER", 5); - assert (rv == CKR_PIN_INCORRECT); - - teardown_mock_module (module); -} - -static void -test_operation_state (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_BYTE state[128]; - CK_ULONG state_len; - CK_SESSION_HANDLE session = 0; - CK_RV rv; - - module = setup_mock_module (&session); - - state_len = sizeof (state); - rv = (module->C_GetOperationState) (0, state, &state_len); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - state_len = sizeof (state); - rv = (module->C_GetOperationState) (session, state, &state_len); - assert (rv == CKR_OK); - - rv = (module->C_SetOperationState) (session, state, state_len, 355, 455); - assert (rv == CKR_OK); - - rv = (module->C_SetOperationState) (0, state, state_len, 355, 455); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - teardown_mock_module (module); -} - -static void -test_login_logout (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_Login) (0, CKU_USER, (CK_UTF8CHAR_PTR)"booo", 4); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_Login) (session, CKU_USER, (CK_UTF8CHAR_PTR)"bo", 2); - assert (rv == CKR_PIN_INCORRECT); - - rv = (module->C_Login) (session, CKU_USER, (CK_UTF8CHAR_PTR)"booo", 4); - assert (rv == CKR_OK); - - rv = (module->C_Logout) (session); - assert (rv == CKR_OK); - - rv = (module->C_Logout) (session); - assert (rv == CKR_USER_NOT_LOGGED_IN); - - teardown_mock_module (module); -} - -static void -test_get_attribute_value (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_ATTRIBUTE attrs[8]; - char label[32]; - CK_OBJECT_CLASS klass; - CK_RV rv; - - module = setup_mock_module (&session); - - attrs[0].type = CKA_CLASS; - attrs[0].pValue = &klass; - attrs[0].ulValueLen = sizeof (klass); - attrs[1].type = CKA_LABEL; - attrs[1].pValue = label; - attrs[1].ulValueLen = 2; /* too small */ - attrs[2].type = CKA_BITS_PER_PIXEL; - attrs[2].pValue = NULL; - attrs[2].ulValueLen = 0; - - rv = (module->C_GetAttributeValue) (session, MOCK_PRIVATE_KEY_CAPITALIZE, attrs, 3); - assert (rv == CKR_USER_NOT_LOGGED_IN); - - rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 2); - assert (rv == CKR_BUFFER_TOO_SMALL); - - /* Get right size */ - attrs[1].pValue = NULL; - attrs[1].ulValueLen = 0; - - rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 2); - assert (rv == CKR_OK); - - rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 3); - assert (rv == CKR_ATTRIBUTE_TYPE_INVALID); - - assert_num_eq (CKO_PUBLIC_KEY, klass); - assert_num_eq (21, attrs[1].ulValueLen); - assert_ptr_eq (NULL, attrs[1].pValue); - attrs[1].pValue = label; - attrs[1].ulValueLen = sizeof (label); - assert ((CK_ULONG)-1 == attrs[2].ulValueLen); - assert_ptr_eq (NULL, attrs[2].pValue); - - rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 3); - assert (rv == CKR_ATTRIBUTE_TYPE_INVALID); - - assert_num_eq (CKO_PUBLIC_KEY, klass); - assert_num_eq (21, attrs[1].ulValueLen); - assert_ptr_eq (label, attrs[1].pValue); - assert (memcmp (label, "Public Capitalize Key", attrs[1].ulValueLen) == 0); - assert ((CK_ULONG)-1 == attrs[2].ulValueLen); - assert_ptr_eq (NULL, attrs[2].pValue); - - teardown_mock_module (module); -} - -static void -test_set_attribute_value (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_ATTRIBUTE attrs[8]; - char label[32]; - CK_ULONG bits; - CK_RV rv; - - module = setup_mock_module (&session); - - strcpy (label, "Blahooo"); - bits = 1555; - - attrs[0].type = CKA_LABEL; - attrs[0].pValue = label; - attrs[0].ulValueLen = strlen (label); - attrs[1].type = CKA_BITS_PER_PIXEL; - attrs[1].pValue = &bits; - attrs[1].ulValueLen = sizeof (bits); - - rv = (module->C_SetAttributeValue) (session, MOCK_PRIVATE_KEY_CAPITALIZE, attrs, 2); - assert (rv == CKR_USER_NOT_LOGGED_IN); - - rv = (module->C_SetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 2); - assert (rv == CKR_OK); - - memset (label, 0, sizeof (label)); - bits = 0; - - rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 2); - assert (rv == CKR_OK); - - assert_num_eq (bits, 1555); - assert_num_eq (7, attrs[0].ulValueLen); - assert (memcmp (label, "Blahooo", attrs[0].ulValueLen) == 0); - - teardown_mock_module (module); -} - -static void -test_create_object (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_OBJECT_HANDLE object; - CK_ATTRIBUTE attrs[8]; - char label[32]; - CK_ULONG bits; - CK_RV rv; - - module = setup_mock_module (&session); - - strcpy (label, "Blahooo"); - bits = 1555; - - attrs[0].type = CKA_LABEL; - attrs[0].pValue = label; - attrs[0].ulValueLen = strlen (label); - attrs[1].type = CKA_BITS_PER_PIXEL; - attrs[1].pValue = &bits; - attrs[1].ulValueLen = sizeof (bits); - - rv = (module->C_CreateObject) (0, attrs, 2, &object); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_CreateObject) (session, attrs, 2, &object); - assert (rv == CKR_OK); - - attrs[0].ulValueLen = sizeof (label); - memset (label, 0, sizeof (label)); - bits = 0; - - rv = (module->C_GetAttributeValue) (session, object, attrs, 2); - assert (rv == CKR_OK); - - assert_num_eq (bits, 1555); - assert_num_eq (7, attrs[0].ulValueLen); - assert (memcmp (label, "Blahooo", attrs[0].ulValueLen) == 0); - - teardown_mock_module (module); -} - -static void -test_copy_object (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_OBJECT_HANDLE object; - CK_ATTRIBUTE attrs[8]; - char label[32]; - CK_ULONG bits; - CK_RV rv; - - module = setup_mock_module (&session); - - bits = 1555; - - attrs[0].type = CKA_BITS_PER_PIXEL; - attrs[0].pValue = &bits; - attrs[0].ulValueLen = sizeof (bits); - - rv = (module->C_CopyObject) (session, 1333, attrs, 1, &object); - assert (rv == CKR_OBJECT_HANDLE_INVALID); - - rv = (module->C_CopyObject) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 1, &object); - assert (rv == CKR_OK); - - attrs[1].type = CKA_LABEL; - attrs[1].pValue = label; - attrs[1].ulValueLen = sizeof (label); - bits = 0; - - rv = (module->C_GetAttributeValue) (session, object, attrs, 2); - assert (rv == CKR_OK); - - assert_num_eq (bits, 1555); - assert_num_eq (21, attrs[1].ulValueLen); - assert (memcmp (label, "Public Capitalize Key", attrs[1].ulValueLen) == 0); - - teardown_mock_module (module); -} - -static void -test_destroy_object (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_ATTRIBUTE attrs[8]; - char label[32]; - CK_RV rv; - - module = setup_mock_module (&session); - - attrs[0].type = CKA_LABEL; - attrs[0].pValue = label; - attrs[0].ulValueLen = sizeof (label); - - rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 1); - assert (rv == CKR_OK); - - rv = (module->C_DestroyObject) (0, MOCK_PUBLIC_KEY_CAPITALIZE); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_DestroyObject) (session, MOCK_PUBLIC_KEY_CAPITALIZE); - assert (rv == CKR_OK); - - rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 1); - assert (rv == CKR_OBJECT_HANDLE_INVALID); - - teardown_mock_module (module); -} - -static void -test_get_object_size (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_ULONG size; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_GetObjectSize) (session, 1333, &size); - assert (rv == CKR_OBJECT_HANDLE_INVALID); - - rv = (module->C_GetObjectSize) (session, MOCK_PUBLIC_KEY_CAPITALIZE, &size); - assert (rv == CKR_OK); - - /* The number here is the length of all attributes added up */ - assert_num_eq (sizeof (CK_ULONG) == 8 ? 44 : 36, size); - - teardown_mock_module (module); -} - -static void -test_find_objects (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_OBJECT_CLASS klass = CKO_PUBLIC_KEY; - CK_ATTRIBUTE attr = { CKA_CLASS, &klass, sizeof (klass) }; - CK_OBJECT_HANDLE objects[16]; - CK_ULONG count; - CK_ULONG i; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_FindObjectsInit) (0, &attr, 1); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_FindObjectsInit) (session, &attr, 1); - assert (rv == CKR_OK); - - rv = (module->C_FindObjects) (0, objects, 16, &count); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_FindObjects) (session, objects, 16, &count); - assert (rv == CKR_OK); - - assert (count < 16); - - /* Make sure we get the capitalize public key */ - for (i = 0; i < count; i++) { - if (objects[i] == MOCK_PUBLIC_KEY_CAPITALIZE) - break; - } - assert (i != count); - - /* Make sure we get the prefix public key */ - for (i = 0; i < count; i++) { - if (objects[i] == MOCK_PUBLIC_KEY_PREFIX) - break; - } - assert (i != count); - - /* Make sure all public keys */ - for (i = 0; i < count; i++) { - klass = (CK_ULONG)-1; - rv = (module->C_GetAttributeValue) (session, objects[i], &attr, 1); - assert (rv == CKR_OK); - assert_num_eq (CKO_PUBLIC_KEY, klass); - } - - rv = (module->C_FindObjectsFinal) (session); - assert (rv == CKR_OK); - - rv = (module->C_FindObjectsFinal) (session); - assert (rv == CKR_OPERATION_NOT_INITIALIZED); - - teardown_mock_module (module); -} - -static void -test_encrypt (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 }; - CK_BYTE data[128]; - CK_ULONG length; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_PREFIX); - assert (rv == CKR_KEY_HANDLE_INVALID); - - rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_CAPITALIZE); - assert (rv == CKR_OK); - - length = sizeof (data); - rv = (module->C_Encrypt) (0, (CK_BYTE_PTR)"blah", 4, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (data); - rv = (module->C_Encrypt) (session, (CK_BYTE_PTR)"blah", 4, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (4, length); - assert (memcmp (data, "BLAH", 4) == 0); - - rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_CAPITALIZE); - assert (rv == CKR_OK); - - length = sizeof (data); - rv = (module->C_EncryptUpdate) (0, (CK_BYTE_PTR)"blah", 4, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (data); - rv = (module->C_EncryptUpdate) (session, (CK_BYTE_PTR)"sLurm", 5, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (5, length); - assert (memcmp (data, "SLURM", 5) == 0); - - length = sizeof (data); - rv = (module->C_EncryptFinal) (0, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (data); - rv = (module->C_EncryptFinal) (session, data, &length); - assert (rv == CKR_OK); - - teardown_mock_module (module); -} - -static void -test_decrypt (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 }; - CK_BYTE data[128]; - CK_ULONG length; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); - - rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_PREFIX); - assert (rv == CKR_KEY_HANDLE_INVALID); - - rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_CAPITALIZE); - assert (rv == CKR_OK); - - length = sizeof (data); - rv = (module->C_Decrypt) (0, (CK_BYTE_PTR)"bLAH", 4, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (data); - rv = (module->C_Decrypt) (session, (CK_BYTE_PTR)"BLAh", 4, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (4, length); - assert (memcmp (data, "blah", 4) == 0); - - rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_CAPITALIZE); - assert (rv == CKR_OK); - - length = sizeof (data); - rv = (module->C_DecryptUpdate) (0, (CK_BYTE_PTR)"blah", 4, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (data); - rv = (module->C_DecryptUpdate) (session, (CK_BYTE_PTR)"sLuRM", 5, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (5, length); - assert (memcmp (data, "slurm", 5) == 0); - - length = sizeof (data); - rv = (module->C_DecryptFinal) (0, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (data); - rv = (module->C_DecryptFinal) (session, data, &length); - assert (rv == CKR_OK); - - teardown_mock_module (module); -} - -static void -test_digest (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_MECHANISM mech = { CKM_MOCK_COUNT, NULL, 0 }; - CK_BYTE digest[128]; - CK_ULONG length; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_DigestInit) (0, &mech); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_DigestInit) (session, &mech); - assert (rv == CKR_OK); - - length = sizeof (digest); - rv = (module->C_Digest) (0, (CK_BYTE_PTR)"bLAH", 4, digest, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (digest); - rv = (module->C_Digest) (session, (CK_BYTE_PTR)"BLAh", 4, digest, &length); - assert (rv == CKR_OK); - - assert_num_eq (1, length); - assert (memcmp (digest, "4", 1) == 0); - - rv = (module->C_DigestInit) (session, &mech); - assert (rv == CKR_OK); - - rv = (module->C_DigestUpdate) (0, (CK_BYTE_PTR)"blah", 4); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_DigestUpdate) (session, (CK_BYTE_PTR)"sLuRM", 5); - assert (rv == CKR_OK); - - /* Adds the the value of object handle to hash: 6 */ - assert_num_eq (6, MOCK_PUBLIC_KEY_PREFIX); - rv = (module->C_DigestKey) (session, MOCK_PUBLIC_KEY_PREFIX); - assert (rv == CKR_OK); - - rv = (module->C_DigestUpdate) (session, (CK_BYTE_PTR)"Other", 5); - assert (rv == CKR_OK); - - length = sizeof (digest); - rv = (module->C_DigestFinal) (0, digest, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (digest); - rv = (module->C_DigestFinal) (session, digest, &length); - assert (rv == CKR_OK); - - assert_num_eq (2, length); - assert (memcmp (digest, "16", 2) == 0); - - teardown_mock_module (module); -} - -static void -test_sign (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_MECHANISM mech = { CKM_MOCK_PREFIX, "prefix:", 7 }; - CK_BYTE signature[128]; - CK_ULONG length; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); - - rv = (module->C_SignInit) (0, &mech, MOCK_PRIVATE_KEY_PREFIX); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_SignInit) (session, &mech, MOCK_PRIVATE_KEY_PREFIX); - assert (rv == CKR_OK); - - rv = (module->C_Login) (session, CKU_CONTEXT_SPECIFIC, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); - - length = sizeof (signature); - rv = (module->C_Sign) (0, (CK_BYTE_PTR)"bLAH", 4, signature, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (signature); - rv = (module->C_Sign) (session, (CK_BYTE_PTR)"BLAh", 4, signature, &length); - assert (rv == CKR_OK); - - assert_num_eq (13, length); - assert (memcmp (signature, "prefix:value4", 13) == 0); - - rv = (module->C_SignInit) (session, &mech, MOCK_PRIVATE_KEY_PREFIX); - assert (rv == CKR_OK); - - rv = (module->C_Login) (session, CKU_CONTEXT_SPECIFIC, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); - - rv = (module->C_SignUpdate) (0, (CK_BYTE_PTR)"blah", 4); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_SignUpdate) (session, (CK_BYTE_PTR)"sLuRM", 5); - assert (rv == CKR_OK); - - rv = (module->C_SignUpdate) (session, (CK_BYTE_PTR)"Other", 5); - assert (rv == CKR_OK); - - length = sizeof (signature); - rv = (module->C_SignFinal) (0, signature, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (signature); - rv = (module->C_SignFinal) (session, signature, &length); - assert (rv == CKR_OK); - - assert_num_eq (14, length); - assert (memcmp (signature, "prefix:value10", 2) == 0); - - teardown_mock_module (module); -} - -static void -test_sign_recover (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_MECHANISM mech = { CKM_MOCK_PREFIX, "prefix:", 7 }; - CK_BYTE signature[128]; - CK_ULONG length; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); - - rv = (module->C_SignRecoverInit) (0, &mech, MOCK_PRIVATE_KEY_PREFIX); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_SignRecoverInit) (session, &mech, MOCK_PRIVATE_KEY_PREFIX); - assert (rv == CKR_OK); - - rv = (module->C_Login) (session, CKU_CONTEXT_SPECIFIC, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); - - length = sizeof (signature); - rv = (module->C_SignRecover) (0, (CK_BYTE_PTR)"bLAH", 4, signature, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (signature); - rv = (module->C_SignRecover) (session, (CK_BYTE_PTR)"BLAh", 4, signature, &length); - assert (rv == CKR_OK); - - assert_num_eq (16, length); - assert (memcmp (signature, "prefix:valueBLAh", 16) == 0); - - teardown_mock_module (module); -} - -static void -test_verify (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_MECHANISM mech = { CKM_MOCK_PREFIX, "prefix:", 7 }; - CK_BYTE signature[128]; - CK_ULONG length; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_VerifyInit) (0, &mech, MOCK_PUBLIC_KEY_PREFIX); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_VerifyInit) (session, &mech, MOCK_PUBLIC_KEY_PREFIX); - assert (rv == CKR_OK); - - length = 13; - memcpy (signature, "prefix:value4", length); - rv = (module->C_Verify) (0, (CK_BYTE_PTR)"bLAH", 4, signature, 5); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_Verify) (session, (CK_BYTE_PTR)"BLAh", 4, signature, length); - assert (rv == CKR_OK); - - rv = (module->C_VerifyInit) (session, &mech, MOCK_PUBLIC_KEY_PREFIX); - assert (rv == CKR_OK); - - rv = (module->C_VerifyUpdate) (0, (CK_BYTE_PTR)"blah", 4); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_VerifyUpdate) (session, (CK_BYTE_PTR)"sLuRM", 5); - assert (rv == CKR_OK); - - rv = (module->C_VerifyUpdate) (session, (CK_BYTE_PTR)"Other", 5); - assert (rv == CKR_OK); - - length = 14; - memcpy (signature, "prefix:value10", length); - - rv = (module->C_VerifyFinal) (session, signature, 5); - assert (rv == CKR_SIGNATURE_LEN_RANGE); - - rv = (module->C_VerifyFinal) (session, signature, length); - assert (rv == CKR_OK); - - teardown_mock_module (module); -} - -static void -test_verify_recover (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_MECHANISM mech = { CKM_MOCK_PREFIX, "prefix:", 7 }; - CK_BYTE data[128]; - CK_ULONG length; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_VerifyRecoverInit) (0, &mech, MOCK_PUBLIC_KEY_PREFIX); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_VerifyRecoverInit) (session, &mech, MOCK_PUBLIC_KEY_PREFIX); - assert (rv == CKR_OK); - - length = sizeof (data); - rv = (module->C_VerifyRecover) (0, (CK_BYTE_PTR)"prefix:valueBLah", 16, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (data); - rv = (module->C_VerifyRecover) (session, (CK_BYTE_PTR)"prefix:valueBLah", 16, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (4, length); - assert (memcmp (data, "BLah", 4) == 0); - - teardown_mock_module (module); -} - -static void -test_digest_encrypt (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 }; - CK_MECHANISM dmech = { CKM_MOCK_COUNT, NULL, 0 }; - CK_BYTE data[128]; - CK_ULONG length; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_CAPITALIZE); - assert (rv == CKR_OK); - - rv = (module->C_DigestInit) (session, &dmech); - assert (rv == CKR_OK); - - length = sizeof (data); - rv = (module->C_DigestEncryptUpdate) (0, (CK_BYTE_PTR)"blah", 4, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (data); - rv = (module->C_DigestEncryptUpdate) (session, (CK_BYTE_PTR)"blah", 4, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (4, length); - assert (memcmp (data, "BLAH", 4) == 0); - - length = sizeof (data); - rv = (module->C_EncryptFinal) (session, data, &length); - assert (rv == CKR_OK); - - length = sizeof (data); - rv = (module->C_DigestFinal) (session, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (1, length); - assert (memcmp (data, "4", 1) == 0); - - teardown_mock_module (module); -} - -static void -test_decrypt_digest (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 }; - CK_MECHANISM dmech = { CKM_MOCK_COUNT, NULL, 0 }; - CK_BYTE data[128]; - CK_ULONG length; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); - - rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_CAPITALIZE); - assert (rv == CKR_OK); - - rv = (module->C_DigestInit) (session, &dmech); - assert (rv == CKR_OK); - - length = sizeof (data); - rv = (module->C_DecryptDigestUpdate) (0, (CK_BYTE_PTR)"BLAH", 4, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (data); - rv = (module->C_DecryptDigestUpdate) (session, (CK_BYTE_PTR)"BLAH", 4, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (4, length); - assert (memcmp (data, "blah", 4) == 0); - - length = sizeof (data); - rv = (module->C_DecryptFinal) (session, data, &length); - assert (rv == CKR_OK); - - length = sizeof (data); - rv = (module->C_DigestFinal) (session, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (1, length); - assert (memcmp (data, "4", 1) == 0); - - teardown_mock_module (module); -} - -static void -test_sign_encrypt (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 }; - CK_MECHANISM smech = { CKM_MOCK_PREFIX, "p:", 2 }; - CK_BYTE data[128]; - CK_ULONG length; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); - - rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_CAPITALIZE); - assert (rv == CKR_OK); - - rv = (module->C_SignInit) (session, &smech, MOCK_PRIVATE_KEY_PREFIX); - assert (rv == CKR_OK); - - rv = (module->C_Login) (session, CKU_CONTEXT_SPECIFIC, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); - - length = sizeof (data); - rv = (module->C_SignEncryptUpdate) (0, (CK_BYTE_PTR)"blah", 4, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (data); - rv = (module->C_SignEncryptUpdate) (session, (CK_BYTE_PTR)"blah", 4, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (4, length); - assert (memcmp (data, "BLAH", 4) == 0); - - length = sizeof (data); - rv = (module->C_EncryptFinal) (session, data, &length); - assert (rv == CKR_OK); - - length = sizeof (data); - rv = (module->C_SignFinal) (session, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (8, length); - assert (memcmp (data, "p:value4", 1) == 0); - - teardown_mock_module (module); -} - -static void -test_decrypt_verify (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 }; - CK_MECHANISM vmech = { CKM_MOCK_PREFIX, "p:", 2 }; - CK_BYTE data[128]; - CK_ULONG length; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); - assert (rv == CKR_OK); - - rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_CAPITALIZE); - assert (rv == CKR_OK); - - rv = (module->C_VerifyInit) (session, &vmech, MOCK_PUBLIC_KEY_PREFIX); - assert (rv == CKR_OK); - - length = sizeof (data); - rv = (module->C_DecryptVerifyUpdate) (0, (CK_BYTE_PTR)"BLAH", 4, data, &length); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - length = sizeof (data); - rv = (module->C_DecryptVerifyUpdate) (session, (CK_BYTE_PTR)"BLAH", 4, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (4, length); - assert (memcmp (data, "blah", 4) == 0); - - length = sizeof (data); - rv = (module->C_DecryptFinal) (session, data, &length); - assert (rv == CKR_OK); - - rv = (module->C_VerifyFinal) (session, (CK_BYTE_PTR)"p:value4", 8); - assert (rv == CKR_OK); - - teardown_mock_module (module); -} - -static void -test_generate_key (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_OBJECT_HANDLE object; - CK_MECHANISM mech = { CKM_MOCK_GENERATE, NULL, 0 }; - CK_ATTRIBUTE attrs[8]; - char label[32]; - char value[64]; - CK_ULONG bits; - CK_RV rv; - - module = setup_mock_module (&session); - - strcpy (label, "Blahooo"); - bits = 1555; - - attrs[0].type = CKA_LABEL; - attrs[0].pValue = label; - attrs[0].ulValueLen = strlen (label); - attrs[1].type = CKA_BITS_PER_PIXEL; - attrs[1].pValue = &bits; - attrs[1].ulValueLen = sizeof (bits); - - rv = (module->C_GenerateKey) (session, &mech, attrs, 2, &object); - assert (rv == CKR_MECHANISM_PARAM_INVALID); - - mech.pParameter = "generate"; - mech.ulParameterLen = 9; - - rv = (module->C_GenerateKey) (session, &mech, attrs, 2, &object); - assert (rv == CKR_OK); - - attrs[0].ulValueLen = sizeof (label); - memset (label, 0, sizeof (label)); - bits = 0; - attrs[2].type = CKA_VALUE; - attrs[2].pValue = value; - attrs[2].ulValueLen = sizeof (value); - - rv = (module->C_GetAttributeValue) (session, object, attrs, 3); - assert (rv == CKR_OK); - - assert_num_eq (bits, 1555); - assert_num_eq (7, attrs[0].ulValueLen); - assert (memcmp (label, "Blahooo", attrs[0].ulValueLen) == 0); - assert_num_eq (9, attrs[2].ulValueLen); - assert (memcmp (value, "generated", attrs[2].ulValueLen) == 0); - - teardown_mock_module (module); -} - -static void -test_generate_key_pair (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_OBJECT_HANDLE pub_object; - CK_OBJECT_HANDLE priv_object; - CK_MECHANISM mech = { CKM_MOCK_GENERATE, "generated", 9 }; - CK_ATTRIBUTE pub_attrs[8]; - CK_ATTRIBUTE priv_attrs[8]; - char pub_label[32]; - char pub_value[64]; - char priv_label[32]; - char priv_value[64]; - CK_ULONG pub_bits; - CK_ULONG priv_bits; - CK_RV rv; - - module = setup_mock_module (&session); - - strcpy (pub_label, "Blahooo"); - pub_bits = 1555; - pub_attrs[0].type = CKA_LABEL; - pub_attrs[0].pValue = pub_label; - pub_attrs[0].ulValueLen = strlen (pub_label); - pub_attrs[1].type = CKA_BITS_PER_PIXEL; - pub_attrs[1].pValue = &pub_bits; - pub_attrs[1].ulValueLen = sizeof (pub_bits); - - strcpy (priv_label, "Private"); - priv_bits = 1666; - priv_attrs[0].type = CKA_LABEL; - priv_attrs[0].pValue = priv_label; - priv_attrs[0].ulValueLen = strlen (priv_label); - priv_attrs[1].type = CKA_BITS_PER_PIXEL; - priv_attrs[1].pValue = &priv_bits; - priv_attrs[1].ulValueLen = sizeof (priv_bits); - - rv = (module->C_GenerateKeyPair) (0, &mech, pub_attrs, 2, priv_attrs, 2, - &pub_object, &priv_object); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - mech.pParameter = "generate"; - mech.ulParameterLen = 9; - - rv = (module->C_GenerateKeyPair) (session, &mech, pub_attrs, 2, priv_attrs, 2, - &pub_object, &priv_object); - assert (rv == CKR_OK); - - pub_bits = 0; - pub_attrs[0].ulValueLen = sizeof (pub_label); - memset (pub_label, 0, sizeof (pub_label)); - pub_attrs[2].type = CKA_VALUE; - pub_attrs[2].pValue = pub_value; - pub_attrs[2].ulValueLen = sizeof (pub_value); - - rv = (module->C_GetAttributeValue) (session, pub_object, pub_attrs, 3); - assert (rv == CKR_OK); - - assert_num_eq (1555, pub_bits); - assert_num_eq (7, pub_attrs[0].ulValueLen); - assert (memcmp (pub_label, "Blahooo", pub_attrs[0].ulValueLen) == 0); - assert_num_eq (9, pub_attrs[2].ulValueLen); - assert (memcmp (pub_value, "generated", pub_attrs[2].ulValueLen) == 0); - - priv_bits = 0; - priv_attrs[0].ulValueLen = sizeof (priv_label); - memset (priv_label, 0, sizeof (priv_label)); - priv_attrs[2].type = CKA_VALUE; - priv_attrs[2].pValue = priv_value; - priv_attrs[2].ulValueLen = sizeof (priv_value); - - rv = (module->C_GetAttributeValue) (session, priv_object, priv_attrs, 3); - assert (rv == CKR_OK); - - assert_num_eq (1666, priv_bits); - assert_num_eq (7, priv_attrs[0].ulValueLen); - assert (memcmp (priv_label, "Private", priv_attrs[0].ulValueLen) == 0); - assert_num_eq (9, priv_attrs[2].ulValueLen); - assert (memcmp (priv_value, "generated", priv_attrs[2].ulValueLen) == 0); - - teardown_mock_module (module); -} - -static void -test_wrap_key (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_MECHANISM mech = { CKM_MOCK_WRAP, NULL, 0 }; - CK_BYTE data[128]; - CK_ULONG length; - CK_RV rv; - - module = setup_mock_module (&session); - - length = sizeof (data); - rv = (module->C_WrapKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, MOCK_PUBLIC_KEY_PREFIX, data, &length); - assert (rv == CKR_MECHANISM_PARAM_INVALID); - - mech.pParameter = "wrap"; - mech.ulParameterLen = 4; - - rv = (module->C_WrapKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, MOCK_PUBLIC_KEY_PREFIX, data, &length); - assert (rv == CKR_OK); - - assert_num_eq (5, length); - assert (memcmp (data, "value", 5) == 0); - - teardown_mock_module (module); -} - -static void -test_unwrap_key (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_OBJECT_HANDLE object; - CK_MECHANISM mech = { CKM_MOCK_WRAP, NULL, 0 }; - CK_ATTRIBUTE attrs[8]; - char label[32]; - char value[64]; - CK_ULONG bits; - CK_RV rv; - - module = setup_mock_module (&session); - - strcpy (label, "Blahooo"); - bits = 1555; - - attrs[0].type = CKA_LABEL; - attrs[0].pValue = label; - attrs[0].ulValueLen = strlen (label); - attrs[1].type = CKA_BITS_PER_PIXEL; - attrs[1].pValue = &bits; - attrs[1].ulValueLen = sizeof (bits); - - rv = (module->C_UnwrapKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, - (CK_BYTE_PTR)"wheee", 5, attrs, 2, &object); - assert (rv == CKR_MECHANISM_PARAM_INVALID); - - mech.pParameter = "wrap"; - mech.ulParameterLen = 4; - - rv = (module->C_UnwrapKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, - (CK_BYTE_PTR)"wheee", 5, attrs, 2, &object); - assert (rv == CKR_OK); - - attrs[0].ulValueLen = sizeof (label); - memset (label, 0, sizeof (label)); - bits = 0; - attrs[2].type = CKA_VALUE; - attrs[2].pValue = value; - attrs[2].ulValueLen = sizeof (value); - - rv = (module->C_GetAttributeValue) (session, object, attrs, 3); - assert (rv == CKR_OK); - - assert_num_eq (bits, 1555); - assert_num_eq (7, attrs[0].ulValueLen); - assert (memcmp (label, "Blahooo", attrs[0].ulValueLen) == 0); - assert_num_eq (5, attrs[2].ulValueLen); - assert (memcmp (value, "wheee", attrs[2].ulValueLen) == 0); - - teardown_mock_module (module); -} - -static void -test_derive_key (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_OBJECT_HANDLE object; - CK_MECHANISM mech = { CKM_MOCK_DERIVE, NULL, 0 }; - CK_ATTRIBUTE attrs[8]; - char label[32]; - char value[64]; - CK_ULONG bits; - CK_RV rv; - - module = setup_mock_module (&session); - - strcpy (label, "Blahooo"); - bits = 1555; - - attrs[0].type = CKA_LABEL; - attrs[0].pValue = label; - attrs[0].ulValueLen = strlen (label); - attrs[1].type = CKA_BITS_PER_PIXEL; - attrs[1].pValue = &bits; - attrs[1].ulValueLen = sizeof (bits); - - rv = (module->C_DeriveKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, - attrs, 2, &object); - assert (rv == CKR_MECHANISM_PARAM_INVALID); - - mech.pParameter = "derive"; - mech.ulParameterLen = 6; - - rv = (module->C_DeriveKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, - attrs, 2, &object); - assert (rv == CKR_OK); - - attrs[0].ulValueLen = sizeof (label); - memset (label, 0, sizeof (label)); - bits = 0; - attrs[2].type = CKA_VALUE; - attrs[2].pValue = value; - attrs[2].ulValueLen = sizeof (value); - - rv = (module->C_GetAttributeValue) (session, object, attrs, 3); - assert (rv == CKR_OK); - - assert_num_eq (bits, 1555); - assert_num_eq (7, attrs[0].ulValueLen); - assert (memcmp (label, "Blahooo", attrs[0].ulValueLen) == 0); - assert_num_eq (7, attrs[2].ulValueLen); - assert (memcmp (value, "derived", attrs[2].ulValueLen) == 0); - - teardown_mock_module (module); -} - -static void -test_random (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_SESSION_HANDLE session = 0; - CK_BYTE data[10]; - CK_RV