summaryrefslogtreecommitdiff
path: root/trust
diff options
context:
space:
mode:
Diffstat (limited to 'trust')
-rw-r--r--trust/builder.c14
-rw-r--r--trust/index.c439
-rw-r--r--trust/index.h15
-rw-r--r--trust/tests/Makefile.am3
-rw-r--r--trust/tests/frob-pow.c57
-rw-r--r--trust/tests/test-builder.c44
-rw-r--r--trust/tests/test-index.c36
-rw-r--r--trust/tests/test-parser.c6
-rw-r--r--trust/tests/test-token.c2
9 files changed, 437 insertions, 179 deletions
diff --git a/trust/builder.c b/trust/builder.c
index f4ababa..93c5f3e 100644
--- a/trust/builder.c
+++ b/trust/builder.c
@@ -127,7 +127,7 @@ lookup_extension (p11_builder *builder,
if (match[0].pValue != NULL) {
match[0].ulValueLen = length;
- obj = p11_index_find (index, match);
+ obj = p11_index_find (index, match, -1);
attrs = p11_index_lookup (index, obj);
if (attrs != NULL) {
value = p11_attrs_find_value (attrs, CKA_VALUE, ext_len);
@@ -166,7 +166,7 @@ lookup_related (p11_index *index,
match[0].pValue = id->pValue;
match[0].ulValueLen = id->ulValueLen;
- return p11_index_find_all (index, match);
+ return p11_index_find_all (index, match, -1);
}
p11_builder *
@@ -1078,6 +1078,7 @@ replace_nss_trust_object (p11_builder *builder,
CK_ATTRIBUTE_PTR issuer;
CK_ATTRIBUTE_PTR serial_number;
+ p11_array *array;
void *value;
size_t length;
@@ -1107,7 +1108,7 @@ replace_nss_trust_object (p11_builder *builder,
return_if_fail (match != NULL);
/* If we find a non-generated object, then don't generate */
- if (p11_index_find (index, match)) {
+ if (p11_index_find (index, match, -1)) {
p11_debug ("not generating nss trust object because one already exists");
attrs = NULL;
@@ -1153,8 +1154,11 @@ replace_nss_trust_object (p11_builder *builder,
}
/* Replace related generated object with this new one */
- rv = p11_index_replace (index, match, CKA_INVALID, attrs);
+ array = p11_array_new (NULL);
+ p11_array_push (array, attrs);
+ rv = p11_index_replace_all (index, match, CKA_INVALID, array);
return_if_fail (rv == CKR_OK);
+ p11_array_free (array);
}
static void
@@ -1450,7 +1454,7 @@ replace_compat_for_cert (p11_builder *builder,
if (value != NULL) {
match[0].pValue = value->pValue;
match[0].ulValueLen = value->ulValueLen;
- handle = p11_index_find (index, match);
+ handle = p11_index_find (index, match, -1);
}
if (handle != 0)
attrs = p11_index_lookup (index, handle);
diff --git a/trust/index.c b/trust/index.c
index 17370bc..6e9a46c 100644
--- a/trust/index.c
+++ b/trust/index.c
@@ -44,16 +44,33 @@
#include <assert.h>
#include <stdlib.h>
+#include <string.h>
/*
- * TODO: Eventually we want to be using a bloom filter to optimize and
- * actually implement the index.
+ * The number of buckets we use for indexing, should end up as roughly
+ * equal to the expected number of unique attribute values * 0.75,
+ * prime if possible. Currently we don't expand the index, so this is
+ * just a good guess for general usage.
*/
+#define NUM_BUCKETS 7919
+
+/*
+ * The number of indexes to use when trying to find a matching object.
