Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */
/* p11-rpc-util.c - utilities for module and dispatcher
Copyright (C) 2008, Stef Walter
The Gnome Keyring Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Library General Public License as
published by the Free Software Foundation; either version 2 of the
License, or (at your option) any later version.
The Gnome Keyring Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Library General Public License for more details.
You should have received a copy of the GNU Library General Public
License along with the Gnome Library; see the file COPYING.LIB. If not,
write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
Author: Stef Walter <stef@memberwebs.com>
*/
#include "config.h"
#include "gck-rpc-layer.h"
#include "gck-rpc-private.h"
#include <stdarg.h>
#include <string.h>
#include <stdio.h>
static void do_log(const char *pref, const char *msg, va_list va)
{
char buffer[1024];
size_t len = 0;
if (pref) {
snprintf(buffer, sizeof(buffer), "%s: ", pref);
len = strlen(buffer);
}
vsnprintf(buffer + len, sizeof(buffer) - len, msg, va);
gck_rpc_log(buffer);
}
void gck_rpc_warn(const char *msg, ...)
{
va_list va;
va_start(va, msg);
do_log("WARNING", msg, va);
va_end(va);
}
void gck_rpc_debug(const char *msg, ...)
{
va_list va;
va_start(va, msg);
do_log("DEBUG", msg, va);
va_end(va);
}
int gck_rpc_mechanism_is_supported(CK_MECHANISM_TYPE mech)
{
if (gck_rpc_mechanism_has_no_parameters(mech) ||
gck_rpc_mechanism_has_sane_parameters(mech))
return 1;
return 0;
}
void
gck_rpc_mechanism_list_purge(CK_MECHANISM_TYPE_PTR mechs, CK_ULONG * n_mechs)
{
int i;
assert(mechs);
assert(n_mechs);
for (i = 0; i < (int)(*mechs); ++i) {
if (!gck_rpc_mechanism_has_no_parameters(mechs[i]) &&
!gck_rpc_mechanism_has_sane_parameters(mechs[i])) {
/* Remove the mechanism from the list */
memmove(&mechs[i], &mechs[i + 1],
(*n_mechs - i) * sizeof(CK_MECHANISM_TYPE));
--(*n_mechs);
--i;
}
}
}
int gck_rpc_mechanism_has_sane_parameters(CK_MECHANISM_TYPE type)
{
/* This list is incomplete */
switch (type) {
case CKM_RSA_PKCS_OAEP:
case CKM_RSA_PKCS_PSS:
return 1;
default:
return 0;
}
}
int gck_rpc_mechanism_has_no_parameters(CK_MECHANISM_TYPE mech)
{
/* This list is incomplete */
switch (mech) {
case CKM_RSA_PKCS_KEY_PAIR_GEN:
case CKM_RSA_X9_31_KEY_PAIR_GEN:
case CKM_RSA_PKCS:
case CKM_RSA_9796:
case CKM_RSA_X_509:
case CKM_RSA_X9_31:
case CKM_MD2_RSA_PKCS:
case CKM_MD5_RSA_PKCS:
case CKM_SHA1_RSA_PKCS:
case CKM_SHA256_RSA_PKCS:
case CKM_SHA384_RSA_PKCS:
case CKM_SHA512_RSA_PKCS:
case CKM_RIPEMD128_RSA_PKCS:
case CKM_RIPEMD160_RSA_PKCS:
case CKM_SHA1_RSA_X9_31:
case CKM_DSA_KEY_PAIR_GEN:
case CKM_DSA_PARAMETER_GEN:
case CKM_DSA:
case CKM_DSA_SHA1:
case CKM_FORTEZZA_TIMESTAMP:
case CKM_EC_KEY_PAIR_GEN:
case CKM_ECDSA:
case CKM_ECDSA_SHA1:
case CKM_DH_PKCS_KEY_PAIR_GEN:
case CKM_DH_PKCS_PARAMETER_GEN:
case CKM_X9_42_DH_KEY_PAIR_GEN:
case CKM_X9_42_DH_PARAMETER_GEN:
case CKM_KEA_KEY_PAIR_GEN:
case CKM_GENERIC_SECRET_KEY_GEN:
