1 files changed, 363 insertions, 0 deletions

diff --git a/common/constants.c b/common/constants.c
new file mode 100644
index 0000000..82bdb20
--- /dev/null
+++ b/common/constants.c
@@ -0,0 +1,363 @@
+/*
+ * Copyright (C) 2013, Redhat Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *     * Redistributions of source code must retain the above
+ *       copyright notice, this list of conditions and the
+ *       following disclaimer.
+ *     * Redistributions in binary form must reproduce the
+ *       above copyright notice, this list of conditions and
+ *       the following disclaimer in the documentation and/or
+ *       other materials provided with the distribution.
+ *     * The names of contributors to this software may not be
+ *       used to endorse or promote products derived from this
+ *       software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter <stefw@redhat.com>
+ */
+
+#include "config.h"
+
+#include "attrs.h"
+#include "constants.h"
+#include "debug.h"
+#include "pkcs11.h"
+#include "pkcs11x.h"
+
+#include <stdlib.h>
+
+#define ELEMS(x) (sizeof (x) / sizeof (x[0]))
+
+/*
+ * These are in numeric order of their type for easy lookup
+ * After changing something make sure to run the test-attrs
+ * test to verify everything is in order.
+ */
+
+#define CT(x, n) { x, #x, n },
+
+const p11_constant p11_constant_types[] = {
+	CT (CKA_CLASS, "class")
+	CT (CKA_TOKEN, "token")
+	CT (CKA_PRIVATE, "private")
+	CT (CKA_LABEL, "label")
+	CT (CKA_APPLICATION, "application")
+	CT (CKA_VALUE, "value")
+	CT (CKA_OBJECT_ID, "object-id")
+	CT (CKA_CERTIFICATE_TYPE, "certificate-type")
+	CT (CKA_ISSUER, "issuer")
+	CT (CKA_SERIAL_NUMBER, "serial-number")
+	CT (CKA_AC_ISSUER, "ac-issuer")
+	CT (CKA_OWNER, "owner")
+	CT (CKA_ATTR_TYPES, "attr-types")
+	CT (CKA_TRUSTED, "trusted")
+	CT (CKA_CERTIFICATE_CATEGORY, "certificate-category")
+	CT (CKA_JAVA_MIDP_SECURITY_DOMAIN, "java-midp-security-domain")
+	CT (CKA_URL, "url")
+	CT (CKA_HASH_OF_SUBJECT_PUBLIC_KEY, "hash-of-subject-public-key")
+	CT (CKA_HASH_OF_ISSUER_PUBLIC_KEY, "hash-of-issuer-public-key")
+	CT (CKA_CHECK_VALUE, "check-value")
+	CT (CKA_KEY_TYPE, "key-type")
+	CT (CKA_SUBJECT, "subject")
+	CT (CKA_ID, "id")
+	CT (CKA_SENSITIVE, "sensitive")
+	CT (CKA_ENCRYPT, "encrypt")
+	CT (CKA_DECRYPT, "decrypt")
+	CT (CKA_WRAP, "wrap")
+	CT (CKA_UNWRAP, "unwrap")
+	CT (CKA_SIGN, "sign")
+	CT (CKA_SIGN_RECOVER, "sign-recover")
+	CT (CKA_VERIFY, "verify")
+	CT (CKA_VERIFY_RECOVER, "recover")
+	CT (CKA_DERIVE, "derive")
+	CT (CKA_START_DATE, "start-date")
+	CT (CKA_END_DATE, "end-date")
+	CT (CKA_MODULUS, "modulus")
+	CT (CKA_MODULUS_BITS, "modulus-bits")
+	CT (CKA_PUBLIC_EXPONENT, "public-exponent")
+	CT (CKA_PRIVATE_EXPONENT, "private-exponent")
+	CT (CKA_PRIME_1, "prime-1")
+	CT (CKA_PRIME_2, "prime-2")
+	CT (CKA_EXPONENT_1, "exponent-1")