+ */
+#define MAX_SELECT 3
+
+typedef struct {
+ CK_OBJECT_HANDLE *elem;
+ int num;
+} index_bucket;
struct _p11_index {
- /* The list of objects */
+ /* The list of objects by handle */
p11_dict *objects;
+ /* Used for indexing */
+ index_bucket *buckets;
+
/* Data passed to callbacks */
void *data;
@@ -61,29 +78,29 @@ struct _p11_index {
p11_index_build_cb build;
/* Called after objects change */
- p11_index_changed_cb changed;
+ p11_index_notify_cb notify;
/* Used for queueing changes, when in a batch */
p11_dict *changes;
- bool changing;
+ bool notifying;
};
-struct object {
+typedef struct {
CK_OBJECT_HANDLE handle;
CK_ATTRIBUTE *attrs;
-};
+} index_object;
static void
free_object (void *data)
{
- struct object *obj = data;
+ index_object *obj = data;
p11_attrs_free (obj->attrs);
free (obj);
}
p11_index *
p11_index_new (p11_index_build_cb build,
- p11_index_changed_cb changed,
+ p11_index_notify_cb notify,
void *data)
{
p11_index *index;
@@ -92,7 +109,7 @@ p11_index_new (p11_index_build_cb build,
return_val_if_fail (index != NULL, NULL);
index->build = build;
- index->changed = changed;
+ index->notify = notify;
index->data = data;
index->objects = p11_dict_new (p11_dict_ulongptr_hash,
@@ -100,16 +117,24 @@ p11_index_new (p11_index_build_cb build,
NULL, free_object);
return_val_if_fail (index->objects != NULL, NULL);
+ index->buckets = calloc (NUM_BUCKETS, sizeof (index_bucket));
+ return_val_if_fail (index->buckets != NULL, NULL);
+
return index;
}
void
p11_index_free (p11_index *index)
{
+ int i;
+
return_if_fail (index != NULL);
p11_dict_free (index->objects);
p11_dict_free (index->changes);
+ for (i = 0; i < NUM_BUCKETS; i++)
+ free (index->buckets[i].elem);
+ free (index->buckets);
free (index);
}
@@ -120,6 +145,111 @@ p11_index_size (p11_index *index)
return p11_dict_size (index->objects);
}
+static bool
+is_indexable (p11_index *index,
+ CK_ATTRIBUTE_TYPE type)
+{
+ switch (type) {
+ case CKA_CLASS:
+ case CKA_VALUE:
+ case CKA_OBJECT_ID:
+ case CKA_ID:
+ return true;
+ }
+
+ return false;
+}
+
+static unsigned int
+alloc_size (int num)
+{
+ unsigned int n = num ? 1 : 0;
+ while (n < num && n > 0)
+ n <<= 1;
+ return n;
+}
+
+static int
+binary_search (CK_OBJECT_HANDLE *elem,
+ int low,
+ int high,
+ CK_OBJECT_HANDLE handle)
+{
+ int mid;
+
+ if (low == high)
+ return low;
+
+ mid = low + ((high - low) / 2);
+ if (handle > elem[mid])
+ return binary_search (elem, mid + 1, high, handle);
+ else if (handle < elem[mid])
+ return binary_search (elem, low, mid, handle);
+
+ return mid;
+}
+
+
+static void
+bucket_insert (index_bucket *bucket,
+ CK_OBJECT_HANDLE handle)
+{
+ unsigned int alloc;
+ int at = 0;
+
+ if (bucket->elem) {
+ at = binary_search (bucket->elem, 0, bucket->num, handle);
+ if (at < bucket->num && bucket->elem[at] == handle)
+ return;
+ }
+
+ alloc = alloc_size (bucket->num);
+ if (bucket->num + 1 > alloc) {
+ alloc = alloc ? alloc * 2 : 1;
+ return_if_fail (alloc != 0);
+ bucket->elem = realloc (bucket->elem, alloc * sizeof (CK_OBJECT_HANDLE));
+ return_if_fail (bucket->elem != NULL);
+ }
+
+ memmove (bucket->elem + at + 1, bucket->elem + at,
+ (bucket->num - at) * sizeof (CK_OBJECT_HANDLE));
+ bucket->elem[at] = handle;
+ bucket->num++;
+}
+
+static bool
+bucket_push (index_bucket *bucket,
+ CK_OBJECT_HANDLE handle)
+{
+ unsigned int alloc;
+
+ alloc = alloc_size (bucket->num);
+ if (bucket->num + 1 > alloc) {
+ alloc = alloc ? alloc * 2 : 1;
+ return_val_if_fail (alloc != 0, false);
+ bucket->elem = realloc (bucket->elem, alloc * sizeof (CK_OBJECT_HANDLE));
+ return_val_if_fail (bucket->elem != NULL, false);
+ }
+
+ bucket->elem[bucket->num++] = handle;
+ return true;
+}
+
+static void
+index_hash (p11_index *index,
+ index_object *obj)
+{
+ unsigned int hash;
+ int i;
+
+ for (i = 0; !p11_attrs_terminator (obj->attrs + i); i++) {
+ if (is_indexable (index, obj->attrs[i].type)) {
+ hash = p11_attr_hash (obj->attrs + i);
+ bucket_insert (index->buckets + (hash % NUM_BUCKETS), obj->handle);
+ }
+ }
+}
+
static CK_RV
index_build (p11_index *index,
CK_ATTRIBUTE **attrs,
