1 /*
2 * Copyright (C) 2013, Redhat Inc.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * * Redistributions of source code must retain the above
9 * copyright notice, this list of conditions and the
10 * following disclaimer.
11 * * Redistributions in binary form must reproduce the
12 * above copyright notice, this list of conditions and
13 * the following disclaimer in the documentation and/or
14 * other materials provided with the distribution.
15 * * The names of contributors to this software may not be
16 * used to endorse or promote products derived from this
17 * software without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
22 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
24 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
25 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
26 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
27 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
28 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
29 * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
30 * DAMAGE.
31 *
32 * Author: Stef Walter <stefw@redhat.com>
33 */
34
35 #include "config.h"
36
37 #include "attrs.h"
38 #include "constants.h"
39 #include "debug.h"
40 #include "pkcs11.h"
41 #include "pkcs11i.h"
42 #include "pkcs11x.h"
43
44 #include <stdlib.h>
45
46 #define ELEMS(x) (sizeof (x) / sizeof (x[0]))
47
48 /*
49 * These are in numeric order of their type for easy lookup
50 * After changing something make sure to run the test-attrs
51 * test to verify everything is in order.
52 */
53
54 #define CT(x, n) { x, #x, { n } },
55 #define CT2(x, n, n2) { x, #x, { n, n2 } },
56
57 const p11_constant p11_constant_types[] = {
58 CT (CKA_CLASS, "class")
59 CT (CKA_TOKEN, "token")
60 CT (CKA_PRIVATE, "private")
61 CT (CKA_LABEL, "label")
62 CT (CKA_APPLICATION, "application")
63 CT (CKA_VALUE, "value")
64 CT (CKA_OBJECT_ID, "object-id")
65 CT (CKA_CERTIFICATE_TYPE, "certificate-type")
66 CT (CKA_ISSUER, "issuer")
67 CT (CKA_SERIAL_NUMBER, "serial-number")
68 CT (CKA_AC_ISSUER, "ac-issuer")
69 CT (CKA_OWNER, "owner")
70 CT (CKA_ATTR_TYPES, "attr-types")
71 CT (CKA_TRUSTED, "trusted")
72 CT (CKA_CERTIFICATE_CATEGORY, "certificate-category")
73 CT (CKA_JAVA_MIDP_SECURITY_DOMAIN, "java-midp-security-domain")
74 CT (CKA_URL, "url")
75 CT (CKA_HASH_OF_SUBJECT_PUBLIC_KEY, "hash-of-subject-public-key")
76 CT (CKA_HASH_OF_ISSUER_PUBLIC_KEY, "hash-of-issuer-public-key")
77 CT (CKA_CHECK_VALUE, "check-value")
78 CT (CKA_KEY_TYPE, "key-type")
79 CT (CKA_SUBJECT, "subject")
80 CT (CKA_ID, "id")
81 CT (CKA_SENSITIVE, "sensitive")
82 CT (CKA_ENCRYPT, "encrypt")
83 CT (CKA_DECRYPT, "decrypt")
84 CT (CKA_WRAP, "wrap")
85 CT (CKA_UNWRAP, "unwrap")
86 CT (CKA_SIGN, "sign")
87 CT (CKA_SIGN_RECOVER, "sign-recover")
88 CT (CKA_VERIFY, "verify")
89 CT (CKA_VERIFY_RECOVER, "recover")
90 CT (CKA_DERIVE, "derive")
91 CT (CKA_START_DATE, "start-date")
92 CT (CKA_END_DATE, "end-date")
93 CT (CKA_MODULUS, "modulus")
94 CT (CKA_MODULUS_BITS, "modulus-bits")
95 CT (CKA_PUBLIC_EXPONENT, "public-exponent")
96 CT (CKA_PRIVATE_EXPONENT, "private-exponent")
97 CT (CKA_PRIME_1, "prime-1")
98 CT (CKA_PRIME_2, "prime-2")
99 CT (CKA_EXPONENT_1, "exponent-1")
100 CT (CKA_EXPONENT_2, "exponent-2")
101 CT (CKA_COEFFICIENT, "coefficient")
102 CT2 (CKA_PUBLIC_KEY_INFO, "public-key-info", "x-public-key-info")
103 CT (CKA_PRIME, "prime")
104 CT (CKA_SUBPRIME, "subprime")
