/src/p11-kit/common/attrs.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright (C) 2012, Redhat Inc. |
3 | | * Copyright (c) 2011, Collabora Ltd. |
4 | | * |
5 | | * Redistribution and use in source and binary forms, with or without |
6 | | * modification, are permitted provided that the following conditions |
7 | | * are met: |
8 | | * |
9 | | * * Redistributions of source code must retain the above |
10 | | * copyright notice, this list of conditions and the |
11 | | * following disclaimer. |
12 | | * * Redistributions in binary form must reproduce the |
13 | | * above copyright notice, this list of conditions and |
14 | | * the following disclaimer in the documentation and/or |
15 | | * other materials provided with the distribution. |
16 | | * * The names of contributors to this software may not be |
17 | | * used to endorse or promote products derived from this |
18 | | * software without specific prior written permission. |
19 | | * |
20 | | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
21 | | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
22 | | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS |
23 | | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE |
24 | | * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, |
25 | | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, |
26 | | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS |
27 | | * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED |
28 | | * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, |
29 | | * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF |
30 | | * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH |
31 | | * DAMAGE. |
32 | | * |
33 | | * Author: Stef Walter <stefw@collabora.co.uk> |
34 | | */ |
35 | | |
36 | | #include "config.h" |
37 | | |
38 | | #include "attrs.h" |
39 | | #include "buffer.h" |
40 | | #include "compat.h" |
41 | | #include "constants.h" |
42 | | #include "debug.h" |
43 | | #include "hash.h" |
44 | | #include "pkcs11.h" |
45 | | #include "pkcs11i.h" |
46 | | #include "pkcs11x.h" |
47 | | |
48 | | #include <assert.h> |
49 | | #include <stdarg.h> |
50 | | #include <stdio.h> |
51 | | #include <stdint.h> |
52 | | #include <stdlib.h> |
53 | | #include <string.h> |
54 | | |
55 | | #define ELEMS(x) (sizeof (x) / sizeof (x[0])) |
56 | | |
57 | | bool |
58 | | p11_attrs_terminator (const CK_ATTRIBUTE *attrs) |
59 | 5.81k | { |
60 | 5.81k | return (attrs == NULL || attrs->type == CKA_INVALID); |
61 | 5.81k | } |
62 | | |
63 | | CK_ULONG |
64 | | p11_attrs_count (const CK_ATTRIBUTE *attrs) |
65 | 760 | { |
66 | 760 | CK_ULONG count; |
67 | | |
68 | 760 | if (attrs == NULL) |
69 | 380 | return 0UL; |
70 | | |
71 | 2.73k | for (count = 0; !p11_attrs_terminator (attrs); count++, attrs++); |
72 | | |
73 | 380 | return count; |
74 | 760 | } |
75 | | |
76 | | void |
77 | | p11_attrs_free (void *attrs) |
78 | 375 | { |
79 | 375 | CK_ATTRIBUTE *ats = attrs; |
80 | 375 | int i; |
81 | | |
82 | 375 | if (!attrs) |
83 | 0 | return; |
84 | | |
85 | 2.70k | for (i = 0; !p11_attrs_terminator (ats + i); i++) { |
86 | 2.32k | p11_attr_clear (&ats[i]); |
87 | 2.32k | } |
88 | 375 | free (ats); |
89 | 375 | } |
90 | | |
91 | | static CK_ATTRIBUTE * |
92 | | attrs_build (CK_ATTRIBUTE *attrs, |
93 | | CK_ULONG count_to_add, |
94 | | bool take_values, |
95 | | bool override, |
96 | | CK_ATTRIBUTE * (*generator) (void *), |
97 | | void *state) |
98 | 380 | { |
99 | 380 | CK_ATTRIBUTE *attr; |
100 | 380 | CK_ATTRIBUTE *add; |
101 | 380 | CK_ULONG current; |
102 | 380 | CK_ULONG at; |
103 | 380 | CK_ULONG j; |
104 | 380 | CK_ULONG i; |
105 | 380 | size_t length; |
106 | 380 | void *new_memory; |
107 | | |
108 | | /* How many attributes we already have */ |
109 | 380 | current = p11_attrs_count (attrs); |
110 | | |
111 | | /* Reallocate for how many we need */ |
112 | 380 | length = current + count_to_add; |
113 | 380 | return_val_if_fail (current <= length && length < SIZE_MAX, NULL); |