+	CT (CKA_EXPONENT_2, "exponent-2")
+	CT (CKA_COEFFICIENT, "coefficient")
+	CT (CKA_PRIME, "prime")
+	CT (CKA_SUBPRIME, "subprime")
+	CT (CKA_BASE, "base")
+	CT (CKA_PRIME_BITS, "prime-bits")
+	/* CT (CKA_SUBPRIME_BITS) */
+	CT (CKA_SUB_PRIME_BITS, "subprime-bits")
+	CT (CKA_VALUE_BITS, "value-bits")
+	CT (CKA_VALUE_LEN, "vaule-len")
+	CT (CKA_EXTRACTABLE, "extractable")
+	CT (CKA_LOCAL, "local")
+	CT (CKA_NEVER_EXTRACTABLE, "never-extractable")
+	CT (CKA_ALWAYS_SENSITIVE, "always-sensitive")
+	CT (CKA_KEY_GEN_MECHANISM, "key-gen-mechanism")
+	CT (CKA_MODIFIABLE, "modifiable")
+	CT (CKA_ECDSA_PARAMS, "ecdsa-params")
+	/* CT (CKA_EC_PARAMS) */
+	CT (CKA_EC_POINT, "ec-point")
+	CT (CKA_SECONDARY_AUTH, "secondary-auth")
+	CT (CKA_AUTH_PIN_FLAGS, "auth-pin-flags")
+	CT (CKA_ALWAYS_AUTHENTICATE, "always-authenticate")
+	CT (CKA_WRAP_WITH_TRUSTED, "wrap-with-trusted")
+	CT (CKA_HW_FEATURE_TYPE, "hw-feature-type")
+	CT (CKA_RESET_ON_INIT, "reset-on-init")
+	CT (CKA_HAS_RESET, "has-reset")
+	CT (CKA_PIXEL_X, "pixel-x")
+	CT (CKA_PIXEL_Y, "pixel-y")
+	CT (CKA_RESOLUTION, "resolution")
+	CT (CKA_CHAR_ROWS, "char-rows")
+	CT (CKA_CHAR_COLUMNS, "char-columns")
+	CT (CKA_COLOR, "color")
+	CT (CKA_BITS_PER_PIXEL, "bits-per-pixel")
+	CT (CKA_CHAR_SETS, "char-sets")
+	CT (CKA_ENCODING_METHODS, "encoding-methods")
+	CT (CKA_MIME_TYPES, "mime-types")
+	CT (CKA_MECHANISM_TYPE, "mechanism-type")
+	CT (CKA_REQUIRED_CMS_ATTRIBUTES, "required-cms-attributes")
+	CT (CKA_DEFAULT_CMS_ATTRIBUTES, "default-cms-attributes")
+	CT (CKA_SUPPORTED_CMS_ATTRIBUTES, "supported-cms-attributes")
+	CT (CKA_WRAP_TEMPLATE, "wrap-template")
+	CT (CKA_UNWRAP_TEMPLATE, "unwrap-template")
+	CT (CKA_ALLOWED_MECHANISMS, "allowed-mechanisms")
+	CT (CKA_NSS_URL, "nss-url")
+	CT (CKA_NSS_EMAIL, "nss-email")
+	CT (CKA_NSS_SMIME_INFO, "nss-smime-constant")
+	CT (CKA_NSS_SMIME_TIMESTAMP, "nss-smime-timestamp")
+	CT (CKA_NSS_PKCS8_SALT, "nss-pkcs8-salt")
+	CT (CKA_NSS_PASSWORD_CHECK, "nss-password-check")
+	CT (CKA_NSS_EXPIRES, "nss-expires")
+	CT (CKA_NSS_KRL, "nss-krl")
+	CT (CKA_NSS_PQG_COUNTER, "nss-pqg-counter")
+	CT (CKA_NSS_PQG_SEED, "nss-pqg-seed")
+	CT (CKA_NSS_PQG_H, "nss-pqg-h")
+	CT (CKA_NSS_PQG_SEED_BITS, "nss-pqg-seed-bits")
+	CT (CKA_NSS_MODULE_SPEC, "nss-module-spec")
+	CT (CKA_TRUST_DIGITAL_SIGNATURE, "trust-digital-signature")
+	CT (CKA_TRUST_NON_REPUDIATION, "trust-non-repudiation")
+	CT (CKA_TRUST_KEY_ENCIPHERMENT, "trust-key-encipherment")
+	CT (CKA_TRUST_DATA_ENCIPHERMENT, "trust-data-encipherment")
+	CT (CKA_TRUST_KEY_AGREEMENT, "trust-key-agreement")
+	CT (CKA_TRUST_KEY_CERT_SIGN, "trust-key-cert-sign")
+	CT (CKA_TRUST_CRL_SIGN, "trust-crl-sign")
+	CT (CKA_TRUST_SERVER_AUTH, "trust-server-auth")
+	CT (CKA_TRUST_CLIENT_AUTH, "trust-client-auth")
+	CT (CKA_TRUST_CODE_SIGNING, "trust-code-signing")