105 CT (CKA_BASE, "base")
106 CT (CKA_PRIME_BITS, "prime-bits")
107 /* CT (CKA_SUBPRIME_BITS) */
108 CT (CKA_SUB_PRIME_BITS, "subprime-bits")
109 CT (CKA_VALUE_BITS, "value-bits")
110 CT (CKA_VALUE_LEN, "value-len")
111 CT (CKA_EXTRACTABLE, "extractable")
112 CT (CKA_LOCAL, "local")
113 CT (CKA_NEVER_EXTRACTABLE, "never-extractable")
114 CT (CKA_ALWAYS_SENSITIVE, "always-sensitive")
115 CT (CKA_KEY_GEN_MECHANISM, "key-gen-mechanism")
116 CT (CKA_MODIFIABLE, "modifiable")
117 CT (CKA_ECDSA_PARAMS, "ecdsa-params")
118 /* CT (CKA_EC_PARAMS) */
119 CT (CKA_EC_POINT, "ec-point")
120 CT (CKA_SECONDARY_AUTH, "secondary-auth")
121 CT (CKA_AUTH_PIN_FLAGS, "auth-pin-flags")
122 CT (CKA_ALWAYS_AUTHENTICATE, "always-authenticate")
123 CT (CKA_WRAP_WITH_TRUSTED, "wrap-with-trusted")
124 CT (CKA_HW_FEATURE_TYPE, "hw-feature-type")
125 CT (CKA_RESET_ON_INIT, "reset-on-init")
126 CT (CKA_HAS_RESET, "has-reset")
127 CT (CKA_PIXEL_X, "pixel-x")
128 CT (CKA_PIXEL_Y, "pixel-y")
129 CT (CKA_RESOLUTION, "resolution")
130 CT (CKA_CHAR_ROWS, "char-rows")
131 CT (CKA_CHAR_COLUMNS, "char-columns")
132 CT (CKA_COLOR, "color")
133 CT (CKA_BITS_PER_PIXEL, "bits-per-pixel")
134 CT (CKA_CHAR_SETS, "char-sets")
135 CT (CKA_ENCODING_METHODS, "encoding-methods")
136 CT (CKA_MIME_TYPES, "mime-types")
137 CT (CKA_MECHANISM_TYPE, "mechanism-type")
138 CT (CKA_REQUIRED_CMS_ATTRIBUTES, "required-cms-attributes")
139 CT (CKA_DEFAULT_CMS_ATTRIBUTES, "default-cms-attributes")
140 CT (CKA_SUPPORTED_CMS_ATTRIBUTES, "supported-cms-attributes")
141 CT (CKA_WRAP_TEMPLATE, "wrap-template")
142 CT (CKA_UNWRAP_TEMPLATE, "unwrap-template")
143 CT (CKA_ALLOWED_MECHANISMS, "allowed-mechanisms")
144 CT (CKA_NSS_URL, "nss-url")
145 CT (CKA_NSS_EMAIL, "nss-email")
146 CT (CKA_NSS_SMIME_INFO, "nss-smime-constant")
147 CT (CKA_NSS_SMIME_TIMESTAMP, "nss-smime-timestamp")
148 CT (CKA_NSS_PKCS8_SALT, "nss-pkcs8-salt")
149 CT (CKA_NSS_PASSWORD_CHECK, "nss-password-check")
150 CT (CKA_NSS_EXPIRES, "nss-expires")
151 CT (CKA_NSS_KRL, "nss-krl")
152 CT (CKA_NSS_PQG_COUNTER, "nss-pqg-counter")
153 CT (CKA_NSS_PQG_SEED, "nss-pqg-seed")
154 CT (CKA_NSS_PQG_H, "nss-pqg-h")
155 CT (CKA_NSS_PQG_SEED_BITS, "nss-pqg-seed-bits")
156 CT (CKA_NSS_MODULE_SPEC, "nss-module-spec")
157 CT (CKA_NSS_MOZILLA_CA_POLICY, "nss-mozilla-ca-policy")
158 CT (CKA_NSS_SERVER_DISTRUST_AFTER, "nss-server-distrust-after")
159 CT (CKA_NSS_EMAIL_DISTRUST_AFTER, "nss-email-distrust-after")
160 CT (CKA_TRUST_DIGITAL_SIGNATURE, "trust-digital-signature")
161 CT (CKA_TRUST_NON_REPUDIATION, "trust-non-repudiation")
162 CT (CKA_TRUST_KEY_ENCIPHERMENT, "trust-key-encipherment")
163 CT (CKA_TRUST_DATA_ENCIPHERMENT, "trust-data-encipherment")
164 CT (CKA_TRUST_KEY_AGREEMENT, "trust-key-agreement")
165 CT (CKA_TRUST_KEY_CERT_SIGN, "trust-key-cert-sign")
166 CT (CKA_TRUST_CRL_SIGN, "trust-crl-sign")
167 CT (CKA_TRUST_SERVER_AUTH, "trust-server-auth")
168 CT (CKA_TRUST_CLIENT_AUTH, "trust-client-auth")
169 CT (CKA_TRUST_CODE_SIGNING, "trust-code-signing")
170 CT (CKA_TRUST_EMAIL_PROTECTION, "trust-email-protection")
171 CT (CKA_TRUST_IPSEC_END_SYSTEM, "trust-ipsec-end-system")
172 CT (CKA_TRUST_IPSEC_TUNNEL, "trust-ipsec-tunnel")
173 CT (CKA_TRUST_IPSEC_USER, "trust-ipsec-user")
174 CT (CKA_TRUST_TIME_STAMPING, "trust-time-stamping")
175 CT (CKA_TRUST_STEP_UP_APPROVED, "trust-step-up-approved")
176 CT (CKA_CERT_SHA1_HASH, "cert-sha1-hash")
177 CT (CKA_CERT_MD5_HASH, "cert-md5-hash")