114 | 380 | new_memory = reallocarray (attrs, length + 1, sizeof (CK_ATTRIBUTE)); |
115 | 380 | return_val_if_fail (new_memory != NULL, NULL); |
116 | 380 | attrs = new_memory; |
117 | | |
118 | 380 | at = current; |
119 | 2.73k | for (i = 0; i < count_to_add; i++) { |
120 | 2.35k | add = (generator) (state); |
121 | | |
122 | | /* Skip with invalid type */ |
123 | 2.35k | if (!add || add->type == CKA_INVALID) |
124 | 0 | continue; |
125 | | |
126 | 2.35k | attr = NULL; |
127 | | |
128 | | /* Do we have this attribute? */ |
129 | 2.35k | for (j = 0; attr == NULL && j < current; j++) { |
130 | 0 | if (attrs[j].type == add->type) { |
131 | 0 | attr = attrs + j; |
132 | 0 | break; |
133 | 0 | } |
134 | 0 | } |
135 | | |
136 | | /* The attribute doesn't exist */ |
137 | 2.35k | if (attr == NULL) { |
138 | 2.35k | attr = attrs + at; |
139 | 2.35k | at++; |
140 | | |
141 | | /* The attribute exists and we're not overriding */ |
142 | 2.35k | } else if (!override) { |
143 | 0 | if (take_values) |
144 | 0 | free (add->pValue); |
145 | 0 | continue; |
146 | | |
147 | | /* The attribute exists but we're overriding */ |
148 | 0 | } else { |
149 | 0 | free (attr->pValue); |
150 | 0 | } |
151 | | |
152 | 2.35k | if (take_values) { |
153 | 0 | memcpy (attr, add, sizeof (CK_ATTRIBUTE)); |
154 | 2.35k | } else { |
155 | 2.35k | if (!p11_attr_copy (attr, add)) { |
156 | 0 | return_val_if_reached (NULL); |
157 | 0 | } |
158 | 2.35k | } |
159 | 2.35k | } |
160 | | |
161 | | /* Mark this as the end */ |
162 | 380 | (attrs + at)->type = CKA_INVALID; |
163 | 380 | assert (p11_attrs_terminator (attrs + at)); |
164 | 380 | return attrs; |
165 | 380 | } |
166 | | |
167 | | static CK_ATTRIBUTE * |
168 | | vararg_generator (void *state) |
169 | 0 | { |
170 | 0 | va_list *va = state; |
171 | 0 | return va_arg (*va, CK_ATTRIBUTE *); |
172 | 0 | } |
173 | | |
174 | | CK_ATTRIBUTE * |
175 | | p11_attrs_build (CK_ATTRIBUTE *attrs, |
176 | | ...) |
177 | 0 | { |
178 | 0 | CK_ULONG count; |
179 | 0 | va_list va; |
180 | |
|
181 | 0 | count = 0UL; |
182 | 0 | va_start (va, attrs); |
183 | 0 | while (va_arg (va, CK_ATTRIBUTE *)) |
184 | 0 | count++; |
185 | 0 | va_end (va); |
186 | |
|
187 | 0 | va_start (va, attrs); |
188 | 0 | attrs = attrs_build (attrs, count, false, true, |
189 | 0 | vararg_generator, &va); |
190 | 0 | va_end (va); |
191 | |
|
192 | 0 | return attrs; |
193 | 0 | } |
194 | | |
195 | | static CK_ATTRIBUTE * |
196 | | template_generator (void *state) |
197 | 2.35k | { |
198 | 2.35k | CK_ATTRIBUTE **template = state; |
199 | 2.35k | return (*template)++; |
200 | 2.35k | } |
201 | | |
202 | | CK_ATTRIBUTE * |
203 | | p11_attrs_buildn (CK_ATTRIBUTE *attrs, |
204 | | const CK_ATTRIBUTE *add, |
205 | | CK_ULONG count) |
206 | 380 | { |
207 | 380 | return attrs_build (attrs, count, false, true, |
208 | 380 | template_generator, &add); |
209 | 380 | } |
210 | | |
211 | | CK_ATTRIBUTE * |
212 | | p11_attrs_take (CK_ATTRIBUTE *attrs, |
213 | | CK_ATTRIBUTE_TYPE type, |
214 | | CK_VOID_PTR value, |
215 | | CK_ULONG length) |
216 | 0 | { |
217 | 0 | CK_ATTRIBUTE attr = { type, value, length }; |
218 | 0 | CK_ATTRIBUTE *add = &attr; |
219 | 0 | return attrs_build (attrs, 1, true, true, |
220 | 0 | template_generator, &add); |
221 | 0 | } |
222 | | |
223 | | CK_ATTRIBUTE * |
224 | | p11_attrs_merge (CK_ATTRIBUTE *attrs, |
225 | | CK_ATTRIBUTE *merge, |
226 | | bool replace) |
227 | 0 | { |
228 | 0 | CK_ATTRIBUTE *ptr; |
229 | 0 | CK_ULONG count; |
230 | |
|
231 | 0 | if (attrs == NULL) |
232 | 0 | return merge; |
233 | | |
234 | 0 | ptr = merge; |
235 | 0 | count = p11_attrs_count (merge); |
236 | |
|
237 | 0 | attrs = attrs_build (attrs, count, true, replace, |
238 | 0 | template_generator, &ptr); |
239 | | |
240 | | /* |
241 | | * Since we're supposed to own the merge attributes, |
242 | | * free the container array. |
243 | | */ |
244 | 0 | free (merge); |
