From 118a57ecf0f88e047bb3e75227e08adb5782074c Mon Sep 17 00:00:00 2001 From: Waqar Ahmed Khan Date: Mon, 15 May 2023 13:31:55 -0700 Subject: [PATCH 01/44] Fix warnings in public headers (#569) --- .github/workflows/ci.yml | 2 +- CMakeLists.txt | 2 +- include/aws/io/channel.h | 3 +++ include/aws/io/channel_bootstrap.h | 3 +++ include/aws/io/event_loop.h | 3 +++ include/aws/io/host_resolver.h | 3 +++ include/aws/io/io.h | 3 +++ include/aws/io/logging.h | 3 +++ include/aws/io/message_pool.h | 3 +++ include/aws/io/pipe.h | 3 +++ include/aws/io/pkcs11.h | 3 +++ include/aws/io/retry_strategy.h | 3 +++ include/aws/io/shared_library.h | 3 +++ include/aws/io/socket.h | 3 +++ include/aws/io/socket_channel_handler.h | 3 +++ include/aws/io/statistics.h | 3 +++ include/aws/io/stream.h | 3 +++ include/aws/io/tls_channel_handler.h | 7 +++++-- 18 files changed, 52 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 75b0aaeac..49f1a1467 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,7 +6,7 @@ on: - 'main' env: - BUILDER_VERSION: v0.9.40 + BUILDER_VERSION: v0.9.43 BUILDER_SOURCE: releases BUILDER_HOST: https://d19elf31gohf1l.cloudfront.net PACKAGE_NAME: aws-c-io diff --git a/CMakeLists.txt b/CMakeLists.txt index 4ddc3681a..cd12fa725 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -177,7 +177,7 @@ file(GLOB IO_SRC add_library(${PROJECT_NAME} ${LIBTYPE} ${IO_HEADERS} ${IO_SRC}) aws_set_common_properties(${PROJECT_NAME}) aws_prepare_symbol_visibility_args(${PROJECT_NAME} "AWS_IO") -aws_check_headers(${PROJECT_NAME} ${IO_HEADERS}) +aws_check_headers(${PROJECT_NAME} ${AWS_IO_HEADERS}) aws_add_sanitizers(${PROJECT_NAME}) diff --git a/include/aws/io/channel.h b/include/aws/io/channel.h index 50dc5cce2..aca73d7c6 100644 --- a/include/aws/io/channel.h +++ b/include/aws/io/channel.h @@ -10,6 +10,8 @@ #include #include +AWS_PUSH_SANE_WARNING_LEVEL + enum aws_channel_direction { AWS_CHANNEL_DIR_READ, AWS_CHANNEL_DIR_WRITE, @@ -504,5 +506,6 @@ AWS_IO_API int aws_channel_trigger_read(struct aws_channel *channel); AWS_EXTERN_C_END +AWS_POP_SANE_WARNING_LEVEL #endif /* AWS_IO_CHANNEL_H */ diff --git a/include/aws/io/channel_bootstrap.h b/include/aws/io/channel_bootstrap.h index ae97ba6b4..8e28579df 100644 --- a/include/aws/io/channel_bootstrap.h +++ b/include/aws/io/channel_bootstrap.h @@ -9,6 +9,8 @@ #include #include +AWS_PUSH_SANE_WARNING_LEVEL + struct aws_client_bootstrap; struct aws_socket; struct aws_socket_options; @@ -305,5 +307,6 @@ AWS_IO_API void aws_server_bootstrap_destroy_socket_listener( struct aws_socket *listener); AWS_EXTERN_C_END +AWS_POP_SANE_WARNING_LEVEL #endif /* AWS_IO_CHANNEL_BOOTSTRAP_H */ diff --git a/include/aws/io/event_loop.h b/include/aws/io/event_loop.h index 32d626869..a3b552d6e 100644 --- a/include/aws/io/event_loop.h +++ b/include/aws/io/event_loop.h @@ -12,6 +12,8 @@ #include +AWS_PUSH_SANE_WARNING_LEVEL + enum aws_io_event_type { AWS_IO_EVENT_TYPE_READABLE = 1, AWS_IO_EVENT_TYPE_WRITABLE = 2, @@ -470,5 +472,6 @@ AWS_IO_API struct aws_event_loop *aws_event_loop_group_get_next_loop(struct aws_event_loop_group *el_group); AWS_EXTERN_C_END +AWS_POP_SANE_WARNING_LEVEL #endif /* AWS_IO_EVENT_LOOP_H */ diff --git a/include/aws/io/host_resolver.h b/include/aws/io/host_resolver.h index 6be0245e9..8b4824224 100644 --- a/include/aws/io/host_resolver.h +++ b/include/aws/io/host_resolver.h @@ -8,6 +8,8 @@ #include #include +AWS_PUSH_SANE_WARNING_LEVEL + struct aws_event_loop_group; enum aws_address_record_type { @@ -272,5 +274,6 @@ AWS_IO_API size_t aws_host_resolver_get_host_address_count( AWS_IO_API struct aws_host_resolution_config aws_host_resolver_init_default_resolution_config(void); AWS_EXTERN_C_END +AWS_POP_SANE_WARNING_LEVEL #endif /* AWS_IO_HOST_RESOLVER_H */ diff --git a/include/aws/io/io.h b/include/aws/io/io.h index 2dfd392dd..0ce3f2bc8 100644 --- a/include/aws/io/io.h +++ b/include/aws/io/io.h @@ -10,6 +10,8 @@ #include #include +AWS_PUSH_SANE_WARNING_LEVEL + #define AWS_C_IO_PACKAGE_ID 1 struct aws_io_handle { @@ -271,5 +273,6 @@ AWS_IO_API void aws_io_fatal_assert_library_initialized(void); AWS_EXTERN_C_END +AWS_POP_SANE_WARNING_LEVEL #endif /* AWS_IO_IO_H */ diff --git a/include/aws/io/logging.h b/include/aws/io/logging.h index a95e1d4ac..5d8a144a0 100644 --- a/include/aws/io/logging.h +++ b/include/aws/io/logging.h @@ -10,6 +10,8 @@ #include +AWS_PUSH_SANE_WARNING_LEVEL + struct aws_log_channel; struct aws_log_formatter; struct aws_log_writer; @@ -32,5 +34,6 @@ enum aws_io_log_subject { AWS_LS_IO_PKCS11, AWS_IO_LS_LAST = AWS_LOG_SUBJECT_END_RANGE(AWS_C_IO_PACKAGE_ID) }; +AWS_POP_SANE_WARNING_LEVEL #endif /* AWS_IO_LOGGING_H */ diff --git a/include/aws/io/message_pool.h b/include/aws/io/message_pool.h index 4b1e809c9..738627a39 100644 --- a/include/aws/io/message_pool.h +++ b/include/aws/io/message_pool.h @@ -7,6 +7,8 @@ #include #include +AWS_PUSH_SANE_WARNING_LEVEL + struct aws_memory_pool { struct aws_allocator *alloc; struct aws_array_list stack; @@ -82,5 +84,6 @@ AWS_IO_API void aws_message_pool_release(struct aws_message_pool *msg_pool, struct aws_io_message *message); AWS_EXTERN_C_END +AWS_POP_SANE_WARNING_LEVEL #endif /* AWS_IO_MESSAGE_POOL_H */ diff --git a/include/aws/io/pipe.h b/include/aws/io/pipe.h index 507565054..ab9746cc4 100644 --- a/include/aws/io/pipe.h +++ b/include/aws/io/pipe.h @@ -9,6 +9,8 @@ #include #include +AWS_PUSH_SANE_WARNING_LEVEL + struct aws_event_loop; struct aws_pipe_read_end { @@ -144,5 +146,6 @@ int aws_pipe_get_unique_name(char *dst, size_t dst_size); #endif AWS_EXTERN_C_END +AWS_POP_SANE_WARNING_LEVEL #endif /* AWS_IO_PIPE_H */ diff --git a/include/aws/io/pkcs11.h b/include/aws/io/pkcs11.h index 862f06310..e23192f1f 100644 --- a/include/aws/io/pkcs11.h +++ b/include/aws/io/pkcs11.h @@ -6,6 +6,8 @@ */ #include +AWS_PUSH_SANE_WARNING_LEVEL + struct aws_allocator; /** @@ -90,5 +92,6 @@ AWS_IO_API void aws_pkcs11_lib_release(struct aws_pkcs11_lib *pkcs11_lib); AWS_EXTERN_C_END +AWS_POP_SANE_WARNING_LEVEL #endif /* AWS_IO_PKCS11_H */ diff --git a/include/aws/io/retry_strategy.h b/include/aws/io/retry_strategy.h index 4d7a26f7e..8f15d207f 100644 --- a/include/aws/io/retry_strategy.h +++ b/include/aws/io/retry_strategy.h @@ -9,6 +9,8 @@ #include #include +AWS_PUSH_SANE_WARNING_LEVEL + struct aws_retry_strategy; struct aws_retry_token; struct aws_event_loop_group; @@ -232,5 +234,6 @@ AWS_IO_API struct aws_retry_strategy *aws_retry_strategy_new_standard( const struct aws_standard_retry_options *config); AWS_EXTERN_C_END +AWS_POP_SANE_WARNING_LEVEL #endif /* AWS_IO_CLIENT_RETRY_STRATEGY_H */ diff --git a/include/aws/io/shared_library.h b/include/aws/io/shared_library.h index 323afed60..c00eb98af 100644 --- a/include/aws/io/shared_library.h +++ b/include/aws/io/shared_library.h @@ -8,6 +8,8 @@ #include +AWS_PUSH_SANE_WARNING_LEVEL + struct aws_byte_cursor; /* @@ -44,5 +46,6 @@ int aws_shared_library_find_function( aws_generic_function *function_address); AWS_EXTERN_C_END +AWS_POP_SANE_WARNING_LEVEL #endif /* AWS_COMMON_SHARED_LIBRARY_H */ diff --git a/include/aws/io/socket.h b/include/aws/io/socket.h index b4f320080..9ef8913a9 100644 --- a/include/aws/io/socket.h +++ b/include/aws/io/socket.h @@ -8,6 +8,8 @@ #include #include +AWS_PUSH_SANE_WARNING_LEVEL + enum aws_socket_domain { AWS_SOCKET_IPV4, AWS_SOCKET_IPV6, @@ -301,5 +303,6 @@ AWS_IO_API int aws_socket_get_error(struct aws_socket *socket); AWS_IO_API bool aws_socket_is_open(struct aws_socket *socket); AWS_EXTERN_C_END +AWS_POP_SANE_WARNING_LEVEL #endif /* AWS_IO_SOCKET_H */ diff --git a/include/aws/io/socket_channel_handler.h b/include/aws/io/socket_channel_handler.h index e837b0784..a9f6a23cb 100644 --- a/include/aws/io/socket_channel_handler.h +++ b/include/aws/io/socket_channel_handler.h @@ -7,6 +7,8 @@ #include +AWS_PUSH_SANE_WARNING_LEVEL + struct aws_socket; struct aws_channel_handler; struct aws_channel_slot; @@ -28,5 +30,6 @@ AWS_IO_API struct aws_channel_handler *aws_socket_handler_new( AWS_IO_API const struct aws_socket *aws_socket_handler_get_socket(const struct aws_channel_handler *handler); AWS_EXTERN_C_END +AWS_POP_SANE_WARNING_LEVEL #endif /* AWS_IO_SOCKET_CHANNEL_HANDLER_H */ diff --git a/include/aws/io/statistics.h b/include/aws/io/statistics.h index ce63a7ca3..62217e176 100644 --- a/include/aws/io/statistics.h +++ b/include/aws/io/statistics.h @@ -11,6 +11,8 @@ #include #include +AWS_PUSH_SANE_WARNING_LEVEL + enum aws_crt_io_statistics_category { AWSCRT_STAT_CAT_SOCKET = AWS_CRT_STATISTICS_CATEGORY_BEGIN_RANGE(AWS_C_IO_PACKAGE_ID), AWSCRT_STAT_CAT_TLS, @@ -74,5 +76,6 @@ AWS_IO_API void aws_crt_statistics_tls_reset(struct aws_crt_statistics_tls *stats); AWS_EXTERN_C_END +AWS_POP_SANE_WARNING_LEVEL #endif /* AWS_IO_STATISTICS_H */ diff --git a/include/aws/io/stream.h b/include/aws/io/stream.h index ff86de970..711537d02 100644 --- a/include/aws/io/stream.h +++ b/include/aws/io/stream.h @@ -9,6 +9,8 @@ #include #include +AWS_PUSH_SANE_WARNING_LEVEL + struct aws_input_stream; struct aws_byte_buf; @@ -129,5 +131,6 @@ AWS_IO_API struct aws_input_stream *aws_input_stream_new_from_file( AWS_IO_API struct aws_input_stream *aws_input_stream_new_from_open_file(struct aws_allocator *allocator, FILE *file); AWS_EXTERN_C_END +AWS_POP_SANE_WARNING_LEVEL #endif /* AWS_IO_STREAM_H */ diff --git a/include/aws/io/tls_channel_handler.h b/include/aws/io/tls_channel_handler.h index bb0eed7d3..5c630de83 100644 --- a/include/aws/io/tls_channel_handler.h +++ b/include/aws/io/tls_channel_handler.h @@ -8,6 +8,10 @@ #include #include +AWS_PUSH_SANE_WARNING_LEVEL + +#define AWS_TLS_NEGOTIATED_PROTOCOL_MESSAGE 0x01 + struct aws_channel_slot; struct aws_channel_handler; struct aws_pkcs11_session; @@ -254,8 +258,6 @@ struct aws_tls_negotiated_protocol_message { struct aws_byte_buf protocol; }; -static const int AWS_TLS_NEGOTIATED_PROTOCOL_MESSAGE = 