summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--common/attrs.c49
-rw-r--r--common/attrs.h14
-rw-r--r--common/tests/test-attrs.c2
-rw-r--r--trust/tests/test-data.c15
-rw-r--r--trust/tests/test-data.h3
5 files changed, 63 insertions, 20 deletions
diff --git a/common/attrs.c b/common/attrs.c
index cce1aaf..e656189 100644
--- a/common/attrs.c
+++ b/common/attrs.c
@@ -274,7 +274,7 @@ p11_attrs_findn (CK_ATTRIBUTE *attrs,
}
bool
-p11_attrs_find_bool (CK_ATTRIBUTE *attrs,
+p11_attrs_find_bool (const CK_ATTRIBUTE *attrs,
CK_ATTRIBUTE_TYPE type,
CK_BBOOL *value)
{
@@ -293,7 +293,7 @@ p11_attrs_find_bool (CK_ATTRIBUTE *attrs,
}
bool
-p11_attrs_findn_bool (CK_ATTRIBUTE *attrs,
+p11_attrs_findn_bool (const CK_ATTRIBUTE *attrs,
CK_ULONG count,
CK_ATTRIBUTE_TYPE type,
CK_BBOOL *value)
@@ -313,7 +313,7 @@ p11_attrs_findn_bool (CK_ATTRIBUTE *attrs,
}
bool
-p11_attrs_find_ulong (CK_ATTRIBUTE *attrs,
+p11_attrs_find_ulong (const CK_ATTRIBUTE *attrs,
CK_ATTRIBUTE_TYPE type,
CK_ULONG *value)
{
@@ -331,6 +331,26 @@ p11_attrs_find_ulong (CK_ATTRIBUTE *attrs,
return false;
}
+bool
+p11_attrs_findn_ulong (const CK_ATTRIBUTE *attrs,
+ CK_ULONG count,
+ CK_ATTRIBUTE_TYPE type,
+ CK_ULONG *value)
+{
+ CK_ULONG i;
+
+ for (i = 0; i < count; i++) {
+ if (attrs[i].type == type &&
+ attrs[i].ulValueLen == sizeof (CK_ULONG) &&
+ attrs[i].pValue != NULL) {
+ *value = *((CK_ULONG *)attrs[i].pValue);
+ return true;
+ }
+ }
+
+ return false;
+}
+
void *
p11_attrs_find_value (CK_ATTRIBUTE *attrs,
CK_ATTRIBUTE_TYPE type,
@@ -551,7 +571,8 @@ attribute_is_trust_value (const CK_ATTRIBUTE *attr)
}
static bool
-attribute_is_sensitive (const CK_ATTRIBUTE *attr)
+attribute_is_sensitive (const CK_ATTRIBUTE *attr,
+ CK_OBJECT_CLASS klass)
{
/*
* Don't print any just attribute, since they may contain
@@ -667,6 +688,9 @@ attribute_is_sensitive (const CK_ATTRIBUTE *attr)
X (CKA_TRUST_STEP_UP_APPROVED)
X (CKA_CERT_SHA1_HASH)
X (CKA_CERT_MD5_HASH)
+ case CKA_VALUE:
+ return (klass != CKO_CERTIFICATE &&
+ klass != CKO_X_CERTIFICATE_EXTENSION);
#undef X
}
@@ -786,7 +810,8 @@ format_some_bytes (p11_buffer *buffer,
static void
format_attribute (p11_buffer *buffer,
- const CK_ATTRIBUTE *attr)
+ const CK_ATTRIBUTE *attr,
+ CK_OBJECT_CLASS klass)
{
p11_buffer_add (buffer, "{ ", -1);
format_attribute_type (buffer, attr->type);
@@ -805,7 +830,7 @@ format_attribute (p11_buffer *buffer,
format_key_type (buffer, *((CK_KEY_TYPE *)attr->pValue));
} else if (attribute_is_trust_value (attr)) {
format_trust_value (buffer, *((CK_TRUST *)attr->pValue));
- } else if (attribute_is_sensitive (attr)) {
+ } else if (attribute_is_sensitive (attr, klass)) {
buffer_append_printf (buffer, "(%lu) NOT-PRINTED", attr->ulValueLen);
} else {
buffer_append_printf (buffer, "(%lu) ", attr->ulValueLen);
@@ -820,10 +845,15 @@ format_attributes (p11_buffer *buffer,
int count)
{
CK_BBOOL first = CK_TRUE;
+ CK_OBJECT_CLASS klass;
int i;
if (count < 0)
count = p11_attrs_count (attrs);
+
+ if (!p11_attrs_findn_ulong (attrs, CKA_CLASS, count, &klass))
+ klass = CKA_INVALID;
+
buffer_append_printf (buffer, "(%d) [", count);
for (i = 0; i < count; i++) {
if (first)
@@ -831,7 +861,7 @@ format_attributes (p11_buffer *buffer,
else
p11_buffer_add (buffer, ", ", 2);
first = CK_FALSE;
- format_attribute (buffer, attrs + i);
+ format_attribute (buffer, attrs + i, klass);
}
p11_buffer_add (buffer, " ]", -1);
}
@@ -848,11 +878,12 @@ p11_attrs_to_string (const CK_ATTRIBUTE *attrs,
}
char *
-p11_attr_to_string (const CK_ATTRIBUTE *attr)
+p11_attr_to_string (const CK_ATTRIBUTE *attr,
+ CK_OBJECT_CLASS klass)
{
p11_buffer buffer;
if (!p11_buffer_init_null (&buffer, 32))
return_val_if_reached (NULL);
- format_attribute (&buffer, attr);