245 | |
|
246 | 0 | return attrs; |
247 | 0 | } |
248 | | |
249 | | CK_ATTRIBUTE * |
250 | | p11_attrs_dup (const CK_ATTRIBUTE *attrs) |
251 | 380 | { |
252 | 380 | CK_ULONG count; |
253 | | |
254 | 380 | count = p11_attrs_count (attrs); |
255 | 380 | return p11_attrs_buildn (NULL, attrs, count); |
256 | 380 | } |
257 | | |
258 | | CK_ATTRIBUTE * |
259 | | p11_attrs_find (CK_ATTRIBUTE *attrs, |
260 | | CK_ATTRIBUTE_TYPE type) |
261 | 0 | { |
262 | 0 | CK_ULONG i; |
263 | |
|
264 | 0 | for (i = 0; !p11_attrs_terminator (attrs + i); i++) { |
265 | 0 | if (attrs[i].type == type) |
266 | 0 | return attrs + i; |
267 | 0 | } |
268 | | |
269 | 0 | return NULL; |
270 | 0 | } |
271 | | |
272 | | CK_ATTRIBUTE * |
273 | | p11_attrs_findn (CK_ATTRIBUTE *attrs, |
274 | | CK_ULONG count, |
275 | | CK_ATTRIBUTE_TYPE type) |
276 | 0 | { |
277 | 0 | CK_ULONG i; |
278 | |
|
279 | 0 | for (i = 0; i < count; i++) { |
280 | 0 | if (attrs[i].type == type) |
281 | 0 | return attrs + i; |
282 | 0 | } |
283 | | |
284 | 0 | return NULL; |
285 | 0 | } |
286 | | |
287 | | bool |
288 | | p11_attrs_find_bool (const CK_ATTRIBUTE *attrs, |
289 | | CK_ATTRIBUTE_TYPE type, |
290 | | CK_BBOOL *value) |
291 | 0 | { |
292 | 0 | CK_ULONG i; |
293 | |
|
294 | 0 | for (i = 0; !p11_attrs_terminator (attrs + i); i++) { |
295 | 0 | if (attrs[i].type == type && |
296 | 0 | attrs[i].ulValueLen == sizeof (CK_BBOOL) && |
297 | 0 | attrs[i].pValue != NULL) { |
298 | 0 | *value = *((CK_BBOOL *)attrs[i].pValue); |
299 | 0 | return true; |
300 | 0 | } |
301 | 0 | } |
302 | | |
303 | 0 | return false; |
304 | 0 | } |
305 | | |
306 | | bool |
307 | | p11_attrs_findn_bool (const CK_ATTRIBUTE *attrs, |
308 | | CK_ULONG count, |
309 | | CK_ATTRIBUTE_TYPE type, |
310 | | CK_BBOOL *value) |
311 | 0 | { |
312 | 0 | CK_ULONG i; |
313 | |
|
314 | 0 | for (i = 0; i < count; i++) { |
315 | 0 | if (attrs[i].type == type && |
316 | 0 | attrs[i].ulValueLen == sizeof (CK_BBOOL) && |
317 | 0 | attrs[i].pValue != NULL) { |
318 | 0 | *value = *((CK_BBOOL *)attrs[i].pValue); |
319 | 0 | return true; |
320 | 0 | } |
321 | 0 | } |
322 | | |
323 | 0 | return false; |
324 | 0 | } |
325 | | |
326 | | bool |
327 | | p11_attrs_find_ulong (const CK_ATTRIBUTE *attrs, |
328 | | CK_ATTRIBUTE_TYPE type, |
329 | | CK_ULONG *value) |
330 | 0 | { |
331 | 0 | CK_ULONG i; |
332 | |
|
333 | 0 | for (i = 0; !p11_attrs_terminator (attrs + i); i++) { |
334 | 0 | if (attrs[i].type == type && |
335 | 0 | attrs[i].ulValueLen == sizeof (CK_ULONG) && |
336 | 0 | attrs[i].pValue != NULL) { |
337 | 0 | *value = *((CK_ULONG *)attrs[i].pValue); |
338 | 0 | return true; |
339 | 0 | } |
340 | 0 | } |
341 | | |
342 | 0 | return false; |
343 | 0 | } |
344 | | |
345 | | bool |
346 | | p11_attrs_findn_ulong (const CK_ATTRIBUTE *attrs, |
347 | | CK_ULONG count, |
348 | | CK_ATTRIBUTE_TYPE type, |
349 | | CK_ULONG *value) |
350 | 0 | { |
351 | 0 | CK_ULONG i; |
352 | |
|
353 | 0 | for (i = 0; i < count; i++) { |
354 | 0 | if (attrs[i].type == type && |
355 | 0 | attrs[i].ulValueLen == sizeof (CK_ULONG) && |
356 | 0 | attrs[i].pValue != NULL) { |
357 | 0 | *value = *((CK_ULONG *)attrs[i].pValue); |
358 | 0 | return true; |
359 | 0 | } |
360 | 0 | } |
361 | | |
362 | 0 | return false; |
363 | 0 | } |
364 | | |
365 | | void * |
366 | | p11_attrs_find_value (CK_ATTRIBUTE *attrs, |
367 | | CK_ATTRIBUTE_TYPE type, |
368 | | size_t *length) |
369 | 0 | { |
370 | 0 | CK_ULONG i; |
371 | |
|
372 | 0 | for (i = 0; !p11_attrs_terminator (attrs + i); i++) { |
373 | 0 | if (attrs[i].type == type && |
374 | 0 | attrs[i].ulValueLen != 0 && |
375 | 0 | attrs[i].ulValueLen != (CK_ULONG)-1 && |
376 | 0 | attrs[i].pValue != NULL) { |
377 | 0 | if (length) |
378 | 0 | *length = attrs[i].ulValueLen; |
379 | 0 | return attrs[i].pValue; |
380 | 0 | } |
381 | 0 | } |
382 | | |
383 | 0 | return NULL; |
384 | 0 | } |
385 | | |
386 | | CK_ATTRIBUTE * |
387 | | p11_attrs_find_valid (CK_ATTRIBUTE *attrs, |