178 CT (CKA_X_ASSERTION_TYPE, "x-assertion-type")
179 CT (CKA_X_CERTIFICATE_VALUE, "x-certificate-value")
180 CT (CKA_X_PURPOSE, "x-purpose")
181 CT (CKA_X_PEER, "x-peer")
182 CT (CKA_X_DISTRUSTED, "x-distrusted")
183 CT (CKA_X_CRITICAL, "x-critical")
184 { CKA_INVALID },
185 };
186
187 const p11_constant p11_constant_classes[] = {
188 CT (CKO_DATA, "data")
189 CT (CKO_CERTIFICATE, "certificate")
190 CT (CKO_PUBLIC_KEY, "public-key")
191 CT (CKO_PRIVATE_KEY, "private-key")
192 CT (CKO_SECRET_KEY, "secret-key")
193 CT (CKO_HW_FEATURE, "hw-feature")
194 CT (CKO_DOMAIN_PARAMETERS, "domain-parameters")
195 CT (CKO_MECHANISM, "mechanism")
196 CT (CKO_NSS_CRL, "nss-crl")
197 CT (CKO_NSS_SMIME, "nss-smime")
198 CT (CKO_NSS_TRUST, "nss-trust")
199 CT (CKO_NSS_BUILTIN_ROOT_LIST, "nss-builtin-root-list")
200 CT (CKO_NSS_NEWSLOT, "nss-newslot")
201 CT (CKO_NSS_DELSLOT, "nss-delslot")
202 CT (CKO_X_TRUST_ASSERTION, "x-trust-assertion")
203 CT (CKO_X_CERTIFICATE_EXTENSION, "x-certificate-extension")
204 { CKA_INVALID },
205 };
206
207 const p11_constant p11_constant_trusts[] = {
208 CT (CKT_NSS_TRUSTED, "nss-trusted")
209 CT (CKT_NSS_TRUSTED_DELEGATOR, "nss-trusted-delegator")
210 CT (CKT_NSS_MUST_VERIFY_TRUST, "nss-must-verify-trust")
211 CT (CKT_NSS_TRUST_UNKNOWN, "nss-trust-unknown")
212 CT (CKT_NSS_NOT_TRUSTED, "nss-not-trusted")
213 CT (CKT_NSS_VALID_DELEGATOR, "nss-valid-delegator")
214 { CKA_INVALID },
215 };
216
217 const p11_constant p11_constant_certs[] = {
218 CT (CKC_X_509, "x-509")
219 CT (CKC_X_509_ATTR_CERT, "x-509-attr-cert")
220 CT (CKC_WTLS, "wtls")
221 { CKA_INVALID },
222 };
223
224 const p11_constant p11_constant_keys[] = {
225 CT (CKK_RSA, "rsa")
226 CT (CKK_DSA, "dsa")
227 CT (CKK_DH, "dh")
228 /* CT (CKK_ECDSA) */
229 CT (CKK_EC, "ec")
230 CT (CKK_X9_42_DH, "x9-42-dh")
231 CT (CKK_KEA, "kea")
232 CT (CKK_GENERIC_SECRET, "generic-secret")
233 CT (CKK_RC2, "rc2")
234 CT (CKK_RC4, "rc4")
235 CT (CKK_DES, "des")
236 CT (CKK_DES2, "des2")
237 CT (CKK_DES3, "des3")
238 CT (CKK_CAST, "cast")
239 CT (CKK_CAST3, "cast3")
240 CT (CKK_CAST128, "cast128")
241 CT (CKK_RC5, "rc5")
242 CT (CKK_IDEA, "idea")
243 CT (CKK_SKIPJACK, "skipjack")
244 CT (CKK_BATON, "baton")
245 CT (CKK_JUNIPER, "juniper")
246 CT (CKK_CDMF, "cdmf")
247 CT (CKK_AES, "aes")
248 CT (CKK_BLOWFISH, "blowfish")
249 CT (CKK_TWOFISH, "twofish")
250 CT (CKK_NSS_PKCS8, "nss-pkcs8")
251 { CKA_INVALID },
252 };
253
254 const p11_constant p11_constant_asserts[] = {
255 CT (CKT_X_DISTRUSTED_CERTIFICATE, "x-distrusted-certificate")
256 CT (CKT_X_PINNED_CERTIFICATE, "x-pinned-certificate")
257 CT (CKT_X_ANCHORED_CERTIFICATE, "x-anchored-certificate")
258 { CKA_INVALID },
259 };
260
261 const p11_constant p11_constant_categories[] = {
262 { 0, "unspecified", { "unspecified" } },
263 { 1, "token-user", { "token-user" } },
264 { 2, "authority", { "authority" } },
265 { 3, "other-entry", { "other-entry" } },
266 { CKA_INVALID },
267 };
268
269 const p11_constant p11_constant_users[] = {
270 CT (CKU_SO, NULL)
271 CT (CKU_USER, NULL)
272 CT (CKU_CONTEXT_SPECIFIC, NULL)
273 { CKA_INVALID },
274 };
275
276 const p11_constant p11_constant_states[] = {
277 CT (CKS_RO_PUBLIC_SESSION, NULL)
278 CT (CKS_RO_USER_FUNCTIONS, NULL)
279 CT (CKS_RW_PUBLIC_SESSION, NULL)
280 CT (CKS_RW_USER_FUNCTIONS, NULL)
281 CT (CKS_RW_SO_FUNCTIONS, NULL)
282 { CKA_INVALID },
283 };
284
285 const p11_constant p11_constant_returns[] = {