0x01; - typedef struct aws_channel_handler *( *aws_tls_on_protocol_negotiated)(struct aws_channel_slot *new_slot, struct aws_byte_buf *protocol, void *user_data); @@ -914,5 +916,6 @@ AWS_IO_API const char *aws_tls_key_operation_type_str(enum aws_tls_key_operation_type operation_type); AWS_EXTERN_C_END +AWS_POP_SANE_WARNING_LEVEL #endif /* AWS_IO_TLS_CHANNEL_HANDLER_H */ From 1378606c17dcce458ddc17f5a40b29e3c22e1070 Mon Sep 17 00:00:00 2001 From: TwistedTwigleg Date: Fri, 19 May 2023 14:39:46 -0400 Subject: [PATCH 02/44] Use UUID for socket endpoints (#570) Adjust tests to use UUID instead of timestamps for socket endpoints --- include/aws/io/socket.h | 6 ++++++ source/posix/socket.c | 10 ++++++++++ source/windows/iocp/socket.c | 10 ++++++++++ tests/byo_crypto_test.c | 16 ++-------------- tests/socket_handler_test.c | 15 ++------------- tests/socket_test.c | 21 +++------------------ tests/tls_handler_test.c | 28 ++++++++-------------------- 7 files changed, 41 insertions(+), 65 deletions(-) diff --git a/include/aws/io/socket.h b/include/aws/io/socket.h index 9ef8913a9..de4fed356 100644 --- a/include/aws/io/socket.h +++ b/include/aws/io/socket.h @@ -302,6 +302,12 @@ AWS_IO_API int aws_socket_get_error(struct aws_socket *socket); */ AWS_IO_API bool aws_socket_is_open(struct aws_socket *socket); +/** + * Assigns a random address (UUID) for use with AWS_SOCKET_LOCAL (Unix Domain Sockets). + * For use in internal tests only. + */ +AWS_IO_API void aws_socket_endpoint_init_local_address_for_test(struct aws_socket_endpoint *endpoint); + AWS_EXTERN_C_END AWS_POP_SANE_WARNING_LEVEL diff --git a/source/posix/socket.c b/source/posix/socket.c index 7dc170cce..088bfabdb 100644 --- a/source/posix/socket.c +++ b/source/posix/socket.c @@ -9,6 +9,7 @@ #include #include #include +#include #include #include @@ -1907,3 +1908,12 @@ int aws_socket_get_error(struct aws_socket *socket) { bool aws_socket_is_open(struct aws_socket *socket) { return socket->io_handle.data.fd >= 0; } + +void aws_socket_endpoint_init_local_address_for_test(struct aws_socket_endpoint *endpoint) { + struct aws_uuid uuid; + AWS_FATAL_ASSERT(aws_uuid_init(&uuid) == AWS_OP_SUCCESS); + char uuid_str[AWS_UUID_STR_LEN] = {0}; + struct aws_byte_buf uuid_buf = aws_byte_buf_from_empty_array(uuid_str, sizeof(uuid_str)); + AWS_FATAL_ASSERT(aws_uuid_to_str(&uuid, &uuid_buf) == AWS_OP_SUCCESS); + snprintf(endpoint->address, sizeof(endpoint->address), "testsock" PRInSTR ".sock", AWS_BYTE_BUF_PRI(uuid_buf)); +} diff --git a/source/windows/iocp/socket.c b/source/windows/iocp/socket.c index 528cac0af..0a7089300 100644 --- a/source/windows/iocp/socket.c +++ b/source/windows/iocp/socket.c @@ -21,6 +21,7 @@ below, clang-format doesn't work (at least on my version) with the c-style comme #include #include #include +#include #include #include @@ -3232,3 +3233,12 @@ int aws_socket_get_error(struct aws_socket *socket) { bool aws_socket_is_open(struct aws_socket *socket) { return socket->io_handle.data.handle != INVALID_HANDLE_VALUE; } + +void aws_socket_endpoint_init_local_address_for_test(struct aws_socket_endpoint *endpoint) { + struct aws_uuid uuid; + AWS_FATAL_ASSERT(aws_uuid_init(&uuid) == AWS_OP_SUCCESS); + char uuid_str[AWS_UUID_STR_LEN] = {0}; + struct aws_byte_buf uuid_buf = aws_byte_buf_from_empty_array(uuid_str, sizeof(uuid_str)); + AWS_FATAL_ASSERT(aws_uuid_to_str(&uuid, &uuid_buf) == AWS_OP_SUCCESS); + snprintf(endpoint->address, sizeof(endpoint->address), "\\\\.\\pipe\\testsock" PRInSTR, AWS_BYTE_BUF_PRI(uuid_buf)); +} diff --git a/tests/byo_crypto_test.c b/tests/byo_crypto_test.c index 356ccbaea..878889646 100644 --- a/tests/byo_crypto_test.c +++ b/tests/byo_crypto_test.c @@ -18,7 +18,6 @@ # include # include -# include # include # include @@ -26,12 +25,6 @@ # include "statistics_handler_test.h" # include -# ifdef _WIN32 -# define LOCAL_SOCK_TEST_PATTERN "\\\\.\\pipe\\testsock%llu" -# else -# define LOCAL_SOCK_TEST_PATTERN "testsock%llu.sock" -# endif - struct byo_crypto_test_args { struct aws_allocator *allocator; struct aws_mutex *mutex; @@ -84,7 +77,6 @@ struct local_server_tester { struct aws_socket_endpoint endpoint; struct aws_server_bootstrap *server_bootstrap; struct aws_socket *listener; - uint64_t timestamp; }; static bool s_channel_setup_predicate(void *user_data) { @@ -276,12 +268,8 @@ static int s_local_server_tester_init( tester->socket_options.type = AWS_SOCKET_STREAM; tester->socket_options.domain = AWS_SOCKET_LOCAL; - ASSERT_SUCCESS(aws_sys_clock_get_ticks(&tester->timestamp)); - snprintf( - tester->endpoint.address, - sizeof(tester->endpoint.address), - LOCAL_SOCK_TEST_PATTERN, - (long long unsigned)tester->timestamp); + aws_socket_endpoint_init_local_address_for_test(&tester->endpoint); + tester->server_bootstrap = aws_server_bootstrap_new(allocator, s_c_tester->el_group); ASSERT_NOT_NULL(tester->server_bootstrap); diff --git a/tests/socket_handler_test.c b/tests/socket_handler_test.c index babf9ff18..26e272d6a 100644 --- a/tests/socket_handler_test.c +++ b/tests/socket_handler_test.c @@ -17,12 +17,6 @@ #include "statistics_handler_test.h" #include -#ifdef _WIN32 -# define LOCAL_SOCK_TEST_PATTERN "\\\\.\\pipe\\testsock%llu" -#else -# define LOCAL_SOCK_TEST_PATTERN "testsock%llu.sock" -#endif - struct socket_test_args { struct aws_allocator *allocator; struct aws_mutex *mutex; @@ -80,7 +74,6 @@ struct local_server_tester { struct aws_socket_endpoint endpoint; struct aws_server_bootstrap *server_bootstrap; struct aws_socket *listener; - uint64_t timestamp; }; static bool s_pinned_channel_setup_predicate(void *user_data) { @@ -300,12 +293,8 @@ static int s_local_server_tester_init( tester->socket_options.type = AWS_SOCKET_STREAM; tester->socket_options.domain = AWS_SOCKET_LOCAL; - ASSERT_SUCCESS(aws_sys_clock_get_ticks(&tester->timestamp)); - snprintf( - tester->endpoint.address, - sizeof(tester->endpoint.address), - LOCAL_SOCK_TEST_PATTERN, - (long long unsigned)tester->timestamp); + aws_socket_endpoint_init_local_address_for_test(&tester->endpoint); + tester->server_bootstrap = aws_server_bootstrap_new(allocator, s_c_tester->el_group); ASSERT_NOT_NULL(tester->server_bootstrap); diff --git a/tests/socket_test.c b/tests/socket_test.c index 8fdec354a..c654742d2 100644 --- a/tests/socket_test.c +++ b/tests/socket_test.c @@ -14,12 +14,6 @@ #include #include -#ifdef _WIN32 -# define LOCAL_SOCK_TEST_PATTERN "\\\\.\\pipe\\testsock%llu" -#else -# define LOCAL_SOCK_TEST_PATTERN "testsock%llu.sock" -#endif - #ifdef _MSC_VER # pragma warning(disable : 4996) /* strncpy */ #endif @@ -410,13 +404,9 @@ static int s_test_local_socket_communication(struct aws_allocator *allocator, vo options.connect_timeout_ms = 3000; options.type = AWS_SOCKET_STREAM; options.domain = AWS_SOCKET_LOCAL; - - uint64_t timestamp = 0; - ASSERT_SUCCESS(aws_sys_clock_get_ticks(×tamp)); struct aws_socket_endpoint endpoint; AWS_ZERO_STRUCT(endpoint); - - snprintf(endpoint.address, sizeof(endpoint.address), LOCAL_SOCK_TEST_PATTERN, (long long unsigned)timestamp); + aws_socket_endpoint_init_local_address_for_test(&endpoint); return s_test_socket(allocator, &options, &endpoint); } @@ -1578,12 +1568,9 @@ static int s_sock_write_cb_is_async(struct aws_allocator *allocator, void *ctx) options.keep_alive_timeout_sec = 60000; options.type = AWS_SOCKET_STREAM; options.domain = AWS_SOCKET_LOCAL; - - uint64_t timestamp = 0; - ASSERT_SUCCESS(aws_sys_clock_get_ticks(×tamp)); struct aws_socket_endpoint endpoint; AWS_ZERO_STRUCT(endpoint); - snprintf(endpoint.address, sizeof(endpoint.address), LOCAL_SOCK_TEST_PATTERN, (long long unsigned)timestamp); + aws_socket_endpoint_init_local_address_for_test(&endpoint); struct aws_socket listener; ASSERT_SUCCESS(aws_socket_init(&listener, allocator, &options)); @@ -1672,11 +1659,9 @@ static int s_local_socket_pipe_connected_race(struct aws_allocator *allocator, v options.type = AWS_SOCKET_STREAM; options.domain = AWS_SOCKET_LOCAL; - uint64_t timestamp = 0; - ASSERT_SUCCESS(aws_sys_clock_get_ticks(×tamp)); struct aws_socket_endpoint endpoint; AWS_ZERO_STRUCT(endpoint); - snprintf(endpoint.address, sizeof(endpoint.address), LOCAL_SOCK_TEST_PATTERN, (long long unsigned)timestamp); + aws_socket_endpoint_init_local_address_for_test(&endpoint); struct aws_socket listener; ASSERT_SUCCESS(aws_socket_init(&listener, allocator, &options)); diff --git a/tests/tls_handler_test.c b/tests/tls_handler_test.c index 395e1d8a2..3718f675c 100644 --- a/tests/tls_handler_test.c +++ b/tests/tls_handler_test.c @@ -25,12 +25,6 @@ # include -# ifdef _WIN32 -# define LOCAL_SOCK_TEST_PATTERN "\\\\.