388 | | CK_ATTRIBUTE_TYPE type) |
389 | 0 | { |
390 | 0 | CK_ULONG i; |
391 | |
|
392 | 0 | for (i = 0; !p11_attrs_terminator (attrs + i); i++) { |
393 | 0 | if (attrs[i].type == type && |
394 | 0 | attrs[i].pValue != NULL && |
395 | 0 | attrs[i].ulValueLen != 0 && |
396 | 0 | attrs[i].ulValueLen != (CK_ULONG)-1) |
397 | 0 | return attrs + i; |
398 | 0 | } |
399 | | |
400 | 0 | return NULL; |
401 | 0 | } |
402 | | |
403 | | bool |
404 | | p11_attrs_remove (CK_ATTRIBUTE *attrs, |
405 | | CK_ATTRIBUTE_TYPE type) |
406 | 0 | { |
407 | 0 | CK_ULONG count; |
408 | 0 | CK_ULONG i; |
409 | |
|
410 | 0 | count = p11_attrs_count (attrs); |
411 | 0 | for (i = 0; i < count; i++) { |
412 | 0 | if (attrs[i].type == type) |
413 | 0 | break; |
414 | 0 | } |
415 | |
|
416 | 0 | if (i == count) |
417 | 0 | return false; |
418 | | |
419 | 0 | if (attrs[i].pValue) { |
420 | 0 | p11_attr_clear (&attrs[i]); |
421 | 0 | } |
422 | |
|
423 | 0 | memmove (attrs + i, attrs + i + 1, (count - (i + 1)) * sizeof (CK_ATTRIBUTE)); |
424 | 0 | attrs[count - 1].type = CKA_INVALID; |
425 | 0 | return true; |
426 | 0 | } |
427 | | |
428 | | void |
429 | | p11_attrs_purge (CK_ATTRIBUTE *attrs) |
430 | 0 | { |
431 | 0 | int in, out; |
432 | |
|
433 | 0 | for (in = 0, out = 0; !p11_attrs_terminator (attrs + in); in++) { |
434 | 0 | if (attrs[in].ulValueLen == (CK_ULONG)-1) { |
435 | 0 | free (attrs[in].pValue); |
436 | 0 | attrs[in].pValue = NULL; |
437 | 0 | attrs[in].ulValueLen = 0; |
438 | 0 | } else { |
439 | 0 | if (in != out) |
440 | 0 | memcpy (attrs + out, attrs + in, sizeof (CK_ATTRIBUTE)); |
441 | 0 | out++; |
442 | 0 | } |
443 | 0 | } |
444 | |
|
445 | 0 | attrs[out].type = CKA_INVALID; |
446 | 0 | assert (p11_attrs_terminator (attrs + out)); |
447 | |
|
448 | 0 | } |
449 | | |
450 | | bool |
451 | | p11_attrs_match (const CK_ATTRIBUTE *attrs, |
452 | | const CK_ATTRIBUTE *match) |
453 | 0 | { |
454 | 0 | CK_ATTRIBUTE *attr; |
455 | |
|
456 | 0 | for (; !p11_attrs_terminator (match); match++) { |
457 | 0 | attr = p11_attrs_find ((CK_ATTRIBUTE *)attrs, match->type); |
458 | 0 | if (!attr) |
459 | 0 | return false; |
460 | 0 | if (!p11_attr_equal (attr, match)) |
461 | 0 | return false; |
462 | 0 | } |
463 | | |
464 | 0 | return true; |
465 | 0 | } |
466 | | |
467 | | bool |
468 | | p11_attrs_matchn (const CK_ATTRIBUTE *attrs, |
469 | | const CK_ATTRIBUTE *match, |
470 | | CK_ULONG count) |
471 | 0 | { |
472 | 0 | CK_ATTRIBUTE *attr; |
473 | 0 | CK_ULONG i; |
474 | |
|
475 | 0 | for (i = 0; i < count; i++) { |
476 | 0 | attr = p11_attrs_find ((CK_ATTRIBUTE *)attrs, match[i].type); |
477 | 0 | if (!attr) |
478 | 0 | return false; |
479 | 0 | if (!p11_attr_equal (attr, match + i)) |
480 | 0 | return false; |
481 | 0 | } |
482 | | |
483 | 0 | return true; |
484 | |
|
485 | 0 | } |
486 | | |
487 | | |
488 | | bool |
489 | | p11_attr_match_value (const CK_ATTRIBUTE *attr, |
490 | | const void *value, |
491 | | ssize_t length) |
492 | 0 | { |
493 | 0 | if (length < 0) |
494 | 0 | length = strlen (value); |
495 | 0 | return (attr != NULL && |
496 | 0 | attr->ulValueLen == length && |
497 | 0 | (attr->pValue == value || |
498 | 0 | (attr->pValue && value && |
499 | 0 | memcmp (attr->pValue, value, attr->ulValueLen) == 0))); |
500 | 0 | } |
501 | | |
502 | | bool |
503 | | p11_attr_equal (const void *v1, |
504 | | const void *v2) |
505 | 0 | { |
506 | 0 | const CK_ATTRIBUTE *one = v1; |
507 | 0 | const CK_ATTRIBUTE *two = v2; |
508 | |
|
509 | 0 | return (one == two || |
510 | 0 | (one && two && one->type == two->type && |
511 | 0 | p11_attr_match_value (one, two->pValue, two->ulValueLen))); |
512 | 0 | } |
513 | | |
514 | | unsigned int |
515 | | p11_attr_hash (const void *data) |
516 | 0 | { |
517 | 0 | const CK_ATTRIBUTE *attr = data; |
518 | 0 | uint32_t hash = 0; |
519 | |
|
520 | 0 | if (attr != NULL) { |
521 | 0 | p11_hash_murmur3 (&hash, |
522 | 0 | &attr->type, sizeof (attr->type), |
