From 0ab6bcfc4413f2a819d4e80abc6e98fb12032891 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Thu, 4 Sep 2014 15:35:51 +0200 Subject: [PATCH] common: New public pkcs11x.h header containing extensions Move our internal stuff to pkcs11i.h, and install the pkcs11x.h header containing extensions. In addition move from CKA_X_PUBLIC_KEY_INFO to the draft 2.40 definition of CKA_PUBLIC_KEY_INFO https://bugs.freedesktop.org/show_bug.cgi?id=83495 --- common/Makefile.am | 3 +- common/attrs.c | 4 +- common/constants.c | 4 +- common/mock.h | 2 +- common/pkcs11i.h | 500 +++++++++++++++++++++++++++++++++++++++++++++++++ common/pkcs11x.h | 460 +-------------------------------------------- doc/manual/Makefile.am | 1 + p11-kit/virtual.h | 2 +- trust/builder.c | 15 +- trust/enumerate.c | 16 +- trust/parser.c | 2 +- trust/persist.c | 1 + trust/test-builder.c | 25 +-- trust/test-enumerate.c | 8 +- trust/test-openssl.c | 12 +- trust/test-parser.c | 8 +- trust/test-persist.c | 1 + 17 files changed, 560 insertions(+), 504 deletions(-) create mode 100644 common/pkcs11i.h diff --git a/common/Makefile.am b/common/Makefile.am index 5f185b8..47162dd 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -1,6 +1,7 @@ inc_HEADERS += \ common/pkcs11.h \ + common/pkcs11x.h \ $(NULL) noinst_LTLIBRARIES += \ @@ -23,7 +24,7 @@ libp11_common_la_SOURCES = \ common/lexer.c common/lexer.h \ common/message.c common/message.h \ common/path.c common/path.h \ - common/pkcs11.h common/pkcs11x.h \ + common/pkcs11.h common/pkcs11x.h common/pkcs11i.h \ common/url.c common/url.h \ $(NULL) diff --git a/common/attrs.c b/common/attrs.c index 4a3d655..1a03527 100644 --- a/common/attrs.c +++ b/common/attrs.c @@ -42,6 +42,7 @@ #include "debug.h" #include "hash.h" #include "pkcs11.h" +#include "pkcs11i.h" #include "pkcs11x.h" #include @@ -668,8 +669,7 @@ attribute_is_sensitive (const CK_ATTRIBUTE *attr, X (CKA_X_PURPOSE) X (CKA_X_PEER) X (CKA_X_DISTRUSTED) - X (CKA_X_CRITICAL) - X (CKA_X_PUBLIC_KEY_INFO) + X (CKA_PUBLIC_KEY_INFO) X (CKA_NSS_URL) X (CKA_NSS_EMAIL) X (CKA_NSS_SMIME_INFO) diff --git a/common/constants.c b/common/constants.c index ca956d3..2bccf1d 100644 --- a/common/constants.c +++ b/common/constants.c @@ -38,6 +38,7 @@ #include "constants.h" #include "debug.h" #include "pkcs11.h" +#include "pkcs11i.h" #include "pkcs11x.h" #include @@ -97,6 +98,7 @@ const p11_constant p11_constant_types[] = { CT (CKA_EXPONENT_1, "exponent-1") CT (CKA_EXPONENT_2, "exponent-2") CT (CKA_COEFFICIENT, "coefficient") + CT (CKA_PUBLIC_KEY_INFO, "public-key-info") CT (CKA_PRIME, "prime") CT (CKA_SUBPRIME, "subprime") CT (CKA_BASE, "base") @@ -174,8 +176,6 @@ const p11_constant p11_constant_types[] = { CT (CKA_X_PURPOSE, "x-purpose") CT (CKA_X_PEER, "x-peer") CT (CKA_X_DISTRUSTED, "x-distrusted") - CT (CKA_X_CRITICAL, "x-critical") - CT (CKA_X_PUBLIC_KEY_INFO, "x-public-key-info") { CKA_INVALID }, }; diff --git a/common/mock.h b/common/mock.h index 6253386..16beb66 100644 --- a/common/mock.h +++ b/common/mock.h @@ -37,7 +37,7 @@ #include "compat.h" #include "pkcs11.h" -#include "pkcs11x.h" +#include "pkcs11i.h" enum { MOCK_DATA_OBJECT = 2, diff --git a/common/pkcs11i.h b/common/pkcs11i.h new file mode 100644 index 0000000..fc280c9 --- /dev/null +++ b/common/pkcs11i.h @@ -0,0 +1,500 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef PKCS11_I_H_ +#define PKCS11_I_H_ 1 + +#if defined(__cplusplus) +extern "C" { +#endif + +/* ------------------------------------------------------------------- + * TRUST ASSERTIONS + * + * These are retired and should not be used in new code + */ + +#define CKO_X_TRUST_ASSERTION (CKO_X_VENDOR + 100) +#define CKA_X_ASSERTION_TYPE (CKA_X_VENDOR + 1) +#define CKA_X_CERTIFICATE_VALUE (CKA_X_VENDOR + 2) +#define CKA_X_PURPOSE (CKA_X_VENDOR + 3) +#define CKA_X_PEER (CKA_X_VENDOR + 4) +typedef CK_ULONG CK_X_ASSERTION_TYPE; +#define CKT_X_DISTRUSTED_CERTIFICATE 1UL +#define CKT_X_PINNED_CERTIFICATE 2UL +#define CKT_X_ANCHORED_CERTIFICATE 3UL + +/* ------------------------------------------------------------------- + * SUBCLASSABLE PKCS#11 FUNCTIONS + */ + +typedef struct _CK_X_FUNCTION_LIST CK_X_FUNCTION_LIST; + +typedef CK_RV (* CK_X_Initialize) (CK_X_FUNCTION_LIST *, + CK_VOID_PTR); + +typedef CK_RV (* CK_X_Finalize) (CK_X_FUNCTION_LIST *, + CK_VOID_PTR); + +typedef CK_RV (* CK_X_GetInfo) (CK_X_FUNCTION_LIST *, + CK_INFO_PTR); + +typedef CK_RV (* CK_X_GetSlotList) (CK_X_FUNCTION_LIST *, + CK_BBOOL, + CK_SLOT_ID_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_GetSlotInfo) (CK_X_FUNCTION_LIST *, + CK_SLOT_ID, + CK_SLOT_INFO_PTR); + +typedef CK_RV (* CK_X_GetTokenInfo) (CK_X_FUNCTION_LIST *, + CK_SLOT_ID, + CK_TOKEN_INFO_PTR); + +typedef CK_RV (* CK_X_GetMechanismList) (CK_X_FUNCTION_LIST *, + CK_SLOT_ID, + CK_MECHANISM_TYPE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_GetMechanismInfo) (CK_X_FUNCTION_LIST *, + CK_SLOT_ID, + CK_MECHANISM_TYPE, + CK_MECHANISM_INFO_PTR); + +typedef CK_RV (* CK_X_InitToken) (CK_X_FUNCTION_LIST *, + CK_SLOT_ID, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR); + +typedef CK_RV (* CK_X_InitPIN) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_SetPIN) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_OpenSession) (CK_X_FUNCTION_LIST *, + CK_SLOT_ID, + CK_FLAGS, + CK_VOID_PTR, + CK_NOTIFY, + CK_SESSION_HANDLE_PTR); + +typedef CK_RV (* CK_X_CloseSession) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE); + +typedef CK_RV (* CK_X_CloseAllSessions) (CK_X_FUNCTION_LIST *, + CK_SLOT_ID); + +typedef CK_RV (* CK_X_GetSessionInfo) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_SESSION_INFO_PTR); + +typedef CK_RV (* CK_X_GetOperationState) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_SetOperationState) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_OBJECT_HANDLE, + CK_OBJECT_HANDLE); + +typedef CK_RV (* CK_X_Login) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_USER_TYPE, + CK_BYTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_Logout) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE); + +typedef CK_RV (* CK_X_CreateObject) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_ATTRIBUTE_PTR, + CK_ULONG, + CK_OBJECT_HANDLE_PTR); + +typedef CK_RV (* CK_X_CopyObject) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_OBJECT_HANDLE, + CK_ATTRIBUTE_PTR, + CK_ULONG, + CK_OBJECT_HANDLE_PTR); + +typedef CK_RV (* CK_X_DestroyObject) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_OBJECT_HANDLE); + +typedef CK_RV (* CK_X_GetObjectSize) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_OBJECT_HANDLE, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_GetAttributeValue) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_OBJECT_HANDLE, + CK_ATTRIBUTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_SetAttributeValue) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_OBJECT_HANDLE, + CK_ATTRIBUTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_FindObjectsInit) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_ATTRIBUTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_FindObjects) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_OBJECT_HANDLE_PTR, + CK_ULONG, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_FindObjectsFinal) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE); + +typedef CK_RV (* CK_X_EncryptInit) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_MECHANISM_PTR, + CK_OBJECT_HANDLE); + +typedef CK_RV (* CK_X_Encrypt) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_EncryptUpdate) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_EncryptFinal) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_DecryptInit) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_MECHANISM_PTR, + CK_OBJECT_HANDLE); + +typedef CK_RV (* CK_X_Decrypt) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_DecryptUpdate) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_DecryptFinal) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_DigestInit) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_MECHANISM_PTR); + +typedef CK_RV (* CK_X_Digest) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_DigestUpdate) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_DigestKey) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_OBJECT_HANDLE); + +typedef CK_RV (* CK_X_DigestFinal) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_SignInit) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_MECHANISM_PTR, + CK_OBJECT_HANDLE); + +typedef CK_RV (* CK_X_Sign) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_SignUpdate) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_SignFinal) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_SignRecoverInit) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_MECHANISM_PTR, + CK_OBJECT_HANDLE); + +typedef CK_RV (* CK_X_SignRecover) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_VerifyInit) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_MECHANISM_PTR, + CK_OBJECT_HANDLE); + +typedef CK_RV (* CK_X_Verify) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_VerifyUpdate) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_VerifyFinal) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_VerifyRecoverInit) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_MECHANISM_PTR, + CK_OBJECT_HANDLE); + +typedef CK_RV (* CK_X_VerifyRecover) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_DigestEncryptUpdate) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_DecryptDigestUpdate) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_SignEncryptUpdate) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_DecryptVerifyUpdate) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_GenerateKey) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_MECHANISM_PTR, + CK_ATTRIBUTE_PTR, + CK_ULONG, + CK_OBJECT_HANDLE_PTR); + +typedef CK_RV (* CK_X_GenerateKeyPair) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_MECHANISM_PTR, + CK_ATTRIBUTE_PTR, + CK_ULONG, + CK_ATTRIBUTE_PTR, + CK_ULONG, + CK_OBJECT_HANDLE_PTR, + CK_OBJECT_HANDLE_PTR); + +typedef CK_RV (* CK_X_WrapKey) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_MECHANISM_PTR, + CK_OBJECT_HANDLE, + CK_OBJECT_HANDLE, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_UnwrapKey) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_MECHANISM_PTR, + CK_OBJECT_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_ATTRIBUTE_PTR, + CK_ULONG, + CK_OBJECT_HANDLE_PTR); + +typedef CK_RV (* CK_X_DeriveKey) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_MECHANISM_PTR, + CK_OBJECT_HANDLE, + CK_ATTRIBUTE_PTR, + CK_ULONG, + CK_OBJECT_HANDLE_PTR); + +typedef CK_RV (* CK_X_SeedRandom) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_GenerateRandom) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_WaitForSlotEvent) (CK_X_FUNCTION_LIST *, + CK_FLAGS, + CK_SLOT_ID_PTR, + CK_VOID_PTR); + +struct _CK_X_FUNCTION_LIST { + CK_VERSION version; + CK_X_Initialize C_Initialize; + CK_X_Finalize C_Finalize; + CK_X_GetInfo C_GetInfo; + CK_X_GetSlotList C_GetSlotList; + CK_X_GetSlotInfo C_GetSlotInfo; + CK_X_GetTokenInfo C_GetTokenInfo; + CK_X_GetMechanismList C_GetMechanismList; + CK_X_GetMechanismInfo C_GetMechanismInfo; + CK_X_InitToken C_InitToken; + CK_X_InitPIN C_InitPIN; + CK_X_SetPIN C_SetPIN; + CK_X_OpenSession C_OpenSession; + CK_X_CloseSession C_CloseSession; + CK_X_CloseAllSessions C_CloseAllSessions; + CK_X_GetSessionInfo C_GetSessionInfo; + CK_X_GetOperationState C_GetOperationState; + CK_X_SetOperationState C_SetOperationState; + CK_X_Login C_Login; + CK_X_Logout C_Logout; + CK_X_CreateObject C_CreateObject; + CK_X_CopyObject C_CopyObject; + CK_X_DestroyObject C_DestroyObject; + CK_X_GetObjectSize C_GetObjectSize; + CK_X_GetAttributeValue C_GetAttributeValue; + CK_X_SetAttributeValue C_SetAttributeValue; + CK_X_FindObjectsInit C_FindObjectsInit; + CK_X_FindObjects C_FindObjects; + CK_X_FindObjectsFinal C_FindObjectsFinal; + CK_X_EncryptInit C_EncryptInit; + CK_X_Encrypt C_Encrypt; + CK_X_EncryptUpdate C_EncryptUpdate; + CK_X_EncryptFinal C_EncryptFinal; + CK_X_DecryptInit C_DecryptInit; + CK_X_Decrypt C_Decrypt; + CK_X_DecryptUpdate C_DecryptUpdate; + CK_X_DecryptFinal C_DecryptFinal; + CK_X_DigestInit C_DigestInit; + CK_X_Digest C_Digest; + CK_X_DigestUpdate C_DigestUpdate; + CK_X_DigestKey C_DigestKey; + CK_X_DigestFinal C_DigestFinal; + CK_X_SignInit C_SignInit; + CK_X_Sign C_Sign; + CK_X_SignUpdate C_SignUpdate; + CK_X_SignFinal C_SignFinal; + CK_X_SignRecoverInit C_SignRecoverInit; + CK_X_SignRecover C_SignRecover; + CK_X_VerifyInit C_VerifyInit; + CK_X_Verify C_Verify; + CK_X_VerifyUpdate C_VerifyUpdate; + CK_X_VerifyFinal C_VerifyFinal; + CK_X_VerifyRecoverInit C_VerifyRecoverInit; + CK_X_VerifyRecover C_VerifyRecover; + CK_X_DigestEncryptUpdate C_DigestEncryptUpdate; + CK_X_DecryptDigestUpdate C_DecryptDigestUpdate; + CK_X_SignEncryptUpdate C_SignEncryptUpdate; + CK_X_DecryptVerifyUpdate C_DecryptVerifyUpdate; + CK_X_GenerateKey C_GenerateKey; + CK_X_GenerateKeyPair C_GenerateKeyPair; + CK_X_WrapKey C_WrapKey; + CK_X_UnwrapKey C_UnwrapKey; + CK_X_DeriveKey C_DeriveKey; + CK_X_SeedRandom C_SeedRandom; + CK_X_GenerateRandom C_GenerateRandom; + CK_X_WaitForSlotEvent C_WaitForSlotEvent; +}; + +#if defined(__cplusplus) +} +#endif + +#endif /* PKCS11_X_H_ */ diff --git a/common/pkcs11x.h b/common/pkcs11x.h index d1c52c3..2a59525 100644 --- a/common/pkcs11x.h +++ b/common/pkcs11x.h @@ -121,21 +121,6 @@ typedef CK_ULONG CK_TRUST; #define CKA_X_VENDOR (CKA_VENDOR_DEFINED | 0x58444700UL) #define CKO_X_VENDOR (CKA_VENDOR_DEFINED | 0x58444700UL) -/* ------------------------------------------------------------------- - * TRUST ASSERTIONS - * - * These are retired and should not be used in new code - */ - -#define CKO_X_TRUST_ASSERTION (CKO_X_VENDOR + 100) -#define CKA_X_ASSERTION_TYPE (CKA_X_VENDOR + 1) -#define CKA_X_CERTIFICATE_VALUE (CKA_X_VENDOR + 2) -#define CKA_X_PURPOSE (CKA_X_VENDOR + 3) -#define CKA_X_PEER (CKA_X_VENDOR + 4) -typedef CK_ULONG CK_X_ASSERTION_TYPE; -#define CKT_X_DISTRUSTED_CERTIFICATE 1UL -#define CKT_X_PINNED_CERTIFICATE 2UL -#define CKT_X_ANCHORED_CERTIFICATE 3UL /* ------------------------------------------------------------------- * STAPLED CERTIFICATES @@ -145,448 +130,13 @@ typedef CK_ULONG CK_X_ASSERTION_TYPE; #define CKO_X_CERTIFICATE_EXTENSION (CKO_X_VENDOR + 200) #define CKA_X_DISTRUSTED (CKA_X_VENDOR + 100) -#define CKA_X_CRITICAL (CKA_X_VENDOR + 101) -#define CKA_X_PUBLIC_KEY_INFO (CKA_X_VENDOR + 102) - -#endif /* CRYPTOKI_X_VENDOR_DEFINED */ - -/* ------------------------------------------------------------------- - * SUBCLASSABLE PKCS#11 FUNCTIONS - */ - -typedef struct _CK_X_FUNCTION_LIST CK_X_FUNCTION_LIST; - -typedef CK_RV (* CK_X_Initialize) (CK_X_FUNCTION_LIST *, - CK_VOID_PTR); - -typedef CK_RV (* CK_X_Finalize) (CK_X_FUNCTION_LIST *, - CK_VOID_PTR); - -typedef CK_RV (* CK_X_GetInfo) (CK_X_FUNCTION_LIST *, - CK_INFO_PTR); - -typedef CK_RV (* CK_X_GetSlotList) (CK_X_FUNCTION_LIST *, - CK_BBOOL, - CK_SLOT_ID_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_GetSlotInfo) (CK_X_FUNCTION_LIST *, - CK_SLOT_ID, - CK_SLOT_INFO_PTR); - -typedef CK_RV (* CK_X_GetTokenInfo) (CK_X_FUNCTION_LIST *, - CK_SLOT_ID, - CK_TOKEN_INFO_PTR); - -typedef CK_RV (* CK_X_GetMechanismList) (CK_X_FUNCTION_LIST *, - CK_SLOT_ID, - CK_MECHANISM_TYPE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_GetMechanismInfo) (CK_X_FUNCTION_LIST *, - CK_SLOT_ID, - CK_MECHANISM_TYPE, - CK_MECHANISM_INFO_PTR); - -typedef CK_RV (* CK_X_InitToken) (CK_X_FUNCTION_LIST *, - CK_SLOT_ID, - CK_BYTE_PTR, - CK_ULONG, - CK_BYTE_PTR); - -typedef CK_RV (* CK_X_InitPIN) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG); - -typedef CK_RV (* CK_X_SetPIN) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG, - CK_BYTE_PTR, - CK_ULONG); - -typedef