summaryrefslogtreecommitdiff
path: root/p11-kit
diff options
context:
space:
mode:
authorStef Walter <stefw@collabora.co.uk>2011-03-31 12:41:43 +0200
committerStef Walter <stefw@collabora.co.uk>2011-03-31 12:41:43 +0200
commit479cbd55ee5739d3cd2566379575451dbecf4c54 (patch)
treeec6730dfbd1855dc6193fe2b5df2d09e208200a3 /p11-kit
parent6132cd99c39739ef5360e41e92f22d287007577e (diff)
Documentation and API cleanup.
* Rename source directory * More consistent with return values from URI functions. * Allow formatting URI to take a uri type.
Diffstat (limited to 'p11-kit')
-rw-r--r--p11-kit/Makefile.am40
-rw-r--r--p11-kit/conf.c245
-rw-r--r--p11-kit/conf.h51
-rw-r--r--p11-kit/hash.c452
-rw-r--r--p11-kit/hash.h187
-rw-r--r--p11-kit/p11-kit-lib.c1130
-rw-r--r--p11-kit/p11-kit-messages.c242
-rw-r--r--p11-kit/p11-kit-private.h52
-rw-r--r--p11-kit/p11-kit-proxy.c1382
-rw-r--r--p11-kit/p11-kit-uri.c1195
-rw-r--r--p11-kit/p11-kit-uri.h105
-rw-r--r--p11-kit/p11-kit.h59
-rw-r--r--p11-kit/p11-kit.pc17
-rw-r--r--p11-kit/p11-kit.pc.in17
-rw-r--r--p11-kit/pkcs11.h1357
-rw-r--r--p11-kit/util.c51
-rw-r--r--p11-kit/util.h45
17 files changed, 6627 insertions, 0 deletions
diff --git a/p11-kit/Makefile.am b/p11-kit/Makefile.am
new file mode 100644
index 0000000..989f482
--- /dev/null
+++ b/p11-kit/Makefile.am
@@ -0,0 +1,40 @@
+
+incdir = $(includedir)/p11-kit
+
+inc_HEADERS = \
+ p11-kit.h \
+ p11-kit-uri.h \
+ pkcs11.h
+
+MODULE_SRCS = \
+ conf.c conf.h \
+ hash.c hash.h \
+ util.c util.h \
+ p11-kit-lib.c \
+ p11-kit-proxy.c \
+ p11-kit-private.h \
+ p11-kit-messages.c \
+ p11-kit-uri.c \
+ $(inc_HEADERS)
+
+lib_LTLIBRARIES = \
+ libp11-kit.la
+
+noinst_LTLIBRARIES = \
+ libp11-kit-testable.la
+
+libp11_kit_la_LDFLAGS = \
+ -no-undefined -export-symbols-regex '^C_GetFunctionList|^p11_kit_'
+
+libp11_kit_la_SOURCES = $(MODULE_SRCS)
+
+libp11_kit_testable_la_LDFLAGS = \
+ -no-undefined
+
+libp11_kit_testable_la_SOURCES = $(MODULE_SRCS)
+
+pkgconfigdir = $(libdir)/pkgconfig
+pkgconfig_DATA = p11-kit.pc
+
+EXTRA_DIST = \
+ p11-kit.pc.in \ No newline at end of file
diff --git a/p11-kit/conf.c b/p11-kit/conf.c
new file mode 100644
index 0000000..6c83407
--- /dev/null
+++ b/p11-kit/conf.c
@@ -0,0 +1,245 @@
+/*
+ * Copyright (c) 2005, Stefan Walter
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ * * Redistributions in binary form must reproduce the
+ * above copyright notice, this list of conditions and
+ * the following disclaimer in the documentation and/or
+ * other materials provided with the distribution.
+ * * The names of contributors to this software may not be
+ * used to endorse or promote products derived from this
+ * software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ *
+ * CONTRIBUTORS
+ * Stef Walter <stef@memberwebs.com>
+ */
+
+#include "config.h"
+
+#include "conf.h"
+
+#include <sys/param.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+
+#include <assert.h>
+#include <ctype.h>
+#include <dirent.h>
+#include <errno.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+static void
+errmsg (conf_error_func error_func, const char* msg, ...)
+{
+ #define MAX_MSGLEN 1024
+ char buf[MAX_MSGLEN];
+ va_list ap;
+
+ if (!error_func)
+ return;
+
+ va_start (ap, msg);
+ vsnprintf (buf, MAX_MSGLEN, msg, ap);
+ buf[MAX_MSGLEN - 1] = 0;
+ error_func (buf);
+ va_end (ap);
+}
+
+static void
+strcln (char* data, char ch)
+{
+ char* p;
+ for (p = data; *data; data++, p++) {
+ while (*data == ch)
+ data++;
+ *p = *data;
+ }
+
+ /* Renull terminate */
+ *p = 0;
+}
+
+static char*
+strbtrim (const char* data)
+{
+ while (*data && isspace (*data))
+ ++data;
+ return (char*)data;
+}
+
+static void
+stretrim (char* data)
+{
+ char* t = data + strlen (data);
+ while (t > data && isspace (*(t - 1))) {
+ t--;
+ *t = 0;
+ }
+}
+
+static char*
+strtrim (char* data)
+{
+ data = (char*)strbtrim (data);
+ stretrim (data);
+ return data;
+}
+
+/* -----------------------------------------------------------------------------
+ * CONFIG PARSER
+ */
+
+static char*
+read_config_file (const char* filename, int flags,
+ conf_error_func error_func)
+{
+ char* config = NULL;
+ FILE* f = NULL;
+ long len;
+
+ assert (filename);
+
+ f = fopen (filename, "r");
+ if (f == NULL) {
+ if ((flags & CONF_IGNORE_MISSING) &&
+ (errno == ENOENT || errno == ENOTDIR)) {
+ config = strdup ("\n");
+ if (!config)
+ errno = ENOMEM;
+ return config;
+ }
+ errmsg (error_func, "couldn't open config file: %s", filename);
+ return NULL;
+ }
+
+ /* Figure out size */
+ if (fseek (f, 0, SEEK_END) == -1 ||
+ (len = ftell (f)) == -1 ||
+ fseek (f, 0, SEEK_SET) == -1) {
+ errmsg (error_func, "couldn't seek config file: %s", filename);
+ return NULL;
+ }
+
+ if ((config = (char*)malloc (len + 2)) == NULL) {
+ errmsg (error_func, "out of memory");
+ errno = ENOMEM;
+ return NULL;
+ }
+
+ /* And read in one block */
+ if (fread (config, 1, len, f) != len) {
+ errmsg (error_func, "couldn't read config file: %s", filename);
+ return NULL;
+ }
+
+ fclose (f);
+
+ /* Null terminate the data */
+ config[len] = '\n';
+ config[len + 1] = 0;
+
+ /* Remove nasty dos line endings */
+ strcln (config, '\r');
+
+ return config;
+}
+
+hash_t*
+conf_parse_file (const char* filename, int flags,
+ conf_error_func error_func)
+{
+ char *name;
+ char *value;
+ hash_t *ht = NULL;
+ char *config;
+ char *next;
+ char *end;
+
+ assert (filename);
+
+ /* Adds an extra newline to end of file */
+ config = read_config_file (filename, flags, error_func);
+ if (!config)
+ return NULL;
+
+ ht = hash_create (hash_string_hash, hash_string_equal, free, free);
+ next = config;
+
+ /* Go through lines and process them */
+ while ((end = strchr (next, '\n')) != NULL) {
+ *end = 0;
+ name = strbtrim (next);
+ next = end + 1;
+
+ /* Empty lines / comments at start */
+ if (!*name || *name == '#')
+ continue;
+
+ /* Look for the break between name: value on the same line */
+ value = name + strcspn (name, ":");
+ if (!*value) {
+ errmsg (error_func, "%s: invalid config line: %s", filename, name);
+ errno = EINVAL;
+ break;
+ }
+
+ /* Null terminate and split value part */
+ *value = 0;
+ value++;
+
+ name = strtrim (name);
+ value = strtrim (value);
+
+ name = strdup (name);
+ if (!name) {
+ errno = ENOMEM;
+ break;
+ }
+ value = strdup (value);
+ if (!value) {
+ free (name);
+ errno = ENOMEM;
+ break;
+ }
+ if (!hash_set (ht, name, value)) {
+ free (name);
+ free (value);
+ errno = ENOMEM;
+ break;
+ }
+ }
+
+ /* Unsuccessful? */
+ if (end != NULL) {
+ hash_free (ht);
+ ht = NULL;
+ }
+
+ free (config);
+ return ht;
+}
diff --git a/p11-kit/conf.h b/p11-kit/conf.h
new file mode 100644
index 0000000..84138d2
--- /dev/null
+++ b/p11-kit/conf.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 2011, Collabora Ltd.
+ * Copyright (c) 2005, Stefan Walter
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ * * Redistributions in binary form must reproduce the
+ * above copyright notice, this list of conditions and
+ * the following disclaimer in the documentation and/or
+ * other materials provided with the distribution.
+ * * The names of contributors to this software may not be
+ * used to endorse or promote products derived from this
+ * software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter <stefw@collabora.co.uk>
+ */
+
+#ifndef __CONF_H__
+#define __CONF_H__
+
+#include "hash.h"
+
+enum {
+ CONF_IGNORE_MISSING = 0x01,
+};
+
+typedef void (*conf_error_func) (const char *message);
+
+hash_t* conf_parse_file (const char *filename,
+ int flags,
+ conf_error_func error_func);
+
+#endif /* __CONF_H__ */
diff --git a/p11-kit/hash.c b/p11-kit/hash.c
new file mode 100644
index 0000000..836e717
--- /dev/null
+++ b/p11-kit/hash.c
@@ -0,0 +1,452 @@
+/*
+ * Copyright (c) 2004, Stefan Walter
+ * Copyright (c) 2011, Collabora Ltd.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ * * Redistributions in binary form must reproduce the
+ * above copyright notice, this list of conditions and
+ * the following disclaimer in the documentation and/or
+ * other materials provided with the distribution.
+ * * The names of contributors to this software may not be
+ * used to endorse or promote products derived from this
+ * software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ */
+
+/*
+ * Originally from apache 2.0
+ * Modifications for general use by <stef@memberwebs.com>
+ */
+
+/* Copyright 2000-2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <sys/types.h>
+
+#include <assert.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "hash.h"
+
+/*
+ * The internal form of a hash table.
+ *
+ * The table is an array indexed by the hash of the key; collisions
+ * are resolved by hanging a linked list of hash entries off each
+ * element of the array. Although this is a really simple design it
+ * isn't too bad given that pools have a low allocation overhead.
+ */
+
+typedef struct hash_entry hash_entry_t;
+
+struct hash_entry
+{
+ hash_entry_t* next;
+ unsigned int hash;
+ void* key;
+ void* val;
+};
+
+/*
+ * The size of the array is always a power of two. We use the maximum
+ * index rather than the size so that we can use bitwise-AND for
+ * modular arithmetic.
+ * The count of hash entries may be greater depending on the chosen
+ * collision rate.
+ */
+struct hash {
+ hash_entry_t** array;
+ unsigned int count;
+ unsigned int max;
+ hash_hash_func hash_func;
+ hash_equal_func equal_func;
+ hash_destroy_func key_destroy_func;
+ hash_destroy_func value_destroy_func;
+};
+
+#define INITIAL_MAX 15 /* tunable == 2^n - 1 */
+#define int_malloc malloc
+#define int_calloc calloc
+#define int_free free
+
+/*
+ * Hash creation functions.
+ */
+
+static hash_entry_t**
+alloc_array(hash_t* ht, unsigned int max)
+{
+ return (hash_entry_t**)int_calloc (sizeof (*(ht->array)), (max + 1));
+}
+
+hash_t*
+hash_create (hash_hash_func hash_func,
+ hash_equal_func equal_func,
+ hash_destroy_func key_destroy_func,
+ hash_destroy_func value_destroy_func)
+{
+ hash_t* ht;
+
+ assert (hash_func);
+ assert (equal_func);
+
+ ht = int_malloc (sizeof (hash_t));
+ if (ht) {
+ ht->count = 0;
+ ht->max = INITIAL_MAX;
+ ht->hash_func = hash_func;
+ ht->equal_func = equal_func;
+ ht->key_destroy_func = key_destroy_func;
+ ht->value_destroy_func = value_destroy_func;
+ ht->array = alloc_array (ht, ht->max);
+ if (!ht->array) {
+ int_free (ht);
+ return NULL;
+ }
+ }
+ return ht;
+}
+
+void
+hash_free (hash_t* ht)
+{
+ hash_iter_t hi;
+
+ if (!ht)
+ return;
+
+ hash_iterate (ht, &hi);
+ while (hash_next (&hi, NULL, NULL)) {
+ if (ht->key_destroy_func)
+ ht->key_destroy_func (hi.ths->key);
+ if (ht->value_destroy_func)
+ ht->value_destroy_func (hi.ths->val);
+ }
+
+ if (ht->array)
+ int_free (ht->array);
+
+ int_free (ht);
+}
+
+/*
+ * Hash iteration functions.
+ */
+int
+hash_next (hash_iter_t* hi, void **key, void **value)
+{
+ hi->ths = hi->next;
+ while (!hi->ths) {
+ if (hi->index > hi->ht->max)
+ return 0;
+ hi->ths = hi->ht->array[hi->index++];
+ }
+ hi->next = hi->ths->next;
+ if (key)
+ *key = hi->ths->key;
+ if (value)
+ *value = hi->ths->val;
+ return 1;
+}
+
+void
+hash_iterate (hash_t* ht, hash_iter_t *hi)
+{
+ hi->ht = ht;
+ hi->index = 0;
+ hi->ths = NULL;
+ hi->next = NULL;
+}
+
+/*
+ * Expanding a hash table
+ */
+
+static int
+expand_array (hash_t* ht)
+{
+ hash_iter_t hi;
+ hash_entry_t** new_array;
+ unsigned int new_max;
+
+ new_max = ht->max * 2 + 1;
+ new_array = alloc_array (ht, new_max);
+
+ if(!new_array)
+ return 0;
+
+ hash_iterate (ht, &hi);
+ while (hash_next (&hi, NULL, NULL)) {
+ unsigned int i = hi.ths->hash & new_max;
+ hi.ths->next = new_array[i];
+ new_array[i] = hi.ths;
+ }
+
+ if(ht->array)
+ int_free (ht->array);
+
+ ht->array = new_array;
+ ht->max = new_max;
+ return 1;
+}
+
+/*
+ * This is where we keep the details of the hash function and control
+ * the maximum collision rate.
+ *
+ * If val is non-NULL it creates and initializes a new hash entry if
+ * there isn't already one there; it returns an updatable pointer so
+ * that hash entries can be removed.
+ */
+
+static hash_entry_t**
+find_entry (hash_t* ht, const void* key, void* val)
+{
+ hash_entry_t** hep;
+ hash_entry_t* he;
+ unsigned int hash;
+
+ /* Perform the hashing */
+ hash = ht->hash_func (key);
+
+ /* scan linked list */
+ for (hep = &ht->array[hash & ht->max], he = *hep;
+ he; hep = &he->next, he = *hep) {
+ if(he->hash == hash && ht->equal_func (he->key, key))
+ break;
+ }
+
+ if(he || !val)
+ return hep;
+
+ /* add a new entry for non-NULL val */
+ he = int_malloc (sizeof (*he));
+
+ if(he) {
+ he->key = (void*)key;
+ he->next = NULL;
+ he->hash = hash;
+ he->val = val;
+
+ *hep = he;
+ ht->count++;
+ }
+
+ return hep;
+}
+
+void*
+hash_get (hash_t* ht, const void *key)
+{
+ hash_entry_t** he = find_entry (ht, key, NULL);
+ if (he && *he)
+ return (void*)((*he)->val);
+ else
+ return NULL;
+}
+
+int
+hash_set (hash_t* ht, void* key, void* val)
+{
+ hash_entry_t** hep = find_entry (ht, key, val);
+ if(hep && *hep) {
+ /* replace entry */
+ (*hep)->val = val;
+
+ /* check that the collision rate isn't too high */
+ if (ht->count > ht->max) {
+ if (!expand_array (ht))
+ return 0;
+ }
+
+ return 1;
+ }
+
+ return 0;
+}
+
+int
+hash_remove (hash_t* ht, const void* key)
+{
+ hash_entry_t** hep = find_entry (ht, key, NULL);
+
+ if (hep && *hep) {
+ hash_entry_t* old = *hep;
+ *hep = (*hep)->next;
+ --ht->count;
+ if (ht->key_destroy_func)
+ ht->key_destroy_func (old->key);
+ if (ht->value_destroy_func)
+ ht->value_destroy_func (old->val);
+ free (old);
+ return 1;
+ }
+
+ return 0;
+}
+
+void
+hash_clear (hash_t* ht)
+{
+ hash_entry_t *he, *next;
+ int i;
+
+ /* Free all entries in the array */
+ for (i = 0; i < ht->max; ++i) {
+ he = ht->array[i];
+ while (he) {
+ next = he->next;
+ if (ht->key_destroy_func)
+ ht->key_destroy_func (he->key);
+ if (ht->value_destroy_func)
+ ht->value_destroy_func (he->val);
+ free (he);
+ he = next;
+ }
+ }
+
+ memset (ht->array, 0, ht->max * sizeof (hash_entry_t*));
+ ht->count = 0;
+}
+
+unsigned int
+hash_count (hash_t* ht)
+{
+ return ht->count;
+}
+
+unsigned int
+hash_string_hash (const void *string)
+{
+ unsigned int hash;
+ const unsigned char *p;
+
+ assert (string);
+
+ /*
+ * This is the popular `times 33' hash algorithm which is used by
+ * perl and also appears in Berkeley DB. This is one of the best
+ * known hash functions for strings because it is both computed
+ * very fast and distributes very well.
+ *
+ * The originator may be Dan Bernstein but the code in Berkeley DB
+ * cites Chris Torek as the source. The best citation I have found
+ * is "Chris Torek, Hash function for text in C, Usenet message
+ * <27038@mimsy.umd.edu> in comp.lang.c , October, 1990." in Rich
+ * Salz's USENIX 1992 paper about INN which can be found at
+ * <http://citeseer.nj.nec.com/salz92internetnews.html>.
+ *
+ * The magic of number 33, i.e. why it works better than many other
+ * constants, prime or not, has never been adequately explained by
+ * anyone. So I try an explanation: if one experimentally tests all
+ * multipliers between 1 and 256 (as I did while writing a low-level
+ * data structure library some time ago) one detects that even
+ * numbers are not useable at all. The remaining 128 odd numbers
+ * (except for the number 1) work more or less all equally well.
+ * They all distribute in an acceptable way and this way fill a hash
+ * table with an average percent of approx. 86%.
+ *
+ * If one compares the chi^2 values of the variants (see
+ * Bob Jenkins ``Hashing Frequently Asked Questions'' at
+ * http://burtleburtle.net/bob/hash/hashfaq.html for a description
+ * of chi^2), the number 33 not even has the best value. But the
+ * number 33 and a few other equally good numbers like 17, 31, 63,
+ * 127 and 129 have nevertheless a great advantage to the remaining
+ * numbers in the large set of possible multipliers: their multiply
+ * operation can be replaced by a faster operation based on just one
+ * shift plus either a single addition or subtraction operation. And
+ * because a hash function has to both distribute good _and_ has to
+ * be very fast to compute, those few numbers should be preferred.
+ *
+ * -- Ralf S. Engelschall <rse@engelschall.com>
+ */
+
+ hash = 0;
+
+ for(p = string; *p; p++)
+ hash = hash * 33 + *p;
+
+ return hash;
+}
+
+int
+hash_string_equal (const void *string_one, const void *string_two)
+{
+ assert (string_one);
+ assert (string_two);
+
+ return strcmp (string_one, string_two) == 0;
+}
+
+unsigned int
+hash_ulongptr_hash (const void *to_ulong)
+{
+ assert (to_ulong);
+ return (unsigned int)*((unsigned long*)to_ulong);
+}
+
+int
+hash_ulongptr_equal (const void *ulong_one, const void *ulong_two)
+{
+ assert (ulong_one);
+ assert (ulong_two);
+ return *((unsigned long*)ulong_one) == *((unsigned long*)ulong_two);
+}
+
+unsigned int
+hash_intptr_hash (const void *to_int)
+{
+ assert (to_int);
+ return (unsigned int)*((unsigned long*)to_int);
+}
+
+int
+hash_intptr_equal (const void *int_one, const void *int_two)
+{
+ assert (int_one);
+ assert (int_two);
+ return *((unsigned long*)int_one) == *((unsigned long*)int_two);
+}
+
+unsigned int
+hash_direct_hash (const void *ptr)
+{
+ return (unsigned int)ptr;
+}
+
+int
+hash_direct_equal (const void *ptr_one, const void *ptr_two)
+{
+ return ptr_one == ptr_two;
+}
diff --git a/p11-kit/hash.h b/p11-kit/hash.h
new file mode 100644
index 0000000..eb3c496
--- /dev/null
+++ b/p11-kit/hash.h
@@ -0,0 +1,187 @@
+/*
+ * Copyright (c) 2004, Stefan Walter
+ * Copyright (c) 2011, Collabora Ltd.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ * * Redistributions in binary form must reproduce the
+ * above copyright notice, this list of conditions and
+ * the following disclaimer in the documentation and/or
+ * other materials provided with the distribution.
+ * * The names of contributors to this software may not be
+ * used to endorse or promote products derived from this
+ * software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Waler <stefw@collabora.co.uk>
+ */
+
+/*
+ * Originally from apache 2.0
+ * Modifications for general use by <stef@memberwebs.com>
+ */
+
+/* Copyright 2000-2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __HSH_H__
+#define __HSH_H__
+
+#include <sys/types.h>
+
+/*
+ * ARGUMENT DOCUMENTATION
+ *
+ * ht: The hashtable
+ * key: Pointer to the key value
+ * klen: The length of the key
+ * val: Pointer to the value
+ * hi: A hashtable iterator
+ * stamp: A unix timestamp
+ */
+
+
+/* ----------------------------------------------------------------------------------
+ * TYPES
+ */
+
+/* Abstract type for hash tables. */
+typedef struct hash hash_t;
+
+/* Type for scanning hash tables. */
+typedef struct hash_iter
+{
+ hash_t* ht;
+ struct hash_entry* ths;
+ struct hash_entry* next;
+ unsigned int index;
+} hash_iter_t;
+
+typedef unsigned int (*hash_hash_func) (const void *data);
+
+typedef int (*hash_equal_func) (const void *one,
+ const void *two);
+
+typedef void (*hash_destroy_func) (void *data);
+
+/* -----------------------------------------------------------------------------
+ * MAIN
+ */
+
+/*
+ * hash_create : Create a hash table
+ * - returns an allocated hashtable
+ */
+hash_t* hash_create (hash_hash_func hash_func,
+ hash_equal_func equal_func,
+ hash_destroy_func key_destroy_func,
+ hash_destroy_func value_destroy_func);
+
+/*
+ * hash_free : Free a hash table
+ */
+void hash_free (hash_t* ht);
+
+/*
+ * hash_count: Number of values in hash table
+ * - returns the number of entries in hash table
+ */
+unsigned int hash_count (hash_t* ht);
+
+/*
+ * hash_get: Retrieves a value from the hash table
+ * - returns the value of the entry
+ */
+void* hash_get (hash_t* ht,
+ const void *key);
+
+/*
+ * hash_set: Set a value in the hash table
+ * - returns 1 if the entry was added properly
+ */
+int hash_set (hash_t* ht,
+ void *key,
+ void *value);
+
+/*
+ * hash_remove: Remove a value from the hash table
+ * - returns 1 if the entry was found
+ */
+int hash_remove (hash_t* ht,
+ const void* key);
+
+/*
+ * hash_first: Start enumerating through the hash table
+ * - returns a hash iterator
+ */
+void hash_iterate (hash_t* ht,
+ hash_iter_t *hi);
+
+/*
+ * hash_next: Enumerate through hash table
+ * - sets key and value to key and/or value
+ * - returns whether there was another entry
+ */
+int hash_next (hash_iter_t* hi,
+ void **key,
+ void **value);
+
+/*
+ * hash_clear: Clear all values from has htable.
+ */
+void hash_clear (hash_t* ht);
+
+/* -----------------------------------------------------------------------------
+ * HASH FUNCTIONS
+ */
+
+unsigned int hash_string_hash (const void *string);
+
+int hash_string_equal (const void *string_one,
+ const void *string_two);
+
+unsigned int hash_ulongptr_hash (const void *to_ulong);
+
+int hash_ulongptr_equal (const void *ulong_one,
+ const void *ulong_two);
+
+unsigned int hash_intptr_hash (const void *to_int);
+
+int hash_intptr_equal (const void *int_one,
+ const void *int_two);
+
+unsigned int hash_direct_hash (const void *ptr);
+
+int hash_direct_equal (const void *ptr_one,
+ const void *ptr_two);
+
+#endif /* __HASH_H__ */
diff --git a/p11-kit/p11-kit-lib.c b/p11-kit/p11-kit-lib.c
new file mode 100644
index 0000000..f57f3d1
--- /dev/null
+++ b/p11-kit/p11-kit-lib.c
@@ -0,0 +1,1130 @@
+/*
+ * Copyright (C) 2011 Collabora Ltd.
+ * Copyright (C) 2008 Stefan Walter
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ * * Redistributions in binary form must reproduce the
+ * above copyright notice, this list of conditions and
+ * the following disclaimer in the documentation and/or
+ * other materials provided with the distribution.