523 | 0 | attr->pValue, (size_t)attr->ulValueLen, |
524 | 0 | NULL); |
525 | 0 | } |
526 | |
|
527 | 0 | return hash; |
528 | 0 | } |
529 | | |
530 | | bool |
531 | | p11_attr_copy (CK_ATTRIBUTE *dst, const CK_ATTRIBUTE *src) |
532 | 2.35k | { |
533 | 2.35k | memcpy (dst, src, sizeof (CK_ATTRIBUTE)); |
534 | | |
535 | 2.35k | if (!src->pValue) { |
536 | 0 | return true; |
537 | 0 | } |
538 | | |
539 | 2.35k | if (src->ulValueLen == 0) { |
540 | 0 | dst->pValue = malloc (1); |
541 | 2.35k | } else { |
542 | 2.35k | dst->pValue = malloc (src->ulValueLen); |
543 | 2.35k | } |
544 | 2.35k | if (!dst->pValue) { |
545 | 0 | return_val_if_reached (false); |
546 | 0 | } |
547 | | |
548 | 2.35k | assert (dst->ulValueLen >= src->ulValueLen); |
549 | | |
550 | 2.35k | if (!IS_ATTRIBUTE_ARRAY (src)) { |
551 | 2.35k | memcpy (dst->pValue, src->pValue, src->ulValueLen); |
552 | 2.35k | } else { |
553 | 0 | CK_ATTRIBUTE *child_dst; |
554 | 0 | const CK_ATTRIBUTE *child_src; |
555 | 0 | size_t i; |
556 | |
|
557 | 0 | for (i = 0, child_dst = dst->pValue, child_src = src->pValue; |
558 | 0 | i < src->ulValueLen / sizeof (CK_ATTRIBUTE); |
559 | 0 | i++, child_dst++, child_src++) { |
560 | 0 | if (!p11_attr_copy (child_dst, child_src)) { |
561 | 0 | return_val_if_reached (false); |
562 | 0 | } |
563 | 0 | } |
564 | 0 | } |
565 | | |
566 | 2.35k | return true; |
567 | 2.35k | } |
568 | | |
569 | | void |
570 | | p11_attr_clear (CK_ATTRIBUTE *attr) |
571 | 2.32k | { |
572 | 2.32k | if (IS_ATTRIBUTE_ARRAY (attr) && attr->pValue) { |
573 | 0 | CK_ATTRIBUTE *child; |
574 | 0 | size_t i; |
575 | |
|
576 | 0 | for (i = 0, child = attr->pValue; |
577 | 0 | i < attr->ulValueLen / sizeof (CK_ATTRIBUTE); |
578 | 0 | i++, child++) { |
579 | 0 | p11_attr_clear (child); |
580 | 0 | } |
581 | 0 | } |
582 | 2.32k | free (attr->pValue); |
583 | 2.32k | } |
584 | | |
585 | | static void |
586 | | buffer_append_printf (p11_buffer *buffer, |
587 | | const char *format, |
588 | | ...) GNUC_PRINTF(2, 3); |
589 | | |
590 | | static void |
591 | | buffer_append_printf (p11_buffer *buffer, |
592 | | const char *format, |
593 | | ...) |
594 | 0 | { |
595 | 0 | char *string; |
596 | 0 | va_list va; |
597 | |
|
598 | 0 | va_start (va, format); |
599 | 0 | if (vasprintf (&string, format, va) < 0) { |
600 | 0 | va_end (va); |
601 | 0 | return_if_reached (); |
602 | 0 | } |
603 | 0 | va_end (va); |
604 | |
|
605 | 0 | p11_buffer_add (buffer, string, -1); |
606 | 0 | free (string); |
607 | 0 | } |
608 | | |
609 | | static bool |
610 | | attribute_is_ulong_of_type (const CK_ATTRIBUTE *attr, |
611 | | CK_ULONG type) |
612 | 0 | { |
613 | 0 | if (attr->type != type) |
614 | 0 | return false; |
615 | 0 | if (attr->ulValueLen != sizeof (CK_ULONG)) |
616 | 0 | return false; |
617 | 0 | if (!attr->pValue) |
618 | 0 | return false; |
619 | 0 | return true; |
620 | 0 | } |
621 | | |
622 | | static bool |
623 | | attribute_is_trust_value (const CK_ATTRIBUTE *attr) |
624 | 0 | { |
625 | 0 | switch (attr->type) { |
626 | 0 | case CKA_TRUST_DIGITAL_SIGNATURE: |
627 | 0 | case CKA_TRUST_NON_REPUDIATION: |
628 | 0 | case CKA_TRUST_KEY_ENCIPHERMENT: |
629 | 0 | case CKA_TRUST_DATA_ENCIPHERMENT: |
630 | 0 | case CKA_TRUST_KEY_AGREEMENT: |
631 | 0 | case CKA_TRUST_KEY_CERT_SIGN: |
632 | 0 | case CKA_TRUST_CRL_SIGN: |
633 | 0 | case CKA_TRUST_SERVER_AUTH: |
634 | 0 | case CKA_TRUST_CLIENT_AUTH: |
635 | 0 | case CKA_TRUST_CODE_SIGNING: |
636 | 0 | case CKA_TRUST_EMAIL_PROTECTION: |
637 | 0 | case CKA_TRUST_IPSEC_END_SYSTEM: |
638 | 0 | case CKA_TRUST_IPSEC_TUNNEL: |
639 | 0 | case CKA_TRUST_IPSEC_USER: |
640 | 0 | case CKA_TRUST_TIME_STAMPING: |
641 | 0 | break; |
642 | 0 | default: |
643 | 0 | return false; |
644 | 0 | } |
645 | | |
646 | 0 | return attribute_is_ulong_of_type (attr, attr->type); |
647 | 0 | } |
648 | | |
649 | | static bool |
650 | | attribute_is_sensitive (const CK_ATTRIBUTE *attr, |
651 | | CK_OBJECT_CLASS klass) |