@@ -134,11 +264,11 @@ index_build (p11_index *index,
}
static void
-call_change (p11_index *index,
+call_notify (p11_index *index,
CK_OBJECT_HANDLE handle,
CK_ATTRIBUTE *attrs)
{
- assert (index->changed);
+ assert (index->notify);
/* When attrs is NULL, means this is a modify */
if (attrs == NULL) {
@@ -151,27 +281,27 @@ call_change (p11_index *index,
handle = 0;
}
- index->changing = true;
- index->changed (index->data, index, handle, attrs);
- index->changing = false;
+ index->notifying = true;
+ index->notify (index->data, index, handle, attrs);
+ index->notifying = false;
}
static void
-index_change (p11_index *index,
+index_notify (p11_index *index,
CK_OBJECT_HANDLE handle,
CK_ATTRIBUTE *removed)
{
- struct object *obj;
+ index_object *obj;
- if (!index->changed || index->changing)
+ if (!index->notify || index->notifying)
return;
if (!index->changes) {
- call_change (index, handle, removed);
+ call_notify (index, handle, removed);
p11_attrs_free (removed);
} else {
- obj = calloc (1, sizeof (struct object));
+ obj = calloc (1, sizeof (index_object));
return_if_fail (obj != NULL);
obj->handle = handle;
@@ -199,7 +329,7 @@ void
p11_index_finish (p11_index *index)
{
p11_dict *changes;
- struct object *obj;
+ index_object *obj;
p11_dictiter iter;
return_if_fail (index != NULL);
@@ -211,8 +341,10 @@ p11_index_finish (p11_index *index)
index->changes = NULL;
p11_dict_iterate (changes, &iter);
- while (p11_dict_next (&iter, NULL, (void **)&obj))
- call_change (index, obj->handle, obj->attrs);
+ while (p11_dict_next (&iter, NULL, (void **)&obj)) {
+ index_notify (index, obj->handle, obj->attrs);
+ obj->attrs = NULL;
+ }
p11_dict_free (changes);
}
@@ -229,13 +361,13 @@ p11_index_take (p11_index *index,
CK_ATTRIBUTE *attrs,
CK_OBJECT_HANDLE *handle)
{
- struct object *obj;
+ index_object *obj;
CK_RV rv;
return_val_if_fail (index != NULL, CKR_GENERAL_ERROR);
return_val_if_fail (attrs != NULL, CKR_GENERAL_ERROR);
- obj = calloc (1, sizeof (struct object));
+ obj = calloc (1, sizeof (index_object));
return_val_if_fail (obj != NULL, CKR_HOST_MEMORY);
rv = index_build (index, &obj->attrs, attrs);
@@ -250,10 +382,12 @@ p11_index_take (p11_index *index,
if (!p11_dict_set (index->objects, &obj->handle, obj))
return_val_if_reached (CKR_HOST_MEMORY);
+ index_hash (index, obj);
+
if (handle)
*handle = obj->handle;
- index_change (index, obj->handle, NULL);
+ index_notify (index, obj->handle, NULL);
return CKR_OK;
}
@@ -279,7 +413,7 @@ p11_index_update (p11_index *index,
CK_OBJECT_HANDLE handle,
CK_ATTRIBUTE *update)
{
- struct object *obj;
+ index_object *obj;
CK_RV rv;
return_val_if_fail (index != NULL, CKR_GENERAL_ERROR);
@@ -297,7 +431,9 @@ p11_index_update (p11_index *index,
return rv;
}
- index_change (index, obj->handle, NULL);
+ index_hash (index, obj);
+ index_notify (index, obj->handle, NULL);
+
return CKR_OK;
}
@@ -308,7 +444,7 @@ p11_index_set (p11_index *index,
CK_ULONG count)
{
CK_ATTRIBUTE *update;
- struct object *obj;
+ index_object *obj;
return_val_if_fail (index != NULL, CKR_GENERAL_ERROR);
@@ -326,7 +462,7 @@ CK_RV
p11_index_remove (p11_index *index,
CK_OBJECT_HANDLE handle)
{
- struct object *obj;
+ index_object *obj;
return_val_if_fail (index != NULL, CKR_GENERAL_ERROR);
@@ -334,7 +470,7 @@ p11_index_remove (p11_index *index,
return CKR_OBJECT_HANDLE_INVALID;
/* This takes ownership of the attributes */
- index_change (index, handle, obj->attrs);
+ index_notify (index, handle, obj->attrs);
obj->attrs = NULL;
free_object (obj);
@@ -343,21 +479,18 @@ p11_index_remove (p11_index *index,
static CK_RV
index_replacev (p11_index *index,
- CK_ATTRIBUTE *match,
+ CK_OBJECT_HANDLE *handles,
CK_ATTRIBUTE_TYPE key,
CK_ATTRIBUTE **replace,
CK_ULONG replacen)
{
- CK_OBJECT_HANDLE *handles;
- struct object *obj;
+ index_object *obj;
CK_ATTRIBUTE *attrs;
CK_ATTRIBUTE *attr;
bool handled = false;
CK_RV rv;
int i, j;
- handles = p11_index_find_all (index, match);
-
for (i = 0; handles && handles[i] != 0; i++) {
obj = p11_dict_get (index->objects, handles + i);
if (obj == NULL)