\\pipe\\testsock%llu_%d" -# else -# define LOCAL_SOCK_TEST_PATTERN "testsock%llu_%d.sock" -# endif - struct tls_test_args { struct aws_allocator *allocator; struct aws_mutex *mutex; @@ -139,7 +133,6 @@ struct tls_local_server_tester { struct aws_socket_endpoint endpoint; struct aws_server_bootstrap *server_bootstrap; struct aws_socket *listener; - uint64_t timestamp; }; static int s_tls_test_arg_init( @@ -388,7 +381,6 @@ static int s_tls_local_server_tester_init( struct tls_test_args *args, struct tls_common_tester *tls_c_tester, bool enable_back_pressure, - int server_index, const char *cert_path, const char *pkey_path) { AWS_ZERO_STRUCT(*tester); @@ -397,13 +389,9 @@ static int s_tls_local_server_tester_init( tester->socket_options.connect_timeout_ms = 3000; tester->socket_options.type = AWS_SOCKET_STREAM; tester->socket_options.domain = AWS_SOCKET_LOCAL; - ASSERT_SUCCESS(aws_sys_clock_get_ticks(&tester->timestamp)); - snprintf( - tester->endpoint.address, - sizeof(tester->endpoint.address), - LOCAL_SOCK_TEST_PATTERN, - (long long unsigned)tester->timestamp, - server_index); + + aws_socket_endpoint_init_local_address_for_test(&tester->endpoint); + tester->server_bootstrap = aws_server_bootstrap_new(allocator, tls_c_tester->el_group); ASSERT_NOT_NULL(tester->server_bootstrap); @@ -524,7 +512,7 @@ static int s_tls_channel_echo_and_backpressure_test_fn(struct aws_allocator *all struct tls_local_server_tester local_server_tester; ASSERT_SUCCESS(s_tls_local_server_tester_init( - allocator, &local_server_tester, &incoming_args, &c_tester, true, 1, "server.crt", "server.key")); + allocator, &local_server_tester, &incoming_args, &c_tester, true, "server.crt", "server.key")); /* make the windows small to make sure back pressure is honored. */ struct aws_channel_handler *outgoing_rw_handler = rw_handler_new( allocator, s_tls_test_handle_read, s_tls_test_handle_write, true, write_tag.len / 2, &outgoing_rw_args); @@ -1431,7 +1419,7 @@ static int s_tls_server_multiple_connections_fn(struct aws_allocator *allocator, struct tls_local_server_tester local_server_tester; ASSERT_SUCCESS(s_tls_local_server_tester_init( - allocator, &local_server_tester, &incoming_args, &c_tester, false, 1, "server.crt", "server.key")); + allocator, &local_server_tester, &incoming_args, &c_tester, false, "server.crt", "server.key")); struct tls_opt_tester client_tls_opt_tester; struct aws_byte_cursor server_name = aws_byte_cursor_from_c_str("localhost"); @@ -1580,7 +1568,7 @@ static int s_tls_server_hangup_during_negotiation_fn(struct aws_allocator *alloc struct tls_local_server_tester local_server_tester; ASSERT_SUCCESS(s_tls_local_server_tester_init( - allocator, &local_server_tester, &incoming_args, &c_tester, false, 1, "server.crt", "server.key")); + allocator, &local_server_tester, &incoming_args, &c_tester, false, "server.crt", "server.key")); ASSERT_SUCCESS(aws_mutex_lock(&c_tester.mutex)); @@ -1725,7 +1713,7 @@ static int s_tls_channel_statistics_test(struct aws_allocator *allocator, void * struct tls_local_server_tester local_server_tester; ASSERT_SUCCESS(s_tls_local_server_tester_init( - allocator, &local_server_tester, &incoming_args, &c_tester, false, 1, "server.crt", "server.key")); + allocator, &local_server_tester, &incoming_args, &c_tester, false, "server.crt", "server.key")); struct aws_channel_handler *outgoing_rw_handler = rw_handler_new(allocator, s_tls_test_handle_read, s_tls_test_handle_write, true, 10000, &outgoing_rw_args); @@ -1846,7 +1834,7 @@ static int s_tls_certificate_chain_test(struct aws_allocator *allocator, void *c struct tls_local_server_tester local_server_tester; ASSERT_SUCCESS(s_tls_local_server_tester_init( - allocator, &local_server_tester, &incoming_args, &c_tester, false, 1, "server_chain.crt", "server.key")); + allocator, &local_server_tester, &incoming_args, &c_tester, false, "server_chain.crt", "server.key")); struct tls_opt_tester client_tls_opt_tester; struct aws_byte_cursor server_name = aws_byte_cursor_from_c_str("localhost"); From 09b0940cd5e2fc8e7a357c61f67befae97f2a71e Mon Sep 17 00:00:00 2001 From: Joseph Klix Date: Mon, 22 May 2023 16:06:51 -0700 Subject: [PATCH 03/44] update time to ancient (#571) --- .github/workflows/stale_issue.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/stale_issue.yml b/.github/workflows/stale_issue.yml index 857a4b0f1..5624eec4b 100644 --- a/.github/workflows/stale_issue.yml +++ b/.github/workflows/stale_issue.yml @@ -32,7 +32,7 @@ jobs: # Issue timing days-before-stale: 2 days-before-close: 5 - days-before-ancient: 365 + days-before-ancient: 36500 # If you don't want to mark a issue as being ancient based on a # threshold of "upvotes", you can set this here. An "upvote" is From cbea39a7f40b1892bc4bf148234c805b7cc14192 Mon Sep 17 00:00:00 2001 From: Michael Graeb Date: Tue, 30 May 2023 16:13:20 -0700 Subject: [PATCH 04/44] aws_future (#572) `aws_future` was built to [solve the problem of](https://github.com/awslabs/aws-c-common/blob/f77b55d0a48964afc7a5b8bee119d8dd38df7db1/README.md?plain=1#L201-L205): this async function takes a callback, but **sometimes** that callback fires synchronously, and **sometimes** it fires asynchronously `aws_future` gives the **caller** of an async function control over how the callback is invoked. This is also an experiment with "C++ templates in C". Use macros to generate a type-safe API for each type we might store in a future. For example, to get something like `aws_future`: `AWS_DECLARE_FUTURE_T_BY_VALUE(aws_future_bool, bool)` and now we can write type-safe code like: ``` struct aws_future_bool *future = some_async_function(); ... bool result = aws_future_get_result(future); ``` instead of something like: ``` /* this future will contain a bool */ struct aws_future *future = some_async_function(); ... bool result; aws_future_get_result(future, &result, sizeof(bool)); ``` --- include/aws/io/future.h | 582 +++++++++++++++++++++++++++++++ source/future.c | 465 +++++++++++++++++++++++++ tests/CMakeLists.txt | 18 + tests/future_test.c | 736 ++++++++++++++++++++++++++++++++++++++++ tests/future_test.h | 22 ++ 5 files changed, 1823 insertions(+) create mode 100644 include/aws/io/future.h create mode 100644 source/future.c create mode 100644 tests/future_test.c create mode 100644 tests/future_test.h diff --git a/include/aws/io/future.h b/include/aws/io/future.h new file mode 100644 index 000000000..3b036b80d --- /dev/null +++ b/include/aws/io/future.h @@ -0,0 +1,582 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ + +#ifndef AWS_IO_FUTURE_H +#define AWS_IO_FUTURE_H + +/* + +// THIS IS AN EXPERIMENTAL AND UNSTABLE API +// +// An aws_future is used to deliver the result of an asynchronous function. +// +// When an async function is called, it creates a future and returns it to the caller. +// When the async work is finished, it completes the future by setting an error or result value. +// The caller waits until the future is done, checks for error, and then gets +// the result if everything was OK. Typically, the caller waits by registering +// a callback that the future invokes when it's done. +// +// If result type T has a "destructor" (clean_up(), destroy(), or release() function), +// then the future has set_result_by_move() and get_result_by_move() functions +// that explicitly transfer ownership to and from the future. +// If the future dies, and still "owns" the resource, it calls the destructor. +// If T has no destructor, then the future has set_result() and get_result() +// functions that simply copy T by value. +// +// Macros are used to define a type-safe API for each result type T, +// similar to C++ templates. This makes the API hard to browse, so functions +// are documented in comments below. The result setter/getter functions +// are mildly different based on T's destructor type, and are documented later. + +// +// --- API (common to all aws_future) --- +// + +// Create a new future, with refcount of 1. +struct aws_future_T *aws_future_T_new(struct aws_allocator *alloc); + +// Increment the refcount. +// You can pass NULL (has no effect). +// Returns the same pointer that was passed in. +struct aws_future_T *aws_future_T_acquire(struct aws_future_T *future); + +// Decrement the refcount. +// You can pass NULL (has no effect). +// Always returns NULL. +struct aws_future_T *aws_future_T_release(struct aws_future_T *future); + +// Set future as done, with an error_code. +// If the future is already done this call is ignored. +void aws_future_T_set_error(struct aws_future_T *future, int error_code); + +// Return whether the future is done. +bool aws_future_T_is_done(const struct aws_future_T *future); + +// Get the error-code of a completed future. +// If 0 is returned, then the future completed successfully, +// you may now get the result. +// +// WARNING: You MUST NOT call this until the future is done. +int aws_future_T_get_error(const struct aws_future_T *future); + +// Register callback to be invoked when the future completes. +// +// If the future is already done, the callback runs synchronously on the calling thread. +// If the future isn't done yet, the callback is registered, and it +// will run synchronously on whatever thread completes the future. +// +// WARNING: You MUST NOT register more than one callback. +void aws_future_T_register_callback(struct aws_future_T *future, aws_future_callback_fn *on_done, void *user_data); + +// If the future isn't done yet, then register the completion callback. +// +// Returns true if the callback was registered, +// or false if the future is already done. +// +// Use this when you can't risk the callback running synchronously. +// For example: If you're calling an async function repeatedly, +// and synchronous completion could lead to stack overflow due to recursion. +// Or if you are holding a non-recursive mutex, and the callback also +// needs the mutex, and an immediate callback would deadlock. +// +// WARNING: If a callback is registered, you MUST NOT call this again until +// the callback has been invoked. +bool aws_future_T_register_callback_if_not_done( + struct aws_future_T *future, + aws_future_callback_fn *on_done, + void *user_data); + +// Register completion callback to run async on an event-loop thread. +// +// When the future completes, the callback is scheduled to run as an event-loop task. +// +// Use this when you want the callback to run on the event-loop's thread, +// or to ensure the callback runs async even if the future completed synchronously. +// +// WARNING: You MUST NOT register more than one callback. +void aws_future_T_register_event_loop_callback( + struct aws_future_T *future, + struct aws_event_loop *event_loop, + aws_future_callback_fn *on_done, + void *user_data); + +// Register completion callback to run async on an aws_channel's thread. +// +// When the future completes, the callback is scheduled to run as a channel task. +// +// Use this when you want the callback to run on the channel's thread, +// or to ensure the callback runs async even if the future completed synchronously. +// +// WARNING: You MUST