CK_RV (* CK_X_OpenSession) (CK_X_FUNCTION_LIST *, - CK_SLOT_ID, - CK_FLAGS, - CK_VOID_PTR, - CK_NOTIFY, - CK_SESSION_HANDLE_PTR); - -typedef CK_RV (* CK_X_CloseSession) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE); - -typedef CK_RV (* CK_X_CloseAllSessions) (CK_X_FUNCTION_LIST *, - CK_SLOT_ID); - -typedef CK_RV (* CK_X_GetSessionInfo) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_SESSION_INFO_PTR); - -typedef CK_RV (* CK_X_GetOperationState) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_SetOperationState) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG, - CK_OBJECT_HANDLE, - CK_OBJECT_HANDLE); - -typedef CK_RV (* CK_X_Login) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_USER_TYPE, - CK_BYTE_PTR, - CK_ULONG); - -typedef CK_RV (* CK_X_Logout) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE); - -typedef CK_RV (* CK_X_CreateObject) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_ATTRIBUTE_PTR, - CK_ULONG, - CK_OBJECT_HANDLE_PTR); - -typedef CK_RV (* CK_X_CopyObject) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_OBJECT_HANDLE, - CK_ATTRIBUTE_PTR, - CK_ULONG, - CK_OBJECT_HANDLE_PTR); - -typedef CK_RV (* CK_X_DestroyObject) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_OBJECT_HANDLE); - -typedef CK_RV (* CK_X_GetObjectSize) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_OBJECT_HANDLE, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_GetAttributeValue) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_OBJECT_HANDLE, - CK_ATTRIBUTE_PTR, - CK_ULONG); - -typedef CK_RV (* CK_X_SetAttributeValue) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_OBJECT_HANDLE, - CK_ATTRIBUTE_PTR, - CK_ULONG); - -typedef CK_RV (* CK_X_FindObjectsInit) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_ATTRIBUTE_PTR, - CK_ULONG); - -typedef CK_RV (* CK_X_FindObjects) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_OBJECT_HANDLE_PTR, - CK_ULONG, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_FindObjectsFinal) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE); -typedef CK_RV (* CK_X_EncryptInit) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_MECHANISM_PTR, - CK_OBJECT_HANDLE); - -typedef CK_RV (* CK_X_Encrypt) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG, - CK_BYTE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_EncryptUpdate) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG, - CK_BYTE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_EncryptFinal) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_DecryptInit) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_MECHANISM_PTR, - CK_OBJECT_HANDLE); - -typedef CK_RV (* CK_X_Decrypt) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG, - CK_BYTE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_DecryptUpdate) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG, - CK_BYTE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_DecryptFinal) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_DigestInit) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_MECHANISM_PTR); - -typedef CK_RV (* CK_X_Digest) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG, - CK_BYTE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_DigestUpdate) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG); - -typedef CK_RV (* CK_X_DigestKey) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_OBJECT_HANDLE); - -typedef CK_RV (* CK_X_DigestFinal) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_SignInit) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_MECHANISM_PTR, - CK_OBJECT_HANDLE); - -typedef CK_RV (* CK_X_Sign) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG, - CK_BYTE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_SignUpdate) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG); - -typedef CK_RV (* CK_X_SignFinal) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_SignRecoverInit) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_MECHANISM_PTR, - CK_OBJECT_HANDLE); - -typedef CK_RV (* CK_X_SignRecover) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG, - CK_BYTE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_VerifyInit) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_MECHANISM_PTR, - CK_OBJECT_HANDLE); - -typedef CK_RV (* CK_X_Verify) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG, - CK_BYTE_PTR, - CK_ULONG); - -typedef CK_RV (* CK_X_VerifyUpdate) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG); - -typedef CK_RV (* CK_X_VerifyFinal) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG); - -typedef CK_RV (* CK_X_VerifyRecoverInit) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_MECHANISM_PTR, - CK_OBJECT_HANDLE); - -typedef CK_RV (* CK_X_VerifyRecover) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG, - CK_BYTE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_DigestEncryptUpdate) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG, - CK_BYTE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_DecryptDigestUpdate) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG, - CK_BYTE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_SignEncryptUpdate) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG, - CK_BYTE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_DecryptVerifyUpdate) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG, - CK_BYTE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_GenerateKey) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_MECHANISM_PTR, - CK_ATTRIBUTE_PTR, - CK_ULONG, - CK_OBJECT_HANDLE_PTR); - -typedef