+ * * The names of contributors to this software may not be
+ * used to endorse or promote products derived from this
+ * software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter <stefw@collabora.co.uk>
+ */
+
+#include "config.h"
+
+#include "conf.h"
+#include "hash.h"
+#include "pkcs11.h"
+#include "p11-kit.h"
+#include "p11-kit-private.h"
+
+#include <sys/types.h>
+
+#include <assert.h>
+#include <dirent.h>
+#include <dlfcn.h>
+#include <errno.h>
+#include <pthread.h>
+#include <pwd.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+/**
+ * SECTION:p11-kit
+ * @title: Modules
+ * @short_description: Module loading and initializing
+ *
+ * PKCS\#11 modules are used by crypto libraries and applications to access
+ * crypto objects (like keys and certificates) and to perform crypto operations.
+ *
+ * In order for applications to behave consistently with regard to the user's
+ * installed PKCS\#11 modules, each module must be registered so that applications
+ * or libraries know that they should load it.
+ *
+ * The functions here provide support for initializing registered modules. The
+ * p11_kit_initialize_registered() function should be used to load and initialize
+ * the registered modules. When done, the p11_kit_finalize_registered() function
+ * should be used to release those modules and associated resources.
+ *
+ * In addition p11_kit_registered_option() can be used to access other parts
+ * of the module configuration.
+ *
+ * When multiple consumers of a module (such as libraries or applications) are
+ * in the same process, coordination of the initialization and finalization
+ * of PKCS\#11 modules is required. The functions here automatically provide
+ * initialization reference counting to make this work.
+ *
+ * If a consumer wishes to load an arbitrary PKCS\#11 module that's not
+ * registered, that module should be initialized with p11_kit_initialize_module()
+ * and finalized with p11_kit_finalize_module(). The module's own
+ * <code>C_Initialize</code> and <code>C_Finalize</code> methods should not
+ * be called directly.
+ *
+ * Modules are represented by a pointer to their <code>CK_FUNCTION_LIST</code>
+ * entry points. This means that callers can load modules elsewhere, using
+ * dlopen() for example, and then still use these methods on them.
+ */
+
+typedef struct _Module {
+ char *name;
+ hash_t *config;
+ void *dl_module;
+ CK_FUNCTION_LIST_PTR funcs;
+ int ref_count;
+ int initialize_count;
+ CK_C_INITIALIZE_ARGS init_args;
+} Module;
+
+/*
+ * This is the mutex that protects the global data of this library
+ * and the pkcs11 proxy module. Note that we *never* call into our
+ * underlying pkcs11 modules while holding this mutex. Therefore it
+ * doesn't have to be recursive and we can keep things simple.
+ */
+pthread_mutex_t _p11_mutex = PTHREAD_MUTEX_INITIALIZER;
+
+/*
+ * Shared data between threads, protected by the mutex, a structure so
+ * we can audit thread safety easier.
+ */
+static struct _Shared {
+ hash_t *modules;
+ hash_t *config;
+} gl = { NULL, NULL };
+
+/* -----------------------------------------------------------------------------
+ * UTILITIES
+ */
+
+static void
+warning (const char* msg, ...)
+{
+ char buffer[512];
+ va_list va;
+
+ va_start (va, msg);
+
+ vsnprintf(buffer, sizeof (buffer) - 1, msg, va);
+ buffer[sizeof (buffer) - 1] = 0;
+ fprintf (stderr, "p11-kit: %s\n", buffer);
+
+ va_end (va);
+}
+
+static void
+conf_error (const char *buffer)
+{
+ /* called from conf.c */
+ fprintf (stderr, "p11-kit: %s\n", buffer);
+}
+
+static char*
+strconcat (const char *first, ...)
+{
+ size_t length = 0;
+ const char *arg;
+ char *result, *at;
+ va_list va;
+
+ va_start (va, first);
+
+ for (arg = first; arg; arg = va_arg (va, const char*))
+ length += strlen (arg);
+
+ va_end (va);
+
+ at = result = malloc (length);
+ if (!result)
+ return NULL;
+
+ va_start (va, first);
+
+ for (arg = first; arg; arg = va_arg (va, const char*)) {
+ length = strlen (arg);
+ memcpy (at, arg, length);
+ at += length;
+ }
+
+ va_end (va);
+
+ *at = 0;
+ return result;
+}
+
+static int
+strequal (const char *one, const char *two)
+{
+ return strcmp (one, two) == 0;
+}
+
+/* -----------------------------------------------------------------------------
+ * P11-KIT FUNCTIONALITY
+ */
+
+static CK_RV
+create_mutex (CK_VOID_PTR_PTR mut)
+{
+ pthread_mutex_t *pmutex;
+ int err;
+
+ pmutex = malloc (sizeof (pthread_mutex_t));
+ if (!pmutex)
+ return CKR_HOST_MEMORY;
+ err = pthread_mutex_init (pmutex, NULL);
+ if (err == ENOMEM)
+ return CKR_HOST_MEMORY;
+ else if (err != 0)
+ return CKR_GENERAL_ERROR;
+ *mut = pmutex;
+ return CKR_OK;
+}
+
+static CK_RV
+destroy_mutex (CK_VOID_PTR mut)
+{
+ pthread_mutex_t *pmutex = mut;
+ int err;
+
+ err = pthread_mutex_destroy (pmutex);
+ if (err == EINVAL)
+ return CKR_MUTEX_BAD;
+ else if (err != 0)
+ return CKR_GENERAL_ERROR;
+ free (pmutex);
+ return CKR_OK;
+}
+
+static CK_RV
+lock_mutex (CK_VOID_PTR mut)
+{
+ pthread_mutex_t *pmutex = mut;
+ int err;
+
+ err = pthread_mutex_lock (pmutex);
+ if (err == EINVAL)
+ return CKR_MUTEX_BAD;
+ else if (err != 0)
+ return CKR_GENERAL_ERROR;
+ return CKR_OK;
+}
+
+static CK_RV
+unlock_mutex (CK_VOID_PTR mut)
+{
+ pthread_mutex_t *pmutex = mut;
+ int err;
+
+ err = pthread_mutex_unlock (pmutex);
+ if (err == EINVAL)
+ return CKR_MUTEX_BAD;
+ else if (err == EPERM)
+ return CKR_MUTEX_NOT_LOCKED;
+ else if (err != 0)
+ return CKR_GENERAL_ERROR;
+ return CKR_OK;
+}
+
+static void
+free_module_unlocked (void *data)
+{
+ Module *module = data;
+
+ assert (module);
+
+ /* Module must be finalized */
+ assert (module->initialize_count == 0);
+
+ /* Module must have no outstanding references */
+ assert (module->ref_count == 0);
+
+ if (module->dl_module)
+ dlclose (module->dl_module);
+ hash_free (module->config);
+ free (module->name);
+ free (module);
+}
+
+static Module*
+alloc_module_unlocked (void)
+{
+ Module *module;
+
+ module = calloc (1, sizeof (Module));
+ if (!module)
+ return NULL;
+
+ module->init_args.CreateMutex = create_mutex;
+ module->init_args.DestroyMutex = destroy_mutex;
+ module->init_args.LockMutex = lock_mutex;
+ module->init_args.UnlockMutex = unlock_mutex;
+ module->init_args.flags = CKF_OS_LOCKING_OK;
+
+ return module;
+}
+
+static CK_RV
+load_module_from_config_unlocked (const char *configfile, const char *name)
+{
+ Module *module, *prev;
+ const char *path;
+ CK_C_GetFunctionList gfl;
+ CK_RV rv;
+
+ assert (configfile);
+
+ module = alloc_module_unlocked ();
+ if (!module)
+ return CKR_HOST_MEMORY;
+
+ module->config = conf_parse_file (configfile, 0, conf_error);
+ if (!module->config) {
+ free_module_unlocked (module);
+ if (errno == ENOMEM)
+ return CKR_HOST_MEMORY;
+ return CKR_GENERAL_ERROR;
+ }
+
+ module->name = strdup (name);
+ if (!module->name) {
+ free_module_unlocked (module);
+ return CKR_HOST_MEMORY;
+ }
+
+ path = hash_get (module->config, "module");
+ if (path == NULL) {
+ free_module_unlocked (module);
+ warning ("no module path specified in config: %s", configfile);
+ return CKR_GENERAL_ERROR;
+ }
+
+ module->dl_module = dlopen (path, RTLD_LOCAL | RTLD_NOW);
+ if (module->dl_module == NULL) {
+ warning ("couldn't load module: %s: %s", path, dlerror ());
+ free_module_unlocked (module);
+ return CKR_GENERAL_ERROR;
+ }
+
+ gfl = dlsym (module->dl_module, "C_GetFunctionList");
+ if (!gfl) {
+ warning ("couldn't find C_GetFunctionList entry point in module: %s: %s",
+ path, dlerror ());
+ free_module_unlocked (module);
+ return CKR_GENERAL_ERROR;
+ }
+
+ rv = gfl (&module->funcs);
+ if (rv != CKR_OK) {
+ warning ("call to C_GetFunctiontList failed in module: %s: %s",
+ path, p11_kit_strerror (rv));
+ free_module_unlocked (module);
+ return rv;
+ }
+
+ prev = hash_get (gl.modules, module->funcs);
+
+ /* Replace previous module that was loaded explicitly? */
+ if (prev && !prev->name) {
+ module->ref_count = prev->ref_count;
+ module->initialize_count = prev->initialize_count;
+ prev->ref_count = 0;
+ prev->initialize_count = 0;
+ hash_set (gl.modules, module->funcs, module);
+ prev = NULL; /* freed by hash above */
+ }
+
+ /* Refuse to load duplicate module */
+ if (prev) {
+ warning ("duplicate configured module: %s: %s",
+ module->name, path);
+ free_module_unlocked (module);
+ return CKR_GENERAL_ERROR;
+ }
+
+ return CKR_OK;
+}
+
+static CK_RV
+load_modules_from_config_unlocked (const char *directory)
+{
+ struct dirent *dp;
+ CK_RV rv = CKR_OK;
+ DIR *dir;
+ char *path;
+
+ /* First we load all the modules */
+ dir = opendir (directory);
+ if (!dir) {
+ if (errno == ENOENT || errno == ENOTDIR)
+ warning ("couldn't list directory: %s", directory);
+ return CKR_GENERAL_ERROR;
+ }
+
+ /* We're within a global mutex, so readdir is safe */
+ while ((dp = readdir(dir)) != NULL) {
+ path = strconcat (directory, "/", dp->d_name);
+ if (!path) {
+ rv = CKR_HOST_MEMORY;
+ break;
+ }
+
+ rv = load_module_from_config_unlocked (path, dp->d_name);
+ free (path);
+
+ if (rv != CKR_OK)
+ break;
+ }
+
+ closedir (dir);
+
+ return rv;
+}
+
+static char*
+expand_user_path (const char *path)
+{
+ const char *env;
+ struct passwd *pwd;
+
+ if (path[0] == '~' && path[1] == '/') {
+ env = getenv ("HOME");
+ if (env && env[0]) {
+ return strconcat (env, path + 1, NULL);
+ } else {
+ pwd = getpwuid (getuid ());
+ if (!pwd)
+ return NULL;
+ return strconcat (pwd->pw_dir, path + 1, NULL);
+ }
+ }
+
+ return strdup (path);
+}
+
+enum {
+ USER_CONFIG_INVALID = 0,
+ USER_CONFIG_NONE = 1,
+ USER_CONFIG_MERGE,
+ USER_CONFIG_OVERRIDE
+};
+
+static int
+user_config_mode (hash_t *config, int defmode)
+{
+ const char *mode;
+
+ /* Whether we should use or override from user directory */
+ mode = hash_get (config, "user-config");
+ if (mode == NULL) {
+ return defmode;
+ } else if (strequal (mode, "none")) {
+ return USER_CONFIG_NONE;
+ } else if (strequal (mode, "merge")) {
+ return USER_CONFIG_MERGE;
+ } else if (strequal (mode, "override")) {
+ return USER_CONFIG_OVERRIDE;
+ } else {
+ warning ("invalid mode for 'user-config': %s", mode);
+ return USER_CONFIG_INVALID;
+ }
+}
+
+static CK_RV
+load_config_files_unlocked (int *user_mode)
+{
+ hash_t *config = NULL;
+ hash_t *uconfig = NULL;
+ void *key = NULL;
+ void *value = NULL;
+ char *path;
+ int mode;
+ CK_RV rv = CKR_GENERAL_ERROR;
+ hash_iter_t hi;
+
+ /* Should only be called after everything has been unloaded */
+ assert (!gl.config);
+
+ /* Load the main configuration */
+ config = conf_parse_file (P11_SYSTEM_CONF, CONF_IGNORE_MISSING, conf_error);
+ if (!config) {
+ rv = (errno == ENOMEM) ? CKR_HOST_MEMORY : CKR_GENERAL_ERROR;
+ goto finished;
+ }
+
+ /* Whether we should use or override from user directory */
+ mode = user_config_mode (config, USER_CONFIG_INVALID);
+ if (mode == USER_CONFIG_INVALID)
+ goto finished;
+
+ if (mode != USER_CONFIG_NONE) {
+ path = expand_user_path (P11_USER_CONF);
+ if (!path)
+ goto finished;
+
+ /* Load up the user configuration */
+ uconfig = conf_parse_file (path, CONF_IGNORE_MISSING, conf_error);
+ free (path);
+
+ if (!uconfig) {
+ rv = (errno == ENOMEM) ? CKR_HOST_MEMORY : CKR_GENERAL_ERROR;
+ goto finished;
+ }
+
+ /* Figure out what the user mode is */
+ mode = user_config_mode (uconfig, mode);
+ if (mode == USER_CONFIG_INVALID)
+ goto finished;
+
+ /* Merge everything into the system config */
+ if (mode == USER_CONFIG_MERGE) {
+ hash_iterate (uconfig, &hi);
+ while (hash_next (&hi, &key, &value)) {
+ key = strdup (key);
+ if (key == NULL)
+ goto finished;
+ value = strdup (value);
+ if (value == NULL)
+ goto finished;
+ if (!hash_set (config, key, value))
+ goto finished;
+ key = NULL;
+ value = NULL;
+ }
+
+ /* Override the system config */
+ } else if (mode == USER_CONFIG_OVERRIDE) {
+ hash_free (config);
+ config = uconfig;
+ uconfig = NULL;
+ }
+ }
+
+ gl.config = config;
+ config = NULL;
+ rv = CKR_OK;
+
+ if (user_mode)
+ *user_mode = mode;
+
+finished:
+ hash_free (config);
+ hash_free (uconfig);
+ free (key);
+ free (value);
+ return rv;
+}
+
+static CK_RV
+load_registered_modules_unlocked (void)
+{
+ char *path;
+ int mode;
+ CK_RV rv;
+
+ rv = load_config_files_unlocked (&mode);
+ if (rv != CKR_OK)
+ return rv;
+
+ assert (gl.config);
+ assert (mode != USER_CONFIG_INVALID);
+
+ /* Load each module from the main list */
+ if (mode != USER_CONFIG_OVERRIDE) {
+ rv = load_modules_from_config_unlocked (P11_SYSTEM_MODULES);
+ if (rv != CKR_OK);
+ return rv;
+ }
+
+ /* Load each module from the user list */
+ if (mode != USER_CONFIG_NONE) {
+ path = expand_user_path (P11_USER_MODULES);
+ if (!path)
+ rv = CKR_GENERAL_ERROR;
+ else
+ rv = load_modules_from_config_unlocked (path);
+ free (path);
+ if (rv != CKR_OK);
+ return rv;
+ }
+
+ return CKR_OK;
+}
+
+static CK_RV
+initialize_module_unlocked_reentrant (Module *module)
+{
+ CK_RV rv = CKR_OK;
+
+ assert (module);
+
+ /*
+ * Initialize first, so module doesn't get freed out from
+ * underneath us when the mutex is unlocked below.
+ */
+ ++module->ref_count;
+
+ if (!module->initialize_count) {
+
+ _p11_unlock ();
+
+ assert (module->funcs);
+ rv = module->funcs->C_Initialize (&module->init_args);
+
+ _p11_lock ();
+
+ /*
+ * Because we have the mutex unlocked above, two initializes could
+ * race. Therefore we need to take CKR_CRYPTOKI_ALREADY_INITIALIZED
+ * into account.
+ *
+ * We also need to take into account where in a race both calls return
+ * CKR_OK (which is not according to the spec but may happen, I mean we
+ * do it in this module, so it's not unimaginable).
+ */
+
+ if (rv == CKR_OK)
+ ++module->initialize_count;
+ else if (rv == CKR_CRYPTOKI_ALREADY_INITIALIZED)
+ rv = CKR_OK;
+ else
+ --module->ref_count;
+ }
+
+ return rv;
+}
+
+static void
+reinitialize_after_fork (void)
+{
+ hash_iter_t it;
+ Module *module;
+
+ /* WARNING: This function must be reentrant */
+
+ _p11_lock ();
+
+ if (gl.modules) {
+ hash_iterate (gl.modules, &it);
+ while (hash_next (&it, NULL, (void**)&module)) {
+ module->initialize_count = 0;
+
+ /* WARNING: Reentrancy can occur here */
+ initialize_module_unlocked_reentrant (module);
+ }
+ }
+
+ _p11_unlock ();
+
+ _p11_kit_proxy_after_fork ();
+}
+
+static CK_RV
+init_globals_unlocked (void)
+{
+ static int once = 0;
+
+ if (!gl.modules)
+ gl.modules = hash_create (hash_direct_hash, hash_direct_equal,
+ NULL, free_module_unlocked);
+ if (!gl.modules)
+ return CKR_HOST_MEMORY;
+
+ if (once)
+ return CKR_OK;
+
+ pthread_atfork (NULL, NULL, reinitialize_after_fork);
+ once = 1;
+
+ return CKR_OK;
+}
+
+static void
+free_modules_when_no_refs_unlocked (void)
+{
+ Module *module;
+ hash_iter_t it;
+
+ /* Check if any modules have a ref count */
+ hash_iterate (gl.modules, &it);
+ while (hash_next (&it, NULL, (void**)&module)) {
+ if (module->ref_count)
+ return;
+ }
+
+ hash_free (gl.modules);
+ gl.modules = NULL;
+ hash_free (gl.config);
+ gl.config = NULL;
+}
+
+static CK_RV
+finalize_module_unlocked_reentrant (Module *module)
+{
+ assert (module);
+
+ /*
+ * We leave module info around until all are finalized
+ * so we can encounter these zombie Module structures.
+ */
+ if (module->ref_count == 0)
+ return CKR_ARGUMENTS_BAD;
+
+ if (--module->ref_count > 0)
+ return CKR_OK;
+
+ /*
+ * Becuase of the mutex unlock below, we temporarily increase
+ * the ref count. This prevents module from being freed out
+ * from ounder us.
+ */
+ ++module->ref_count;
+
+ while (module->initialize_count > 0) {
+
+ _p11_unlock ();
+
+ assert (module->funcs);
+ module->funcs->C_Finalize (NULL);
+
+ _p11_lock ();
+
+ if (module->initialize_count > 0)
+ --module->initialize_count;
+ }
+
+ /* Match the increment above */
+ --module->ref_count;
+
+ free_modules_when_no_refs_unlocked ();
+ return CKR_OK;
+}
+
+static Module*
+find_module_for_name_unlocked (const char *name)
+{
+ Module *module;
+ hash_iter_t it;
+
+ assert (name);
+
+ hash_iterate (gl.modules, &it);
+ while (hash_next (&it, NULL, (void**)&module))
+ if (module->ref_count && module->name && strcmp (name, module->name))
+ return module;
+ return NULL;
+}
+
+CK_RV
+_p11_kit_initialize_registered_unlocked_reentrant (void)
+{
+ Module *module;
+ hash_iter_t it;
+ CK_RV rv;
+
+ rv = init_globals_unlocked ();
+ if (rv == CKR_OK)
+ rv = load_registered_modules_unlocked ();
+ if (rv == CKR_OK) {
+ hash_iterate (gl.modules, &it);
+ while (hash_next (&it, NULL, (void**)&module)) {
+
+ /* Skip all modules that aren't registered */
+ if (!module->name)
+ continue;
+
+ rv = initialize_module_unlocked_reentrant (module);
+
+ if (rv != CKR_OK)
+ break;
+ }
+ }
+
+ return rv;
+}
+
+/**
+ * p11_kit_initialize_registered:
+ *
+ * Initialize all the registered PKCS\#11 modules.
+ *
+ * If this is the first time this function is called multiple times
+ * consecutively within a single process, then it merely increments an
+ * initialization reference count for each of these modules.
+ *
+ * Use p11_kit_finalize_registered() to finalize these registered modules once
+ * the caller is done with them.
+ *
+ * Returns: CKR_OK if the initialization succeeded, or an error code.
+ */
+CK_RV
+p11_kit_initialize_registered (void)
+{
+ CK_RV rv;
+
+ /* WARNING: This function must be reentrant */
+
+ _p11_lock ();
+
+ /* WARNING: Reentrancy can occur here */
+ rv = _p11_kit_initialize_registered_unlocked_reentrant ();
+
+ _p11_unlock ();
+
+ /* Cleanup any partial initialization */
+ if (rv != CKR_OK)
+ p11_kit_finalize_registered ();
+
+ return rv;
+}
+
+CK_RV
+_p11_kit_finalize_registered_unlocked_reentrant (void)
+{
+ Module *module;
+ hash_iter_t it;
+ Module **to_finalize;
+ int i, count;
+
+ if (!gl.modules)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ /* WARNING: This function must be reentrant */
+
+ to_finalize = calloc (hash_count (gl.modules), sizeof (Module*));
+ if (!to_finalize)
+ return CKR_HOST_MEMORY;
+
+ count = 0;
+ hash_iterate (gl.modules, &it);
+ while (hash_next (&it, NULL, (void**)&module)) {
+
+ /* Skip all modules that aren't registered */
+ if (module->name)
+ to_finalize[count++] = module;
+ }
+
+ for (i = 0; i < count; ++i) {
+ /* WARNING: Reentrant calls can occur here */
+ finalize_module_unlocked_reentrant (to_finalize[i]);
+ }
+
+ free (to_finalize);
+ return CKR_OK;
+}
+
+/**
+ * p11_kit_finalize_registered:
+ *
+ * Finalize all the registered PKCS\#11 modules. These should have been
+ * initialized with p11_kit_initialize_registered().
+ *
+ * If p11_kit_initialize_registered() has been called more than once in this
+ * process, then this function must be called the same number of times before
+ * actual finalization will occur.
+ *
+ * Returns: CKR_OK if the finalization succeeded, or an error code.
+ */
+
+CK_RV
+p11_kit_finalize_registered (void)
+{
+ CK_RV rv;
+
+ /* WARNING: This function must be reentrant */
+
+ _p11_lock ();
+
+ /* WARNING: Reentrant calls can occur here */
+ rv = _p11_kit_finalize_registered_unlocked_reentrant ();
+
+ _p11_unlock ();
+
+ return rv;
+}
+
+CK_FUNCTION_LIST_PTR_PTR
+_p11_kit_registered_modules_unlocked (void)
+{
+ CK_FUNCTION_LIST_PTR_PTR result;
+ Module *module;
+ hash_iter_t it;
+ int i = 0;
+
+ result = calloc (hash_count (gl.modules) + 1, sizeof (CK_FUNCTION_LIST_PTR));
+ if (result) {
+ hash_iterate (gl.modules, &it);
+ while (hash_next (&it, NULL, (void**)&module)) {
+ if (module->ref_count && module->name)
+ result[i++] = module->funcs;
+ }
+ }
+
+ return result;
+}
+
+/**
+ * p11_kit_registered_modules:
+ *
+ * Get a list of all the registered PKCS\#11 modules. This list will be valid
+ * once the p11_kit_initialize_registered() function has been called.
+ *
+ * The returned value is a <code>NULL</code> terminated array of
+ * <code>CK_FUNCTION_LIST_PTR</code> pointers.
+ *
+ * Returns: A list of all the registered modules. Use the free() function to
+ * free the list.
+ */
+CK_FUNCTION_LIST_PTR_PTR
+p11_kit_registered_modules (void)
+{
+ CK_FUNCTION_LIST_PTR_PTR result;
+
+ _p11_lock ();
+
+ result = _p11_kit_registered_modules_unlocked ();
+
+ _p11_unlock ();
+
+ return result;
+}
+
+/**
+ * p11_kit_registered_module_to_name:
+ * @funcs: pointer to a registered module
+ *
+ * Get the name of a registered PKCS\#11 module.
+ *
+ * You can use p11_kit_registered_modules() to get a list of all the registered
+ * modules. This name is specified by the registered module configuration.
+ *
+ * Returns: A newly allocated string containing the module name, or
+ * <code>NULL</code> if no such registered module exists. Use free() to
+ * free this string.
+ */
+char*
+p11_kit_registered_module_to_name (CK_FUNCTION_LIST_PTR funcs)
+{
+ Module *module;
+ char *name = NULL;
+
+ if (!funcs)
+ return NULL;
+
+ _p11_lock ();
+
+ module = gl.modules ? hash_get (gl.modules, funcs) : NULL;
+ if (module && module->name)
+ name = strdup (module->name);
+
+ _p11_unlock ();
+
+ return name;
+}
+
+/**
+ * p11_kit_registered_name_to_module:
+ * @name: name of a registered module
+ *
+ * Lookup a registered PKCS\#11 module by its name. This name is specified by
+ * the registered module configuration.