NOT register more than one callback. +void aws_future_T_register_channel_callback( + struct aws_future_T *future, + struct aws_channel *channel, + aws_future_callback_fn *on_done, + void *user_data); + +// Wait (up to timeout_ns) for future to complete. +// Returns true if future completes in this time. +// This blocks the current thread, and is probably only useful for tests and sample programs. +bool aws_future_T_wait(struct aws_future_T *future, uint64_t timeout_ns); + +// +// --- Defining new aws_future types --- +// +// To define new types of aws_future, add the appropriate macro to the appropriate header. +// The macros are: +// +// AWS_DECLARE_FUTURE_T_BY_VALUE(FUTURE, T) +// For T stored by value, with no destructor. +// Use with types like bool, size_t, etc +// +// AWS_DECLARE_FUTURE_T_BY_VALUE_WITH_CLEAN_UP(FUTURE, T, CLEAN_UP_FN) +// For T stored by value, with destructor like: void aws_T_clean_up(T*) +// Use with types like `struct aws_byte_buf` +// +// AWS_DECLARE_FUTURE_T_POINTER_WITH_DESTROY(FUTURE, T, DESTROY_FN) +// For T stored by pointer, with destructor like: void aws_T_destroy(T*) +// Use with types like `struct aws_string *` +// +// AWS_DECLARE_FUTURE_T_POINTER_WITH_RELEASE(FUTURE, T, RELEASE_FN) +// For T stored by pointer, with destructor like: T* aws_T_release(T*) +// Use with types like `struct aws_http_message *` +// Note: if T's release() function doesn't return a pointer, use _WITH_DESTROY instead of _WITH_RELEASE. +// +// This file declares several common types: aws_future, aws_future, etc. +// But new future types should be declared in the header where that type's API is declared. +// For example: AWS_DECLARE_FUTURE_T_POINTER_WITH_RELEASE(aws_future_http_message, struct aws_http_message) +// would go in: aws-c-http/include/aws/http/request_response.h +// +// The APIs generated by these macros are identical except for the "setter" and "getter" functions. + +// +// --- Design (if you're curious) --- +// +// This class was developed to give the user more control over how the completion +// callback is invoked. In the past, we passed completion callbacks to the async +// function. But this could lead to issues when an async function "sometimes" +// completed synchronously and "sometimes" completed async. The async function +// would need to stress about how to schedule the callback so it was always async, +// or more typically just invoke it whenever and leave the caller to figure it out. +// +// This class is also an experiment with "templates/generics in C". +// In order to make the class type-safe, we use macros to define a unique +// API for each result type T we need to store in a future. +// If we refer to aws_future, we mean a struct named +// aws_future_byte_buf, which stores an aws_byte_buf by value. +// This could lead to code bloat, but the type-safety seems worth it. +// +// future is defined in aws-c-io, instead of aws-c-common, so it can +// easily integrate with aws_event_loop and aws_channel. +// +// It's legal to call set_error() or set_result() multiple times. +// If the future is already done, it ignores the call. +// If result T has a destructor, the new result is immediately freed instead of saved. +// This design lets us deal with ambiguity where it's not 100% certain whether a handoff occurred. +// For example: if we call from C->Java and an exception is thrown, +// it's not clear whether Java got the handoff. In this case, we can safely +// call set_error(), completing the future if necessary, +// or being ignored if the future was already done. + +*/ + +#include + +AWS_PUSH_SANE_WARNING_LEVEL + +struct aws_channel; +struct aws_event_loop; +struct aws_future_impl; + +/** Completion callback for aws_future */ +typedef void(aws_future_callback_fn)(void *user_data); + +typedef void(aws_future_impl_result_clean_up_fn)(void *result_addr); +typedef void(aws_future_impl_result_destroy_fn)(void *result); +typedef void *(aws_future_impl_result_release_fn)(void *result); + +AWS_EXTERN_C_BEGIN + +AWS_IO_API +struct aws_future_impl *aws_future_impl_new_by_value(struct aws_allocator *alloc, size_t sizeof_result); + +AWS_IO_API +struct aws_future_impl *aws_future_impl_new_by_value_with_clean_up( + struct aws_allocator *alloc, + size_t sizeof_result, + aws_future_impl_result_clean_up_fn *result_clean_up); + +AWS_IO_API +struct aws_future_impl *aws_future_impl_new_pointer(struct aws_allocator *alloc); + +AWS_IO_API +struct aws_future_impl *aws_future_impl_new_pointer_with_destroy( + struct aws_allocator *alloc, + aws_future_impl_result_destroy_fn *result_destroy); + +AWS_IO_API +struct aws_future_impl *aws_future_impl_new_pointer_with_release( + struct aws_allocator *alloc, + aws_future_impl_result_release_fn *result_release); + +AWS_IO_API +struct aws_future_impl *aws_future_impl_release(struct aws_future_impl *promise); + +AWS_IO_API +struct aws_future_impl *aws_future_impl_acquire(struct aws_future_impl *promise); + +AWS_IO_API +void aws_future_impl_set_error(struct aws_future_impl *promise, int error_code); + +AWS_IO_API +void aws_future_impl_set_result_by_move(struct aws_future_impl *promise, void *src_address); + +AWS_IO_API +bool aws_future_impl_is_done(const struct aws_future_impl *future); + +AWS_IO_API +void aws_future_impl_register_callback( + struct aws_future_impl *future, + aws_future_callback_fn *on_done, + void *user_data); + +AWS_IO_API +bool aws_future_impl_register_callback_if_not_done( + struct aws_future_impl *future, + aws_future_callback_fn *on_done, + void *user_data); + +AWS_IO_API +void aws_future_impl_register_event_loop_callback( + struct aws_future_impl *future, + struct aws_event_loop *event_loop, + aws_future_callback_fn *on_done, + void *user_data); + +AWS_IO_API +void aws_future_impl_register_channel_callback( + struct aws_future_impl *future, + struct aws_channel *channel, + aws_future_callback_fn *on_done, + void *user_data); + +AWS_IO_API +bool aws_future_impl_wait(const struct aws_future_impl *future, uint64_t timeout_ns); + +AWS_IO_API +int aws_future_impl_get_error(const struct aws_future_impl *future); + +AWS_IO_API +void *aws_future_impl_get_result_address(const struct aws_future_impl *future); + +AWS_IO_API +void aws_future_impl_get_result_by_move(struct aws_future_impl *future, void *dst_address); + +/* Common beginning to all aws_future declarations */ +#define AWS_FUTURE_T_DECLARATION_BEGIN(FUTURE) struct FUTURE; + +/* Common end to all aws_future declarations */ +#define AWS_FUTURE_T_DECLARATION_END(FUTURE) \ + AWS_STATIC_IMPL struct FUTURE *FUTURE##_acquire(struct FUTURE *future) { \ + return (struct FUTURE *)aws_future_impl_acquire((struct aws_future_impl *)future); \ + } \ + \ + AWS_STATIC_IMPL struct FUTURE *FUTURE##_release(struct FUTURE *future) { \ + return (struct FUTURE *)aws_future_impl_release((struct aws_future_impl *)future); \ + } \ + \ + AWS_STATIC_IMPL void FUTURE##_set_error(struct FUTURE *future, int error_code) { \ + aws_future_impl_set_error((struct aws_future_impl *)future, error_code); \ + } \ + \ + AWS_STATIC_IMPL bool FUTURE##_is_done(const struct FUTURE *future) { \ + return aws_future_impl_is_done((const struct aws_future_impl *)future); \ + } \ + \ + AWS_STATIC_IMPL int FUTURE##_get_error(const struct FUTURE *future) { \ + return aws_future_impl_get_error((const struct aws_future_impl *)future); \ + } \ + \ + AWS_STATIC_IMPL \ + void FUTURE##_register_callback(struct FUTURE *future, aws_future_callback_fn *on_done, void *user_data) { \ + aws_future_impl_register_callback((struct aws_future_impl *)future, on_done, user_data); \ + } \ + \ + AWS_STATIC_IMPL \ + bool FUTURE##_register_callback_if_not_done( \ + struct FUTURE *future, aws_future_callback_fn *on_done, void *user_data) { \ + \ + return aws_future_impl_register_callback_if_not_done((struct aws_future_impl *)future, on_done, user_data); \ + } \ + \ + AWS_STATIC_IMPL \ + void FUTURE##_register_event_loop_callback( \ + struct FUTURE *future, struct aws_event_loop *event_loop, aws_future_callback_fn *on_done, void *user_data) { \ + \ + aws_future_impl_register_event_loop_callback( \ + (struct aws_future_impl *)future, event_loop, on_done, user_data); \ + } \ + \ + AWS_STATIC_IMPL \ + void FUTURE##_register_channel_callback( \ + struct FUTURE *future, struct aws_channel *channel, aws_future_callback_fn *on_done, void *user_data) { \ + \ + aws_future_impl_register_channel_callback((struct aws_future_impl *)future, channel, on_done, user_data); \ + } \ + \ + AWS_STATIC_IMPL \ + bool FUTURE##_wait(struct FUTURE *future, uint64_t timeout_ns) { \ + return aws_future_impl_wait((struct aws_future_impl *)future, timeout_ns); \ + } + +/** + * Declare a future that holds a simple T by value, that needs no destructor. + * Use with types like bool, size_t, etc. + * + * See top of future.h for most API docs. + * The result setters and getters are: + +// Set the result. +// +// If the future is already done this call is ignored. +void aws_future_T_set_result(const struct aws_future_T *future, T result); + +// Get the result of a completed future. +// +// WARNING: You MUST NOT call this until the future is done. +// WARNING: You MUST NOT call this unless get_error() returned 0. +T aws_future_T_get_result(const struct aws_future_T *future); + +*/ +#define AWS_DECLARE_FUTURE_T_BY_VALUE(FUTURE, T) \ + AWS_FUTURE_T_DECLARATION_BEGIN(FUTURE) \ + \ + AWS_STATIC_IMPL struct FUTURE *FUTURE##_new(struct aws_allocator *alloc) { \ + return (struct FUTURE *)aws_future_impl_new_by_value(alloc, sizeof(T)); \ + } \ + \ + AWS_STATIC_IMPL void FUTURE##_set_result(struct FUTURE *future, T result) { \ + aws_future_impl_set_result_by_move((struct aws_future_impl *)future, &result); \ + } \ + \ + AWS_STATIC_IMPL T FUTURE##_get_result(struct FUTURE *future) { \ + return *(T *)aws_future_impl_get_result_address((const struct