652 | 0 | { |
653 | | /* |
654 | | * Don't print any just attribute, since they may contain |
655 | | * sensitive data |
656 | | */ |
657 | |
|
658 | 0 | switch (attr->type) { |
659 | 0 | #define X(x) case x: return false; |
660 | 0 | X (CKA_CLASS) |
661 | 0 | X (CKA_TOKEN) |
662 | 0 | X (CKA_PRIVATE) |
663 | 0 | X (CKA_LABEL) |
664 | 0 | X (CKA_APPLICATION) |
665 | 0 | X (CKA_OBJECT_ID) |
666 | 0 | X (CKA_CERTIFICATE_TYPE) |
667 | 0 | X (CKA_ISSUER) |
668 | 0 | X (CKA_SERIAL_NUMBER) |
669 | 0 | X (CKA_AC_ISSUER) |
670 | 0 | X (CKA_OWNER) |
671 | 0 | X (CKA_ATTR_TYPES) |
672 | 0 | X (CKA_TRUSTED) |
673 | 0 | X (CKA_CERTIFICATE_CATEGORY) |
674 | 0 | X (CKA_JAVA_MIDP_SECURITY_DOMAIN) |
675 | 0 | X (CKA_URL) |
676 | 0 | X (CKA_HASH_OF_SUBJECT_PUBLIC_KEY) |
677 | 0 | X (CKA_HASH_OF_ISSUER_PUBLIC_KEY) |
678 | 0 | X (CKA_CHECK_VALUE) |
679 | 0 | X (CKA_KEY_TYPE) |
680 | 0 | X (CKA_SUBJECT) |
681 | 0 | X (CKA_ID) |
682 | 0 | X (CKA_SENSITIVE) |
683 | 0 | X (CKA_ENCRYPT) |
684 | 0 | X (CKA_DECRYPT) |
685 | 0 | X (CKA_WRAP) |
686 | 0 | X (CKA_UNWRAP) |
687 | 0 | X (CKA_SIGN) |
688 | 0 | X (CKA_SIGN_RECOVER) |
689 | 0 | X (CKA_VERIFY) |
690 | 0 | X (CKA_VERIFY_RECOVER) |
691 | 0 | X (CKA_DERIVE) |
692 | 0 | X (CKA_START_DATE) |
693 | 0 | X (CKA_END_DATE) |
694 | 0 | X (CKA_MODULUS_BITS) |
695 | 0 | X (CKA_PRIME_BITS) |
696 | | /* X (CKA_SUBPRIME_BITS) */ |
697 | | /* X (CKA_SUB_PRIME_BITS) */ |
698 | 0 | X (CKA_VALUE_BITS) |
699 | 0 | X (CKA_VALUE_LEN) |
700 | 0 | X (CKA_EXTRACTABLE) |
701 | 0 | X (CKA_LOCAL) |
702 | 0 | X (CKA_NEVER_EXTRACTABLE) |
703 | 0 | X (CKA_ALWAYS_SENSITIVE) |
704 | 0 | X (CKA_KEY_GEN_MECHANISM) |
705 | 0 | X (CKA_MODIFIABLE) |
706 | 0 | X (CKA_SECONDARY_AUTH) |
707 | 0 | X (CKA_AUTH_PIN_FLAGS) |
708 | 0 | X (CKA_ALWAYS_AUTHENTICATE) |
709 | 0 | X (CKA_WRAP_WITH_TRUSTED) |
710 | 0 | X (CKA_WRAP_TEMPLATE) |
711 | 0 | X (CKA_UNWRAP_TEMPLATE) |
712 | 0 | X (CKA_HW_FEATURE_TYPE) |
713 | 0 | X (CKA_RESET_ON_INIT) |
714 | 0 | X (CKA_HAS_RESET) |
715 | 0 | X (CKA_PIXEL_X) |
716 | 0 | X (CKA_PIXEL_Y) |
717 | 0 | X (CKA_RESOLUTION) |
718 | 0 | X (CKA_CHAR_ROWS) |
719 | 0 | X (CKA_CHAR_COLUMNS) |
720 | 0 | X (CKA_COLOR) |
721 | 0 | X (CKA_BITS_PER_PIXEL) |
722 | 0 | X (CKA_CHAR_SETS) |
723 | 0 | X (CKA_ENCODING_METHODS) |
724 | 0 | X (CKA_MIME_TYPES) |
725 | 0 | X (CKA_MECHANISM_TYPE) |
726 | 0 | X (CKA_REQUIRED_CMS_ATTRIBUTES) |
727 | 0 | X (CKA_DEFAULT_CMS_ATTRIBUTES) |
728 | 0 | X (CKA_SUPPORTED_CMS_ATTRIBUTES) |
729 | 0 | X (CKA_ALLOWED_MECHANISMS) |
730 | 0 | X (CKA_X_ASSERTION_TYPE) |
731 | 0 | X (CKA_X_CERTIFICATE_VALUE) |
732 | 0 | X (CKA_X_PURPOSE) |
733 | 0 | X (CKA_X_PEER) |
734 | 0 | X (CKA_X_DISTRUSTED) |
735 | 0 | X (CKA_X_CRITICAL) |
736 | 0 | X (CKA_PUBLIC_KEY_INFO) |
737 | 0 | X (CKA_NSS_URL) |
738 | 0 | X (CKA_NSS_EMAIL) |
739 | 0 | X (CKA_NSS_SMIME_INFO) |
740 | 0 | X (CKA_NSS_SMIME_TIMESTAMP) |
741 | 0 | X (CKA_NSS_PKCS8_SALT) |
742 | 0 | X (CKA_NSS_PASSWORD_CHECK) |
743 | 0 | X (CKA_NSS_EXPIRES) |
744 | 0 | X (CKA_NSS_KRL) |
745 | 0 | X (CKA_NSS_PQG_COUNTER) |
746 | 0 | X (CKA_NSS_PQG_SEED) |
747 | 0 | X (CKA_NSS_PQG_H) |
748 | 0 | X (CKA_NSS_PQG_SEED_BITS) |
749 | 0 | X (CKA_NSS_MODULE_SPEC) |
750 | 0 | X (CKA_TRUST_DIGITAL_SIGNATURE) |
751 | 0 | X (CKA_TRUST_NON_REPUDIATION) |
752 | 0 | X (CKA_TRUST_KEY_ENCIPHERMENT) |
753 | 0 | X (CKA_TRUST_DATA_ENCIPHERMENT) |
754 | 0 | X (CKA_TRUST_KEY_AGREEMENT) |
755 | 0 | X (CKA_TRUST_KEY_CERT_SIGN) |
756 | 0 | X (CKA_TRUST_CRL_SIGN) |
757 | 0 | X (CKA_TRUST_SERVER_AUTH) |
758 | 0 | X (CKA_TRUST_CLIENT_AUTH) |
759 | 0 | X (CKA_TRUST_CODE_SIGNING) |
760 | 0 | X (CKA_TRUST_EMAIL_PROTECTION) |
761 | 0 | X (CKA_TRUST_IPSEC_END_SYSTEM) |
762 | 0 | X (CKA_TRUST_IPSEC_TUNNEL) |
763 | 0 | X (CKA_TRUST_IPSEC_USER) |
764 | 0 | X (CKA_TRUST_TIME_STAMPING) |
765 | 0 | X (CKA_TRUST_STEP_UP_APPROVED) |
766 | 0 | X (CKA_CERT_SHA1_HASH) |
767 | 0 | X (CKA_CERT_MD5_HASH) |
768 | 0 | X (CKA_IBM_OPAQUE) |