286 CT (CKR_OK, NULL)
287 CT (CKR_CANCEL, NULL)
288 CT (CKR_HOST_MEMORY, NULL)
289 CT (CKR_SLOT_ID_INVALID, NULL)
290 CT (CKR_GENERAL_ERROR, NULL)
291 CT (CKR_FUNCTION_FAILED, NULL)
292 CT (CKR_ARGUMENTS_BAD, NULL)
293 CT (CKR_NO_EVENT, NULL)
294 CT (CKR_NEED_TO_CREATE_THREADS, NULL)
295 CT (CKR_CANT_LOCK, NULL)
296 CT (CKR_ATTRIBUTE_READ_ONLY, NULL)
297 CT (CKR_ATTRIBUTE_SENSITIVE, NULL)
298 CT (CKR_ATTRIBUTE_TYPE_INVALID, NULL)
299 CT (CKR_ATTRIBUTE_VALUE_INVALID, NULL)
300 CT (CKR_DATA_INVALID, NULL)
301 CT (CKR_DATA_LEN_RANGE, NULL)
302 CT (CKR_DEVICE_ERROR, NULL)
303 CT (CKR_DEVICE_MEMORY, NULL)
304 CT (CKR_DEVICE_REMOVED, NULL)
305 CT (CKR_ENCRYPTED_DATA_INVALID, NULL)
306 CT (CKR_ENCRYPTED_DATA_LEN_RANGE, NULL)
307 CT (CKR_FUNCTION_CANCELED, NULL)
308 CT (CKR_FUNCTION_NOT_PARALLEL, NULL)
309 CT (CKR_FUNCTION_NOT_SUPPORTED, NULL)
310 CT (CKR_KEY_HANDLE_INVALID, NULL)
311 CT (CKR_KEY_SIZE_RANGE, NULL)
312 CT (CKR_KEY_TYPE_INCONSISTENT, NULL)
313 CT (CKR_KEY_NOT_NEEDED, NULL)
314 CT (CKR_KEY_CHANGED, NULL)
315 CT (CKR_KEY_NEEDED, NULL)
316 CT (CKR_KEY_INDIGESTIBLE, NULL)
317 CT (CKR_KEY_FUNCTION_NOT_PERMITTED, NULL)
318 CT (CKR_KEY_NOT_WRAPPABLE, NULL)
319 CT (CKR_KEY_UNEXTRACTABLE, NULL)
320 CT (CKR_MECHANISM_INVALID, NULL)
321 CT (CKR_MECHANISM_PARAM_INVALID, NULL)
322 CT (CKR_OBJECT_HANDLE_INVALID, NULL)
323 CT (CKR_OPERATION_ACTIVE, NULL)
324 CT (CKR_OPERATION_NOT_INITIALIZED, NULL)
325 CT (CKR_PIN_INCORRECT, NULL)
326 CT (CKR_PIN_INVALID, NULL)
327 CT (CKR_PIN_LEN_RANGE, NULL)
328 CT (CKR_PIN_EXPIRED, NULL)
329 CT (CKR_PIN_LOCKED, NULL)
330 CT (CKR_SESSION_CLOSED, NULL)
331 CT (CKR_SESSION_COUNT, NULL)
332 CT (CKR_SESSION_HANDLE_INVALID, NULL)
333 CT (CKR_SESSION_PARALLEL_NOT_SUPPORTED, NULL)
334 CT (CKR_SESSION_READ_ONLY, NULL)
335 CT (CKR_SESSION_EXISTS, NULL)
336 CT (CKR_SESSION_READ_ONLY_EXISTS, NULL)
337 CT (CKR_SESSION_READ_WRITE_SO_EXISTS, NULL)
338 CT (CKR_SIGNATURE_INVALID, NULL)
339 CT (CKR_SIGNATURE_LEN_RANGE, NULL)
340 CT (CKR_TEMPLATE_INCOMPLETE, NULL)
341 CT (CKR_TEMPLATE_INCONSISTENT, NULL)
342 CT (CKR_TOKEN_NOT_PRESENT, NULL)
343 CT (CKR_TOKEN_NOT_RECOGNIZED, NULL)
344 CT (CKR_TOKEN_WRITE_PROTECTED, NULL)
345 CT (CKR_UNWRAPPING_KEY_HANDLE_INVALID, NULL)
346 CT (CKR_UNWRAPPING_KEY_SIZE_RANGE, NULL)
347 CT (CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, NULL)
348 CT (CKR_USER_ALREADY_LOGGED_IN, NULL)
349 CT (CKR_USER_NOT_LOGGED_IN, NULL)
350 CT (CKR_USER_PIN_NOT_INITIALIZED, NULL)
351 CT (CKR_USER_TYPE_INVALID, NULL)
352 CT (CKR_USER_ANOTHER_ALREADY_LOGGED_IN, NULL)
353 CT (CKR_USER_TOO_MANY_TYPES, NULL)
354 CT (CKR_WRAPPED_KEY_INVALID, NULL)
355 CT (CKR_WRAPPED_KEY_LEN_RANGE, NULL)
356 CT (CKR_WRAPPING_KEY_HANDLE_INVALID, NULL)
357 CT (CKR_WRAPPING_KEY_SIZE_RANGE, NULL)
358 CT (CKR_WRAPPING_KEY_TYPE_INCONSISTENT, NULL)
359 CT (CKR_RANDOM_SEED_NOT_SUPPORTED, NULL)
360 CT (CKR_RANDOM_NO_RNG, NULL)
361 CT (CKR_DOMAIN_PARAMS_INVALID, NULL)
362 CT (CKR_BUFFER_TOO_SMALL, NULL)
363 CT (CKR_SAVED_STATE_INVALID, NULL)
364 CT (CKR_INFORMATION_SENSITIVE, NULL)
365 CT (CKR_STATE_UNSAVEABLE, NULL)
366 CT (CKR_CRYPTOKI_NOT_INITIALIZED, NULL)
367 CT (CKR_CRYPTOKI_ALREADY_INITIALIZED, NULL)
368 CT (CKR_MUTEX_BAD, NULL)
369 CT (CKR_MUTEX_NOT_LOCKED, NULL)
370 CT (CKR_FUNCTION_REJECTED, NULL)
371 { CKA_INVALID },
372 };
373
374 const p11_constant p11_constant_mechanisms[] = {
375 CT (CKM_RSA_PKCS_KEY_PAIR_GEN, "rsa-pkcs-key-pair-gen")