aws_future_impl *)future); \ + } \ + \ + AWS_FUTURE_T_DECLARATION_END(FUTURE) + +/** + * Declares a future that holds T by value, with destructor like: void aws_T_clean_up(T*) + * Use with types like aws_byte_buf. + * + * See top of future.h for most API docs. + * The result setters and getters are: + +// Set the result, transferring ownership. +// +// The memory at `value_address` is memcpy'd into the future, +// and then zeroed out to help prevent accidental reuse. +// It is safe to call this multiple times. If the future is already done, +// the new result is destroyed instead of saved. +void aws_future_T_set_result_by_move(struct aws_future_T *future, T *value_address); + +// Get the result, transferring ownership. +// +// WARNING: You MUST NOT call this until the future is done. +// WARNING: You MUST NOT call this unless get_error() returned 0. +// WARNING: You MUST NOT call this multiple times. +T aws_future_T_get_result_by_move(struct aws_future_T *future); + +// Get the result, without transferring ownership. +// +// WARNING: You MUST NOT call this until the future is done. +// WARNING: You MUST NOT call this unless get_error() returned 0. +// WARNING: You MUST NOT call this multiple times. +T* aws_future_T_peek_result(const struct aws_future_T *future); + + */ +#define AWS_DECLARE_FUTURE_T_BY_VALUE_WITH_CLEAN_UP(FUTURE, T, CLEAN_UP_FN) \ + AWS_FUTURE_T_DECLARATION_BEGIN(FUTURE) \ + \ + AWS_STATIC_IMPL struct FUTURE *FUTURE##_new(struct aws_allocator *alloc) { \ + void (*clean_up_fn)(T *) = CLEAN_UP_FN; /* check clean_up() function signature */ \ + return (struct FUTURE *)aws_future_impl_new_by_value_with_clean_up( \ + alloc, sizeof(T), (aws_future_impl_result_clean_up_fn)clean_up_fn); \ + } \ + \ + AWS_STATIC_IMPL void FUTURE##_set_result_by_move(struct FUTURE *future, T *value_address) { \ + aws_future_impl_set_result_by_move((struct aws_future_impl *)future, value_address); \ + } \ + \ + AWS_STATIC_IMPL T *FUTURE##_get_result(const struct FUTURE *future) { \ + return aws_future_impl_get_result_address((const struct aws_future_impl *)future); \ + } \ + \ + AWS_STATIC_IMPL T FUTURE##_get_result_by_move(struct FUTURE *future) { \ + T value; \ + aws_future_impl_get_result_by_move((struct aws_future_impl *)future, &value); \ + return value; \ + } \ + \ + AWS_FUTURE_T_DECLARATION_END(FUTURE) + +/** + * Declares a future that holds T*, with no destructor. + */ +#define AWS_DECLARE_FUTURE_T_POINTER(FUTURE, T) \ + AWS_FUTURE_T_DECLARATION_BEGIN(FUTURE) \ + \ + AWS_STATIC_IMPL struct FUTURE *FUTURE##_new(struct aws_allocator *alloc) { \ + return (struct FUTURE *)aws_future_impl_new_pointer(alloc); \ + } \ + \ + AWS_STATIC_IMPL void FUTURE##_set_result(struct FUTURE *future, T *result) { \ + aws_future_impl_set_result_by_move((struct aws_future_impl *)future, &result); \ + } \ + \ + AWS_STATIC_IMPL T *FUTURE##_get_result(const struct FUTURE *future) { \ + return *(T **)aws_future_impl_get_result_address((const struct aws_future_impl *)future); \ + } \ + \ + AWS_FUTURE_T_DECLARATION_END(FUTURE) + +/** + * Declares a future that holds T*, with destructor like: void aws_T_destroy(T*) + * Use with types like aws_string. + * + * See top of future.h for most API docs. + * The result setters and getters are: + +// Set the result, transferring ownership. +// +// The value at `pointer_address` is copied into the future, +// and then set NULL to prevent accidental reuse. +// If the future is already done, this new result is destroyed instead of saved. +void aws_future_T_set_result_by_move(struct aws_future_T *future, T **pointer_address); + +// Get the result, transferring ownership. +// +// WARNING: You MUST NOT call this until the future is done. +// WARNING: You MUST NOT call this unless get_error() returned 0. +// WARNING: You MUST NOT call this multiple times. +T* aws_future_T_get_result_by_move(struct aws_future_T *future); + +// Get the result, without transferring ownership. +// +// WARNING: You MUST NOT call this until the future is done. +// WARNING: You MUST NOT call this unless get_error() returned 0. +// WARNING: You MUST NOT call this multiple times. +T* aws_future_T_peek_result(const struct aws_future_T *future); + + */ +#define AWS_DECLARE_FUTURE_T_POINTER_WITH_DESTROY(FUTURE, T, DESTROY_FN) \ + AWS_FUTURE_T_DECLARATION_BEGIN(FUTURE) \ + \ + AWS_STATIC_IMPL struct FUTURE *FUTURE##_new(struct aws_allocator *alloc) { \ + void (*destroy_fn)(T *) = DESTROY_FN; /* check destroy() function signature */ \ + return (struct FUTURE *)aws_future_impl_new_pointer_with_destroy( \ + alloc, (aws_future_impl_result_destroy_fn *)destroy_fn); \ + } \ + \ + AWS_STATIC_IMPL void FUTURE##_set_result_by_move(struct FUTURE *future, T **pointer_address) { \ + aws_future_impl_set_result_by_move((struct aws_future_impl *)future, pointer_address); \ + } \ + \ + AWS_STATIC_IMPL T *FUTURE##_get_result_by_move(struct FUTURE *future) { \ + T *pointer; \ + aws_future_impl_get_result_by_move((struct aws_future_impl *)future, &pointer); \ + return pointer; \ + } \ + \ + AWS_STATIC_IMPL T *FUTURE##_peek_result(const struct FUTURE *future) { \ + return *(T **)aws_future_impl_get_result_address((const struct aws_future_impl *)future); \ + } \ + \ + AWS_FUTURE_T_DECLARATION_END(FUTURE) + +/** + * Declares a future that holds T*, with destructor like: T* aws_T_release(T*) + * Use with types like aws_http_message + * + * See top of future.h for most API docs. + * The result setters and getters are: + +// Set the result, transferring ownership. +// +// The value at `pointer_address` is copied into the future, +// and then set NULL to prevent accidental reuse. +// If the future is already done, this new result is destroyed instead of saved. +void aws_future_T_set_result_by_move(struct aws_future_T *future, T **pointer_address); + +// Get the result, transferring ownership. +// +// WARNING: You MUST NOT call this until the future is done. +// WARNING: You MUST NOT call this unless get_error() returned 0. +// WARNING: You MUST NOT call this multiple times. +T* aws_future_T_get_result_by_move(struct aws_future_T *future); + +// Get the result, without transferring ownership. +// +// WARNING: You MUST NOT call this until the future is done. +// WARNING: You MUST NOT call this unless get_error() returned 0. +// WARNING: You MUST NOT call this multiple times. +T* aws_future_T_peek_result(const struct aws_future_T *future); + + */ +#define AWS_DECLARE_FUTURE_T_POINTER_WITH_RELEASE(FUTURE, T, RELEASE_FN) \ + AWS_FUTURE_T_DECLARATION_BEGIN(FUTURE) \ + \ + AWS_STATIC_IMPL struct FUTURE *FUTURE##_new(struct aws_allocator *alloc) { \ + T *(*release_fn)(T *) = RELEASE_FN; /* check release() function signature */ \ + return (struct FUTURE *)aws_future_impl_new_pointer_with_release( \ + alloc, (aws_future_impl_result_release_fn *)release_fn); \ + } \ + \ + AWS_STATIC_IMPL void FUTURE##_set_result_by_move(struct FUTURE *future, T **pointer_address) { \ + aws_future_impl_set_result_by_move((struct aws_future_impl *)future, pointer_address); \ + } \ + \ + AWS_STATIC_IMPL T *FUTURE##_get_result_by_move(struct FUTURE *future) { \ + T *pointer; \ + aws_future_impl_get_result_by_move((struct aws_future_impl *)future, &pointer); \ + return pointer; \ + } \ + \ + AWS_STATIC_IMPL T *FUTURE##_peek_result(const struct FUTURE *future) { \ + return *(T **)aws_future_impl_get_result_address((const struct aws_future_impl *)future); \ + } \ + \ + AWS_FUTURE_T_DECLARATION_END(FUTURE) + +/** + * aws_future + */ +AWS_DECLARE_FUTURE_T_BY_VALUE(aws_future_size, size_t) + +/** + * aws_future + */ +AWS_DECLARE_FUTURE_T_BY_VALUE(aws_future_bool, bool) + +/** + * aws_future + */ +AWS_FUTURE_T_DECLARATION_BEGIN(aws_future_void) + +AWS_STATIC_IMPL struct aws_future_void *aws_future_void_new(struct aws_allocator *alloc) { + /* Use aws_future under the hood, to avoid edge-cases with 0-sized result */ + return (struct aws_future_void *)aws_future_bool_new(alloc); +} + +AWS_STATIC_IMPL void aws_future_void_set_result(struct aws_future_void *future) { + aws_future_bool_set_result((struct aws_future_bool *)future, false); +} + +AWS_FUTURE_T_DECLARATION_END(aws_future_void) + +AWS_EXTERN_C_END +AWS_POP_SANE_WARNING_LEVEL + +#endif /* AWS_IO_FUTURE_H */ diff --git a/source/future.c b/source/future.c new file mode 100644 index 000000000..36aef227c --- /dev/null +++ b/source/future.c @@ -0,0 +1,465 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ +#include + +#include +#include +#include +#include +#include +#include + +enum aws_future_type { + AWS_FUTURE_T_BY_VALUE, + AWS_FUTURE_T_BY_VALUE_WITH_CLEAN_UP, + AWS_FUTURE_T_POINTER, + AWS_FUTURE_T_POINTER_WITH_DESTROY, + AWS_FUTURE_T_POINTER_WITH_RELEASE, +}; + +struct aws_future_callback_data { + aws_future_callback_fn *fn; + void *user_data; + union aws_future_callback_union { + struct aws_event_loop *event_loop; + struct aws_channel *channel; + } u; + enum aws_future_callback_type { + AWS_FUTURE_IMMEDIATE_CALLBACK, + AWS_FUTURE_EVENT_LOOP_CALLBACK, + AWS_FUTURE_CHANNEL_CALLBACK, + } type; +}; + +/* When allocating aws_future on the heap, we make 1 allocation containing: + * aws_future_impl followed by T */ +struct aws_future_impl { + struct aws_allocator *alloc; + struct aws_ref_count ref_count; + struct aws_mutex lock; + struct aws_condition_variable wait_cvar; + struct aws_future_callback_data callback; + union { + aws_future_impl_result_clean_up_fn *clean_up; + aws_future_impl_result_destroy_fn *destroy; + aws_future_impl_result_release_fn *release; + } result_dtor; + int error_code; + /* sum of bit fields should be 32 */ +#define BIT_COUNT_FOR_SIZEOF_RESULT 27 + unsigned int sizeof_result : BIT_COUNT_FOR_SIZEOF_RESULT; + unsigned int type : 3; /* aws_future_type */ + unsigned int is_done : 1; + unsigned int owns_result : 1; +}; + +static void s_future_impl_result_dtor(struct