CK_RV (* CK_X_GenerateKeyPair) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_MECHANISM_PTR, - CK_ATTRIBUTE_PTR, - CK_ULONG, - CK_ATTRIBUTE_PTR, - CK_ULONG, - CK_OBJECT_HANDLE_PTR, - CK_OBJECT_HANDLE_PTR); - -typedef CK_RV (* CK_X_WrapKey) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_MECHANISM_PTR, - CK_OBJECT_HANDLE, - CK_OBJECT_HANDLE, - CK_BYTE_PTR, - CK_ULONG_PTR); - -typedef CK_RV (* CK_X_UnwrapKey) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_MECHANISM_PTR, - CK_OBJECT_HANDLE, - CK_BYTE_PTR, - CK_ULONG, - CK_ATTRIBUTE_PTR, - CK_ULONG, - CK_OBJECT_HANDLE_PTR); - -typedef CK_RV (* CK_X_DeriveKey) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_MECHANISM_PTR, - CK_OBJECT_HANDLE, - CK_ATTRIBUTE_PTR, - CK_ULONG, - CK_OBJECT_HANDLE_PTR); - -typedef CK_RV (* CK_X_SeedRandom) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG); - -typedef CK_RV (* CK_X_GenerateRandom) (CK_X_FUNCTION_LIST *, - CK_SESSION_HANDLE, - CK_BYTE_PTR, - CK_ULONG); - -typedef CK_RV (* CK_X_WaitForSlotEvent) (CK_X_FUNCTION_LIST *, - CK_FLAGS, - CK_SLOT_ID_PTR, - CK_VOID_PTR); +/* From the 2.40 draft */ +#ifndef CKA_PUBLIC_KEY_INFO +#define CKA_PUBLIC_KEY_INFO 0x00000129 +#endif -struct _CK_X_FUNCTION_LIST { - CK_VERSION version; - CK_X_Initialize C_Initialize; - CK_X_Finalize C_Finalize; - CK_X_GetInfo C_GetInfo; - CK_X_GetSlotList C_GetSlotList; - CK_X_GetSlotInfo C_GetSlotInfo; - CK_X_GetTokenInfo C_GetTokenInfo; - CK_X_GetMechanismList C_GetMechanismList; - CK_X_GetMechanismInfo C_GetMechanismInfo; - CK_X_InitToken C_InitToken; - CK_X_InitPIN C_InitPIN; - CK_X_SetPIN C_SetPIN; - CK_X_OpenSession C_OpenSession; - CK_X_CloseSession C_CloseSession; - CK_X_CloseAllSessions C_CloseAllSessions; - CK_X_GetSessionInfo C_GetSessionInfo; - CK_X_GetOperationState C_GetOperationState; - CK_X_SetOperationState C_SetOperationState; - CK_X_Login C_Login; - CK_X_Logout C_Logout; - CK_X_CreateObject C_CreateObject; - CK_X_CopyObject C_CopyObject; - CK_X_DestroyObject C_DestroyObject; - CK_X_GetObjectSize C_GetObjectSize; - CK_X_GetAttributeValue C_GetAttributeValue; - CK_X_SetAttributeValue C_SetAttributeValue; - CK_X_FindObjectsInit C_FindObjectsInit; - CK_X_FindObjects C_FindObjects; - CK_X_FindObjectsFinal C_FindObjectsFinal; - CK_X_EncryptInit C_EncryptInit; - CK_X_Encrypt C_Encrypt; - CK_X_EncryptUpdate C_EncryptUpdate; - CK_X_EncryptFinal C_EncryptFinal; - CK_X_DecryptInit C_DecryptInit; - CK_X_Decrypt C_Decrypt; - CK_X_DecryptUpdate C_DecryptUpdate; - CK_X_DecryptFinal C_DecryptFinal; - CK_X_DigestInit C_DigestInit; - CK_X_Digest C_Digest; - CK_X_DigestUpdate C_DigestUpdate; - CK_X_DigestKey C_DigestKey; - CK_X_DigestFinal C_DigestFinal; - CK_X_SignInit C_SignInit; - CK_X_Sign C_Sign; - CK_X_SignUpdate C_SignUpdate; - CK_X_SignFinal C_SignFinal; - CK_X_SignRecoverInit C_SignRecoverInit; - CK_X_SignRecover C_SignRecover; - CK_X_VerifyInit C_VerifyInit; - CK_X_Verify C_Verify; - CK_X_VerifyUpdate C_VerifyUpdate; - CK_X_VerifyFinal C_VerifyFinal; - CK_X_VerifyRecoverInit C_VerifyRecoverInit; - CK_X_VerifyRecover C_VerifyRecover; - CK_X_DigestEncryptUpdate C_DigestEncryptUpdate; - CK_X_DecryptDigestUpdate C_DecryptDigestUpdate; - CK_X_SignEncryptUpdate C_SignEncryptUpdate; - CK_X_DecryptVerifyUpdate C_DecryptVerifyUpdate; - CK_X_GenerateKey C_GenerateKey; - CK_X_GenerateKeyPair C_GenerateKeyPair; - CK_X_WrapKey C_WrapKey; - CK_X_UnwrapKey C_UnwrapKey; - CK_X_DeriveKey C_DeriveKey; - CK_X_SeedRandom C_SeedRandom; - CK_X_GenerateRandom C_GenerateRandom; - CK_X_WaitForSlotEvent C_WaitForSlotEvent; -}; +#endif /* CRYPTOKI_X_VENDOR_DEFINED */ #if defined(__cplusplus) } diff --git a/doc/manual/Makefile.am b/doc/manual/Makefile.am index 300fc3f..c3dfe2a 100644 --- a/doc/manual/Makefile.am +++ b/doc/manual/Makefile.am @@ -56,6 +56,7 @@ IGNORE_HFILES= \ mock.h \ modules.h \ pkcs11.h \ + pkcs11i.h \ pkcs11x.h \ private.h \ proxy.h \ diff --git a/p11-kit/virtual.h b/p11-kit/virtual.h index d29ea49..97d2a7c 100644 --- a/p11-kit/virtual.h +++ b/p11-kit/virtual.h @@ -36,7 +36,7 @@ #define __P11_VIRTUAL_H__ #include "pkcs11.h" -#include "pkcs11x.h" +#include "pkcs11i.h" #include "array.h" typedef struct { diff --git a/trust/builder.c b/trust/builder.c index fd7a662..6b43127 100644 --- a/trust/builder.c +++ b/trust/builder.c @@ -46,6 +46,7 @@ #include "index.h" #include "message.h" #include "oid.h" +#include "pkcs11i.h" #include "pkcs11x.h" #include "utf8.h" #include "x509.h" @@ -119,14 +120,14 @@ lookup_extension (p11_builder *builder, node_asn *node; CK_ATTRIBUTE match[] = { - { CKA_X_PUBLIC_KEY_INFO, }, + { CKA_PUBLIC_KEY_INFO, }, { CKA_OBJECT_ID, (void *)oid, p11_oid_length (oid) }, { CKA_CLASS, &klass, sizeof (klass) }, { CKA_INVALID }, }; if (public_key == NULL || public_key->type == CKA_INVALID) - public_key = p11_attrs_find_valid (cert, CKA_X_PUBLIC_KEY_INFO); + public_key = p11_attrs_find_valid (cert, CKA_PUBLIC_KEY_INFO); /* Look for a stapled certificate