From fc562261c6bbb35dfed585a78fdec9a408b981c7 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Wed, 20 Mar 2013 10:55:06 +0100 Subject: attrs: Print out the CKA_VALUE for certificates when debugging While it's true that we shouldn't be pritning out CKA_VALUE in certain cases, like for keys, we obviously can do so for certificates. We don't have keys anyway, but in the interest of being general purpose use the class to determine whether CKA_VALUE can be printed --- common/attrs.c | 49 ++++++++++++++++++++++++++++++++++++++--------- common/attrs.h | 14 ++++++++++---- common/tests/test-attrs.c | 2 +- 3 files changed, 51 insertions(+), 14 deletions(-) (limited to 'common') diff --git a/common/attrs.c b/common/attrs.c index cce1aaf..e656189 100644 --- a/common/attrs.c +++ b/common/attrs.c @@ -274,7 +274,7 @@ p11_attrs_findn (CK_ATTRIBUTE *attrs, } bool -p11_attrs_find_bool (CK_ATTRIBUTE *attrs, +p11_attrs_find_bool (const CK_ATTRIBUTE *attrs, CK_ATTRIBUTE_TYPE type, CK_BBOOL *value) { @@ -293,7 +293,7 @@ p11_attrs_find_bool (CK_ATTRIBUTE *attrs, } bool -p11_attrs_findn_bool (CK_ATTRIBUTE *attrs, +p11_attrs_findn_bool (const CK_ATTRIBUTE *attrs, CK_ULONG count, CK_ATTRIBUTE_TYPE type, CK_BBOOL *value) @@ -313,7 +313,7 @@ p11_attrs_findn_bool (CK_ATTRIBUTE *attrs, } bool -p11_attrs_find_ulong (CK_ATTRIBUTE *attrs, +p11_attrs_find_ulong (const CK_ATTRIBUTE *attrs, CK_ATTRIBUTE_TYPE type, CK_ULONG *value) { @@ -331,6 +331,26 @@ p11_attrs_find_ulong (CK_ATTRIBUTE *attrs, return false; } +bool +p11_attrs_findn_ulong (const CK_ATTRIBUTE *attrs, + CK_ULONG count, + CK_ATTRIBUTE_TYPE type, + CK_ULONG *value) +{ + CK_ULONG i; + + for (i = 0; i < count; i++) { + if (attrs[i].type == type && + attrs[i].ulValueLen == sizeof (CK_ULONG) && + attrs[i].pValue != NULL) { + *value = *((CK_ULONG *)attrs[i].pValue); + return true; + } + } + + return false; +} + void * p11_attrs_find_value (CK_ATTRIBUTE *attrs, CK_ATTRIBUTE_TYPE type, @@ -551,7 +571,8 @@ attribute_is_trust_value (const CK_ATTRIBUTE *attr) } static bool -attribute_is_sensitive (const CK_ATTRIBUTE *attr) +attribute_is_sensitive (const CK_ATTRIBUTE *attr, + CK_OBJECT_CLASS klass) { /* * Don't print any just attribute, since they may contain @@ -667,6 +688,9 @@ attribute_is_sensitive (const CK_ATTRIBUTE *attr) X (CKA_TRUST_STEP_UP_APPROVED) X (CKA_CERT_SHA1_HASH) X (CKA_CERT_MD5_HASH) + case CKA_VALUE: + return (klass != CKO_CERTIFICATE && + klass != CKO_X_CERTIFICATE_EXTENSION); #undef X } @@ -786,7 +810,8 @@ format_some_bytes (p11_buffer *buffer, static void format_attribute (p11_buffer *buffer, - const CK_ATTRIBUTE *attr) + const CK_ATTRIBUTE *attr, + CK_OBJECT_CLASS klass) { p11_buffer_add (buffer, "{ ", -1); format_attribute_type (buffer, attr->type); @@ -805,7 +830,7 @@ format_attribute (p11_buffer *buffer, format_key_type (buffer, *((CK_KEY_TYPE *)attr->pValue)); } else if (attribute_is_trust_value (attr)) { format_trust_value (buffer, *((CK_TRUST *)attr->pValue)); - } else if (attribute_is_sensitive (attr)) { + } else if (attribute_is_sensitive (attr, klass)) { buffer_append_printf (buffer, "(%lu) NOT-PRINTED", attr->ulValueLen); } else { buffer_append_printf (buffer, "(%lu) ", attr->ulValueLen); @@ -820,10 +845,15 @@ format_attributes (p11_buffer *buffer, int count) { CK_BBOOL first = CK_TRUE; + CK_OBJECT_CLASS klass; int i; if (count < 0) count = p11_attrs_count (attrs); + + if (!p11_attrs_findn_ulong (attrs, CKA_CLASS, count, &klass)) + klass = CKA_INVALID; + buffer_append_printf (buffer, "(%d) [", count); for (i = 0; i < count; i++) { if (first) @@ -831,7 +861,7 @@ format_attributes (p11_buffer *buffer, else p11_buffer_add (buffer, ", ", 2); first = CK_FALSE; - format_attribute (buffer, attrs + i); + format_attribute (buffer, attrs + i, klass); } p11_buffer_add (buffer, " ]", -1); } @@ -848,11 +878,12 @@ p11_attrs_to_string (const CK_ATTRIBUTE *attrs, } char * -p11_attr_to_string (const CK_ATTRIBUTE *attr) +p11_attr_to_string (const CK_ATTRIBUTE *attr, + CK_OBJECT_CLASS klass) { p11_buffer buffer; if (!p11_buffer_init_null (&buffer, 32)) return_val_if_reached (NULL); - format_attribute (&buffer, attr); + format_attribute (&buffer, attr, klass); return p11_buffer_steal (&buffer, NULL); } diff --git a/common/attrs.h b/common/attrs.h index 87e0af1..233ac79 100644 --- a/common/attrs.h +++ b/common/attrs.h @@ -74,16 +74,21 @@ CK_ATTRIBUTE * p11_attrs_findn (CK_ATTRIBUTE *attrs, CK_ULONG count, CK_ATTRIBUTE_TYPE type); -bool p11_attrs_find_bool (CK_ATTRIBUTE *attrs, +bool p11_attrs_find_bool (const CK_ATTRIBUTE *attrs, CK_ATTRIBUTE_TYPE type, CK_BBOOL *value); -bool p11_attrs_findn_bool (CK_ATTRIBUTE *attrs, +bool p11_attrs_findn_bool (const CK_ATTRIBUTE *attrs, CK_ULONG count, CK_ATTRIBUTE_TYPE type, CK_BBOOL *value); -bool p11_attrs_find_ulong (CK_ATTRIBUTE *attrs, +bool p11_attrs_find_ulong (const CK_ATTRIBUTE *attrs, + CK_ATTRIBUTE_TYPE type, + CK_ULONG *value); + +bool p11_attrs_findn_ulong (const CK_ATTRIBUTE *attrs, + CK_ULONG count, CK_ATTRIBUTE_TYPE type, CK_ULONG *value); @@ -107,7 +112,8 @@ bool p11_attrs_matchn (const CK_ATTRIBUTE *attrs, char * p11_attrs_to_string (const CK_ATTRIBUTE *attrs, int count); -char * p11_attr_to_string (const CK_ATTRIBUTE *attr); +char * p11_attr_to_string (const CK_ATTRIBUTE *attr, + CK_OBJECT_CLASS klass); bool p11_attr_equal (const void *one, const void *two); diff --git a/common/tests/test-attrs.c b/common/tests/test-attrs.c index 61fcef3..324ed90 100644 --- a/common/tests/test-attrs.c +++ b/common/tests/test-attrs.c @@ -470,7 +470,7 @@ test_to_string (CuTest *tc) char *string; - string = p11_attr_to_string (&one); + string = p11_attr_to_string (&one, CKA_INVALID); CuAssertStrEquals (tc, "{ CKA_LABEL = (3) \"yay\" }", string); free (string); -- cgit v1.1