rv; - - module = setup_mock_module (&session); - - rv = (module->C_SeedRandom) (0, (CK_BYTE_PTR)"seed", 4); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_SeedRandom) (session, (CK_BYTE_PTR)"seed", 4); - assert (rv == CKR_OK); - - rv = (module->C_GenerateRandom) (0, data, sizeof (data)); - assert (rv == CKR_SESSION_HANDLE_INVALID); - - rv = (module->C_GenerateRandom) (session, data, sizeof (data)); - assert (rv == CKR_OK); - - assert (memcmp (data, "seedseedse", sizeof (data)) == 0); - - teardown_mock_module (module); -} - -static void -test_mock_add_tests (const char *prefix) -{ - p11_fixture (NULL, NULL); - p11_test (test_get_info, "%s/test_get_info", prefix); - p11_test (test_get_slot_list, "%s/test_get_slot_list", prefix); - p11_test (test_get_slot_info, "%s/test_get_slot_info", prefix); - p11_test (test_get_token_info, "%s/test_get_token_info", prefix); - p11_test (test_get_mechanism_list, "%s/test_get_mechanism_list", prefix); - p11_test (test_get_mechanism_info, "%s/test_get_mechanism_info", prefix); - p11_test (test_init_token, "%s/test_init_token", prefix); - p11_test (test_wait_for_slot_event, "%s/test_wait_for_slot_event", prefix); - p11_test (test_open_close_session, "%s/test_open_close_session", prefix); - p11_test (test_close_all_sessions, "%s/test_close_all_sessions", prefix); - p11_test (test_get_function_status, "%s/test_get_function_status", prefix); - p11_test (test_cancel_function, "%s/test_cancel_function", prefix); - p11_test (test_get_session_info, "%s/test_get_session_info", prefix); - p11_test (test_init_pin, "%s/test_init_pin", prefix); - p11_test (test_set_pin, "%s/test_set_pin", prefix); - p11_test (test_operation_state, "%s/test_operation_state", prefix); - p11_test (test_login_logout, "%s/test_login_logout", prefix); - p11_test (test_get_attribute_value, "%s/test_get_attribute_value", prefix); - p11_test (test_set_attribute_value, "%s/test_set_attribute_value", prefix); - p11_test (test_create_object, "%s/test_create_object", prefix); - p11_test (test_copy_object, "%s/test_copy_object", prefix); - p11_test (test_destroy_object, "%s/test_destroy_object", prefix); - p11_test (test_get_object_size, "%s/test_get_object_size", prefix); - p11_test (test_find_objects, "%s/test_find_objects", prefix); - p11_test (test_encrypt, "%s/test_encrypt", prefix); - p11_test (test_decrypt, "%s/test_decrypt", prefix); - p11_test (test_digest, "%s/test_digest", prefix); - p11_test (test_sign, "%s/test_sign", prefix); - p11_test (test_sign_recover, "%s/test_sign_recover", prefix); - p11_test (test_verify, "%s/test_verify", prefix); - p11_test (test_verify_recover, "%s/test_verify_recover", prefix); - p11_test (test_digest_encrypt, "%s/test_digest_encrypt", prefix); - p11_test (test_decrypt_digest, "%s/test_decrypt_digest", prefix); - p11_test (test_sign_encrypt, "%s/test_sign_encrypt", prefix); - p11_test (test_decrypt_verify, "%s/test_decrypt_verify", prefix); - p11_test (test_generate_key, "%s/test_generate_key", prefix); - p11_test (test_generate_key_pair, "%s/test_generate_key_pair", prefix); - p11_test (test_wrap_key, "%s/test_wrap_key", prefix); - p11_test (test_unwrap_key, "%s/test_unwrap_key", prefix); - p11_test (test_derive_key, "%s/test_derive_key", prefix); - p11_test (test_random, "%s/test_random", prefix); -} diff --git a/p11-kit/test-modules.c b/p11-kit/test-modules.c deleted file mode 100644 index 837e7ff..0000000 --- a/p11-kit/test-modules.c +++ /dev/null @@ -1,453 +0,0 @@ -/* - * Copyright (c) 2012, 2015 Red Hat Inc - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@redhat.com> - */ - -#include "config.h" -#include "test.h" - -#include <errno.h> -#include <stdlib.h> -#include <stdio.h> -#include <string.h> -#include <libgen.h> - -#include "debug.h" -#include "library.h" -#include "p11-kit.h" -#include "private.h" -#include "dict.h" - -static CK_FUNCTION_LIST_PTR_PTR -initialize_and_get_modules (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - - modules = p11_kit_modules_load_and_initialize (0); - assert (modules != NULL && modules[0] != NULL); - - return modules; -} - -static void -finalize_and_free_modules (CK_FUNCTION_LIST_PTR_PTR modules) -{ - p11_kit_modules_finalize_and_release (modules); -} - -static void -test_no_duplicates (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - p11_dict *paths; - p11_dict *funcs; - char *path; - int i; - - modules = initialize_and_get_modules (); - paths = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); - funcs = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, NULL, NULL); - - /* The loaded modules should not contain duplicates */ - for (i = 0; modules[i] != NULL; i++) { - path = p11_kit_config_option (modules[i], "module"); - - if (p11_dict_get (funcs, modules[i])) - assert_fail ("found duplicate function list pointer", NULL); - if (p11_dict_get (paths, path)) - assert_fail ("found duplicate path name", NULL); - - if (!p11_dict_set (funcs, modules[i], "")) - assert_not_reached (); - if (!p11_dict_set (paths, path, "")) - assert_not_reached (); - - free (path); - } - - p11_dict_free (paths); - p11_dict_free (funcs); - finalize_and_free_modules (modules); -} - -static CK_FUNCTION_LIST_PTR -lookup_module_with_name (CK_FUNCTION_LIST_PTR_PTR modules, - const char *name) -{ - CK_FUNCTION_LIST_PTR match = NULL; - CK_FUNCTION_LIST_PTR module; - char *module_name; - int i; - - for (i = 0; match == NULL && modules[i] != NULL; i++) { - module_name = p11_kit_module_get_name (modules[i]); - assert_ptr_not_null (module_name); - if (strcmp (module_name, name) == 0) - match = modules[i]; - free (module_name); - } - - /* - * As a side effect, we should check that the results of this function - * matches the above search. - */ - module = p11_kit_module_for_name (modules, name); - if (module != match) - assert_fail ("different result from p11_kit_module_for_name ()", NULL); - - return match; -} - -static CK_FUNCTION_LIST_PTR -lookup_module_with_filename (CK_FUNCTION_LIST_PTR_PTR modules, - const char *name) -{ - CK_FUNCTION_LIST_PTR match = NULL; - char *module_name; - int i; - - for (i = 0; match == NULL && modules[i] != NULL; i++) { - module_name = p11_kit_module_get_filename (modules[i]); - assert_ptr_not_null (module_name); - if (strcmp (basename(module_name), name) == 0) - match = modules[i]; - free (module_name); - } - - return match; -} - -static void -test_disable (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - - /* - * The module four should be present, as we don't match any prognames - * that it has disabled. - */ - - modules = initialize_and_get_modules (); - assert (lookup_module_with_name (modules, "four") != NULL); - finalize_and_free_modules (modules); - - /* - * The module two shouldn't have been loaded, because in its config - * file we have: - * - * disable-in: test-disable - */ - - p11_kit_set_progname ("test-disable"); - - modules = initialize_and_get_modules (); - assert (lookup_module_with_name (modules, "four") == NULL); - finalize_and_free_modules (modules); - - p11_kit_set_progname (NULL); -} - -static void -test_filename (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - - /* - * The module four should be present, as we don't match any prognames - * that it has disabled. - */ - - modules = initialize_and_get_modules (); -#ifndef _WIN32 - assert (lookup_module_with_filename (modules, "mock-four.so") != NULL); -#endif - finalize_and_free_modules (modules); -} - -static void -test_disable_later (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - - /* - * The module two shouldn't be matched, because in its config - * file we have: - * - * disable-in: test-disable - */ - - p11_kit_set_progname ("test-disable"); - - modules = p11_kit_modules_load_and_initialize (0); - assert (modules != NULL && modules[0] != NULL); - - assert (lookup_module_with_name (modules, "two") == NULL); - finalize_and_free_modules (modules); - - p11_kit_set_progname (NULL); -} - -static void -test_enable (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - - /* - * The module three should not be present, as we don't match the current - * program. - */ - - modules = initialize_and_get_modules (); - assert (lookup_module_with_name (modules, "three") == NULL); - finalize_and_free_modules (modules); - - /* - * The module three should be loaded here , because in its config - * file we have: - * - * enable-in: test-enable - */ - - p11_kit_set_progname ("test-enable"); - - modules = initialize_and_get_modules (); - assert (lookup_module_with_name (modules, "three") != NULL); - finalize_and_free_modules (modules); - - p11_kit_set_progname (NULL); -} - -static void -test_priority (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - char *name; - int i; - - /* - * The expected order. - * - four is marked with a priority of 4, the highest therefore first - * - three is marked with a priority of 3, next highest - * - one and two do not have priority marked, so they default to zero - * and fallback to sorting alphabetically. 'o' comes before 't' - */ - - const char *expected[] = { "four", "three", "one", "two.badname" }; - - /* This enables module three */ - p11_kit_set_progname ("test-enable"); - - modules = initialize_and_get_modules (); - - /* The loaded modules should not contain duplicates */ - for (i = 0; modules[i] != NULL; i++) { - name = p11_kit_module_get_name (modules[i]); - assert_ptr_not_null (name); - - /* Either one of these can be loaded, as this is a duplicate module */ - if (strcmp (name, "two-duplicate") == 0) { - free (name); - name = strdup ("two.badname"); - } - - assert_str_eq (expected[i], name); - free (name); - } - - assert_num_eq (4, i); - finalize_and_free_modules (modules); -} - -static void -test_module_name (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - CK_FUNCTION_LIST_PTR module; - char *name; - - /* - * The module three should not be present, as we don't match the current - * program. - */ - - modules = initialize_and_get_modules (); - - module = p11_kit_module_for_name (modules, "one"); - assert_ptr_not_null (module); - name = p11_kit_module_get_name (module); - assert_str_eq ("one", name); - free (name); - - module = p11_kit_module_for_name (modules, "invalid"); - assert_ptr_eq (NULL, module); - - module = p11_kit_module_for_name (NULL, "one"); - assert_ptr_eq (NULL, module); - - finalize_and_free_modules (modules); -} - -static void -test_module_flags (void) -{ - CK_FUNCTION_LIST **modules; - CK_FUNCTION_LIST **unmanaged; - int flags; - - /* - * The module three should not be present, as we don't match the current - * program. - */ - - modules = initialize_and_get_modules (); - - flags = p11_kit_module_get_flags (modules[0]); - assert_num_eq (0, flags); - - unmanaged = p11_kit_modules_load (NULL, P11_KIT_MODULE_UNMANAGED); - assert (unmanaged != NULL && unmanaged[0] != NULL); - - flags = p11_kit_module_get_flags (unmanaged[0]); - assert_num_eq (P11_KIT_MODULE_UNMANAGED, flags); - - finalize_and_free_modules (modules); - p11_kit_modules_release (unmanaged); -} - -static void -test_module_trusted_only (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - char *name; - - modules = p11_kit_modules_load_and_initialize (P11_KIT_MODULE_TRUSTED); - assert_ptr_not_null (modules); - assert_ptr_not_null (modules[0]); - assert (modules[1] == NULL); - - name = p11_kit_module_get_name (modules[0]); - assert_str_eq (name, "one"); - free (name); - - assert_num_eq (p11_kit_module_get_flags (modules[0]), P11_KIT_MODULE_TRUSTED); - - finalize_and_free_modules (modules); -} - -static void -test_module_trust_flags (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - char *name; - int flags; - int i; - - modules = initialize_and_get_modules (); - assert_ptr_not_null (modules); - - for (i = 0; modules[i] != NULL; i++) { - name = p11_kit_module_get_name (modules[i]); - assert_ptr_not_null (name); - - flags = p11_kit_module_get_flags (modules[i]); - if (strcmp (name, "one") == 0) { - assert_num_eq (flags, P11_KIT_MODULE_TRUSTED); - } else { - assert_num_eq (flags, 0); - } - - free (name); - } - - finalize_and_free_modules (modules); -} - -static void -test_config_option (void) -{ - CK_FUNCTION_LIST_PTR_PTR modules; - CK_FUNCTION_LIST_PTR module; - char *value; - - /* - * The module three should not be present, as we don't match the current - * program. - */ - - modules = initialize_and_get_modules (); - - value = p11_kit_config_option (NULL, "new"); - assert_str_eq ("world", value); - free (value); - - module = p11_kit_module_for_name (modules, "one"); - assert_ptr_not_null (module); - - value = p11_kit_config_option (module, "setting"); - assert_str_eq ("user1", value); - free (value); - - value = p11_kit_config_option (NULL, "invalid"); - assert_ptr_eq (NULL, value); - - value = p11_kit_config_option (module, "invalid"); - assert_ptr_eq (NULL, value); - - /* Invalid but non-NULL module pointer */ - value = p11_kit_config_option (module + 1, "setting"); - assert_ptr_eq (NULL, value); - - finalize_and_free_modules (modules); -} - -int -main (int argc, - char *argv[]) -{ - p11_library_init (); - - p11_test (test_filename, "/modules/test_filename"); - p11_test (test_no_duplicates, "/modules/test_no_duplicates"); - p11_test (test_disable, "/modules/test_disable"); - p11_test (test_disable_later, "/modules/test_disable_later"); - p11_test (test_enable, "/modules/test_enable"); - p11_test (test_priority, "/modules/test_priority"); - p11_test (test_module_name, "/modules/test_module_name"); - p11_test (test_module_flags, "/modules/test_module_flags"); - p11_test (test_config_option, "/modules/test_config_option"); - p11_test (test_module_trusted_only, "/modules/trusted-only"); - p11_test (test_module_trust_flags, "/modules/trust-flags"); - - p11_kit_be_quiet (); - - return p11_test_run (argc, argv); -} diff --git a/p11-kit/test-pin.c b/p11-kit/test-pin.c deleted file mode 100644 index 27e20c8..0000000 --- a/p11-kit/test-pin.c +++ /dev/null @@ -1,313 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@collabora.co.uk> - */ - -#include "config.h" -#include "test.h" - -#include "library.h" - -#include <assert.h> -#include <errno.h> -#include <stdlib.h> -#include <stdio.h> -#include <string.h> - -#include "p11-kit/pin.h" -#include "p11-kit/private.h" - -static P11KitPin * -callback_one (const char *pin_source, P11KitUri *pin_uri, const char *pin_description, - P11KitPinFlags pin_flags, void *callback_data) -{ - int *data = callback_data; - assert (*data == 33); - return p11_kit_pin_new_for_buffer ((unsigned char*)strdup ("one"), 3, free); -} - -static P11KitPin* -callback_other (const char *pin_source, P11KitUri *pin_uri, const char *pin_description, - P11KitPinFlags pin_flags, void *callback_data) -{ - char *data = callback_data; - return p11_kit_pin_new_for_string (data); -} - -static void -destroy_data (void *callback_data) -{ - int *data = callback_data; - (*data)++; -} - -static void -test_pin_register_unregister (void) -{ - int data = 33; - - p11_kit_pin_register_callback ("/the/pin_source", callback_one, - &data, destroy_data); - - p11_kit_pin_unregister_callback ("/the/pin_source", callback_one, - &data); - - assert_num_eq (34, data); -} - -static void -test_pin_read (void) -{ - P11KitUri *uri; - P11KitPin *pin; - int data = 33; - size_t length; - const unsigned char *ptr; - - p11_kit_pin_register_callback ("/the/pin_source", callback_one, - &data, destroy_data); - - uri = p11_kit_uri_new (); - pin = p11_kit_pin_request ("/the/pin_source", uri, "The token", - P11_KIT_PIN_FLAGS_USER_LOGIN); - p11_kit_uri_free (uri); - - assert_ptr_not_null (pin); - ptr = p11_kit_pin_get_value (pin, &length); - assert_num_eq (3, length); - assert (memcmp (ptr, "one", 3) == 0); - - p11_kit_pin_unregister_callback ("/the/pin_source", callback_one, - &data); - - p11_kit_pin_unref (pin); -} - -static void -test_pin_read_no_match (void) -{ - P11KitUri *uri; - P11KitPin *pin; - - uri = p11_kit_uri_new (); - pin = p11_kit_pin_request ("/the/pin_source", uri, "The token", - P11_KIT_PIN_FLAGS_USER_LOGIN); - p11_kit_uri_free (uri); - - assert_ptr_eq (NULL, pin); -} - -static void -test_pin_register_duplicate (void) -{ - P11KitUri *uri; - P11KitPin *pin; - char *value = "secret"; - int data = 33; - size_t length; - const unsigned char *ptr; - - uri = p11_kit_uri_new (); - - p11_kit_pin_register_callback ("/the/pin_source", callback_one, - &data, destroy_data); - - p11_kit_pin_register_callback ("/the/pin_source", callback_other, - value, NULL); - - pin = p11_kit_pin_request ("/the/pin_source", uri, "The token", - P11_KIT_PIN_FLAGS_USER_LOGIN); - - assert_ptr_not_null (pin); - ptr = p11_kit_pin_get_value (pin, &length); - assert_num_eq (6, length); - assert (memcmp (ptr, "secret", length) == 0); - p11_kit_pin_unref (pin); - - p11_kit_pin_unregister_callback ("/the/pin_source", callback_other, - value); - - pin = p11_kit_pin_request ("/the/pin_source", uri, "The token", - P11_KIT_PIN_FLAGS_USER_LOGIN); - - assert_ptr_not_null (pin); - ptr = p11_kit_pin_get_value (pin, &length); - assert_num_eq (3, length); - assert (memcmp (ptr, "one", length) == 0); - p11_kit_pin_unref (pin); - - p11_kit_pin_unregister_callback ("/the/pin_source", callback_one, - &data); - - pin = p11_kit_pin_request ("/the/pin_source", uri, "The token", - P11_KIT_PIN_FLAGS_USER_LOGIN); - - assert_ptr_eq (NULL, pin); - - p11_kit_uri_free (uri); -} - -static void -test_pin_register_fallback (void) -{ - char *value = "secret"; - P11KitUri *uri; - P11KitPin *pin; - int data = 33; - size_t length; - const unsigned char *ptr; - - uri = p11_kit_uri_new (); - - p11_kit_pin_register_callback (P11_KIT_PIN_FALLBACK, callback_one, - &data, destroy_data); - - pin = p11_kit_pin_request ("/the/pin_source", uri, "The token", - P11_KIT_PIN_FLAGS_USER_LOGIN); - - assert_ptr_not_null (pin); - ptr = p11_kit_pin_get_value (pin, &length); - assert_num_eq (3, length); - assert (memcmp (ptr, "one", length) == 0); - p11_kit_pin_unref (pin); - - p11_kit_pin_register_callback ("/the/pin_source", callback_other, - value, NULL); - - pin = p11_kit_pin_request ("/the/pin_source", uri, "The token", - P11_KIT_PIN_FLAGS_USER_LOGIN); - - assert_ptr_not_null (pin); - ptr = p11_kit_pin_get_value (pin, &length); - assert_num_eq (6, length); - assert (memcmp (ptr, "secret", length) == 0); - p11_kit_pin_unref (pin); - - p11_kit_pin_unregister_callback ("/the/pin_source", callback_other, - value); - - p11_kit_pin_unregister_callback (P11_KIT_PIN_FALLBACK, callback_one, - &data); - - p11_kit_uri_free (uri); -} - -static void -test_pin_file (void) -{ - P11KitUri *uri; - P11KitPin *pin; - size_t length; - const unsigned char *ptr; - - uri = p11_kit_uri_new (); - - p11_kit_pin_register_callback (P11_KIT_PIN_FALLBACK, p11_kit_pin_file_callback, - NULL, NULL); - - pin = p11_kit_pin_request (SRCDIR "/p11-kit/fixtures/test-pinfile", uri, "The token", - P11_KIT_PIN_FLAGS_USER_LOGIN); - - assert_ptr_not_null (pin); - ptr = p11_kit_pin_get_value (pin, &length); - assert_num_eq (12, length); - assert (memcmp (ptr, "yogabbagabba", length) == 0); - p11_kit_pin_unref (pin); - - pin = p11_kit_pin_request (SRCDIR "/p11-kit/fixtures/nonexistant", uri, "The token", - P11_KIT_PIN_FLAGS_USER_LOGIN); - - assert_ptr_eq (NULL, pin); - - p11_kit_pin_unregister_callback (P11_KIT_PIN_FALLBACK, p11_kit_pin_file_callback, - NULL); - - p11_kit_uri_free (uri); -} - -static void -test_pin_file_large (void) -{ - P11KitUri *uri; - P11KitPin *pin; - int error; - - uri = p11_kit_uri_new (); - - p11_kit_pin_register_callback (P11_KIT_PIN_FALLBACK, p11_kit_pin_file_callback, - NULL, NULL); - - pin = p11_kit_pin_request (SRCDIR "/p11-kit/fixtures/test-pinfile-large", uri, "The token", - P11_KIT_PIN_FLAGS_USER_LOGIN); - - error = errno; - assert_ptr_eq (NULL, pin); - assert_num_eq (EFBIG, error); - - p11_kit_pin_unregister_callback (P11_KIT_PIN_FALLBACK, p11_kit_pin_file_callback, - NULL); - - p11_kit_uri_free (uri); -} - -static void -test_pin_ref_unref (void) -{ - P11KitPin *pin; - P11KitPin *check; - - pin = p11_kit_pin_new_for_string ("crack of lies"); - - check = p11_kit_pin_ref (pin); - assert_ptr_eq (pin, check); - - p11_kit_pin_unref (pin); - p11_kit_pin_unref (check); -} - -int -main (int argc, - char *argv[]) -{ - p11_library_init (); - - p11_test (test_pin_register_unregister, "/pin/test_pin_register_unregister"); - p11_test (test_pin_read, "/pin/test_pin_read"); - p11_test (test_pin_read_no_match, "/pin/test_pin_read_no_match"); - p11_test (test_pin_register_duplicate, "/pin/test_pin_register_duplicate"); - p11_test (test_pin_register_fallback, "/pin/test_pin_register_fallback"); - p11_test (test_pin_file, "/pin/test_pin_file"); - p11_test (test_pin_file_large, "/pin/test_pin_file_large"); - p11_test (test_pin_ref_unref, "/pin/test_pin_ref_unref"); - - return p11_test_run (argc, argv); -} diff --git a/p11-kit/test-progname.c b/p11-kit/test-progname.c deleted file mode 100644 index 76b136d..0000000 --- a/p11-kit/test-progname.c +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Copyright (c) 2012 Stefan Walter - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stef@thewalter.net> - */ - -#include "config.h" -#include "test.h" - -#include "library.h" - -#include <assert.h> -#include <string.h> -#include <stdio.h> -#include <stdlib.h> - -#include "p11-kit/uri.h" -#include "p11-kit/p11-kit.h" -#include "p11-kit/private.h" - -static void -test_progname_default (void) -{ - const char *progname; - - progname = _p11_get_progname_unlocked (); - assert_str_eq ("test-progname", progname); -} - -static void -test_progname_set (void) -{ - const char *progname; - - p11_kit_set_progname ("love-generation"); - - progname = _p11_get_progname_unlocked (); - assert_str_eq ("love-generation", progname); - - _p11_set_progname_unlocked (NULL); - - progname = _p11_get_progname_unlocked (); - assert_str_eq ("test-progname", progname); -} - -/* Defined in util.c */ -extern char p11_my_progname[]; - -int -main (int argc, - char *argv[]) -{ - p11_library_init (); - - p11_test (test_progname_default, "/progname/test_progname_default"); - p11_test (test_progname_set, "/progname/test_progname_set"); - return p11_test_run (argc, argv); -} diff --git a/p11-kit/test-proxy.c b/p11-kit/test-proxy.c deleted file mode 100644 index 0fb270b..0000000 --- a/p11-kit/test-proxy.c +++ /dev/null @@ -1,296 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@redhat.com> - */ - -#define CRYPTOKI_EXPORTS - -#include "config.h" -#include "test.h" - -#include "library.h" -#include "mock.h" -#include "p11-kit.h" -#include "pkcs11.h" -#include "proxy.h" - -#include <sys/types.h> - -#include <assert.h> -#include <errno.h> -#include <stdlib.h> -#include <stdio.h> -#include <string.h> -#include <time.h> -#include <unistd.h> -#ifndef _WIN32 -#include <sys/wait.h> -#endif - -/* This is the proxy module entry point in proxy.c, and linked to this test */ -CK_RV C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list); - -static CK_SLOT_ID mock_slot_one_id; -static CK_SLOT_ID mock_slot_two_id; -static CK_ULONG mock_slots_present; -static CK_ULONG mock_slots_all; - -static void -test_initialize_finalize (void) -{ - CK_FUNCTION_LIST_PTR proxy; - CK_RV rv; - - rv = C_GetFunctionList (&proxy); - assert (rv == CKR_OK); - - assert (p11_proxy_module_check (proxy)); - - rv = proxy->C_Initialize (NULL); - assert (rv == CKR_OK); - - rv = proxy->C_Finalize (NULL); - assert_num_eq (rv, CKR_OK); - - p11_proxy_module_cleanup (); -} - -static void -test_initialize_multiple (void) -{ - CK_FUNCTION_LIST_PTR proxy; - CK_RV rv; - - rv = C_GetFunctionList (&proxy); - assert (rv == CKR_OK); - - assert (p11_proxy_module_check (proxy)); - - rv = proxy->C_Initialize (NULL); - assert (rv == CKR_OK); - - rv = proxy->C_Initialize (NULL); - assert (rv == CKR_OK); - - rv = proxy->C_Finalize (NULL); - assert (rv == CKR_OK); - - rv = proxy->C_Finalize (NULL); - assert (rv == CKR_OK); - - rv = proxy->C_Finalize (NULL); - assert (rv == CKR_CRYPTOKI_NOT_INITIALIZED); - - p11_proxy_module_cleanup (); -} - -#ifndef _WIN32 -static void -test_deinit_after_fork (void) -{ - CK_FUNCTION_LIST_PTR proxy; - CK_RV rv; - pid_t pid; - int st; - - rv = C_GetFunctionList (&proxy); - assert (rv == CKR_OK); - - assert (p11_proxy_module_check (proxy)); - - rv = proxy->C_Initialize(NULL); - assert_num_eq (rv, CKR_OK); - - pid = fork (); - if (!pid) { - exit(0); - } - assert (pid != -1); - waitpid(pid, &st, 0); - - rv = proxy->C_Finalize (NULL); - assert_num_eq (rv, CKR_OK); - - p11_proxy_module_cleanup (); - - /* If the assertion fails, p11_kit_failed() doesn't return. So make - * sure we do all the cleanup before the (expected) failure, or it - * causes all the *later* tests to fail too! */ - if (!WIFEXITED (st) || WEXITSTATUS(st) != 0) - assert_fail("Child failed to C_Initialize() and C_Finalize()", NULL); - -} - -static void -test_initialize_child (void) -{ - CK_FUNCTION_LIST_PTR proxy; - CK_RV rv; - pid_t pid; - int st; - - rv = C_GetFunctionList (&proxy); - assert (rv == CKR_OK); - - assert (p11_proxy_module_check (proxy)); - - rv = proxy->C_Initialize(NULL); - assert_num_eq (rv, CKR_OK); - - pid = fork (); - if (!pid) { - /* The PKCS#11 Usage Guide (v2.40) advocates in §2.5.2 that - * a child should call C_Initialize() after forking, and - * then immediately C_Finalize() if it's not going to do - * anything more with the PKCS#11 token. In a multi-threaded - * program this is a violation of the POSIX standard, which - * puts strict limits on what you're allowed to do between - * fork and an eventual exec or exit. But some things (like - * pkcs11-helper and thus OpenVPN) do it anyway, and we - * need to cope... */ - - /* https://bugs.freedesktop.org/show_bug.cgi?id=90289 reports - * a deadlock when this happens. Catch it with SIGALRM... */ - alarm(1); - - rv = proxy->C_Initialize(NULL); - assert_num_eq (rv, CKR_OK); - - rv = proxy->C_Finalize (NULL); - assert_num_eq (rv, CKR_OK); - - exit(0); - } - assert (pid != -1); - waitpid(pid, &st, 0); - - rv = proxy->C_Finalize (NULL); - assert_num_eq (rv, CKR_OK); - - p11_proxy_module_cleanup (); - - /* If the assertion fails, p11_kit_failed() doesn't return. So make - * sure we do all the cleanup before the (expected) failure, or it - * causes all the *later* tests to fail too! */ - if (!WIFEXITED (st) || WEXITSTATUS(st) != 0) - assert_fail("Child failed to C_Initialize() and C_Finalize()", NULL); - -} -#endif - -static CK_FUNCTION_LIST_PTR -setup_mock_module (CK_SESSION_HANDLE *session) -{ - CK_FUNCTION_LIST_PTR proxy; - CK_SLOT_ID slots[32]; - CK_RV rv; - - rv = C_GetFunctionList (&proxy); - assert (rv == CKR_OK); - - assert (p11_proxy_module_check (proxy)); - - rv = proxy->C_Initialize (NULL); - assert (rv == CKR_OK); - - mock_slots_all = 32; - rv = proxy->C_GetSlotList (CK_FALSE, slots, &mock_slots_all); - assert (rv == CKR_OK); - assert_num_cmp (mock_slots_all, >=, 2); - - /* Assume this is the slot we want to deal with */ - mock_slot_one_id = slots[0]; - mock_slot_two_id = slots[1]; - - rv = proxy->C_GetSlotList (CK_TRUE, NULL, &mock_slots_present); - assert (rv == CKR_OK); - assert (mock_slots_present > 1); - - if (session) { - rv = (proxy->C_OpenSession) (mock_slot_one_id, - CKF_RW_SESSION | CKF_SERIAL_SESSION, - NULL, NULL, session); - assert (rv == CKR_OK); - } - - return proxy; -} - -static void -teardown_mock_module (CK_FUNCTION_LIST_PTR module) -{ - CK_RV rv; - - rv = module->C_Finalize (NULL); - assert (rv == CKR_OK); -} - -/* - * We redefine the mock module slot id so that the tests in test-mock.c - * use the proxy mapped slot id rather than the hard coded one - */ -#define MOCK_SLOT_ONE_ID mock_slot_one_id -#define MOCK_SLOT_TWO_ID mock_slot_two_id -#define MOCK_SLOTS_PRESENT mock_slots_present -#define MOCK_SLOTS_ALL mock_slots_all -#define MOCK_INFO mock_info -#define MOCK_SKIP_WAIT_TEST - -static const CK_INFO mock_info = { - { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, - "PKCS#11 Kit ", - 0, - "PKCS#11 Kit Proxy Module ", - { 1, 1 } -}; - -/* Bring in all the mock module tests */ -#include "test-mock.c" - -int -main (int argc, - char *argv[]) -{ - p11_library_init (); - p11_kit_be_quiet (); - - p11_test (test_initialize_finalize, "/proxy/initialize-finalize"); - p11_test (test_initialize_multiple, "/proxy/initialize-multiple"); -#ifndef _WIN32 - p11_test (test_deinit_after_fork, "/proxy/deinit-after-fork"); - p11_test (test_initialize_child, "/proxy/initialize-child"); -#endif - - test_mock_add_tests ("/proxy"); - - return p11_test_run (argc, argv); -} diff --git a/p11-kit/test-rpc.c b/p11-kit/test-rpc.c deleted file mode 100644 index c9f8333..0000000 --- a/p11-kit/test-rpc.c +++ /dev/null @@ -1,1061 +0,0 @@ -/* - * Copyright (c) 2012 Stefan Walter - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stef@thewalter.net> - */ - -#include "config.h" -#include "test.h" - -#include "debug.h" -#include "library.h" -#include "message.h" -#include "mock.h" -#include "p11-kit.h" -#include "private.h" -#include "rpc.h" -#include "rpc-message.h" -#include "virtual.h" - -#include <sys/types.h> -#ifdef OS_UNIX -#include <sys/wait.h> -#endif -#include <assert.h> -#include <string.h> -#include <stdio.h> -#include <stdlib.h> - -static void -test_new_free (void) -{ - p11_buffer *buf; - - buf = p11_rpc_buffer_new (0); - - assert_ptr_not_null (buf->data); - assert_num_eq (0, buf->len); - assert_num_eq (0, buf->flags); - assert (buf->size == 0); - assert_ptr_not_null (buf->ffree); - assert_ptr_not_null (buf->frealloc); - - p11_rpc_buffer_free (buf); -} - -static void -test_uint16 (void) -{ - p11_buffer buffer; - uint16_t val = 0xFFFF; - size_t next; - bool ret; - - p11_buffer_init (&buffer, 0); - - next = 0; - ret = p11_rpc_buffer_get_uint16 (&buffer, &next, &val); - assert_num_eq (false, ret); - assert_num_eq (0, next); - assert_num_eq (0xFFFF, val); - - p11_buffer_reset (&buffer, 0); - - ret = p11_rpc_buffer_set_uint16 (&buffer, 0, 0x6789); - assert_num_eq (false, ret); - - p11_buffer_reset (&buffer, 0); - - p11_buffer_add (&buffer, (unsigned char *)"padding", 7); - - p11_rpc_buffer_add_uint16 (&buffer, 0x6789); - assert_num_eq (9, buffer.len); - assert (!p11_buffer_failed (&buffer)); - - next = 7; - ret = p11_rpc_buffer_get_uint16 (&buffer, &next, &val); - assert_num_eq (true, ret); - assert_num_eq (9, next); - assert_num_eq (0x6789, val); - - p11_buffer_uninit (&buffer); -} - -static void -test_uint16_static (void) -{ - p11_buffer buf = { (unsigned char *)"pad0\x67\x89", 6, }; - uint16_t val = 0xFFFF; - size_t next; - bool ret; - - next = 4; - ret = p11_rpc_buffer_get_uint16 (&buf, &next, &val); - assert_num_eq (true, ret); - assert_num_eq (6, next); - assert_num_eq (0x6789, val); -} - -static void -test_uint32 (void) -{ - p11_buffer buffer; - uint32_t val = 0xFFFFFFFF; - size_t next; - bool ret; - - p11_buffer_init (&buffer, 0); - - next = 0; - ret = p11_rpc_buffer_get_uint32 (&buffer, &next, &val); - assert_num_eq (false, ret); - assert_num_eq (0, next); - assert_num_eq (0xFFFFFFFF, val); - - p11_buffer_reset (&buffer, 0); - - ret = p11_rpc_buffer_set_uint32 (&buffer, 0, 0x12345678); - assert_num_eq (false, ret); - - p11_buffer_reset (&buffer, 0); - - p11_buffer_add (&buffer, (unsigned char *)"padding", 7); - - p11_rpc_buffer_add_uint32 (&buffer, 0x12345678); - assert_num_eq (11, buffer.len); - assert (!p11_buffer_failed (&buffer)); - - next = 7; - ret = p11_rpc_buffer_get_uint32 (&buffer, &next, &val); - assert_num_eq (true, ret); - assert_num_eq (11, next); - assert_num_eq (0x12345678, val); - - p11_buffer_uninit (&buffer); -} - -static void -test_uint32_static (void) -{ - p11_buffer buf = { (unsigned char *)"pad0\x23\x45\x67\x89", 8, }; - uint32_t val = 0xFFFFFFFF; - size_t next; - bool ret; - - next = 4; - ret = p11_rpc_buffer_get_uint32 (&buf, &next, &val); - assert_num_eq (true, ret); - assert_num_eq (8, next); - assert_num_eq (0x23456789, val); -} - -static void -test_uint64 (void) -{ - p11_buffer buffer; - uint64_t val = 0xFFFFFFFFFFFFFFFF; - size_t next; - bool ret; - - p11_buffer_init (&buffer, 0); - - next = 0; - ret = p11_rpc_buffer_get_uint64 (&buffer, &next, &val); - assert_num_eq (0, ret); - assert_num_eq (0, next); - assert (0xFFFFFFFFFFFFFFFF == val); - - p11_buffer_reset (&buffer, 0); - - p11_buffer_add (&buffer, (unsigned char *)"padding", 7); - - p11_rpc_buffer_add_uint64 (&buffer, 0x0123456708ABCDEF); - assert_num_eq (15, buffer.len); - assert (!p11_buffer_failed (&buffer)); - - next = 7; - ret = p11_rpc_buffer_get_uint64 (&buffer, &next, &val); - assert_num_eq (true, ret); - assert_num_eq (15, next); - assert (0x0123456708ABCDEF == val); - - p11_buffer_uninit (&buffer); -} - -static void -test_uint64_static (void) -{ - p11_buffer buf = { (unsigned char *)"pad0\x89\x67\x45\x23\x11\x22\x33\x44", 12, }; - uint64_t val = 0xFFFFFFFFFFFFFFFF; - size_t next; - bool ret; - - next = 4; - ret = p11_rpc_buffer_get_uint64 (&buf, &next, &val); - assert_num_eq (true, ret); - assert_num_eq (12, next); - assert (0x8967452311223344 == val); -} - -static void -test_byte_array (void) -{ - p11_buffer buffer; - unsigned char bytes[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F }; - - const unsigned char *val; - size_t length = ~0; - size_t next; - bool ret; - - p11_buffer_init (&buffer, 0); - - /* Invalid read */ - - next = 0; - ret = p11_rpc_buffer_get_byte_array (&buffer, &next, &val, &length); - assert_num_eq (false, ret); - assert_num_eq (0, next); - assert_num_eq (~0, length); - - /* Test full array */ - - p11_buffer_reset (&buffer, 0); - p11_buffer_add (&buffer, (unsigned char *)"padding", 7); - - p11_rpc_buffer_add_byte_array (&buffer, bytes, 32); - assert_num_eq (43, buffer.len); - assert (!p11_buffer_failed (&buffer)); - - next = 7; - ret = p11_rpc_buffer_get_byte_array (&buffer, &next, &val, &length); - assert_num_eq (true, ret); - assert_num_eq (43, next); - assert_num_eq (32, length); - assert (memcmp (val, bytes, 32) == 0); - - p11_buffer_uninit (&buffer); -} - -static void -test_byte_array_null (void) -{ - p11_buffer buffer; - const unsigned char *val; - size_t length = ~0; - size_t next; - bool ret; - - p11_buffer_init (&buffer, 0); - - p11_buffer_reset (&buffer, 0); - p11_buffer_add (&buffer, (unsigned char *)"padding", 7); - - p11_rpc_buffer_add_byte_array (&buffer, NULL, 0); - assert_num_eq (11, buffer.len); - assert (!p11_buffer_failed (&buffer)); - - next = 7; - ret = p11_rpc_buffer_get_byte_array (&buffer, &next, &val, &length); - assert_num_eq (true, ret); - assert_num_eq (11, next); - assert_num_eq (0, length); - assert_ptr_eq (NULL, (void*)val); - - p11_buffer_uninit (&buffer); -} - -static void -test_byte_array_too_long (void) -{ - p11_buffer buffer; - const unsigned char *val = NULL; - size_t length = ~0; - size_t next; - bool ret; - - p11_buffer_init (&buffer, 0); - - p11_buffer_reset (&buffer, 0); - p11_buffer_add (&buffer, (unsigned char *)"padding", 7); - assert (!p11_buffer_failed (&buffer)); - - /* Passing a too short buffer here shouldn't matter, as length is checked for sanity */ - p11_rpc_buffer_add_byte_array (&buffer, (unsigned char *)"", 0x9fffffff); - assert (p11_buffer_failed (&buffer)); - - /* Force write a too long byte arary to buffer */ - p11_buffer_reset (&buffer, 0); - p11_rpc_buffer_add_uint32 (&buffer, 0x9fffffff); - - next = 0; - ret = p11_rpc_buffer_get_byte_array (&buffer, &next, &val, &length); - assert_num_eq (false, ret); - assert_num_eq (0, next); - assert_num_eq (~0, length); - assert_ptr_eq (NULL, (void*)val); - - p11_buffer_uninit (&buffer); -} - -static void -test_byte_array_static (void) -{ - unsigned char data[] = { 'p', 'a', 'd', 0x00, 0x00, 0x00, 0x00, 0x20, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F }; - p11_buffer buf = { data, 0x40, }; - const unsigned char *val; - size_t length = ~0; - size_t next; - bool ret; - - next = 4; - ret = p11_rpc_buffer_get_byte_array (&buf, &next, &val, &length); - assert_num_eq (true, ret); - assert_num_eq (40, next); - assert_num_eq (32, length); - assert (memcmp (data + 8, val, 32) == 0); -} - -static p11_virtual base; -static unsigned int rpc_initialized = 0; - -static CK_RV -rpc_initialize (p11_rpc_client_vtable *vtable, - void *init_reserved) -{ - assert_str_eq (vtable->data, "vtable-data"); - assert_num_cmp (p11_forkid, !=, rpc_initialized); - rpc_initialized = p11_forkid; - - return CKR_OK; -} - -static CK_RV -rpc_initialize_fails (p11_rpc_client_vtable *vtable, - void *init_reserved) -{ - assert_str_eq (vtable->data, "vtable-data"); - assert_num_cmp (p11_forkid, !=, rpc_initialized); - return CKR_FUNCTION_FAILED; -} - -static CK_RV -rpc_initialize_device_removed (p11_rpc_client_vtable *vtable, - void *init_reserved) -{ - assert_str_eq (vtable->data, "vtable-data"); - assert_num_cmp (p11_forkid, !=, rpc_initialized); - return CKR_DEVICE_REMOVED; -} - -static CK_RV -rpc_transport (p11_rpc_client_vtable *vtable, - p11_buffer *request, - p11_buffer *response) -{ - bool ret; - - assert_str_eq (vtable->data, "vtable-data"); - - /* Just pass directly to the server code */ - ret = p11_rpc_server_handle (&base.funcs, request, response); - assert (ret == true); - - return CKR_OK; -} - -static void -rpc_finalize (p11_rpc_client_vtable *vtable, - void *fini_reserved) -{ - assert_str_eq (vtable->data, "vtable-data"); - assert_num_cmp (p11_forkid, ==, rpc_initialized); - rpc_initialized = 0; -} - -static void -test_initialize (void) -{ - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport, rpc_finalize }; - p11_virtual mixin; - bool ret; - CK_RV rv; - - /* Build up our own function list */ - rpc_initialized = 0; - p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); - - ret = p11_rpc_client_init (&mixin, &vtable); - assert_num_eq (true, ret); - - rv = mixin.funcs.C_Initialize (&mixin.funcs, NULL); - assert (rv == CKR_OK); - assert_num_eq (p11_forkid, rpc_initialized); - - rv = mixin.funcs.C_Finalize (&mixin.funcs, NULL); - assert (rv == CKR_OK); - assert_num_cmp (p11_forkid, !=, rpc_initialized); - - p11_virtual_uninit (&mixin); -} - -static void -test_not_initialized (void) -{ - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport, rpc_finalize }; - p11_virtual mixin; - CK_INFO info; - bool ret; - CK_RV rv; - - /* Build up our own function list */ - rpc_initialized = 0; - p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); - - ret = p11_rpc_client_init (&mixin, &vtable); - assert_num_eq (true, ret); - - rv = (mixin.funcs.C_GetInfo) (&mixin.funcs, &info); - assert (rv == CKR_CRYPTOKI_NOT_INITIALIZED); - - p11_virtual_uninit (&mixin); -} - -static void -test_initialize_fails_on_client (void) -{ - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize_fails, rpc_transport, rpc_finalize }; - p11_virtual mixin; - bool ret; - CK_RV rv; - - /* Build up our own function list */ - rpc_initialized = 0; - p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); - - ret = p11_rpc_client_init (&mixin, &vtable); - assert_num_eq (true, ret); - - rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); - assert (rv == CKR_FUNCTION_FAILED); - assert_num_eq (0, rpc_initialized); - - p11_virtual_uninit (&mixin); -} - -static CK_RV -rpc_transport_fails (p11_rpc_client_vtable *vtable, - p11_buffer *request, - p11_buffer *response) -{ - return CKR_FUNCTION_REJECTED; -} - -static void -test_transport_fails (void) -{ - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_fails, rpc_finalize }; - p11_virtual mixin; - bool ret; - CK_RV rv; - - /* Build up our own function list */ - rpc_initialized = 0; - p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); - - ret = p11_rpc_client_init (&mixin, &vtable); - assert_num_eq (true, ret); - - rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); - assert (rv == CKR_FUNCTION_REJECTED); - assert_num_eq (0, rpc_initialized); - - p11_virtual_uninit (&mixin); -} - -static void -test_initialize_fails_on_server (void) -{ - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport, rpc_finalize }; - p11_virtual mixin; - bool ret; - CK_RV rv; - - /* Build up our own function list */ - p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); - base.funcs.C_Initialize = mock_X_Initialize__fails; - - ret = p11_rpc_client_init (&mixin, &vtable); - assert_num_eq (true, ret); - - rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); - assert (rv == CKR_FUNCTION_FAILED); - assert_num_eq (0, rpc_initialized); - - p11_virtual_uninit (&mixin); -} - -static CK_RV -rpc_transport_bad_parse (p11_rpc_client_vtable *vtable, - p11_buffer *request, - p11_buffer *response) -{ - int rc; - - assert_str_eq (vtable->data, "vtable-data"); - - /* Just zero bytes is an invalid message */ - rc = p11_buffer_reset (response, 2); - assert (rc >= 0); - - memset (response->data, 0, 2); - response->len = 2; - return CKR_OK; -} - -static void -test_transport_bad_parse (void) -{ - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_bad_parse, rpc_finalize }; - p11_virtual mixin; - bool ret; - CK_RV rv; - - /* Build up our own function list */ - rpc_initialized = 0; - p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); - - ret = p11_rpc_client_init (&mixin, &vtable); - assert_num_eq (true, ret); - - p11_kit_be_quiet (); - - rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); - assert (rv == CKR_DEVICE_ERROR); - assert_num_eq (0, rpc_initialized); - - p11_message_loud (); - p11_virtual_uninit (&mixin); -} - -static CK_RV -rpc_transport_short_error (p11_rpc_client_vtable *vtable, - p11_buffer *request, - p11_buffer *response) -{ - int rc; - - unsigned char data[] = { - 0x00, 0x00, 0x00, 0x00, /* RPC_CALL_ERROR */ - 0x00, 0x00, 0x00, 0x01, 0x75, /* signature 'u' */ - 0x00, 0x01, /* short error */ - }; - - assert_str_eq (vtable->data, "vtable-data"); - - rc = p11_buffer_reset (response, sizeof (data)); - assert (rc >= 0); - - memcpy (response->data, data, sizeof (data)); - response->len = sizeof (data); - return CKR_OK; -} - -static void -test_transport_short_error (void) -{ - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_short_error, rpc_finalize }; - p11_virtual mixin; - bool ret; - CK_RV rv; - - /* Build up our own function list */ - p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); - - ret = p11_rpc_client_init (&mixin, &vtable); - assert_num_eq (true, ret); - - p11_kit_be_quiet (); - - rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); - assert (rv == CKR_DEVICE_ERROR); - assert_num_eq (0, rpc_initialized); - - p11_message_loud (); - p11_virtual_uninit (&mixin); -} - -static CK_RV -rpc_transport_invalid_error (p11_rpc_client_vtable *vtable, - p11_buffer *request, - p11_buffer *response) -{ - int rc; - - unsigned char data[] = { - 0x00, 0x00, 0x00, 0x00, /* RPC_CALL_ERROR */ - 0x00, 0x00, 0x00, 0x01, 0x75, /* signature 'u' */ - 0x00, 0x00, 0x00, 0x00, /* a CKR_OK error*/ - 0x00, 0x00, 0x00, 0x00, - }; - - assert_str_eq (vtable->data, "vtable-data"); - - rc = p11_buffer_reset (response, sizeof (data)); - assert (rc >= 0); - memcpy (response->data, data, sizeof (data)); - response->len = sizeof (data); - return CKR_OK; -} - -static void -test_transport_invalid_error (void) -{ - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_invalid_error, rpc_finalize }; - p11_virtual mixin; - bool ret; - CK_RV rv; - - /* Build up our own function list */ - p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); - - ret = p11_rpc_client_init (&mixin, &vtable); - assert_num_eq (true, ret); - - p11_kit_be_quiet (); - - rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); - assert (rv == CKR_DEVICE_ERROR); - assert_num_eq (0, rpc_initialized); - - p11_message_loud (); - p11_virtual_uninit (&mixin); -} - -static CK_RV -rpc_transport_wrong_response (p11_rpc_client_vtable *vtable, - p11_buffer *request, - p11_buffer *response) -{ - int rc; - - unsigned char data[] = { - 0x00, 0x00, 0x00, 0x02, /* RPC_CALL_C_Finalize */ - 0x00, 0x00, 0x00, 0x00, /* signature '' */ - }; - - assert_str_eq (vtable->data, "vtable-data"); - - rc = p11_buffer_reset (response, sizeof (data)); - assert (rc >= 0); - memcpy (response->data, data, sizeof (data)); - response->len = sizeof (data); - return CKR_OK; -} - -static void -test_transport_wrong_response (void) -{ - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_wrong_response, rpc_finalize }; - p11_virtual mixin; - bool ret; - CK_RV rv; - - /* Build up our own function list */ - p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); - - ret = p11_rpc_client_init (&mixin, &vtable); - assert_num_eq (true, ret); - - p11_kit_be_quiet (); - - rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); - assert (rv == CKR_DEVICE_ERROR); - assert_num_eq (0, rpc_initialized); - - p11_message_loud (); - p11_virtual_uninit (&mixin); -} - -static CK_RV -rpc_transport_bad_contents (p11_rpc_client_vtable *vtable, - p11_buffer *request, - p11_buffer *response) -{ - int rc; - - unsigned char data[] = { - 0x00, 0x00, 0x00, 0x02, /* RPC_CALL_C_GetInfo */ - 0x00, 0x00, 0x00, 0x05, /* signature 'vsusv' */ - 'v', 's', 'u', 's', 'v', - 0x00, 0x00, 0x00, 0x00, /* invalid data */ - }; - - assert_str_eq (vtable->data, "vtable-data"); - - rc = p11_buffer_reset (response, sizeof (data)); - assert (rc >= 0); - memcpy (response->data, data, sizeof (data)); - response->len = sizeof (data); - return CKR_OK; -} - -static void -test_transport_bad_contents (void) -{ - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_bad_contents, rpc_finalize }; - p11_virtual mixin; - bool ret; - CK_RV rv; - - /* Build up our own function list */ - p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); - - ret = p11_rpc_client_init (&mixin, &vtable); - assert_num_eq (true, ret); - - p11_kit_be_quiet (); - - rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); - assert (rv == CKR_DEVICE_ERROR); - assert_num_eq (0, rpc_initialized); - - p11_message_loud (); - p11_virtual_uninit (&mixin); -} - -static p11_rpc_client_vtable test_normal_vtable = { - NULL, - rpc_initialize, - rpc_transport, - rpc_finalize, -}; - -static p11_rpc_client_vtable test_device_removed_vtable = { - NULL, - rpc_initialize_device_removed, - rpc_transport, - rpc_finalize, -}; - -static void -mixin_free (void *data) -{ - p11_virtual *mixin = data; - p11_virtual_uninit (mixin); - free (mixin); -} - -static CK_FUNCTION_LIST_PTR -setup_test_rpc_module (p11_rpc_client_vtable *vtable, - CK_FUNCTION_LIST *module_template, - CK_SESSION_HANDLE *session) -{ - CK_FUNCTION_LIST *rpc_module; - p11_virtual *mixin; - CK_RV rv; - - /* Build up our own function list */ - p11_virtual_init (&base, &p11_virtual_base, module_template, NULL); - - mixin = calloc (1, sizeof (p11_virtual)); - assert (mixin != NULL); - - vtable->data = "vtable-data"; - if (!p11_rpc_client_init (mixin, vtable)) - assert_not_reached (); - - rpc_module = p11_virtual_wrap (mixin, mixin_free); - assert_ptr_not_null (rpc_module); - - rv = p11_kit_module_initialize (rpc_module); - assert (rv == CKR_OK); - - if (session) { - rv = (rpc_module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_RW_SESSION | CKF_SERIAL_SESSION, - NULL, NULL, session); - assert (rv == CKR_OK); - } - - return rpc_module; -} - -static CK_FUNCTION_LIST * -setup_mock_module (CK_SESSION_HANDLE *session) -{ - return setup_test_rpc_module (&test_normal_vtable, &mock_module, session); -} - -static void -teardown_mock_module (CK_FUNCTION_LIST *rpc_module) -{ - p11_kit_module_finalize (rpc_module); - p11_virtual_unwrap (rpc_module); -} - -static void -test_get_info_stand_in (void) -{ - CK_FUNCTION_LIST_PTR rpc_module; - CK_INFO info; - CK_RV rv; - char *string; - - rpc_module = setup_test_rpc_module (&test_device_removed_vtable, - &mock_module_no_slots, NULL); - - rv = (rpc_module->C_GetInfo) (&info); - assert (rv == CKR_OK); - - assert_num_eq (CRYPTOKI_VERSION_MAJOR, info.cryptokiVersion.major); - assert_num_eq (CRYPTOKI_VERSION_MINOR, info.cryptokiVersion.minor); - string = p11_kit_space_strdup (info.manufacturerID, sizeof (info.manufacturerID)); - assert_str_eq ("p11-kit", string); - free (string); - string = p11_kit_space_strdup (info.libraryDescription, sizeof (info.libraryDescription)); - assert_str_eq ("p11-kit (no connection)", string); - free (string); - assert_num_eq (0, info.flags); - assert_num_eq (1, info.libraryVersion.major); - assert_num_eq (1, info.libraryVersion.minor); - - teardown_mock_module (rpc_module); -} - -static void -test_get_slot_list_no_device (void) -{ - CK_FUNCTION_LIST_PTR rpc_module; - CK_SLOT_ID slot_list[8]; - CK_ULONG count; - CK_RV rv; - - rpc_module = setup_test_rpc_module (&test_device_removed_vtable, - &mock_module_no_slots, NULL); - - rv = (rpc_module->C_GetSlotList) (CK_TRUE, NULL, &count); - assert (rv == CKR_OK); - assert_num_eq (0, count); - rv = (rpc_module->C_GetSlotList) (CK_FALSE, NULL, &count); - assert (rv == CKR_OK); - assert_num_eq (0, count); - - count = 8; - rv = (rpc_module->C_GetSlotList) (CK_TRUE, slot_list, &count); - assert (rv == CKR_OK); - assert_num_eq (0, count); - - count = 8; - rv = (rpc_module->C_GetSlotList) (CK_FALSE, slot_list, &count); - assert (rv == CKR_OK); - assert_num_eq (0, count); - - teardown_mock_module (rpc_module); -} - -static void * -invoke_in_thread (void *arg) -{ - CK_FUNCTION_LIST *rpc_module = arg; - CK_INFO info; - CK_RV rv; - - rv = (rpc_module->C_GetInfo) (&info); - assert_num_eq (rv, CKR_OK); - - assert (memcmp (info.manufacturerID, MOCK_INFO.manufacturerID, - sizeof (info.manufacturerID)) == 0); - - return NULL; -} - -static p11_mutex_t delay_mutex; - -static CK_RV -delayed_C_GetInfo (CK_INFO_PTR info) -{ - CK_RV rv; - - p11_sleep_ms (rand () % 100); - - p11_mutex_lock (&delay_mutex); - rv = mock_C_GetInfo (info); - p11_mutex_unlock (&delay_mutex); - - return rv; -} - -static void -test_simultaneous_functions (void) -{ - CK_FUNCTION_LIST real_module; - CK_FUNCTION_LIST *rpc_module; - const int num_threads = 128; - p11_thread_t threads[num_threads]; - int i, ret; - - p11_mutex_init (&delay_mutex); - - memcpy (&real_module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); - real_module.C_GetInfo = delayed_C_GetInfo; - - rpc_module = setup_test_rpc_module (&test_normal_vtable, - &real_module, NULL); - - /* Make the invoked function (above) wait */ - p11_mutex_lock (&delay_mutex); - - for (i = 0; i < num_threads; i++) { - ret = p11_thread_create (threads + i, invoke_in_thread, rpc_module); - assert_num_eq (0, ret); - } - - /* Let the invoked functions return */ - p11_mutex_unlock (&delay_mutex); - - for (i = 0; i < num_threads; i++) - p11_thread_join (threads[i]); - - teardown_mock_module (rpc_module); - p11_mutex_uninit (&delay_mutex); -} - -#ifdef OS_UNIX - -static void -test_fork_and_reinitialize (void) -{ - CK_FUNCTION_LIST *rpc_module; - CK_INFO info; - int status; - CK_RV rv; - pid_t pid; - int i; - - rpc_module = setup_test_rpc_module (&test_normal_vtable, - &mock_module_no_slots, NULL); - - pid = fork (); - assert_num_cmp (pid, >=, 0); - - /* The child */ - if (pid == 0) { - rv = (rpc_module->C_Initialize) (NULL); - assert_num_eq (CKR_OK, rv); - - for (i = 0; i < 32; i++) { - rv = (rpc_module->C_GetInfo) (&info); - assert_num_eq (CKR_OK, rv); - } - - rv = (rpc_module->C_Finalize) (NULL); - assert_num_eq (CKR_OK, rv); - - _exit (66); - } - - for (i = 0; i < 128; i++) { - rv = (rpc_module->C_GetInfo) (&info); - assert_num_eq (CKR_OK, rv); - } - - assert_num_eq (waitpid (pid, &status, 0), pid); - assert_num_eq (WEXITSTATUS (status), 66); - - teardown_mock_module (rpc_module); -} - -#endif /* OS_UNIX */ - -#include "test-mock.c" - -int -main (int argc, - char *argv[]) -{ - CK_MECHANISM_TYPE mechanisms[] = { - CKM_MOCK_CAPITALIZE, - CKM_MOCK_PREFIX, - CKM_MOCK_GENERATE, - CKM_MOCK_WRAP, - CKM_MOCK_DERIVE, - CKM_MOCK_COUNT, - 0, - }; - - mock_module_init (); - p11_library_init (); - - /* Override the mechanisms that the RPC mechanism will handle */ - p11_rpc_mechanisms_override_supported = mechanisms; - - p11_test (test_new_free, "/rpc/new-free"); - p11_test (test_uint16, "/rpc/uint16"); - p11_test (test_uint16_static, "/rpc/uint16-static"); - p11_test (test_uint32, "/rpc/uint32"); - p11_test (test_uint32_static, "/rpc/uint32-static"); - p11_test (test_uint64, "/rpc/uint64"); - p11_test (test_uint64_static, "/rpc/uint64-static"); - p11_test (test_byte_array, "/rpc/byte-array"); - p11_test (test_byte_array_null, "/rpc/byte-array-null"); - p11_test (test_byte_array_too_long, "/rpc/byte-array-too-long"); - p11_test (test_byte_array_static, "/rpc/byte-array-static"); - - p11_test (test_initialize_fails_on_client, "/rpc/initialize-fails-on-client"); - p11_test (test_initialize_fails_on_server, "/rpc/initialize-fails-on-server"); - p11_test (test_initialize, "/rpc/initialize"); - p11_test (test_not_initialized, "/rpc/not-initialized"); - p11_test (test_transport_fails, "/rpc/transport-fails"); - p11_test (test_transport_bad_parse, "/rpc/transport-bad-parse"); - p11_test (test_transport_short_error, "/rpc/transport-short-error"); - p11_test (test_transport_invalid_error, "/rpc/transport-invalid-error"); - p11_test (test_transport_wrong_response, "/rpc/transport-wrong-response"); - p11_test (test_transport_bad_contents, "/rpc/transport-bad-contents"); - p11_test (test_get_info_stand_in, "/rpc/get-info-stand-in"); - p11_test (test_get_slot_list_no_device, "/rpc/get-slot-list-no-device"); - p11_test (test_simultaneous_functions, "/rpc/simultaneous-functions"); - -#ifdef OS_UNIX - p11_test (test_fork_and_reinitialize, "/rpc/fork-and-reinitialize"); -#endif - - test_mock_add_tests ("/rpc"); - - return p11_test_run (argc, argv); -} diff --git a/p11-kit/test-transport.c b/p11-kit/test-transport.c deleted file mode 100644 index 227d7ce..0000000 --- a/p11-kit/test-transport.c +++ /dev/null @@ -1,318 +0,0 @@ -/* - * Copyright (c) 2012 Stefan Walter - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stef@thewalter.net> - */ - -#include "config.h" -#include "test.h" - -#include "library.h" -#include "mock.h" -#include "path.h" -#include "private.h" -#include "p11-kit.h" -#include "rpc.h" - -#include <sys/types.h> -#ifdef OS_UNIX -#include <sys/wait.h> -#endif -#include <stdlib.h> -#include <stdio.h> - -struct { - char *directory; - char *user_config; - char *user_modules; -} test; - -static void -setup_remote (void *unused) -{ - const char *data; - - test.directory = p11_test_directory ("p11-test-config"); - test.user_modules = p11_path_build (test.directory, "modules", NULL); -#ifdef OS_UNIX - if (mkdir (test.user_modules, 0700) < 0) -#else - if (mkdir (test.user_modules) < 0) -#endif - assert_not_reached (); - - data = "user-config: only\n"; - test.user_config = p11_path_build (test.directory, "pkcs11.conf", NULL); - p11_test_file_write (NULL, test.user_config, data, strlen (data)); - - setenv ("P11_KIT_PRIVATEDIR", BUILDDIR, 1); - data = "remote: |" BUILDDIR "/p11-kit/p11-kit remote " BUILDDIR "/.libs/mock-two.so\n"; - p11_test_file_write (test.user_modules, "remote.module", data, strlen (data)); - data = "remote: |" BUILDDIR "/p11-kit/p11-kit remote " BUILDDIR "/.libs/mock-five.so\nx-init-reserved: initialize-arg"; - p11_test_file_write (test.user_modules, "init-arg.module", data, strlen (data)); - - p11_config_user_modules = test.user_modules; - p11_config_user_file = test.user_config; -} - -static void -teardown_remote (void *unused) -{ - p11_test_directory_delete (test.user_modules); - p11_test_directory_delete (test.directory); - - free (test.directory); - free (test.user_config); - free (test.user_modules); -} - -static CK_FUNCTION_LIST * -setup_mock_module (CK_SESSION_HANDLE *session) -{ - CK_FUNCTION_LIST **modules; - CK_FUNCTION_LIST *module; - CK_RV rv; - int i; - - setup_remote (NULL); - - modules = p11_kit_modules_load (NULL, 0); - - module = p11_kit_module_for_name (modules, "remote"); - assert (module != NULL); - - rv = p11_kit_module_initialize (module); - assert_num_eq (rv, CKR_OK); - - if (session) { - rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_RW_SESSION | CKF_SERIAL_SESSION, - NULL, NULL, session); - assert (rv == CKR_OK); - } - - /* Release all the other modules */ - for (i = 0; modules[i] != NULL; i++) { - if (modules[i] != module) - p11_kit_module_release (modules[i]); - } - - free (modules); - return module; -} - -static void -teardown_mock_module (CK_FUNCTION_LIST *module) -{ - p11_kit_module_finalize (module); - teardown_remote (NULL); -} - -static void -test_basic_exec (void) -{ - CK_FUNCTION_LIST **modules; - CK_FUNCTION_LIST *module; - CK_RV rv; - - modules = p11_kit_modules_load (NULL, 0); - - module = p11_kit_module_for_name (modules, "remote"); - assert (module != NULL); - - rv = p11_kit_module_initialize (module); - assert_num_eq (rv, CKR_OK); - - rv = p11_kit_module_finalize (module); - assert_num_eq (rv, CKR_OK); - - p11_kit_modules_release (modules); -} - -static void -test_basic_exec_with_init_arg (void) -{ - CK_FUNCTION_LIST **modules; - CK_FUNCTION_LIST *module; - CK_RV rv; - - modules = p11_kit_modules_load (NULL, 0); - - module = p11_kit_module_for_name (modules, "init-arg"); - assert (module != NULL); - - rv = p11_kit_module_initialize (module); - assert_num_eq (rv, CKR_OK); - - rv = p11_kit_module_finalize (module); - assert_num_eq (rv, CKR_OK); - - p11_kit_modules_release (modules); -} - -static void * -invoke_in_thread (void *arg) -{ - CK_FUNCTION_LIST *rpc_module = arg; - CK_INFO info; - CK_RV rv; - - rv = (rpc_module->C_GetInfo) (&info); - assert_num_eq (rv, CKR_OK); - - assert (memcmp (info.manufacturerID, MOCK_INFO.manufacturerID, - sizeof (info.manufacturerID)) == 0); - - return NULL; -} - -static void -test_simultaneous_functions (void) -{ - CK_FUNCTION_LIST **modules; - CK_FUNCTION_LIST *module; - const int num_threads = 128; - p11_thread_t threads[num_threads]; - int i, ret; - CK_RV rv; - - modules = p11_kit_modules_load (NULL, 0); - - module = p11_kit_module_for_name (modules, "remote"); - assert (module != NULL); - - rv = p11_kit_module_initialize (module); - assert_num_eq (rv, CKR_OK); - - for (i = 0; i < num_threads; i++) { - ret = p11_thread_create (threads + i, invoke_in_thread, module); - assert_num_eq (0, ret); - } - - for (i = 0; i < num_threads; i++) - p11_thread_join (threads[i]); - - rv = p11_kit_module_finalize (module); - assert_num_eq (rv, CKR_OK); - - p11_kit_modules_release (modules); -} - -#ifdef OS_UNIX - -static void -test_fork_and_reinitialize (void) -{ - CK_FUNCTION_LIST **modules; - CK_FUNCTION_LIST *module; - CK_INFO info; - int status; - CK_RV rv; - pid_t pid; - int i; - - modules = p11_kit_modules_load (NULL, 0); - - module = p11_kit_module_for_name (modules, "remote"); - assert (module != NULL); - - rv = p11_kit_module_initialize (module); - assert_num_eq (rv, CKR_OK); - - pid = fork (); - assert_num_cmp (pid, >=, 0); - - /* The child */ - if (pid == 0) { - rv = (module->C_Initialize) (NULL); - assert_num_eq (CKR_OK, rv); - - for (i = 0; i < 32; i++) { - rv = (module->C_GetInfo) (&info); - assert_num_eq (CKR_OK, rv); - } - - rv = (module->C_Finalize) (NULL); - assert_num_eq (CKR_OK, rv); - - _exit (66); - } - - for (i = 0; i < 128; i++) { - rv = (module->C_GetInfo) (&info); - assert_num_eq (CKR_OK, rv); - } - - assert_num_eq (waitpid (pid, &status, 0), pid); - assert_num_eq (WEXITSTATUS (status), 66); - - rv = p11_kit_module_finalize (module); - assert_num_eq (rv, CKR_OK); - - p11_kit_modules_release (modules); -} - -#endif /* OS_UNIX */ - -#include "test-mock.c" - -int -main (int argc, - char *argv[]) -{ - CK_MECHANISM_TYPE mechanisms[] = { - CKM_MOCK_CAPITALIZE, - CKM_MOCK_PREFIX, - CKM_MOCK_GENERATE, - CKM_MOCK_WRAP, - CKM_MOCK_DERIVE, - CKM_MOCK_COUNT, - 0, - }; - - p11_library_init (); - - /* Override the mechanisms that the RPC mechanism will handle */ - p11_rpc_mechanisms_override_supported = mechanisms; - - p11_fixture (setup_remote, teardown_remote); - p11_test (test_basic_exec, "/transport/basic"); - p11_test (test_basic_exec_with_init_arg, "/transport/init-arg"); - p11_test (test_simultaneous_functions, "/transport/simultaneous-functions"); - -#ifdef OS_UNIX - p11_test (test_fork_and_reinitialize, "/transport/fork-and-reinitialize"); -#endif - - test_mock_add_tests ("/transport"); - - return p11_test_run (argc, argv); -} diff --git a/p11-kit/test-uri.c b/p11-kit/test-uri.c deleted file mode 100644 index 1fb5081..0000000 --- a/p11-kit/test-uri.c +++ /dev/null @@ -1,1512 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@collabora.co.uk> - */ - -#include "config.h" -#include "test.h" - -#include "debug.h" -#include "message.h" - -#include <assert.h> -#include <string.h> -#include <stdio.h> -#include <stdlib.h> - -#include "p11-kit/uri.h" -#include "p11-kit/private.h" - -static int -is_module_empty (P11KitUri *uri) -{ - CK_INFO_PTR info = p11_kit_uri_get_module_info (uri); - return (info->libraryDescription[0] == 0 && - info->manufacturerID[0] == 0 && - info->libraryVersion.major == (CK_BYTE)-1 && - info->libraryVersion.minor == (CK_BYTE)-1); -} - -static int -is_slot_empty (P11KitUri *uri) -{ - CK_SLOT_INFO_PTR slot = p11_kit_uri_get_slot_info (uri); - return (slot->slotDescription[0] == 0 && - slot->manufacturerID[0] == 0); -} - -static int -is_token_empty (P11KitUri *uri) -{ - CK_TOKEN_INFO_PTR token = p11_kit_uri_get_token_info (uri); - return (token->serialNumber[0] == 0 && - token->manufacturerID[0] == 0 && - token->label[0] == 0 && - token->model[0] == 0); -} - -static int -are_attributes_empty (P11KitUri *uri) -{ - return (p11_kit_uri_get_attribute (uri, CKA_LABEL) == NULL && - p11_kit_uri_get_attribute (uri, CKA_ID) == NULL && - p11_kit_uri_get_attribute (uri, CKA_CLASS) == NULL); -} - -static void -test_uri_parse (void) -{ - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:", P11_KIT_URI_FOR_MODULE, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - assert (is_module_empty (uri)); - assert (is_slot_empty (uri)); - assert (is_token_empty (uri)); - assert (are_attributes_empty (uri)); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_bad_scheme (void) -{ - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("http:\\example.com\test", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_BAD_SCHEME, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_with_label (void) -{ - CK_ATTRIBUTE_PTR attr; - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:object=Test%20Label", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - assert (is_module_empty (uri)); - assert (is_slot_empty (uri)); - assert (is_token_empty (uri)); - - attr = p11_kit_uri_get_attribute (uri, CKA_LABEL); - assert_ptr_not_null (attr); - assert (attr->ulValueLen == strlen ("Test Label")); - assert (memcmp (attr->pValue, "Test Label", attr->ulValueLen) == 0); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_with_label_and_klass (void) -{ - CK_ATTRIBUTE_PTR attr; - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:object=Test%20Label;object-type=cert", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - attr = p11_kit_uri_get_attribute (uri, CKA_LABEL); - assert_ptr_not_null (attr); - assert (attr->ulValueLen == strlen ("Test Label")); - assert (memcmp (attr->pValue, "Test Label", attr->ulValueLen) == 0); - - attr = p11_kit_uri_get_attribute (uri, CKA_CLASS); - assert_ptr_not_null (attr); - assert (attr->ulValueLen == sizeof (CK_OBJECT_CLASS)); - assert (*((CK_OBJECT_CLASS_PTR)attr->pValue) == CKO_CERTIFICATE); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_with_label_and_new_klass (void) -{ - CK_ATTRIBUTE_PTR attr; - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:object=Test%20Label;type=cert", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - attr = p11_kit_uri_get_attribute (uri, CKA_LABEL); - assert_ptr_not_null (attr); - assert (attr->ulValueLen == strlen ("Test Label")); - assert (memcmp (attr->pValue, "Test Label", attr->ulValueLen) == 0); - - attr = p11_kit_uri_get_attribute (uri, CKA_CLASS); - assert_ptr_not_null (attr); - assert (attr->ulValueLen == sizeof (CK_OBJECT_CLASS)); - assert (*((CK_OBJECT_CLASS_PTR)attr->pValue) == CKO_CERTIFICATE); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_with_empty_label (void) -{ - CK_ATTRIBUTE_PTR attr; - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:object=;type=cert", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - attr = p11_kit_uri_get_attribute (uri, CKA_LABEL); - assert_ptr_not_null (attr); - - p11_kit_uri_free (uri); - - /* really empty */ - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:type=cert", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - attr = p11_kit_uri_get_attribute (uri, CKA_LABEL); - assert (attr == NULL); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_with_empty_id (void) -{ - CK_ATTRIBUTE_PTR attr; - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:id=;type=cert", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - attr = p11_kit_uri_get_attribute (uri, CKA_ID); - assert_ptr_not_null (attr); - - p11_kit_uri_free (uri); - - /* really empty */ - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:type=cert", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - attr = p11_kit_uri_get_attribute (uri, CKA_ID); - assert (attr == NULL); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_with_id (void) -{ - CK_ATTRIBUTE_PTR attr; - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:id=%54%45%53%54%00", P11_KIT_URI_FOR_OBJECT, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - /* Note that there's a NULL in the attribute (end) */ - attr = p11_kit_uri_get_attribute (uri, CKA_ID); - assert_ptr_not_null (attr); - assert (attr->ulValueLen == 5); - assert (memcmp (attr->pValue, "TEST", 5) == 0); - - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_with_bad_string_encoding (void) -{ - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:object=Test%", P11_KIT_URI_FOR_OBJECT, uri); - assert_num_eq (P11_KIT_URI_BAD_ENCODING, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_with_bad_hex_encoding (void) -{ - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:object=T%xxest", P11_KIT_URI_FOR_OBJECT, uri); - assert_num_eq (P11_KIT_URI_BAD_ENCODING, ret); - - p11_kit_uri_free (uri); -} - -static bool -is_space_string (CK_UTF8CHAR_PTR string, CK_ULONG size, const char *check) -{ - size_t i, len = strlen (check); - if (len > size) - return false; - if (memcmp (string, check, len) != 0) - return false; - for (i = len; i < size; ++i) - if (string[i] != ' ') - return false; - return true; -} - -static void -test_uri_parse_with_token (void) -{ - P11KitUri *uri = NULL; - CK_TOKEN_INFO_PTR token; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:token=Token%20Label;serial=3333;model=Deluxe;manufacturer=Me", - P11_KIT_URI_FOR_TOKEN, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - token = p11_kit_uri_get_token_info (uri); - assert (is_space_string (token->label, sizeof (token->label), "Token Label")); - assert (is_space_string (token->serialNumber, sizeof (token->serialNumber), "3333")); - assert (is_space_string (token->model, sizeof (token->model), "Deluxe")); - assert (is_space_string (token->manufacturerID, sizeof (token->manufacturerID), "Me")); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_with_token_bad_encoding (void) -{ - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:token=Token%", P11_KIT_URI_FOR_TOKEN, uri); - assert_num_eq (P11_KIT_URI_BAD_ENCODING, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_with_bad_syntax (void) -{ - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:token", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_BAD_SYNTAX, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_with_spaces (void) -{ - P11KitUri *uri = NULL; - CK_INFO_PTR info; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkc\ns11: lib rary-desc\rrip \n tion =The%20Library;\n\n\nlibrary-manufacturer=\rMe", - P11_KIT_URI_FOR_MODULE, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - info = p11_kit_uri_get_module_info (uri); - - assert (is_space_string (info->manufacturerID, sizeof (info->manufacturerID), "Me")); - assert (is_space_string (info->libraryDescription, sizeof (info->libraryDescription), "The Library")); - - p11_kit_uri_free (uri); -} - - -static void -test_uri_parse_with_library (void) -{ - P11KitUri *uri = NULL; - CK_INFO_PTR info; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:library-description=The%20Library;library-manufacturer=Me", - P11_KIT_URI_FOR_MODULE, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - info = p11_kit_uri_get_module_info (uri); - - assert (is_space_string (info->manufacturerID, sizeof (info->manufacturerID), "Me")); - assert (is_space_string (info->libraryDescription, sizeof (info->libraryDescription), "The Library")); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_with_library_bad_encoding (void) -{ - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:library-description=Library%", P11_KIT_URI_FOR_MODULE, uri); - assert_num_eq (P11_KIT_URI_BAD_ENCODING, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_with_slot (void) -{ - P11KitUri *uri = NULL; - CK_SLOT_INFO_PTR slot; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:slot-description=Slot%20Description;slot-manufacturer=Me", - P11_KIT_URI_FOR_SLOT, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - slot = p11_kit_uri_get_slot_info (uri); - assert (is_space_string (slot->slotDescription, sizeof (slot->slotDescription), "Slot Description")); - assert (is_space_string (slot->manufacturerID, sizeof (slot->manufacturerID), "Me")); - - p11_kit_uri_free (uri); -} - -static void -test_uri_build_empty (void) -{ - P11KitUri *uri; - char *string; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - assert_str_eq ("pkcs11:", string); - free (string); - - p11_kit_uri_free (uri); -} - -static void -set_space_string (CK_BYTE_PTR buffer, CK_ULONG length, const char *string) -{ - size_t len = strlen (string); - assert (len <= length); - memset (buffer, ' ', length); - memcpy (buffer, string, len); -} - -static void -test_uri_build_with_token_info (void) -{ - char *string = NULL; - P11KitUri *uri; - P11KitUri *check; - CK_TOKEN_INFO_PTR token; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - token = p11_kit_uri_get_token_info (uri); - set_space_string (token->label, sizeof (token->label), "The Label"); - set_space_string (token->serialNumber, sizeof (token->serialNumber), "44444"); - set_space_string (token->manufacturerID, sizeof (token->manufacturerID), "Me"); - set_space_string (token->model, sizeof (token->model), "Deluxe"); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - assert_ptr_not_null (string); - - check = p11_kit_uri_new (); - assert_ptr_not_null (check); - - ret = p11_kit_uri_parse (string, P11_KIT_URI_FOR_TOKEN, check); - assert_num_eq (P11_KIT_URI_OK, ret); - - p11_kit_uri_match_token_info (check, p11_kit_uri_get_token_info (uri)); - - p11_kit_uri_free (uri); - p11_kit_uri_free (check); - - assert (strstr (string, "token=The%20Label") != NULL); - assert (strstr (string, "serial=44444") != NULL); - assert (strstr (string, "manufacturer=Me") != NULL); - assert (strstr (string, "model=Deluxe") != NULL); - - free (string); -} - -static void -test_uri_build_with_token_null_info (void) -{ - char *string = NULL; - P11KitUri *uri; - CK_TOKEN_INFO_PTR token; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - token = p11_kit_uri_get_token_info (uri); - set_space_string (token->label, sizeof (token->label), "The Label"); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - - assert (strstr (string, "token=The%20Label") != NULL); - assert (strstr (string, "serial=") == NULL); - - free (string); - p11_kit_uri_free (uri); -} - -static void -test_uri_build_with_token_empty_info (void) -{ - char *string = NULL; - P11KitUri *uri; - CK_TOKEN_INFO_PTR token; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - token = p11_kit_uri_get_token_info (uri); - set_space_string (token->label, sizeof (token->label), ""); - set_space_string (token->serialNumber, sizeof (token->serialNumber), ""); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - - assert (strstr (string, "token=") != NULL); - assert (strstr (string, "serial=") != NULL); - - free (string); - p11_kit_uri_free (uri); -} - -static void -test_uri_build_with_attributes (void) -{ - char *string = NULL; - P11KitUri *uri; - P11KitUri *check; - CK_OBJECT_CLASS klass; - CK_ATTRIBUTE_PTR attr; - CK_ATTRIBUTE at; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - at.type = CKA_LABEL; - at.pValue = "The Label"; - at.ulValueLen = 9; - ret = p11_kit_uri_set_attribute (uri, &at); - assert_num_eq (P11_KIT_URI_OK, ret); - - at.type = CKA_ID; - at.pValue = "HELLO"; - at.ulValueLen = 5; - ret = p11_kit_uri_set_attribute (uri, &at); - assert_num_eq (P11_KIT_URI_OK, ret); - - klass = CKO_DATA; - at.type = CKA_CLASS; - at.pValue = &klass; - at.ulValueLen = sizeof (klass); - ret = p11_kit_uri_set_attribute (uri, &at); - assert_num_eq (P11_KIT_URI_OK, ret); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - - check = p11_kit_uri_new (); - assert_ptr_not_null (check); - - ret = p11_kit_uri_parse (string, P11_KIT_URI_FOR_ANY, check); - assert_num_eq (P11_KIT_URI_OK, ret); - - attr = p11_kit_uri_get_attribute (check, CKA_LABEL); - assert_ptr_not_null (attr); - assert (attr->ulValueLen == 9); - assert (memcmp (attr->pValue, "The Label", attr->ulValueLen) == 0); - - attr = p11_kit_uri_get_attribute (check, CKA_CLASS); - assert_ptr_not_null (attr); - assert (attr->ulValueLen == sizeof (klass)); - assert (*((CK_OBJECT_CLASS_PTR)attr->pValue) == klass); - - attr = p11_kit_uri_get_attribute (check, CKA_ID); - assert_ptr_not_null (attr); - assert (attr->ulValueLen == 5); - assert (memcmp (attr->pValue, "HELLO", attr->ulValueLen) == 0); - - p11_kit_uri_free (check); - - assert (strstr (string, "object=The%20Label") != NULL); - assert (strstr (string, "type=data") != NULL); - assert (strstr (string, "id=%48%45%4c%4c%4f") != NULL); - - free (string); - p11_kit_uri_free (uri); -} - -static void -test_uri_build_with_slot_info (void) -{ - char *string = NULL; - P11KitUri *uri; - P11KitUri *check; - CK_SLOT_INFO_PTR slot; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - slot = p11_kit_uri_get_slot_info (uri); - set_space_string (slot->slotDescription, sizeof (slot->slotDescription), "The Slot Description"); - set_space_string (slot->manufacturerID, sizeof (slot->manufacturerID), "Me"); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - assert_ptr_not_null (string); - - check = p11_kit_uri_new (); - assert_ptr_not_null (check); - - ret = p11_kit_uri_parse (string, P11_KIT_URI_FOR_SLOT, check); - assert_num_eq (P11_KIT_URI_OK, ret); - - p11_kit_uri_match_slot_info (check, p11_kit_uri_get_slot_info (uri)); - - p11_kit_uri_free (uri); - p11_kit_uri_free (check); - - assert (strstr (string, "slot-description=The%20Slot%20Description") != NULL); - assert (strstr (string, "slot-manufacturer=Me") != NULL); - - free (string); -} - -static void -test_uri_parse_private_key (void) -{ - P11KitUri *uri; - CK_ATTRIBUTE_PTR attr; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:type=private", P11_KIT_URI_FOR_OBJECT, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - attr = p11_kit_uri_get_attribute (uri, CKA_CLASS); - assert_ptr_not_null (attr); - assert (attr->ulValueLen == sizeof (CK_OBJECT_CLASS)); - assert (*((CK_OBJECT_CLASS_PTR)attr->pValue) == CKO_PRIVATE_KEY); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_secret_key (void) -{ - P11KitUri *uri; - CK_ATTRIBUTE_PTR attr; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:type=secret-key", P11_KIT_URI_FOR_OBJECT, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - attr = p11_kit_uri_get_attribute (uri, CKA_CLASS); - assert_ptr_not_null (attr); - assert (attr->ulValueLen == sizeof (CK_OBJECT_CLASS)); - assert (*((CK_OBJECT_CLASS_PTR)attr->pValue) == CKO_SECRET_KEY); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_library_version (void) -{ - P11KitUri *uri; - CK_INFO_PTR info; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:library-version=2.101", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - info = p11_kit_uri_get_module_info (uri); - assert_num_eq (2, info->libraryVersion.major); - assert_num_eq (101, info->libraryVersion.minor); - - ret = p11_kit_uri_parse ("pkcs11:library-version=23", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - info = p11_kit_uri_get_module_info (uri); - assert_num_eq (23, info->libraryVersion.major); - assert_num_eq (0, info->libraryVersion.minor); - - ret = p11_kit_uri_parse ("pkcs11:library-version=23.", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri); - assert_num_eq (P11_KIT_URI_BAD_VERSION, ret); - - ret = p11_kit_uri_parse ("pkcs11:library-version=a.a", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri); - assert_num_eq (P11_KIT_URI_BAD_VERSION, ret); - - ret = p11_kit_uri_parse ("pkcs11:library-version=.23", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri); - assert_num_eq (P11_KIT_URI_BAD_VERSION, ret); - - ret = p11_kit_uri_parse ("pkcs11:library-version=1000", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri); - assert_num_eq (P11_KIT_URI_BAD_VERSION, ret); - - ret = p11_kit_uri_parse ("pkcs11:library-version=2.1000", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri); - assert_num_eq (P11_KIT_URI_BAD_VERSION, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_parse_unknown_object_type (void) -{ - P11KitUri *uri; - CK_ATTRIBUTE_PTR attr; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:type=unknown", P11_KIT_URI_FOR_OBJECT, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - attr = p11_kit_uri_get_attribute (uri, CKA_CLASS); - assert_ptr_eq (NULL, attr); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_unrecognized (void) -{ - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:x-blah=some-value", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - ret = p11_kit_uri_any_unrecognized (uri); - assert_num_eq (1, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_parse_too_long_is_unrecognized (void) -{ - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:model=a-value-that-is-too-long-for-the-field-that-it-goes-with", - P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - ret = p11_kit_uri_any_unrecognized (uri); - assert_num_eq (1, ret); - - p11_kit_uri_free (uri); -} - - - -static void -test_uri_build_object_type_cert (void) -{ - CK_ATTRIBUTE attr; - CK_OBJECT_CLASS klass; - P11KitUri *uri; - char *string; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - klass = CKO_CERTIFICATE; - attr.type = CKA_CLASS; - attr.pValue = &klass; - attr.ulValueLen = sizeof (klass); - p11_kit_uri_set_attribute (uri, &attr); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - assert (strstr (string, "type=cert") != NULL); - - p11_kit_uri_free (uri); - free (string); -} - -static void -test_uri_build_object_type_private (void) -{ - CK_ATTRIBUTE attr; - CK_OBJECT_CLASS klass; - P11KitUri *uri; - char *string; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - klass = CKO_PRIVATE_KEY; - attr.type = CKA_CLASS; - attr.pValue = &klass; - attr.ulValueLen = sizeof (klass); - p11_kit_uri_set_attribute (uri, &attr); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - assert (strstr (string, "type=private") != NULL); - - p11_kit_uri_free (uri); - free (string); -} - -static void -test_uri_build_object_type_public (void) -{ - CK_ATTRIBUTE attr; - CK_OBJECT_CLASS klass; - P11KitUri *uri; - char *string; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - klass = CKO_PUBLIC_KEY; - attr.type = CKA_CLASS; - attr.pValue = &klass; - attr.ulValueLen = sizeof (klass); - p11_kit_uri_set_attribute (uri, &attr); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - assert (strstr (string, "type=public") != NULL); - - p11_kit_uri_free (uri); - free (string); -} - -static void -test_uri_build_object_type_secret (void) -{ - CK_ATTRIBUTE attr; - CK_OBJECT_CLASS klass; - P11KitUri *uri; - char *string; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - klass = CKO_SECRET_KEY; - attr.type = CKA_CLASS; - attr.pValue = &klass; - attr.ulValueLen = sizeof (klass); - p11_kit_uri_set_attribute (uri, &attr); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - assert (strstr (string, "type=secret-key") != NULL); - - p11_kit_uri_free (uri); - free (string); -} - -static void -test_uri_build_with_library (void) -{ - CK_INFO_PTR info; - P11KitUri *uri; - char *string; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - info = p11_kit_uri_get_module_info (uri); - set_space_string (info->libraryDescription, sizeof (info->libraryDescription), "The Description"); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - assert (strstr (string, "library-description=The%20Description") != NULL); - - p11_kit_uri_free (uri); - free (string); -} - -static void -test_uri_build_library_version (void) -{ - CK_INFO_PTR info; - P11KitUri *uri; - char *string; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - info = p11_kit_uri_get_module_info (uri); - info->libraryVersion.major = 2; - info->libraryVersion.minor = 10; - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - assert (strstr (string, "library-version=2.10") != NULL); - - p11_kit_uri_free (uri); - free (string); -} - -static void -test_uri_get_set_unrecognized (void) -{ - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_any_unrecognized (uri); - assert_num_eq (0, ret); - - p11_kit_uri_set_unrecognized (uri, 1); - - ret = p11_kit_uri_any_unrecognized (uri); - assert_num_eq (1, ret); - - p11_kit_uri_set_unrecognized (uri, 0); - - ret = p11_kit_uri_any_unrecognized (uri); - assert_num_eq (0, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_match_token (void) -{ - CK_TOKEN_INFO token; - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:model=Giselle", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - set_space_string (token.label, sizeof (token.label), "A label"); - set_space_string (token.model, sizeof (token.model), "Giselle"); - - ret = p11_kit_uri_match_token_info (uri, &token); - assert_num_eq (1, ret); - - set_space_string (token.label, sizeof (token.label), "Another label"); - - ret = p11_kit_uri_match_token_info (uri, &token); - assert_num_eq (1, ret); - - set_space_string (token.model, sizeof (token.model), "Zoolander"); - - ret = p11_kit_uri_match_token_info (uri, &token); - assert_num_eq (0, ret); - - p11_kit_uri_set_unrecognized (uri, 1); - - ret = p11_kit_uri_match_token_info (uri, &token); - assert_num_eq (0, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_match_module (void) -{ - CK_INFO info; - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:library-description=Quiet", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - set_space_string (info.libraryDescription, sizeof (info.libraryDescription), "Quiet"); - set_space_string (info.manufacturerID, sizeof (info.manufacturerID), "Someone"); - - ret = p11_kit_uri_match_module_info (uri, &info); - assert_num_eq (1, ret); - - set_space_string (info.manufacturerID, sizeof (info.manufacturerID), "Someone else"); - - ret = p11_kit_uri_match_module_info (uri, &info); - assert_num_eq (1, ret); - - set_space_string (info.libraryDescription, sizeof (info.libraryDescription), "Leise"); - - ret = p11_kit_uri_match_module_info (uri, &info); - assert_num_eq (0, ret); - - p11_kit_uri_set_unrecognized (uri, 1); - - ret = p11_kit_uri_match_module_info (uri, &info); - assert_num_eq (0, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_match_version (void) -{ - CK_INFO info; - P11KitUri *uri; - int ret; - - memset (&info, 0, sizeof (info)); - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:library-version=5.8", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - info.libraryVersion.major = 5; - info.libraryVersion.minor = 8; - - ret = p11_kit_uri_match_module_info (uri, &info); - assert_num_eq (1, ret); - - info.libraryVersion.major = 2; - info.libraryVersion.minor = 3; - - ret = p11_kit_uri_match_module_info (uri, &info); - assert_num_eq (0, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_match_attributes (void) -{ - CK_ATTRIBUTE attrs[4]; - CK_OBJECT_CLASS klass; - P11KitUri *uri; - int ret; - - attrs[0].type = CKA_ID; - attrs[0].pValue = "Blah"; - attrs[0].ulValueLen = 4; - - attrs[1].type = CKA_LABEL; - attrs[1].pValue = "Junk"; - attrs[1].ulValueLen = 4; - - attrs[2].type = CKA_COLOR; - attrs[2].pValue = "blue"; - attrs[2].ulValueLen = 4; - - klass = CKO_DATA; - attrs[3].type = CKA_CLASS; - attrs[3].pValue = &klass; - attrs[3].ulValueLen = sizeof (klass); - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:object=Fancy;id=Blah;type=data", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - ret = p11_kit_uri_match_attributes (uri, attrs, 4); - assert_num_eq (0, ret); - - attrs[1].pValue = "Fancy"; - attrs[1].ulValueLen = 5; - - ret = p11_kit_uri_match_attributes (uri, attrs, 4); - assert_num_eq (1, ret); - - p11_kit_uri_clear_attribute (uri, CKA_CLASS); - - ret = p11_kit_uri_match_attributes (uri, attrs, 4); - assert_num_eq (1, ret); - - attrs[2].pValue = "pink"; - - ret = p11_kit_uri_match_attributes (uri, attrs, 4); - assert_num_eq (1, ret); - - p11_kit_uri_set_unrecognized (uri, 1); - - ret = p11_kit_uri_match_attributes (uri, attrs, 4); - assert_num_eq (0, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_get_set_attribute (void) -{ - CK_ATTRIBUTE attr; - CK_ATTRIBUTE_PTR ptr; - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ptr = p11_kit_uri_get_attribute (uri, CKA_LABEL); - assert_ptr_eq (NULL, ptr); - - ret = p11_kit_uri_clear_attribute (uri, CKA_LABEL); - assert_num_eq (P11_KIT_URI_OK, ret); - - ret = p11_kit_uri_clear_attribute (uri, CKA_COLOR); - assert_num_eq (P11_KIT_URI_NOT_FOUND, ret); - - attr.type = CKA_LABEL; - attr.pValue = "Test"; - attr.ulValueLen = 4; - - ret = p11_kit_uri_set_attribute (uri, &attr); - assert_num_eq (P11_KIT_URI_OK, ret); - - /* We can set other attributes */ - attr.type = CKA_COLOR; - ret = p11_kit_uri_set_attribute (uri, &attr); - assert_num_eq (P11_KIT_URI_OK, ret); - - /* And get them too */ - ptr = p11_kit_uri_get_attribute (uri, CKA_COLOR); - assert_ptr_not_null (ptr); - - ptr = p11_kit_uri_get_attribute (uri, CKA_LABEL); - assert_ptr_not_null (ptr); - - assert (ptr->type == CKA_LABEL); - assert (ptr->ulValueLen == 4); - assert (memcmp (ptr->pValue, "Test", 4) == 0); - - ret = p11_kit_uri_clear_attribute (uri, CKA_LABEL); - assert_num_eq (P11_KIT_URI_OK, ret); - - ptr = p11_kit_uri_get_attribute (uri, CKA_LABEL); - assert_ptr_eq (NULL, ptr); - - p11_kit_uri_free (uri); -} - -static void -test_uri_get_set_attributes (void) -{ - CK_ATTRIBUTE_PTR attrs; - CK_OBJECT_CLASS klass; - CK_ATTRIBUTE attr; - CK_ULONG n_attrs; - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - attrs = p11_kit_uri_get_attributes (uri, &n_attrs); - assert_ptr_not_null (attrs); - assert_num_eq (0, n_attrs); - - attr.type = CKA_LABEL; - attr.pValue = "Test"; - attr.ulValueLen = 4; - - ret = p11_kit_uri_set_attribute (uri, &attr); - assert_num_eq (P11_KIT_URI_OK, ret); - - attrs = p11_kit_uri_get_attributes (uri, &n_attrs); - assert_ptr_not_null (attrs); - assert_num_eq (1, n_attrs); - assert (attrs[0].type == CKA_LABEL); - assert (attrs[0].ulValueLen == 4); - assert (memcmp (attrs[0].pValue, "Test", 4) == 0); - - attr.type = CKA_LABEL; - attr.pValue = "Kablooey"; - attr.ulValueLen = 8; - - ret = p11_kit_uri_set_attribute (uri, &attr); - assert_num_eq (P11_KIT_URI_OK, ret); - - attrs = p11_kit_uri_get_attributes (uri, &n_attrs); - assert_ptr_not_null (attrs); - assert_num_eq (1, n_attrs); - assert (attrs[0].type == CKA_LABEL); - assert (attrs[0].ulValueLen == 8); - assert (memcmp (attrs[0].pValue, "Kablooey", 8) == 0); - - klass = CKO_DATA; - attr.type = CKA_CLASS; - attr.pValue = &klass; - attr.ulValueLen = sizeof (klass); - - ret = p11_kit_uri_set_attribute (uri, &attr); - assert_num_eq (P11_KIT_URI_OK, ret); - - attrs = p11_kit_uri_get_attributes (uri, &n_attrs); - assert_ptr_not_null (attrs); - assert_num_eq (2, n_attrs); - assert (attrs[0].type == CKA_LABEL); - assert (attrs[0].ulValueLen == 8); - assert (memcmp (attrs[0].pValue, "Kablooey", 8) == 0); - assert (attrs[1].type == CKA_CLASS); - assert (attrs[1].ulValueLen == sizeof (klass)); - assert (memcmp (attrs[1].pValue, &klass, sizeof (klass)) == 0); - - ret = p11_kit_uri_clear_attribute (uri, CKA_LABEL); - assert_num_eq (P11_KIT_URI_OK, ret); - - attrs = p11_kit_uri_get_attributes (uri, &n_attrs); - assert_ptr_not_null (attrs); - assert_num_eq (1, n_attrs); - assert (attrs[0].type == CKA_CLASS); - assert (attrs[0].ulValueLen == sizeof (klass)); - assert (memcmp (attrs[0].pValue, &klass, sizeof (klass)) == 0); - - attr.type = CKA_LABEL; - attr.pValue = "Three"; - attr.ulValueLen = 5; - - ret = p11_kit_uri_set_attributes (uri, &attr, 1); - assert_num_eq (P11_KIT_URI_OK, ret); - - attrs = p11_kit_uri_get_attributes (uri, &n_attrs); - assert_ptr_not_null (attrs); - assert_num_eq (1, n_attrs); - assert (attrs[0].type == CKA_LABEL); - assert (attrs[0].ulValueLen == 5); - assert (memcmp (attrs[0].pValue, "Three", 5) == 0); - - p11_kit_uri_clear_attributes (uri); - - attrs = p11_kit_uri_get_attributes (uri, &n_attrs); - assert_ptr_not_null (attrs); - assert_num_eq (0, n_attrs); - - p11_kit_uri_free (uri); -} - -static void -test_uri_pin_source (void) -{ - P11KitUri *uri; - const char *pin_source; - char *string; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - p11_kit_uri_set_pin_source (uri, "|my-pin-source"); - - pin_source = p11_kit_uri_get_pin_source (uri); - assert_str_eq ("|my-pin-source", pin_source); - - pin_source = p11_kit_uri_get_pinfile (uri); - assert_str_eq ("|my-pin-source", pin_source); - - p11_kit_uri_set_pinfile (uri, "|my-pin-file"); - - pin_source = p11_kit_uri_get_pin_source (uri); - assert_str_eq ("|my-pin-file", pin_source); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - assert (strstr (string, "pin-source=%7cmy-pin-file") != NULL); - free (string); - - ret = p11_kit_uri_parse ("pkcs11:pin-source=blah%2Fblah", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - pin_source = p11_kit_uri_get_pin_source (uri); - assert_str_eq ("blah/blah", pin_source); - - p11_kit_uri_free (uri); -} - - -static void -test_uri_pin_value (void) -{ - P11KitUri *uri; - const char *pin_value; - char *string; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - p11_kit_uri_set_pin_value (uri, "123456"); - - pin_value = p11_kit_uri_get_pin_value (uri); - assert_str_eq ("123456", pin_value); - - p11_kit_uri_set_pin_value (uri, "1*&#%&@("); - - pin_value = p11_kit_uri_get_pin_value (uri); - assert_str_eq ("1*&#%&@(", pin_value); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - assert (strstr (string, "pkcs11:pin-value=1%2a%26%23%25%26%40%28") != NULL); - free (string); - - ret = p11_kit_uri_parse ("pkcs11:pin-value=blah%2Fblah", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - pin_value = p11_kit_uri_get_pin_value (uri); - assert_str_eq ("blah/blah", pin_value); - - p11_kit_uri_free (uri); -} - -static void -test_uri_pin_value_bad (void) -{ - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:pin-value=blahblah%2", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_BAD_ENCODING, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_slot_id (void) -{ - P11KitUri *uri; - CK_SLOT_ID slot_id; - char *string; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - p11_kit_uri_set_slot_id (uri, 12345); - - slot_id = p11_kit_uri_get_slot_id (uri); - assert_num_eq (12345, slot_id); - - ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); - assert_num_eq (P11_KIT_URI_OK, ret); - assert (strstr (string, "pkcs11:slot-id=12345") != NULL); - free (string); - - ret = p11_kit_uri_parse ("pkcs11:slot-id=67890", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_OK, ret); - - slot_id = p11_kit_uri_get_slot_id (uri); - assert_num_eq (67890, slot_id); - - p11_kit_uri_free (uri); -} - -static void -test_uri_slot_id_bad (void) -{ - P11KitUri *uri; - int ret; - - uri = p11_kit_uri_new (); - assert_ptr_not_null (uri); - - ret = p11_kit_uri_parse ("pkcs11:slot-id=123^456", P11_KIT_URI_FOR_ANY, uri); - assert_num_eq (P11_KIT_URI_BAD_SYNTAX, ret); - - p11_kit_uri_free (uri); -} - -static void -test_uri_free_null (void) -{ - p11_kit_uri_free (NULL); -} - -static void -test_uri_message (void) -{ - assert (p11_kit_uri_message (P11_KIT_URI_OK) == NULL); - assert_ptr_not_null (p11_kit_uri_message (P11_KIT_URI_UNEXPECTED)); - assert_ptr_not_null (p11_kit_uri_message (-555555)); -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_uri_parse, "/uri/test_uri_parse"); - p11_test (test_uri_parse_bad_scheme, "/uri/test_uri_parse_bad_scheme"); - p11_test (test_uri_parse_with_label, "/uri/test_uri_parse_with_label"); - p11_test (test_uri_parse_with_empty_label, "/uri/test_uri_parse_with_empty_label"); - p11_test (test_uri_parse_with_empty_id, "/uri/test_uri_parse_with_empty_id"); - p11_test (test_uri_parse_with_label_and_klass, "/uri/test_uri_parse_with_label_and_klass"); - p11_test (test_uri_parse_with_label_and_new_klass, "/uri/parse-with-label-and-new-class"); - p11_test (test_uri_parse_with_id, "/uri/test_uri_parse_with_id"); - p11_test (test_uri_parse_with_bad_string_encoding, "/uri/test_uri_parse_with_bad_string_encoding"); - p11_test (test_uri_parse_with_bad_hex_encoding, "/uri/test_uri_parse_with_bad_hex_encoding"); - p11_test (test_uri_parse_with_token, "/uri/test_uri_parse_with_token"); - p11_test (test_uri_parse_with_token_bad_encoding, "/uri/test_uri_parse_with_token_bad_encoding"); - p11_test (test_uri_parse_with_bad_syntax, "/uri/test_uri_parse_with_bad_syntax"); - p11_test (test_uri_parse_with_spaces, "/uri/test_uri_parse_with_spaces"); - p11_test (test_uri_parse_with_library, "/uri/test_uri_parse_with_library"); - p11_test (test_uri_parse_with_library_bad_encoding, "/uri/test_uri_parse_with_library_bad_encoding"); - p11_test (test_uri_parse_with_slot, "/uri/test_uri_parse_with_slot"); - p11_test (test_uri_build_empty, "/uri/test_uri_build_empty"); - p11_test (test_uri_build_with_token_info, "/uri/test_uri_build_with_token_info"); - p11_test (test_uri_build_with_token_null_info, "/uri/test_uri_build_with_token_null_info"); - p11_test (test_uri_build_with_token_empty_info, "/uri/test_uri_build_with_token_empty_info"); - p11_test (test_uri_build_with_attributes, "/uri/test_uri_build_with_attributes"); - p11_test (test_uri_build_with_slot_info, "/uri/test_uri_build_with_slot_info"); - p11_test (test_uri_parse_private_key, "/uri/test_uri_parse_private_key"); - p11_test (test_uri_parse_secret_key, "/uri/test_uri_parse_secret_key"); - p11_test (test_uri_parse_library_version, "/uri/test_uri_parse_library_version"); - p11_test (test_uri_parse_parse_unknown_object_type, "/uri/test_uri_parse_parse_unknown_object_type"); - p11_test (test_uri_parse_unrecognized, "/uri/test_uri_parse_unrecognized"); - p11_test (test_uri_parse_too_long_is_unrecognized, "/uri/test_uri_parse_too_long_is_unrecognized"); - p11_test (test_uri_build_object_type_cert, "/uri/test_uri_build_object_type_cert"); - p11_test (test_uri_build_object_type_private, "/uri/test_uri_build_object_type_private"); - p11_test (test_uri_build_object_type_public, "/uri/test_uri_build_object_type_public"); - p11_test (test_uri_build_object_type_secret, "/uri/test_uri_build_object_type_secret"); - p11_test (test_uri_build_with_library, "/uri/test_uri_build_with_library"); - p11_test (test_uri_build_library_version, "/uri/test_uri_build_library_version"); - p11_test (test_uri_get_set_unrecognized, "/uri/test_uri_get_set_unrecognized"); - p11_test (test_uri_match_token, "/uri/test_uri_match_token"); - p11_test (test_uri_match_module, "/uri/test_uri_match_module"); - p11_test (test_uri_match_version, "/uri/test_uri_match_version"); - p11_test (test_uri_match_attributes, "/uri/test_uri_match_attributes"); - p11_test (test_uri_get_set_attribute, "/uri/test_uri_get_set_attribute"); - p11_test (test_uri_get_set_attributes, "/uri/test_uri_get_set_attributes"); - p11_test (test_uri_pin_source, "/uri/test_uri_pin_source"); - p11_test (test_uri_pin_value, "/uri/pin-value"); - p11_test (test_uri_pin_value_bad, "/uri/pin-value-bad"); - p11_test (test_uri_slot_id, "/uri/slot-id"); - p11_test (test_uri_slot_id_bad, "/uri/slot-id-bad"); - p11_test (test_uri_free_null, "/uri/test_uri_free_null"); - p11_test (test_uri_message, "/uri/test_uri_message"); - - return p11_test_run (argc, argv); -} diff --git a/p11-kit/test-util.c b/p11-kit/test-util.c deleted file mode 100644 index 0e579cd..0000000 --- a/p11-kit/test-util.c +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@collabora.co.uk> - */ - -#include "config.h" -#include "test.h" - -#include "p11-kit.h" - -#include <stdio.h> -#include <stdlib.h> - -static void -test_space_strlen (void) -{ - assert_num_eq (4, p11_kit_space_strlen ((const unsigned char *)"Test ", 20)); - assert_num_eq (20, p11_kit_space_strlen ((const unsigned char *)"01234567890123456789", 20)); - assert_num_eq (0, p11_kit_space_strlen ((const unsigned char *)" ", 20)); -} - -int -main (int argc, - char *argv[]) -{ - putenv ("P11_KIT_STRICT=1"); - - p11_test (test_space_strlen, "/util/space-strlen"); - return p11_test_run (argc, argv); -} diff --git a/p11-kit/test-virtual.c b/p11-kit/test-virtual.c deleted file mode 100644 index e642820..0000000 --- a/p11-kit/test-virtual.c +++ /dev/null @@ -1,171 +0,0 @@ -/* - * Copyright (c) 2012 Stefan Walter - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stef@thewalter.net> - */ - -#include "config.h" - -#include "library.h" -#include "p11-kit.h" -#include "private.h" -#include "virtual.h" - -#include "test.h" - -#include "mock.h" - -#include <sys/types.h> -#include <assert.h> -#include <string.h> -#include <stdio.h> -#include <stdlib.h> - -/* - * test-managed.c is a pretty good test of the closure code, so we - * just test a few things here. - */ - -typedef struct { - p11_virtual virt; - void *check; -} Override; - -static CK_RV -override_initialize (CK_X_FUNCTION_LIST *self, - CK_VOID_PTR args) -{ - Override *over = (Override *)self; - - assert_str_eq ("initialize-arg", args); - assert_str_eq ("overide-arg", over->check); - - /* An arbitrary error code to check */ - return CKR_NEED_TO_CREATE_THREADS; -} - -static bool test_destroyed = false; - -static void -test_destroyer (void *data) -{ - assert (data == &mock_x_module_no_slots); - assert (test_destroyed == false); - test_destroyed = true; -} - -static void -test_initialize (void) -{ - CK_FUNCTION_LIST_PTR module; - Override over = { }; - CK_RV rv; - - p11_virtual_init (&over.virt, &p11_virtual_stack, &mock_x_module_no_slots, test_destroyer); - over.virt.funcs.C_Initialize = override_initialize; - over.check = "overide-arg"; - test_destroyed = false; - - module = p11_virtual_wrap (&over.virt, (p11_destroyer)p11_virtual_uninit); - assert_ptr_not_null (module); - - rv = (module->C_Initialize) ("initialize-arg"); - assert_num_eq (CKR_NEED_TO_CREATE_THREADS, rv); - - p11_virtual_unwrap (module); - assert_num_eq (true, test_destroyed); -} - -static void -test_fall_through (void) -{ - CK_FUNCTION_LIST_PTR module; - Override over = { }; - p11_virtual base; - CK_RV rv; - - p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); - p11_virtual_init (&over.virt, &p11_virtual_stack, &base, NULL); - over.virt.funcs.C_Initialize = override_initialize; - over.check = "overide-arg"; - - module = p11_virtual_wrap (&over.virt, NULL); - assert_ptr_not_null (module); - - rv = (module->C_Initialize) ("initialize-arg"); - assert_num_eq (CKR_NEED_TO_CREATE_THREADS, rv); - - /* All other functiosn should have just fallen through */ - assert_ptr_eq (mock_module_no_slots.C_Finalize, module->C_Finalize); - - p11_virtual_unwrap (module); -} - -static void -test_get_function_list (void) -{ - CK_FUNCTION_LIST_PTR module; - CK_FUNCTION_LIST_PTR list; - p11_virtual virt; - CK_RV rv; - - p11_virtual_init (&virt, &p11_virtual_base, &mock_module_no_slots, NULL); - module = p11_virtual_wrap (&virt, NULL); - assert_ptr_not_null (module); - - rv = (module->C_GetFunctionList) (&list); - assert_num_eq (CKR_OK, rv); - assert_ptr_eq (module, list); - - rv = (module->C_GetFunctionList) (&list); - assert_num_eq (CKR_OK, rv); - - rv = (module->C_GetFunctionList) (NULL); - assert_num_eq (CKR_ARGUMENTS_BAD, rv); - - p11_virtual_unwrap (module); -} - -int -main (int argc, - char *argv[]) -{ - mock_module_init (); - p11_library_init (); - - assert (p11_virtual_can_wrap ()); - p11_test (test_initialize, "/virtual/test_initialize"); - p11_test (test_fall_through, "/virtual/test_fall_through"); - p11_test (test_get_function_list, "/virtual/test_get_function_list"); - - return p11_test_run (argc, argv); -} diff --git a/p11-kit/uri.c b/p11-kit/uri.c deleted file mode 100644 index c64912f..0000000 --- a/p11-kit/uri.c +++ /dev/null @@ -1,1490 +0,0 @@ -/* - * Copyright (C) 2011 Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@collabora.co.uk> - */ - -#include "config.h" - -#include "attrs.h" -#include "buffer.h" -#define P11_DEBUG_FLAG P11_DEBUG_URI -#include "debug.h" -#include "message.h" -#include "pkcs11.h" -#include "private.h" -#include "p11-kit.h" -#include "uri.h" -#include "url.h" - -#include <assert.h> -#include <ctype.h> -#include <stdlib.h> -#include <stdio.h> -#include <string.h> - -/** - * SECTION:p11-kit-uri - * @title: URIs - * @short_description: Parsing and formatting PKCS\#11 URIs - * - * PKCS\#11 URIs can be used in configuration files or applications to represent - * PKCS\#11 modules, tokens or objects. An example of a URI might be: - * - * <code><literallayout> - * pkcs11:token=The\%20Software\%20PKCS\#11\%20softtoken; - * manufacturer=Snake\%20Oil,\%20Inc.;serial=;object=my-certificate; - * model=1.0;type=cert;id=\%69\%95\%3e\%5c\%f4\%bd\%ec\%91 - * </literallayout></code> - * - * You can use p11_kit_uri_parse() to parse such a URI, and p11_kit_uri_format() - * to build one. URIs are represented by the #P11KitUri structure. You can match - * a parsed URI against PKCS\#11 tokens with p11_kit_uri_match_token_info() - * or attributes with p11_kit_uri_match_attributes(). - * - * Since URIs can represent different sorts of things, when parsing or formatting - * a URI a 'context' can be used to indicate which sort of URI is expected. - * - * URIs have an <code>unrecognized</code> flag. This flag is set during parsing - * if any parts of the URI are not recognized. This may be because the part is - * from a newer version of the PKCS\#11 spec or because that part was not valid - * inside of the desired context used when parsing. - */ - -/** - * P11KitUri: - * - * A structure representing a PKCS\#11 URI. There are no public fields - * visible in this structure. Use the various accessor functions. - */ - -/** - * P11KitUriType: - * @P11_KIT_URI_FOR_OBJECT: The URI represents one or more objects - * @P11_KIT_URI_FOR_TOKEN: The URI represents one or more tokens - * @P11_KIT_URI_FOR_SLOT: The URI represents one or more slots - * @P11_KIT_URI_FOR_MODULE: The URI represents one or more modules - * @P11_KIT_URI_FOR_MODULE_WITH_VERSION: The URI represents a module with - * a specific version. - * @P11_KIT_URI_FOR_OBJECT_ON_TOKEN: The URI represents one or more objects - * that are present on a specific token. - * @P11_KIT_URI_FOR_OBJECT_ON_TOKEN_AND_MODULE: The URI represents one or more - * objects that are present on a specific token, being used with a certain - * module. - * @P11_KIT_URI_FOR_ANY: The URI can represent anything - * - * A PKCS\#11 URI can represent different kinds of things. This flag is used by - * p11_kit_uri_parse() to denote in what context the URI will be used. - * - * The various types can be combined. - */ - -/** - * P11KitUriResult: - * @P11_KIT_URI_OK: Success - * @P11_KIT_URI_UNEXPECTED: Unexpected or internal system error - * @P11_KIT_URI_BAD_SCHEME: The URI had a bad scheme - * @P11_KIT_URI_BAD_ENCODING: The URI had a bad encoding - * @P11_KIT_URI_BAD_SYNTAX: The URI had a bad syntax - * @P11_KIT_URI_BAD_VERSION: The URI contained a bad version number - * @P11_KIT_URI_NOT_FOUND: A requested part of the URI was not found - * - * Error codes returned by various functions. The functions each clearly state - * which error codes they are capable of returning. - */ - -/** - * P11_KIT_URI_NO_MEMORY: - * - * Unexpected memory allocation failure result. Same as #P11_KIT_URI_UNEXPECTED. - */ - -/** - * P11_KIT_URI_SCHEME: - * - * String of URI scheme for PKCS\#11 URIs. - */ - -/** - * P11_KIT_URI_SCHEME_LEN: - * - * Length of %P11_KIT_URI_SCHEME. - */ - -struct p11_kit_uri { - bool unrecognized; - CK_INFO module; - CK_SLOT_INFO slot; - CK_TOKEN_INFO token; - CK_ATTRIBUTE *attrs; - char *pin_source; - char *pin_value; - CK_SLOT_ID slot_id; -}; - -static char * -strip_whitespace (const char *value) -{ - size_t length = strlen (value); - char *at, *pos; - char *key; - - key = malloc (length + 1); - return_val_if_fail (key != NULL, NULL); - - memcpy (key, value, length); - key[length] = '\0'; - - /* Do we have any whitespace? Strip it out. */ - if (strcspn (key, P11_URL_WHITESPACE) != length) { - for (at = key, pos = key; pos != key + length + 1; ++pos) { - if (!strchr (P11_URL_WHITESPACE, *pos)) - *(at++) = *pos; - } - *at = '\0'; - } - - return key; -} - -static bool -match_struct_string (const unsigned char *inuri, const unsigned char *real, - size_t length) -{ - assert (inuri); - assert (real); - assert (length > 0); - - /* NULL matches anything */ - if (inuri[0] == 0) - return true; - - return memcmp (inuri, real, length) == 0 ? true : false; -} - -static bool -match_struct_version (CK_VERSION_PTR inuri, CK_VERSION_PTR real) -{ - /* This matches anything */ - if (inuri->major == (CK_BYTE)-1 && inuri->minor == (CK_BYTE)-1) - return true; - - return memcmp (inuri, real, sizeof (CK_VERSION)) == 0 ? true : false; -} - -/** - * p11_kit_uri_get_module_info: - * @uri: the URI - * - * Get the <code>CK_INFO</code> structure associated with this URI. - * - * If this is a parsed URI, then the fields corresponding to library parts of - * the URI will be filled in. Any library URI parts that were missing will have - * their fields filled with zeros. - * - * If the caller wishes to setup information for building a URI, then relevant - * fields should be filled in. Fields that should not appear as parts in the - * resulting URI should be filled with zeros. - * - * Returns: A pointer to the <code>CK_INFO</code> structure. - */ -CK_INFO_PTR -p11_kit_uri_get_module_info (P11KitUri *uri) -{ - return_val_if_fail (uri != NULL, NULL); - return &uri->module; -} - -int -p11_match_uri_module_info (CK_INFO_PTR one, - CK_INFO_PTR two) -{ - return (match_struct_string (one->libraryDescription, - two->libraryDescription, - sizeof (one->libraryDescription)) && - match_struct_string (one->manufacturerID, - two->manufacturerID, - sizeof (one->manufacturerID)) && - match_struct_version (&one->libraryVersion, - &two->libraryVersion)); -} - -/** - * p11_kit_uri_match_module_info: - * @uri: the URI - * @info: the structure to match against the URI - * - * Match a <code>CK_INFO</code> structure against the library parts of this URI. - * - * Only the fields of the <code>CK_INFO</code> structure that are valid for use - * in a URI will be matched. A URI part that was not specified in the URI will - * match any value in the structure. If during the URI parsing any unrecognized - * parts were encountered then this match will fail. - * - * Returns: 1 if the URI matches, 0 if not. - */ -int -p11_kit_uri_match_module_info (P11KitUri *uri, CK_INFO_PTR info) -{ - return_val_if_fail (uri != NULL, 0); - return_val_if_fail (info != NULL, 0); - - if (uri->unrecognized) - return 0; - - return p11_match_uri_module_info (&uri->module, info); -} - -/** - * p11_kit_uri_get_slot_info: - * @uri: the URI - * - * Get the <code>CK_SLOT_INFO</code> structure associated with this URI. - * - * If this is a parsed URI, then the fields corresponding to slot parts of - * the URI will be filled in. Any slot URI parts that were missing will have - * their fields filled with zeros. - * - * If the caller wishes to setup information for building a URI, then relevant - * fields should be filled in. Fields that should not appear as parts in the - * resulting URI should be filled with zeros. - * - * Returns: A pointer to the <code>CK_INFO</code> structure. - */ -CK_SLOT_INFO_PTR -p11_kit_uri_get_slot_info (P11KitUri *uri) -{ - return_val_if_fail (uri != NULL, NULL); - return &uri->slot; -} - -int -p11_match_uri_slot_info (CK_SLOT_INFO_PTR one, - CK_SLOT_INFO_PTR two) -{ - return (match_struct_string (one->slotDescription, - two->slotDescription, - sizeof (one->slotDescription)) && - match_struct_string (one->manufacturerID, - two->manufacturerID, - sizeof (one->manufacturerID))); -} - -/** - * p11_kit_uri_match_slot_info: - * @uri: the URI - * @slot_info: the structure to match against the URI - * - * Match a <code>CK_SLOT_INFO</code> structure against the slot parts of this - * URI. - * - * Only the fields of the <code>CK_SLOT_INFO</code> structure that are valid - * for use in a URI will be matched. A URI part that was not specified in the - * URI will match any value in the structure. If during the URI parsing any - * unrecognized parts were encountered then this match will fail. - * - * Returns: 1 if the URI matches, 0 if not. - */ -int -p11_kit_uri_match_slot_info (P11KitUri *uri, CK_SLOT_INFO_PTR slot_info) -{ - return_val_if_fail (uri != NULL, 0); - return_val_if_fail (slot_info != NULL, 0); - - if (uri->unrecognized) - return 0; - - return p11_match_uri_slot_info (&uri->slot, slot_info); -} - -/** - * p11_kit_uri_get_slot_id: - * @uri: The URI - * - * Get the 'slot-id' part of the URI. - * - * Returns: The slot-id or <code>(CK_SLOT_ID)-1</code> if not set. - */ -CK_SLOT_ID -p11_kit_uri_get_slot_id (P11KitUri *uri) -{ - return_val_if_fail (uri != NULL, (CK_SLOT_ID)-1); - return uri->slot_id; -} - -/** - * p11_kit_uri_set_slot_id: - * @uri: The URI - * @slot_id: The new slot-id - * - * Set the 'slot-id' part of the URI. - */ -void -p11_kit_uri_set_slot_id (P11KitUri *uri, - CK_SLOT_ID slot_id) -{ - return_if_fail (uri != NULL); - uri->slot_id = slot_id; -} - -/** - * p11_kit_uri_get_token_info: - * @uri: the URI - * - * Get the <code>CK_TOKEN_INFO</code> structure associated with this URI. - * - * If this is a parsed URI, then the fields corresponding to token parts of - * the URI will be filled in. Any token URI parts that were missing will have - * their fields filled with zeros. - * - * If the caller wishes to setup information for building a URI, then relevant - * fields should be filled in. Fields that should not appear as parts in the - * resulting URI should be filled with zeros. - * - * Returns: A pointer to the <code>CK_INFO</code> structure. - */ -CK_TOKEN_INFO_PTR -p11_kit_uri_get_token_info (P11KitUri *uri) -{ - return_val_if_fail (uri != NULL, NULL); - return &uri->token; -} - -int -p11_match_uri_token_info (CK_TOKEN_INFO_PTR one, - CK_TOKEN_INFO_PTR two) -{ - return (match_struct_string (one->label, - two->label, - sizeof (one->label)) && - match_struct_string (one->manufacturerID, - two->manufacturerID, - sizeof (one->manufacturerID)) && - match_struct_string (one->model, - two->model, - sizeof (one->model)) && - match_struct_string (one->serialNumber, - two->serialNumber, - sizeof (one->serialNumber))); -} - -/** - * p11_kit_uri_match_token_info: - * @uri: the URI - * @token_info: the structure to match against the URI - * - * Match a <code>CK_TOKEN_INFO</code> structure against the token parts of this - * URI. - * - * Only the fields of the <code>CK_TOKEN_INFO</code> structure that are valid - * for use in a URI will be matched. A URI part that was not specified in the - * URI will match any value in the structure. If during the URI parsing any - * unrecognized parts were encountered then this match will fail. - * - * Returns: 1 if the URI matches, 0 if not. - */ -int -p11_kit_uri_match_token_info (P11KitUri *uri, CK_TOKEN_INFO_PTR token_info) -{ - return_val_if_fail (uri != NULL, 0); - return_val_if_fail (token_info != NULL, 0); - - if (uri->unrecognized) - return 0; - - return p11_match_uri_token_info (&uri->token, token_info); -} - -/** - * p11_kit_uri_get_attribute: - * @uri: The URI - * @attr_type: The attribute type - * - * Get a pointer to an attribute present in this URI. - * - * Returns: A pointer to the attribute, or <code>NULL</code> if not present. - * The attribute is owned by the URI and should not be freed. - */ -CK_ATTRIBUTE_PTR -p11_kit_uri_get_attribute (P11KitUri *uri, CK_ATTRIBUTE_TYPE attr_type) -{ - return_val_if_fail (uri != NULL, NULL); - - if (uri->attrs == NULL) - return NULL; - - return p11_attrs_find (uri->attrs, attr_type); -} - -/** - * p11_kit_uri_set_attribute: - * @uri: The URI - * @attr: The attribute to set - * - * Set an attribute on the URI. - * - * Only attributes that map to parts in a PKCS\#11 URI will be accepted. - * - * Returns: %P11_KIT_URI_OK if the attribute was successfully set. - * %P11_KIT_URI_NOT_FOUND if the attribute was not valid for a URI. - */ -int -p11_kit_uri_set_attribute (P11KitUri *uri, CK_ATTRIBUTE_PTR attr) -{ - return_val_if_fail (uri != NULL, P11_KIT_URI_UNEXPECTED); - - uri->attrs = p11_attrs_buildn (uri->attrs, attr, 1); - return_val_if_fail (uri->attrs != NULL, P11_KIT_URI_UNEXPECTED); - - return P11_KIT_URI_OK; -} - -/** - * p11_kit_uri_clear_attribute: - * @uri: The URI - * @attr_type: The type of the attribute to clear - * - * Clear an attribute on the URI. - * - * Only attributes that map to parts in a PKCS\#11 URI will be accepted. - * - * Returns: %P11_KIT_URI_OK if the attribute was successfully cleared. - * %P11_KIT_URI_NOT_FOUND if the attribute was not valid for a URI. - */ -int -p11_kit_uri_clear_attribute (P11KitUri *uri, CK_ATTRIBUTE_TYPE attr_type) -{ - return_val_if_fail (uri != NULL, P11_KIT_URI_UNEXPECTED); - - if (attr_type != CKA_CLASS && - attr_type != CKA_LABEL && - attr_type != CKA_ID) - return P11_KIT_URI_NOT_FOUND; - - if (uri->attrs) - p11_attrs_remove (uri->attrs, attr_type); - - return P11_KIT_URI_OK; -} - -/** - * p11_kit_uri_get_attribute_types: - * @uri: The URI - * @n_attrs: A location to store the number of attributes returned. - * - * Get the attributes present in this URI. The attributes and values are - * owned by the URI. If the URI is modified, then the attributes that were - * returned from this function will not remain consistent. - * - * Returns: The attributes for this URI. These are owned by the URI. - */ -CK_ATTRIBUTE_PTR -p11_kit_uri_get_attributes (P11KitUri *uri, CK_ULONG_PTR n_attrs) -{ - static const CK_ATTRIBUTE terminator = { CKA_INVALID, NULL, 0UL }; - - return_val_if_fail (uri != NULL, NULL); - - if (!uri->attrs) { - if (n_attrs) - *n_attrs = 0; - return (CK_ATTRIBUTE_PTR)&terminator; - } - - if (n_attrs) - *n_attrs = p11_attrs_count (uri->attrs); - return uri->attrs; -} - -int -p11_kit_uri_set_attributes (P11KitUri *uri, CK_ATTRIBUTE_PTR attrs, - CK_ULONG n_attrs) -{ - CK_ULONG i; - int ret; - - return_val_if_fail (uri != NULL, P11_KIT_URI_UNEXPECTED); - - p11_kit_uri_clear_attributes (uri); - - for (i = 0; i < n_attrs; i++) { - ret = p11_kit_uri_set_attribute (uri, &attrs[i]); - if (ret != P11_KIT_URI_OK && ret != P11_KIT_URI_NOT_FOUND) - return ret; - } - - return P11_KIT_URI_OK; -} - -void -p11_kit_uri_clear_attributes (P11KitUri *uri) -{ - return_if_fail (uri != NULL); - - p11_attrs_free (uri->attrs); - uri->attrs = NULL; -} - -/** - * p11_kit_uri_match_attributes: - * @uri: The URI - * @attrs: The attributes to match - * @n_attrs: The number of attributes - * - * Match a attributes against the object parts of this URI. - * - * Only the attributes that are valid for use in a URI will be matched. A URI - * part that was not specified in the URI will match any attribute value. If - * during the URI parsing any unrecognized parts were encountered then this - * match will fail. - * - * Returns: 1 if the URI matches, 0 if not. - */ -int -p11_kit_uri_match_attributes (P11KitUri *uri, CK_ATTRIBUTE_PTR attrs, - CK_ULONG n_attrs) -{ - CK_ATTRIBUTE *attr; - CK_ULONG i; - - return_val_if_fail (uri != NULL, 0); - return_val_if_fail (attrs != NULL || n_attrs == 0, 0); - - if (uri->unrecognized) - return 0; - - for (i = 0; i < n_attrs; i++) { - if (attrs[i].type != CKA_CLASS && - attrs[i].type != CKA_LABEL && - attrs[i].type != CKA_ID) - continue; - attr = NULL; - if (uri->attrs) - attr = p11_attrs_find (uri->attrs, attrs[i].type); - if (!attr) - continue; - if (!p11_attr_equal (attr, attrs + i)) - return 0; - } - - return 1; -} - -/** - * p11_kit_uri_set_unrecognized: - * @uri: The URI - * @unrecognized: The new unregognized flag value - * - * Set the unrecognized flag on this URI. - * - * The unrecognized flag is automatically set to 1 when during parsing any part - * of the URI is unrecognized. If the unrecognized flag is set to 1, then - * matching against this URI will always fail. - */ -void -p11_kit_uri_set_unrecognized (P11KitUri *uri, int unrecognized) -{ - return_if_fail (uri != NULL); - uri->unrecognized = unrecognized ? true : false; -} - -/** - * p11_kit_uri_any_unrecognized: - * @uri: The URI - * - * Get the unrecognized flag for this URI. - * - * The unrecognized flag is automatically set to 1 when during parsing any part - * of the URI is unrecognized. If the unrecognized flag is set to 1, then - * matching against this URI will always fail. - * - * Returns: 1 if unrecognized flag is set, 0 otherwise. - */ -int -p11_kit_uri_any_unrecognized (P11KitUri *uri) -{ - return_val_if_fail (uri != NULL, 1); - return uri->unrecognized; -} - -/** - * p11_kit_uri_get_pin_value: - * @uri: The URI - * - * Get the 'pin-value' part of the URI. This is used by some applications to - * read the PIN for logging into a PKCS\#11 token. - * - * Returns: The pin-value or %NULL if not present. - */ -const char* -p11_kit_uri_get_pin_value (P11KitUri *uri) -{ - return_val_if_fail (uri != NULL, NULL); - return uri->pin_value; -} - -/** - * p11_kit_uri_set_pin_value: - * @uri: The URI - * @pin: The new pin-value - * - * Set the 'pin-value' part of the URI. This is used by some applications to - * specify the PIN for logging into a PKCS\#11 token. - */ -void -p11_kit_uri_set_pin_value (P11KitUri *uri, const char *pin) -{ - return_if_fail (uri != NULL); - free (uri->pin_value); - uri->pin_value = pin ? strdup (pin) : NULL; -} - - -/** - * p11_kit_uri_get_pin_source: - * @uri: The URI - * - * Get the 'pin-source' part of the URI. This is used by some applications to - * lookup a PIN for logging into a PKCS\#11 token. - * - * Returns: The pin-source or %NULL if not present. - */ -const char* -p11_kit_uri_get_pin_source (P11KitUri *uri) -{ - return_val_if_fail (uri != NULL, NULL); - return uri->pin_source; -} - -/** - * p11_kit_uri_get_pinfile: - * @uri: The URI - * - * Deprecated: use p11_kit_uri_get_pin_source(). - */ -const char* -p11_kit_uri_get_pinfile (P11KitUri *uri) -{ - return_val_if_fail (uri != NULL, NULL); - return p11_kit_uri_get_pin_source (uri); -} - -/** - * p11_kit_uri_set_pin_source: - * @uri: The URI - * @pin_source: The new pin-source - * - * Set the 'pin-source' part of the URI. This is used by some applications to - * lookup a PIN for logging into a PKCS\#11 token. - */ -void -p11_kit_uri_set_pin_source (P11KitUri *uri, const char *pin_source) -{ - return_if_fail (uri != NULL); - free (uri->pin_source); - uri->pin_source = pin_source ? strdup (pin_source) : NULL; -} - -/** - * p11_kit_uri_set_pinfile: - * @uri: The URI - * @pinfile: The pinfile - * - * Deprecated: use p11_kit_uri_set_pin_source(). - */ -void -p11_kit_uri_set_pinfile (P11KitUri *uri, const char *pinfile) -{ - return_if_fail (uri != NULL); - p11_kit_uri_set_pin_source (uri, pinfile); -} - -/** - * p11_kit_uri_new: - * - * Create a new blank PKCS\#11 URI. - * - * The new URI is in the right state to parse a string into. All relevant fields - * are zeroed out. Formatting this URI will produce a valid but empty URI. - * - * Returns: A newly allocated URI. This should be freed with p11_kit_uri_free(). - */ -P11KitUri* -p11_kit_uri_new (void) -{ - P11KitUri *uri; - - uri = calloc (1, sizeof (P11KitUri)); - return_val_if_fail (uri != NULL, NULL); - - /* So that it matches anything */ - uri->module.libraryVersion.major = (CK_BYTE)-1; - uri->module.libraryVersion.minor = (CK_BYTE)-1; - uri->slot_id = (CK_SLOT_ID)-1; - - return uri; -} - -static void -format_name_equals (p11_buffer *buffer, - bool *is_first, - const char *name) -{ - if (!