case CKM_RC2_KEY_GEN:
case CKM_RC4_KEY_GEN:
case CKM_RC4:
case CKM_RC5_KEY_GEN:
case CKM_AES_KEY_GEN:
case CKM_AES_ECB:
case CKM_AES_MAC:
case CKM_DES_KEY_GEN:
case CKM_DES2_KEY_GEN:
case CKM_DES3_KEY_GEN:
case CKM_CDMF_KEY_GEN:
case CKM_CAST_KEY_GEN:
case CKM_CAST3_KEY_GEN:
case CKM_CAST128_KEY_GEN:
case CKM_IDEA_KEY_GEN:
case CKM_SSL3_PRE_MASTER_KEY_GEN:
case CKM_TLS_PRE_MASTER_KEY_GEN:
case CKM_SKIPJACK_KEY_GEN:
case CKM_BATON_KEY_GEN:
case CKM_JUNIPER_KEY_GEN:
case CKM_RC2_ECB:
case CKM_DES_ECB:
case CKM_DES3_ECB:
case CKM_CDMF_ECB:
case CKM_CAST_ECB:
case CKM_CAST3_ECB:
case CKM_CAST128_ECB:
case CKM_RC5_ECB:
case CKM_IDEA_ECB:
case CKM_RC2_MAC:
case CKM_DES_MAC:
case CKM_DES3_MAC:
case CKM_CDMF_MAC:
case CKM_CAST_MAC:
case CKM_CAST3_MAC:
case CKM_RC5_MAC:
case CKM_IDEA_MAC:
case CKM_SSL3_MD5_MAC:
case CKM_SSL3_SHA1_MAC:
case CKM_SKIPJACK_WRAP:
case CKM_BATON_WRAP:
case CKM_JUNIPER_WRAP:
case CKM_MD2:
case CKM_MD2_HMAC:
case CKM_MD5:
case CKM_MD5_HMAC:
case CKM_SHA_1:
case CKM_SHA_1_HMAC:
case CKM_SHA256:
case CKM_SHA256_HMAC:
case CKM_SHA384:
case CKM_SHA384_HMAC:
case CKM_SHA512:
case CKM_SHA512_HMAC:
case CKM_FASTHASH:
case CKM_RIPEMD128:
case CKM_RIPEMD128_HMAC:
case CKM_RIPEMD160:
case CKM_RIPEMD160_HMAC:
case CKM_KEY_WRAP_LYNKS:
return 1;
default:
return 0;
};
}
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
int
gck_rpc_has_ulong_parameter(CK_ATTRIBUTE_TYPE type)
{
switch (type) {
case CKA_CLASS:
case CKA_KEY_TYPE:
case CKA_CERTIFICATE_TYPE:
case CKA_HW_FEATURE_TYPE:
return 1;
default:
return 0;
}
}
int
gck_rpc_has_bad_sized_ulong_parameter(CK_ATTRIBUTE_PTR attr)
{
if (!attr->pValue)
return 0;
/* All this parameters are transmited on the network
* as 64bit integers */
if (sizeof (uint64_t) != attr->ulValueLen)
return 0;
if (sizeof (CK_ULONG) == attr->ulValueLen)
return 0;
return gck_rpc_has_ulong_parameter(attr->type);
}
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
/*
* Parses prefix into two strings (host and port). Port may be a NULL pointer
* if none is specified. Since this code does not decode port in any way, a
* service name works too (but requires other code (like
* _get_listening_socket()) able to resolve service names).
*
* This should work for IPv4 and IPv6 inputs :
*
* 0.0.0.0:2345
* 0.0.0.0
* [::]:2345
* [::]
* [::1]:2345
* localhost:2345
* localhost
* localhost:p11proxy (if p11proxy is a known service name)
*
* Returns 0 on failure, and 1 on success.
*/
int gck_rpc_parse_host_port(const char *prefix, char **host, char **port)
{
char *p = NULL;
int is_ipv6;
is_ipv6 = (prefix[0] == '[') ? 1 : 0;
*host = strdup(prefix + is_ipv6);
*port = NULL;
if (*host == NULL) {
gck_rpc_warn("out of memory");
return 0;
}
if (is_ipv6 && prefix[0] == '[')
p = strchr(*host, ']');
else
p = strchr(*host, ':');
if (p) {
is_ipv6 = (*p == ']'); /* remember if separator was ']' */
*p = '\0'; /* replace separator will NULL to terminate *host */
*port = p + 1;
if (is_ipv6 && (**port == ':'))
*port = p + 2;
}
return 1;
}