+	CT (CKA_TRUST_EMAIL_PROTECTION, "trust-email-protection")
+	CT (CKA_TRUST_IPSEC_END_SYSTEM, "trust-ipsec-end-system")
+	CT (CKA_TRUST_IPSEC_TUNNEL, "trust-ipsec-tunnel")
+	CT (CKA_TRUST_IPSEC_USER, "trust-ipsec-user")
+	CT (CKA_TRUST_TIME_STAMPING, "trust-time-stamping")
+	CT (CKA_TRUST_STEP_UP_APPROVED, "trust-step-up-approved")
+	CT (CKA_CERT_SHA1_HASH, "cert-sha1-hash")
+	CT (CKA_CERT_MD5_HASH, "cert-md5-hash")
+	CT (CKA_X_ASSERTION_TYPE, "x-assertion-type")
+	CT (CKA_X_CERTIFICATE_VALUE, "x-cetrificate-value")
+	CT (CKA_X_PURPOSE, "x-purpose")
+	CT (CKA_X_PEER, "x-peer")
+	CT (CKA_X_DISTRUSTED, "distrusted")
+	CT (CKA_X_CRITICAL, "x-critical")
+	{ CKA_INVALID },
+};
+
+const p11_constant p11_constant_classes[] = {
+	CT (CKO_DATA, "data")
+	CT (CKO_CERTIFICATE, "certificate")
+	CT (CKO_PUBLIC_KEY, "public-key")
+	CT (CKO_PRIVATE_KEY, "private-key")
+	CT (CKO_SECRET_KEY, "secret-key")
+	CT (CKO_HW_FEATURE, "hw-feature")
+	CT (CKO_DOMAIN_PARAMETERS, "domain-parameters")
+	CT (CKO_MECHANISM, "mechanism")
+	CT (CKO_NSS_CRL, "nss-crl")
+	CT (CKO_NSS_SMIME, "nss-smime")
+	CT (CKO_NSS_TRUST, "nss-trust")
+	CT (CKO_NSS_BUILTIN_ROOT_LIST, "nss-builtin-root-list")
+	CT (CKO_NSS_NEWSLOT, "nss-newslot")
+	CT (CKO_NSS_DELSLOT, "nss-delslot")
+	CT (CKO_X_TRUST_ASSERTION, "x-trust-assertion")
+	CT (CKO_X_CERTIFICATE_EXTENSION, "x-certificate-extension")
+	{ CKA_INVALID },
+};
+
+const p11_constant p11_constant_trusts[] = {
+	CT (CKT_NSS_TRUSTED, "nss-trusted")
+	CT (CKT_NSS_TRUSTED_DELEGATOR, "nss-trusted-delegator")
+	CT (CKT_NSS_MUST_VERIFY_TRUST, "nss-must-verify-trust")
+	CT (CKT_NSS_TRUST_UNKNOWN, "nss-trust-unknown")
+	CT (CKT_NSS_NOT_TRUSTED, "nss-not-trusted")
+	CT (CKT_NSS_VALID_DELEGATOR, "nss-valid-delegator")
+	{ CKA_INVALID },
+};
+
+const p11_constant p11_constant_certs[] = {
+	CT (CKC_X_509, "x-509")
+	CT (CKC_X_509_ATTR_CERT, "x-509-attr-cert")
+	CT (CKC_WTLS, "wtls")
+	{ CKA_INVALID },
+};
+
+const p11_constant p11_constant_keys[] = {
+	CT (CKK_RSA, "rsa")
+	CT (CKK_DSA, "dsa")
+	CT (CKK_DH, "dh")
+	/* CT (CKK_ECDSA) */
+	CT (CKK_EC, "ec")
+	CT (CKK_X9_42_DH, "x9-42-dh")
+	CT (CKK_KEA, "kea")
+	CT (CKK_GENERIC_SECRET, "generic-secret")
+	CT (CKK_RC2, "rc2")
+	CT (CKK_RC4, "rc4")
+	CT (CKK_DES, "des")
+	CT (CKK_DES2, "des2")
+	CT (CKK_DES3, "des3")
+	CT (CKK_CAST, "cast")
+	CT (CKK_CAST3, "cast3")
+	CT (CKK_CAST128, "cast128")
+	CT (CKK_RC5, "rc5")
+	CT (CKK_IDEA, "idea")
+	CT (CKK_SKIPJACK, "skipjack")
+	CT (CKK_BATON, "baton")
+	CT (CKK_JUNIPER, "juniper")
+	CT (CKK_CDMF, "cdmf")
+	CT (CKK_AES, "aes")
+	CT (CKK_BLOWFISH, "blowfish")
+	CT (CKK_TWOFISH, "twofish")
+	CT (CKK_NSS_PKCS8, "nss-pkcs8")
+	{ CKA_INVALID },
+};
+
+const p11_constant p11_constant_asserts[] = {
+	CT (CKT_X_DISTRUSTED_CERTIFICATE, "x-distrusted-certificate")
+	CT (CKT_X_PINNED_CERTIFICATE, "x-pinned-certificate")