*is_first) - p11_buffer_add (buffer, ";", 1); - p11_buffer_add (buffer, name, -1); - p11_buffer_add (buffer, "=", 1); - *is_first = false; -} - -static bool -format_raw_string (p11_buffer *buffer, - bool *is_first, - const char *name, - const char *value) -{ - /* Not set */ - if (!value) - return true; - - format_name_equals (buffer, is_first, name); - p11_buffer_add (buffer, value, -1); - - return p11_buffer_ok (buffer); -} - -static bool -format_encode_string (p11_buffer *buffer, - bool *is_first, - const char *name, - const unsigned char *value, - size_t n_value, - bool force) -{ - /* Not set */ - if (!value) - return true; - - format_name_equals (buffer, is_first, name); - p11_url_encode (value, value + n_value, force ? "" : P11_URL_VERBATIM, buffer); - - return p11_buffer_ok (buffer); -} - - -static bool -format_struct_string (p11_buffer *buffer, - bool *is_first, - const char *name, - const unsigned char *value, - size_t value_max) -{ - size_t len; - - /* Not set */ - if (!value[0]) - return true; - - len = p11_kit_space_strlen (value, value_max); - return format_encode_string (buffer, is_first, name, value, len, false); -} - -static bool -format_attribute_string (p11_buffer *buffer, - bool *is_first, - const char *name, - CK_ATTRIBUTE_PTR attr, - bool force) -{ - /* Not set */; - if (attr == NULL) - return true; - - return format_encode_string (buffer, is_first, name, - attr->pValue, attr->ulValueLen, - force); -} - -static bool -format_attribute_class (p11_buffer *buffer, - bool *is_first, - const char *name, - CK_ATTRIBUTE_PTR attr) -{ - CK_OBJECT_CLASS klass; - const char *value; - - /* Not set */; - if (attr == NULL) - return true; - - klass = *((CK_OBJECT_CLASS*)attr->pValue); - switch (klass) { - case CKO_DATA: - value = "data"; - break; - case CKO_SECRET_KEY: - value = "secret-key"; - break; - case CKO_CERTIFICATE: - value = "cert"; - break; - case CKO_PUBLIC_KEY: - value = "public"; - break; - case CKO_PRIVATE_KEY: - value = "private"; - break; - default: - return true; - } - - return format_raw_string (buffer, is_first, name, value); -} - -static bool -format_struct_version (p11_buffer *buffer, - bool *is_first, - const char *name, - CK_VERSION_PTR version) -{ - char buf[64]; - - /* Not set */ - if (version->major == (CK_BYTE)-1 && version->minor == (CK_BYTE)-1) - return true; - - snprintf (buf, sizeof (buf), "%d.%d", - (int)version->major, (int)version->minor); - return format_raw_string (buffer, is_first, name, buf); -} - -static bool -format_ulong (p11_buffer *buffer, - bool *is_first, - const char *name, - CK_ULONG value) -{ - char buf[64]; - - /* Not set */ - if (value == (CK_ULONG)-1) - return true; - - snprintf (buf, sizeof (buf), "%lu", value); - return format_raw_string (buffer, is_first, name, buf); -} - -/** - * p11_kit_uri_format: - * @uri: The URI. - * @uri_type: The type of URI that should be produced. - * @string: Location to store a newly allocated string. - * - * Format a PKCS\#11 URI into a string. - * - * Fields which are zeroed out will not be included in the resulting string. - * Attributes which are not present will also not be included. - * - * The uri_type of URI specified limits the different parts of the resulting - * URI. To format a URI containing all possible information use - * %P11_KIT_URI_FOR_ANY - * - * It's up to the caller to guarantee that the attributes set in @uri are - * those appropriate for inclusion in a URI, specifically: - * <literal>CKA_ID</literal>, <literal>CKA_LABEL</literal> - * and <literal>CKA_CLASS</literal>. The class must be one of - * <literal>CKO_DATA</literal>, <literal>CKO_SECRET_KEY</literal>, - * <literal>CKO_CERTIFICATE</literal>, <literal>CKO_PUBLIC_KEY</literal>, - * <literal>CKO_PRIVATE_KEY</literal>. - * - * The resulting string should be freed with free(). - * - * Returns: %P11_KIT_URI_OK if the URI was formatted successfully, - * %P11_KIT_URI_UNEXPECTED if the data in @uri is invalid for a URI. - */ -int -p11_kit_uri_format (P11KitUri *uri, P11KitUriType uri_type, char **string) -{ - p11_buffer buffer; - bool is_first = true; - - return_val_if_fail (uri != NULL, P11_KIT_URI_UNEXPECTED); - return_val_if_fail (string != NULL, P11_KIT_URI_UNEXPECTED); - - if (!p11_buffer_init_null (&buffer, 64)) - return_val_if_reached (P11_KIT_URI_UNEXPECTED); - - p11_buffer_add (&buffer, P11_KIT_URI_SCHEME, P11_KIT_URI_SCHEME_LEN); - p11_buffer_add (&buffer, ":", 1); - - if ((uri_type & P11_KIT_URI_FOR_MODULE) == P11_KIT_URI_FOR_MODULE) { - if (!format_struct_string (&buffer, &is_first, "library-description", - uri->module.libraryDescription, - sizeof (uri->module.libraryDescription)) || - !format_struct_string (&buffer, &is_first, "library-manufacturer", - uri->module.manufacturerID, - sizeof (uri->module.manufacturerID))) { - return_val_if_reached (P11_KIT_URI_UNEXPECTED); - } - } - - if ((uri_type & P11_KIT_URI_FOR_MODULE_WITH_VERSION) == P11_KIT_URI_FOR_MODULE_WITH_VERSION) { - if (!format_struct_version (&buffer, &is_first, "library-version", - &uri->module.libraryVersion)) { - return_val_if_reached (P11_KIT_URI_UNEXPECTED); - } - } - - if ((uri_type & P11_KIT_URI_FOR_SLOT) == P11_KIT_URI_FOR_SLOT) { - if (!format_struct_string (&buffer, &is_first, "slot-description", - uri->slot.slotDescription, - sizeof (uri->slot.slotDescription)) || - !format_struct_string (&buffer, &is_first, "slot-manufacturer", - uri->slot.manufacturerID, - sizeof (uri->slot.manufacturerID)) || - !format_ulong (&buffer, &is_first, "slot-id", - uri->slot_id)) { - return_val_if_reached (P11_KIT_URI_UNEXPECTED); - } - } - - if ((uri_type & P11_KIT_URI_FOR_TOKEN) == P11_KIT_URI_FOR_TOKEN) { - if (!format_struct_string (&buffer, &is_first, "model", - uri->token.model, - sizeof (uri->token.model)) || - !format_struct_string (&buffer, &is_first, "manufacturer", - uri->token.manufacturerID, - sizeof (uri->token.manufacturerID)) || - !format_struct_string (&buffer, &is_first, "serial", - uri->token.serialNumber, - sizeof (uri->token.serialNumber)) || - !format_struct_string (&buffer, &is_first, "token", - uri->token.label, - sizeof (uri->token.label))) { - return_val_if_reached (P11_KIT_URI_UNEXPECTED); - } - } - - if ((uri_type & P11_KIT_URI_FOR_OBJECT) == P11_KIT_URI_FOR_OBJECT) { - if (!format_attribute_string (&buffer, &is_first, "id", - p11_kit_uri_get_attribute (uri, CKA_ID), - true) || - !format_attribute_string (&buffer, &is_first, "object", - p11_kit_uri_get_attribute (uri, CKA_LABEL), - false)) { - return_val_if_reached (P11_KIT_URI_UNEXPECTED); - } - - if (!format_attribute_class (&buffer, &is_first, "type", - p11_kit_uri_get_attribute (uri, CKA_CLASS))) { - return_val_if_reached (P11_KIT_URI_UNEXPECTED); - } - } - - if (uri->pin_source) { - if (!format_encode_string (&buffer, &is_first, "pin-source", - (const unsigned char*)uri->pin_source, - strlen (uri->pin_source), 0)) { - return_val_if_reached (P11_KIT_URI_UNEXPECTED); - } - } - - if (uri->pin_value) { - if (!format_encode_string (&buffer, &is_first, "pin-value", - (const unsigned char*)uri->pin_value, - strlen (uri->pin_value), 0)) { - return_val_if_reached (P11_KIT_URI_UNEXPECTED); - } - } - - return_val_if_fail (p11_buffer_ok (&buffer), P11_KIT_URI_UNEXPECTED); - *string = p11_buffer_steal (&buffer, NULL); - return P11_KIT_URI_OK; -} - -static int -parse_string_attribute (const char *name_start, const char *name_end, - const char *start, const char *end, - P11KitUri *uri) -{ - unsigned char *value; - CK_ATTRIBUTE_TYPE type; - size_t length; - - assert (name_start <= name_end); - assert (start <= end); - - if (memcmp ("id", name_start, name_end - name_start) == 0) - type = CKA_ID; - else if (memcmp ("object", name_start, name_end - name_start) == 0) - type = CKA_LABEL; - else - return 0; - - value = p11_url_decode (start, end, P11_URL_WHITESPACE, &length); - if (value == NULL) - return P11_KIT_URI_BAD_ENCODING; - - uri->attrs = p11_attrs_take (uri->attrs, type, value, length); - return 1; -} - -static int -parse_class_attribute (const char *name_start, const char *name_end, - const char *start, const char *end, - P11KitUri *uri) -{ - CK_OBJECT_CLASS klass = 0; - CK_ATTRIBUTE attr; - - assert (name_start <= name_end); - assert (start <= end); - - if (memcmp ("objecttype", name_start, name_end - name_start) != 0 && - memcmp ("object-type", name_start, name_end - name_start) != 0 && - memcmp ("type", name_start, name_end - name_start) != 0) - return 0; - - if (memcmp ("cert", start, end - start) == 0) - klass = CKO_CERTIFICATE; - else if (memcmp ("public", start, end - start) == 0) - klass = CKO_PUBLIC_KEY; - else if (memcmp ("private", start, end - start) == 0) - klass = CKO_PRIVATE_KEY; - else if (memcmp ("secretkey", start, end - start) == 0) - klass = CKO_SECRET_KEY; - else if (memcmp ("secret-key", start, end - start) == 0) - klass = CKO_SECRET_KEY; - else if (memcmp ("data", start, end - start) == 0) - klass = CKO_DATA; - else { - uri->unrecognized = true; - return 1; - } - - attr.pValue = &klass; - attr.ulValueLen = sizeof (klass); - attr.type = CKA_CLASS; - - uri->attrs = p11_attrs_build (uri->attrs, &attr, NULL); - return 1; -} - -static int -parse_struct_info (unsigned char *where, size_t length, const char *start, - const char *end, P11KitUri *uri) -{ - unsigned char *value; - size_t value_length; - - assert (start <= end); - - value = p11_url_decode (start, end, P11_URL_WHITESPACE, &value_length); - if (value == NULL) - return P11_KIT_URI_BAD_ENCODING; - - /* Too long, shouldn't match anything */ - if (value_length > length) { - free (value); - uri->unrecognized = true; - return 1; - } - - memset (where, ' ', length); - memcpy (where, value, value_length); - - free (value); - return 1; -} - -static int -parse_token_info (const char *name_start, const char *name_end, - const char *start, const char *end, - P11KitUri *uri) -{ - unsigned char *where; - size_t length; - - assert (name_start <= name_end); - assert (start <= end); - - if (memcmp ("model", name_start, name_end - name_start) == 0) { - where = uri->token.model; - length = sizeof (uri->token.model); - } else if (memcmp ("manufacturer", name_start, name_end - name_start) == 0) { - where = uri->token.manufacturerID; - length = sizeof (uri->token.manufacturerID); - } else if (memcmp ("serial", name_start, name_end - name_start) == 0) { - where = uri->token.serialNumber; - length = sizeof (uri->token.serialNumber); - } else if (memcmp ("token", name_start, name_end - name_start) == 0) { - where = uri->token.label; - length = sizeof (uri->token.label); - } else { - return 0; - } - - return parse_struct_info (where, length, start, end, uri); -} - -static long -atoin (const char *start, const char *end) -{ - long ret = 0; - while (start != end) { - if (*start < '0' || *start > '9') - return -1; - ret *= 10; - ret += (*start - '0'); - ++start; - } - return ret; -} - -static int -parse_struct_version (const char *start, const char *end, CK_VERSION_PTR version) -{ - const char *dot; - int val; - - assert (start <= end); - - dot = memchr (start, '.', end - start); - if (!dot) - dot = end; - - if (dot == start) - return P11_KIT_URI_BAD_VERSION; - val = atoin (start, dot); - if (val < 0 || val >= 255) - return P11_KIT_URI_BAD_VERSION; - version->major = (CK_BYTE)val; - version->minor = 0; - - if (dot != end) { - if (dot + 1 == end) - return P11_KIT_URI_BAD_VERSION; - val = atoin (dot + 1, end); - if (val < 0 || val >= 255) - return P11_KIT_URI_BAD_VERSION; - version->minor = (CK_BYTE)val; - } - - return 1; -} - -static int -parse_slot_info (const char *name_start, const char *name_end, - const char *start, const char *end, - P11KitUri *uri) -{ - unsigned char *where; - size_t length; - - assert (name_start <= name_end); - assert (start <= end); - - if (memcmp ("slot-description", name_start, name_end - name_start) == 0) { - where = uri->slot.slotDescription; - length = sizeof (uri->slot.slotDescription); - } else if (memcmp ("slot-manufacturer", name_start, name_end - name_start) == 0) { - where = uri->slot.manufacturerID; - length = sizeof (uri->slot.manufacturerID); - } else { - return 0; - } - - return parse_struct_info (where, length, start, end, uri); -} - -static int -parse_slot_id (const char *name_start, const char *name_end, - const char *start, const char *end, - P11KitUri *uri) -{ - assert (name_start <= name_end); - assert (start <= end); - - if (memcmp ("slot-id", name_start, name_end - name_start) == 0) { - long val; - val = atoin (start, end); - if (val < 0) - return P11_KIT_URI_BAD_SYNTAX; - uri->slot_id = (CK_SLOT_ID)val; - return 1; - } - return 0; -} - -static int -parse_module_version_info (const char *name_start, const char *name_end, - const char *start, const char *end, - P11KitUri *uri) -{ - assert (name_start <= name_end); - assert (start <= end); - - if (memcmp ("library-version", name_start, name_end - name_start) == 0) - return parse_struct_version (start, end, - &uri->module.libraryVersion); - - return 0; -} - -static int -parse_module_info (const char *name_start, const char *name_end, - const char *start, const char *end, - P11KitUri *uri) -{ - unsigned char *where; - size_t length; - - assert (name_start <= name_end); - assert (start <= end); - - if (memcmp ("library-description", name_start, name_end - name_start) == 0) { - where = uri->module.libraryDescription; - length = sizeof (uri->module.libraryDescription); - } else if (memcmp ("library-manufacturer", name_start, name_end - name_start) == 0) { - where = uri->module.manufacturerID; - length = sizeof (uri->module.manufacturerID); - } else { - return 0; - } - - return parse_struct_info (where, length, start, end, uri); -} - -static int -parse_extra_info (const char *name_start, const char *name_end, - const char *start, const char *end, - P11KitUri *uri) -{ - unsigned char *pin_source; - - assert (name_start <= name_end); - assert (start <= end); - - if (memcmp ("pinfile", name_start, name_end - name_start) == 0 || - memcmp ("pin-source", name_start, name_end - name_start) == 0) { - pin_source = p11_url_decode (start, end, P11_URL_WHITESPACE, NULL); - if (pin_source == NULL) - return P11_KIT_URI_BAD_ENCODING; - free (uri->pin_source); - uri->pin_source = (char*)pin_source; - return 1; - } else if (memcmp ("pin-value", name_start, name_end - name_start) == 0) { - pin_source = p11_url_decode (start, end, P11_URL_WHITESPACE, NULL); - if (pin_source == NULL) - return P11_KIT_URI_BAD_ENCODING; - free (uri->pin_value); - uri->pin_value = (char*)pin_source; - return 1; - } - - return 0; -} - -/** - * p11_kit_uri_parse: - * @string: The string to parse - * @uri_type: The type of URI that is expected - * @uri: The blank URI to parse the values into - * - * Parse a PKCS\#11 URI string. - * - * PKCS\#11 URIs can represent tokens, objects or modules. The uri_type argument - * allows the caller to specify what type of URI is expected and the sorts of - * things the URI should match. %P11_KIT_URI_FOR_ANY can be used to parse a URI - * for any context. It's then up to the caller to make sense of the way that - * it is used. - * - * If the PKCS\#11 URI contains unrecognized URI parts or parts not applicable - * to the specified context, then the unrecognized flag will be set. This will - * prevent the URI from matching using the various match functions. - * - * Returns: %P11_KIT_URI_OK if the URI was parsed successfully. - * %P11_KIT_URI_BAD_SCHEME if this was not a PKCS\#11 URI. - * %P11_KIT_URI_BAD_SYNTAX if the URI syntax was bad. - * %P11_KIT_URI_BAD_VERSION if a version number was bad. - * %P11_KIT_URI_BAD_ENCODING if the URI encoding was invalid. - */ -int -p11_kit_uri_parse (const char *string, P11KitUriType uri_type, - P11KitUri *uri) -{ - const char *spos, *epos; - int ret; - size_t length; - char *allocated = NULL; - - assert (string); - assert (uri); - - /* If STRING contains any whitespace, create a copy of the - * string and strip it out */ - length = strcspn (string, P11_URL_WHITESPACE); - if (strspn (string + length, P11_URL_WHITESPACE) > 0) { - allocated = strip_whitespace (string); - return_val_if_fail (allocated != NULL, P11_KIT_URI_UNEXPECTED); - string = allocated; - } - - epos = strchr (string, ':'); - if (epos == NULL) { - free (allocated); - return P11_KIT_URI_BAD_SCHEME; - } - ret = memcmp (string, P11_KIT_URI_SCHEME, strlen (P11_KIT_URI_SCHEME)); - if (ret != 0) { - free (allocated); - return P11_KIT_URI_BAD_SCHEME; - } - - string = epos + 1; - - /* Clear everything out */ - memset (&uri->module, 0, sizeof (uri->module)); - memset (&uri->token, 0, sizeof (uri->token)); - p11_attrs_free (uri->attrs); - uri->attrs = NULL; - uri->module.libraryVersion.major = (CK_BYTE)-1; - uri->module.libraryVersion.minor = (CK_BYTE)-1; - uri->unrecognized = 0; - free (uri->pin_source); - uri->pin_source = NULL; - free (uri->pin_value); - uri->pin_value = NULL; - uri->slot_id = (CK_SLOT_ID)-1; - - for (;;) { - spos = strchr (string, ';'); - if (spos == NULL) { - spos = string + strlen (string); - assert (*spos == '\0'); - if (spos == string) - break; - } - - epos = strchr (string, '='); - if (epos == NULL || spos == string || epos == string || epos >= spos) { - free (allocated); - return P11_KIT_URI_BAD_SYNTAX; - } - - ret = 0; - if ((uri_type & P11_KIT_URI_FOR_OBJECT) == P11_KIT_URI_FOR_OBJECT) - ret = parse_string_attribute (string, epos, epos + 1, spos, uri); - if (ret == 0 && (uri_type & P11_KIT_URI_FOR_OBJECT) == P11_KIT_URI_FOR_OBJECT) - ret = parse_class_attribute (string, epos, epos + 1, spos, uri); - if (ret == 0 && (uri_type & P11_KIT_URI_FOR_TOKEN) == P11_KIT_URI_FOR_TOKEN) - ret = parse_token_info (string, epos, epos + 1, spos, uri); - if (ret == 0 && (uri_type & P11_KIT_URI_FOR_SLOT) == P11_KIT_URI_FOR_SLOT) - ret = parse_slot_info (string, epos, epos + 1, spos, uri); - if (ret == 0 && (uri_type & P11_KIT_URI_FOR_SLOT) == P11_KIT_URI_FOR_SLOT) - ret = parse_slot_id (string, epos, epos + 1, spos, uri); - if (ret == 0 && (uri_type & P11_KIT_URI_FOR_MODULE) == P11_KIT_URI_FOR_MODULE) - ret = parse_module_info (string, epos, epos + 1, spos, uri); - if (ret == 0 && (uri_type & P11_KIT_URI_FOR_MODULE_WITH_VERSION) == P11_KIT_URI_FOR_MODULE_WITH_VERSION) - ret = parse_module_version_info (string, epos, epos + 1, spos, uri); - if (ret == 0) - ret = parse_extra_info (string, epos, epos + 1, spos, uri); - - if (ret < 0) { - free (allocated); - return ret; - } - if (ret == 0) - uri->unrecognized = true; - - if (*spos == '\0') - break; - string = spos + 1; - } - - free (allocated); - return P11_KIT_URI_OK; -} - -/** - * p11_kit_uri_free: - * @uri: The URI - * - * Free a PKCS\#11 URI. - */ -void -p11_kit_uri_free (P11KitUri *uri) -{ - if (!uri) - return; - - p11_attrs_free (uri->attrs); - free (uri->pin_source); - free (uri->pin_value); - free (uri); -} - -/** - * p11_kit_uri_message: - * @code: The error code - * - * Lookup a message for the uri error code. These codes are the P11_KIT_URI_XXX - * error codes that can be returned from p11_kit_uri_parse() or - * p11_kit_uri_format(). As a special case %NULL, will be returned for - * %P11_KIT_URI_OK. - * - * Returns: The message for the error code. This string is owned by the p11-kit - * library. - */ -const char* -p11_kit_uri_message (int code) -{ - switch (code) { - case P11_KIT_URI_OK: - return NULL; - case P11_KIT_URI_UNEXPECTED: - return "Unexpected or internal system error"; - case P11_KIT_URI_BAD_SCHEME: - return "URI scheme must be 'pkcs11:'"; - case P11_KIT_URI_BAD_ENCODING: - return "URI encoding invalid or corrupted"; - case P11_KIT_URI_BAD_SYNTAX: - return "URI syntax is invalid"; - case P11_KIT_URI_BAD_VERSION: - return "URI version component is invalid"; - case P11_KIT_URI_NOT_FOUND: - return "The URI component was not found"; - default: - p11_debug ("unknown error code: %d", code); - return "Unknown error"; - } -} diff --git a/p11-kit/uri.h b/p11-kit/uri.h deleted file mode 100644 index 58f6fc9..0000000 --- a/p11-kit/uri.h +++ /dev/null @@ -1,177 +0,0 @@ -/* - * Copyright (c) 2011 Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@collabora.co.uk> - */ - -#ifndef P11_KIT_URI_H -#define P11_KIT_URI_H - -#include "p11-kit/pkcs11.h" - -#ifdef __cplusplus -extern "C" { -#endif - -#define P11_KIT_URI_SCHEME "pkcs11" -#define P11_KIT_URI_SCHEME_LEN 6 - -typedef enum { - P11_KIT_URI_OK = 0, - P11_KIT_URI_UNEXPECTED = -1, - P11_KIT_URI_BAD_SCHEME = -2, - P11_KIT_URI_BAD_ENCODING = -3, - P11_KIT_URI_BAD_SYNTAX = -4, - P11_KIT_URI_BAD_VERSION = -5, - P11_KIT_URI_NOT_FOUND = -6, -} P11KitUriResult; - -#define P11_KIT_URI_NO_MEMORY P11_KIT_URI_UNEXPECTED - -typedef enum { - P11_KIT_URI_FOR_OBJECT = (1 << 1), - P11_KIT_URI_FOR_TOKEN = (1 << 2), - P11_KIT_URI_FOR_SLOT = (1 << 5), - P11_KIT_URI_FOR_MODULE = (1 << 3), - - P11_KIT_URI_FOR_MODULE_WITH_VERSION = - (1 << 4) | P11_KIT_URI_FOR_MODULE, - - P11_KIT_URI_FOR_OBJECT_ON_TOKEN = - P11_KIT_URI_FOR_OBJECT | P11_KIT_URI_FOR_TOKEN, - - P11_KIT_URI_FOR_OBJECT_ON_TOKEN_AND_MODULE = - P11_KIT_URI_FOR_OBJECT_ON_TOKEN | P11_KIT_URI_FOR_MODULE, - - P11_KIT_URI_FOR_ANY = 0x0000FFFF, -} P11KitUriType; - -/* - * If the caller is using the PKCS#11 GNU calling convention, then we cater - * to that here. - */ -#ifdef CRYPTOKI_GNU -typedef struct ck_info *CK_INFO_PTR; -typedef struct ck_token_info *CK_TOKEN_INFO_PTR; -typedef ck_attribute_type_t CK_ATTRIBUTE_TYPE; -typedef struct ck_attribute *CK_ATTRIBUTE_PTR; -typedef unsigned long int CK_ULONG; -typedef P11KitUriType p11_kit_uri_type_t; -typedef P11KitUriResult p11_kit_uri_result_t; -#endif - -typedef struct p11_kit_uri P11KitUri; -typedef struct p11_kit_uri p11_kit_uri; - -CK_INFO_PTR p11_kit_uri_get_module_info (P11KitUri *uri); - -int p11_kit_uri_match_module_info (P11KitUri *uri, - CK_INFO_PTR info); - -CK_SLOT_INFO_PTR p11_kit_uri_get_slot_info (P11KitUri *uri); - -int p11_kit_uri_match_slot_info (P11KitUri *uri, - CK_SLOT_INFO_PTR slot_info); - -CK_SLOT_ID p11_kit_uri_get_slot_id (P11KitUri *uri); -void p11_kit_uri_set_slot_id (P11KitUri *uri, - CK_SLOT_ID slot_id); - -CK_TOKEN_INFO_PTR p11_kit_uri_get_token_info (P11KitUri *uri); - -int p11_kit_uri_match_token_info (P11KitUri *uri, - CK_TOKEN_INFO_PTR token_info); - -CK_ATTRIBUTE_PTR p11_kit_uri_get_attribute (P11KitUri *uri, - CK_ATTRIBUTE_TYPE attr_type); - -int p11_kit_uri_set_attribute (P11KitUri *uri, - CK_ATTRIBUTE_PTR attr); - -int p11_kit_uri_clear_attribute (P11KitUri *uri, - CK_ATTRIBUTE_TYPE attr_type); - -CK_ATTRIBUTE_PTR p11_kit_uri_get_attributes (P11KitUri *uri, - CK_ULONG *n_attrs); - -int p11_kit_uri_set_attributes (P11KitUri *uri, - CK_ATTRIBUTE_PTR attrs, - CK_ULONG n_attrs); - -void p11_kit_uri_clear_attributes (P11KitUri *uri); - -int p11_kit_uri_match_attributes (P11KitUri *uri, - CK_ATTRIBUTE_PTR attrs, - CK_ULONG n_attrs); - -const char* p11_kit_uri_get_pin_value (P11KitUri *uri); - -void p11_kit_uri_set_pin_value (P11KitUri *uri, - const char *pin); - -const char* p11_kit_uri_get_pin_source (P11KitUri *uri); - -void p11_kit_uri_set_pin_source (P11KitUri *uri, - const char *pin_source); - -#ifndef P11_KIT_DISABLE_DEPRECATED - -const char* p11_kit_uri_get_pinfile (P11KitUri *uri); - -void p11_kit_uri_set_pinfile (P11KitUri *uri, - const char *pinfile); - -#endif /* P11_KIT_DISABLE_DEPRECATED */ - -void p11_kit_uri_set_unrecognized (P11KitUri *uri, - int unrecognized); - -int p11_kit_uri_any_unrecognized (P11KitUri *uri); - -P11KitUri* p11_kit_uri_new (void); - -int p11_kit_uri_format (P11KitUri *uri, - P11KitUriType uri_type, - char **string); - -int p11_kit_uri_parse (const char *string, - P11KitUriType uri_type, - P11KitUri *uri); - -void p11_kit_uri_free (P11KitUri *uri); - -const char* p11_kit_uri_message (int code); - -#ifdef __cplusplus -} /* extern "C" */ -#endif - -#endif /* P11_KIT_URI_H */ diff --git a/p11-kit/util.c b/p11-kit/util.c deleted file mode 100644 index 325d669..0000000 --- a/p11-kit/util.c +++ /dev/null @@ -1,295 +0,0 @@ -/* - * Copyright (c) 2011 Collabora Ltd - * Copyright (c) 2012 Stef Walter - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * - * CONTRIBUTORS - * Stef Walter <stef@thewalter.net> - */ - -#include "config.h" - -#include "compat.h" -#define P11_DEBUG_FLAG P11_DEBUG_LIB -#include "debug.h" -#include "library.h" -#include "message.h" -#include "p11-kit.h" -#include "private.h" -#include "proxy.h" - -#include <assert.h> -#include <stdarg.h> -#include <stdlib.h> -#include <stdio.h> -#include <string.h> - -/** - * SECTION:p11-kit-future - * @title: Future - * @short_description: Future Unstable API - * - * API that is not yet stable enough to be enabled by default. In all likelihood - * this will be included in the next release. To use this API you must define a - * MACRO. See the p11-kit.h header for more details. - */ - -/** - * p11_kit_space_strlen: - * @string: Pointer to string block - * @max_length: Maximum length of string block - * - * In PKCS\#11 structures many strings are encoded in a strange way. The string - * is placed in a fixed length buffer and then padded with spaces. - * - * This function determines the actual length of the string. Since the string - * is not null-terminated you need to pass in the size of buffer as max_length. - * The string will never be longer than this buffer. - * - * <informalexample><programlisting> - * CK_INFO info; - * size_t length; - * ... - * length = p11_kit_space_strlen (info->libraryDescription, sizeof (info->libraryDescription)); - * </programlisting></informalexample> - * - * Returns: The length of the space padded string. - */ -size_t -p11_kit_space_strlen (const unsigned char *string, size_t max_length) -{ - size_t i = max_length; - - assert (string); - - while (i > 0 && string[i - 1] == ' ') - --i; - return i; -} - -/** - * p11_kit_space_strdup: - * @string: Pointer to string block - * @max_length: Maximum length of string block - * - * In PKCS\#11 structures many strings are encoded in a strange way. The string - * is placed in a fixed length buffer and then padded with spaces. - * - * This function copies the space padded string into a normal null-terminated - * string. The result is owned by the caller. - * - * <informalexample><programlisting> - * CK_INFO info; - * char *description; - * ... - * description = p11_kit_space_strdup (info->libraryDescription, sizeof (info->libraryDescription)); - * </programlisting></informalexample> - * - * Returns: The newly allocated string, or %NULL if memory could not be allocated. - */ -char* -p11_kit_space_strdup (const unsigned char *string, size_t max_length) -{ - size_t length; - char *result; - - assert (string); - - length = p11_kit_space_strlen (string, max_length); - - result = malloc (length + 1); - if (!result) - return NULL; - - memcpy (result, string, length); - result[length] = 0; - return result; -} - -/** - * p11_kit_be_quiet: - * - * Once this function is called, the p11-kit library will no longer print - * failure or warning messages to stderr. - */ -void -p11_kit_be_quiet (void) -{ - p11_lock (); - p11_message_quiet (); - p11_debug_init (); - p11_unlock (); -} - -/** - * p11_kit_be_loud: - * - * Tell the p11-kit library will print failure or warning messages to stderr. - * This is the default behavior, but can be changed using p11_kit_be_quiet(). - */ -void -p11_kit_be_loud (void) -{ - p11_lock (); - p11_message_loud (); - p11_debug_init (); - p11_unlock (); -} - -/** - * p11_kit_message: - * - * Gets the failure message for a recently called p11-kit function, which - * returned a failure code on this thread. Not all functions set this message. - * Each function that does so, will note it in its documentation. - * - * If the most recent p11-kit function did not fail, then this will return NULL. - * The string is owned by the p11-kit library and is only valid on the same - * thread that the failed function executed on. - * - * Returns: The last failure message, or %NULL. - */ -const char* -p11_kit_message (void) -{ - return p11_message_last (); -} - -void -_p11_kit_default_message (CK_RV rv) -{ - const char *msg; - - if (rv != CKR_OK) { - msg = p11_kit_strerror (rv); - p11_message_store (msg, strlen (msg)); - } -} - -/* This is the progname that we think of this process as. */ -char p11_my_progname[256] = { 0, }; - -/** - * p11_kit_set_progname: - * @progname: the program base name - * - * Set the program base name that is used by the <literal>enable-in</literal> - * and <literal>disable-in</literal> module configuration options. - * - * Normally this is automatically calculated from the program's argument list. - * You would usually call this before initializing p11-kit modules. - */ -void -p11_kit_set_progname (const char *progname) -{ - p11_library_init_once (); - - p11_lock (); - _p11_set_progname_unlocked (progname); - p11_unlock (); -} - -void -_p11_set_progname_unlocked (const char *progname) -{ - /* We can be called with NULL */ - if (progname == NULL) - progname = ""; - - strncpy (p11_my_progname, progname, sizeof (p11_my_progname)); - p11_my_progname[sizeof (p11_my_progname) - 1] = 0; -} - -const char * -_p11_get_progname_unlocked (void) -{ - if (p11_my_progname[0] == '\0') - _p11_set_progname_unlocked (getprogname ()); - if (p11_my_progname[0] == '\0') - return NULL; - return p11_my_progname; -} - -#ifdef OS_UNIX - -void _p11_kit_init (void); - -void _p11_kit_fini (void); - -#ifdef __GNUC__ -__attribute__((constructor)) -#endif -void -_p11_kit_init (void) -{ - p11_library_init_once (); -} - -#ifdef __GNUC__ -__attribute__((destructor)) -#endif -void -_p11_kit_fini (void) -{ - p11_proxy_module_cleanup (); - p11_library_uninit (); -} - -#endif /* OS_UNIX */ - -#ifdef OS_WIN32 - -BOOL WINAPI DllMain (HINSTANCE, DWORD, LPVOID); - -BOOL WINAPI -DllMain (HINSTANCE instance, - DWORD reason, - LPVOID reserved) -{ - switch (reason) { - case DLL_PROCESS_ATTACH: - p11_library_init (); - break; - case DLL_THREAD_DETACH: - p11_library_thread_cleanup (); - break; - case DLL_PROCESS_DETACH: - p11_proxy_module_cleanup (); - p11_library_uninit (); - break; - default: - break; - } - - return TRUE; -} - -#endif /* OS_WIN32 */ diff --git a/p11-kit/virtual.c b/p11-kit/virtual.c deleted file mode 100644 index bb0d845..0000000 --- a/p11-kit/virtual.c +++ /dev/null @@ -1,2975 +0,0 @@ -/* - * Copyright (C) 2008 Stefan Walter - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@gnome.org> - */ - -#include "config.h" - -#include "compat.h" -#define P11_DEBUG_FLAG P11_DEBUG_LIB -#include "debug.h" -#include "library.h" -#include "virtual.h" - -#include <assert.h> -#include <stdarg.h> -#include <stdlib.h> -#include <string.h> - -#ifdef WITH_FFI - -/* - * We use libffi to build closures. Note that even with libffi certain - * platforms do not support using ffi_closure. In this case FFI_CLOSURES will - * not be defined. This is checked in configure.ac - */ - -/* - * Since libffi uses shared memory to store that, releasing it - * will cause issues on any other child or parent process that relies - * on that. Don't release it. - */ -#define LIBFFI_FREE_CLOSURES 0 - -#include "ffi.h" -#ifndef FFI_CLOSURES -#error "FFI_CLOSURES should be checked in configure.ac" -#endif - -/* There are 66 functions in PKCS#11, with a maximum of 8 args */ -#define MAX_FUNCTIONS 66 -#define MAX_ARGS 10 - -typedef struct { - /* This is first so we can cast between CK_FUNCTION_LIST* and Context* */ - CK_FUNCTION_LIST bound; - - /* The PKCS#11 functions to call into */ - p11_virtual *virt; - p11_destroyer destroyer; - - /* A list of our libffi built closures, for cleanup later */ - ffi_closure *ffi_closures[MAX_FUNCTIONS]; - ffi_cif ffi_cifs[MAX_FUNCTIONS]; - int ffi_used; -} Wrapper; - -static CK_RV -short_C_GetFunctionStatus (CK_SESSION_HANDLE handle) -{ - return CKR_FUNCTION_NOT_PARALLEL; -} - -static CK_RV -short_C_CancelFunction (CK_SESSION_HANDLE handle) -{ - return CKR_FUNCTION_NOT_PARALLEL; -} - -static void -binding_C_GetFunctionList (ffi_cif *cif, - CK_RV *ret, - void* args[], - Wrapper *wrapper) -{ - CK_FUNCTION_LIST_PTR_PTR list = *(CK_FUNCTION_LIST_PTR_PTR *)args[0]; - - if (list == NULL) { - *ret = CKR_ARGUMENTS_BAD; - } else { - *list = &wrapper->bound; - *ret = CKR_OK; - } -} - -static void -binding_C_Initialize (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_Initialize (funcs, - *(CK_VOID_PTR *)args[0]); -} - -static void -binding_C_Finalize (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_Finalize (funcs, - *(CK_VOID_PTR *)args[0]); -} - -static void -binding_C_GetInfo (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_GetInfo (funcs, - *(CK_INFO_PTR *)args[0]); -} - -static void -binding_C_GetSlotList (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_GetSlotList (funcs, - *(CK_BBOOL *)args[0], - *(CK_SLOT_ID_PTR *)args[1], - *(CK_ULONG_PTR *)args[2]); -} - -static void -binding_C_GetSlotInfo (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_GetSlotInfo (funcs, - *(CK_SLOT_ID *)args[0], - *(CK_SLOT_INFO_PTR *)args[1]); -} - -static void -binding_C_GetTokenInfo (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_GetTokenInfo (funcs, - *(CK_SLOT_ID *)args[0], - *(CK_TOKEN_INFO_PTR *)args[1]); -} - -static void -binding_C_WaitForSlotEvent (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_WaitForSlotEvent (funcs, - *(CK_FLAGS *)args[0], - *(CK_SLOT_ID_PTR *)args[1], - *(CK_VOID_PTR *)args[2]); -} - -static void -binding_C_GetMechanismList (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_GetMechanismList (funcs, - *(CK_SLOT_ID *)args[0], - *(CK_MECHANISM_TYPE_PTR *)args[1], - *(CK_ULONG_PTR *)args[2]); -} - -static void -binding_C_GetMechanismInfo (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_GetMechanismInfo (funcs, - *(CK_SLOT_ID *)args[0], - *(CK_MECHANISM_TYPE *)args[1], - *(CK_MECHANISM_INFO_PTR *)args[2]); -} - -static void -binding_C_InitToken (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_InitToken (funcs, - *(CK_SLOT_ID *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2], - *(CK_BYTE_PTR *)args[3]); -} - -static void -binding_C_InitPIN (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_InitPIN (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2]); -} - -static void -binding_C_SetPIN (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_SetPIN (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2], - *(CK_BYTE_PTR *)args[3], - *(CK_ULONG *)args[4]); -} - -static void -binding_C_OpenSession (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_OpenSession (funcs, - *(CK_SLOT_ID *)args[0], - *(CK_FLAGS *)args[1], - *(CK_VOID_PTR *)args[2], - *(CK_NOTIFY *)args[3], - *(CK_SESSION_HANDLE_PTR *)args[4]); -} - -static void -binding_C_CloseSession (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_CloseSession (funcs, - *(CK_SESSION_HANDLE *)args[0]); -} - -static void -binding_C_CloseAllSessions (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_CloseAllSessions (funcs, - *(CK_SLOT_ID *)args[0]); -} - -static void -binding_C_GetSessionInfo (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_GetSessionInfo (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_SESSION_INFO_PTR *)args[1]); -} - -static void -binding_C_GetOperationState (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_GetOperationState (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG_PTR *)args[2]); -} - -static void -binding_C_SetOperationState (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_SetOperationState (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2], - *(CK_OBJECT_HANDLE *)args[3], - *(CK_OBJECT_HANDLE *)args[4]); -} - -static void -binding_C_Login (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_Login (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_USER_TYPE *)args[1], - *(CK_BYTE_PTR *)args[2], - *(CK_ULONG *)args[3]); -} - -static void -binding_C_Logout (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_Logout (funcs, - *(CK_SESSION_HANDLE *)args[0]); -} - -static void -binding_C_CreateObject (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_CreateObject (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_ATTRIBUTE_PTR *)args[1], - *(CK_ULONG *)args[2], - *(CK_OBJECT_HANDLE_PTR *)args[3]); -} - -static void -binding_C_CopyObject (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_CopyObject (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_OBJECT_HANDLE *)args[1], - *(CK_ATTRIBUTE_PTR *)args[2], - *(CK_ULONG *)args[3], - *(CK_OBJECT_HANDLE_PTR *)args[4]); -} - -static void -binding_C_DestroyObject (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_DestroyObject (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_OBJECT_HANDLE *)args[1]); -} - -static void -binding_C_GetObjectSize (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_GetObjectSize (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_OBJECT_HANDLE *)args[1], - *(CK_ULONG_PTR *)args[2]); -} - -static void -binding_C_GetAttributeValue (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_GetAttributeValue (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_OBJECT_HANDLE *)args[1], - *(CK_ATTRIBUTE_PTR *)args[2], - *(CK_ULONG *)args[3]); -} - -static void -binding_C_SetAttributeValue (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_SetAttributeValue (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_OBJECT_HANDLE *)args[1], - *(CK_ATTRIBUTE_PTR *)args[2], - *(CK_ULONG *)args[3]); -} - -static void -binding_C_FindObjectsInit (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_FindObjectsInit (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_ATTRIBUTE_PTR *)args[1], - *(CK_ULONG *)args[2]); -} - -static void -binding_C_FindObjects (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_FindObjects (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_OBJECT_HANDLE_PTR *)args[1], - *(CK_ULONG *)args[2], - *(CK_ULONG_PTR *)args[3]); -} - -static void -binding_C_FindObjectsFinal (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_FindObjectsFinal (funcs, - *(CK_SESSION_HANDLE *)args[0]); -} - -static void -binding_C_EncryptInit (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_EncryptInit (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_MECHANISM_PTR *)args[1], - *(CK_OBJECT_HANDLE *)args[2]); -} - -static void -binding_C_Encrypt (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_Encrypt (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2], - *(CK_BYTE_PTR *)args[3], - *(CK_ULONG_PTR *)args[4]); -} - -static void -binding_C_EncryptUpdate (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_EncryptUpdate (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2], - *(CK_BYTE_PTR *)args[3], - *(CK_ULONG_PTR *)args[4]); -} - -static void -binding_C_EncryptFinal (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_EncryptFinal (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG_PTR *)args[2]); -} - -static void -binding_C_DecryptInit (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_DecryptInit (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_MECHANISM_PTR *)args[1], - *(CK_OBJECT_HANDLE *)args[2]); -} - -static void -binding_C_Decrypt (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_Decrypt (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2], - *(CK_BYTE_PTR *)args[3], - *(CK_ULONG_PTR *)args[4]); -} - -static void -binding_C_DecryptUpdate (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_DecryptUpdate (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2], - *(CK_BYTE_PTR *)args[3], - *(CK_ULONG_PTR *)args[4]); -} - -static void -binding_C_DecryptFinal (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_DecryptFinal (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG_PTR *)args[2]); -} - -static void -binding_C_DigestInit (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_DigestInit (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_MECHANISM_PTR *)args[1]); -} - -static void -binding_C_Digest (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_Digest (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2], - *(CK_BYTE_PTR *)args[3], - *(CK_ULONG_PTR *)args[4]); -} - -static void -binding_C_DigestUpdate (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_DigestUpdate (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2]); -} - -static void -binding_C_DigestKey (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_DigestKey (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_OBJECT_HANDLE *)args[1]); -} - -static void -binding_C_DigestFinal (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_DigestFinal (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG_PTR *)args[2]); -} - -static void -binding_C_SignInit (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_SignInit (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_MECHANISM_PTR *)args[1], - *(CK_OBJECT_HANDLE *)args[2]); -} - -static void -binding_C_Sign (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_Sign (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2], - *(CK_BYTE_PTR *)args[3], - *(CK_ULONG_PTR *)args[4]); -} - -static void -binding_C_SignUpdate (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_SignUpdate (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2]); -} - -static void -binding_C_SignFinal (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_SignFinal (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG_PTR *)args[2]); -} - -static void -binding_C_SignRecoverInit (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_SignRecoverInit (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_MECHANISM_PTR *)args[1], - *(CK_OBJECT_HANDLE *)args[2]); -} - -static void -binding_C_SignRecover (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_SignRecover (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2], - *(CK_BYTE_PTR *)args[3], - *(CK_ULONG_PTR *)args[4]); -} - -static void -binding_C_VerifyInit (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_VerifyInit (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_MECHANISM_PTR *)args[1], - *(CK_OBJECT_HANDLE *)args[2]); -} - -static void -binding_C_Verify (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_Verify (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2], - *(CK_BYTE_PTR *)args[3], - *(CK_ULONG *)args[4]); -} - -static void -binding_C_VerifyUpdate (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_VerifyUpdate (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2]); -} - -static void -binding_C_VerifyFinal (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_VerifyFinal (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2]); -} - -static void -binding_C_VerifyRecoverInit (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_VerifyRecoverInit (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_MECHANISM_PTR *)args[1], - *(CK_OBJECT_HANDLE *)args[2]); -} - -static void -binding_C_VerifyRecover (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_VerifyRecover (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2], - *(CK_BYTE_PTR *)args[3], - *(CK_ULONG_PTR *)args[4]); -} - -static void -binding_C_DigestEncryptUpdate (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_DigestEncryptUpdate (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2], - *(CK_BYTE_PTR *)args[3], - *(CK_ULONG_PTR *)args[4]); -} - -static void -binding_C_DecryptDigestUpdate (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_DecryptDigestUpdate (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2], - *(CK_BYTE_PTR *)args[3], - *(CK_ULONG_PTR *)args[4]); -} - -static void -binding_C_SignEncryptUpdate (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_SignEncryptUpdate (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2], - *(CK_BYTE_PTR *)args[3], - *(CK_ULONG_PTR *)args[4]); -} - -static void -binding_C_DecryptVerifyUpdate (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_DecryptVerifyUpdate (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2], - *(CK_BYTE_PTR *)args[3], - *(CK_ULONG_PTR *)args[4]); -} - -static void -binding_C_GenerateKey (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_GenerateKey (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_MECHANISM_PTR *)args[1], - *(CK_ATTRIBUTE_PTR *)args[2], - *(CK_ULONG *)args[3], - *(CK_OBJECT_HANDLE_PTR *)args[4]); -} - -static void -binding_C_GenerateKeyPair (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_GenerateKeyPair (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_MECHANISM_PTR *)args[1], - *(CK_ATTRIBUTE_PTR *)args[2], - *(CK_ULONG *)args[3], - *(CK_ATTRIBUTE_PTR *)args[4], - *(CK_ULONG *)args[5], - *(CK_OBJECT_HANDLE_PTR *)args[6], - *(CK_OBJECT_HANDLE_PTR *)args[7]); -} - -static void -binding_C_WrapKey (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_WrapKey (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_MECHANISM_PTR *)args[1], - *(CK_OBJECT_HANDLE *)args[2], - *(CK_OBJECT_HANDLE *)args[3], - *(CK_BYTE_PTR *)args[4], - *(CK_ULONG_PTR *)args[5]); -} - -static void -binding_C_UnwrapKey (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_UnwrapKey (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_MECHANISM_PTR *)args[1], - *(CK_OBJECT_HANDLE *)args[2], - *(CK_BYTE_PTR *)args[3], - *(CK_ULONG *)args[4], - *(CK_ATTRIBUTE_PTR *)args[5], - *(CK_ULONG *)args[6], - *(CK_OBJECT_HANDLE_PTR *)args[7]); -} - -static void -binding_C_DeriveKey (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_DeriveKey (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_MECHANISM_PTR *)args[1], - *(CK_OBJECT_HANDLE *)args[2], - *(CK_ATTRIBUTE_PTR *)args[3], - *(CK_ULONG *)args[4], - *(CK_OBJECT_HANDLE_PTR *)args[5]); -} - -static void -binding_C_SeedRandom (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_SeedRandom (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2]); -} - -static void -binding_C_GenerateRandom (ffi_cif *cif, - CK_RV *ret, - void* args[], - CK_X_FUNCTION_LIST *funcs) -{ - *ret = funcs->C_GenerateRandom (funcs, - *(CK_SESSION_HANDLE *)args[0], - *(CK_BYTE_PTR *)args[1], - *(CK_ULONG *)args[2]); -} - -#endif /* WITH_FFI */ - -static CK_RV -stack_C_Initialize (CK_X_FUNCTION_LIST *self, - CK_VOID_PTR init_args) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_Initialize (funcs, init_args); -} - -static CK_RV -stack_C_Finalize (CK_X_FUNCTION_LIST *self, - CK_VOID_PTR reserved) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_Finalize (funcs, reserved); -} - -static CK_RV -stack_C_GetInfo (CK_X_FUNCTION_LIST *self, - CK_INFO_PTR info) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetInfo (funcs, info); -} - -static CK_RV -stack_C_GetSlotList (CK_X_FUNCTION_LIST *self, - CK_BBOOL token_present, - CK_SLOT_ID_PTR slot_list, - CK_ULONG_PTR count) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetSlotList (funcs, token_present, slot_list, count); -} - -static CK_RV -stack_C_GetSlotInfo (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_SLOT_INFO_PTR info) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetSlotInfo (funcs, slot_id, info); -} - -static CK_RV -stack_C_GetTokenInfo (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_TOKEN_INFO_PTR info) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetTokenInfo (funcs, slot_id, info); -} - -static CK_RV -stack_C_GetMechanismList (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_MECHANISM_TYPE_PTR mechanism_list, - CK_ULONG_PTR count) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetMechanismList (funcs, slot_id, mechanism_list, count); -} - -static CK_RV -stack_C_GetMechanismInfo (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_MECHANISM_TYPE type, - CK_MECHANISM_INFO_PTR info) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetMechanismInfo (funcs, slot_id, type, info); -} - -static CK_RV -stack_C_InitToken (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len, - CK_UTF8CHAR_PTR label) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_InitToken (funcs, slot_id, pin, pin_len, label); -} - -static CK_RV -stack_C_OpenSession (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_FLAGS flags, - CK_VOID_PTR application, - CK_NOTIFY notify, - CK_SESSION_HANDLE_PTR session) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_OpenSession (funcs, slot_id, flags, application, notify, session); -} - -static CK_RV -stack_C_CloseSession (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_CloseSession (funcs, session); -} - -static CK_RV -stack_C_CloseAllSessions (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_CloseAllSessions (funcs, slot_id); -} - -static CK_RV -stack_C_GetSessionInfo (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_SESSION_INFO_PTR info) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetSessionInfo (funcs, session, info); -} - -static CK_RV -stack_C_InitPIN (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_InitPIN (funcs, session, pin, pin_len); -} - -static CK_RV -stack_C_SetPIN (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_UTF8CHAR_PTR old_pin, - CK_ULONG old_len, - CK_UTF8CHAR_PTR new_pin, - CK_ULONG new_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SetPIN (funcs, session, old_pin, old_len, new_pin, new_len); -} - -static CK_RV -stack_C_GetOperationState (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR operation_state, - CK_ULONG_PTR operation_state_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetOperationState (funcs, session, operation_state, operation_state_len); -} - -static CK_RV -stack_C_SetOperationState (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR operation_state, - CK_ULONG operation_state_len, - CK_OBJECT_HANDLE encryption_key, - CK_OBJECT_HANDLE authentication_key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SetOperationState (funcs, session, operation_state, operation_state_len, - encryption_key, authentication_key); -} - -static CK_RV -stack_C_Login (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_USER_TYPE user_type, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_Login (funcs, session, user_type, pin, pin_len); -} - -static CK_RV -stack_C_Logout (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_Logout (funcs, session); -} - -static CK_RV -stack_C_CreateObject (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR object) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_CreateObject (funcs, session, template, count, object); -} - -static CK_RV -stack_C_CopyObject (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR new_object) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_CopyObject (funcs, session, object, template, count, new_object); -} - - -static CK_RV -stack_C_DestroyObject (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DestroyObject (funcs, session, object); -} - -static CK_RV -stack_C_GetObjectSize (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ULONG_PTR size) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetObjectSize (funcs, session, object, size); -} - -static CK_RV -stack_C_GetAttributeValue (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetAttributeValue (funcs, session, object, template, count); -} - -static CK_RV -stack_C_SetAttributeValue (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SetAttributeValue (funcs, session, object, template, count); -} - -static CK_RV -stack_C_FindObjectsInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_FindObjectsInit (funcs, session, template, count); -} - -static CK_RV -stack_C_FindObjects (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE_PTR object, - CK_ULONG max_object_count, - CK_ULONG_PTR object_count) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_FindObjects (funcs, session, object, max_object_count, object_count); -} - -static CK_RV -stack_C_FindObjectsFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_FindObjectsFinal (funcs, session); -} - -static CK_RV -stack_C_EncryptInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_EncryptInit (funcs, session, mechanism, key); -} - -static CK_RV -stack_C_Encrypt (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR input, - CK_ULONG input_len, - CK_BYTE_PTR encrypted_data, - CK_ULONG_PTR encrypted_data_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_Encrypt (funcs, session, input, input_len, - encrypted_data, encrypted_data_len); -} - -static CK_RV -stack_C_EncryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR encrypted_part, - CK_ULONG_PTR encrypted_part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_EncryptUpdate (funcs, session, part, part_len, - encrypted_part, encrypted_part_len); -} - -static CK_RV -stack_C_EncryptFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR last_encrypted_part, - CK_ULONG_PTR last_encrypted_part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_EncryptFinal (funcs, session, last_encrypted_part, - last_encrypted_part_len); -} - -static CK_RV -stack_C_DecryptInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DecryptInit (funcs, session, mechanism, key); -} - -static CK_RV -stack_C_Decrypt (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR encrypted_data, - CK_ULONG encrypted_data_len, - CK_BYTE_PTR output, - CK_ULONG_PTR output_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_Decrypt (funcs, session, encrypted_data, encrypted_data_len, - output, output_len); -} - -static CK_RV -stack_C_DecryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR encrypted_part, - CK_ULONG encrypted_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DecryptUpdate (funcs, session, encrypted_part, encrypted_part_len, - part, part_len); -} - -static CK_RV -stack_C_DecryptFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR last_part, - CK_ULONG_PTR last_part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DecryptFinal (funcs, session, last_part, last_part_len); -} - -static CK_RV -stack_C_DigestInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DigestInit (funcs, session, mechanism); -} - -static CK_RV -stack_C_Digest (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR input, - CK_ULONG input_len, - CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_Digest (funcs, session, input, input_len, digest, digest_len); -} - -static CK_RV -stack_C_DigestUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DigestUpdate (funcs, session, part, part_len); -} - -static CK_RV -stack_C_DigestKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DigestKey (funcs, session, key); -} - -static CK_RV -stack_C_DigestFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DigestFinal (funcs, session, digest, digest_len); -} - -static CK_RV -stack_C_SignInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SignInit (funcs, session, mechanism, key); -} - -static CK_RV -stack_C_Sign (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR input, - CK_ULONG input_len, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_Sign (funcs, session, input, input_len, - signature, signature_len); -} - -static CK_RV -stack_C_SignUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SignUpdate (funcs, session, part, part_len); -} - -static CK_RV -stack_C_SignFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SignFinal (funcs, session, signature, signature_len); -} - -static CK_RV -stack_C_SignRecoverInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SignRecoverInit (funcs, session, mechanism, key); -} - -static CK_RV -stack_C_SignRecover (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR input, - CK_ULONG input_len, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SignRecover (funcs, session, input, input_len, - signature, signature_len); -} - -static CK_RV -stack_C_VerifyInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_VerifyInit (funcs, session, mechanism, key); -} - -static CK_RV -stack_C_Verify (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR input, - CK_ULONG input_len, - CK_BYTE_PTR signature, - CK_ULONG signature_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_Verify (funcs, session, input, input_len, - signature, signature_len); -} - -static CK_RV -stack_C_VerifyUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_VerifyUpdate (funcs, session, part, part_len); -} - -static CK_RV -stack_C_VerifyFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR signature, - CK_ULONG signature_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_VerifyFinal (funcs, session, signature, signature_len); -} - -static CK_RV -stack_C_VerifyRecoverInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_VerifyRecoverInit (funcs, session, mechanism, key); -} - -static CK_RV -stack_C_VerifyRecover (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR signature, - CK_ULONG signature_len, - CK_BYTE_PTR input, - CK_ULONG_PTR input_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_VerifyRecover (funcs, session, signature, signature_len, - input, input_len); -} - -static CK_RV -stack_C_DigestEncryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR encrypted_part, - CK_ULONG_PTR encrypted_part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DigestEncryptUpdate (funcs, session, part, part_len, - encrypted_part, encrypted_part_len); -} - -static CK_RV -stack_C_DecryptDigestUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR encrypted_part, - CK_ULONG encrypted_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DecryptDigestUpdate (funcs, session, encrypted_part, encrypted_part_len, - part, part_len); -} - -static CK_RV -stack_C_SignEncryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR encrypted_part, - CK_ULONG_PTR encrypted_part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SignEncryptUpdate (funcs, session, part, part_len, - encrypted_part, encrypted_part_len); -} - -static CK_RV -stack_C_DecryptVerifyUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR encrypted_part, - CK_ULONG encrypted_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DecryptVerifyUpdate (funcs, session, encrypted_part, encrypted_part_len, - part, part_len); -} - -static CK_RV -stack_C_GenerateKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GenerateKey (funcs, session, mechanism, template, count, key); -} - -static CK_RV -stack_C_GenerateKeyPair (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR public_key_template, - CK_ULONG public_key_count, - CK_ATTRIBUTE_PTR private_key_template, - CK_ULONG private_key_count, - CK_OBJECT_HANDLE_PTR public_key, - CK_OBJECT_HANDLE_PTR private_key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GenerateKeyPair (funcs, session, mechanism, public_key_template, - public_key_count, private_key_template, - private_key_count, public_key, private_key); -} - -static CK_RV -stack_C_WrapKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE wrapping_key, - CK_OBJECT_HANDLE key, - CK_BYTE_PTR wrapped_key, - CK_ULONG_PTR wrapped_key_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_WrapKey (funcs, session, mechanism, wrapping_key, key, - wrapped_key, wrapped_key_len); -} - -static CK_RV -stack_C_UnwrapKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE unwrapping_key, - CK_BYTE_PTR wrapped_key, - CK_ULONG wrapped_key_len, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_UnwrapKey (funcs, session, mechanism, unwrapping_key, wrapped_key, - wrapped_key_len, template, count, key); -} - -static CK_RV -stack_C_DeriveKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE base_key, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DeriveKey (funcs, session, mechanism, base_key, template, count, key); -} - -static CK_RV -stack_C_SeedRandom (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR seed, - CK_ULONG seed_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SeedRandom (funcs, session, seed, seed_len); -} - -static CK_RV -stack_C_GenerateRandom (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR random_data, - CK_ULONG random_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GenerateRandom (funcs, session, random_data, random_len); -} - -static CK_RV -stack_C_WaitForSlotEvent (CK_X_FUNCTION_LIST *self, - CK_FLAGS flags, - CK_SLOT_ID_PTR slot_id, - CK_VOID_PTR reserved) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_X_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_WaitForSlotEvent (funcs, flags, slot_id, reserved); -} - -static CK_RV -base_C_Initialize (CK_X_FUNCTION_LIST *self, - CK_VOID_PTR init_args) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_Initialize (init_args); -} - -static CK_RV -base_C_Finalize (CK_X_FUNCTION_LIST *self, - CK_VOID_PTR reserved) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_Finalize (reserved); -} - -static CK_RV -base_C_GetInfo (CK_X_FUNCTION_LIST *self, - CK_INFO_PTR info) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetInfo (info); -} - -static CK_RV -base_C_GetSlotList (CK_X_FUNCTION_LIST *self, - CK_BBOOL token_present, - CK_SLOT_ID_PTR slot_list, - CK_ULONG_PTR count) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetSlotList (token_present, slot_list, count); -} - -static CK_RV -base_C_GetSlotInfo (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_SLOT_INFO_PTR info) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetSlotInfo (slot_id, info); -} - -static CK_RV -base_C_GetTokenInfo (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_TOKEN_INFO_PTR info) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetTokenInfo (slot_id, info); -} - -static CK_RV -base_C_GetMechanismList (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_MECHANISM_TYPE_PTR mechanism_list, - CK_ULONG_PTR count) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetMechanismList (slot_id, mechanism_list, count); -} - -static CK_RV -base_C_GetMechanismInfo (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_MECHANISM_TYPE type, - CK_MECHANISM_INFO_PTR info) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetMechanismInfo (slot_id, type, info); -} - -static CK_RV -base_C_InitToken (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len, - CK_UTF8CHAR_PTR label) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_InitToken (slot_id, pin, pin_len, label); -} - -static CK_RV -base_C_OpenSession (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id, - CK_FLAGS flags, - CK_VOID_PTR application, - CK_NOTIFY notify, - CK_SESSION_HANDLE_PTR session) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_OpenSession (slot_id, flags, application, notify, session); -} - -static CK_RV -base_C_CloseSession (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_CloseSession (session); -} - -static CK_RV -base_C_CloseAllSessions (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID slot_id) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_CloseAllSessions (slot_id); -} - -static CK_RV -base_C_GetSessionInfo (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_SESSION_INFO_PTR info) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetSessionInfo (session, info); -} - -static CK_RV -base_C_InitPIN (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_InitPIN (session, pin, pin_len); -} - -static CK_RV -base_C_SetPIN (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_UTF8CHAR_PTR old_pin, - CK_ULONG old_len, - CK_UTF8CHAR_PTR new_pin, - CK_ULONG new_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SetPIN (session, old_pin, old_len, new_pin, new_len); -} - -static CK_RV -base_C_GetOperationState (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR operation_state, - CK_ULONG_PTR operation_state_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetOperationState (session, operation_state, operation_state_len); -} - -static CK_RV -base_C_SetOperationState (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR operation_state, - CK_ULONG operation_state_len, - CK_OBJECT_HANDLE encryption_key, - CK_OBJECT_HANDLE authentication_key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SetOperationState (session, operation_state, operation_state_len, - encryption_key, authentication_key); -} - -static CK_RV -base_C_Login (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_USER_TYPE user_type, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_Login (session, user_type, pin, pin_len); -} - -static CK_RV -base_C_Logout (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_Logout (session); -} - -static CK_RV -base_C_CreateObject (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR object) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_CreateObject (session, template, count, object); -} - -static CK_RV -base_C_CopyObject (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR new_object) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_CopyObject (session, object, template, count, new_object); -} - - -static CK_RV -base_C_DestroyObject (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DestroyObject (session, object); -} - -static CK_RV -base_C_GetObjectSize (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ULONG_PTR size) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetObjectSize (session, object, size); -} - -static CK_RV -base_C_GetAttributeValue (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GetAttributeValue (session, object, template, count); -} - -static CK_RV -base_C_SetAttributeValue (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SetAttributeValue (session, object, template, count); -} - -static CK_RV -base_C_FindObjectsInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_FindObjectsInit (session, template, count); -} - -static CK_RV -base_C_FindObjects (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE_PTR object, - CK_ULONG max_object_count, - CK_ULONG_PTR object_count) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_FindObjects (session, object, max_object_count, object_count); -} - -static CK_RV -base_C_FindObjectsFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_FindObjectsFinal (session); -} - -static CK_RV -base_C_EncryptInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_EncryptInit (session, mechanism, key); -} - -static CK_RV -base_C_Encrypt (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR input, - CK_ULONG input_len, - CK_BYTE_PTR encrypted_data, - CK_ULONG_PTR encrypted_data_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_Encrypt (session, input, input_len, - encrypted_data, encrypted_data_len); -} - -static CK_RV -base_C_EncryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR encrypted_part, - CK_ULONG_PTR encrypted_part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_EncryptUpdate (session, part, part_len, - encrypted_part, encrypted_part_len); -} - -static CK_RV -base_C_EncryptFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR last_encrypted_part, - CK_ULONG_PTR last_encrypted_part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_EncryptFinal (session, last_encrypted_part, - last_encrypted_part_len); -} - -static CK_RV -base_C_DecryptInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DecryptInit (session, mechanism, key); -} - -static CK_RV -base_C_Decrypt (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR encrypted_data, - CK_ULONG encrypted_data_len, - CK_BYTE_PTR output, - CK_ULONG_PTR output_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_Decrypt (session, encrypted_data, encrypted_data_len, - output, output_len); -} - -static CK_RV -base_C_DecryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR encrypted_part, - CK_ULONG encrypted_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DecryptUpdate (session, encrypted_part, encrypted_part_len, - part, part_len); -} - -static CK_RV -base_C_DecryptFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR last_part, - CK_ULONG_PTR last_part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DecryptFinal (session, last_part, last_part_len); -} - -static CK_RV -base_C_DigestInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DigestInit (session, mechanism); -} - -static CK_RV -base_C_Digest (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR input, - CK_ULONG input_len, - CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_Digest (session, input, input_len, digest, digest_len); -} - -static CK_RV -base_C_DigestUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DigestUpdate (session, part, part_len); -} - -static CK_RV -base_C_DigestKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DigestKey (session, key); -} - -static CK_RV -base_C_DigestFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DigestFinal (session, digest, digest_len); -} - -static CK_RV -base_C_SignInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SignInit (session, mechanism, key); -} - -static CK_RV -base_C_Sign (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR input, - CK_ULONG input_len, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_Sign (session, input, input_len, - signature, signature_len); -} - -static CK_RV -base_C_SignUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SignUpdate (session, part, part_len); -} - -static CK_RV -base_C_SignFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SignFinal (session, signature, signature_len); -} - -static CK_RV -base_C_SignRecoverInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SignRecoverInit (session, mechanism, key); -} - -static CK_RV -base_C_SignRecover (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR input, - CK_ULONG input_len, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SignRecover (session, input, input_len, - signature, signature_len); -} - -static CK_RV -base_C_VerifyInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_VerifyInit (session, mechanism, key); -} - -static CK_RV -base_C_Verify (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR input, - CK_ULONG input_len, - CK_BYTE_PTR signature, - CK_ULONG signature_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_Verify (session, input, input_len, - signature, signature_len); -} - -static CK_RV -base_C_VerifyUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_VerifyUpdate (session, part, part_len); -} - -static CK_RV -base_C_VerifyFinal (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR signature, - CK_ULONG signature_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_VerifyFinal (session, signature, signature_len); -} - -static CK_RV -base_C_VerifyRecoverInit (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_VerifyRecoverInit (session, mechanism, key); -} - -static CK_RV -base_C_VerifyRecover (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR signature, - CK_ULONG signature_len, - CK_BYTE_PTR input, - CK_ULONG_PTR input_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_VerifyRecover (session, signature, signature_len, - input, input_len); -} - -static CK_RV -base_C_DigestEncryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR encrypted_part, - CK_ULONG_PTR encrypted_part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DigestEncryptUpdate (session, part, part_len, - encrypted_part, encrypted_part_len); -} - -static CK_RV -base_C_DecryptDigestUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR encrypted_part, - CK_ULONG encrypted_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DecryptDigestUpdate (session, encrypted_part, encrypted_part_len, - part, part_len); -} - -static CK_RV -base_C_SignEncryptUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR encrypted_part, - CK_ULONG_PTR encrypted_part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SignEncryptUpdate (session, part, part_len, - encrypted_part, encrypted_part_len); -} - -static CK_RV -base_C_DecryptVerifyUpdate (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR encrypted_part, - CK_ULONG encrypted_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DecryptVerifyUpdate (session, encrypted_part, encrypted_part_len, - part, part_len); -} - -static CK_RV -base_C_GenerateKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GenerateKey (session, mechanism, template, count, key); -} - -static CK_RV -base_C_GenerateKeyPair (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR public_key_template, - CK_ULONG public_key_count, - CK_ATTRIBUTE_PTR private_key_template, - CK_ULONG private_key_count, - CK_OBJECT_HANDLE_PTR public_key, - CK_OBJECT_HANDLE_PTR private_key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GenerateKeyPair (session, mechanism, public_key_template, - public_key_count, private_key_template, - private_key_count, public_key, private_key); -} - -static CK_RV -base_C_WrapKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE wrapping_key, - CK_OBJECT_HANDLE key, - CK_BYTE_PTR wrapped_key, - CK_ULONG_PTR wrapped_key_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_WrapKey (session, mechanism, wrapping_key, key, - wrapped_key, wrapped_key_len); -} - -static CK_RV -base_C_UnwrapKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE unwrapping_key, - CK_BYTE_PTR wrapped_key, - CK_ULONG wrapped_key_len, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_UnwrapKey (session, mechanism, unwrapping_key, wrapped_key, - wrapped_key_len, template, count, key); -} - -static CK_RV -base_C_DeriveKey (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE base_key, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_DeriveKey (session, mechanism, base_key, template, count, key); -} - -static CK_RV -base_C_SeedRandom (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR seed, - CK_ULONG seed_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_SeedRandom (session, seed, seed_len); -} - -static CK_RV -base_C_GenerateRandom (CK_X_FUNCTION_LIST *self, - CK_SESSION_HANDLE session, - CK_BYTE_PTR random_data, - CK_ULONG random_len) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_GenerateRandom (session, random_data, random_len); -} - -static CK_RV -base_C_WaitForSlotEvent (CK_X_FUNCTION_LIST *self, - CK_FLAGS flags, - CK_SLOT_ID_PTR slot_id, - CK_VOID_PTR reserved) -{ - p11_virtual *virt = (p11_virtual *)self; - CK_FUNCTION_LIST *funcs = virt->lower_module; - return funcs->C_WaitForSlotEvent (flags, slot_id, reserved); -} - -void -p11_virtual_init (p11_virtual *virt, - CK_X_FUNCTION_LIST *funcs, - void *lower_module, - p11_destroyer lower_destroy) -{ - memcpy (virt, funcs, sizeof (CK_X_FUNCTION_LIST)); - virt->lower_module = lower_module; - virt->lower_destroy = lower_destroy; -} - -void -p11_virtual_uninit (p11_virtual *virt) -{ - if (virt->lower_destroy) - (virt->lower_destroy) (virt->lower_module); -} - -#ifdef WITH_FFI - -typedef struct { - const char *name; - void *binding_function; - void *stack_fallback; - size_t virtual_offset; - void *base_fallback; - size_t module_offset; - ffi_type *types[MAX_ARGS]; -} FunctionInfo; - -#define STRUCT_OFFSET(struct_type, member) \ - ((size_t) ((unsigned char *) &((struct_type *) 0)->member)) -#define STRUCT_MEMBER_P(struct_p, struct_offset) \ - ((void *) ((unsigned char *) (struct_p) + (long) (struct_offset))) -#define STRUCT_MEMBER(member_type, struct_p, struct_offset) \ - (*(member_type*) STRUCT_MEMBER_P ((struct_p), (struct_offset))) - -#define FUNCTION(name) \ - #name, binding_C_##name, \ - stack_C_##name, STRUCT_OFFSET (CK_X_FUNCTION_LIST, C_##name), \ - base_C_##name, STRUCT_OFFSET (CK_FUNCTION_LIST, C_##name) - -static const FunctionInfo function_info[] = { - { FUNCTION (Initialize), { &ffi_type_pointer, NULL } }, - { FUNCTION (Finalize), { &ffi_type_pointer, NULL } }, - { FUNCTION (GetInfo), { &ffi_type_pointer, NULL } }, - { FUNCTION (GetSlotList), { &ffi_type_uchar, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (GetSlotInfo), { &ffi_type_ulong, &ffi_type_pointer, NULL } }, - { FUNCTION (GetTokenInfo), { &ffi_type_ulong, &ffi_type_pointer, NULL } }, - { FUNCTION (WaitForSlotEvent), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (GetMechanismList), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (GetMechanismInfo), { &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, NULL } }, - { FUNCTION (InitToken), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, NULL } }, - { FUNCTION (InitPIN), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { FUNCTION (SetPIN), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { FUNCTION (OpenSession), { &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (CloseSession), { &ffi_type_ulong, NULL } }, - { FUNCTION (CloseAllSessions), { &ffi_type_ulong, NULL } }, - { FUNCTION (GetSessionInfo), { &ffi_type_ulong, &ffi_type_pointer, NULL } }, - { FUNCTION (GetOperationState), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (SetOperationState), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_ulong, &ffi_type_ulong, NULL } }, - { FUNCTION (Login), { &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { FUNCTION (Logout), { &ffi_type_ulong, NULL } }, - { FUNCTION (CreateObject), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, NULL } }, - { FUNCTION (CopyObject), { &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, NULL } }, - { FUNCTION (DestroyObject), { &ffi_type_ulong, &ffi_type_ulong, NULL } }, - { FUNCTION (GetObjectSize), { &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, NULL } }, - { FUNCTION (GetAttributeValue), { &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { FUNCTION (SetAttributeValue), { &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { FUNCTION (FindObjectsInit), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { FUNCTION (FindObjects), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, NULL } }, - { FUNCTION (FindObjectsFinal), { &ffi_type_ulong, NULL } }, - { FUNCTION (EncryptInit), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { FUNCTION (Encrypt), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (EncryptUpdate), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (EncryptFinal), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (DecryptInit), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { FUNCTION (Decrypt), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (DecryptUpdate), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (DecryptFinal), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (DigestInit), { &ffi_type_ulong, &ffi_type_pointer, NULL } }, - { FUNCTION (Digest), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (DigestUpdate), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { FUNCTION (DigestKey), { &ffi_type_ulong, &ffi_type_ulong, NULL } }, - { FUNCTION (DigestFinal), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (SignInit), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { FUNCTION (Sign), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (SignUpdate), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { FUNCTION (SignFinal), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (SignRecoverInit), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { FUNCTION (SignRecover), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (VerifyInit), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { FUNCTION (Verify), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { FUNCTION (VerifyUpdate), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { FUNCTION (VerifyFinal), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { FUNCTION (VerifyRecoverInit), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { FUNCTION (VerifyRecover), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (DigestEncryptUpdate), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (DecryptDigestUpdate), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (SignEncryptUpdate), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (DecryptVerifyUpdate), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (GenerateKey), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, NULL } }, - { FUNCTION (GenerateKeyPair), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (WrapKey), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, - { FUNCTION (UnwrapKey), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, NULL } }, - { FUNCTION (DeriveKey), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, NULL } }, - { FUNCTION (SeedRandom), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { FUNCTION (GenerateRandom), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, - { 0, } -}; - -static bool -lookup_fall_through (p11_virtual *virt, - const FunctionInfo *info, - void **bound_func) -{ - void *func; - - /* - * So the basic concept here is if we have only fall-through functions - * all the way down the stack, then we can just get the actual module - * function, so that calls go right through. - */ - - func = STRUCT_MEMBER (void *, virt, info->virtual_offset); - - /* - * This is a fall-through function and the stack goes down further, so - * ask the next level down for the - */ - if (func == info->stack_fallback) { - return lookup_fall_through (virt->lower_module, info, bound_func); - - /* - * This is a fall-through function at the bottom level of the stack - * so return the function from the module. - */ - } else if (func == info->base_fallback) { - *bound_func = STRUCT_MEMBER (void *, virt->lower_module, info->module_offset); - return true; - } - - return false; -} - -static bool -bind_ffi_closure (Wrapper *wrapper, - void *binding_data, - void *binding_func, - ffi_type **args, - void **bound_func) -{ - ffi_closure *clo; - ffi_cif *cif; - int nargs = 0; - int i = 0; - int ret; - - assert (wrapper->ffi_used < MAX_FUNCTIONS); - cif = wrapper->ffi_cifs + wrapper->ffi_used; - - /* The number of arguments */ - for (i = 0, nargs = 0; args[i] != NULL; i++) - nargs++; - - assert (nargs <= MAX_ARGS); - - /* - * The failures here are unexpected conditions. There's a chance they - * might occur on other esoteric platforms, so we take a little - * extra care to print relevant debugging info, and return a status, - * so that we can get back useful debug info on platforms that we - * don't have access to. - */ - - ret = ffi_prep_cif (cif, FFI_DEFAULT_ABI, nargs, &ffi_type_ulong, args); - if (ret != FFI_OK) { - p11_debug_precond ("ffi_prep_cif failed: %d\n", ret); - return false; - } - - clo = ffi_closure_alloc (sizeof (ffi_closure), bound_func); - if (clo == NULL) { - p11_debug_precond ("ffi_closure_alloc failed\n"); - return false; - } - - ret = ffi_prep_closure_loc (clo, cif, binding_func, binding_data, *bound_func); - if (ret != FFI_OK) { - p11_debug_precond ("ffi_prep_closure_loc failed: %d\n", ret); - return false; - } - - wrapper->ffi_closures[wrapper->ffi_used] = clo; - wrapper->ffi_used++; - return true; -} - -static bool -init_wrapper_funcs (Wrapper *wrapper) -{ - static const ffi_type *get_function_list_args[] = { &ffi_type_pointer, NULL }; - const FunctionInfo *info; - CK_X_FUNCTION_LIST *over; - void **bound; - int i; - - /* Pointer to where our calls go */ - over = &wrapper->virt->funcs; - - for (i = 0; function_info[i].name != NULL; i++) { - info = function_info + i; - - /* Address to where we're placing the bound function */ - bound = &STRUCT_MEMBER (void *, &wrapper->bound, info->module_offset); - - /* - * See if we can just shoot straight through to the module function - * without wrapping at all. If all the stacked virtual modules just - * fall through, then this returns the original module function. - */ - if (!lookup_fall_through (wrapper->virt, info, bound)) { - if (!bind_ffi_closure (wrapper, over, - info->binding_function, - (ffi_type **)info->types, bound)) - return_val_if_reached (false); - } - } - - /* Always bind the C_GetFunctionList function itself */ - if (!bind_ffi_closure (wrapper, wrapper, - binding_C_GetFunctionList, - (ffi_type **)get_function_list_args, - (void **)&wrapper->bound.C_GetFunctionList)) - return_val_if_reached (false); - - /* - * These functions are used as a marker to indicate whether this is - * one of our CK_FUNCTION_LIST_PTR sets of functions or not. These - * functions are defined to always have the same standard implementation - * in PKCS#11 2.x so we don't need to call through to the base for - * these guys. - */ - wrapper->bound.C_CancelFunction = short_C_CancelFunction; - wrapper->bound.C_GetFunctionStatus = short_C_GetFunctionStatus; - - return true; -} - -#if LIBFFI_FREE_CLOSURES -static void -uninit_wrapper_funcs (Wrapper *wrapper) -{ - int i; - - for (i = 0; i < wrapper->ffi_used; i++) - ffi_closure_free (wrapper->ffi_closures[i]); -} -#endif - -CK_FUNCTION_LIST * -p11_virtual_wrap (p11_virtual *virt, - p11_destroyer destroyer) -{ - Wrapper *wrapper; - - return_val_if_fail (virt != NULL, NULL); - - wrapper = calloc (1, sizeof (Wrapper)); - return_val_if_fail (wrapper != NULL, NULL); - - wrapper->virt = virt; - wrapper->destroyer = destroyer; - wrapper->bound.version.major = CRYPTOKI_VERSION_MAJOR; - wrapper->bound.version.minor = CRYPTOKI_VERSION_MINOR; - - if (!init_wrapper_funcs (wrapper)) - return_val_if_reached (NULL); - - assert ((void *)wrapper == (void *)&wrapper->bound); - assert (p11_virtual_is_wrapper (&wrapper->bound)); - assert (wrapper->bound.C_GetFunctionList != NULL); - return &wrapper->bound; -} - -bool -p11_virtual_can_wrap (void) -{ - return TRUE; -} - -bool -p11_virtual_is_wrapper (CK_FUNCTION_LIST_PTR module) -{ - /* - * We use these functions as a marker to indicate whether this is - * one of our CK_FUNCTION_LIST_PTR sets of functions or not. These - * functions are defined to always have the same standard implementation - * in PKCS#11 2.x so we don't need to call through to the base for - * these guys. - */ - return (module->C_GetFunctionStatus == short_C_GetFunctionStatus && - module->C_CancelFunction == short_C_CancelFunction); -} - -void -p11_virtual_unwrap (CK_FUNCTION_LIST_PTR module) -{ - Wrapper *wrapper; - - return_if_fail (p11_virtual_is_wrapper (module)); - - /* The bound CK_FUNCTION_LIST_PTR sits at the front of Context */ - wrapper = (Wrapper *)module; - - /* - * Make sure that the CK_FUNCTION_LIST_PTR is invalid, and that - * p11_virtual_is_wrapper() recognizes this. This is in case the - * destroyer callback tries to do something fancy. - */ - memset (&wrapper->bound, 0xFE, sizeof (wrapper->bound)); - - if (wrapper->destroyer) - (wrapper->destroyer) (wrapper->virt); - -#if LIBFFI_FREE_CLOSURES - uninit_wrapper_funcs (wrapper); -#endif - free (wrapper); -} - -#else /* !WITH_FFI */ - -CK_FUNCTION_LIST * -p11_virtual_wrap (p11_virtual *virt, - p11_destroyer destroyer) -{ - assert_not_reached (); -} - -bool -p11_virtual_can_wrap (void) -{ - return FALSE; -} - -bool -p11_virtual_is_wrapper (CK_FUNCTION_LIST_PTR module) -{ - return FALSE; -} - -void -p11_virtual_unwrap (CK_FUNCTION_LIST_PTR module) -{ - assert_not_reached (); -} - -#endif /* !WITH_FFI */ - -CK_X_FUNCTION_LIST p11_virtual_stack = { - { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, /* version */ - stack_C_Initialize, - stack_C_Finalize, - stack_C_GetInfo, - stack_C_GetSlotList, - stack_C_GetSlotInfo, - stack_C_GetTokenInfo, - stack_C_GetMechanismList, - stack_C_GetMechanismInfo, - stack_C_InitToken, - stack_C_InitPIN, - stack_C_SetPIN, - stack_C_OpenSession, - stack_C_CloseSession, - stack_C_CloseAllSessions, - stack_C_GetSessionInfo, - stack_C_GetOperationState, - stack_C_SetOperationState, - stack_C_Login, - stack_C_Logout, - stack_C_CreateObject, - stack_C_CopyObject, - stack_C_DestroyObject, - stack_C_GetObjectSize, - stack_C_GetAttributeValue, - stack_C_SetAttributeValue, - stack_C_FindObjectsInit, - stack_C_FindObjects, - stack_C_FindObjectsFinal, - stack_C_EncryptInit, - stack_C_Encrypt, - stack_C_EncryptUpdate, - stack_C_EncryptFinal, - stack_C_DecryptInit, - stack_C_Decrypt, - stack_C_DecryptUpdate, - stack_C_DecryptFinal, - stack_C_DigestInit, - stack_C_Digest, - stack_C_DigestUpdate, - stack_C_DigestKey, - stack_C_DigestFinal, - stack_C_SignInit, - stack_C_Sign, - stack_C_SignUpdate, - stack_C_SignFinal, - stack_C_SignRecoverInit, - stack_C_SignRecover, - stack_C_VerifyInit, - stack_C_Verify, - stack_C_VerifyUpdate, - stack_C_VerifyFinal, - stack_C_VerifyRecoverInit, - stack_C_VerifyRecover, - stack_C_DigestEncryptUpdate, - stack_C_DecryptDigestUpdate, - stack_C_SignEncryptUpdate, - stack_C_DecryptVerifyUpdate, - stack_C_GenerateKey, - stack_C_GenerateKeyPair, - stack_C_WrapKey, - stack_C_UnwrapKey, - stack_C_DeriveKey, - stack_C_SeedRandom, - stack_C_GenerateRandom, - stack_C_WaitForSlotEvent -}; - -CK_X_FUNCTION_LIST p11_virtual_base = { - { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, /* version */ - base_C_Initialize, - base_C_Finalize, - base_C_GetInfo, - base_C_GetSlotList, - base_C_GetSlotInfo, - base_C_GetTokenInfo, - base_C_GetMechanismList, - base_C_GetMechanismInfo, - base_C_InitToken, - base_C_InitPIN, - base_C_SetPIN, - base_C_OpenSession, - base_C_CloseSession, - base_C_CloseAllSessions, - base_C_GetSessionInfo, - base_C_GetOperationState, - base_C_SetOperationState, - base_C_Login, - base_C_Logout, - base_C_CreateObject, - base_C_CopyObject, - base_C_DestroyObject, - base_C_GetObjectSize, - base_C_GetAttributeValue, - base_C_SetAttributeValue, - base_C_FindObjectsInit, - base_C_FindObjects, - base_C_FindObjectsFinal, - base_C_EncryptInit, - base_C_Encrypt, - base_C_EncryptUpdate, - base_C_EncryptFinal, - base_C_DecryptInit, - base_C_Decrypt, - base_C_DecryptUpdate, - base_C_DecryptFinal, - base_C_DigestInit, - base_C_Digest, - base_C_DigestUpdate, - base_C_DigestKey, - base_C_DigestFinal, - base_C_SignInit, - base_C_Sign, - base_C_SignUpdate, - base_C_SignFinal, - base_C_SignRecoverInit, - base_C_SignRecover, - base_C_VerifyInit, - base_C_Verify, - base_C_VerifyUpdate, - base_C_VerifyFinal, - base_C_VerifyRecoverInit, - base_C_VerifyRecover, - base_C_DigestEncryptUpdate, - base_C_DecryptDigestUpdate, - base_C_SignEncryptUpdate, - base_C_DecryptVerifyUpdate, - base_C_GenerateKey, - base_C_GenerateKeyPair, - base_C_WrapKey, - base_C_UnwrapKey, - base_C_DeriveKey, - base_C_SeedRandom, - base_C_GenerateRandom, - base_C_WaitForSlotEvent -}; diff --git a/p11-kit/virtual.h b/p11-kit/virtual.h deleted file mode 100644 index 97d2a7c..0000000 --- a/p11-kit/virtual.h +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat, Inc - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@redhat.com> - */ - -#ifndef __P11_VIRTUAL_H__ -#define __P11_VIRTUAL_H__ - -#include "pkcs11.h" -#include "pkcs11i.h" -#include "array.h" - -typedef struct { - CK_X_FUNCTION_LIST funcs; - void *lower_module; - p11_destroyer lower_destroy; -} p11_virtual; - -extern CK_X_FUNCTION_LIST p11_virtual_base; - -extern CK_X_FUNCTION_LIST p11_virtual_stack; - -void p11_virtual_init (p11_virtual *virt, - CK_X_FUNCTION_LIST *funcs, - void *lower_module, - p11_destroyer lower_destroy); - -void p11_virtual_uninit (p11_virtual *virt); - -bool p11_virtual_can_wrap (void); - -CK_FUNCTION_LIST * p11_virtual_wrap (p11_virtual *virt, - p11_destroyer destroyer); - -bool p11_virtual_is_wrapper (CK_FUNCTION_LIST *module); - -void p11_virtual_unwrap (CK_FUNCTION_LIST *module); - -#endif /* __P11_VIRTUAL_H__ */ |