769 | 0 | X (CKA_IBM_RESTRICTABLE) |
770 | 0 | X (CKA_IBM_NEVER_MODIFIABLE) |
771 | 0 | X (CKA_IBM_RETAINKEY) |
772 | 0 | X (CKA_IBM_ATTRBOUND) |
773 | 0 | X (CKA_IBM_KEYTYPE) |
774 | 0 | X (CKA_IBM_CV) |
775 | 0 | X (CKA_IBM_MACKEY) |
776 | 0 | X (CKA_IBM_USE_AS_DATA) |
777 | 0 | X (CKA_IBM_STRUCT_PARAMS) |
778 | 0 | X (CKA_IBM_STD_COMPLIANCE1) |
779 | 0 | X (CKA_IBM_PROTKEY_EXTRACTABLE) |
780 | 0 | X (CKA_IBM_PROTKEY_NEVER_EXTRACTABLE) |
781 | 0 | X (CKA_IBM_OPAQUE_PKEY) |
782 | 0 | X (CKA_IBM_DILITHIUM_KEYFORM) |
783 | 0 | X (CKA_IBM_DILITHIUM_RHO) |
784 | 0 | X (CKA_IBM_DILITHIUM_T1) |
785 | 0 | case CKA_VALUE: |
786 | 0 | return (klass != CKO_CERTIFICATE && |
787 | 0 | klass != CKO_X_CERTIFICATE_EXTENSION); |
788 | 0 | #undef X |
789 | 0 | } |
790 | | |
791 | 0 | return true; |
792 | 0 | } |
793 | | |
794 | | static void |
795 | | format_class (p11_buffer *buffer, |
796 | | CK_OBJECT_CLASS klass) |
797 | 0 | { |
798 | 0 | const char *string = p11_constant_name (p11_constant_classes, klass); |
799 | 0 | if (string != NULL) |
800 | 0 | p11_buffer_add (buffer, string, -1); |
801 | 0 | else |
802 | 0 | buffer_append_printf (buffer, "0x%08lX", klass); |
803 | 0 | } |
804 | | |
805 | | static void |
806 | | format_assertion_type (p11_buffer *buffer, |
807 | | CK_X_ASSERTION_TYPE type) |
808 | 0 | { |
809 | 0 | const char *string = p11_constant_name (p11_constant_asserts, type); |
810 | 0 | if (string != NULL) |
811 | 0 | p11_buffer_add (buffer, string, -1); |
812 | 0 | else |
813 | 0 | buffer_append_printf (buffer, "0x%08lX", type); |
814 | 0 | } |
815 | | |
816 | | static void |
817 | | format_key_type (p11_buffer *buffer, |
818 | | CK_KEY_TYPE type) |
819 | 0 | { |
820 | 0 | const char *string = p11_constant_name (p11_constant_keys, type); |
821 | 0 | if (string != NULL) |
822 | 0 | p11_buffer_add (buffer, string, -1); |
823 | 0 | else |
824 | 0 | buffer_append_printf (buffer, "0x%08lX", type); |
825 | 0 | } |
826 | | |
827 | | static void |
828 | | format_certificate_type (p11_buffer *buffer, |
829 | | CK_CERTIFICATE_TYPE type) |
830 | 0 | { |
831 | 0 | const char *string = p11_constant_name (p11_constant_certs, type); |
832 | 0 | if (string != NULL) |
833 | 0 | p11_buffer_add (buffer, string, -1); |
834 | 0 | else |
835 | 0 | buffer_append_printf (buffer, "0x%08lX", type); |
836 | 0 | } |
837 | | |
838 | | static void |
839 | | format_trust_value (p11_buffer *buffer, |
840 | | CK_TRUST trust) |
841 | 0 | { |
842 | 0 | const char *string = p11_constant_name (p11_constant_trusts, trust); |
843 | 0 | if (string != NULL) |
844 | 0 | p11_buffer_add (buffer, string, -1); |
845 | 0 | else |
846 | 0 | buffer_append_printf (buffer, "0x%08lX", trust); |
847 | 0 | } |
848 | | |
849 | | static void |
850 | | format_certificate_category (p11_buffer *buffer, |
851 | | CK_ULONG category) |
852 | 0 | { |
853 | 0 | const char *string = p11_constant_name (p11_constant_categories, category); |
854 | 0 | if (string != NULL) |
855 | 0 | buffer_append_printf (buffer, "%lu (%s)", category, string); |
856 | 0 | else |
857 | 0 | buffer_append_printf (buffer, "%lu", category); |
858 | 0 | } |
859 | | |
860 | | static void |
861 | | format_attribute_type (p11_buffer *buffer, |
862 | | CK_ULONG type) |
863 | 0 | { |
864 | 0 | const char *string = p11_constant_name (p11_constant_types, type); |
865 | 0 | if (string != NULL) |
866 | 0 | p11_buffer_add (buffer, string, -1); |
867 | 0 | else |
868 | 0 | buffer_append_printf (buffer, "CKA_0x%08lX", type); |
869 | 0 | } |
870 | | |
871 | | static void |
872 | | format_some_bytes (p11_buffer *buffer, |
873 | | void *bytes, |
874 | | CK_ULONG length) |
875 | 0 | { |
876 | 0 | unsigned char ch; |
877 | 0 | const unsigned char *data = bytes; |
878 | 0 | CK_ULONG i; |
879 | |
|
880 | 0 | if (bytes == NULL) { |
881 | 0 | p11_buffer_add (buffer, "NULL", -1); |
882 | 0 | return; |
883 | 0 | } |
884 | | |
885 | 0 | p11_buffer_add (buffer, "\"", 1); |