376 CT (CKM_RSA_PKCS, "rsa-pkcs")
377 CT (CKM_RSA_9796, "rsa-9796")
378 CT (CKM_RSA_X_509, "rsa-x-509")
379 CT (CKM_MD2_RSA_PKCS, "md2-rsa-pkcs")
380 CT (CKM_MD5_RSA_PKCS, "md5-rsa-pkcs")
381 CT (CKM_SHA1_RSA_PKCS, "sha1-rsa-pkcs")
382 CT (CKM_RIPEMD128_RSA_PKCS, "ripemd128-rsa-pkcs")
383 CT (CKM_RIPEMD160_RSA_PKCS, "ripemd160-rsa-pkcs")
384 CT (CKM_RSA_PKCS_OAEP, "rsa-pkcs-oaep")
385 CT (CKM_RSA_X9_31_KEY_PAIR_GEN, "rsa-x9-31-key-pair-gen")
386 CT (CKM_RSA_X9_31, "rsa-x9-31")
387 CT (CKM_SHA1_RSA_X9_31, "sha1-rsa-x9-31")
388 CT (CKM_RSA_PKCS_PSS, "rsa-pkcs-pss")
389 CT (CKM_SHA1_RSA_PKCS_PSS, "sha1-rsa-pkcs-pss")
390 CT (CKM_DSA_KEY_PAIR_GEN, "dsa-key-pair-gen")
391 CT (CKM_DSA, NULL) /* "dsa" */
392 CT (CKM_DSA_SHA1, "dsa-sha1")
393 CT (CKM_DH_PKCS_KEY_PAIR_GEN, "dh-pkcs-key-pair-gen")
394 CT (CKM_DH_PKCS_DERIVE, "dh-pkcs-derive")
395 CT (CKM_X9_42_DH_KEY_PAIR_GEN, "x9-42-dh-key-pair-gen")
396 CT (CKM_X9_42_DH_DERIVE, "x9-42-dh-derive")
397 CT (CKM_X9_42_DH_HYBRID_DERIVE, "x9-42-dh-hybrid-derive")
398 CT (CKM_X9_42_MQV_DERIVE, "x9-42-mqv-derive")
399 CT (CKM_SHA256_RSA_PKCS, "sha256-rsa-pkcs")
400 CT (CKM_SHA384_RSA_PKCS, "sha384-rsa-pkcs")
401 CT (CKM_SHA512_RSA_PKCS, "sha512-rsa-pkcs")
402 CT (CKM_SHA256_RSA_PKCS_PSS, "sha256-rsa-pkcs-pss")
403 CT (CKM_SHA384_RSA_PKCS_PSS, "sha384-rsa-pkcs-pss")
404 CT (CKM_SHA512_RSA_PKCS_PSS, "sha512-rsa-pkcs-pss")
405 CT (CKM_RC2_KEY_GEN, "rc2-key-gen")
406 CT (CKM_RC2_ECB, "rc2-ecb")
407 CT (CKM_RC2_CBC, "rc2-cbc")
408 CT (CKM_RC2_MAC, "rc2-mac")
409 CT (CKM_RC2_MAC_GENERAL, "rc2-mac-general")
410 CT (CKM_RC2_CBC_PAD, "rc2-cbc-pad")
411 CT (CKM_RC4_KEY_GEN, "rc4-key-gen")
412 CT (CKM_RC4, NULL) /* "rc4" */
413 CT (CKM_DES_KEY_GEN, "des-key-gen")
414 CT (CKM_DES_ECB, "des-ecb")
415 CT (CKM_DES_CBC, "des-cbc")
416 CT (CKM_DES_MAC, "des-mac")
417 CT (CKM_DES_MAC_GENERAL, "des-mac-general")
418 CT (CKM_DES_CBC_PAD, "des-cbc-pad")
419 CT (CKM_DES2_KEY_GEN, "des2-key-gen")
420 CT (CKM_DES3_KEY_GEN, "des3-key-gen")
421 CT (CKM_DES3_ECB, "des3-ecb")
422 CT (CKM_DES3_CBC, "des3-cbc")
423 CT (CKM_DES3_MAC, "des3-mac")
424 CT (CKM_DES3_MAC_GENERAL, "des3-mac-general")
425 CT (CKM_DES3_CBC_PAD, "des3-cbc-pad")
426 CT (CKM_CDMF_KEY_GEN, "cdmf-key-gen")
427 CT (CKM_CDMF_ECB, "cdmf-ecb")
428 CT (CKM_CDMF_CBC, "cdmf-cbc")
429 CT (CKM_CDMF_MAC, "cdmf-mac")
430 CT (CKM_CDMF_MAC_GENERAL, "cdmf-mac-general")
431 CT (CKM_CDMF_CBC_PAD, "cdmf-cbc-pad")
432 CT (CKM_DES_OFB64, "des-ofb64")
433 CT (CKM_DES_OFB8, "des-ofb8")
434 CT (CKM_DES_CFB64, "des-cfb64")
435 CT (CKM_DES_CFB8, "des-cfb8")
436 CT (CKM_MD2, "md2")
437 CT (CKM_MD2_HMAC, "md2-hmac")
438 CT (CKM_MD2_HMAC_GENERAL, "md2-hmac-general")
439 CT (CKM_MD5, "md5")
440 CT (CKM_MD5_HMAC, "md5-hmac")
441 CT (CKM_MD5_HMAC_GENERAL, "md5-hmac-general")
442 CT (CKM_SHA_1, "sha-1")
443 CT (CKM_SHA_1_HMAC, "sha-1-hmac")
444 CT (CKM_SHA_1_HMAC_GENERAL, "sha-1-hmac-general")
445 CT (CKM_RIPEMD128, "ripemd128")
446 CT (CKM_RIPEMD128_HMAC, "ripemd128-hmac")
447 CT (CKM_RIPEMD128_HMAC_GENERAL, "ripemd128-hmac-general")
448 CT (CKM_RIPEMD160, "ripemd160")
449 CT (CKM_RIPEMD160_HMAC, "ripemd160-hmac")
450 CT (CKM_RIPEMD160_HMAC_GENERAL, "ripemd160-hmac-general")
451 CT (CKM_SHA256, "sha256")
452 CT (CKM_SHA256_HMAC, "sha256-hmac")
453 CT (CKM_SHA256_HMAC_GENERAL, "sha256-hmac-general")
454 CT (CKM_SHA384, "sha384")
455 CT (CKM_SHA384_HMAC, "sha384-hmac")
456 CT (CKM_SHA384_HMAC_GENERAL, "sha384-hmac-general")