@@ -380,6 +513,8 @@ index_replacev (p11_index *index,
obj->attrs = attrs;
replace[j] = NULL;
handled = true;
+ index_hash (index, obj);
+ index_notify (index, obj->handle, NULL);
break;
}
}
@@ -401,19 +536,18 @@ index_replacev (p11_index *index,
replace[j] = NULL;
}
- free (handles);
return CKR_OK;
}
CK_RV
p11_index_replace (p11_index *index,
- CK_ATTRIBUTE *match,
- CK_ATTRIBUTE_TYPE key,
+ CK_OBJECT_HANDLE handle,
CK_ATTRIBUTE *replace)
{
+ CK_OBJECT_HANDLE handles[] = { handle, 0 };
return_val_if_fail (index != NULL, CKR_GENERAL_ERROR);
- return index_replacev (index, match, key, &replace,
- replace ? 1 : 0);
+ return index_replacev (index, handles, CKA_INVALID,
+ &replace, replace ? 1 : 0);
}
CK_RV
@@ -422,12 +556,15 @@ p11_index_replace_all (p11_index *index,
CK_ATTRIBUTE_TYPE key,
p11_array *replace)
{
+ CK_OBJECT_HANDLE *handles;
CK_RV rv;
int i;
return_val_if_fail (index != NULL, CKR_GENERAL_ERROR);
- rv = index_replacev (index, match, key,
+ handles = p11_index_find_all (index, match, -1);
+
+ rv = index_replacev (index, handles, key,
(CK_ATTRIBUTE **)replace->elem,
replace->num);
@@ -438,6 +575,7 @@ p11_index_replace_all (p11_index *index,
}
}
+ free (handles);
return rv;
}
@@ -445,7 +583,7 @@ CK_ATTRIBUTE *
p11_index_lookup (p11_index *index,
CK_OBJECT_HANDLE handle)
{
- struct object *obj;
+ index_object *obj;
return_val_if_fail (index != NULL, NULL);
@@ -456,67 +594,153 @@ p11_index_lookup (p11_index *index,
return obj ? obj->attrs : NULL;
}
-CK_OBJECT_HANDLE
-p11_index_find (p11_index *index,
- CK_ATTRIBUTE *match)
+typedef bool (* index_sink) (p11_index *index,
+ index_object *obj,
+ CK_ATTRIBUTE *match,
+ CK_ULONG count,
+ void *data);
+
+static void
+index_select (p11_index *index,
+ CK_ATTRIBUTE *match,
+ CK_ULONG count,
+ index_sink sink,
+ void *data)
{
- struct object *obj;
+ index_bucket *buckets[NUM_BUCKETS];
+ CK_OBJECT_HANDLE handle;
+ index_object *obj;
+ unsigned int hash;
p11_dictiter iter;
+ CK_ULONG n;
+ int num, at;
+ int i, j;
+
+ /* First look for any matching buckets */
+ for (n = 0, num = 0; n < count && num < MAX_SELECT; n++) {
+ if (is_indexable (index, match[n].type)) {
+ hash = p11_attr_hash (match + n);
+ buckets[num] = index->buckets + (hash % NUM_BUCKETS);
+
+ /* If any index is empty, then obviously no match */
+ if (!buckets[num]->num)
+ return;
+
+ num++;
+ }
+ }
+
+ /* Fall back on selecting all the items, if no index */
+ if (num == 0) {
+ p11_dict_iterate (index->objects, &iter);
+ while (p11_dict_next (&iter, NULL, (void *)&obj)) {
+ if (!sink (index, obj, match, count, data))
+ return;
+ }
+ return;
+ }
+
+ for (i = 0; i < buckets[0]->num; i++) {
+ /* A candidate match from first bucket */
+ handle = buckets[0]->elem[i];
+
+ /* Check if the candidate is in other buckets */
+ for (j = 1; j < num; j++) {
+ assert (buckets[j]->elem); /* checked above */
+ at = binary_search (buckets[j]->elem, 0, buckets[j]->num, handle);
+ if (buckets[j]->elem[at] != handle) {
+ handle = 0;
+ break;
+ }
+ }
- p11_dict_iterate (index->objects, &iter);
- while (p11_dict_next (&iter, NULL, (void *)&obj)) {
- if (p11_attrs_match (obj->attrs, match))
- return obj->handle;
+ /* Matched all the buckets, now actually match attrs */
+ if (handle != 0) {
+ obj = p11_dict_get (index->objects, &handle);
+ if (obj != NULL) {
+ if (!sink (index, obj, match, count, data))
+ return;
+ }
+ }
}
+}
+
+static bool
+sink_one_match (p11_index *index,
+ index_object *obj,
+ CK_ATTRIBUTE *match,
+ CK_ULONG count,
+ void *data)
+{
+ CK_OBJECT_HANDLE *result = data;
- return 0;
+ if (p11_attrs_matchn (obj->attrs, match, count)) {
+ *result = obj->handle;
+ return false;
+ }
+
+ return true;
}
CK_OBJECT_HANDLE
-p11_index_findn (p11_index *index,
- CK_ATTRIBUTE *match,
- CK_ULONG count)
+p11_index_find (p11_index *index,
+ CK_ATTRIBUTE *match,
+ int count)
{
- struct object *obj;
- p11_dictiter iter;
+ CK_OBJECT_HANDLE handle = 0UL;
- p11_dict_iterate (index->objects, &iter);
- while (p11_dict_next (&iter, NULL, (void *)&obj)) {
- if (p11_attrs_matchn (obj->attrs, match, count))
- return obj->handle;
- }