+ format_attribute (&buffer, attr, klass);
return p11_buffer_steal (&buffer, NULL);
}
diff --git a/common/attrs.h b/common/attrs.h
index 87e0af1..233ac79 100644
--- a/common/attrs.h
+++ b/common/attrs.h
@@ -74,16 +74,21 @@ CK_ATTRIBUTE * p11_attrs_findn (CK_ATTRIBUTE *attrs,
CK_ULONG count,
CK_ATTRIBUTE_TYPE type);
-bool p11_attrs_find_bool (CK_ATTRIBUTE *attrs,
+bool p11_attrs_find_bool (const CK_ATTRIBUTE *attrs,
CK_ATTRIBUTE_TYPE type,
CK_BBOOL *value);
-bool p11_attrs_findn_bool (CK_ATTRIBUTE *attrs,
+bool p11_attrs_findn_bool (const CK_ATTRIBUTE *attrs,
CK_ULONG count,
CK_ATTRIBUTE_TYPE type,
CK_BBOOL *value);
-bool p11_attrs_find_ulong (CK_ATTRIBUTE *attrs,
+bool p11_attrs_find_ulong (const CK_ATTRIBUTE *attrs,
+ CK_ATTRIBUTE_TYPE type,
+ CK_ULONG *value);
+
+bool p11_attrs_findn_ulong (const CK_ATTRIBUTE *attrs,
+ CK_ULONG count,
CK_ATTRIBUTE_TYPE type,
CK_ULONG *value);
@@ -107,7 +112,8 @@ bool p11_attrs_matchn (const CK_ATTRIBUTE *attrs,
char * p11_attrs_to_string (const CK_ATTRIBUTE *attrs,
int count);
-char * p11_attr_to_string (const CK_ATTRIBUTE *attr);
+char * p11_attr_to_string (const CK_ATTRIBUTE *attr,
+ CK_OBJECT_CLASS klass);
bool p11_attr_equal (const void *one,
const void *two);
diff --git a/common/tests/test-attrs.c b/common/tests/test-attrs.c
index 61fcef3..324ed90 100644
--- a/common/tests/test-attrs.c
+++ b/common/tests/test-attrs.c
@@ -470,7 +470,7 @@ test_to_string (CuTest *tc)
char *string;
- string = p11_attr_to_string (&one);
+ string = p11_attr_to_string (&one, CKA_INVALID);
CuAssertStrEquals (tc, "{ CKA_LABEL = (3) \"yay\" }", string);
free (string);
diff --git a/trust/tests/test-data.c b/trust/tests/test-data.c
index b235f33..6c55fd0 100644
--- a/trust/tests/test-data.c
+++ b/trust/tests/test-data.c
@@ -104,7 +104,7 @@ test_check_id_msg (CuTest *cu,
one = p11_attrs_find (expected, CKA_ID);
two = p11_attrs_find (attr, CKA_ID);
- test_check_attr_msg (cu, file, line, one, two);
+ test_check_attr_msg (cu, file, line, CKA_INVALID, one, two);
}
void
@@ -114,11 +114,15 @@ test_check_attrs_msg (CuTest *cu,
CK_ATTRIBUTE *expected,
CK_ATTRIBUTE *attrs)
{
+ CK_OBJECT_CLASS klass;
CK_ATTRIBUTE *attr;
+ if (!p11_attrs_find_ulong (expected, CKA_CLASS, &klass))
+ klass = CKA_INVALID;
+
while (!p11_attrs_terminator (expected)) {
attr = p11_attrs_find (attrs, expected->type);
- test_check_attr_msg (cu, file, line, expected, attr);
+ test_check_attr_msg (cu, file, line, klass, expected, attr);
expected++;
}
}
@@ -127,6 +131,7 @@ void
test_check_attr_msg (CuTest *cu,
const char *file,
int line,
+ CK_OBJECT_CLASS klass,
CK_ATTRIBUTE *expected,
CK_ATTRIBUTE *attr)
{
@@ -135,14 +140,14 @@ test_check_attr_msg (CuTest *cu,
if (attr == NULL) {
asprintf (&message, "expected %s but found NULL",
- p11_attr_to_string (expected));
+ p11_attr_to_string (expected, klass));
CuFail_Line (cu, file, line, "attribute does not match", message);
}
if (!p11_attr_equal (attr, expected)) {
asprintf (&message, "expected %s but found %s",
- p11_attr_to_string (expected),
- p11_attr_to_string (attr));
+ p11_attr_to_string (expected, klass),
+ p11_attr_to_string (attr, klass));
CuFail_Line (cu, file, line, "attribute does not match", message);
}
}
diff --git a/trust/tests/test-data.h b/trust/tests/test-data.h
index 9daff87..275dd70 100644
--- a/trust/tests/test-data.h
+++ b/trust/tests/test-data.h
@@ -68,11 +68,12 @@ void test_check_attrs_msg (CuTest *cu,
CK_ATTRIBUTE *attrs);
#define test_check_attr(cu, expected, attr) \
- test_check_attr_msg (cu, __FILE__, __LINE__, expected, attr)
+ test_check_attr_msg (cu, __FILE__, __LINE__, CKA_INVALID, expected, attr)
void test_check_attr_msg (CuTest *cu,
const char *file,
int line,
+ CK_OBJECT_CLASS klass,
CK_ATTRIBUTE *expected,
CK_ATTRIBUTE *attr);