+ *
+ * Returns: a pointer to a PKCS\#11 module, or <code>NULL</code> if this name was
+ * not found.
+ */
+CK_FUNCTION_LIST_PTR
+p11_kit_registered_name_to_module (const char *name)
+{
+ CK_FUNCTION_LIST_PTR funcs = NULL;
+ Module *module;
+
+ _p11_lock ();
+
+ if (gl.modules) {
+ module = find_module_for_name_unlocked (name);
+ if (module)
+ funcs = module->funcs;
+ }
+
+ _p11_unlock ();
+
+ return funcs;
+}
+
+/**
+ * p11_kit_registered_option:
+ * @funcs: a pointer to a registered module
+ * @field: the name of the option to lookup.
+ *
+ * Lookup a configured option for a registered PKCS\#11 module. If a
+ * <code>NULL</code> funcs argument is specified, then this will lookup
+ * the configuration option in the global config file.
+ *
+ * Returns: A newly allocated string containing the option value, or
+ * <code>NULL</code> if the registered module or the option were not found.
+ * Use free() to free the returned string.
+ */
+char*
+p11_kit_registered_option (CK_FUNCTION_LIST_PTR funcs, const char *field)
+{
+ Module *module;
+ char *option = NULL;
+ hash_t *config;
+
+ if (!field)
+ return NULL;
+
+ _p11_lock ();
+
+ if (funcs == NULL) {
+ config = gl.config;
+
+ } else {
+ module = gl.modules ? hash_get (gl.modules, funcs) : NULL;
+ if (module)
+ config = module->config;
+ }
+
+ if (config) {
+ option = hash_get (module->config, field);
+ if (option)
+ option = strdup (option);
+ }
+
+ _p11_unlock ();
+
+ return option;
+}
+
+/**
+ * p11_kit_initialize_module:
+ * @funcs: loaded module to initialize.
+ *
+ * Initialize an arbitrary PKCS\#11 module. Normally using the
+ * p11_kit_initialize_registered() is preferred.
+ *
+ * Using this function to initialize modules allows coordination between
+ * multiple users of the same module in a single process. It should be called
+ * on modules that have been loaded (with dlopen() for example) but not yet
+ * initialized. The caller should not yet have called the module's
+ * <code>C_Initialize</code> method. This function will call
+ * <code>C_Initialize</code> as necessary.
+ *
+ * Subsequent calls to this function for the same module will result in an
+ * initialization count being incremented for the module. It is safe (although
+ * usually unnecessary) to use this function on registered modules.
+ *
+ * The module must be finalized with p11_kit_finalize_module() instead of
+ * calling its <code>C_Finalize</code> method directly.
+ *
+ * This function does not accept a <code>CK_C_INITIALIZE_ARGS</code> argument.
+ * Custom initialization arguments cannot be supported when multiple consumers
+ * load the same module.
+ *
+ * Returns: CKR_OK if the initialization was successful.
+ */
+CK_RV
+p11_kit_initialize_module (CK_FUNCTION_LIST_PTR funcs)
+{
+ Module *module;
+ Module *allocated = NULL;
+ CK_RV rv = CKR_OK;
+
+ /* WARNING: This function must be reentrant for the same arguments */
+
+ _p11_lock ();
+
+ rv = init_globals_unlocked ();
+ if (rv == CKR_OK) {
+
+ module = hash_get (gl.modules, funcs);
+ if (module == NULL) {
+ allocated = module = alloc_module_unlocked ();
+ module->funcs = funcs;
+ }
+
+ /* WARNING: Reentrancy can occur here */
+ rv = initialize_module_unlocked_reentrant (module);
+
+ /* If this was newly allocated, add it to the list */
+ if (rv == CKR_OK && allocated) {
+ hash_set (gl.modules, allocated->funcs, allocated);
+ allocated = NULL;
+ }
+
+ free (allocated);
+ }
+
+ _p11_unlock ();
+
+ return rv;
+}
+
+/**
+ * p11_kit_finalize_module:
+ * @funcs: loaded module to finalize.
+ *
+ * Finalize an arbitrary PKCS\#11 module. The module must have been initialized
+ * using p11_kit_initialize_module(). In most cases callers will want to use
+ * p11_kit_finalize_registered() instead of this function.
+ *
+ * Using this function to finalize modules allows coordination between
+ * multiple users of the same module in a single process. The caller should
+ * call the module's <code>C_Finalize</code> method. This function will call
+ * <code>C_Finalize</code> as necessary.
+ *
+ * If the module was initialized more than once, then this function will
+ * decrement an initialization count for the module. When the count reaches zero
+ * the module will be truly finalized. It is safe (although usually unnecessary)
+ * to use this function on registered modules if (and only if) they were
+ * initialized using p11_kit_initialize_module() for some reason.
+ *
+ * Returns: CKR_OK if the finalization was successful.
+ */
+CK_RV
+p11_kit_finalize_module (CK_FUNCTION_LIST_PTR funcs)
+{
+ Module *module;
+ CK_RV rv = CKR_OK;
+
+ /* WARNING: This function must be reentrant for the same arguments */
+
+ _p11_lock ();
+
+ module = gl.modules ? hash_get (gl.modules, funcs) : NULL;
+ if (module == NULL) {
+ rv = CKR_ARGUMENTS_BAD;
+ } else {
+ /* WARNING: Rentrancy can occur here */
+ rv = finalize_module_unlocked_reentrant (module);
+ }
+
+ _p11_unlock ();
+
+ return rv;
+}
diff --git a/p11-kit/p11-kit-messages.c b/p11-kit/p11-kit-messages.c
new file mode 100644
index 0000000..0920a37
--- /dev/null
+++ b/p11-kit/p11-kit-messages.c
@@ -0,0 +1,242 @@
+/*
+ * Copyright (C) 2011 Collabora Ltd.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ * * Redistributions in binary form must reproduce the
+ * above copyright notice, this list of conditions and
+ * the following disclaimer in the documentation and/or
+ * other materials provided with the distribution.
+ * * The names of contributors to this software may not be
+ * used to endorse or promote products derived from this
+ * software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter <stefw@collabora.co.uk>
+ */
+
+#include "config.h"
+
+#include "pkcs11.h"
+#include "p11-kit.h"
+
+/**
+ * SECTION:p11-kit-util
+ * @title: Utilities
+ * @short_description: Message Utilities
+ *
+ * Utility functions for working with PKCS\#11.
+ */
+
+#ifdef ENABLE_NLS
+#include <libintl.h>
+#define _(x) dgettext(PACKAGE_NAME, x)
+#else
+#define _(x) x
+#endif
+
+/**
+ * p11_kit_strerror:
+ * @rv: The PKCS\#11 return value to get a message for.
+ *
+ * Get a message for a PKCS\#11 return value or error code. Do not
+ * pass CKR_OK or other such non errors to this function.
+ *
+ * Returns: The user readable and localized message.
+ **/
+const char*
+p11_kit_strerror (CK_RV rv)
+{
+ switch (rv) {
+
+ /* These are not really errors, or not current */
+ case CKR_OK:
+ case CKR_NO_EVENT:
+ case CKR_FUNCTION_NOT_PARALLEL:
+ case CKR_SESSION_PARALLEL_NOT_SUPPORTED:
+ return "";
+
+ case CKR_CANCEL:
+ case CKR_FUNCTION_CANCELED:
+ return _("The operation was cancelled");
+
+ case CKR_HOST_MEMORY:
+ return _("Insufficient memory available");
+ case CKR_SLOT_ID_INVALID:
+ return _("The specified slot ID is not valid");
+ case CKR_GENERAL_ERROR:
+ return _("Internal error");
+ case CKR_FUNCTION_FAILED:
+ return _("The operation failed");
+ case CKR_ARGUMENTS_BAD:
+ return _("Invalid arguments");
+ case CKR_NEED_TO_CREATE_THREADS:
+ return _("The module cannot create needed threads");
+ case CKR_CANT_LOCK:
+ return _("The module cannot lock data properly");
+ case CKR_ATTRIBUTE_READ_ONLY:
+ return _("The field is read-only");
+ case CKR_ATTRIBUTE_SENSITIVE:
+ return _("The field is sensitive and cannot be revealed");
+ case CKR_ATTRIBUTE_TYPE_INVALID:
+ return _("The field is invalid or does not exist");
+ case CKR_ATTRIBUTE_VALUE_INVALID:
+ return _("Invalid value for field");
+ case CKR_DATA_INVALID:
+ return _("The data is not valid or unrecognized");
+ case CKR_DATA_LEN_RANGE:
+ return _("The data is too long");
+ case CKR_DEVICE_ERROR:
+ return _("An error occurred on the device");
+ case CKR_DEVICE_MEMORY:
+ return _("Insufficient memory available on the device");
+ case CKR_DEVICE_REMOVED:
+ return _("The device was removed or unplugged");
+ case CKR_ENCRYPTED_DATA_INVALID:
+ return _("The encrypted data is not valid or unrecognized");
+ case CKR_ENCRYPTED_DATA_LEN_RANGE:
+ return _("The encrypted data is too long");
+ case CKR_FUNCTION_NOT_SUPPORTED:
+ return _("This operation is not supported");
+ case CKR_KEY_HANDLE_INVALID:
+ return _("The key is missing or invalid");
+ case CKR_KEY_SIZE_RANGE:
+ return _("The key is the wrong size");
+ case CKR_KEY_TYPE_INCONSISTENT:
+ return _("The key is of the wrong type");
+ case CKR_KEY_NOT_NEEDED:
+ return _("No key is needed");
+ case CKR_KEY_CHANGED:
+ return _("The key is different than before");
+ case CKR_KEY_NEEDED:
+ return _("A key is needed");
+ case CKR_KEY_INDIGESTIBLE:
+ return _("Cannot include the key in the digest");
+ case CKR_KEY_FUNCTION_NOT_PERMITTED:
+ return _("This operation cannot be done with this key");
+ case CKR_KEY_NOT_WRAPPABLE:
+ return _("The key cannot be wrapped");
+ case CKR_KEY_UNEXTRACTABLE:
+ return _("Cannot export this key");
+ case CKR_MECHANISM_INVALID:
+ return _("The crypto mechanism is invalid or unrecognized");
+ case CKR_MECHANISM_PARAM_INVALID:
+ return _("The crypto mechanism has an invalid argument");
+ case CKR_OBJECT_HANDLE_INVALID:
+ return _("The object is missing or invalid");
+ case CKR_OPERATION_ACTIVE:
+ return _("Another operation is already taking place");
+ case CKR_OPERATION_NOT_INITIALIZED:
+ return _("No operation is taking place");
+ case CKR_PIN_INCORRECT:
+ return _("The password or PIN is incorrect");
+ case CKR_PIN_INVALID:
+ return _("The password or PIN is invalid");
+ case CKR_PIN_LEN_RANGE:
+ return _("The password or PIN is of an invalid length");
+ case CKR_PIN_EXPIRED:
+ return _("The password or PIN has expired");
+ case CKR_PIN_LOCKED:
+ return _("The password or PIN is locked");
+ case CKR_SESSION_CLOSED:
+ return _("The session is closed");
+ case CKR_SESSION_COUNT:
+ return _("Too many sessions are active");
+ case CKR_SESSION_HANDLE_INVALID:
+ return _("The session is invalid");
+ case CKR_SESSION_READ_ONLY:
+ return _("The session is read-only");
+ case CKR_SESSION_EXISTS:
+ return _("An open session exists");
+ case CKR_SESSION_READ_ONLY_EXISTS:
+ return _("A read-only session exists");
+ case CKR_SESSION_READ_WRITE_SO_EXISTS:
+ return _("An administrator session exists");
+ case CKR_SIGNATURE_INVALID:
+ return _("The signature is bad or corrupted");
+ case CKR_SIGNATURE_LEN_RANGE:
+ return _("The signature is unrecognized or corrupted");
+ case CKR_TEMPLATE_INCOMPLETE:
+ return _("Certain required fields are missing");
+ case CKR_TEMPLATE_INCONSISTENT:
+ return _("Certain fields have invalid values");
+ case CKR_TOKEN_NOT_PRESENT:
+ return _("The device is not present or unplugged");
+ case CKR_TOKEN_NOT_RECOGNIZED:
+ return _("The device is invalid or unrecognizable");
+ case CKR_TOKEN_WRITE_PROTECTED:
+ return _("The device is write protected");
+ case CKR_UNWRAPPING_KEY_HANDLE_INVALID:
+ return _("Cannot import because the key is invalid");
+ case CKR_UNWRAPPING_KEY_SIZE_RANGE:
+ return _("Cannot import because the key is of the wrong size");
+ case CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT:
+ return _("Cannot import because the key is of the wrong type");
+ case CKR_USER_ALREADY_LOGGED_IN:
+ return _("You are already logged in");
+ case CKR_USER_NOT_LOGGED_IN:
+ return _("No user has logged in");
+ case CKR_USER_PIN_NOT_INITIALIZED:
+ return _("The user's password or PIN is not set");
+ case CKR_USER_TYPE_INVALID:
+ return _("The user is of an invalid type");
+ case CKR_USER_ANOTHER_ALREADY_LOGGED_IN:
+ return _("Another user is already logged in");
+ case CKR_USER_TOO_MANY_TYPES:
+ return _("Too many users of different types are logged in");
+ case CKR_WRAPPED_KEY_INVALID:
+ return _("Cannot import an invalid key");
+ case CKR_WRAPPED_KEY_LEN_RANGE:
+ return _("Cannot import a key of the wrong size");
+ case CKR_WRAPPING_KEY_HANDLE_INVALID:
+ return _("Cannot export because the key is invalid");
+ case CKR_WRAPPING_KEY_SIZE_RANGE:
+ return _("Cannot export because the key is of the wrong size");
+ case CKR_WRAPPING_KEY_TYPE_INCONSISTENT:
+ return _("Cannot export because the key is of the wrong type");
+ case CKR_RANDOM_SEED_NOT_SUPPORTED:
+ return _("Unable to initialize the random number generator");
+ case CKR_RANDOM_NO_RNG:
+ return _("No random number generator available");
+ case CKR_DOMAIN_PARAMS_INVALID:
+ return _("The crypto mechanism has an invalid parameter");
+ case CKR_BUFFER_TOO_SMALL:
+ return _("Not enough space to store the result");
+ case CKR_SAVED_STATE_INVALID:
+ return _("The saved state is invalid");
+ case CKR_INFORMATION_SENSITIVE:
+ return _("The information is sensitive and cannot be revealed");
+ case CKR_STATE_UNSAVEABLE:
+ return _("The state cannot be saved");
+ case CKR_CRYPTOKI_NOT_INITIALIZED:
+ return _("The module has not been initialized");
+ case CKR_CRYPTOKI_ALREADY_INITIALIZED:
+ return _("The module has already been initialized");
+ case CKR_MUTEX_BAD:
+ return _("Cannot lock data");
+ case CKR_MUTEX_NOT_LOCKED:
+ return _("The data cannot be locked");
+ case CKR_FUNCTION_REJECTED:
+ return _("The signature request was rejected by the user");
+
+ default:
+ return _("Unknown error");
+ }
+}
diff --git a/p11-kit/p11-kit-private.h b/p11-kit/p11-kit-private.h
new file mode 100644
index 0000000..5fbe1eb
--- /dev/null
+++ b/p11-kit/p11-kit-private.h
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2011, Collabora Ltd.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ * * Redistributions in binary form must reproduce the
+ * above copyright notice, this list of conditions and
+ * the following disclaimer in the documentation and/or
+ * other materials provided with the distribution.
+ * * The names of contributors to this software may not be
+ * used to endorse or promote products derived from this
+ * software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter <stefw@collabora.co.uk>
+ */
+
+#ifndef __P11_KIT_PRIVATE_H__
+#define __P11_KIT_PRIVATE_H__
+
+extern pthread_mutex_t _p11_mutex;
+
+#define _p11_lock() pthread_mutex_lock (&_p11_mutex);
+
+#define _p11_unlock() pthread_mutex_unlock (&_p11_mutex);
+
+CK_FUNCTION_LIST_PTR_PTR _p11_kit_registered_modules_unlocked (void);
+
+CK_RV _p11_kit_initialize_registered_unlocked_reentrant (void);
+
+CK_RV _p11_kit_finalize_registered_unlocked_reentrant (void);
+
+void _p11_kit_proxy_after_fork (void);
+
+#endif /* __P11_KIT_PRIVATE_H__ */
diff --git a/p11-kit/p11-kit-proxy.c b/p11-kit/p11-kit-proxy.c
new file mode 100644
index 0000000..fd28a19
--- /dev/null
+++ b/p11-kit/p11-kit-proxy.c
@@ -0,0 +1,1382 @@
+/*
+ * Copyright (C) 2011 Collabora Ltd.
+ * Copyright (C) 2008 Stefan Walter
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ * * Redistributions in binary form must reproduce the
+ * above copyright notice, this list of conditions and
+ * the following disclaimer in the documentation and/or
+ * other materials provided with the distribution.
+ * * The names of contributors to this software may not be
+ * used to endorse or promote products derived from this
+ * software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter <stefw@collabora.co.uk>
+ */
+
+#include "config.h"
+
+#include "hash.h"
+#include "pkcs11.h"
+#include "p11-kit.h"
+#include "p11-kit-private.h"
+#include "util.h"
+
+#include <sys/types.h>
+#include <assert.h>
+#include <errno.h>
+#include <pthread.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+/* Start wrap slots slightly higher for testing */
+#define MAPPING_OFFSET 0x10
+#define FIRST_HANDLE 0x10
+
+typedef struct _Mapping {
+ CK_SLOT_ID wrap_slot;
+ CK_SLOT_ID real_slot;
+ CK_FUNCTION_LIST_PTR funcs;
+} Mapping;
+
+typedef struct _Session {
+ CK_SESSION_HANDLE wrap_session;
+ CK_SESSION_HANDLE real_session;
+ CK_SLOT_ID wrap_slot;
+} Session;
+
+/* Forward declaration */
+static CK_FUNCTION_LIST proxy_function_list;
+
+/*
+ * Shared data between threads, protected by the mutex, a structure so
+ * we can audit thread safety easier.
+ */
+static struct _Shared {
+ Mapping *mappings;
+ unsigned int n_mappings;
+ int mappings_refs;
+ hash_t *sessions;
+ CK_ULONG last_handle;
+} gl = { NULL, 0, 0, NULL, FIRST_HANDLE };
+
+#define MANUFACTURER_ID "PKCS#11 Kit "
+#define LIBRARY_DESCRIPTION "PKCS#11 Kit Proxy Module "
+#define LIBRARY_VERSION_MAJOR 1
+#define LIBRARY_VERSION_MINOR 1
+
+/* -----------------------------------------------------------------------------
+ * PKCS#11 PROXY MODULE
+ */
+
+static CK_RV
+map_slot_unlocked (CK_SLOT_ID slot, Mapping *mapping)
+{
+ assert (mapping);
+
+ if (slot < MAPPING_OFFSET)
+ return CKR_SLOT_ID_INVALID;
+ slot -= MAPPING_OFFSET;
+
+ if (slot > gl.n_mappings) {
+ return CKR_SLOT_ID_INVALID;
+ } else {
+ assert (gl.mappings);
+ memcpy (mapping, &gl.mappings[slot], sizeof (Mapping));
+ return CKR_OK;
+ }
+}
+
+static CK_RV
+map_slot_to_real (CK_SLOT_ID_PTR slot, Mapping *mapping)
+{
+ CK_RV rv;
+
+ assert (mapping);
+
+ _p11_lock ();
+
+ if (!gl.mappings)
+ rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ else
+ rv = map_slot_unlocked (*slot, mapping);
+ if (rv == CKR_OK)
+ *slot = mapping->real_slot;
+
+ _p11_unlock ();
+
+ return rv;
+}
+
+static CK_RV
+map_session_to_real (CK_SESSION_HANDLE_PTR handle, Mapping *mapping, Session *session)
+{
+ CK_RV rv = CKR_OK;
+ Session *sess;
+
+ assert (handle);
+ assert (mapping);
+
+ _p11_lock ();
+
+ if (!gl.sessions) {
+ rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ } else {
+ assert (gl.sessions);
+ sess = hash_get (gl.sessions, &handle);
+ if (sess != NULL) {
+ *handle = sess->real_session;
+ rv = map_slot_unlocked (sess->wrap_slot, mapping);
+ if (session != NULL)
+ memcpy (session, sess, sizeof (Session));
+ } else {
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
+ }
+
+ _p11_unlock ();
+
+ return rv;
+}
+
+static void
+finalize_mappings_unlocked (void)
+{
+ assert (gl.mappings_refs);
+
+ if (--gl.mappings_refs)
+ return;
+
+ /* No more mappings */
+ free (gl.mappings);
+ gl.mappings = NULL;
+ gl.n_mappings = 0;
+
+ /* no more sessions */
+ hash_free (gl.sessions);
+ gl.sessions = NULL;
+}
+
+void
+_p11_kit_proxy_after_fork (void)
+{
+ /*
+ * After a fork the callers are supposed to call C_Initialize and all.
+ * In addition the underlying libraries may change their state so free
+ * up any mappings and all
+ */
+
+ _p11_lock ();
+
+ gl.mappings_refs = 1;
+ finalize_mappings_unlocked ();
+ assert (!gl.mappings);
+
+ _p11_unlock ();
+}
+
+static CK_RV
+proxy_C_Finalize (CK_VOID_PTR reserved)
+{
+ CK_RV rv;
+
+ /* WARNING: This function must be reentrant */
+
+ if (reserved)
+ return CKR_ARGUMENTS_BAD;
+
+ _p11_lock ();
+
+ /* WARNING: Reentrancy can occur here */
+ rv = _p11_kit_finalize_registered_unlocked_reentrant ();
+
+ /*
+ * If modules are all gone, then this was the last
+ * finalize, so cleanup our mappings
+ */
+ if (gl.mappings_refs)
+ finalize_mappings_unlocked ();
+
+ _p11_unlock ();
+
+ return rv;
+}
+
+static CK_RV
+initialize_mappings_unlocked_reentrant (void)
+{
+ CK_FUNCTION_LIST_PTR *funcss, *f;
+ CK_FUNCTION_LIST_PTR funcs;
+ Mapping *mappings = NULL;
+ int n_mappings = 0;
+ CK_SLOT_ID_PTR slots;
+ CK_ULONG i, count;
+ CK_RV rv;
+
+ assert (!gl.mappings);
+
+ funcss = _p11_kit_registered_modules_unlocked ();
+ for (f = funcss; *f; ++f) {
+ funcs = *f;
+
+ assert (funcs);
+ slots = NULL;
+
+ _p11_unlock ();
+
+ /* Ask module for its slots */
+ rv = (funcs->C_GetSlotList) (FALSE, NULL, &count);
+ if (rv == CKR_OK && count) {
+ slots = calloc (sizeof (CK_SLOT_ID), count);
+ if (!slots)
+ rv = CKR_HOST_MEMORY;
+ else
+ rv = (funcs->C_GetSlotList) (FALSE, slots, &count);
+ }
+
+ _p11_lock ();
+
+ if (rv != CKR_OK) {
+ free (slots);
+ break;
+ }
+
+ mappings = xrealloc (mappings, sizeof (Mapping) * (n_mappings + count));
+ if (!mappings) {
+ free (slots);
+ rv = CKR_HOST_MEMORY;
+ break;
+ }
+
+ /* And now add a mapping for each of those slots */
+ for (i = 0; i < count; ++i) {
+ mappings[n_mappings].funcs = funcs;
+ mappings[n_mappings].wrap_slot = n_mappings + MAPPING_OFFSET;
+ mappings[n_mappings].real_slot = slots[i];
+ ++n_mappings;
+ }
+
+ free (slots);
+ }
+
+ /* Another thread raced us here due to above reentrancy */
+ if (gl.mappings) {
+ free (mappings);
+ return CKR_OK;
+ }
+
+ assert (!gl.sessions);
+ gl.sessions = hash_create (hash_ulongptr_hash, hash_ulongptr_equal, NULL, free);
+ ++gl.mappings_refs;
+
+ /* Any cleanup necessary for failure will happen at caller */
+ return rv;
+}
+
+static CK_RV
+proxy_C_Initialize (CK_VOID_PTR init_args)
+{
+ CK_RV rv;
+
+ /* WARNING: This function must be reentrant */
+
+ _p11_lock ();
+
+ /* WARNING: Reentrancy can occur here */
+ rv = _p11_kit_initialize_registered_unlocked_reentrant ();
+
+ /* WARNING: Reentrancy can occur here */
+ if (rv == CKR_OK && !gl.mappings_refs == 0)
+ rv = initialize_mappings_unlocked_reentrant ();
+
+ _p11_unlock ();
+
+ if (rv != CKR_OK)
+ proxy_C_Finalize (NULL);
+
+ return rv;
+}
+
+static CK_RV
+proxy_C_GetInfo (CK_INFO_PTR info)
+{
+ CK_RV rv = CKR_OK;
+
+ if (info == NULL)
+ return CKR_ARGUMENTS_BAD;
+
+ _p11_lock ();
+
+ if (!gl.mappings)
+ rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ _p11_unlock ();
+
+ if (rv != CKR_OK)
+ return rv;
+
+ info->cryptokiVersion.major = CRYPTOKI_VERSION_MAJOR;
+ info->cryptokiVersion.minor = CRYPTOKI_VERSION_MINOR;
+ info->libraryVersion.major = LIBRARY_VERSION_MAJOR;
+ info->libraryVersion.minor = LIBRARY_VERSION_MINOR;
+ info->flags = 0;
+ strncpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32);
+ strncpy ((char*)info->libraryDescription, LIBRARY_DESCRIPTION, 32);
+ return CKR_OK;
+}
+
+static CK_RV
+proxy_C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list)
+{
+ /* Can be called before C_Initialize */
+
+ if (!list)
+ return CKR_ARGUMENTS_BAD;
+ *list = &proxy_function_list;
+ return CKR_OK;
+}
+
+static CK_RV
+proxy_C_GetSlotList (CK_BBOOL token_present, CK_SLOT_ID_PTR slot_list,
+ CK_ULONG_PTR count)
+{
+ CK_SLOT_INFO info;
+ Mapping *mapping;
+ CK_ULONG index;
+ CK_RV rv = CKR_OK;
+ int i;
+
+ if (!count)
+ return CKR_ARGUMENTS_BAD;
+
+ _p11_lock ();
+
+ if (!gl.mappings) {
+ rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ } else {
+ index = 0;
+
+ /* Go through and build up a map */
+ for (i = 0; i < gl.n_mappings; ++i) {
+ mapping = &gl.mappings[i];
+
+ /* Skip ones without a token if requested */
+ if (token_present) {
+ rv = (mapping->funcs->C_GetSlotInfo) (mapping->real_slot, &info);
+ if (rv != CKR_OK)
+ break;
+ if (!(info.flags & CKF_TOKEN_PRESENT))
+ continue;
+ }
+
+ /* Fill in the slot if we can */
+ if (slot_list && *count > index)
+ slot_list[index] = mapping->wrap_slot;
+
+ ++index;
+ }
+
+ if (slot_list && *count < index)
+ rv = CKR_BUFFER_TOO_SMALL;
+
+ *count = index;
+ }
+
+ _p11_unlock ();
+
+ return rv;
+}
+
+static CK_RV
+proxy_C_GetSlotInfo (CK_SLOT_ID id, CK_SLOT_INFO_PTR info)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_slot_to_real (&id, &map);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_GetSlotInfo) (id, info);
+}
+
+static CK_RV
+proxy_C_GetTokenInfo (CK_SLOT_ID id, CK_TOKEN_INFO_PTR info)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_slot_to_real (&id, &map);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_GetTokenInfo) (id, info);
+}
+
+static CK_RV
+proxy_C_GetMechanismList (CK_SLOT_ID id, CK_MECHANISM_TYPE_PTR mechanism_list,
+ CK_ULONG_PTR count)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_slot_to_real (&id, &map);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_GetMechanismList) (id, mechanism_list, count);
+}
+
+static CK_RV
+proxy_C_GetMechanismInfo (CK_SLOT_ID id, CK_MECHANISM_TYPE type,
+ CK_MECHANISM_INFO_PTR info)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_slot_to_real (&id, &map);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_GetMechanismInfo) (id, type, info);
+}
+
+static CK_RV
+proxy_C_InitToken (CK_SLOT_ID id, CK_UTF8CHAR_PTR pin, CK_ULONG pin_len, CK_UTF8CHAR_PTR label)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_slot_to_real (&id, &map);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_InitToken) (id, pin, pin_len, label);
+}
+
+static CK_RV
+proxy_C_WaitForSlotEvent (CK_FLAGS flags, CK_SLOT_ID_PTR slot, CK_VOID_PTR reserved)
+{
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+static CK_RV
+proxy_C_OpenSession (CK_SLOT_ID id, CK_FLAGS flags, CK_VOID_PTR user_data,
+ CK_NOTIFY callback, CK_SESSION_HANDLE_PTR handle)
+{
+ Session *sess;
+ Mapping map;
+ CK_RV rv;
+
+ if (handle == NULL)
+ return CKR_ARGUMENTS_BAD;
+
+ rv = map_slot_to_real (&id, &map);
+ if (rv != CKR_OK)
+ return rv;
+
+ rv = (map.funcs->C_OpenSession) (id, flags, user_data, callback, handle);
+
+ if (rv == CKR_OK) {
+ _p11_lock ();
+
+ if (!gl.sessions) {
+ /*
+ * The underlying module should have returned an error, so this
+ * code should never be reached with properly behaving modules.