extension */ if (public_key != NULL) { @@ -642,7 +643,7 @@ certificate_value_attrs (CK_ATTRIBUTE *attrs, end_date.ulValueLen = 0; if (calc_element (node, der, der_len, "tbsCertificate.subjectPublicKeyInfo", public_key)) - public_key->type = CKA_X_PUBLIC_KEY_INFO; + public_key->type = CKA_PUBLIC_KEY_INFO; else public_key->type = CKA_INVALID; calc_element (node, der, der_len, "tbsCertificate.issuer.rdnSequence", &issuer); @@ -774,7 +775,7 @@ const static builder_schema certificate_schema = { { CKA_HASH_OF_SUBJECT_PUBLIC_KEY, CREATE }, { CKA_HASH_OF_ISSUER_PUBLIC_KEY, CREATE }, { CKA_JAVA_MIDP_SECURITY_DOMAIN, CREATE, type_ulong }, - { CKA_X_PUBLIC_KEY_INFO, WANT, type_der_key }, + { CKA_PUBLIC_KEY_INFO, WANT, type_der_key }, { CKA_INVALID }, }, certificate_populate, certificate_validate, }; @@ -814,7 +815,7 @@ const static builder_schema extension_schema = { NORMAL_BUILD, { COMMON_ATTRS, { CKA_VALUE, REQUIRE | CREATE, type_der_ext }, - { CKA_X_PUBLIC_KEY_INFO, REQUIRE | CREATE, type_der_key }, + { CKA_PUBLIC_KEY_INFO, REQUIRE | CREATE, type_der_key }, { CKA_OBJECT_ID, CREATE | WANT, type_der_oid }, { CKA_ID, CREATE | MODIFY }, { CKA_INVALID }, @@ -1709,7 +1710,7 @@ replace_compat_for_ext (p11_builder *builder, CK_ATTRIBUTE *public_key; int i; - public_key = p11_attrs_find_valid (attrs, CKA_X_PUBLIC_KEY_INFO); + public_key = p11_attrs_find_valid (attrs, CKA_PUBLIC_KEY_INFO); if (public_key == NULL) return; @@ -1740,7 +1741,7 @@ update_related_category (p11_builder *builder, { CKA_INVALID, }, }; - public_key = p11_attrs_find_valid (attrs, CKA_X_PUBLIC_KEY_INFO); + public_key = p11_attrs_find_valid (attrs, CKA_PUBLIC_KEY_INFO); if (public_key == NULL) return; diff --git a/trust/enumerate.c b/trust/enumerate.c index 679b635..d469b5c 100644 --- a/trust/enumerate.c +++ b/trust/enumerate.c @@ -101,7 +101,7 @@ load_stapled_extensions (p11_enumerate *ex, CK_ATTRIBUTE match[] = { { CKA_CLASS, &extension, sizeof (extension) }, - { CKA_X_PUBLIC_KEY_INFO, spki->pValue, spki->ulValueLen }, + { CKA_PUBLIC_KEY_INFO, spki->pValue, spki->ulValueLen }, }; CK_ATTRIBUTE template[] = { @@ -286,7 +286,7 @@ extract_info (p11_enumerate *ex) { CKA_TRUSTED, }, { CKA_CERTIFICATE_CATEGORY }, { CKA_X_DISTRUSTED }, - { CKA_X_PUBLIC_KEY_INFO }, + { CKA_PUBLIC_KEY_INFO }, { CKA_INVALID, }, }; @@ -312,7 +312,7 @@ extract_info (p11_enumerate *ex) if (!extract_certificate (ex)) return false; - attr = p11_attrs_find_valid (ex->attrs, CKA_X_PUBLIC_KEY_INFO); + attr = p11_attrs_find_valid (ex->attrs, CKA_PUBLIC_KEY_INFO); if (attr) { ex->stapled = load_stapled_extensions (ex, attr); if (!ex->stapled) @@ -393,14 +393,14 @@ static bool public_key_equal (const void *one, const void *two) { - return p11_attr_equal (p11_attrs_find_valid ((CK_ATTRIBUTE *)one, CKA_X_PUBLIC_KEY_INFO), - p11_attrs_find_valid ((CK_ATTRIBUTE *)two, CKA_X_PUBLIC_KEY_INFO)); + return p11_attr_equal (p11_attrs_find_valid ((CK_ATTRIBUTE *)one, CKA_PUBLIC_KEY_INFO), + p11_attrs_find_valid ((CK_ATTRIBUTE *)two, CKA_PUBLIC_KEY_INFO)); } static unsigned int public_key_hash (const void *data) { - return p11_attr_hash (p11_attrs_find_valid ((CK_ATTRIBUTE *)data, CKA_X_PUBLIC_KEY_INFO)); + return p11_attr_hash (p11_attrs_find_valid ((CK_ATTRIBUTE *)data, CKA_PUBLIC_KEY_INFO)); } static bool @@ -438,7 +438,7 @@ blacklist_load (p11_enumerate *ex) CK_ATTRIBUTE template[] = { { CKA_SERIAL_NUMBER, }, - { CKA_X_PUBLIC_KEY_INFO, }, + { CKA_PUBLIC_KEY_INFO, }, { CKA_ISSUER, }, }; @@ -470,7 +470,7 @@ blacklist_load (p11_enumerate *ex) } /* A blacklisted item with a public key */ - public_key = p11_attrs_find_valid (attrs, CKA_X_PUBLIC_KEY_INFO); + public_key = p11_attrs_find_valid (attrs, CKA_PUBLIC_KEY_INFO); if (public_key != NULL) { key = p11_attrs_build (NULL, public_key, NULL); if (!public_key || !p11_dict_set (ex->blacklist_public_key, key, "x")) diff --git a/trust/parser.c b/trust/parser.c index 6bf8c94..ff0f15f 100644 --- a/trust/parser.c +++ b/trust/parser.c @@ -503,7 +503,7 @@ parse_openssl_trusted_certificate (p11_parser *parser, CK_ATTRIBUTE *attrs; CK_BYTE idv[ID_LENGTH]; CK_ATTRIBUTE id = { CKA_ID, idv, sizeof (idv) }; - CK_ATTRIBUTE public_key_info = { CKA_X_PUBLIC_KEY_INFO }; + CK_ATTRIBUTE public_key_info = { CKA_PUBLIC_KEY_INFO }; CK_ATTRIBUTE *value; char *label = NULL; node_asn *cert; diff --git a/trust/persist.c b/trust/persist.c index eb3ed06..1b41568 100644 --- a/trust/persist.c +++ b/trust/persist.c @@ -43,6 +43,7 @@ #include "pem.h" #include "persist.h" #include "pkcs11.h" +#include "pkcs11i.h" #include "pkcs11x.h" #include "types.h" #include "url.h" diff --git a/trust/test-builder.c b/trust/test-builder.c index 29bac07..54db335 100644 --- a/trust/test-builder.c +++ b/trust/test-builder.c @@ -47,6 +47,7 @@ #include "index.h" #include "message.h" #include "oid.h" +#include "pkcs11i.h" #include "pkcs11x.h" struct { @@ -402,7 +403,7 @@ test_build_certificate_staple_ca (void) { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, { CKA_OBJECT_ID, (void *)P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS) }, { CKA_VALUE, "\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff", 17 }, - { CKA_X_PUBLIC_KEY_INFO, (void *)entrust_public_key, sizeof (entrust_public_key) }, + { CKA_PUBLIC_KEY_INFO, (void *)entrust_public_key, sizeof (entrust_public_key) }, { CKA_INVALID }, }; @@ -453,7 +454,7 @@ test_build_certificate_staple_ca_backwards (void) { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, { CKA_OBJECT_ID, (void *)P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS) }, { CKA_VALUE, "\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff", 17 }, - { CKA_X_PUBLIC_KEY_INFO, (void *)entrust_public_key, sizeof (entrust_public_key) }, + { CKA_PUBLIC_KEY_INFO, (void *)entrust_public_key, sizeof (entrust_public_key) }, { CKA_INVALID }, }; @@ -547,7 +548,7 @@ test_build_extension (void) { CK_ATTRIBUTE input[] = { { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, - { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, { CKA_VALUE, "\x30\x11\x06\x03\x55\x1d\x50\x04\x0a\x74\x68\x65\x20\x76\x61\x6c\x75\x65\x0a", 19 }, { CKA_INVALID }, }; @@ -559,7 +560,7 @@ test_build_extension (void) { CKA_PRIVATE, &falsev, sizeof (falsev) }, { CKA_OBJECT_ID, "\x06\x03\x55\x1d\x50", 5 }, { CKA_VALUE, "\x30\x11\x06\x03\x55\x1d\x50\x04\x0a\x74\x68\x65\x20\x76\x61\x6c\x75\x65\x0a", 19 }, - { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, { CKA_LABEL, "", 0 }, { CKA_INVALID }, }; @@ -1085,7 +1086,7 @@ test_create_not_settable (void) { CKA_CLASS, &certificate, sizeof (certificate) }, { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_X_PUBLIC_KEY_INFO, (void *)verisign_v1_ca_public_key, sizeof (verisign_v1_ca_public_key) }, + { CKA_PUBLIC_KEY_INFO, (void *)verisign_v1_ca_public_key, sizeof (verisign_v1_ca_public_key) }, { CKA_INVALID }, }; @@ -1119,7 +1120,7 @@ test_create_but_loadable (void) { CKA_CLASS, &certificate, sizeof (certificate) }, { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, - { CKA_X_PUBLIC_KEY_INFO, (void *)verisign_v1_ca_public_key, sizeof (verisign_v1_ca_public_key) }, + { CKA_PUBLIC_KEY_INFO, (void *)verisign_v1_ca_public_key, sizeof (verisign_v1_ca_public_key) }, { CKA_INVALID }, }; @@ -1587,7 +1588,7 @@ test_changed_trusted_certificate (void) CK_ATTRIBUTE eku_extension_server_and_client[] = { { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, - { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, { CKA_LABEL, "Custom Label", 12 }, { CKA_VALUE, eku_server_and_client, sizeof (eku_server_and_client) }, { CKA_ID, "cacert3", 7 }, @@ -1602,7 +1603,7 @@ test_changed_trusted_certificate (void) static CK_ATTRIBUTE reject_extension_email[] = { { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, { CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) }, - { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, { CKA_LABEL, "Custom Label", 12 }, { CKA_VALUE, eku_client_email, sizeof (eku_client_email) }, { CKA_ID, "cacert3", 7 }, @@ -1721,7 +1722,7 @@ test_changed_distrust_value (void) { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, { CKA_VALUE, "\x30\x18\x06\x03\x55\x1d\x25\x01\x01\xff\x04\x0e\x30\x0c\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x10", 26 }, - { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, { CKA_ID, "cacert3", 7 }, { CKA_INVALID }, }; @@ -1730,7 +1731,7 @@ test_changed_distrust_value (void) { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, { CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) }, { CKA_VALUE, "\x30\x1a\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x01\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x02", 28 }, - { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, { CKA_ID, "cacert3", 7 }, { CKA_INVALID }, }; @@ -2077,7 +2078,7 @@ test_changed_staple_ca (void) { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, { CKA_OBJECT_ID, (void *)P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS) }, { CKA_VALUE, "\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff", 14 }, - { CKA_X_PUBLIC_KEY_INFO, (void *)entrust_public_key, sizeof (entrust_public_key) }, + { CKA_PUBLIC_KEY_INFO, (void *)entrust_public_key, sizeof (entrust_public_key) }, { CKA_ID, "the id", 6 }, { CKA_INVALID }, }; @@ -2125,7 +2126,7 @@ test_changed_staple_ku (void) { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, { CKA_OBJECT_ID, (void *)P11_OID_KEY_USAGE, sizeof (P11_OID_KEY_USAGE) }, { CKA_VALUE, "\x30\x0c\x06\x03\x55\x1d\x0f\x04\x05\x03\x03\x07\xc0\x00", 14 }, - { CKA_X_PUBLIC_KEY_INFO, (void *)entrust_public_key, sizeof (entrust_public_key) }, + { CKA_PUBLIC_KEY_INFO, (void *)entrust_public_key, sizeof (entrust_public_key) }, { CKA_ID, "the id", 6 }, { CKA_INVALID }, }; diff --git a/trust/test-enumerate.c b/trust/test-enumerate.c index e11373f..930b645 100644 --- a/trust/test-enumerate.c +++ b/trust/test-enumerate.c @@ -191,7 +191,7 @@ static CK_ATTRIBUTE cacert3_trusted[] = { { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, - { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, { CKA_TRUSTED, &truev, sizeof (truev) }, { CKA_ID, "ID1", 3 }, { CKA_INVALID }, @@ -211,7 +211,7 @@ static CK_ATTRIBUTE cacert3_distrusted[] = { static CK_ATTRIBUTE cacert3_distrusted_by_key[] = { { CKA_CLASS, &public_key_class, sizeof (public_key_class) }, - { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, { CKA_X_DISTRUSTED, &truev, sizeof (truev) }, { CKA_INVALID }, }; @@ -226,7 +226,7 @@ static CK_ATTRIBUTE extension_eku_server_client[] = { { CKA_ID, "ID1", 3 }, { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, { CKA_VALUE, "\x30\x1d\x06\x03\x55\x1d\x25\x04\x16\x30\x14\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x01\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x02", 31 }, - { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, { CKA_INVALID }, }; @@ -234,7 +234,7 @@ static CK_ATTRIBUTE extension_eku_invalid[] = { { CKA_CLASS, &extension_class, sizeof (extension_class) }, { CKA_ID, "ID1", 3 }, { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, - { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, { CKA_VALUE, "\x30\x0e\x06\x03\x55\x1d\x25\x04\x07\x69\x6e\x76\x61\x6c\x69\x64", 16 }, { CKA_INVALID }, }; diff --git a/trust/test-openssl.c b/trust/test-openssl.c index 9f7c4d6..3cba1ed 100644 --- a/trust/test-openssl.c +++ b/trust/test-openssl.c @@ -108,7 +108,7 @@ static CK_ATTRIBUTE cacert3_authority_attrs[] = { { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, { CKA_LABEL, "Custom Label", 12 }, { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, { CKA_TRUSTED, &vtrue, sizeof (vtrue) }, { CKA_INVALID }, }; @@ -119,7 +119,7 @@ static CK_ATTRIBUTE verisign_v1_attrs[] = { { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, { CKA_LABEL, "Custom Label", 12 }, { CKA_SUBJECT, (void *)verisign_v1_ca_subject, sizeof (verisign_v1_ca_subject) }, - { CKA_X_PUBLIC_KEY_INFO, (void *)verisign_v1_ca_public_key, sizeof (verisign_v1_ca_public_key) }, + { CKA_PUBLIC_KEY_INFO, (void *)verisign_v1_ca_public_key, sizeof (verisign_v1_ca_public_key) }, { CKA_TRUSTED, &vtrue, sizeof (vtrue) }, { CKA_INVALID }, }; @@ -127,7 +127,7 @@ static CK_ATTRIBUTE verisign_v1_attrs[] = { static CK_ATTRIBUTE extension_eku_server[] = { { CKA_CLASS, &extension_class, sizeof (extension_class) }, { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, - { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, { CKA_VALUE, "\x30\x13\x06\x03\x55\x1d\x25\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x01", 21 }, { CKA_INVALID }, }; @@ -136,7 +136,7 @@ static CK_ATTRIBUTE extension_reject_email[] = { { CKA_CLASS, &extension_class, sizeof (extension_class) }, { CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) }, { CKA_VALUE, "\x30\x1a\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x01\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x04", 28 }, - { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, { CKA_INVALID }, }; @@ -231,7 +231,7 @@ test_keyid (void) { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, - { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, { CKA_TRUSTED, &vtrue, sizeof (vtrue) }, { CKA_INVALID }, }; @@ -239,7 +239,7 @@ test_keyid (void) static CK_ATTRIBUTE extension_subject_key_identifier[] = { { CKA_CLASS, &extension_class, sizeof (extension_class) }, { CKA_OBJECT_ID, (void *)P11_OID_SUBJECT_KEY_IDENTIFIER, sizeof (P11_OID_SUBJECT_KEY_IDENTIFIER) }, - { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, { CKA_VALUE, "\x30\x0e\x06\x03\x55\x1d\x0e\x04\x07\x00\x01\x02\x03\x04\x05\x06", 16 }, { CKA_INVALID }, }; diff --git a/trust/test-parser.c b/trust/test-parser.c index bdb67df..be5e496 100644 --- a/trust/test-parser.c +++ b/trust/test-parser.c @@ -200,7 +200,7 @@ test_parse_openssl_trusted (void) CK_ATTRIBUTE eku_extension[] = { { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, - { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, { CKA_VALUE, "\x30\x16\x06\x03\x55\x1d\x25\x01\x01\xff\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x01", 24 }, { CKA_INVALID }, }; @@ -208,7 +208,7 @@ test_parse_openssl_trusted (void) CK_ATTRIBUTE reject_extension[] = { { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, { CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) }, - { CKA_X_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, { CKA_VALUE, "\x30\x1a\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x01\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x04", 28 }, { CKA_INVALID }, }; @@ -280,7 +280,7 @@ test_parse_openssl_distrusted (void) CK_ATTRIBUTE eku_extension[] = { { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, - { CKA_X_PUBLIC_KEY_INFO, (void *)distrust_public_key, sizeof (distrust_public_key) }, + { CKA_PUBLIC_KEY_INFO, (void *)distrust_public_key, sizeof (distrust_public_key) }, { CKA_VALUE, "\x30\x18\x06\x03\x55\x1d\x25\x01\x01\xff\x04\x0e\x30\x0c\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x10", 26 }, { CKA_INVALID }, }; @@ -288,7 +288,7 @@ test_parse_openssl_distrusted (void) CK_ATTRIBUTE reject_extension[] = { { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, { CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) }, - { CKA_X_PUBLIC_KEY_INFO, (void *)distrust_public_key, sizeof (distrust_public_key) }, + { CKA_PUBLIC_KEY_INFO, (void *)distrust_public_key, sizeof (distrust_public_key) }, { CKA_VALUE, "\x30\x1a\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x01\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x02", 28 }, { CKA_INVALID }, }; diff --git a/trust/test-persist.c b/trust/test-persist.c index 107f131..68d2033 100644 --- a/trust/test-persist.c +++ b/trust/test-persist.c @@ -48,6 +48,7 @@ #include "message.h" #include "persist.h" #include "pkcs11.h" +#include "pkcs11i.h" #include "pkcs11x.h" static void -- 1.9.3