From 80303340701c2cba78937193084f3d716b883b55 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Tue, 19 Mar 2013 19:03:12 +0100 Subject: trust: Use descriptive labels for tokens Try to determine which one is the system trust input token, and which one is the default token by using datadir and sysconfdir respectively. https://bugs.freedesktop.org/show_bug.cgi?id=62534 --- trust/Makefile.am | 2 ++ trust/module.c | 63 +++++++++++++++++++++++++++++++++++++---------- trust/tests/Makefile.am | 2 ++ trust/tests/frob-token.c | 2 +- trust/tests/test-module.c | 30 +++++++++++++++------- trust/tests/test-token.c | 13 +++++++++- trust/token.c | 22 +++++++++++++++-- trust/token.h | 5 +++- 8 files changed, 112 insertions(+), 27 deletions(-) (limited to 'trust') diff --git a/trust/Makefile.am b/trust/Makefile.am index aff512e..38c6b98 100644 --- a/trust/Makefile.am +++ b/trust/Makefile.am @@ -7,6 +7,8 @@ COMMON = $(top_srcdir)/common INCLUDES = \ -I$(top_srcdir) \ -I$(top_srcdir)/common \ + -DDATADIR=\"$(datadir)\" \ + -DSYSCONFDIR=\"$(sysconfdir)\" \ $(LIBTASN1_CFLAGS) \ $(NULL) diff --git a/trust/module.c b/trust/module.c index ed93479..a819303 100644 --- a/trust/module.c +++ b/trust/module.c @@ -56,8 +56,7 @@ #define MANUFACTURER_ID "PKCS#11 Kit " #define LIBRARY_DESCRIPTION "PKCS#11 Kit Trust Module " -#define TOKEN_LABEL "System Trust Anchors and Policy " -#define TOKEN_MODEL "PKCS#11 Kit " +#define TOKEN_MODEL "p11-kit-trust " #define TOKEN_SERIAL_NUMBER "1 " /* Initial slot id: non-zero and non-one */ @@ -168,12 +167,31 @@ static bool create_tokens_inlock (p11_array *tokens, const char *paths) { + /* + * TRANSLATORS: These label strings are used in PKCS#11 URIs and + * unfortunately cannot be marked translatable. If localization is + * desired they should be translated in GUI applications. These + * strings will not change arbitrarily. + */ + + struct { + const char *prefix; + const char *label; + } labels[] = { + { DATADIR, "Default Trust" }, + { SYSCONFDIR, "System Trust" }, + { NULL }, + }; + p11_token *token; p11_token *check; CK_SLOT_ID slot; const char *path; + const char *label; char *remaining; + char *base; char *pos; + int i; p11_debug ("using paths: %s", paths); @@ -191,13 +209,33 @@ create_tokens_inlock (p11_array *tokens, } if (path[0] != '\0') { + /* The slot for the new token */ slot = BASE_SLOT_ID + tokens->num; - token = p11_token_new (slot, path); + + label = NULL; + base = NULL; + + /* Claim the various labels based on prefix */ + for (i = 0; label == NULL && labels[i].prefix != NULL; i++) { + if (strncmp (path, labels[i].prefix, strlen (labels[i].prefix)) == 0) { + label = labels[i].label; + labels[i].label = NULL; + } + } + + /* Didn't find a label above, then make one based on the path */ + if (!label) { + label = base = p11_basename (path); + return_val_if_fail (base != NULL, false); + } + + token = p11_token_new (slot, path, label); return_val_if_fail (token != NULL, false); if (!p11_array_push (tokens, token)) return_val_if_reached (false); + free (base); assert (lookup_slot_inlock (slot, &check) == CKR_OK && check == token); } } @@ -511,8 +549,8 @@ sys_C_GetSlotInfo (CK_SLOT_ID id, memset (info, 0, sizeof (*info)); info->firmwareVersion.major = 0; info->firmwareVersion.minor = 0; - info->hardwareVersion.major = 0; - info->hardwareVersion.minor = 0; + info->hardwareVersion.major = PACKAGE_MAJOR; + info->hardwareVersion.minor = PACKAGE_MINOR; info->flags = CKF_TOKEN_PRESENT; strncpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32); @@ -537,7 +575,7 @@ sys_C_GetTokenInfo (CK_SLOT_ID id, { CK_RV rv = CKR_OK; p11_token *token; - char *path; + const char *label; size_t length; return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD); @@ -551,8 +589,8 @@ sys_C_GetTokenInfo (CK_SLOT_ID id, memset (info, 0, sizeof (*info)); info->firmwareVersion.major = 0; info->firmwareVersion.minor = 0; - info->hardwareVersion.major = 0; - info->hardwareVersion.minor = 0; + info->hardwareVersion.major = PACKAGE_MAJOR; + info->hardwareVersion.minor = PACKAGE_MINOR; info->flags = CKF_TOKEN_INITIALIZED | CKF_WRITE_PROTECTED; strncpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32); strncpy ((char*)info->model, TOKEN_MODEL, 16); @@ -568,14 +606,13 @@ sys_C_GetTokenInfo (CK_SLOT_ID id, info->ulTotalPrivateMemory = CK_UNAVAILABLE_INFORMATION; info->ulFreePrivateMemory = CK_UNAVAILABLE_INFORMATION; - /* If too long, copy the last 32 characters into buffer */ - path = p11_basename (p11_token_get_path (token)); - length = strlen (path); + /* If too long, copy the first 32 characters into buffer */ + label = p11_token_get_label (token); + length = strlen (label); if (length > sizeof (info->label)) length = sizeof (info->label); memset (info->label, ' ', sizeof (info->label)); - memcpy (info->label, path, length); - free (path); + memcpy (info->label, label, length); } p11_unlock (); diff --git a/trust/tests/Makefile.am b/trust/tests/Makefile.am index a964948..aedc6f3 100644 --- a/trust/tests/Makefile.am +++ b/trust/tests/Makefile.am @@ -7,6 +7,8 @@ INCLUDES = \ -I$(top_srcdir) \ -I$(srcdir)/.. \ -I$(top_srcdir)/common \ + -DDATADIR=\"$(datadir)\" \ + -DSYSCONFDIR=\"$(sysconfdir)\" \ $(CUTEST_CFLAGS) noinst_LTLIBRARIES = \ diff --git a/trust/tests/frob-token.c b/trust/tests/frob-token.c index 622dad4..5d57ec1 100644 --- a/trust/tests/frob-token.c +++ b/trust/tests/frob-token.c @@ -52,7 +52,7 @@ main (int argc, return 2; } - token = p11_token_new (1, argv[1]); + token = p11_token_new (1, argv[1], "Label"); count = p11_token_load (token); printf ("%d files loaded\n", count); diff --git a/trust/tests/test-module.c b/trust/tests/test-module.c index de0a3b1..57df78e 100644 --- a/trust/tests/test-module.c +++ b/trust/tests/test-module.c @@ -184,6 +184,8 @@ test_get_slot_info (CuTest *cu) static void test_get_token_info (CuTest *cu) { + CK_C_INITIALIZE_ARGS args; + CK_FUNCTION_LIST *module; CK_SLOT_ID slots[NUM_SLOTS]; CK_TOKEN_INFO info; char label[32]; @@ -193,20 +195,29 @@ test_get_token_info (CuTest *cu) /* These are the paths passed in in setup() */ const char *labels[] = { - "input", - "self-signed-with-ku.der", - "thawte.pem" + "System Trust", + "Default Trust", + "the-basename", }; - setup (cu); + /* This is the entry point of the trust module, linked to this test */ + rv = C_GetFunctionList (&module); + CuAssertTrue (cu, rv == CKR_OK); + + memset (&args, 0, sizeof (args)); + args.pReserved = "paths='" SYSCONFDIR "/input:" DATADIR "/files/blah:" "/some/other/path/the-basename'"; + args.flags = CKF_OS_LOCKING_OK; + + rv = module->C_Initialize (&args); + CuAssertTrue (cu, rv == CKR_OK); count = NUM_SLOTS; - rv = test.module->C_GetSlotList (TRUE, slots, &count); - CuAssertIntEquals (cu, CKR_OK, rv); - CuAssertIntEquals (cu, NUM_SLOTS, count); + rv = module->C_GetSlotList (CK_TRUE, slots, &count); + CuAssertTrue (cu, rv == CKR_OK); + CuAssertTrue (cu, count == NUM_SLOTS); for (i = 0; i < NUM_SLOTS; i++) { - rv = test.module->C_GetTokenInfo (slots[i], &info); + rv = module->C_GetTokenInfo (slots[i], &info); CuAssertIntEquals (cu, CKR_OK, rv); memset (label, ' ', sizeof (label)); @@ -214,7 +225,8 @@ test_get_token_info (CuTest *cu) CuAssertTrue (cu, memcmp (info.label, label, sizeof (label)) == 0); } - teardown (cu); + rv = module->C_Finalize (NULL); + CuAssertIntEquals (cu, CKR_OK, rv); } static void diff --git a/trust/tests/test-token.c b/trust/tests/test-token.c index c62fae2..ebe434d 100644 --- a/trust/tests/test-token.c +++ b/trust/tests/test-token.c @@ -54,7 +54,7 @@ static void setup (CuTest *cu, const char *path) { - test.token = p11_token_new (333, path); + test.token = p11_token_new (333, path, "Label"); CuAssertPtrNotNull (cu, test.token); } @@ -208,6 +208,16 @@ test_token_path (CuTest *cu) } static void +test_token_label (CuTest *cu) +{ + setup (cu, "/wheee"); + + CuAssertStrEquals (cu, "Label", p11_token_get_label (test.token)); + + teardown (cu); +} + +static void test_token_slot (CuTest *cu) { setup (cu, "/unneeded"); @@ -231,6 +241,7 @@ main (void) SUITE_ADD_TEST (suite, test_token_load); SUITE_ADD_TEST (suite, test_token_flags); SUITE_ADD_TEST (suite, test_token_path); + SUITE_ADD_TEST (suite, test_token_label); SUITE_ADD_TEST (suite, test_token_slot); CuSuiteRun (suite); diff --git a/trust/token.c b/trust/token.c index b0c0704..e0c2089 100644 --- a/trust/token.c +++ b/trust/token.c @@ -62,7 +62,8 @@ struct _p11_token { p11_parser *parser; p11_index *index; p11_builder *builder; - const char *path; + char *path; + char *label; CK_SLOT_ID slot; int loaded; }; @@ -253,15 +254,21 @@ p11_token_free (p11_token *token) p11_index_free (token->index); p11_parser_free (token->parser); p11_builder_free (token->builder); + free (token->path); + free (token->label); free (token); } p11_token * p11_token_new (CK_SLOT_ID slot, - const char *path) + const char *path, + const char *label) { p11_token *token; + return_val_if_fail (path != NULL, NULL); + return_val_if_fail (label != NULL, NULL); + token = calloc (1, sizeof (p11_token)); return_val_if_fail (token != NULL, NULL); @@ -280,13 +287,24 @@ p11_token_new (CK_SLOT_ID slot, token->path = strdup (path); return_val_if_fail (token->path != NULL, NULL); + token->label = strdup (label); + return_val_if_fail (token->label != NULL, NULL); + token->slot = slot; token->loaded = 0; + p11_debug ("token: %s: %s", token->label, token->path); return token; } const char * +p11_token_get_label (p11_token *token) +{ + return_val_if_fail (token != NULL, NULL); + return token->label; +} + +const char * p11_token_get_path (p11_token *token) { return_val_if_fail (token != NULL, NULL); diff --git a/trust/token.h b/trust/token.h index 43cebaa..d7375e7 100644 --- a/trust/token.h +++ b/trust/token.h @@ -42,7 +42,8 @@ typedef struct _p11_token p11_token; p11_token * p11_token_new (CK_SLOT_ID slot, - const char *path); + const char *path, + const char *label); void p11_token_free (p11_token *token); @@ -52,6 +53,8 @@ p11_index * p11_token_index (p11_token *token); const char * p11_token_get_path (p11_token *token); +const char * p11_token_get_label (p11_token *token); + CK_SLOT_ID p11_token_get_slot (p11_token *token); #endif /* P11_TOKEN_H_ */ -- cgit v1.1