886 | 0 | for (i = 0; i < length && i < 128; i++) { |
887 | 0 | ch = data[i]; |
888 | 0 | if (ch == '\t') |
889 | 0 | p11_buffer_add (buffer, "\\t", -1); |
890 | 0 | else if (ch == '\n') |
891 | 0 | p11_buffer_add (buffer, "\\n", -1); |
892 | 0 | else if (ch == '\r') |
893 | 0 | p11_buffer_add (buffer, "\\r", -1); |
894 | 0 | else if (ch >= 32 && ch < 127) |
895 | 0 | p11_buffer_add (buffer, &ch, 1); |
896 | 0 | else |
897 | 0 | buffer_append_printf (buffer, "\\x%02x", ch); |
898 | 0 | } |
899 | |
|
900 | 0 | if (i < length) |
901 | 0 | buffer_append_printf (buffer, "..."); |
902 | 0 | p11_buffer_add (buffer, "\"", 1); |
903 | 0 | } |
904 | | |
905 | | void |
906 | | p11_attr_format (p11_buffer *buffer, |
907 | | const CK_ATTRIBUTE *attr, |
908 | | CK_OBJECT_CLASS klass) |
909 | 0 | { |
910 | 0 | p11_buffer_add (buffer, "{ ", -1); |
911 | 0 | format_attribute_type (buffer, attr->type); |
912 | 0 | p11_buffer_add (buffer, " = ", -1); |
913 | 0 | if (attr->ulValueLen == CKA_INVALID) { |
914 | 0 | buffer_append_printf (buffer, "(-1) INVALID"); |
915 | 0 | } else if (attribute_is_ulong_of_type (attr, CKA_CLASS)) { |
916 | 0 | format_class (buffer, *((CK_OBJECT_CLASS *)attr->pValue)); |
917 | 0 | } else if (attribute_is_ulong_of_type (attr, CKA_X_ASSERTION_TYPE)) { |
918 | 0 | format_assertion_type (buffer, *((CK_X_ASSERTION_TYPE *)attr->pValue)); |
919 | 0 | } else if (attribute_is_ulong_of_type (attr, CKA_CERTIFICATE_TYPE)) { |
920 | 0 | format_certificate_type (buffer, *((CK_CERTIFICATE_TYPE *)attr->pValue)); |
921 | 0 | } else if (attribute_is_ulong_of_type (attr, CKA_CERTIFICATE_CATEGORY)) { |
922 | 0 | format_certificate_category (buffer, *((CK_ULONG *)attr->pValue)); |
923 | 0 | } else if (attribute_is_ulong_of_type (attr, CKA_KEY_TYPE)) { |
924 | 0 | format_key_type (buffer, *((CK_KEY_TYPE *)attr->pValue)); |
925 | 0 | } else if (attribute_is_trust_value (attr)) { |
926 | 0 | format_trust_value (buffer, *((CK_TRUST *)attr->pValue)); |
927 | 0 | } else if (attribute_is_sensitive (attr, klass)) { |
928 | 0 | buffer_append_printf (buffer, "(%lu) NOT-PRINTED", attr->ulValueLen); |
929 | 0 | } else { |
930 | 0 | buffer_append_printf (buffer, "(%lu) ", attr->ulValueLen); |
931 | 0 | format_some_bytes (buffer, attr->pValue, attr->ulValueLen); |
932 | 0 | } |
933 | 0 | p11_buffer_add (buffer, " }", -1); |
934 | 0 | } |
935 | | |
936 | | void |
937 | | p11_attrs_format (p11_buffer *buffer, |
938 | | const CK_ATTRIBUTE *attrs, |
939 | | int count) |
940 | 0 | { |
941 | 0 | CK_BBOOL first = CK_TRUE; |
942 | 0 | CK_OBJECT_CLASS klass; |
943 | 0 | int i; |
944 | |
|
945 | 0 | if (count < 0) |
946 | 0 | count = p11_attrs_count (attrs); |
947 | |
|
948 | 0 | if (!p11_attrs_findn_ulong (attrs, CKA_CLASS, count, &klass)) |
949 | 0 | klass = CKA_INVALID; |
950 | |
|
951 | 0 | buffer_append_printf (buffer, "(%d) [", count); |
952 | 0 | for (i = 0; i < count; i++) { |
953 | 0 | if (first) |
954 | 0 | p11_buffer_add (buffer, " ", 1); |
955 | 0 | else |
956 | 0 | p11_buffer_add (buffer, ", ", 2); |
957 | 0 | first = CK_FALSE; |
958 | 0 | p11_attr_format (buffer, attrs + i, klass); |
959 | 0 | } |
960 | 0 | p11_buffer_add (buffer, " ]", -1); |
961 | 0 | } |
962 | | |
963 | | char * |
964 | | p11_attrs_to_string (const CK_ATTRIBUTE *attrs, |
965 | | int count) |
966 | 0 | { |
967 | 0 | p11_buffer buffer; |
968 | 0 | if (!p11_buffer_init_null (&buffer, 128)) |
969 | 0 | return_val_if_reached (NULL); |
970 | 0 | p11_attrs_format (&buffer, attrs, count); |
971 | 0 | return p11_buffer_steal (&buffer, NULL); |
972 | 0 | } |
973 | | |
974 | | char * |
975 | | p11_attr_to_string (const CK_ATTRIBUTE *attr, |
976 | | CK_OBJECT_CLASS klass) |
977 | 0 | { |
978 | 0 | p11_buffer buffer; |
979 | 0 | if (!p11_buffer_init_null (&buffer, 32)) |
980 | 0 | return_val_if_reached (NULL); |
981 | 0 | p11_attr_format (&buffer, attr, klass); |
982 | 0 | return p11_buffer_steal (&buffer, NULL); |
983 | 0 | } |