+ * That's why we don't cleanup and close the newly opened session here
+ * or anything like that.
+ */
+ rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ } else {
+ sess = calloc (1, sizeof (Session));
+ sess->wrap_slot = map.wrap_slot;
+ sess->real_session = *handle;
+ sess->wrap_session = ++gl.last_handle; /* TODO: Handle wrapping, and then collisions */
+ hash_set (gl.sessions, &sess->wrap_session, sess);
+ *handle = sess->wrap_session;
+ }
+
+ _p11_unlock ();
+ }
+
+ return rv;
+}
+
+static CK_RV
+proxy_C_CloseSession (CK_SESSION_HANDLE handle)
+{
+ CK_SESSION_HANDLE key;
+ Mapping map;
+ CK_RV rv;
+
+ key = handle;
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ rv = (map.funcs->C_CloseSession) (handle);
+
+ if (rv == CKR_OK) {
+ _p11_lock ();
+
+ if (gl.sessions)
+ hash_remove (gl.sessions, &key);
+
+ _p11_unlock ();
+ }
+
+ return rv;
+}
+
+static CK_RV
+proxy_C_CloseAllSessions (CK_SLOT_ID id)
+{
+ CK_SESSION_HANDLE_PTR to_close;
+ CK_RV rv = CKR_OK;
+ Session *sess;
+ CK_ULONG i, count = 0;
+ hash_iter_t iter;
+
+ _p11_lock ();
+
+ if (!gl.sessions) {
+ rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ } else {
+ to_close = calloc (sizeof (CK_SESSION_HANDLE), hash_count (gl.sessions));
+ if (!to_close) {
+ rv = CKR_HOST_MEMORY;
+ } else {
+ hash_iterate (gl.sessions, &iter);
+ count = 0;
+ while (hash_next (&iter, NULL, (void**)&sess)) {
+ if (sess->wrap_slot == id && to_close)
+ to_close[count++] = sess->wrap_session;
+ }
+ }
+ }
+
+ _p11_unlock ();
+
+ if (rv != CKR_OK)
+ return rv;
+
+ for (i = 0; i < count; ++i)
+ proxy_C_CloseSession (to_close[i]);
+
+ free (to_close);
+ return CKR_OK;
+}
+
+static CK_RV
+proxy_C_GetFunctionStatus (CK_SESSION_HANDLE handle)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_GetFunctionStatus) (handle);
+}
+
+static CK_RV
+proxy_C_CancelFunction (CK_SESSION_HANDLE handle)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_CancelFunction) (handle);
+}
+
+static CK_RV
+proxy_C_GetSessionInfo (CK_SESSION_HANDLE handle, CK_SESSION_INFO_PTR info)
+{
+ Mapping map;
+ CK_RV rv;
+
+ if (info == NULL)
+ return CKR_ARGUMENTS_BAD;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+
+ rv = (map.funcs->C_GetSessionInfo) (handle, info);
+ if (rv == CKR_OK)
+ info->slotID = map.wrap_slot;
+
+ return rv;
+}
+
+static CK_RV
+proxy_C_InitPIN (CK_SESSION_HANDLE handle, CK_UTF8CHAR_PTR pin, CK_ULONG pin_len)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+
+ return (map.funcs->C_InitPIN) (handle, pin, pin_len);
+}
+
+static CK_RV
+proxy_C_SetPIN (CK_SESSION_HANDLE handle, CK_UTF8CHAR_PTR old_pin, CK_ULONG old_pin_len,
+ CK_UTF8CHAR_PTR new_pin, CK_ULONG new_pin_len)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+
+ return (map.funcs->C_SetPIN) (handle, old_pin, old_pin_len, new_pin, new_pin_len);
+}
+
+static CK_RV
+proxy_C_GetOperationState (CK_SESSION_HANDLE handle, CK_BYTE_PTR operation_state, CK_ULONG_PTR operation_state_len)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_GetOperationState) (handle, operation_state, operation_state_len);
+}
+
+static CK_RV
+proxy_C_SetOperationState (CK_SESSION_HANDLE handle, CK_BYTE_PTR operation_state,
+ CK_ULONG operation_state_len, CK_OBJECT_HANDLE encryption_key,
+ CK_OBJECT_HANDLE authentication_key)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_SetOperationState) (handle, operation_state, operation_state_len, encryption_key, authentication_key);
+}
+
+static CK_RV
+proxy_C_Login (CK_SESSION_HANDLE handle, CK_USER_TYPE user_type,
+ CK_UTF8CHAR_PTR pin, CK_ULONG pin_len)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+
+ return (map.funcs->C_Login) (handle, user_type, pin, pin_len);
+}
+
+static CK_RV
+proxy_C_Logout (CK_SESSION_HANDLE handle)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_Logout) (handle);
+}
+
+static CK_RV
+proxy_C_CreateObject (CK_SESSION_HANDLE handle, CK_ATTRIBUTE_PTR template,
+ CK_ULONG count, CK_OBJECT_HANDLE_PTR new_object)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+
+ return (map.funcs->C_CreateObject) (handle, template, count, new_object);
+}
+
+static CK_RV
+proxy_C_CopyObject (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object,
+ CK_ATTRIBUTE_PTR template, CK_ULONG count,
+ CK_OBJECT_HANDLE_PTR new_object)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_CopyObject) (handle, object, template, count, new_object);
+}
+
+static CK_RV
+proxy_C_DestroyObject (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_DestroyObject) (handle, object);
+}
+
+static CK_RV
+proxy_C_GetObjectSize (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object,
+ CK_ULONG_PTR size)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_GetObjectSize) (handle, object, size);
+}
+
+static CK_RV
+proxy_C_GetAttributeValue (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object,
+ CK_ATTRIBUTE_PTR template, CK_ULONG count)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_GetAttributeValue) (handle, object, template, count);
+}
+
+static CK_RV
+proxy_C_SetAttributeValue (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object,
+ CK_ATTRIBUTE_PTR template, CK_ULONG count)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_SetAttributeValue) (handle, object, template, count);
+}
+
+static CK_RV
+proxy_C_FindObjectsInit (CK_SESSION_HANDLE handle, CK_ATTRIBUTE_PTR template,
+ CK_ULONG count)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_FindObjectsInit) (handle, template, count);
+}
+
+static CK_RV
+proxy_C_FindObjects (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE_PTR objects,
+ CK_ULONG max_count, CK_ULONG_PTR count)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_FindObjects) (handle, objects, max_count, count);
+}
+
+static CK_RV
+proxy_C_FindObjectsFinal (CK_SESSION_HANDLE handle)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_FindObjectsFinal) (handle);
+}
+
+static CK_RV
+proxy_C_EncryptInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
+ CK_OBJECT_HANDLE key)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_EncryptInit) (handle, mechanism, key);
+}
+
+static CK_RV
+proxy_C_Encrypt (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len,
+ CK_BYTE_PTR encrypted_data, CK_ULONG_PTR encrypted_data_len)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_Encrypt) (handle, data, data_len, encrypted_data, encrypted_data_len);
+}
+
+static CK_RV
+proxy_C_EncryptUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part,
+ CK_ULONG part_len, CK_BYTE_PTR encrypted_part,
+ CK_ULONG_PTR encrypted_part_len)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_EncryptUpdate) (handle, part, part_len, encrypted_part, encrypted_part_len);
+}
+
+static CK_RV
+proxy_C_EncryptFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR last_part,
+ CK_ULONG_PTR last_part_len)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_EncryptFinal) (handle, last_part, last_part_len);
+}
+
+static CK_RV
+proxy_C_DecryptInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
+ CK_OBJECT_HANDLE key)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_DecryptInit) (handle, mechanism, key);
+}
+
+static CK_RV
+proxy_C_Decrypt (CK_SESSION_HANDLE handle, CK_BYTE_PTR enc_data,
+ CK_ULONG enc_data_len, CK_BYTE_PTR data, CK_ULONG_PTR data_len)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_Decrypt) (handle, enc_data, enc_data_len, data, data_len);
+}
+
+static CK_RV
+proxy_C_DecryptUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR enc_part,
+ CK_ULONG enc_part_len, CK_BYTE_PTR part, CK_ULONG_PTR part_len)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_DecryptUpdate) (handle, enc_part, enc_part_len, part, part_len);
+}
+
+static CK_RV
+proxy_C_DecryptFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR last_part,
+ CK_ULONG_PTR last_part_len)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_DecryptFinal) (handle, last_part, last_part_len);
+}
+
+static CK_RV
+proxy_C_DigestInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_DigestInit) (handle, mechanism);
+}
+
+static CK_RV
+proxy_C_Digest (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len,
+ CK_BYTE_PTR digest, CK_ULONG_PTR digest_len)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_Digest) (handle, data, data_len, digest, digest_len);
+}
+
+static CK_RV
+proxy_C_DigestUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part, CK_ULONG part_len)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_DigestUpdate) (handle, part, part_len);
+}
+
+static CK_RV
+proxy_C_DigestKey (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE key)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_DigestKey) (handle, key);
+}
+
+static CK_RV
+proxy_C_DigestFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR digest,
+ CK_ULONG_PTR digest_len)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_DigestFinal) (handle, digest, digest_len);
+}
+
+static CK_RV
+proxy_C_SignInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
+ CK_OBJECT_HANDLE key)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_SignInit) (handle, mechanism, key);
+}
+
+static CK_RV
+proxy_C_Sign (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len,
+ CK_BYTE_PTR signature, CK_ULONG_PTR signature_len)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_Sign) (handle, data, data_len, signature, signature_len);
+}
+
+static CK_RV
+proxy_C_SignUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part, CK_ULONG part_len)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_SignUpdate) (handle, part, part_len);
+}
+
+static CK_RV
+proxy_C_SignFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR signature,
+ CK_ULONG_PTR signature_len)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_SignFinal) (handle, signature, signature_len);
+}
+
+static CK_RV
+proxy_C_SignRecoverInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
+ CK_OBJECT_HANDLE key)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_SignRecoverInit) (handle, mechanism, key);
+}
+
+static CK_RV
+proxy_C_SignRecover (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len,
+ CK_BYTE_PTR signature, CK_ULONG_PTR signature_len)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_SignRecover) (handle, data, data_len, signature, signature_len);
+}
+
+static CK_RV
+proxy_C_VerifyInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
+ CK_OBJECT_HANDLE key)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_VerifyInit) (handle, mechanism, key);
+}
+
+static CK_RV
+proxy_C_Verify (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len,
+ CK_BYTE_PTR signature, CK_ULONG signature_len)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_Verify) (handle, data, data_len, signature, signature_len);
+}
+
+static CK_RV
+proxy_C_VerifyUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part, CK_ULONG part_len)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_VerifyUpdate) (handle, part, part_len);
+}
+
+static CK_RV
+proxy_C_VerifyFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR signature,
+ CK_ULONG signature_len)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_VerifyFinal) (handle, signature, signature_len);
+}
+
+static CK_RV
+proxy_C_VerifyRecoverInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
+ CK_OBJECT_HANDLE key)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_VerifyRecoverInit) (handle, mechanism, key);
+}
+
+static CK_RV
+proxy_C_VerifyRecover (CK_SESSION_HANDLE handle, CK_BYTE_PTR signature,
+ CK_ULONG signature_len, CK_BYTE_PTR data, CK_ULONG_PTR data_len)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_VerifyRecover) (handle, signature, signature_len, data, data_len);
+}
+
+static CK_RV
+proxy_C_DigestEncryptUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part,
+ CK_ULONG part_len, CK_BYTE_PTR enc_part,
+ CK_ULONG_PTR enc_part_len)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_DigestEncryptUpdate) (handle, part, part_len, enc_part, enc_part_len);
+}
+
+static CK_RV
+proxy_C_DecryptDigestUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR enc_part,
+ CK_ULONG enc_part_len, CK_BYTE_PTR part,
+ CK_ULONG_PTR part_len)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_DecryptDigestUpdate) (handle, enc_part, enc_part_len, part, part_len);
+}
+
+static CK_RV
+proxy_C_SignEncryptUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part,
+ CK_ULONG part_len, CK_BYTE_PTR enc_part,
+ CK_ULONG_PTR enc_part_len)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_SignEncryptUpdate) (handle, part, part_len, enc_part, enc_part_len);
+}
+
+static CK_RV
+proxy_C_DecryptVerifyUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR enc_part,
+ CK_ULONG enc_part_len, CK_BYTE_PTR part,
+ CK_ULONG_PTR part_len)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_DecryptVerifyUpdate) (handle, enc_part, enc_part_len, part, part_len);
+}
+
+static CK_RV
+proxy_C_GenerateKey (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
+ CK_ATTRIBUTE_PTR template, CK_ULONG count,
+ CK_OBJECT_HANDLE_PTR key)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_GenerateKey) (handle, mechanism, template, count, key);
+}
+
+static CK_RV
+proxy_C_GenerateKeyPair (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
+ CK_ATTRIBUTE_PTR pub_template, CK_ULONG pub_count,
+ CK_ATTRIBUTE_PTR priv_template, CK_ULONG priv_count,
+ CK_OBJECT_HANDLE_PTR pub_key, CK_OBJECT_HANDLE_PTR priv_key)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_GenerateKeyPair) (handle, mechanism, pub_template, pub_count, priv_template, priv_count, pub_key, priv_key);
+}
+
+static CK_RV
+proxy_C_WrapKey (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
+ CK_OBJECT_HANDLE wrapping_key, CK_OBJECT_HANDLE key,
+ CK_BYTE_PTR wrapped_key, CK_ULONG_PTR wrapped_key_len)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_WrapKey) (handle, mechanism, wrapping_key, key, wrapped_key, wrapped_key_len);
+}
+
+static CK_RV
+proxy_C_UnwrapKey (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
+ CK_OBJECT_HANDLE unwrapping_key, CK_BYTE_PTR wrapped_key,
+ CK_ULONG wrapped_key_len, CK_ATTRIBUTE_PTR template,
+ CK_ULONG count, CK_OBJECT_HANDLE_PTR key)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_UnwrapKey) (handle, mechanism, unwrapping_key, wrapped_key, wrapped_key_len, template, count, key);
+}
+
+static CK_RV
+proxy_C_DeriveKey (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
+ CK_OBJECT_HANDLE base_key, CK_ATTRIBUTE_PTR template,
+ CK_ULONG count, CK_OBJECT_HANDLE_PTR key)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_DeriveKey) (handle, mechanism, base_key, template, count, key);
+}
+
+static CK_RV
+proxy_C_SeedRandom (CK_SESSION_HANDLE handle, CK_BYTE_PTR seed, CK_ULONG seed_len)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_SeedRandom) (handle, seed, seed_len);
+}
+
+static CK_RV
+proxy_C_GenerateRandom (CK_SESSION_HANDLE handle, CK_BYTE_PTR random_data,
+ CK_ULONG random_len)
+{
+ Mapping map;
+ CK_RV rv;
+
+ rv = map_session_to_real (&handle, &map, NULL);
+ if (rv != CKR_OK)
+ return rv;
+ return (map.funcs->C_GenerateRandom) (handle, random_data, random_len);
+}
+
+/* --------------------------------------------------------------------
+ * MODULE ENTRY POINT
+ */
+
+static CK_FUNCTION_LIST proxy_function_list = {
+ { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, /* version */
+ proxy_C_Initialize,
+ proxy_C_Finalize,
+ proxy_C_GetInfo,
+ proxy_C_GetFunctionList,
+ proxy_C_GetSlotList,
+ proxy_C_GetSlotInfo,
+ proxy_C_GetTokenInfo,
+ proxy_C_GetMechanismList,
+ proxy_C_GetMechanismInfo,
+ proxy_C_InitToken,
+ proxy_C_InitPIN,
+ proxy_C_SetPIN,
+ proxy_C_OpenSession,
+ proxy_C_CloseSession,
+ proxy_C_CloseAllSessions,
+ proxy_C_GetSessionInfo,
+ proxy_C_GetOperationState,
+ proxy_C_SetOperationState,
+ proxy_C_Login,
+ proxy_C_Logout,
+ proxy_C_CreateObject,
+ proxy_C_CopyObject,
+ proxy_C_DestroyObject,
+ proxy_C_GetObjectSize,
+ proxy_C_GetAttributeValue,
+ proxy_C_SetAttributeValue,
+ proxy_C_FindObjectsInit,
+ proxy_C_FindObjects,
+ proxy_C_FindObjectsFinal,
+ proxy_C_EncryptInit,
+ proxy_C_Encrypt,
+ proxy_C_EncryptUpdate,
+ proxy_C_EncryptFinal,
+ proxy_C_DecryptInit,
+ proxy_C_Decrypt,
+ proxy_C_DecryptUpdate,
+ proxy_C_DecryptFinal,
+ proxy_C_DigestInit,
+ proxy_C_Digest,
+ proxy_C_DigestUpdate,
+ proxy_C_DigestKey,
+ proxy_C_DigestFinal,
+ proxy_C_SignInit,
+ proxy_C_Sign,
+ proxy_C_SignUpdate,
+ proxy_C_SignFinal,
+ proxy_C_SignRecoverInit,
+ proxy_C_SignRecover,
+ proxy_C_VerifyInit,
+ proxy_C_Verify,
+ proxy_C_VerifyUpdate,
+ proxy_C_VerifyFinal,
+ proxy_C_VerifyRecoverInit,
+ proxy_C_VerifyRecover,
+ proxy_C_DigestEncryptUpdate,
+ proxy_C_DecryptDigestUpdate,
+ proxy_C_SignEncryptUpdate,
+ proxy_C_DecryptVerifyUpdate,
+ proxy_C_GenerateKey,
+ proxy_C_GenerateKeyPair,
+ proxy_C_WrapKey,
+ proxy_C_UnwrapKey,
+ proxy_C_DeriveKey,
+ proxy_C_SeedRandom,
+ proxy_C_GenerateRandom,
+ proxy_C_GetFunctionStatus,
+ proxy_C_CancelFunction,
+ proxy_C_WaitForSlotEvent
+};
+
+CK_RV
+C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list)
+{
+ return proxy_C_GetFunctionList (list);
+}
diff --git a/p11-kit/p11-kit-uri.c b/p11-kit/p11-kit-uri.c
new file mode 100644
index 0000000..5004ba1
--- /dev/null
+++ b/p11-kit/p11-kit-uri.c
@@ -0,0 +1,1195 @@
+/*
+ * Copyright (C) 2011 Collabora Ltd.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ * * Redistributions in binary form must reproduce the
+ * above copyright notice, this list of conditions and
+ * the following disclaimer in the documentation and/or
+ * other materials provided with the distribution.
+ * * The names of contributors to this software may not be
+ * used to endorse or promote products derived from this
+ * software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter <stefw@collabora.co.uk>
+ */
+
+#include "config.h"
+
+#include "pkcs11.h"
+#include "p11-kit-uri.h"
+#include "util.h"
+
+#include <assert.h>
+#include <ctype.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+/**
+ * SECTION:p11-kit-uri
+ * @title: URIs
+ * @short_description: Parsing and formatting PKCS\#11 URIs
+ *
+ * PKCS\#11 URIs can be used in configuration files or applications to represent
+ * PKCS\#11 modules, tokens or objects. An example of a URI might be:
+ *
+ * <code><literallayout>
+ * pkcs11:token=The\%20Software\%20PKCS\#11\%20softtoken;
+ * manufacturer=Snake\%20Oil,\%20Inc.;serial=;object=my-certificate;
+ * model=1.0;objecttype=cert;id=\%69\%95\%3e\%5c\%f4\%bd\%ec\%91
+ * </literallayout></code>
+ *
+ * You can use p11_kit_uri_parse() to parse such a URI, and p11_kit_uri_format()
+ * to build one. URIs are represented by the #P11KitUri structure. You can match
+ * a parsed URI against PKCS\#11 tokens with p11_kit_uri_match_token_info()
+ * or attributes with p11_kit_uri_match_attributes().
+ *
+ * Since URIs can represent different sorts of things, when parsing or formatting
+ * a URI a 'context' can be used to indicate which sort of URI is expected.
+ *
+ * URIs have an <code>unrecognized</code> flag. This flag is set during parsing
+ * if any parts of the URI are not recognized. This may be because the part is
+ * from a newer version of the PKCS\#11 spec or because that part was not valid
+ * inside of the desired context used when parsing.
+ */
+
+/**
+ * P11KitUri:
+ *
+ * A structure representing a PKCS\#11 URI. There are no public fields
+ * visible in this structure. Use the various accessor functions.
+ */
+
+/**
+ * P11KitUriType:
+ * @P11_KIT_URI_IS_MODULE: The URI represents one or more modules
+ * @P11_KIT_URI_IS_TOKEN: The URI represents one or more tokens
+ * @P11_KIT_URI_IS_OBJECT: The URI represents one or more objects
+ * @P11_KIT_URI_IS_ANY: The URI can represent anything
+ *
+ * A PKCS\#11 URI can represent different kinds of things. This flag is used by
+ * p11_kit_uri_parse() to denote in what context the URI will be used.