+ return_val_if_fail (index != NULL, 0UL);
+
+ if (count < 0)
+ count = p11_attrs_count (match);
- return 0;
+ index_select (index, match, count, sink_one_match, &handle);
+ return handle;
+}
+
+static bool
+sink_if_match (p11_index *index,
+ index_object *obj,
+ CK_ATTRIBUTE *match,
+ CK_ULONG count,
+ void *data)
+{
+ index_bucket *handles = data;
+
+ if (p11_attrs_matchn (obj->attrs, match, count))
+ bucket_push (handles, obj->handle);
+ return true;
}
CK_OBJECT_HANDLE *
p11_index_find_all (p11_index *index,
- CK_ATTRIBUTE *match)
+ CK_ATTRIBUTE *match,
+ int count)
{
- CK_OBJECT_HANDLE *handles = NULL;
- struct object *obj;
- p11_dictiter iter;
- int nhandles;
- int at = 0;
+ index_bucket handles = { NULL, 0 };
- nhandles = 16;
- handles = malloc (nhandles * sizeof (CK_OBJECT_HANDLE));
- return_val_if_fail (handles != NULL, NULL);
-
- p11_dict_iterate (index->objects, &iter);
- while (p11_dict_next (&iter, NULL, (void *)&obj)) {
- if (p11_attrs_match (obj->attrs, match)) {
- if (at + 2 > nhandles) {
- nhandles += 16;
- handles = realloc (handles, nhandles * sizeof (CK_OBJECT_HANDLE));
- return_val_if_fail (handles != NULL, NULL);
- }
- handles[at++] = obj->handle;
- }
- }
+ return_val_if_fail (index != NULL, NULL);
- handles[at++] = 0UL;
- return handles;
+ if (count < 0)
+ count = p11_attrs_count (match);
+
+ index_select (index, match, count, sink_if_match, &handles);
+
+ /* Null terminate */
+ bucket_push (&handles, 0UL);
+ return handles.elem;
+}
+
+static bool
+sink_any (p11_index *index,
+ index_object *obj,
+ CK_ATTRIBUTE *match,
+ CK_ULONG count,
+ void *data)
+{
+ index_bucket *handles = data;
+ bucket_push (handles, obj->handle);
+ return true;
}
CK_OBJECT_HANDLE *
@@ -525,43 +749,18 @@ p11_index_snapshot (p11_index *index,
CK_ATTRIBUTE *attrs,
CK_ULONG count)
{
- CK_OBJECT_HANDLE *snapshot;
- CK_OBJECT_HANDLE *handle;
- p11_dictiter iter;
- int num;
- int i;
-
- /*
- * TODO: The concept is that we use our bloom filter to provide
- * an initial rough snapshot here of which objects match, but for
- * now just include everything in the snapshot.
- */
+ index_bucket handles = { NULL, 0 };
return_val_if_fail (index != NULL, NULL);
- num = p11_index_size (index) + 1;
- if (base)
- num += p11_index_size (base);
-
- snapshot = calloc (num, sizeof (CK_OBJECT_HANDLE));
- return_val_if_fail (snapshot != NULL, NULL);
-
- p11_dict_iterate (index->objects, &iter);
- for (i = 0 ; p11_dict_next (&iter, (void *)&handle, NULL); i++) {
- assert (i < num);
- snapshot[i] = *handle;
- }
+ if (count < 0)
+ count = p11_attrs_count (attrs);
- if (base) {
- p11_dict_iterate (base->objects, &iter);
- for ( ; p11_dict_next (&iter, (void *)&handle, NULL); i++) {
- assert (i < num);
- snapshot[i] = *handle;
- }
- }
-
- assert (i < num);
- assert (snapshot[i] == 0UL);
+ index_select (index, attrs, count, sink_any, &handles);
+ if (base)
+ index_select (base, attrs, count, sink_any, &handles);
- return snapshot;
+ /* Null terminate */
+ bucket_push (&handles, 0UL);
+ return handles.elem;
}
diff --git a/trust/index.h b/trust/index.h
index 67d0746..a221178 100644
--- a/trust/index.h
+++ b/trust/index.h
@@ -55,13 +55,13 @@ typedef CK_RV (* p11_index_build_cb) (void *data,
CK_ATTRIBUTE **attrs,
CK_ATTRIBUTE *merge);
-typedef void (* p11_index_changed_cb) (void *data,
+typedef void (* p11_index_notify_cb) (void *data,
p11_index *index,
CK_OBJECT_HANDLE handle,
CK_ATTRIBUTE *attrs);
p11_index * p11_index_new (p11_index_build_cb build,
- p11_index_changed_cb change,
+ p11_index_notify_cb notify,
void *data);
void p11_index_free (p11_index *index);
@@ -93,8 +93,7 @@ CK_RV p11_index_update (p11_index *index,
CK_ATTRIBUTE *attrs);
CK_RV p11_index_replace (p11_index *index,
- CK_ATTRIBUTE *match,
- CK_ATTRIBUTE_TYPE key,
+ CK_OBJECT_HANDLE handle,
CK_ATTRIBUTE *replace);
CK_RV p11_index_replace_all (p11_index *index,
@@ -109,14 +108,12 @@ CK_ATTRIBUTE * p11_index_lookup (p11_index *index,
CK_OBJECT_HANDLE handle);
CK_OBJECT_HANDLE p11_index_find (p11_index *index,
- CK_ATTRIBUTE *match);
-
-CK_OBJECT_HANDLE p11_index_findn (p11_index *index,