457 CT (CKM_SHA512, "sha512")
458 CT (CKM_SHA512_HMAC, "sha512-hmac")
459 CT (CKM_SHA512_HMAC_GENERAL, "sha512-hmac-general")
460 CT (CKM_CAST_KEY_GEN, "cast-key-gen")
461 CT (CKM_CAST_ECB, "cast-ecb")
462 CT (CKM_CAST_CBC, "cast-cbc")
463 CT (CKM_CAST_MAC, "cast-mac")
464 CT (CKM_CAST_MAC_GENERAL, "cast-mac-general")
465 CT (CKM_CAST_CBC_PAD, "cast-cbc-pad")
466 CT (CKM_CAST3_KEY_GEN, "cast3-key-gen")
467 CT (CKM_CAST3_ECB, "cast3-ecb")
468 CT (CKM_CAST3_CBC, "cast3-cbc")
469 CT (CKM_CAST3_MAC, "cast3-mac")
470 CT (CKM_CAST3_MAC_GENERAL, "cast3-mac-general")
471 CT (CKM_CAST3_CBC_PAD, "cast3-cbc-pad")
472 CT (CKM_CAST5_KEY_GEN, "cast5-key-gen")
473 /* CT (CKM_CAST128_KEY_GEN) */
474 CT (CKM_CAST5_ECB, "cast5-ecb")
475 /* CT (CKM_CAST128_ECB) */
476 CT (CKM_CAST5_CBC, "cast5-cbc")
477 /* CT (CKM_CAST128_CBC) */
478 CT (CKM_CAST5_MAC, "cast5-mac")
479 /* CT (CKM_CAST128_MAC) */
480 CT (CKM_CAST5_MAC_GENERAL, "cast5-mac-general")
481 /* CT (CKM_CAST128_MAC_GENERAL) */
482 CT (CKM_CAST5_CBC_PAD, "cast5-cbc-pad")
483 /* CT (CKM_CAST128_CBC_PAD) */
484 CT (CKM_RC5_KEY_GEN, "rc5-key-gen")
485 CT (CKM_RC5_ECB, "rc5-ecb")
486 CT (CKM_RC5_CBC, "rc5-cbc")
487 CT (CKM_RC5_MAC, "rc5-mac")
488 CT (CKM_RC5_MAC_GENERAL, "rc5-mac-general")
489 CT (CKM_RC5_CBC_PAD, "rc5-cbc-pad")
490 CT (CKM_IDEA_KEY_GEN, "idea-key-gen")
491 CT (CKM_IDEA_ECB, "idea-ecb")
492 CT (CKM_IDEA_CBC, "idea-cbc")
493 CT (CKM_IDEA_MAC, "idea-mac")
494 CT (CKM_IDEA_MAC_GENERAL, "idea-mac-general")
495 CT (CKM_IDEA_CBC_PAD, "idea-cbc-pad")
496 CT (CKM_GENERIC_SECRET_KEY_GEN, "generic-secret-key-gen")
497 CT (CKM_CONCATENATE_BASE_AND_KEY, "concatenate-base-and-key")
498 CT (CKM_CONCATENATE_BASE_AND_DATA, "concatenate-base-and-data")
499 CT (CKM_CONCATENATE_DATA_AND_BASE, "concatenate-data-and-base")
500 CT (CKM_XOR_BASE_AND_DATA, "xor-base-and-data")
501 CT (CKM_EXTRACT_KEY_FROM_KEY, "extract-key-from-key")
502 CT (CKM_SSL3_PRE_MASTER_KEY_GEN, "ssl3-pre-master-key-gen")
503 CT (CKM_SSL3_MASTER_KEY_DERIVE, "ssl3-master-key-derive")
504 CT (CKM_SSL3_KEY_AND_MAC_DERIVE, "ssl3-key-and-mac-derive")
505 CT (CKM_SSL3_MASTER_KEY_DERIVE_DH, "ssl3-master-key-derive-dh")
506 CT (CKM_TLS_PRE_MASTER_KEY_GEN, "tls-pre-master-key-gen")
507 CT (CKM_TLS_MASTER_KEY_DERIVE, "tls-master-key-derive")
508 CT (CKM_TLS_KEY_AND_MAC_DERIVE, "tls-key-and-mac-derive")
509 CT (CKM_TLS_MASTER_KEY_DERIVE_DH, "tls-master-key-derive-dh")
510 /* CT (CKM_TLS_PRF) */
511 CT (CKM_SSL3_MD5_MAC, "ssl3-md5-mac")
512 CT (CKM_SSL3_SHA1_MAC, "ssl3-sha1-mac")
513 CT (CKM_MD5_KEY_DERIVATION, "md5-key-derivation")
514 CT (CKM_MD2_KEY_DERIVATION, "md2-key-derivation")
515 CT (CKM_SHA1_KEY_DERIVATION, "sha1-key-derivation")
516 CT (CKM_SHA256_KEY_DERIVATION, "sha256-key-derivation")
517 CT (CKM_SHA384_KEY_DERIVATION, "sha384-key-derivation")
518 CT (CKM_SHA512_KEY_DERIVATION, "sha512-key-derivation")
519 CT (CKM_PBE_MD2_DES_CBC, "pbe-md2-des-cbc")
520 CT (CKM_PBE_MD5_DES_CBC, "pbe-md5-des-cbc")
521 CT (CKM_PBE_MD5_CAST_CBC, "pbe-md5-cast-cbc")
522 CT (CKM_PBE_MD5_CAST3_CBC, "pbe-md5-cast3-cbc")
523 CT (CKM_PBE_MD5_CAST5_CBC, "pbe-md5-cast5-cbc")
524 /* CT (CKM_PBE_MD5_CAST128_CBC) */
525 CT (CKM_PBE_SHA1_CAST5_CBC, "pbe-sha1-cast5-cbc")
526 /* CT (CKM_PBE_SHA1_CAST128_CBC) */
527 CT (CKM_PBE_SHA1_RC4_128, "pbe-sha1-rc4-128")
528 CT (CKM_PBE_SHA1_RC4_40, "pbe-sha1-rc4-40")
529 CT (CKM_PBE_SHA1_DES3_EDE_CBC, "pbe-sha1-des3-ede-cbc")