+ */
+
+/**
+ * P11KitUriResult:
+ * @P11_KIT_URI_OK: Success
+ * @P11_KIT_URI_NO_MEMORY: Memory allocation failed
+ * @P11_KIT_URI_BAD_SCHEME: The URI had a bad scheme
+ * @P11_KIT_URI_BAD_ENCODING: The URI had a bad encoding
+ * @P11_KIT_URI_BAD_SYNTAX: The URI had a bad syntax
+ * @P11_KIT_URI_BAD_VERSION: The URI contained a bad version number
+ * @P11_KIT_URI_NOT_FOUND: A requested part of the URI was not found
+ *
+ * Error codes returned by various functions. The functions each clearly state
+ * which error codes they are capable of returning.
+ */
+
+/**
+ * P11_KIT_URI_SCHEME:
+ *
+ * String of URI scheme for PKCS\#11 URIs.
+ */
+
+/**
+ * P11_KIT_URI_SCHEME_LEN:
+ *
+ * Length of %P11_KIT_URI_SCHEME.
+ */
+
+enum {
+ CLASS_IDX,
+ LABEL_IDX,
+ ID_IDX,
+ NUM_ATTRS,
+};
+
+struct _P11KitUri {
+ int unrecognized;
+ CK_INFO module;
+ CK_TOKEN_INFO token;
+ CK_ATTRIBUTE attrs[NUM_ATTRS];
+};
+
+const static char HEX_CHARS[] = "0123456789abcdef";
+
+static int
+url_decode (const char *value, const char *end,
+ unsigned char** output, size_t *length)
+{
+ char *a, *b;
+ unsigned char *result, *p;
+
+ assert (output);
+ assert (value <= end);
+
+ /* String can only get shorter */
+ result = malloc ((end - value) + 1);
+ if (!result)
+ return P11_KIT_URI_NO_MEMORY;
+
+ /* Now loop through looking for escapes */
+ p = result;
+ while (value != end) {
+ /*
+ * A percent sign followed by two hex digits means
+ * that the digits represent an escaped character.
+ */
+ if (*value == '%') {
+ value++;
+ if (value + 2 > end) {
+ free (result);
+ return P11_KIT_URI_BAD_ENCODING;
+ }
+ a = strchr (HEX_CHARS, tolower (value[0]));
+ b = strchr (HEX_CHARS, tolower (value[1]));
+ if (!a || !b) {
+ free (result);
+ return P11_KIT_URI_BAD_ENCODING;
+ }
+ *p = (a - HEX_CHARS) << 4;
+ *(p++) |= (b - HEX_CHARS);
+ value += 2;
+ } else {
+ *(p++) = *(value++);
+ }
+ }
+
+ *p = 0;
+ if (length)
+ *length = p - result;
+ *output = result;
+ return P11_KIT_URI_OK;
+}
+
+static char*
+url_encode (const unsigned char *value, const unsigned char *end, size_t *length)
+{
+ char *p;
+ char *result;
+
+ assert (value <= end);
+
+ /* Just allocate for worst case */
+ result = malloc (((end - value) * 3) + 1);
+ if (!result)
+ return NULL;
+
+ /* Now loop through looking for escapes */
+ p = result;
+ while (value != end) {
+
+ /* These characters we let through verbatim */
+ if (*value && (isalnum (*value) || strchr ("_-.", *value) != NULL)) {
+ *(p++) = *(value++);
+
+ /* All others get encoded */
+ } else {
+ *(p++) = '%';
+ *(p++) = HEX_CHARS[((unsigned char)*value) >> 4];
+ *(p++) = HEX_CHARS[((unsigned char)*value) & 0x0F];
+ ++value;
+ }
+ }
+
+ *p = 0;
+ if (length)
+ *length = p - result;
+ return result;
+}
+
+static int
+attribute_to_idx (CK_ATTRIBUTE_TYPE type)
+{
+ switch (type) {
+ case CKA_CLASS:
+ return CLASS_IDX;
+ case CKA_LABEL:
+ return LABEL_IDX;
+ case CKA_ID:
+ return ID_IDX;
+ default:
+ return -1;
+ }
+}
+
+static CK_ATTRIBUTE_TYPE
+idx_to_attribute (int idx)
+{
+ switch (idx) {
+ case CLASS_IDX:
+ return CKA_CLASS;
+ case LABEL_IDX:
+ return CKA_LABEL;
+ case ID_IDX:
+ return CKA_ID;
+ default:
+ assert (0);
+ }
+}
+
+static int
+match_struct_string (const unsigned char *inuri, const unsigned char *real,
+ size_t length)
+{
+ assert (inuri);
+ assert (real);
+ assert (length > 0);
+
+ /* NULL matches anything */
+ if (inuri[0] == 0)
+ return 1;
+
+ return memcmp (inuri, real, length) == 0 ? 1 : 0;
+}
+
+static int
+match_struct_version (CK_VERSION_PTR inuri, CK_VERSION_PTR real)
+{
+ /* This matches anything */
+ if (inuri->major == (CK_BYTE)-1 && inuri->minor == (CK_BYTE)-1)
+ return 1;
+
+ return memcmp (inuri, real, sizeof (CK_VERSION));
+}
+
+/**
+ * p11_kit_uri_get_module_info:
+ * @uri: the URI
+ *
+ * Get the <code>CK_INFO</code> structure associated with this URI.
+ *
+ * If this is a parsed URI, then the fields corresponding to library parts of
+ * the URI will be filled in. Any library URI parts that were missing will have
+ * their fields filled with zeros.
+ *
+ * If the caller wishes to setup information for building a URI, then relevant
+ * fields should be filled in. Fields that should not appear as parts in the
+ * resulting URI should be filled with zeros.
+ *
+ * Returns: A pointer to the <code>CK_INFO</code> structure.
+ */
+CK_INFO_PTR
+p11_kit_uri_get_module_info (P11KitUri *uri)
+{
+ assert (uri);
+ return &uri->module;
+}
+
+/**
+ * p11_kit_uri_match_module_info:
+ * @uri: the URI
+ * @info: the structure to match against the URI
+ *
+ * Match a <code>CK_INFO</code> structure against the library parts of this URI.
+ *
+ * Only the fields of the <code>CK_INFO</code> structure that are valid for use
+ * in a URI will be matched. A URI part that was not specified in the URI will
+ * match any value in the structure. If during the URI parsing any unrecognized
+ * parts were encountered then this match will fail.
+ *
+ * Returns: 1 if the URI matches, 0 if not.
+ */
+int
+p11_kit_uri_match_module_info (P11KitUri *uri, CK_INFO_PTR info)
+{
+ assert (uri);
+ assert (info);
+
+ if (uri->unrecognized)
+ return 0;
+
+ return (match_struct_string (uri->module.libraryDescription,
+ info->libraryDescription,
+ sizeof (info->libraryDescription)) &&
+ match_struct_string (uri->module.manufacturerID,
+ info->manufacturerID,
+ sizeof (info->manufacturerID)) &&
+ match_struct_version (&uri->module.libraryVersion,
+ &info->libraryVersion));
+}
+
+/**
+ * p11_kit_uri_get_token_info:
+ * @uri: the URI
+ *
+ * Get the <code>CK_TOKEN_INFO</code> structure associated with this URI.
+ *
+ * If this is a parsed URI, then the fields corresponding to token parts of
+ * the URI will be filled in. Any token URI parts that were missing will have
+ * their fields filled with zeros.
+ *
+ * If the caller wishes to setup information for building a URI, then relevant
+ * fields should be filled in. Fields that should not appear as parts in the
+ * resulting URI should be filled with zeros.
+ *
+ * Returns: A pointer to the <code>CK_INFO</code> structure.
+ */
+CK_TOKEN_INFO_PTR
+p11_kit_uri_get_token_info (P11KitUri *uri)
+{
+ assert (uri);
+ return &uri->token;
+}
+
+/**
+ * p11_kit_uri_match_token_info:
+ * @uri: the URI
+ * @token_info: the structure to match against the URI
+ *
+ * Match a <code>CK_TOKEN_INFO</code> structure against the token parts of this
+ * URI.
+ *
+ * Only the fields of the <code>CK_TOKEN_INFO</code> structure that are valid
+ * for use in a URI will be matched. A URI part that was not specified in the
+ * URI will match any value in the structure. If during the URI parsing any
+ * unrecognized parts were encountered then this match will fail.
+ *
+ * Returns: 1 if the URI matches, 0 if not.
+ */
+int
+p11_kit_uri_match_token_info (P11KitUri *uri, CK_TOKEN_INFO_PTR token_info)
+{
+ assert (uri);
+ assert (token_info);
+
+ if (uri->unrecognized)
+ return 0;
+
+ return (match_struct_string (uri->token.label,
+ token_info->label,
+ sizeof (token_info->label)) &&
+ match_struct_string (uri->token.manufacturerID,
+ token_info->manufacturerID,
+ sizeof (token_info->manufacturerID)) &&
+ match_struct_string (uri->token.model,
+ token_info->model,
+ sizeof (token_info->model)) &&
+ match_struct_string (uri->token.serialNumber,
+ token_info->serialNumber,
+ sizeof (token_info->serialNumber)));
+}
+
+/**
+ * p11_kit_uri_get_attribute_types:
+ * @uri: The URI
+ * @n_types: A location at which to return the number of types returned
+ *
+ * Get the types of the attributes present in this URI.
+ *
+ * Returns: A newly allocated array of <code>CK_ATTRIBUTE_TYPE</code>. This
+ * should be freed with free() when done.
+ */
+CK_ATTRIBUTE_TYPE*
+p11_kit_uri_get_attribute_types (P11KitUri *uri, int *n_types)
+{
+ CK_ATTRIBUTE_TYPE *result;
+ int i, j;
+
+ assert (uri);
+ assert (n_types);
+
+ result = calloc (NUM_ATTRS, sizeof (CK_ATTRIBUTE_TYPE));
+ if (result == NULL)
+ return NULL;
+
+ for (i = 0, j = 0; i < NUM_ATTRS; ++i) {
+ if (uri->attrs[i].ulValueLen != (CK_ULONG)-1)
+ result[j++] = uri->attrs[i].type;
+ }
+
+ *n_types = j;
+ return result;
+}
+
+/**
+ * p11_kit_uri_get_attribute:
+ * @uri: The URI
+ * @attr_type: The attribute type
+ *
+ * Get a pointer to an attribute present in this URI.
+ *
+ * Returns: A pointer to the attribute, or <code>NULL</code> if not present.
+ * The attribute is owned by the URI and should not be freed.
+ */
+CK_ATTRIBUTE_PTR
+p11_kit_uri_get_attribute (P11KitUri *uri, CK_ATTRIBUTE_TYPE attr_type)
+{
+ int idx;
+
+ assert (uri);
+
+ idx = attribute_to_idx (attr_type);
+ if (idx < 0)
+ return NULL;
+
+ assert (idx < NUM_ATTRS);
+ if (uri->attrs[idx].ulValueLen == (CK_ULONG)-1)
+ return NULL;
+ return &uri->attrs[idx];
+}
+
+/**
+ * p11_kit_uri_set_attribute:
+ * @uri: The URI
+ * @attr: The attribute to set
+ *
+ * Set an attribute on the URI.
+ *
+ * Only attributes that map to parts in a PKCS\#11 URI will be accepted.
+ *
+ * Returns: %P11_KIT_URI_OK if the attribute was successfully set.
+ * %P11_KIT_URI_NOT_FOUND if the attribute was not valid for a URI.
+ * %P11_KIT_URI_NO_MEMORY if allocation failed.
+ */
+int
+p11_kit_uri_set_attribute (P11KitUri *uri, CK_ATTRIBUTE_PTR attr)
+{
+ void *value = NULL;
+ int idx;
+ int ret;
+
+ assert (uri);
+ assert (attr);
+
+ if (attr->pValue && attr->ulValueLen && attr->ulValueLen != (CK_ULONG)-1) {
+ value = malloc (attr->ulValueLen);
+ if (!value)
+ return P11_KIT_URI_NO_MEMORY;
+ memcpy (value, attr->pValue, attr->ulValueLen);
+ }
+
+ ret = p11_kit_uri_clear_attribute (uri, attr->type);
+ if (ret < 0){
+ free (value);
+ return ret;
+ }
+
+ idx = attribute_to_idx (attr->type);
+ assert (idx >= 0 && idx < NUM_ATTRS);
+
+ memcpy (&uri->attrs[idx], attr, sizeof (CK_ATTRIBUTE));
+ uri->attrs[idx].pValue = value;
+
+ return P11_KIT_URI_OK;
+}
+
+/**
+ * p11_kit_uri_clear_attribute:
+ * @uri: The URI
+ * @attr_type: The type of the attribute to clear
+ *
+ * Clear an attribute on the URI.
+ *
+ * Only attributes that map to parts in a PKCS\#11 URI will be accepted.
+ *
+ * Returns: %P11_KIT_URI_OK if the attribute was successfully cleared.
+ * %P11_KIT_URI_NOT_FOUND if the attribute was not valid for a URI.
+ */
+int
+p11_kit_uri_clear_attribute (P11KitUri *uri, CK_ATTRIBUTE_TYPE attr_type)
+{
+ int idx;
+
+ assert (uri);
+
+ idx = attribute_to_idx (attr_type);
+ if (idx < 0)
+ return P11_KIT_URI_NOT_FOUND;
+ assert (idx < NUM_ATTRS);
+
+ free (uri->attrs[idx].pValue);
+ uri->attrs[idx].pValue = NULL;
+ uri->attrs[idx].ulValueLen = (CK_ULONG)-1;
+ return P11_KIT_URI_OK;
+}
+
+static int
+match_attributes (CK_ATTRIBUTE_PTR one, CK_ATTRIBUTE_PTR two)
+{
+ assert (one);
+ assert (two);
+
+ if (one->type != two->type)
+ return 0;
+ if (one->ulValueLen != two->ulValueLen)
+ return 0;
+ if (one->pValue == two->pValue)
+ return 1;
+ if (!one->pValue || !two->pValue)
+ return 0;
+ return memcmp (one->pValue, two->pValue, one->ulValueLen) == 0;
+}
+
+/**
+ * p11_kit_uri_match_attributes:
+ * @uri: The URI
+ * @attrs: The attributes to match
+ * @n_attrs: The number of attributes
+ *
+ * Match a attributes against the object parts of this URI.
+ *
+ * Only the attributes that are valid for use in a URI will be matched. A URI
+ * part that was not specified in the URI will match any attribute value. If
+ * during the URI parsing any unrecognized parts were encountered then this
+ * match will fail.
+ *
+ * Returns: 1 if the URI matches, 0 if not.
+ */
+int
+p11_kit_uri_match_attributes (P11KitUri *uri, CK_ATTRIBUTE_PTR attrs,
+ CK_ULONG n_attrs)
+{
+ CK_ULONG j;
+ int i;
+
+ assert (uri);
+ assert (attrs || !n_attrs);
+
+ if (uri->unrecognized)
+ return 0;
+
+ for (i = 0; i < NUM_ATTRS; ++i) {
+ if (uri->attrs[i].ulValueLen == (CK_ULONG)-1)
+ continue;
+ for (j = 0; j < n_attrs; ++j) {
+ if (attrs[j].type == uri->attrs[i].type) {
+ if (!match_attributes (&uri->attrs[i], &attrs[j]))
+ return 0;
+ break;
+ }
+ }
+ }
+
+ return 1;
+}
+
+/**
+ * p11_kit_uri_set_unrecognized:
+ * @uri: The URI
+ * @unrecognized: The new unregognized flag value
+ *
+ * Set the unrecognized flag on this URI.
+ *
+ * The unrecognized flag is automatically set to 1 when during parsing any part
+ * of the URI is unrecognized. If the unrecognized flag is set to 1, then
+ * matching against this URI will always fail.
+ */
+void
+p11_kit_uri_set_unrecognized (P11KitUri *uri, int unrecognized)
+{
+ assert (uri);
+ uri->unrecognized = unrecognized;
+}
+
+/**
+ * p11_kit_uri_any_unrecognized:
+ * @uri: The URI
+ *
+ * Get the unrecognized flag for this URI.
+ *
+ * The unrecognized flag is automatically set to 1 when during parsing any part
+ * of the URI is unrecognized. If the unrecognized flag is set to 1, then
+ * matching against this URI will always fail.
+ *
+ * Returns: 1 if unrecognized flag is set, 0 otherwise.
+ */
+int
+p11_kit_uri_any_unrecognized (P11KitUri *uri)
+{
+ assert (uri);
+ return uri->unrecognized;
+}
+
+/**
+ * p11_kit_uri_new:
+ *
+ * Create a new blank PKCS\#11 URI.
+ *
+ * The new URI is in the right state to parse a string into. All relevant fields
+ * are zeroed out. Formatting this URI will produce a valid but empty URI.
+ *
+ * Returns: A newly allocated URI. This should be freed with p11_kit_uri_free().
+ */
+P11KitUri*
+p11_kit_uri_new (void)
+{
+ P11KitUri *uri;
+ int i;
+
+ uri = calloc (1, sizeof (P11KitUri));
+ if (!uri)
+ return NULL;
+
+ /* So that it matches anything */
+ uri->module.libraryVersion.major = (CK_BYTE)-1;
+ uri->module.libraryVersion.minor = (CK_BYTE)-1;
+
+ for (i = 0; i < NUM_ATTRS; ++i) {
+ uri->attrs[i].type = idx_to_attribute (i);
+ uri->attrs[i].ulValueLen = (CK_ULONG)-1;
+ }
+
+ return uri;
+}
+
+static size_t
+space_strlen (const unsigned char *string, size_t max_length)
+{
+ size_t i = max_length - 1;
+
+ assert (string);
+
+ while (i > 0 && string[i] == ' ')
+ --i;
+ return i + 1;
+}
+
+static int
+format_raw_string (char **string, size_t *length, int *is_first,
+ const char *name, const char *value)
+{
+ size_t namelen;
+ size_t vallen;
+
+ /* Not set */
+ if (!value)
+ return 1;
+
+ namelen = strlen (name);
+ vallen = strlen (value);
+
+ *string = xrealloc (*string, *length + namelen + vallen + 3);
+ if (!*string)
+ return 0;
+
+ if (!*is_first)
+ (*string)[(*length)++] = ';';
+ memcpy ((*string) + *length, name, namelen);
+ *length += namelen;
+ (*string)[(*length)++] = '=';
+ memcpy ((*string) + *length, value, vallen);
+ *length += vallen;
+ (*string)[*length] = 0;
+ *is_first = 0;
+
+ return 1;
+}
+
+
+static int
+format_struct_string (char **string, size_t *length, int *is_first,
+ const char *name, const unsigned char *value,
+ size_t value_max)
+{
+ char *encoded;
+ size_t len;
+ int ret;
+
+ /* Not set */
+ if (!value[0])
+ return 1;
+
+ len = space_strlen (value, value_max);
+ encoded = url_encode (value, value + len, NULL);
+ if (!encoded)
+ return 0;
+
+ ret = format_raw_string (string, length, is_first, name, encoded);
+ free (encoded);
+
+ return ret;
+}
+
+static int
+format_attribute_string (char **string, size_t *length, int *is_first,
+ const char *name, CK_ATTRIBUTE_PTR attr)
+{
+ unsigned char *value;
+ char *encoded;
+ int ret;
+
+ /* Not set */;
+ if (attr->ulValueLen == (CK_ULONG)-1)
+ return 1;
+
+ value = attr->pValue;
+ encoded = url_encode (value, value + attr->ulValueLen, NULL);
+ if (!encoded)
+ return 0;
+
+ ret = format_raw_string (string, length, is_first, name, encoded);
+ free (encoded);
+
+ return ret;
+}
+
+static int
+format_attribute_class (char **string, size_t *length, int *is_first,
+ const char *name, CK_ATTRIBUTE_PTR attr)
+{
+ CK_OBJECT_CLASS klass;
+ const char *value;
+
+ /* Not set */;
+ if (attr->ulValueLen != sizeof (klass))
+ return 1;
+
+ klass = *((CK_OBJECT_CLASS*)attr->pValue);
+ switch (klass) {
+ case CKO_DATA:
+ value = "data";
+ break;
+ case CKO_SECRET_KEY:
+ value = "secretkey";
+ break;
+ case CKO_CERTIFICATE:
+ value = "cert";
+ break;
+ case CKO_PUBLIC_KEY:
+ value = "public";
+ break;
+ case CKO_PRIVATE_KEY:
+ value = "private";
+ break;
+ }
+
+ return format_raw_string (string, length, is_first, name, value);
+}
+
+static int
+format_struct_version (char **string, size_t *length, int *is_first,
+ const char *name, CK_VERSION_PTR version)
+{
+ char buffer[64];
+
+ /* Not set */
+ if (version->major == (CK_BYTE)-1 && version->minor == (CK_BYTE)-1)
+ return 1;
+
+ snprintf (buffer, sizeof (buffer), "%d.%d",
+ (int)version->major, (int)version->minor);
+ return format_raw_string (string, length, is_first, name, buffer);
+}
+
+/**
+ * p11_kit_uri_format:
+ * @uri: The URI.
+ * @uri_type: The type of URI that should be produced.
+ * @string: Location to store a newly allocated string.
+ *
+ * Format a PKCS\#11 URI into a string.
+ *
+ * Fields which are zeroed out will not be included in the resulting string.
+ * Attributes which are not present will also not be included.
+ *
+ * The uri_type of URI specified limits the different parts of the resulting
+ * URI. To format a URI containing all possible information use
+ * %P11_KIT_URI_IS_ANY
+ *
+ * The resulting string should be freed with free().
+ *
+ * Returns: %P11_KIT_URI_OK if the URI was formatted successfully.
+ * %P11_KIT_URI_NO_MEMORY if memory allocation failed.