CK_ATTRIBUTE *match,
- CK_ULONG count);
+ int count);
CK_OBJECT_HANDLE * p11_index_find_all (p11_index *index,
- CK_ATTRIBUTE *match);
+ CK_ATTRIBUTE *match,
+ int count);
CK_OBJECT_HANDLE * p11_index_snapshot (p11_index *index,
p11_index *base,
diff --git a/trust/tests/Makefile.am b/trust/tests/Makefile.am
index aedc6f3..4617546 100644
--- a/trust/tests/Makefile.am
+++ b/trust/tests/Makefile.am
@@ -29,14 +29,15 @@ LDADD = \
CHECK_PROGS = \
test-persist \
- test-parser \
test-index \
+ test-parser \
test-builder \
test-token \
test-module \
$(NULL)
noinst_PROGRAMS = \
+ frob-pow \
frob-token \
frob-nss-trust \
$(CHECK_PROGS)
diff --git a/trust/tests/frob-pow.c b/trust/tests/frob-pow.c
new file mode 100644
index 0000000..f029b2a
--- /dev/null
+++ b/trust/tests/frob-pow.c
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 2013 Red Hat Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ * * Redistributions in binary form must reproduce the
+ * above copyright notice, this list of conditions and
+ * the following disclaimer in the documentation and/or
+ * other materials provided with the distribution.
+ * * The names of contributors to this software may not be
+ * used to endorse or promote products derived from this
+ * software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter <stefw@redhat.com>
+ */
+
+#include "config.h"
+
+#include <stdio.h>
+
+static unsigned int
+nearest_pow_2 (int num)
+{
+ unsigned int n = num ? 1 : 0;
+ while (n < num && n > 0)
+ n <<= 1;
+ return n;
+}
+
+int
+main (void)
+{
+ int i;
+
+ for (i = 0; i < 40; i++)
+ printf ("nearest_pow_2 (%d) == %u\n", i, nearest_pow_2 (i));
+
+ return 0;
+}
diff --git a/trust/tests/test-builder.c b/trust/tests/test-builder.c
index bbc731a..be5390e 100644
--- a/trust/tests/test-builder.c
+++ b/trust/tests/test-builder.c
@@ -1102,7 +1102,7 @@ test_changed_trusted_certificate (CuTest *cu)
/* The other objects */
for (i = 0; expected[i]; i++) {
- handle = p11_index_findn (test.index, expected[i], 2);
+ handle = p11_index_find (test.index, expected[i], 2);
CuAssertTrue (cu, handle != 0);
attrs = p11_index_lookup (test.index, handle);
@@ -1215,7 +1215,7 @@ test_changed_distrust_value (CuTest *cu)
/* The other objects */
for (i = 0; expected[i]; i++) {
- handle = p11_index_findn (test.index, expected[i], 2);
+ handle = p11_index_find (test.index, expected[i], 2);
CuAssertTrue (cu, handle != 0);
attrs = p11_index_lookup (test.index, handle);
@@ -1299,7 +1299,7 @@ test_changed_distrust_serial (CuTest *cu)
p11_index_finish (test.index);
for (i = 0; expected[i]; i++) {
- handle = p11_index_findn (test.index, expected[i], 2);
+ handle = p11_index_find (test.index, expected[i], 2);
CuAssertTrue (cu, handle != 0);
attrs = p11_index_lookup (test.index, handle);
CuAssertPtrNotNull (cu, attrs);
@@ -1403,13 +1403,13 @@ test_changed_dup_certificates (CuTest *cu)
CuAssertIntEquals (cu, CKR_OK, rv);
p11_index_finish (test.index);
- handle = p11_index_find (test.index, match_nss);
+ handle = p11_index_find (test.index, match_nss, -1);
CuAssertTrue (cu, handle != 0);
- handle = p11_index_find (test.index, match_assertion);
+ handle = p11_index_find (test.index, match_assertion, -1);
CuAssertTrue (cu, handle != 0);
- handle = p11_index_find (test.index, trusted_nss);
+ handle = p11_index_find (test.index, trusted_nss, -1);
CuAssertTrue (cu, handle != 0);
- handle = p11_index_find (test.index, anchor_assertion);
+ handle = p11_index_find (test.index, anchor_assertion, -1);
CuAssertTrue (cu, handle != 0);
/* Now we add a distrusted certificate, should update the objects */
@@ -1418,35 +1418,35 @@ test_changed_dup_certificates (CuTest *cu)
CuAssertIntEquals (cu, CKR_OK, rv);
p11_index_finish (test.index);
- handle = p11_index_find (test.index, trusted_nss);
+ handle = p11_index_find (test.index, trusted_nss, -1);
CuAssertTrue (cu, handle == 0);
- handle = p11_index_find (test.index, distrust_nss);
+ handle = p11_index_find (test.index, distrust_nss, -1);
CuAssertTrue (cu, handle != 0);
- handle = p11_index_find (test.index, anchor_assertion);