530 CT (CKM_PBE_SHA1_DES2_EDE_CBC, "pbe-sha1-des2-ede-cbc")
531 CT (CKM_PBE_SHA1_RC2_128_CBC, "pbe-sha1-rc2-128-cbc")
532 CT (CKM_PBE_SHA1_RC2_40_CBC, "pbe-sha1-rc2-40-cbc")
533 CT (CKM_PKCS5_PBKD2, "pkcs5-pbkd2")
534 CT (CKM_PBA_SHA1_WITH_SHA1_HMAC, "pba-sha1-with-sha1-hmac")
535 CT (CKM_WTLS_PRE_MASTER_KEY_GEN, "wtls-pre-master-key-gen")
536 CT (CKM_WTLS_MASTER_KEY_DERIVE, "wtls-master-key-derive")
537 CT (CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC, "wtls-master-key-derive-dh-ecc")
538 CT (CKM_WTLS_PRF, "wtls-prf")
539 CT (CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE, "wtls-server-key-and-mac-derive")
540 CT (CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE, "wtls-client-key-and-mac-derive")
541 CT (CKM_KEY_WRAP_LYNKS, "key-wrap-lynks")
542 CT (CKM_KEY_WRAP_SET_OAEP, "key-wrap-set-oaep")
543 CT (CKM_CMS_SIG, "cms-sig")
544 CT (CKM_SKIPJACK_KEY_GEN, "skipjack-key-gen")
545 CT (CKM_SKIPJACK_ECB64, "skipjack-ecb64")
546 CT (CKM_SKIPJACK_CBC64, "skipjack-cbc64")
547 CT (CKM_SKIPJACK_OFB64, "skipjack-ofb64")
548 CT (CKM_SKIPJACK_CFB64, "skipjack-cfb64")
549 CT (CKM_SKIPJACK_CFB32, "skipjack-cfb32")
550 CT (CKM_SKIPJACK_CFB16, "skipjack-cfb16")
551 CT (CKM_SKIPJACK_CFB8, "skipjack-cfb8")
552 CT (CKM_SKIPJACK_WRAP, "skipjack-wrap")
553 CT (CKM_SKIPJACK_PRIVATE_WRAP, "skipjack-private-wrap")
554 CT (CKM_SKIPJACK_RELAYX, "skipjack-relayx")
555 CT (CKM_KEA_KEY_PAIR_GEN, "kea-key-pair-gen")
556 CT (CKM_KEA_KEY_DERIVE, "kea-key-derive")
557 CT (CKM_FORTEZZA_TIMESTAMP, "fortezza-timestamp")
558 CT (CKM_BATON_KEY_GEN, "baton-key-gen")
559 CT (CKM_BATON_ECB128, "baton-ecb128")
560 CT (CKM_BATON_ECB96, "baton-ecb96")
561 CT (CKM_BATON_CBC128, "baton-cbc128")
562 CT (CKM_BATON_COUNTER, "baton-counter")
563 CT (CKM_BATON_SHUFFLE, "baton-shuffle")
564 CT (CKM_BATON_WRAP, "baton-wrap")
565 CT (CKM_ECDSA_KEY_PAIR_GEN, "ecdsa-key-pair-gen")
566 /* CT (CKM_EC_KEY_PAIR_GEN) */
567 CT (CKM_ECDSA, "ecdsa")
568 CT (CKM_ECDSA_SHA1, "ecdsa-sha1")
569 CT (CKM_ECDH1_DERIVE, "ecdh1-derive")
570 CT (CKM_ECDH1_COFACTOR_DERIVE, "ecdh1-cofactor-derive")
571 CT (CKM_ECMQV_DERIVE, "ecmqv-derive")
572 CT (CKM_JUNIPER_KEY_GEN, "juniper-key-gen")
573 CT (CKM_JUNIPER_ECB128, "juniper-ecb128")
574 CT (CKM_JUNIPER_CBC128, "juniper-cbc128")
575 CT (CKM_JUNIPER_COUNTER, "juniper-counter")
576 CT (CKM_JUNIPER_SHUFFLE, "juniper-shuffle")
577 CT (CKM_JUNIPER_WRAP, "juniper-wrap")
578 CT (CKM_FASTHASH, "fasthash")
579 CT (CKM_AES_KEY_GEN, "aes-key-gen")
580 CT (CKM_AES_ECB, "aes-ecb")
581 CT (CKM_AES_CBC, "aes-cbc")
582 CT (CKM_AES_MAC, "aes-mac")
583 CT (CKM_AES_MAC_GENERAL, "aes-mac-general")
584 CT (CKM_AES_CBC_PAD, "aes-cbc-pad")
585 CT (CKM_BLOWFISH_KEY_GEN, "blowfish-key-gen")
586 CT (CKM_BLOWFISH_CBC, "blowfish-cbc")
587 CT (CKM_TWOFISH_KEY_GEN, "twofish-key-gen")
588 CT (CKM_TWOFISH_CBC, "twofish-cbc")
589 CT (CKM_DES_ECB_ENCRYPT_DATA, "des-ecb-encrypt-data")
590 CT (CKM_DES_CBC_ENCRYPT_DATA, "des-cbc-encrypt-data")
591 CT (CKM_DES3_ECB_ENCRYPT_DATA, "des3-ecb-encrypt-data")
592 CT (CKM_DES3_CBC_ENCRYPT_DATA, "des3-cbc-encrypt-data")
593 CT (CKM_AES_ECB_ENCRYPT_DATA, "aes-ecb-encrypt-data")
594 CT (CKM_AES_CBC_ENCRYPT_DATA, "aes-cbc-encrypt-data")
595 CT (CKM_DSA_PARAMETER_GEN, "dsa-parameter-gen")
596 CT (CKM_DH_PKCS_PARAMETER_GEN, "dh-pkcs-parameter-gen")
597 CT (CKM_X9_42_DH_PARAMETER_GEN, "x9-42-dh-parameter-gen")
598 { CKA_INVALID },
599 };
600
601 #undef CT