+ */
+int
+p11_kit_uri_format (P11KitUri *uri, P11KitUriType uri_type, char **string)
+{
+ char *result = NULL;
+ size_t length = 0;
+ int is_first = 1;
+
+ result = malloc (128);
+ if (!result)
+ return P11_KIT_URI_NO_MEMORY;
+
+ length = P11_KIT_URI_SCHEME_LEN;
+ memcpy (result, P11_KIT_URI_SCHEME, length);
+ result[length] = 0;
+
+ if (uri_type & P11_KIT_URI_IS_MODULE) {
+ if (!format_struct_string (&result, &length, &is_first, "library-description",
+ uri->module.libraryDescription,
+ sizeof (uri->module.libraryDescription)) ||
+ !format_struct_version (&result, &length, &is_first, "library-version",
+ &uri->module.libraryVersion) ||
+ !format_struct_string (&result, &length, &is_first, "library-manufacturer",
+ uri->module.manufacturerID,
+ sizeof (uri->module.manufacturerID))) {
+ free (result);
+ return P11_KIT_URI_NO_MEMORY;
+ }
+ }
+
+ if (uri_type & P11_KIT_URI_IS_TOKEN) {
+ if (!format_struct_string (&result, &length, &is_first, "model",
+ uri->token.model,
+ sizeof (uri->token.model)) ||
+ !format_struct_string (&result, &length, &is_first, "manufacturer",
+ uri->token.manufacturerID,
+ sizeof (uri->token.manufacturerID)) ||
+ !format_struct_string (&result, &length, &is_first, "serial",
+ uri->token.serialNumber,
+ sizeof (uri->token.serialNumber)) ||
+ !format_struct_string (&result, &length, &is_first, "token",
+ uri->token.label,
+ sizeof (uri->token.label))) {
+ free (result);
+ return P11_KIT_URI_NO_MEMORY;
+ }
+ }
+
+ if (uri_type & P11_KIT_URI_IS_OBJECT) {
+ if (!format_attribute_string (&result, &length, &is_first, "id",
+ &uri->attrs[ID_IDX]) ||
+ !format_attribute_string (&result, &length, &is_first, "object",
+ &uri->attrs[LABEL_IDX])) {
+ free (result);
+ return P11_KIT_URI_NO_MEMORY;
+ }
+
+ if (!format_attribute_class (&result, &length, &is_first, "objecttype",
+ &uri->attrs[CLASS_IDX])) {
+ free (result);
+ return P11_KIT_URI_NO_MEMORY;
+ }
+ }
+
+ *string = result;
+ return P11_KIT_URI_OK;
+}
+
+static int
+parse_string_attribute (const char *name, const char *start, const char *end,
+ P11KitUri *uri)
+{
+ unsigned char *value;
+ size_t length;
+ int idx, ret;
+
+ assert (start <= end);
+
+ if (strcmp ("id", name) == 0)
+ idx = ID_IDX;
+ else if (strcmp ("object", name) == 0)
+ idx = LABEL_IDX;
+ else
+ return 0;
+
+ ret = url_decode (start, end, &value, &length);
+ if (ret < 0)
+ return ret;
+
+ free (uri->attrs[idx].pValue);
+ uri->attrs[idx].pValue = value;
+ uri->attrs[idx].ulValueLen = length;
+ return 1;
+}
+
+static int
+equals_segment (const char *start, const char *end, const char *match)
+{
+ size_t len = strlen (match);
+ assert (start <= end);
+ return (end - start == len) && memcmp (start, match, len) == 0;
+}
+
+static int
+parse_class_attribute (const char *name, const char *start, const char *end,
+ P11KitUri *uri)
+{
+ CK_OBJECT_CLASS klass = 0;
+ void *value;
+
+ assert (start <= end);
+
+ if (strcmp ("objecttype", name) != 0)
+ return 0;
+
+ if (equals_segment (start, end, "cert"))
+ klass = CKO_CERTIFICATE;
+ else if (equals_segment (start, end, "public"))
+ klass = CKO_PUBLIC_KEY;
+ else if (equals_segment (start, end, "private"))
+ klass = CKO_PRIVATE_KEY;
+ else if (equals_segment (start, end, "secretkey"))
+ klass = CKO_SECRET_KEY;
+ else if (equals_segment (start, end, "data"))
+ klass = CKO_DATA;
+ else {
+ uri->unrecognized = 1;
+ return 1;
+ }
+
+ value = malloc (sizeof (klass));
+ if (value == NULL)
+ return P11_KIT_URI_NO_MEMORY;
+
+ free (uri->attrs[CLASS_IDX].pValue);
+ memcpy (value, &klass, sizeof (klass));
+ uri->attrs[CLASS_IDX].pValue = value;
+ uri->attrs[CLASS_IDX].ulValueLen = sizeof (klass);
+
+ return 1;
+}
+
+static int
+parse_struct_info (unsigned char *where, size_t length, const char *start,
+ const char *end, P11KitUri *uri)
+{
+ unsigned char *value;
+ size_t value_length;
+ int ret;
+
+ assert (start <= end);
+
+ ret = url_decode (start, end, &value, &value_length);
+ if (ret < 0)
+ return ret;
+
+ /* Too long, shouldn't match anything */
+ if (value_length > length) {
+ free (value);
+ uri->unrecognized = 1;
+ return 1;
+ }
+
+ memset (where, ' ', length);
+ memcpy (where, value, value_length);
+
+ free (value);
+ return 1;
+}
+
+static int
+parse_token_info (const char *name, const char *start, const char *end,
+ P11KitUri *uri)
+{
+ unsigned char *where;
+ size_t length;
+
+ assert (start <= end);
+
+ if (strcmp (name, "model") == 0) {
+ where = uri->token.model;
+ length = sizeof (uri->token.model);
+ } else if (strcmp (name, "manufacturer") == 0) {
+ where = uri->token.manufacturerID;
+ length = sizeof (uri->token.manufacturerID);
+ } else if (strcmp (name, "serial") == 0) {
+ where = uri->token.serialNumber;
+ length = sizeof (uri->token.serialNumber);
+ } else if (strcmp (name, "token") == 0) {
+ where = uri->token.label;
+ length = sizeof (uri->token.label);
+ } else {
+ return 0;
+ }
+
+ return parse_struct_info (where, length, start, end, uri);
+}
+
+static int
+atoin (const char *start, const char *end)
+{
+ int ret = 0;
+ while (start != end) {
+ if (*start < '0' || *start > '9')
+ return -1;
+ ret *= 10;
+ ret += (*start - '0');
+ ++start;
+ }
+ return ret;
+}
+
+static int
+parse_struct_version (const char *start, const char *end, CK_VERSION_PTR version)
+{
+ const char *dot;
+ int val;
+
+ assert (start <= end);
+
+ dot = memchr (start, '.', end - start);
+ if (!dot)
+ dot = end;
+
+ if (dot == start)
+ return P11_KIT_URI_BAD_VERSION;
+ val = atoin (start, dot);
+ if (val < 0 || val >= 255)
+ return P11_KIT_URI_BAD_VERSION;
+ version->major = (CK_BYTE)val;
+ version->minor = 0;
+
+ if (dot != end) {
+ if (dot + 1 == end)
+ return P11_KIT_URI_BAD_VERSION;
+ val = atoin (dot + 1, end);
+ if (val < 0 || val >= 255)
+ return P11_KIT_URI_BAD_VERSION;
+ version->minor = (CK_BYTE)val;
+ }
+
+ return 1;
+}
+
+static int
+parse_module_info (const char *name, const char *start, const char *end,
+ P11KitUri *uri)
+{
+ unsigned char *where;
+ size_t length;
+
+ assert (start <= end);
+
+ if (strcmp (name, "library-description") == 0) {
+ where = uri->module.libraryDescription;
+ length = sizeof (uri->module.libraryDescription);
+ } else if (strcmp (name, "library-manufacturer") == 0) {
+ where = uri->module.manufacturerID;
+ length = sizeof (uri->module.manufacturerID);
+ } else if (strcmp (name, "library-version") == 0) {
+ return parse_struct_version (start, end,
+ &uri->module.libraryVersion);
+ } else {
+ return 0;
+ }
+
+ return parse_struct_info (where, length, start, end, uri);
+}
+
+/**
+ * p11_kit_uri_parse:
+ * @string: The string to parse
+ * @uri_type: The type of URI that is expected
+ * @uri: The blank URI to parse the values into
+ *
+ * Parse a PKCS\#11 URI string.
+ *
+ * PKCS\#11 URIs can represent tokens, objects or modules. The uri_type argument
+ * allows the caller to specify what type of URI is expected and the sorts of
+ * objects the URI should match. %P11_KIT_URI_IS_ANY can be used to parse a URI
+ * for any context. It's then up to the caller to make sense of the way that
+ * it is used.
+ *
+ * If the PKCS\#11 URI contains unrecognized URI parts or parts not applicable
+ * to the specified context, then the unrecognized flag will be set. This will
+ * prevent the URI from matching using the various match functions.
+ *
+ * Returns: %P11_KIT_URI_OK if the URI was parsed successfully.
+ * %P11_KIT_URI_BAD_SCHEME if this was not a PKCS\#11 URI.
+ * %P11_KIT_URI_BAD_SYNTAX if the URI syntax was bad.
+ * %P11_KIT_URI_NO_MEMORY if memory allocation failed.
+ * %P11_KIT_URI_BAD_VERSION if a version number was bad.
+ * %P11_KIT_URI_BAD_ENCODING if the URI encoding was invalid.
+ */
+int
+p11_kit_uri_parse (const char *string, P11KitUriType uri_type,
+ P11KitUri *uri)
+{
+ const char *spos, *epos;
+ char *key = NULL;
+ int ret = -1;
+ int i;
+
+ assert (string);
+ assert (uri);
+
+ if (strncmp (string, P11_KIT_URI_SCHEME, P11_KIT_URI_SCHEME_LEN) != 0)
+ return P11_KIT_URI_BAD_SCHEME;
+
+ string += P11_KIT_URI_SCHEME_LEN;
+
+ /* Clear everything out */
+ memset (&uri->module, 0, sizeof (uri->module));
+ memset (&uri->token, 0, sizeof (uri->module));
+ for (i = 0; i < NUM_ATTRS; ++i)
+ uri->attrs[i].ulValueLen = (CK_ULONG)-1;
+ uri->module.libraryVersion.major = (CK_BYTE)-1;
+ uri->module.libraryVersion.minor = (CK_BYTE)-1;
+ uri->unrecognized = 0;
+
+ for (;;) {
+ spos = strchr (string, ';');
+ if (spos == NULL) {
+ spos = string + strlen (string);
+ assert (*spos == '\0');
+ if (spos == string)
+ break;
+ }
+
+ epos = strchr (string, '=');
+ if (epos == NULL || spos == string || epos == string || epos >= spos)
+ return P11_KIT_URI_BAD_SYNTAX;
+
+ key = malloc ((epos - string) + 1);
+ if (key == NULL)
+ return P11_KIT_URI_NO_MEMORY;
+ memcpy (key, string, epos - string);
+ key[epos - string] = 0;
+ epos++;
+
+ ret = 0;
+ if (uri_type & P11_KIT_URI_IS_OBJECT)
+ ret = parse_string_attribute (key, epos, spos, uri);
+ if (ret == 0 && uri_type & P11_KIT_URI_IS_OBJECT)
+ ret = parse_class_attribute (key, epos, spos, uri);
+ if (ret == 0 && uri_type & P11_KIT_URI_IS_TOKEN)
+ ret = parse_token_info (key, epos, spos, uri);
+ if (ret == 0 && uri_type & P11_KIT_URI_IS_MODULE)
+ ret = parse_module_info (key, epos, spos, uri);
+ free (key);
+
+ if (ret < 0)
+ return ret;
+ if (ret == 0)
+ uri->unrecognized = 1;
+
+ if (*spos == '\0')
+ break;
+ string = spos + 1;
+ }
+
+ return P11_KIT_URI_OK;
+}
+
+/**
+ * p11_kit_uri_free:
+ * @uri: The URI
+ *
+ * Free a PKCS\#11 URI.
+ */
+void
+p11_kit_uri_free (P11KitUri *uri)
+{
+ int i;
+
+ if (!uri)
+ return;
+
+ for (i = 0; i < NUM_ATTRS; ++i)
+ free (uri->attrs[i].pValue);
+
+ free (uri);
+}
diff --git a/p11-kit/p11-kit-uri.h b/p11-kit/p11-kit-uri.h
new file mode 100644
index 0000000..a3e52ed
--- /dev/null
+++ b/p11-kit/p11-kit-uri.h
@@ -0,0 +1,105 @@
+/*
+ * Copyright (c) 2011, Collabora Ltd.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ * * Redistributions in binary form must reproduce the
+ * above copyright notice, this list of conditions and
+ * the following disclaimer in the documentation and/or
+ * other materials provided with the distribution.
+ * * The names of contributors to this software may not be
+ * used to endorse or promote products derived from this
+ * software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter <stefw@collabora.co.uk>
+ */
+
+#include "pkcs11.h"
+
+#ifndef __P11_KIT_URI_H__
+#define __P11_KIT_URI_H__
+
+#define P11_KIT_URI_SCHEME "pkcs11:"
+#define P11_KIT_URI_SCHEME_LEN 7
+
+typedef enum {
+ P11_KIT_URI_OK = 0,
+ P11_KIT_URI_NO_MEMORY = -1,
+ P11_KIT_URI_BAD_SCHEME = -2,
+ P11_KIT_URI_BAD_ENCODING = -3,
+ P11_KIT_URI_BAD_SYNTAX = -4,
+ P11_KIT_URI_BAD_VERSION = -5,
+ P11_KIT_URI_NOT_FOUND = -6,
+} P11KitUriResult;
+
+typedef enum {
+ P11_KIT_URI_IS_MODULE = (1 << 1),
+ P11_KIT_URI_IS_TOKEN = (1 << 2) | P11_KIT_URI_IS_MODULE,
+ P11_KIT_URI_IS_OBJECT = (1 << 3) | P11_KIT_URI_IS_TOKEN,
+ P11_KIT_URI_IS_ANY = 0x0000FFFF,
+} P11KitUriType;
+
+typedef struct _P11KitUri P11KitUri;
+
+CK_INFO_PTR p11_kit_uri_get_module_info (P11KitUri *uri);
+
+int p11_kit_uri_match_module_info (P11KitUri *uri,
+ CK_INFO_PTR info);
+
+CK_TOKEN_INFO_PTR p11_kit_uri_get_token_info (P11KitUri *uri);
+
+int p11_kit_uri_match_token_info (P11KitUri *uri,
+ CK_TOKEN_INFO_PTR token_info);
+
+CK_ATTRIBUTE_TYPE* p11_kit_uri_get_attribute_types (P11KitUri *uri,
+ int *n_types);
+
+CK_ATTRIBUTE_PTR p11_kit_uri_get_attribute (P11KitUri *uri,
+ CK_ATTRIBUTE_TYPE attr_type);
+
+int p11_kit_uri_set_attribute (P11KitUri *uri,
+ CK_ATTRIBUTE_PTR attr);
+
+int p11_kit_uri_clear_attribute (P11KitUri *uri,
+ CK_ATTRIBUTE_TYPE attr_type);
+
+int p11_kit_uri_match_attributes (P11KitUri *uri,
+ CK_ATTRIBUTE_PTR attrs,
+ CK_ULONG n_attrs);
+
+void p11_kit_uri_set_unrecognized (P11KitUri *uri,
+ int unrecognized);
+
+int p11_kit_uri_any_unrecognized (P11KitUri *uri);
+
+P11KitUri* p11_kit_uri_new (void);
+
+int p11_kit_uri_format (P11KitUri *uri,
+ P11KitUriType uri_type,
+ char **string);
+
+int p11_kit_uri_parse (const char *string,
+ P11KitUriType uri_type,
+ P11KitUri *uri);
+
+void p11_kit_uri_free (P11KitUri *uri);
+
+#endif /* __P11_KIT_URI_H__ */
diff --git a/p11-kit/p11-kit.h b/p11-kit/p11-kit.h
new file mode 100644
index 0000000..b035f56
--- /dev/null
+++ b/p11-kit/p11-kit.h
@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 2011, Collabora Ltd.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ * * Redistributions in binary form must reproduce the
+ * above copyright notice, this list of conditions and
+ * the following disclaimer in the documentation and/or
+ * other materials provided with the distribution.
+ * * The names of contributors to this software may not be
+ * used to endorse or promote products derived from this
+ * software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter <stefw@collabora.co.uk>
+ */
+
+#ifndef __P11_KIT_H__
+#define __P11_KIT_H__
+
+#include "pkcs11.h"
+
+CK_RV p11_kit_initialize_registered (void);
+
+CK_RV p11_kit_finalize_registered (void);
+
+CK_FUNCTION_LIST_PTR* p11_kit_registered_modules (void);
+
+char* p11_kit_registered_module_to_name (CK_FUNCTION_LIST_PTR funcs);
+
+CK_FUNCTION_LIST_PTR p11_kit_registered_name_to_module (const char *name);
+
+char* p11_kit_registered_option (CK_FUNCTION_LIST_PTR funcs,
+ const char *field);
+
+CK_RV p11_kit_initialize_module (CK_FUNCTION_LIST_PTR funcs);
+
+CK_RV p11_kit_finalize_module (CK_FUNCTION_LIST_PTR funcs);
+
+const char* p11_kit_strerror (CK_RV rv);
+
+#endif /* __P11_KIT_H__ */
diff --git a/p11-kit/p11-kit.pc b/p11-kit/p11-kit.pc
new file mode 100644
index 0000000..ce763cc
--- /dev/null
+++ b/p11-kit/p11-kit.pc
@@ -0,0 +1,17 @@
+prefix=/usr
+exec_prefix=${prefix}
+libdir=${exec_prefix}/lib
+includedir=${prefix}/include
+datarootdir=${prefix}/share
+datadir=${datarootdir}
+sysconfdir=/etc
+p11_system_conf=/etc/pkcs11/pkcs11.conf
+p11_system_modules=/etc/pkcs11/modules
+p11_user_conf=~/.pkcs11/pkcs11.conf
+p11_user_modules=~/.pkcs11/modules
+
+Name: p11-kit
+Description: Library and proxy module for properly loading and sharing PKCS#11 modules.
+Version: 0.1
+Libs: -L${libdir} -lp11-kit
+Cflags: -I${includedir}/p11-kit
diff --git a/p11-kit/p11-kit.pc.in b/p11-kit/p11-kit.pc.in
new file mode 100644
index 0000000..d80167e
--- /dev/null
+++ b/p11-kit/p11-kit.pc.in
@@ -0,0 +1,17 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+datarootdir=@datarootdir@
+datadir=@datadir@
+sysconfdir=@sysconfdir@
+p11_system_conf=@p11_system_conf@
+p11_system_modules=@p11_system_modules@
+p11_user_conf=@p11_user_conf@
+p11_user_modules=@p11_user_modules@
+
+Name: p11-kit
+Description: Library and proxy module for properly loading and sharing PKCS#11 modules.
+Version: @VERSION@
+Libs: -L${libdir} -lp11-kit
+Cflags: -I${includedir}/p11-kit
diff --git a/p11-kit/pkcs11.h b/p11-kit/pkcs11.h
new file mode 100644
index 0000000..b8be30f
--- /dev/null
+++ b/p11-kit/pkcs11.h
@@ -0,0 +1,1357 @@
+/* pkcs11.h
+ Copyright 2006, 2007 g10 Code GmbH
+ Copyright 2006 Andreas Jellinghaus
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even
+ the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ PURPOSE. */
+
+/* Please submit changes back to the Scute project at
+ http://www.scute.org/ (or send them to marcus@g10code.com), so that
+ they can be picked up by other projects from there as well. */
+
+/* This file is a modified implementation of the PKCS #11 standard by
+ RSA Security Inc. It is mostly a drop-in replacement, with the
+ following change:
+
+ This header file does not require any macro definitions by the user
+ (like CK_DEFINE_FUNCTION etc). In fact, it defines those macros
+ for you (if useful, some are missing, let me know if you need
+ more).
+
+ There is an additional API available that does comply better to the
+ GNU coding standard. It can be switched on by defining
+ CRYPTOKI_GNU before including this header file. For this, the
+ following changes are made to the specification:
+
+ All structure types are changed to a "struct ck_foo" where CK_FOO
+ is the type name in PKCS #11.
+
+ All non-structure types are changed to ck_foo_t where CK_FOO is the
+ lowercase version of the type name in PKCS #11. The basic types
+ (CK_ULONG et al.) are removed without substitute.
+
+ All members of structures are modified in the following way: Type
+ indication prefixes are removed, and underscore characters are
+ inserted before words. Then the result is lowercased.
+
+ Note that function names are still in the original case, as they
+ need for ABI compatibility.
+
+ CK_FALSE, CK_TRUE and NULL_PTR are removed without substitute. Use
+ <stdbool.h>.
+
+ If CRYPTOKI_COMPAT is defined before including this header file,
+ then none of the API changes above take place, and the API is the
+ one defined by the PKCS #11 standard. */
+
+#ifndef PKCS11_H
+#define PKCS11_H 1
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+
+/* The version of cryptoki we implement. The revision is changed with
+ each modification of this file. If you do not use the "official"
+ version of this file, please consider deleting the revision macro
+ (you may use a macro with a different name to keep track of your
+ versions). */
+#define CRYPTOKI_VERSION_MAJOR 2
+#define CRYPTOKI_VERSION_MINOR 20
+#define CRYPTOKI_VERSION_REVISION 6
+
+
+/* Compatibility interface is default, unless CRYPTOKI_GNU is
+ given. */
+#ifndef CRYPTOKI_GNU
+#ifndef CRYPTOKI_COMPAT
+#define CRYPTOKI_COMPAT 1
+#endif
+#endif
+
+/* System dependencies. */
+
+#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32)
+
+/* There is a matching pop below. */
+#pragma pack(push, cryptoki, 1)
+
+#ifdef CRYPTOKI_EXPORTS
+#define CK_SPEC __declspec(dllexport)
+#else
+#define CK_SPEC __declspec(dllimport)
+#endif
+
+#else
+
+#define CK_SPEC
+
+#endif
+
+
+#ifdef CRYPTOKI_COMPAT
+ /* If we are in compatibility mode, switch all exposed names to the
+ PKCS #11 variant. There are corresponding #undefs below. */
+
+#define ck_flags_t CK_FLAGS
+#define ck_version _CK_VERSION
+
+#define ck_info _CK_INFO
+#define cryptoki_version cryptokiVersion
+#define manufacturer_id manufacturerID
+#define library_description libraryDescription
+#define library_version libraryVersion
+
+#define ck_notification_t CK_NOTIFICATION
+#define ck_slot_id_t CK_SLOT_ID
+
+#define ck_slot_info _CK_SLOT_INFO
+#define slot_description slotDescription
+#define hardware_version hardwareVersion
+#define firmware_version firmwareVersion
+
+#define ck_token_info _CK_TOKEN_INFO
+#define serial_number serialNumber
+#define max_session_count ulMaxSessionCount
+#define session_count ulSessionCount
+#define max_rw_session_count ulMaxRwSessionCount
+#define rw_session_count ulRwSessionCount
+#define max_pin_len ulMaxPinLen
+#define min_pin_len ulMinPinLen
+#define total_public_memory ulTotalPublicMemory
+#define free_public_memory ulFreePublicMemory
+#define total_private_memory ulTotalPrivateMemory
+#define free_private_memory ulFreePrivateMemory
+#define utc_time utcTime
+
+#define ck_session_handle_t CK_SESSION_HANDLE
+#define ck_user_type_t CK_USER_TYPE
+#define ck_state_t CK_STATE
+
+#define ck_session_info _CK_SESSION_INFO
+#define slot_id slotID
+#define device_error ulDeviceError
+
+#define ck_object_handle_t CK_OBJECT_HANDLE
+#define ck_object_class_t CK_OBJECT_CLASS
+#define ck_hw_feature_type_t CK_HW_FEATURE_TYPE
+#define ck_key_type_t CK_KEY_TYPE