+ handle = p11_index_find (test.index, anchor_assertion, -1);
CuAssertTrue (cu, handle == 0);
- handle = p11_index_find (test.index, distrust_assertion);
+ handle = p11_index_find (test.index, distrust_assertion, -1);
CuAssertTrue (cu, handle != 0);
/* Now remove the trusted cetrificate, should update again */
rv = p11_index_remove (test.index, handle2);
CuAssertIntEquals (cu, CKR_OK, rv);
- handle = p11_index_find (test.index, trusted_nss);
+ handle = p11_index_find (test.index, trusted_nss, -1);
CuAssertTrue (cu, handle != 0);
- handle = p11_index_find (test.index, distrust_nss);
+ handle = p11_index_find (test.index, distrust_nss, -1);
CuAssertTrue (cu, handle == 0);
- handle = p11_index_find (test.index, anchor_assertion);
+ handle = p11_index_find (test.index, anchor_assertion, -1);
CuAssertTrue (cu, handle != 0);
- handle = p11_index_find (test.index, distrust_assertion);
+ handle = p11_index_find (test.index, distrust_assertion, -1);
CuAssertTrue (cu, handle == 0);
/* Now remove the original certificate, unknown nss and no assertions */
rv = p11_index_remove (test.index, handle1);
CuAssertIntEquals (cu, CKR_OK, rv);
- handle = p11_index_find (test.index, unknown_nss);
+ handle = p11_index_find (test.index, unknown_nss, -1);
CuAssertTrue (cu, handle != 0);
- handle = p11_index_find (test.index, match_assertion);
+ handle = p11_index_find (test.index, match_assertion, -1);
CuAssertTrue (cu, handle == 0);
teardown (cu);
@@ -1487,11 +1487,11 @@ test_changed_without_id (CuTest *cu)
p11_index_finish (test.index);
klass = CKO_NSS_TRUST;
- handle = p11_index_find (test.index, match);
+ handle = p11_index_find (test.index, match, -1);
CuAssertTrue (cu, handle != 0);
klass = CKO_X_TRUST_ASSERTION;
- handle = p11_index_find (test.index, match);
+ handle = p11_index_find (test.index, match, -1);
CuAssertTrue (cu, handle != 0);
teardown (cu);
@@ -1535,7 +1535,7 @@ test_changed_staple_ca (CuTest *cu)
/* Not a CA at this point, until we staple */
category = 0;
- CuAssertTrue (cu, p11_index_find (test.index, match) == 0);
+ CuAssertTrue (cu, p11_index_find (test.index, match, -1) == 0);
/* Add a stapled basic constraint */
rv = p11_index_add (test.index, stapled, 4, NULL);
@@ -1543,7 +1543,7 @@ test_changed_staple_ca (CuTest *cu)
/* Now should be a CA */
category = 2;
- CuAssertTrue (cu, p11_index_find (test.index, match) != 0);
+ CuAssertTrue (cu, p11_index_find (test.index, match, -1) != 0);
p11_attrs_free (attrs);
@@ -1604,7 +1604,7 @@ test_changed_staple_ku (CuTest *cu)
CuAssertIntEquals (cu, CKR_OK, rv);
p11_index_finish (test.index);
- handle = p11_index_findn (test.index, nss_trust_ds_and_np, 2);
+ handle = p11_index_find (test.index, nss_trust_ds_and_np, 2);
CuAssertTrue (cu, handle != 0);
attrs = p11_index_lookup (test.index, handle);
diff --git a/trust/tests/test-index.c b/trust/tests/test-index.c
index 34e5842..3cda272 100644
--- a/trust/tests/test-index.c
+++ b/trust/tests/test-index.c
@@ -403,22 +403,22 @@ test_find (CuTest *tc)
p11_index_add (test.index, second, 2, &two);
p11_index_add (test.index, third, 2, &three);
- check = p11_index_find (test.index, match3);
+ check = p11_index_find (test.index, match3, -1);
CuAssertIntEquals (tc, three, check);
- check = p11_index_findn (test.index, match3, 1);
+ check = p11_index_find (test.index, match3, 1);
CuAssertIntEquals (tc, three, check);
- check = p11_index_find (test.index, match_any);
+ check = p11_index_find (test.index, match_any, -1);
CuAssertTrue (tc, check == one || check == two || check == three);
- check = p11_index_findn (test.index, match_any, 1);
+ check = p11_index_find (test.index, match_any, 1);
CuAssertTrue (tc, check == one || check == two || check == three);
- check = p11_index_find (test.index, match_none);
+ check = p11_index_find (test.index, match_none, -1);
CuAssertIntEquals (tc, 0, check);
- check = p11_index_findn (test.index, match_none, 2);
+ check = p11_index_find (test.index, match_none, 2);
CuAssertIntEquals (tc, 0, check);
teardown (tc);
@@ -517,23 +517,23 @@ test_find_all (CuTest *tc)
p11_index_add (test.index, second, 3, &two);