+	CT (CKT_X_ANCHORED_CERTIFICATE, "x-anchored-certificate")
+	{ CKA_INVALID },
+};
+
+const p11_constant p11_constant_categories[] = {
+	{ 0, "unspecified", "unspecified" },
+	{ 1, "token-user", "token-user" },
+	{ 2, "authority", "authority" },
+	{ 3, "other-entry", "other-entry" },
+	{ CKA_INVALID },
+};
+
+#undef CT
+
+struct {
+	const p11_constant *table;
+	int length;
+} tables[] = {
+	{ p11_constant_types, ELEMS (p11_constant_types) - 1 },
+	{ p11_constant_classes, ELEMS (p11_constant_classes) - 1 },
+	{ p11_constant_trusts, ELEMS (p11_constant_trusts) - 1 },
+	{ p11_constant_certs, ELEMS (p11_constant_certs) - 1 },
+	{ p11_constant_keys, ELEMS (p11_constant_keys) - 1 },
+	{ p11_constant_asserts, ELEMS (p11_constant_asserts) - 1 },
+	{ p11_constant_categories, ELEMS (p11_constant_categories) - 1 }
+};
+
+static int
+compar_attr_info (const void *one,
+                  const void *two)
+{
+	const p11_constant *a1 = one;
+	const p11_constant *a2 = two;
+	if (a1->value == a2->value)
+		return 0;
+	if (a1->value < a2->value)
+		return -1;
+	return 1;
+}
+
+static const p11_constant *
+lookup_info (const p11_constant *table,
+             CK_ATTRIBUTE_TYPE type)
+{
+	p11_constant match = { type, NULL, NULL };
+	int length = -1;
+	int i;
+
+	for (i = 0; i < ELEMS (tables); i++) {
+		if (table == tables[i].table) {
+			length = tables[i].length;
+			break;
+		}
+	}
+
+	return_val_if_fail (length != -1, NULL);
+	return bsearch (&match, table, length, sizeof (p11_constant), compar_attr_info);
+
+}
+const char *
+p11_constant_name (const p11_constant *constants,
+                   CK_ULONG type)
+{
+	const p11_constant *constant = lookup_info (constants, type);
+	return constant ? constant->name : NULL;
+}
+
+const char *
+p11_constant_nick (const p11_constant *constants,
+                   CK_ULONG type)
+{
+	const p11_constant *constant = lookup_info (constants, type);
+	return constant ? constant->nick : NULL;
+}
+
+p11_dict *
+p11_constant_reverse (bool nick)
+{
+	const p11_constant *table;
+	p11_dict *lookups;
+	int length = -1;
+	int i, j;
+
+	lookups = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL);
+	return_val_if_fail (lookups != NULL, NULL);
+
+	for (i = 0; i < ELEMS (tables); i++) {
+		table = tables[i].table;
+		length = tables[i].length;
+
+		for (j = 0; j < length; j++) {
+			if (!p11_dict_set (lookups,
+			                   nick ? (void *)table[j].nick : (void *)table[j].name,
+			                   (void *)&table[j].value))
+				return_val_if_reached (NULL);
+		}
+	}
+
+	return lookups;
+}
+
+CK_ULONG
+p11_constant_resolve (p11_dict *reversed,
+                     const char *string)
+{
+	CK_ULONG *ptr;
+
+	return_val_if_fail (reversed != NULL, CKA_INVALID);
+	return_val_if_fail (string != NULL, CKA_INVALID);
+
+	ptr = p11_dict_get (reversed, string);
+	return ptr ? *ptr : CKA_INVALID;
+}