+#define ck_certificate_type_t CK_CERTIFICATE_TYPE
+#define ck_attribute_type_t CK_ATTRIBUTE_TYPE
+
+#define ck_attribute _CK_ATTRIBUTE
+#define value pValue
+#define value_len ulValueLen
+
+#define ck_date _CK_DATE
+
+#define ck_mechanism_type_t CK_MECHANISM_TYPE
+
+#define ck_mechanism _CK_MECHANISM
+#define parameter pParameter
+#define parameter_len ulParameterLen
+
+#define ck_mechanism_info _CK_MECHANISM_INFO
+#define min_key_size ulMinKeySize
+#define max_key_size ulMaxKeySize
+
+#define ck_rv_t CK_RV
+#define ck_notify_t CK_NOTIFY
+
+#define ck_function_list _CK_FUNCTION_LIST
+
+#define ck_createmutex_t CK_CREATEMUTEX
+#define ck_destroymutex_t CK_DESTROYMUTEX
+#define ck_lockmutex_t CK_LOCKMUTEX
+#define ck_unlockmutex_t CK_UNLOCKMUTEX
+
+#define ck_c_initialize_args _CK_C_INITIALIZE_ARGS
+#define create_mutex CreateMutex
+#define destroy_mutex DestroyMutex
+#define lock_mutex LockMutex
+#define unlock_mutex UnlockMutex
+#define reserved pReserved
+
+#endif /* CRYPTOKI_COMPAT */
+
+
+
+typedef unsigned long ck_flags_t;
+
+struct ck_version
+{
+ unsigned char major;
+ unsigned char minor;
+};
+
+
+struct ck_info
+{
+ struct ck_version cryptoki_version;
+ unsigned char manufacturer_id[32];
+ ck_flags_t flags;
+ unsigned char library_description[32];
+ struct ck_version library_version;
+};
+
+
+typedef unsigned long ck_notification_t;
+
+#define CKN_SURRENDER (0UL)
+
+
+typedef unsigned long ck_slot_id_t;
+
+
+struct ck_slot_info
+{
+ unsigned char slot_description[64];
+ unsigned char manufacturer_id[32];
+ ck_flags_t flags;
+ struct ck_version hardware_version;
+ struct ck_version firmware_version;
+};
+
+
+#define CKF_TOKEN_PRESENT (1UL << 0)
+#define CKF_REMOVABLE_DEVICE (1UL << 1)
+#define CKF_HW_SLOT (1UL << 2)
+#define CKF_ARRAY_ATTRIBUTE (1UL << 30)
+
+
+struct ck_token_info
+{
+ unsigned char label[32];
+ unsigned char manufacturer_id[32];
+ unsigned char model[16];
+ unsigned char serial_number[16];
+ ck_flags_t flags;
+ unsigned long max_session_count;
+ unsigned long session_count;
+ unsigned long max_rw_session_count;
+ unsigned long rw_session_count;
+ unsigned long max_pin_len;
+ unsigned long min_pin_len;
+ unsigned long total_public_memory;
+ unsigned long free_public_memory;
+ unsigned long total_private_memory;
+ unsigned long free_private_memory;
+ struct ck_version hardware_version;
+ struct ck_version firmware_version;
+ unsigned char utc_time[16];
+};
+
+
+#define CKF_RNG (1UL << 0)
+#define CKF_WRITE_PROTECTED (1UL << 1)
+#define CKF_LOGIN_REQUIRED (1UL << 2)
+#define CKF_USER_PIN_INITIALIZED (1UL << 3)
+#define CKF_RESTORE_KEY_NOT_NEEDED (1UL << 5)
+#define CKF_CLOCK_ON_TOKEN (1UL << 6)
+#define CKF_PROTECTED_AUTHENTICATION_PATH (1UL << 8)
+#define CKF_DUAL_CRYPTO_OPERATIONS (1UL << 9)
+#define CKF_TOKEN_INITIALIZED (1UL << 10)
+#define CKF_SECONDARY_AUTHENTICATION (1UL << 11)
+#define CKF_USER_PIN_COUNT_LOW (1UL << 16)
+#define CKF_USER_PIN_FINAL_TRY (1UL << 17)
+#define CKF_USER_PIN_LOCKED (1UL << 18)
+#define CKF_USER_PIN_TO_BE_CHANGED (1UL << 19)
+#define CKF_SO_PIN_COUNT_LOW (1UL << 20)
+#define CKF_SO_PIN_FINAL_TRY (1UL << 21)
+#define CKF_SO_PIN_LOCKED (1UL << 22)
+#define CKF_SO_PIN_TO_BE_CHANGED (1UL << 23)
+
+#define CK_UNAVAILABLE_INFORMATION ((unsigned long)-1L)
+#define CK_EFFECTIVELY_INFINITE (0UL)
+
+
+typedef unsigned long ck_session_handle_t;
+
+#define CK_INVALID_HANDLE (0UL)
+
+
+typedef unsigned long ck_user_type_t;
+
+#define CKU_SO (0UL)
+#define CKU_USER (1UL)
+#define CKU_CONTEXT_SPECIFIC (2UL)
+
+
+typedef unsigned long ck_state_t;
+
+#define CKS_RO_PUBLIC_SESSION (0UL)
+#define CKS_RO_USER_FUNCTIONS (1UL)
+#define CKS_RW_PUBLIC_SESSION (2UL)
+#define CKS_RW_USER_FUNCTIONS (3UL)
+#define CKS_RW_SO_FUNCTIONS (4UL)
+
+
+struct ck_session_info
+{
+ ck_slot_id_t slot_id;
+ ck_state_t state;
+ ck_flags_t flags;
+ unsigned long device_error;
+};
+
+#define CKF_RW_SESSION (1UL << 1)
+#define CKF_SERIAL_SESSION (1UL << 2)
+
+
+typedef unsigned long ck_object_handle_t;
+
+
+typedef unsigned long ck_object_class_t;
+
+#define CKO_DATA (0UL)
+#define CKO_CERTIFICATE (1UL)
+#define CKO_PUBLIC_KEY (2UL)
+#define CKO_PRIVATE_KEY (3UL)
+#define CKO_SECRET_KEY (4UL)
+#define CKO_HW_FEATURE (5UL)
+#define CKO_DOMAIN_PARAMETERS (6UL)
+#define CKO_MECHANISM (7UL)
+#define CKO_VENDOR_DEFINED ((unsigned long) (1UL << 31))
+
+
+typedef unsigned long ck_hw_feature_type_t;
+
+#define CKH_MONOTONIC_COUNTER (1UL)
+#define CKH_CLOCK (2UL)
+#define CKH_USER_INTERFACE (3UL)
+#define CKH_VENDOR_DEFINED ((unsigned long) (1UL << 31))
+
+
+typedef unsigned long ck_key_type_t;
+
+#define CKK_RSA (0UL)
+#define CKK_DSA (1UL)
+#define CKK_DH (2UL)
+#define CKK_ECDSA (3UL)
+#define CKK_EC (3UL)
+#define CKK_X9_42_DH (4UL)
+#define CKK_KEA (5UL)
+#define CKK_GENERIC_SECRET (0x10UL)
+#define CKK_RC2 (0x11UL)
+#define CKK_RC4 (0x12UL)
+#define CKK_DES (0x13UL)
+#define CKK_DES2 (0x14UL)
+#define CKK_DES3 (0x15UL)
+#define CKK_CAST (0x16UL)
+#define CKK_CAST3 (0x17UL)
+#define CKK_CAST128 (0x18UL)
+#define CKK_RC5 (0x19UL)
+#define CKK_IDEA (0x1aUL)
+#define CKK_SKIPJACK (0x1bUL)
+#define CKK_BATON (0x1cUL)
+#define CKK_JUNIPER (0x1dUL)
+#define CKK_CDMF (0x1eUL)
+#define CKK_AES (0x1fUL)
+#define CKK_BLOWFISH (0x20UL)
+#define CKK_TWOFISH (0x21UL)
+#define CKK_VENDOR_DEFINED ((unsigned long) (1UL << 31))
+
+
+typedef unsigned long ck_certificate_type_t;
+
+#define CKC_X_509 (0UL)
+#define CKC_X_509_ATTR_CERT (1UL)
+#define CKC_WTLS (2UL)
+#define CKC_VENDOR_DEFINED ((unsigned long) (1UL << 31))
+
+
+typedef unsigned long ck_attribute_type_t;
+
+#define CKA_CLASS (0UL)
+#define CKA_TOKEN (1UL)
+#define CKA_PRIVATE (2UL)
+#define CKA_LABEL (3UL)
+#define CKA_APPLICATION (0x10UL)
+#define CKA_VALUE (0x11UL)
+#define CKA_OBJECT_ID (0x12UL)
+#define CKA_CERTIFICATE_TYPE (0x80UL)
+#define CKA_ISSUER (0x81UL)
+#define CKA_SERIAL_NUMBER (0x82UL)
+#define CKA_AC_ISSUER (0x83UL)
+#define CKA_OWNER (0x84UL)
+#define CKA_ATTR_TYPES (0x85UL)
+#define CKA_TRUSTED (0x86UL)
+#define CKA_CERTIFICATE_CATEGORY (0x87UL)
+#define CKA_JAVA_MIDP_SECURITY_DOMAIN (0x88UL)
+#define CKA_URL (0x89UL)
+#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY (0x8aUL)
+#define CKA_HASH_OF_ISSUER_PUBLIC_KEY (0x8bUL)
+#define CKA_CHECK_VALUE (0x90UL)
+#define CKA_KEY_TYPE (0x100UL)
+#define CKA_SUBJECT (0x101UL)
+#define CKA_ID (0x102UL)
+#define CKA_SENSITIVE (0x103UL)
+#define CKA_ENCRYPT (0x104UL)
+#define CKA_DECRYPT (0x105UL)
+#define CKA_WRAP (0x106UL)
+#define CKA_UNWRAP (0x107UL)
+#define CKA_SIGN (0x108UL)
+#define CKA_SIGN_RECOVER (0x109UL)
+#define CKA_VERIFY (0x10aUL)
+#define CKA_VERIFY_RECOVER (0x10bUL)
+#define CKA_DERIVE (0x10cUL)
+#define CKA_START_DATE (0x110UL)
+#define CKA_END_DATE (0x111UL)
+#define CKA_MODULUS (0x120UL)
+#define CKA_MODULUS_BITS (0x121UL)
+#define CKA_PUBLIC_EXPONENT (0x122UL)
+#define CKA_PRIVATE_EXPONENT (0x123UL)
+#define CKA_PRIME_1 (0x124UL)
+#define CKA_PRIME_2 (0x125UL)
+#define CKA_EXPONENT_1 (0x126UL)
+#define CKA_EXPONENT_2 (0x127UL)
+#define CKA_COEFFICIENT (0x128UL)
+#define CKA_PRIME (0x130UL)
+#define CKA_SUBPRIME (0x131UL)
+#define CKA_BASE (0x132UL)
+#define CKA_PRIME_BITS (0x133UL)
+#define CKA_SUB_PRIME_BITS (0x134UL)
+#define CKA_VALUE_BITS (0x160UL)
+#define CKA_VALUE_LEN (0x161UL)
+#define CKA_EXTRACTABLE (0x162UL)
+#define CKA_LOCAL (0x163UL)
+#define CKA_NEVER_EXTRACTABLE (0x164UL)
+#define CKA_ALWAYS_SENSITIVE (0x165UL)
+#define CKA_KEY_GEN_MECHANISM (0x166UL)
+#define CKA_MODIFIABLE (0x170UL)
+#define CKA_ECDSA_PARAMS (0x180UL)
+#define CKA_EC_PARAMS (0x180UL)
+#define CKA_EC_POINT (0x181UL)
+#define CKA_SECONDARY_AUTH (0x200UL)
+#define CKA_AUTH_PIN_FLAGS (0x201UL)
+#define CKA_ALWAYS_AUTHENTICATE (0x202UL)
+#define CKA_WRAP_WITH_TRUSTED (0x210UL)
+#define CKA_HW_FEATURE_TYPE (0x300UL)
+#define CKA_RESET_ON_INIT (0x301UL)
+#define CKA_HAS_RESET (0x302UL)
+#define CKA_PIXEL_X (0x400UL)
+#define CKA_PIXEL_Y (0x401UL)
+#define CKA_RESOLUTION (0x402UL)
+#define CKA_CHAR_ROWS (0x403UL)
+#define CKA_CHAR_COLUMNS (0x404UL)
+#define CKA_COLOR (0x405UL)
+#define CKA_BITS_PER_PIXEL (0x406UL)
+#define CKA_CHAR_SETS (0x480UL)
+#define CKA_ENCODING_METHODS (0x481UL)
+#define CKA_MIME_TYPES (0x482UL)
+#define CKA_MECHANISM_TYPE (0x500UL)
+#define CKA_REQUIRED_CMS_ATTRIBUTES (0x501UL)
+#define CKA_DEFAULT_CMS_ATTRIBUTES (0x502UL)
+#define CKA_SUPPORTED_CMS_ATTRIBUTES (0x503UL)
+#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x211UL)
+#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x212UL)
+#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE | 0x600UL)
+#define CKA_VENDOR_DEFINED ((unsigned long) (1UL << 31))
+
+
+struct ck_attribute
+{
+ ck_attribute_type_t type;
+ void *value;
+ unsigned long value_len;
+};
+
+
+struct ck_date
+{
+ unsigned char year[4];
+ unsigned char month[2];
+ unsigned char day[2];
+};
+
+
+typedef unsigned long ck_mechanism_type_t;
+
+#define CKM_RSA_PKCS_KEY_PAIR_GEN (0UL)
+#define CKM_RSA_PKCS (1UL)
+#define CKM_RSA_9796 (2UL)
+#define CKM_RSA_X_509 (3UL)
+#define CKM_MD2_RSA_PKCS (4UL)
+#define CKM_MD5_RSA_PKCS (5UL)
+#define CKM_SHA1_RSA_PKCS (6UL)
+#define CKM_RIPEMD128_RSA_PKCS (7UL)
+#define CKM_RIPEMD160_RSA_PKCS (8UL)
+#define CKM_RSA_PKCS_OAEP (9UL)
+#define CKM_RSA_X9_31_KEY_PAIR_GEN (0xaUL)
+#define CKM_RSA_X9_31 (0xbUL)
+#define CKM_SHA1_RSA_X9_31 (0xcUL)
+#define CKM_RSA_PKCS_PSS (0xdUL)
+#define CKM_SHA1_RSA_PKCS_PSS (0xeUL)
+#define CKM_DSA_KEY_PAIR_GEN (0x10UL)
+#define CKM_DSA (0x11UL)
+#define CKM_DSA_SHA1 (0x12UL)
+#define CKM_DH_PKCS_KEY_PAIR_GEN (0x20UL)
+#define CKM_DH_PKCS_DERIVE (0x21UL)
+#define CKM_X9_42_DH_KEY_PAIR_GEN (0x30UL)
+#define CKM_X9_42_DH_DERIVE (0x31UL)
+#define CKM_X9_42_DH_HYBRID_DERIVE (0x32UL)
+#define CKM_X9_42_MQV_DERIVE (0x33UL)
+#define CKM_SHA256_RSA_PKCS (0x40UL)
+#define CKM_SHA384_RSA_PKCS (0x41UL)
+#define CKM_SHA512_RSA_PKCS (0x42UL)
+#define CKM_SHA256_RSA_PKCS_PSS (0x43UL)
+#define CKM_SHA384_RSA_PKCS_PSS (0x44UL)
+#define CKM_SHA512_RSA_PKCS_PSS (0x45UL)
+#define CKM_RC2_KEY_GEN (0x100UL)
+#define CKM_RC2_ECB (0x101UL)
+#define CKM_RC2_CBC (0x102UL)
+#define CKM_RC2_MAC (0x103UL)
+#define CKM_RC2_MAC_GENERAL (0x104UL)
+#define CKM_RC2_CBC_PAD (0x105UL)
+#define CKM_RC4_KEY_GEN (0x110UL)
+#define CKM_RC4 (0x111UL)
+#define CKM_DES_KEY_GEN (0x120UL)
+#define CKM_DES_ECB (0x121UL)
+#define CKM_DES_CBC (0x122UL)
+#define CKM_DES_MAC (0x123UL)
+#define CKM_DES_MAC_GENERAL (0x124UL)
+#define CKM_DES_CBC_PAD (0x125UL)
+#define CKM_DES2_KEY_GEN (0x130UL)
+#define CKM_DES3_KEY_GEN (0x131UL)
+#define CKM_DES3_ECB (0x132UL)
+#define CKM_DES3_CBC (0x133UL)
+#define CKM_DES3_MAC (0x134UL)
+#define CKM_DES3_MAC_GENERAL (0x135UL)
+#define CKM_DES3_CBC_PAD (0x136UL)
+#define CKM_CDMF_KEY_GEN (0x140UL)
+#define CKM_CDMF_ECB (0x141UL)
+#define CKM_CDMF_CBC (0x142UL)
+#define CKM_CDMF_MAC (0x143UL)
+#define CKM_CDMF_MAC_GENERAL (0x144UL)
+#define CKM_CDMF_CBC_PAD (0x145UL)
+#define CKM_MD2 (0x200UL)
+#define CKM_MD2_HMAC (0x201UL)
+#define CKM_MD2_HMAC_GENERAL (0x202UL)
+#define CKM_MD5 (0x210UL)
+#define CKM_MD5_HMAC (0x211UL)
+#define CKM_MD5_HMAC_GENERAL (0x212UL)
+#define CKM_SHA_1 (0x220UL)
+#define CKM_SHA_1_HMAC (0x221UL)
+#define CKM_SHA_1_HMAC_GENERAL (0x222UL)
+#define CKM_RIPEMD128 (0x230UL)
+#define CKM_RIPEMD128_HMAC (0x231UL)
+#define CKM_RIPEMD128_HMAC_GENERAL (0x232UL)
+#define CKM_RIPEMD160 (0x240UL)
+#define CKM_RIPEMD160_HMAC (0x241UL)
+#define CKM_RIPEMD160_HMAC_GENERAL (0x242UL)
+#define CKM_SHA256 (0x250UL)
+#define CKM_SHA256_HMAC (0x251UL)
+#define CKM_SHA256_HMAC_GENERAL (0x252UL)
+#define CKM_SHA384 (0x260UL)
+#define CKM_SHA384_HMAC (0x261UL)
+#define CKM_SHA384_HMAC_GENERAL (0x262UL)
+#define CKM_SHA512 (0x270UL)
+#define CKM_SHA512_HMAC (0x271UL)
+#define CKM_SHA512_HMAC_GENERAL (0x272UL)
+#define CKM_CAST_KEY_GEN (0x300UL)
+#define CKM_CAST_ECB (0x301UL)
+#define CKM_CAST_CBC (0x302UL)
+#define CKM_CAST_MAC (0x303UL)
+#define CKM_CAST_MAC_GENERAL (0x304UL)
+#define CKM_CAST_CBC_PAD (0x305UL)
+#define CKM_CAST3_KEY_GEN (0x310UL)
+#define CKM_CAST3_ECB (0x311UL)
+#define CKM_CAST3_CBC (0x312UL)
+#define CKM_CAST3_MAC (0x313UL)
+#define CKM_CAST3_MAC_GENERAL (0x314UL)
+#define CKM_CAST3_CBC_PAD (0x315UL)
+#define CKM_CAST5_KEY_GEN (0x320UL)
+#define CKM_CAST128_KEY_GEN (0x320UL)
+#define CKM_CAST5_ECB (0x321UL)
+#define CKM_CAST128_ECB (0x321UL)
+#define CKM_CAST5_CBC (0x322UL)
+#define CKM_CAST128_CBC (0x322UL)
+#define CKM_CAST5_MAC (0x323UL)
+#define CKM_CAST128_MAC (0x323UL)
+#define CKM_CAST5_MAC_GENERAL (0x324UL)
+#define CKM_CAST128_MAC_GENERAL (0x324UL)
+#define CKM_CAST5_CBC_PAD (0x325UL)
+#define CKM_CAST128_CBC_PAD (0x325UL)
+#define CKM_RC5_KEY_GEN (0x330UL)
+#define CKM_RC5_ECB (0x331UL)
+#define CKM_RC5_CBC (0x332UL)
+#define CKM_RC5_MAC (0x333UL)
+#define CKM_RC5_MAC_GENERAL (0x334UL)
+#define CKM_RC5_CBC_PAD (0x335UL)
+#define CKM_IDEA_KEY_GEN (0x340UL)
+#define CKM_IDEA_ECB (0x341UL)
+#define CKM_IDEA_CBC (0x342UL)
+#define CKM_IDEA_MAC (0x343UL)
+#define CKM_IDEA_MAC_GENERAL (0x344UL)
+#define CKM_IDEA_CBC_PAD (0x345UL)
+#define CKM_GENERIC_SECRET_KEY_GEN (0x350UL)
+#define CKM_CONCATENATE_BASE_AND_KEY (0x360UL)
+#define CKM_CONCATENATE_BASE_AND_DATA (0x362UL)
+#define CKM_CONCATENATE_DATA_AND_BASE (0x363UL)
+#define CKM_XOR_BASE_AND_DATA (0x364UL)
+#define CKM_EXTRACT_KEY_FROM_KEY (0x365UL)
+#define CKM_SSL3_PRE_MASTER_KEY_GEN (0x370UL)
+#define CKM_SSL3_MASTER_KEY_DERIVE (0x371UL)
+#define CKM_SSL3_KEY_AND_MAC_DERIVE (0x372UL)
+#define CKM_SSL3_MASTER_KEY_DERIVE_DH (0x373UL)
+#define CKM_TLS_PRE_MASTER_KEY_GEN (0x374UL)
+#define CKM_TLS_MASTER_KEY_DERIVE (0x375UL)
+#define CKM_TLS_KEY_AND_MAC_DERIVE (0x376UL)
+#define CKM_TLS_MASTER_KEY_DERIVE_DH (0x377UL)
+#define CKM_SSL3_MD5_MAC (0x380UL)
+#define CKM_SSL3_SHA1_MAC (0x381UL)
+#define CKM_MD5_KEY_DERIVATION (0x390UL)
+#define CKM_MD2_KEY_DERIVATION (0x391UL)
+#define CKM_SHA1_KEY_DERIVATION (0x392UL)
+#define CKM_PBE_MD2_DES_CBC (0x3a0UL)
+#define CKM_PBE_MD5_DES_CBC (0x3a1UL)
+#define CKM_PBE_MD5_CAST_CBC (0x3a2UL)
+#define CKM_PBE_MD5_CAST3_CBC (0x3a3UL)
+#define CKM_PBE_MD5_CAST5_CBC (0x3a4UL)
+#define CKM_PBE_MD5_CAST128_CBC (0x3a4UL)
+#define CKM_PBE_SHA1_CAST5_CBC (0x3a5UL)
+#define CKM_PBE_SHA1_CAST128_CBC (0x3a5UL)
+#define CKM_PBE_SHA1_RC4_128 (0x3a6UL)
+#define CKM_PBE_SHA1_RC4_40 (0x3a7UL)
+#define CKM_PBE_SHA1_DES3_EDE_CBC (0x3a8UL)
+#define CKM_PBE_SHA1_DES2_EDE_CBC (0x3a9UL)
+#define CKM_PBE_SHA1_RC2_128_CBC (0x3aaUL)
+#define CKM_PBE_SHA1_RC2_40_CBC (0x3abUL)
+#define CKM_PKCS5_PBKD2 (0x3b0UL)
+#define CKM_PBA_SHA1_WITH_SHA1_HMAC (0x3c0UL)
+#define CKM_KEY_WRAP_LYNKS (0x400UL)
+#define CKM_KEY_WRAP_SET_OAEP (0x401UL)
+#define CKM_SKIPJACK_KEY_GEN (0x1000UL)
+#define CKM_SKIPJACK_ECB64 (0x1001UL)
+#define CKM_SKIPJACK_CBC64 (0x1002UL)
+#define CKM_SKIPJACK_OFB64 (0x1003UL)
+#define CKM_SKIPJACK_CFB64 (0x1004UL)
+#define CKM_SKIPJACK_CFB32 (0x1005UL)
+#define CKM_SKIPJACK_CFB16 (0x1006UL)
+#define CKM_SKIPJACK_CFB8 (0x1007UL)
+#define CKM_SKIPJACK_WRAP (0x1008UL)
+#define CKM_SKIPJACK_PRIVATE_WRAP (0x1009UL)
+#define CKM_SKIPJACK_RELAYX (0x100aUL)
+#define CKM_KEA_KEY_PAIR_GEN (0x1010UL)
+#define CKM_KEA_KEY_DERIVE (0x1011UL)
+#define CKM_FORTEZZA_TIMESTAMP (0x1020UL)
+#define CKM_BATON_KEY_GEN (0x1030UL)
+#define CKM_BATON_ECB128 (0x1031UL)
+#define CKM_BATON_ECB96 (0x1032UL)
+#define CKM_BATON_CBC128 (0x1033UL)
+#define CKM_BATON_COUNTER (0x1034UL)
+#define CKM_BATON_SHUFFLE (0x1035UL)
+#define CKM_BATON_WRAP (0x1036UL)
+#define CKM_ECDSA_KEY_PAIR_GEN (0x1040UL)
+#define CKM_EC_KEY_PAIR_GEN (0x1040UL)
+#define CKM_ECDSA (0x1041UL)
+#define CKM_ECDSA_SHA1 (0x1042UL)
+#define CKM_ECDH1_DERIVE (0x1050UL)
+#define CKM_ECDH1_COFACTOR_DERIVE (0x1051UL)
+#define CKM_ECMQV_DERIVE (0x1052UL)
+#define CKM_JUNIPER_KEY_GEN (0x1060UL)
+#define CKM_JUNIPER_ECB128 (0x1061UL)
+#define CKM_JUNIPER_CBC128 (0x1062UL)
+#define CKM_JUNIPER_COUNTER (0x1063UL)
+#define CKM_JUNIPER_SHUFFLE (0x1064UL)
+#define CKM_JUNIPER_WRAP (0x1065UL)
+#define CKM_FASTHASH (0x1070UL)
+#define CKM_AES_KEY_GEN (0x1080UL)
+#define CKM_AES_ECB (0x1081UL)
+#define CKM_AES_CBC (0x1082UL)
+#define CKM_AES_MAC (0x1083UL)
+#define CKM_AES_MAC_GENERAL (0x1084UL)
+#define CKM_AES_CBC_PAD (0x1085UL)
+#define CKM_DSA_PARAMETER_GEN (0x2000UL)
+#define CKM_DH_PKCS_PARAMETER_GEN (0x2001UL)
+#define CKM_X9_42_DH_PARAMETER_GEN (0x2002UL)
+#define CKM_VENDOR_DEFINED ((unsigned long) (1UL << 31))
+
+
+struct ck_mechanism
+{
+ ck_mechanism_type_t mechanism;
+ void *parameter;
+ unsigned long parameter_len;
+};
+
+
+struct ck_mechanism_info
+{
+ unsigned long min_key_size;
+ unsigned long max_key_size;
+ ck_flags_t flags;
+};
+
+#define CKF_HW (1UL << 0)
+#define CKF_ENCRYPT (1UL << 8)
+#define CKF_DECRYPT (1UL << 9)
+#define CKF_DIGEST (1UL << 10)
+#define CKF_SIGN (1UL << 11)
+#define CKF_SIGN_RECOVER (1UL << 12)
+#define CKF_VERIFY (1UL << 13)
+#define CKF_VERIFY_RECOVER (1UL << 14)
+#define CKF_GENERATE (1UL << 15)
+#define CKF_GENERATE_KEY_PAIR (1UL << 16)
+#define CKF_WRAP (1UL << 17)
+#define CKF_UNWRAP (1UL << 18)
+#define CKF_DERIVE (1UL << 19)
+#define CKF_EXTENSION ((unsigned long) (1UL << 31))
+
+
+/* Flags for C_WaitForSlotEvent. */
+#define CKF_DONT_BLOCK (1UL)
+
+
+typedef unsigned long ck_rv_t;
+
+
+typedef ck_rv_t (*ck_notify_t) (ck_session_handle_t session,
+ ck_notification_t event, void *application);
+
+/* Forward reference. */
+struct ck_function_list;
+
+#define _CK_DECLARE_FUNCTION(name, args) \
+typedef ck_rv_t (*CK_ ## name) args; \
+ck_rv_t CK_SPEC name args
+
+_CK_DECLARE_FUNCTION (C_Initialize, (void *init_args));
+_CK_DECLARE_FUNCTION (C_Finalize, (void *reserved));
+_CK_DECLARE_FUNCTION (C_GetInfo, (struct ck_info *info));
+_CK_DECLARE_FUNCTION (C_GetFunctionList,
+ (struct ck_function_list **function_list));
+
+_CK_DECLARE_FUNCTION (C_GetSlotList,
+ (unsigned char token_present, ck_slot_id_t *slot_list,
+ unsigned long *count));
+_CK_DECLARE_FUNCTION (C_GetSlotInfo,
+ (ck_slot_id_t slot_id, struct ck_slot_info *info));
+_CK_DECLARE_FUNCTION (C_GetTokenInfo,
+ (ck_slot_id_t slot_id, struct ck_token_info *info));
+_CK_DECLARE_FUNCTION (C_WaitForSlotEvent,
+ (ck_flags_t flags, ck_slot_id_t *slot, void *reserved));
+_CK_DECLARE_FUNCTION (C_GetMechanismList,
+ (ck_slot_id_t slot_id,
+ ck_mechanism_type_t *mechanism_list,
+ unsigned long *count));
+_CK_DECLARE_FUNCTION (C_GetMechanismInfo,
+ (ck_slot_id_t slot_id, ck_mechanism_type_t type,
+ struct ck_mechanism_info *info));
+_CK_DECLARE_FUNCTION (C_InitToken,
+ (ck_slot_id_t slot_id, unsigned char *pin,
+ unsigned long pin_len, unsigned char *label));
+_CK_DECLARE_FUNCTION (C_InitPIN,
+ (ck_session_handle_t session, unsigned char *pin,
+ unsigned long pin_len));
+_CK_DECLARE_FUNCTION (C_SetPIN,
+ (ck_session_handle_t session, unsigned char *old_pin,
+ unsigned long old_len, unsigned char *new_pin,
+ unsigned long new_len));
+
+_CK_DECLARE_FUNCTION (C_OpenSession,
+ (ck_slot_id_t slot_id, ck_flags_t flags,
+ void *application, ck_notify_t notify,
+ ck_session_handle_t *session));
+_CK_DECLARE_FUNCTION (C_CloseSession, (ck_session_handle_t session));
+_CK_DECLARE_FUNCTION (C_CloseAllSessions, (ck_slot_id_t slot_id));
+_CK_DECLARE_FUNCTION (C_GetSessionInfo,
+ (ck_session_handle_t session,
+ struct ck_session_info *info));
+_CK_DECLARE_FUNCTION (C_GetOperationState,
+ (ck_session_handle_t session,