p11_index_add (test.index, third, 3, &three);
- check = p11_index_find_all (test.index, match_3);
+ check = p11_index_find_all (test.index, match_3, -1);
CuAssertTrue (tc, handles_are (check, three, 0UL));
free (check);
- check = p11_index_find_all (test.index, match_none);
+ check = p11_index_find_all (test.index, match_none, -1);
CuAssertTrue (tc, handles_are (check, 0UL));
free (check);
- check = p11_index_find_all (test.index, match_odd);
+ check = p11_index_find_all (test.index, match_odd, -1);
CuAssertTrue (tc, handles_are (check, one, three, 0UL));
free (check);
- check = p11_index_find_all (test.index, match_any);
+ check = p11_index_find_all (test.index, match_any, -1);
CuAssertTrue (tc, handles_are (check, one, two, three, 0UL));
free (check);
- check = p11_index_find_all (test.index, match_none);
+ check = p11_index_find_all (test.index, match_none, -1);
CuAssertPtrNotNull (tc, check);
CuAssertIntEquals (tc, 0, check[0]);
free (check);
@@ -567,7 +567,7 @@ test_find_realloc (CuTest *tc)
for (i = 0; i < 1000; i++)
p11_index_add (test.index, attrs, 3, NULL);
- check = p11_index_find_all (test.index, match);
+ check = p11_index_find_all (test.index, match, -1);
CuAssertPtrNotNull (tc, check);
for (i = 0; i < 1000; i++)
@@ -665,27 +665,27 @@ test_replace_all (CuTest *tc)
CuAssertIntEquals (tc, 0, array->num);
/* eins should have replaced one */
- check = p11_index_find (test.index, eins);
+ check = p11_index_find (test.index, eins, -1);
CuAssertIntEquals (tc, one, check);
/* two should still be around */
- check = p11_index_find (test.index, second);
+ check = p11_index_find (test.index, second, -1);
CuAssertIntEquals (tc, two, check);
/* three should have been removed */
- check = p11_index_find (test.index, third);
+ check = p11_index_find (test.index, third, -1);
CuAssertIntEquals (tc, 0, check);
/* five should have been removed */
- check = p11_index_find (test.index, fifth);
+ check = p11_index_find (test.index, fifth, -1);
CuAssertIntEquals (tc, 0, check);
/* sieben should have been added */
- check = p11_index_find (test.index, sieben);
+ check = p11_index_find (test.index, sieben, -1);
CuAssertTrue (tc, check != one && check != two && check != three && check != five);
/* neun should have been added */
- check = p11_index_find (test.index, neun);
+ check = p11_index_find (test.index, neun, -1);
CuAssertTrue (tc, check != one && check != two && check != three && check != five);
CuAssertIntEquals (tc, 4, p11_index_size (test.index));
diff --git a/trust/tests/test-parser.c b/trust/tests/test-parser.c
index 7998d97..4c182a0 100644
--- a/trust/tests/test-parser.c
+++ b/trust/tests/test-parser.c
@@ -88,7 +88,7 @@ static CK_ATTRIBUTE *
parsed_attrs (CK_ATTRIBUTE *match)
{
CK_OBJECT_HANDLE handle;
- handle = p11_index_find (test.index, certificate_match);
+ handle = p11_index_find (test.index, certificate_match, -1);
return p11_index_lookup (test.index, handle);
}
@@ -247,7 +247,7 @@ test_parse_openssl_trusted (CuTest *cu)
/* The other objects */
for (i = 1; expected[i]; i++) {
- handle = p11_index_findn (test.index, expected[i], 2);
+ handle = p11_index_find (test.index, expected[i], 2);
CuAssertTrue (cu, handle != 0);
object = p11_index_lookup (test.index, handle);
@@ -322,7 +322,7 @@ test_parse_openssl_distrusted (CuTest *cu)
/* The other objects */
for (i = 1; expected[i]; i++) {
- handle = p11_index_findn (test.index, expected[i], 2);
+ handle = p11_index_find (test.index, expected[i], 2);
CuAssertTrue (cu, handle != 0);
object = p11_index_lookup (test.index, handle);
diff --git a/trust/tests/test-token.c b/trust/tests/test-token.c
index ebe434d..6cf687b 100644
--- a/trust/tests/test-token.c
+++ b/trust/tests/test-token.c
@@ -185,7 +185,7 @@ test_token_flags (CuTest *cu)
/* The other objects */
for (i = 0; expected[i]; i++) {
- handle = p11_index_findn (p11_token_index (test.token), expected[i], 2);
+ handle = p11_index_find (p11_token_index (test.token), expected[i], 2);
CuAssertTrue (cu, handle != 0);
object = p11_index_lookup (p11_token_index (test.token), handle);