602
603 struct {
604 const p11_constant *table;
605 int length;
606 } tables[] = {
607 { p11_constant_types, ELEMS (p11_constant_types) - 1 },
608 { p11_constant_classes, ELEMS (p11_constant_classes) - 1 },
609 { p11_constant_trusts, ELEMS (p11_constant_trusts) - 1 },
610 { p11_constant_certs, ELEMS (p11_constant_certs) - 1 },
611 { p11_constant_keys, ELEMS (p11_constant_keys) - 1 },
612 { p11_constant_asserts, ELEMS (p11_constant_asserts) - 1 },
613 { p11_constant_categories, ELEMS (p11_constant_categories) - 1 },
614 { p11_constant_mechanisms, ELEMS (p11_constant_mechanisms) - 1 },
615 { p11_constant_states, ELEMS (p11_constant_states) - 1 },
616 { p11_constant_users, ELEMS (p11_constant_users) - 1 },
617 { p11_constant_returns, ELEMS (p11_constant_returns) - 1 },
618 };
619
620 static int
compar_attr_info(const void * one,const void * two)621 compar_attr_info (const void *one,
622 const void *two)
623 {
624 const p11_constant *a1 = one;
625 const p11_constant *a2 = two;
626 if (a1->value == a2->value)
627 return 0;
628 if (a1->value < a2->value)
629 return -1;
630 return 1;
631 }
632
633 static const p11_constant *
lookup_info(const p11_constant * table,CK_ATTRIBUTE_TYPE type)634 lookup_info (const p11_constant *table,
635 CK_ATTRIBUTE_TYPE type)
636 {
637 p11_constant match = { type, NULL, { NULL } };
638 int length = -1;
639 int i;
640
641 for (i = 0; i < ELEMS (tables); i++) {
642 if (table == tables[i].table) {
643 length = tables[i].length;
644 break;
645 }
646 }
647
648 if (length == -1)
649 return_val_if_reached (NULL);
650
651 return bsearch (&match, table, length, sizeof (p11_constant), compar_attr_info);
652
653 }
654 const char *
p11_constant_name(const p11_constant * constants,CK_ULONG type)655 p11_constant_name (const p11_constant *constants,
656 CK_ULONG type)
657 {
658 const p11_constant *constant = lookup_info (constants, type);
659 return constant ? constant->name : NULL;
660 }
661
662 const char *
p11_constant_nick(const p11_constant * constants,CK_ULONG type)663 p11_constant_nick (const p11_constant *constants,
664 CK_ULONG type)
665 {
666 const p11_constant *constant = lookup_info (constants, type);
667 return constant ? constant->nicks[0] : NULL;
668 }
669
670 p11_dict *
p11_constant_reverse(bool nick)671 p11_constant_reverse (bool nick)
672 {
673 const p11_constant *table;
674 p11_dict *lookups;
675 int length = -1;
676 int i, j, k;
677
678 lookups = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL);
679 return_val_if_fail (lookups != NULL, NULL);
680
681 for (i = 0; i < ELEMS (tables); i++) {
682 table = tables[i].table;
683 length = tables[i].length;
684
685 for (j = 0; j < length; j++) {
686 if (nick) {
687 for (k = 0; table[j].nicks[k] != NULL; k++) {
688 if (!p11_dict_set (lookups, (void *)table[j].nicks[k],
689 (void *)&table[j].value))
690 return_val_if_reached (NULL);
691 }
692 } else {
693 if (!p11_dict_set (lookups, (void *)table[j].name, (void *)&table[j].value))
694 return_val_if_reached (NULL);
695 }
696 }
697 }
698
699 return lookups;
700 }
701
702 CK_ULONG
p11_constant_resolve(p11_dict * reversed,const char * string)703 p11_constant_resolve (p11_dict *reversed,
704 const char *string)
705 {
706 CK_ULONG *ptr;
707
708 return_val_if_fail (reversed != NULL, CKA_INVALID);
709 return_val_if_fail (string != NULL, CKA_INVALID);
710
711 ptr = p11_dict_get (reversed, string);
712 return ptr ? *ptr : CKA_INVALID;
713 }
714