+ unsigned char *operation_state,
+ unsigned long *operation_state_len));
+_CK_DECLARE_FUNCTION (C_SetOperationState,
+ (ck_session_handle_t session,
+ unsigned char *operation_state,
+ unsigned long operation_state_len,
+ ck_object_handle_t encryption_key,
+ ck_object_handle_t authentiation_key));
+_CK_DECLARE_FUNCTION (C_Login,
+ (ck_session_handle_t session, ck_user_type_t user_type,
+ unsigned char *pin, unsigned long pin_len));
+_CK_DECLARE_FUNCTION (C_Logout, (ck_session_handle_t session));
+
+_CK_DECLARE_FUNCTION (C_CreateObject,
+ (ck_session_handle_t session,
+ struct ck_attribute *templ,
+ unsigned long count, ck_object_handle_t *object));
+_CK_DECLARE_FUNCTION (C_CopyObject,
+ (ck_session_handle_t session, ck_object_handle_t object,
+ struct ck_attribute *templ, unsigned long count,
+ ck_object_handle_t *new_object));
+_CK_DECLARE_FUNCTION (C_DestroyObject,
+ (ck_session_handle_t session,
+ ck_object_handle_t object));
+_CK_DECLARE_FUNCTION (C_GetObjectSize,
+ (ck_session_handle_t session,
+ ck_object_handle_t object,
+ unsigned long *size));
+_CK_DECLARE_FUNCTION (C_GetAttributeValue,
+ (ck_session_handle_t session,
+ ck_object_handle_t object,
+ struct ck_attribute *templ,
+ unsigned long count));
+_CK_DECLARE_FUNCTION (C_SetAttributeValue,
+ (ck_session_handle_t session,
+ ck_object_handle_t object,
+ struct ck_attribute *templ,
+ unsigned long count));
+_CK_DECLARE_FUNCTION (C_FindObjectsInit,
+ (ck_session_handle_t session,
+ struct ck_attribute *templ,
+ unsigned long count));
+_CK_DECLARE_FUNCTION (C_FindObjects,
+ (ck_session_handle_t session,
+ ck_object_handle_t *object,
+ unsigned long max_object_count,
+ unsigned long *object_count));
+_CK_DECLARE_FUNCTION (C_FindObjectsFinal,
+ (ck_session_handle_t session));
+
+_CK_DECLARE_FUNCTION (C_EncryptInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key));
+_CK_DECLARE_FUNCTION (C_Encrypt,
+ (ck_session_handle_t session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *encrypted_data,
+ unsigned long *encrypted_data_len));
+_CK_DECLARE_FUNCTION (C_EncryptUpdate,
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len));
+_CK_DECLARE_FUNCTION (C_EncryptFinal,
+ (ck_session_handle_t session,
+ unsigned char *last_encrypted_part,
+ unsigned long *last_encrypted_part_len));
+
+_CK_DECLARE_FUNCTION (C_DecryptInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key));
+_CK_DECLARE_FUNCTION (C_Decrypt,
+ (ck_session_handle_t session,
+ unsigned char *encrypted_data,
+ unsigned long encrypted_data_len,
+ unsigned char *data, unsigned long *data_len));
+_CK_DECLARE_FUNCTION (C_DecryptUpdate,
+ (ck_session_handle_t session,
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part, unsigned long *part_len));
+_CK_DECLARE_FUNCTION (C_DecryptFinal,
+ (ck_session_handle_t session,
+ unsigned char *last_part,
+ unsigned long *last_part_len));
+
+_CK_DECLARE_FUNCTION (C_DigestInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism));
+_CK_DECLARE_FUNCTION (C_Digest,
+ (ck_session_handle_t session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *digest,
+ unsigned long *digest_len));
+_CK_DECLARE_FUNCTION (C_DigestUpdate,
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len));
+_CK_DECLARE_FUNCTION (C_DigestKey,
+ (ck_session_handle_t session, ck_object_handle_t key));
+_CK_DECLARE_FUNCTION (C_DigestFinal,
+ (ck_session_handle_t session,
+ unsigned char *digest,
+ unsigned long *digest_len));
+
+_CK_DECLARE_FUNCTION (C_SignInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key));
+_CK_DECLARE_FUNCTION (C_Sign,
+ (ck_session_handle_t session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *signature,
+ unsigned long *signature_len));
+_CK_DECLARE_FUNCTION (C_SignUpdate,
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len));
+_CK_DECLARE_FUNCTION (C_SignFinal,
+ (ck_session_handle_t session,
+ unsigned char *signature,
+ unsigned long *signature_len));
+_CK_DECLARE_FUNCTION (C_SignRecoverInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key));
+_CK_DECLARE_FUNCTION (C_SignRecover,
+ (ck_session_handle_t session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *signature,
+ unsigned long *signature_len));
+
+_CK_DECLARE_FUNCTION (C_VerifyInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key));
+_CK_DECLARE_FUNCTION (C_Verify,
+ (ck_session_handle_t session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *signature,
+ unsigned long signature_len));
+_CK_DECLARE_FUNCTION (C_VerifyUpdate,
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len));
+_CK_DECLARE_FUNCTION (C_VerifyFinal,
+ (ck_session_handle_t session,
+ unsigned char *signature,
+ unsigned long signature_len));
+_CK_DECLARE_FUNCTION (C_VerifyRecoverInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key));
+_CK_DECLARE_FUNCTION (C_VerifyRecover,
+ (ck_session_handle_t session,
+ unsigned char *signature,
+ unsigned long signature_len,
+ unsigned char *data,
+ unsigned long *data_len));
+
+_CK_DECLARE_FUNCTION (C_DigestEncryptUpdate,
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len));
+_CK_DECLARE_FUNCTION (C_DecryptDigestUpdate,
+ (ck_session_handle_t session,
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part,
+ unsigned long *part_len));
+_CK_DECLARE_FUNCTION (C_SignEncryptUpdate,
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len));
+_CK_DECLARE_FUNCTION (C_DecryptVerifyUpdate,
+ (ck_session_handle_t session,
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part,
+ unsigned long *part_len));
+
+_CK_DECLARE_FUNCTION (C_GenerateKey,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ struct ck_attribute *templ,
+ unsigned long count,
+ ck_object_handle_t *key));
+_CK_DECLARE_FUNCTION (C_GenerateKeyPair,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ struct ck_attribute *public_key_template,
+ unsigned long public_key_attribute_count,
+ struct ck_attribute *private_key_template,
+ unsigned long private_key_attribute_count,
+ ck_object_handle_t *public_key,
+ ck_object_handle_t *private_key));
+_CK_DECLARE_FUNCTION (C_WrapKey,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t wrapping_key,
+ ck_object_handle_t key,
+ unsigned char *wrapped_key,
+ unsigned long *wrapped_key_len));
+_CK_DECLARE_FUNCTION (C_UnwrapKey,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t unwrapping_key,
+ unsigned char *wrapped_key,
+ unsigned long wrapped_key_len,
+ struct ck_attribute *templ,
+ unsigned long attribute_count,
+ ck_object_handle_t *key));
+_CK_DECLARE_FUNCTION (C_DeriveKey,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t base_key,
+ struct ck_attribute *templ,
+ unsigned long attribute_count,
+ ck_object_handle_t *key));
+
+_CK_DECLARE_FUNCTION (C_SeedRandom,
+ (ck_session_handle_t session, unsigned char *seed,
+ unsigned long seed_len));
+_CK_DECLARE_FUNCTION (C_GenerateRandom,
+ (ck_session_handle_t session,
+ unsigned char *random_data,
+ unsigned long random_len));
+
+_CK_DECLARE_FUNCTION (C_GetFunctionStatus, (ck_session_handle_t session));
+_CK_DECLARE_FUNCTION (C_CancelFunction, (ck_session_handle_t session));
+
+
+struct ck_function_list
+{
+ struct ck_version version;
+ CK_C_Initialize C_Initialize;
+ CK_C_Finalize C_Finalize;
+ CK_C_GetInfo C_GetInfo;
+ CK_C_GetFunctionList C_GetFunctionList;
+ CK_C_GetSlotList C_GetSlotList;
+ CK_C_GetSlotInfo C_GetSlotInfo;
+ CK_C_GetTokenInfo C_GetTokenInfo;
+ CK_C_GetMechanismList C_GetMechanismList;
+ CK_C_GetMechanismInfo C_GetMechanismInfo;
+ CK_C_InitToken C_InitToken;
+ CK_C_InitPIN C_InitPIN;
+ CK_C_SetPIN C_SetPIN;
+ CK_C_OpenSession C_OpenSession;
+ CK_C_CloseSession C_CloseSession;
+ CK_C_CloseAllSessions C_CloseAllSessions;
+ CK_C_GetSessionInfo C_GetSessionInfo;
+ CK_C_GetOperationState C_GetOperationState;
+ CK_C_SetOperationState C_SetOperationState;
+ CK_C_Login C_Login;
+ CK_C_Logout C_Logout;
+ CK_C_CreateObject C_CreateObject;
+ CK_C_CopyObject C_CopyObject;
+ CK_C_DestroyObject C_DestroyObject;
+ CK_C_GetObjectSize C_GetObjectSize;
+ CK_C_GetAttributeValue C_GetAttributeValue;
+ CK_C_SetAttributeValue C_SetAttributeValue;
+ CK_C_FindObjectsInit C_FindObjectsInit;
+ CK_C_FindObjects C_FindObjects;
+ CK_C_FindObjectsFinal C_FindObjectsFinal;
+ CK_C_EncryptInit C_EncryptInit;
+ CK_C_Encrypt C_Encrypt;
+ CK_C_EncryptUpdate C_EncryptUpdate;
+ CK_C_EncryptFinal C_EncryptFinal;
+ CK_C_DecryptInit C_DecryptInit;
+ CK_C_Decrypt C_Decrypt;
+ CK_C_DecryptUpdate C_DecryptUpdate;
+ CK_C_DecryptFinal C_DecryptFinal;
+ CK_C_DigestInit C_DigestInit;
+ CK_C_Digest C_Digest;
+ CK_C_DigestUpdate C_DigestUpdate;
+ CK_C_DigestKey C_DigestKey;
+ CK_C_DigestFinal C_DigestFinal;
+ CK_C_SignInit C_SignInit;
+ CK_C_Sign C_Sign;
+ CK_C_SignUpdate C_SignUpdate;
+ CK_C_SignFinal C_SignFinal;
+ CK_C_SignRecoverInit C_SignRecoverInit;
+ CK_C_SignRecover C_SignRecover;
+ CK_C_VerifyInit C_VerifyInit;
+ CK_C_Verify C_Verify;
+ CK_C_VerifyUpdate C_VerifyUpdate;
+ CK_C_VerifyFinal C_VerifyFinal;
+ CK_C_VerifyRecoverInit C_VerifyRecoverInit;
+ CK_C_VerifyRecover C_VerifyRecover;
+ CK_C_DigestEncryptUpdate C_DigestEncryptUpdate;
+ CK_C_DecryptDigestUpdate C_DecryptDigestUpdate;
+ CK_C_SignEncryptUpdate C_SignEncryptUpdate;
+ CK_C_DecryptVerifyUpdate C_DecryptVerifyUpdate;
+ CK_C_GenerateKey C_GenerateKey;
+ CK_C_GenerateKeyPair C_GenerateKeyPair;
+ CK_C_WrapKey C_WrapKey;
+ CK_C_UnwrapKey C_UnwrapKey;
+ CK_C_DeriveKey C_DeriveKey;
+ CK_C_SeedRandom C_SeedRandom;
+ CK_C_GenerateRandom C_GenerateRandom;
+ CK_C_GetFunctionStatus C_GetFunctionStatus;
+ CK_C_CancelFunction C_CancelFunction;
+ CK_C_WaitForSlotEvent C_WaitForSlotEvent;
+};
+
+
+typedef ck_rv_t (*ck_createmutex_t) (void **mutex);
+typedef ck_rv_t (*ck_destroymutex_t) (void *mutex);
+typedef ck_rv_t (*ck_lockmutex_t) (void *mutex);
+typedef ck_rv_t (*ck_unlockmutex_t) (void *mutex);
+
+
+struct ck_c_initialize_args
+{
+ ck_createmutex_t create_mutex;
+ ck_destroymutex_t destroy_mutex;
+ ck_lockmutex_t lock_mutex;
+ ck_unlockmutex_t unlock_mutex;
+ ck_flags_t flags;
+ void *reserved;
+};
+
+
+#define CKF_LIBRARY_CANT_CREATE_OS_THREADS (1UL << 0)
+#define CKF_OS_LOCKING_OK (1UL << 1)
+
+#define CKR_OK (0UL)
+#define CKR_CANCEL (1UL)
+#define CKR_HOST_MEMORY (2UL)
+#define CKR_SLOT_ID_INVALID (3UL)
+#define CKR_GENERAL_ERROR (5UL)
+#define CKR_FUNCTION_FAILED (6UL)
+#define CKR_ARGUMENTS_BAD (7UL)
+#define CKR_NO_EVENT (8UL)
+#define CKR_NEED_TO_CREATE_THREADS (9UL)
+#define CKR_CANT_LOCK (0xaUL)
+#define CKR_ATTRIBUTE_READ_ONLY (0x10UL)
+#define CKR_ATTRIBUTE_SENSITIVE (0x11UL)
+#define CKR_ATTRIBUTE_TYPE_INVALID (0x12UL)
+#define CKR_ATTRIBUTE_VALUE_INVALID (0x13UL)
+#define CKR_DATA_INVALID (0x20UL)
+#define CKR_DATA_LEN_RANGE (0x21UL)
+#define CKR_DEVICE_ERROR (0x30UL)
+#define CKR_DEVICE_MEMORY (0x31UL)
+#define CKR_DEVICE_REMOVED (0x32UL)
+#define CKR_ENCRYPTED_DATA_INVALID (0x40UL)
+#define CKR_ENCRYPTED_DATA_LEN_RANGE (0x41UL)
+#define CKR_FUNCTION_CANCELED (0x50UL)
+#define CKR_FUNCTION_NOT_PARALLEL (0x51UL)
+#define CKR_FUNCTION_NOT_SUPPORTED (0x54UL)
+#define CKR_KEY_HANDLE_INVALID (0x60UL)
+#define CKR_KEY_SIZE_RANGE (0x62UL)
+#define CKR_KEY_TYPE_INCONSISTENT (0x63UL)
+#define CKR_KEY_NOT_NEEDED (0x64UL)
+#define CKR_KEY_CHANGED (0x65UL)
+#define CKR_KEY_NEEDED (0x66UL)
+#define CKR_KEY_INDIGESTIBLE (0x67UL)
+#define CKR_KEY_FUNCTION_NOT_PERMITTED (0x68UL)
+#define CKR_KEY_NOT_WRAPPABLE (0x69UL)
+#define CKR_KEY_UNEXTRACTABLE (0x6aUL)
+#define CKR_MECHANISM_INVALID (0x70UL)
+#define CKR_MECHANISM_PARAM_INVALID (0x71UL)
+#define CKR_OBJECT_HANDLE_INVALID (0x82UL)
+#define CKR_OPERATION_ACTIVE (0x90UL)
+#define CKR_OPERATION_NOT_INITIALIZED (0x91UL)
+#define CKR_PIN_INCORRECT (0xa0UL)
+#define CKR_PIN_INVALID (0xa1UL)
+#define CKR_PIN_LEN_RANGE (0xa2UL)
+#define CKR_PIN_EXPIRED (0xa3UL)
+#define CKR_PIN_LOCKED (0xa4UL)
+#define CKR_SESSION_CLOSED (0xb0UL)
+#define CKR_SESSION_COUNT (0xb1UL)
+#define CKR_SESSION_HANDLE_INVALID (0xb3UL)
+#define CKR_SESSION_PARALLEL_NOT_SUPPORTED (0xb4UL)
+#define CKR_SESSION_READ_ONLY (0xb5UL)
+#define CKR_SESSION_EXISTS (0xb6UL)
+#define CKR_SESSION_READ_ONLY_EXISTS (0xb7UL)
+#define CKR_SESSION_READ_WRITE_SO_EXISTS (0xb8UL)
+#define CKR_SIGNATURE_INVALID (0xc0UL)
+#define CKR_SIGNATURE_LEN_RANGE (0xc1UL)
+#define CKR_TEMPLATE_INCOMPLETE (0xd0UL)
+#define CKR_TEMPLATE_INCONSISTENT (0xd1UL)
+#define CKR_TOKEN_NOT_PRESENT (0xe0UL)
+#define CKR_TOKEN_NOT_RECOGNIZED (0xe1UL)
+#define CKR_TOKEN_WRITE_PROTECTED (0xe2UL)
+#define CKR_UNWRAPPING_KEY_HANDLE_INVALID (0xf0UL)
+#define CKR_UNWRAPPING_KEY_SIZE_RANGE (0xf1UL)
+#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT (0xf2UL)
+#define CKR_USER_ALREADY_LOGGED_IN (0x100UL)
+#define CKR_USER_NOT_LOGGED_IN (0x101UL)
+#define CKR_USER_PIN_NOT_INITIALIZED (0x102UL)
+#define CKR_USER_TYPE_INVALID (0x103UL)
+#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN (0x104UL)
+#define CKR_USER_TOO_MANY_TYPES (0x105UL)
+#define CKR_WRAPPED_KEY_INVALID (0x110UL)
+#define CKR_WRAPPED_KEY_LEN_RANGE (0x112UL)
+#define CKR_WRAPPING_KEY_HANDLE_INVALID (0x113UL)
+#define CKR_WRAPPING_KEY_SIZE_RANGE (0x114UL)
+#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT (0x115UL)
+#define CKR_RANDOM_SEED_NOT_SUPPORTED (0x120UL)
+#define CKR_RANDOM_NO_RNG (0x121UL)
+#define CKR_DOMAIN_PARAMS_INVALID (0x130UL)
+#define CKR_BUFFER_TOO_SMALL (0x150UL)
+#define CKR_SAVED_STATE_INVALID (0x160UL)
+#define CKR_INFORMATION_SENSITIVE (0x170UL)
+#define CKR_STATE_UNSAVEABLE (0x180UL)
+#define CKR_CRYPTOKI_NOT_INITIALIZED (0x190UL)
+#define CKR_CRYPTOKI_ALREADY_INITIALIZED (0x191UL)
+#define CKR_MUTEX_BAD (0x1a0UL)
+#define CKR_MUTEX_NOT_LOCKED (0x1a1UL)
+#define CKR_FUNCTION_REJECTED (0x200UL)
+#define CKR_VENDOR_DEFINED ((unsigned long) (1UL << 31))
+
+
+
+/* Compatibility layer. */
+
+#ifdef CRYPTOKI_COMPAT
+
+#undef CK_DEFINE_FUNCTION
+#define CK_DEFINE_FUNCTION(retval, name) retval CK_SPEC name
+
+/* For NULL. */
+#include <stddef.h>
+
+typedef unsigned char CK_BYTE;
+typedef unsigned char CK_CHAR;
+typedef unsigned char CK_UTF8CHAR;
+typedef unsigned char CK_BBOOL;
+typedef unsigned long int CK_ULONG;
+typedef long int CK_LONG;
+typedef CK_BYTE *CK_BYTE_PTR;
+typedef CK_CHAR *CK_CHAR_PTR;
+typedef CK_UTF8CHAR *CK_UTF8CHAR_PTR;
+typedef CK_ULONG *CK_ULONG_PTR;
+typedef void *CK_VOID_PTR;
+typedef void **CK_VOID_PTR_PTR;
+#define CK_FALSE 0
+#define CK_TRUE 1
+#ifndef CK_DISABLE_TRUE_FALSE
+#ifndef FALSE
+#define FALSE 0
+#endif
+#ifndef TRUE
+#define TRUE 1
+#endif
+#endif
+
+typedef struct ck_version CK_VERSION;
+typedef struct ck_version *CK_VERSION_PTR;
+
+typedef struct ck_info CK_INFO;
+typedef struct ck_info *CK_INFO_PTR;
+
+typedef ck_slot_id_t *CK_SLOT_ID_PTR;
+
+typedef struct ck_slot_info CK_SLOT_INFO;
+typedef struct ck_slot_info *CK_SLOT_INFO_PTR;
+
+typedef struct ck_token_info CK_TOKEN_INFO;
+typedef struct ck_token_info *CK_TOKEN_INFO_PTR;
+
+typedef ck_session_handle_t *CK_SESSION_HANDLE_PTR;
+
+typedef struct ck_session_info CK_SESSION_INFO;
+typedef struct ck_session_info *CK_SESSION_INFO_PTR;
+
+typedef ck_object_handle_t *CK_OBJECT_HANDLE_PTR;
+
+typedef ck_object_class_t *CK_OBJECT_CLASS_PTR;
+
+typedef struct ck_attribute CK_ATTRIBUTE;
+typedef struct ck_attribute *CK_ATTRIBUTE_PTR;
+
+typedef struct ck_date CK_DATE;
+typedef struct ck_date *CK_DATE_PTR;
+
+typedef ck_mechanism_type_t *CK_MECHANISM_TYPE_PTR;
+
+typedef struct ck_mechanism CK_MECHANISM;
+typedef struct ck_mechanism *CK_MECHANISM_PTR;
+
+typedef struct ck_mechanism_info CK_MECHANISM_INFO;
+typedef struct ck_mechanism_info *CK_MECHANISM_INFO_PTR;
+
+typedef struct ck_function_list CK_FUNCTION_LIST;
+typedef struct ck_function_list *CK_FUNCTION_LIST_PTR;
+typedef struct ck_function_list **CK_FUNCTION_LIST_PTR_PTR;
+
+typedef struct ck_c_initialize_args CK_C_INITIALIZE_ARGS;
+typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR;
+
+#define NULL_PTR NULL
+
+/* Delete the helper macros defined at the top of the file. */
+#undef ck_flags_t
+#undef ck_version
+
+#undef ck_info
+#undef cryptoki_version
+#undef manufacturer_id
+#undef library_description
+#undef library_version
+
+#undef ck_notification_t
+#undef ck_slot_id_t
+
+#undef ck_slot_info
+#undef slot_description
+#undef hardware_version
+#undef firmware_version
+
+#undef ck_token_info
+#undef serial_number
+#undef max_session_count
+#undef session_count
+#undef max_rw_session_count
+#undef rw_session_count
+#undef max_pin_len
+#undef min_pin_len
+#undef total_public_memory
+#undef free_public_memory
+#undef total_private_memory
+#undef free_private_memory
+#undef utc_time
+
+#undef ck_session_handle_t
+#undef ck_user_type_t
+#undef ck_state_t
+
+#undef ck_session_info
+#undef slot_id
+#undef device_error
+
+#undef ck_object_handle_t
+#undef ck_object_class_t
+#undef ck_hw_feature_type_t
+#undef ck_key_type_t
+#undef ck_certificate_type_t
+#undef ck_attribute_type_t
+
+#undef ck_attribute
+#undef value
+#undef value_len
+
+#undef ck_date
+
+#undef ck_mechanism_type_t
+
+#undef ck_mechanism
+#undef parameter
+#undef parameter_len
+
+#undef ck_mechanism_info
+#undef min_key_size
+#undef max_key_size
+
+#undef ck_rv_t
+#undef ck_notify_t
+
+#undef ck_function_list
+
+#undef ck_createmutex_t
+#undef ck_destroymutex_t
+#undef ck_lockmutex_t
+#undef ck_unlockmutex_t
+
+#undef ck_c_initialize_args
+#undef create_mutex
+#undef destroy_mutex
+#undef lock_mutex
+#undef unlock_mutex
+#undef reserved
+
+#endif /* CRYPTOKI_COMPAT */
+
+
+/* System dependencies. */
+#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32)
+#pragma pack(pop, cryptoki)
+#endif
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif /* PKCS11_H */
diff --git a/p11-kit/util.c b/p11-kit/util.c
new file mode 100644
index 0000000..516e70b
--- /dev/null
+++ b/p11-kit/util.c
@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 2011 Collabora Ltd
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ * * Redistributions in binary form must reproduce the
+ * above copyright notice, this list of conditions and
+ * the following disclaimer in the documentation and/or
+ * other materials provided with the distribution.
+ * * The names of contributors to this software may not be
+ * used to endorse or promote products derived from this
+ * software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ *
+ * CONTRIBUTORS
+ * Stef Walter <stef@memberwebs.com>
+ */
+
+#include "config.h"
+
+#include "util.h"
+
+#include <stdlib.h>
+
+void*
+xrealloc (void *memory, size_t length)
+{
+ void *allocated = realloc (memory, length);
+ if (!allocated)
+ free (memory);
+ return allocated;
+}
diff --git a/p11-kit/util.h b/p11-kit/util.h
new file mode 100644
index 0000000..73f06ec
--- /dev/null
+++ b/p11-kit/util.h
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2011 Collabora Ltd
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ * * Redistributions in binary form must reproduce the
+ * above copyright notice, this list of conditions and
+ * the following disclaimer in the documentation and/or
+ * other materials provided with the distribution.
+ * * The names of contributors to this software may not be
+ * used to endorse or promote products derived from this
+ * software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ *
+ * CONTRIBUTORS
+ * Stef Walter <stef@memberwebs.com>
+ */
+
+#ifndef __UTIL_H__
+#define __UTIL_H__
+
+#include <sys/types.h>
+
+void* xrealloc (void *memory, size_t length);
+
+#endif /* __UTIL_H__ */