aws_future_impl *future, void *result_addr) { + switch (future->type) { + case AWS_FUTURE_T_BY_VALUE_WITH_CLEAN_UP: { + future->result_dtor.clean_up(result_addr); + break; + } break; + + case AWS_FUTURE_T_POINTER_WITH_DESTROY: { + void *result = *(void **)result_addr; + if (result) { + future->result_dtor.destroy(result); + } + } break; + + case AWS_FUTURE_T_POINTER_WITH_RELEASE: { + void *result = *(void **)result_addr; + if (result) { + future->result_dtor.release(result); + } + } break; + + default: + break; + } +} + +static void s_future_impl_destroy(void *user_data) { + struct aws_future_impl *future = user_data; + if (future->owns_result && !future->error_code) { + s_future_impl_result_dtor(future, aws_future_impl_get_result_address(future)); + } + aws_condition_variable_clean_up(&future->wait_cvar); + aws_mutex_clean_up(&future->lock); + aws_mem_release(future->alloc, future); +} + +static struct aws_future_impl *s_future_impl_new(struct aws_allocator *alloc, size_t sizeof_result) { + size_t total_size = sizeof(struct aws_future_impl) + sizeof_result; + struct aws_future_impl *future = aws_mem_calloc(alloc, 1, total_size); + future->alloc = alloc; + + /* we store sizeof_result in a bit field, ensure the number will fit */ + AWS_ASSERT(sizeof_result <= (UINT_MAX >> (32 - BIT_COUNT_FOR_SIZEOF_RESULT))); + future->sizeof_result = (unsigned int)sizeof_result; + + aws_ref_count_init(&future->ref_count, future, s_future_impl_destroy); + aws_mutex_init(&future->lock); + aws_condition_variable_init(&future->wait_cvar); + return future; +} + +struct aws_future_impl *aws_future_impl_new_by_value(struct aws_allocator *alloc, size_t sizeof_result) { + struct aws_future_impl *future = s_future_impl_new(alloc, sizeof_result); + future->type = AWS_FUTURE_T_BY_VALUE; + return future; +} + +struct aws_future_impl *aws_future_impl_new_by_value_with_clean_up( + struct aws_allocator *alloc, + size_t sizeof_result, + aws_future_impl_result_clean_up_fn *result_clean_up) { + + AWS_ASSERT(result_clean_up); + struct aws_future_impl *future = s_future_impl_new(alloc, sizeof_result); + future->type = AWS_FUTURE_T_BY_VALUE_WITH_CLEAN_UP; + future->result_dtor.clean_up = result_clean_up; + return future; +} + +struct aws_future_impl *aws_future_impl_new_pointer(struct aws_allocator *alloc) { + struct aws_future_impl *future = s_future_impl_new(alloc, sizeof(void *)); + future->type = AWS_FUTURE_T_POINTER; + return future; +} + +struct aws_future_impl *aws_future_impl_new_pointer_with_destroy( + struct aws_allocator *alloc, + aws_future_impl_result_destroy_fn *result_destroy) { + + AWS_ASSERT(result_destroy); + struct aws_future_impl *future = s_future_impl_new(alloc, sizeof(void *)); + future->type = AWS_FUTURE_T_POINTER_WITH_DESTROY; + future->result_dtor.destroy = result_destroy; + return future; +} + +struct aws_future_impl *aws_future_impl_new_pointer_with_release( + struct aws_allocator *alloc, + aws_future_impl_result_release_fn *result_release) { + + AWS_ASSERT(result_release); + struct aws_future_impl *future = s_future_impl_new(alloc, sizeof(void *)); + future->type = AWS_FUTURE_T_POINTER_WITH_RELEASE; + future->result_dtor.release = result_release; + return future; +} + +struct aws_future_impl *aws_future_impl_release(struct aws_future_impl *future) { + if (future != NULL) { + aws_ref_count_release(&future->ref_count); + } + return NULL; +} + +struct aws_future_impl *aws_future_impl_acquire(struct aws_future_impl *future) { + if (future != NULL) { + aws_ref_count_acquire(&future->ref_count); + } + return future; +} + +bool aws_future_impl_is_done(const struct aws_future_impl *future) { + AWS_ASSERT(future); + + /* this function is conceptually const, but we need to hold the lock a moment */ + struct aws_mutex *mutable_lock = (struct aws_mutex *)&future->lock; + + /* BEGIN CRITICAL SECTION */ + aws_mutex_lock(mutable_lock); + bool is_done = future->is_done != 0; + aws_mutex_unlock(mutable_lock); + /* END CRITICAL SECTION */ + + return is_done; +} + +int aws_future_impl_get_error(const struct aws_future_impl *future) { + AWS_ASSERT(future != NULL); + /* not bothering with lock, none of this can change after future is done */ + AWS_FATAL_ASSERT(future->is_done && "Cannot get error before future is done"); + return future->error_code; +} + +void *aws_future_impl_get_result_address(const struct aws_future_impl *future) { + AWS_ASSERT(future != NULL); + /* not bothering with lock, none of this can change after future is done */ + AWS_FATAL_ASSERT(future->is_done && "Cannot get result before future is done"); + AWS_FATAL_ASSERT(!future->error_code && "Cannot get result from future that failed with an error"); + AWS_FATAL_ASSERT(future->owns_result && "Result was already moved from future"); + + const struct aws_future_impl *address_of_memory_after_this_struct = future + 1; + void *result_addr = (void *)address_of_memory_after_this_struct; + return result_addr; +} + +void aws_future_impl_get_result_by_move(struct aws_future_impl *future, void *dst_address) { + void *result_addr = aws_future_impl_get_result_address(future); + memcpy(dst_address, result_addr, future->sizeof_result); + memset(result_addr, 0, future->sizeof_result); + future->owns_result = false; +} + +/* Data for invoking callback as a task on an event-loop */ +struct aws_future_event_loop_callback_job { + struct aws_allocator *alloc; + struct aws_task task; + aws_future_callback_fn *callback; + void *user_data; +}; + +static void s_future_impl_event_loop_callback_task(struct aws_task *task, void *arg, enum aws_task_status status) { + (void)task; + (void)status; + struct aws_future_event_loop_callback_job *job = arg; + job->callback(job->user_data); + aws_mem_release(job->alloc, job); +} + +/* Data for invoking callback as a task on an aws_channel */ +struct aws_future_channel_callback_job { + struct aws_allocator *alloc; + struct aws_channel_task task; + aws_future_callback_fn *callback; + void *user_data; +}; + +static void s_future_impl_channel_callback_task(struct aws_channel_task *task, void *arg, enum aws_task_status status) { + (void)task; + (void)status; + struct aws_future_channel_callback_job *job = arg; + job->callback(job->user_data); + aws_mem_release(job->alloc, job); +} + +static void s_future_impl_invoke_callback(struct aws_future_callback_data *callback, struct aws_allocator *alloc) { + AWS_ASSERT(callback->fn); + + switch (callback->type) { + case AWS_FUTURE_IMMEDIATE_CALLBACK: { + callback->fn(callback->user_data); + } break; + + case AWS_FUTURE_EVENT_LOOP_CALLBACK: { + /* Schedule the callback as a task on the event-loop */ + struct aws_future_event_loop_callback_job *job = + aws_mem_calloc(alloc, 1, sizeof(struct aws_future_event_loop_callback_job)); + job->alloc = alloc; + aws_task_init(&job->task, s_future_impl_event_loop_callback_task, job, "aws_future_event_loop_callback"); + job->callback = callback->fn; + job->user_data = callback->user_data; + + aws_event_loop_schedule_task_now(callback->u.event_loop, &job->task); + // TODO: aws_event_loop_release(event_loop); + } break; + + case AWS_FUTURE_CHANNEL_CALLBACK: { + /* Schedule the callback as a task on the channel */ + struct aws_future_channel_callback_job *job = + aws_mem_calloc(alloc, 1, sizeof(struct aws_future_channel_callback_job)); + job->alloc = alloc; + aws_channel_task_init(&job->task, s_future_impl_channel_callback_task, job, "aws_future_channel_callback"); + job->callback = callback->fn; + job->user_data = callback->user_data; + + aws_channel_schedule_task_now(callback->u.channel, &job->task); + aws_channel_release_hold(callback->u.channel); + } break; + } +} + +static void s_future_impl_set_done(struct aws_future_impl *future, void *src_address, int error_code) { + bool is_error = error_code != 0; + + /* BEGIN CRITICAL SECTION */ + aws_mutex_lock(&future->lock); + + struct aws_future_callback_data callback = future->callback; + + bool first_time = !future->is_done; + if (first_time) { + future->is_done = true; + AWS_ZERO_STRUCT(future->callback); + if (is_error) { + future->error_code = error_code; + } else { + future->owns_result = true; + memcpy(aws_future_impl_get_result_address(future), src_address, future->sizeof_result); + } + + aws_condition_variable_notify_all(&future->wait_cvar); + } + + aws_mutex_unlock(&future->lock); + /* END CRITICAL SECTION */ + + if (first_time) { + /* if callback was registered, invoke it now, outside of critical section to avoid deadlock */ + if (callback.fn != NULL) { + s_future_impl_invoke_callback(&callback, future->alloc); + } + } else if (!error_code) { + /* future was already done, so just destroy this newer result */ + s_future_impl_result_dtor(future, src_address); + } +} + +void aws_future_impl_set_error(struct aws_future_impl *future, int error_code) { + AWS_ASSERT(future); + + /* handle recoverable usage error */ + AWS_ASSERT(error_code != 0); + if (AWS_UNLIKELY(error_code == 0)) { + error_code = AWS_ERROR_UNKNOWN; + } + + s_future_impl_set_done(future, NULL /*src_address*/, error_code); +} + +void aws_future_impl_set_result_by_move(struct aws_future_impl *future, void *src_address) { + AWS_ASSERT(future); + AWS_ASSERT(src_address); + s_future_impl_set_done(future, src_address, 0 /*error_code*/); + + /* the future takes ownership of the result. + * zero out memory at the src_address to reinforce this transfer of ownership. */ + memset(src_address, 0, future->sizeof_result); +} + +/* Returns true if callback was registered, or false if callback was ignored + * because the the future is already done and invoke_if_already_done==false */ +static bool s_future_impl_register_callback( + struct aws_future_impl *future, + struct aws_future_callback_data *callback, + bool invoke_if_already_done) { + + /* BEGIN CRITICAL SECTION */ + aws_mutex_lock(&future->lock); + + AWS_FATAL_ASSERT(future->callback.fn == NULL && "Future done callback must only be set once"); + + bool already_done = future->is_done != 0; + + /* if not done, store callback for later */ + if (!already_done) { + future->callback = *callback; + } + + aws_mutex_unlock(&future->lock); + /* END CRITICAL SECTION */ + + /* if already done, invoke callback now */ + if (already_done && invoke_if_already_done) { + s_future_impl_invoke_callback(callback, future->alloc); + } + + return !already_done || invoke_if_already_done; +} + +void aws_future_impl_register_callback( + struct aws_future_impl *future, + aws_future_callback_fn *on_done, + void *user_data) { + + AWS_ASSERT(future); + AWS_ASSERT(on_done); + + struct aws_future_callback_data callback = { + .fn = on_done, + .user_data = user_data, + .type = AWS_FUTURE_IMMEDIATE_CALLBACK, + }; + s_future_impl_register_callback(future, &callback, true /*invoke_if_already_done*/); +} + +bool aws_future_impl_register_callback_if_not_done( + struct aws_future_impl *future, + aws_future_callback_fn *on_done, + void *user_data) { + + AWS_ASSERT(future); + AWS_ASSERT(on_done); + + struct aws_future_callback_data callback = { + .fn = on_done, + .user_data = user_data, + .type = AWS_FUTURE_IMMEDIATE_CALLBACK, + }; + return s_future_impl_register_callback(future, &callback, false /*invoke_if_already_done*/); +} + +void aws_future_impl_register_event_loop_callback( + struct aws_future_impl *future, + struct aws_event_loop *event_loop, + aws_future_callback_fn *on_done, + void *user_data) { + + AWS_ASSERT(future); + AWS_ASSERT(event_loop); + AWS_ASSERT(on_done); + + // TODO: aws_event_loop_acquire(event_loop); + + struct aws_future_callback_data callback = { + .fn = on_done, + .user_data = user_data, + .type = AWS_FUTURE_EVENT_LOOP_CALLBACK, + .u = {.event_loop = event_loop}, + }; + s_future_impl_register_callback(future, &callback, true /*invoke_if_already_done*/); +} + +void aws_future_impl_register_channel_callback( + struct aws_future_impl *future, + struct aws_channel *channel, + aws_future_callback_fn *on_done, + void *user_data) { + + AWS_ASSERT(future); + AWS_ASSERT(channel); + AWS_ASSERT(on_done); + + aws_channel_acquire_hold(channel); + + struct aws_future_callback_data callback = { + .fn = on_done, + .user_data = user_data, + .type = AWS_FUTURE_CHANNEL_CALLBACK, + .u = {.channel = channel}, + }; + s_future_impl_register_callback(future, &callback, true /*invoke_if_already_done*/); +} + +static bool s_future_impl_is_done_pred(void *user_data) { + struct aws_future_impl *future = user_data; + return future->is_done != 0; +} + +bool aws_future_impl_wait(const struct aws_future_impl *future, uint64_t timeout_ns) { + AWS_ASSERT(future); + + /* this function is conceptually const, but we need to use synchronization primitives */ + struct aws_future_impl *mutable_future = (struct aws_future_impl *)future; + + /* BEGIN CRITICAL SECTION */ + aws_mutex_lock(&mutable_future->lock); + + bool is_done = aws_condition_variable_wait_for_pred( + &mutable_future->wait_cvar, + &mutable_future->lock, + (int64_t)timeout_ns, + s_future_impl_is_done_pred, + mutable_future) == AWS_OP_SUCCESS; + + aws_mutex_unlock(&mutable_future->lock); + /* END CRITICAL SECTION */ + + return is_done; +} diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index d30279ad7..e78203a42 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -221,6 +221,24 @@ else() add_test_case(byo_tls_handler_test) endif() +add_test_case(future_by_value) +add_test_case(future_void) +add_test_case(future_callback_fires_immediately) +add_test_case(future_callback_fires_on_another_thread) +add_test_case(future_register_callback_if_not_done) +add_test_case(future_register_event_loop_callback_after_done) +add_test_case(future_register_event_loop_callback_before_done) +add_test_case(future_register_event_loop_callback_always_scheduled) +add_test_case(future_register_channel_callback) +add_test_case(future_wait_timeout) +add_test_case(future_pointer_with_destroy) +add_test_case(future_pointer_with_release) +add_test_case(future_get_result_by_move) +add_test_case(future_can_die_incomplete) +add_test_case(future_by_pointer_accepts_null_result) +add_test_case(future_set_multiple_times) +add_test_case(future_set_error) + add_test_case(test_input_stream_memory_simple) add_test_case(test_input_stream_memory_iterate) add_test_case(test_input_stream_memory_seek_beginning) diff --git a/tests/future_test.c b/tests/future_test.c new file mode 100644 index 000000000..a514d8226 --- /dev/null +++ b/tests/future_test.c @@ -0,0 +1,736 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ +#include + +#include +#include +#include +#include +#include +#include +#include + +#include "future_test.h" + +#define ONE_SEC_IN_NS ((uint64_t)AWS_TIMESTAMP_NANOS) +#define MAX_TIMEOUT_NS (10 * ONE_SEC_IN_NS) + +/* Run through the basics of an AWS_FUTURE_T_BY_VALUE */ +static int s_test_future_by_value(struct aws_allocator *alloc, void *ctx) { + (void)ctx; + aws_io_library_init(alloc); + + struct aws_future_bool *future = aws_future_bool_new(alloc); + ASSERT_NOT_NULL(future); + + ASSERT_FALSE(aws_future_bool_is_done(future)); + + /* set result */ + aws_future_bool_set_result(future, true); + ASSERT_TRUE(aws_future_bool_is_done(future)); + ASSERT_INT_EQUALS(0, aws_future_bool_get_error(future)); + ASSERT_TRUE(aws_future_bool_get_result(future)); + + future = aws_future_bool_release(future); + ASSERT_NULL(future); + + aws_io_library_clean_up(); + return 0; +} +AWS_TEST_CASE(future_by_value, s_test_future_by_value) + +/* Run through the basics of an aws_future */ +static int s_test_future_void(struct aws_allocator *alloc, void *ctx) { + (void)ctx; + aws_io_library_init(alloc); + + struct aws_future_void *future = aws_future_void_new(alloc); + ASSERT_NOT_NULL(future); + + ASSERT_FALSE(aws_future_void_is_done(future)); + + /* set valueless result */ + aws_future_void_set_result(future); + ASSERT_TRUE(aws_future_void_is_done(future)); + ASSERT_INT_EQUALS(0, aws_future_void_get_error(future)); + + future = aws_future_void_release(future); + ASSERT_NULL(future); + + aws_io_library_clean_up(); + return 0; +} +AWS_TEST_CASE(future_void, s_test_future_void) + +struct future_size_callback_recorder { + struct aws_future_size *future; /* record all state when this future's callback fires */ + struct aws_event_loop *event_loop; /* record whether callback fires on this event-loop's thread */ + struct aws_channel *channel; + + /* record state of the world when callback invoked */ + int error_code; + size_t result; + aws_thread_id_t thread_id; + bool is_event_loop_thread; + int invoke_count; +}; + +static void s_record_on_future_size_done(void *user_data) { + struct future_size_callback_recorder *recorder = user_data; + recorder->error_code = aws_future_size_get_error(recorder->future); + if (recorder->error_code == 0) { + recorder->result = aws_future_size_get_result(recorder->future); + } + recorder->thread_id = aws_thread_current_thread_id(); + recorder->invoke_count++; + + if (recorder->event_loop) { + recorder->is_event_loop_thread = aws_event_loop_thread_is_callers_thread(recorder->event_loop); + } +} + +/* Test callback firing immediately upon registration */ +static int s_test_future_callback_fires_immediately(struct aws_allocator *alloc, void *ctx) { + (void)ctx; + aws_io_library_init(alloc); + + struct future_size_callback_recorder recorder; + AWS_ZERO_STRUCT(recorder); + + recorder.future = aws_future_size_new(alloc); + aws_future_size_set_result(recorder.future, 123); + + aws_future_size_register_callback(recorder.future, s_record_on_future_size_done, &recorder); + + /* callback should have fired immediately, on main thread, since future was already done */ + ASSERT_INT_EQUALS(1, recorder.invoke_count); + ASSERT_INT_EQUALS(0, recorder.error_code); + ASSERT_UINT_EQUALS(123, recorder.result); + + aws_thread_id_t main_thread_id = aws_thread_current_thread_id(); + ASSERT_INT_EQUALS(0, memcmp(&main_thread_id, &recorder.thread_id, sizeof(aws_thread_id_t))); + + aws_future_size_release(recorder.future); + aws_io_library_clean_up(); + return 0; +} +AWS_TEST_CASE(future_callback_fires_immediately, s_test_future_callback_fires_immediately); + +struct future_size_thread_job { + struct aws_allocator *alloc; + uint64_t delay_ns; + struct aws_future_size *my_future; +}; + +/* Function that runs on thread, and completes future after delay */ +static void s_run_thread_job(void *user_data) { + struct future_size_thread_job *job = user_data; + + aws_thread_current_sleep(job->delay_ns); + aws_future_size_set_result(job->my_future, 987); + + aws_future_size_release(job->my_future); + aws_mem_release(job->alloc, job); +} + +/* Start thread that will complete future after delay */ +static struct aws_future_size *s_start_thread_job(struct aws_allocator *alloc, uint64_t delay_ns) { + struct aws_future_size *future = aws_future_size_new(alloc); + + struct future_size_thread_job *job = aws_mem_calloc(alloc, 1, sizeof(struct future_size_thread_job)); + job->alloc = alloc; + job->delay_ns = delay_ns; + job->my_future = aws_future_size_acquire(future); + + struct aws_thread thread; + AWS_FATAL_ASSERT(aws_thread_init(&thread, alloc) == AWS_OP_SUCCESS); + + struct aws_thread_options thread_options = *aws_default_thread_options(); + thread_options.join_strategy = AWS_TJS_MANAGED; + thread_options.name = aws_byte_cursor_from_c_str("FutureSizeJob"); + + AWS_FATAL_ASSERT(aws_thread_launch(&thread, s_run_thread_job, job, &thread_options) == AWS_OP_SUCCESS); + + return future; +} + +/* Test callback firing on a different thread than the one that registered it. + * This is the first test that looks like real-world use of aws_future */ +static int s_test_future_callback_fires_on_another_thread(struct aws_allocator *alloc, void *ctx) { + (void)ctx; + aws_io_library_init(alloc); + + /* Kick off thread, which will set result in 1sec */ + struct future_size_callback_recorder recorder = { + .future = s_start_thread_job(alloc, ONE_SEC_IN_NS /*delay_ns*/), + }; + + aws_future_size_register_callback(recorder.future, s_record_on_future_size_done, &recorder); + + /* Wait until other thread joins, at which point the future is complete and the callback has fired */ + aws_thread_set_managed_join_timeout_ns(MAX_TIMEOUT_NS); + ASSERT_SUCCESS(aws_thread_join_all_managed()); + + /* callback should have fired on the other thread */ + ASSERT_INT_EQUALS(1, recorder.invoke_count); + ASSERT_INT_EQUALS(0, recorder.error_code); + ASSERT_UINT_EQUALS(987, recorder.result); + + aws_thread_id_t main_thread_id = aws_thread_current_thread_id(); + ASSERT_TRUE(memcmp(&main_thread_id, &recorder.thread_id, sizeof(aws_thread_id_t)) != 0); + + aws_future_size_release(recorder.future); + aws_io_library_clean_up(); + return 0; +} +AWS_TEST_CASE(future_callback_fires_on_another_thread, s_test_future_callback_fires_on_another_thread); + +static int s_test_future_register_callback_if_not_done(struct aws_allocator *alloc, void *ctx) { + (void)ctx; + aws_io_library_init(alloc); + + { + /* the callback should not get registered if future is already done */ + struct future_size_callback_recorder recorder = { + .future = aws_future_size_new(alloc), + }; + aws_future_size_set_result(recorder.future, 555); + ASSERT_FALSE( + aws_future_size_register_callback_if_not_done(recorder.future, s_record_on_future_size_done, &recorder)); + + ASSERT_INT_EQUALS(0, recorder.invoke_count); + aws_future_size_release(recorder.future); + } + + { + /* the callback should get registered if the future isn't done yet */ + struct future_size_callback_recorder recorder = { + .future = aws_future_size_new(alloc), + }; + ASSERT_TRUE( + aws_future_size_register_callback_if_not_done(recorder.future, s_record_on_future_size_done, &recorder)); + ASSERT_INT_EQUALS(0, recorder.invoke_count); + + /* now set result, the callback should fire */ + aws_future_size_set_result(recorder.future, 555); + ASSERT_INT_EQUALS(1, recorder.invoke_count); + + /* after callback fires, you're allowed to call register_callback_if_not_done() again. + * (This makes it easy to call an async function repeatedly in a loop, + * where you keep looping as long as the futures complete immediately, + * but bail out if the callback gets registered) */ + ASSERT_FALSE( + aws_future_size_register_callback_if_not_done(recorder.future, s_record_on_future_size_done, &recorder)); + + /* make sure callback didn't fire a 2nd time */ + ASSERT_INT_EQUALS(1, recorder.invoke_count); + + aws_future_size_release(recorder.future); + } + aws_io_library_clean_up(); + return 0; +} +AWS_TEST_CASE(future_register_callback_if_not_done, s_test_future_register_callback_if_not_done) + +/* Test that an event-loop callback still runs if it's registered after the future is already done */ +static int s_test_future_register_event_loop_callback_after_done(struct aws_allocator *alloc, void *ctx) { + (void)ctx; + aws_io_library_init(alloc); + + struct future_size_callback_recorder recorder = { + .future = aws_future_size_new(alloc), + .event_loop = aws_event_loop_new_default(alloc, aws_high_res_clock_get_ticks), + }; + ASSERT_SUCCESS(aws_event_loop_run(recorder.event_loop)); + + /* register callback after result already set */ + aws_future_size_set_result(recorder.future, 765); + + aws_future_size_register_event_loop_callback( + recorder.future, recorder.event_loop, s_record_on_future_size_done, &recorder); + + /* Wait until event loop is destroyed, at which point the future is complete and the callback has fired */ + aws_event_loop_destroy(recorder.event_loop); + + /* callback should have fired on event-loop thread */ + ASSERT_INT_EQUALS(1, recorder.invoke_count); + ASSERT_INT_EQUALS(0, recorder.error_code); + ASSERT_UINT_EQUALS(765, recorder.result); + ASSERT_TRUE(recorder.is_event_loop_thread); + + /* cleanup */ + aws_future_size_release(recorder.future); + aws_io_library_clean_up(); + return 0; +} +AWS_TEST_CASE(future_register_event_loop_callback_after_done, s_test_future_register_event_loop_callback_after_done) + +/* Test that an event-loop callback still runs if it's registered before the future is done */ +static int s_test_future_register_event_loop_callback_before_done(struct aws_allocator *alloc, void *ctx) { + (void)ctx; + aws_io_library_init(alloc); + + struct future_size_callback_recorder recorder = { + .future = aws_future_size_new(alloc), + .event_loop = aws_event_loop_new_default(alloc, aws_high_res_clock_get_ticks), + }; + ASSERT_SUCCESS(aws_event_loop_run(recorder.event_loop)); + + /* register callback before result is set */ + aws_future_size_register_event_loop_callback( + recorder.future, recorder.event_loop, s_record_on_future_size_done, &recorder); + + aws_future_size_set_result(recorder.future, 765); + + /* Wait until event loop is destroyed, at which point the future is complete and the callback has fired */ + aws_event_loop_destroy(recorder.event_loop); + + /* callback should have fired on event-loop thread */ + ASSERT_INT_EQUALS(1, recorder.invoke_count); + ASSERT_INT_EQUALS(0, recorder.error_code); + ASSERT_UINT_EQUALS(765, recorder.result); + ASSERT_TRUE(recorder.is_event_loop_thread); + + /* cleanup */ + aws_future_size_release(recorder.future); + aws_io_library_clean_up(); + return 0; +} +AWS_TEST_CASE(future_register_event_loop_callback_before_done, s_test_future_register_event_loop_callback_before_done) + +void s_set_result_from_event_loop_task(struct aws_task *task, void *user_data, enum aws_task_status status) { + (void)task; + (void)status; + struct future_size_callback_recorder *recorder = user_data; + + AWS_FATAL_ASSERT(recorder->invoke_count == 0); /* The future shouldn't be done yet */ + + aws_future_size_set_result(recorder->future, 1234567); + + /* The callback should NOT be invoked from the same callstack as set_result(). + * The callback should run as its own scheduled task */ + AWS_FATAL_ASSERT(recorder->invoke_count == 0); +} + +/* Test that an event-loop callback always runs as its own scheduled task. + * Even if set_result() is called from the event-loop thread, the callback + * should NOT run in the same callstack as set_result() */ +static int s_test_future_register_event_loop_callback_always_scheduled(struct aws_allocator *alloc, void *ctx) { + (void)ctx; + aws_io_library_init(alloc); + + struct future_size_callback_recorder recorder = { + .future = aws_future_size_new(alloc), + .event_loop = aws_event_loop_new_default(alloc, aws_high_res_clock_get_ticks), + }; + ASSERT_SUCCESS(aws_event_loop_run(recorder.event_loop)); + + /* register callback before result is set */ + aws_future_size_register_event_loop_callback( + recorder.future, recorder.event_loop, s_record_on_future_size_done, &recorder); + + struct aws_task set_result_from_event_loop_task; + aws_task_init( + &set_result_from_event_loop_task, s_set_result_from_event_loop_task, &recorder, "set_result_from_event_loop"); + + aws_event_loop_schedule_task_now(recorder.event_loop, &set_result_from_event_loop_task); + + /* Wait until event loop is destroyed, at which point the future is complete and the callback has fired */ + aws_event_loop_destroy(recorder.event_loop); + + /* callback should have fired on event-loop thread */ + ASSERT_INT_EQUALS(1, recorder.invoke_count); + ASSERT_INT_EQUALS(0, recorder.error_code); + ASSERT_UINT_EQUALS(1234567, recorder.result); + ASSERT_TRUE(recorder.is_event_loop_thread); + + /* cleanup */ + aws_future_size_release(recorder.future); + aws_io_library_clean_up(); + return 0; +} +AWS_TEST_CASE( + future_register_event_loop_callback_always_scheduled, + s_test_future_register_event_loop_callback_always_scheduled) + +static void s_on_channel_setup(struct aws_channel *channel, int error_code, void *user_data) { + (void)channel; + struct aws_future_void *setup_future = user_data; + if (error_code) { + aws_future_void_set_error(setup_future, error_code); + } else { + aws_future_void_set_result(setup_future); + } +} + +/* Test channel callback */ +static int s_test_future_register_channel_callback(struct aws_allocator *alloc, void *ctx) { + (void)ctx; + aws_io_library_init(alloc); + + /* Set up event-loop */ + struct future_size_callback_recorder recorder = { + .future = aws_future_size_new(alloc), + .event_loop = aws_event_loop_new_default(alloc, aws_high_res_clock_get_ticks), + }; + ASSERT_SUCCESS(aws_event_loop_run(recorder.event_loop)); + + /* Set up channel */ + struct aws_future_void *channel_setup_future = aws_future_void_new(alloc); + struct aws_channel_options channel_options = { + .event_loop = recorder.event_loop, + .on_setup_completed = s_on_channel_setup, + .setup_user_data = channel_setup_future, + }; + struct aws_channel *channel = aws_channel_new(alloc, &channel_options); + ASSERT_TRUE(aws_future_void_wait(channel_setup_future, MAX_TIMEOUT_NS)); + ASSERT_INT_EQUALS(0, aws_future_void_get_error(channel_setup_future)); + + /* register callback after result already set */ + aws_future_size_set_result(recorder.future, 234567); + + aws_future_size_register_channel_callback(recorder.future, channel, s_record_on_future_size_done, &recorder); + + /* wait until channel/event-loop are destroyed, + * at which point the future is complete and the callback has fired */ + aws_channel_release_hold(channel); + aws_event_loop_destroy(recorder.event_loop); + + /* callback should have fired on channel/event-loop thread */ + ASSERT_INT_EQUALS(1, recorder.invoke_count); + ASSERT_INT_EQUALS(0, recorder.error_code); + ASSERT_UINT_EQUALS(234567, recorder.result); + ASSERT_TRUE(recorder.is_event_loop_thread); + + /* cleanup */ + aws_future_void_release(channel_setup_future); + aws_future_size_release(recorder.future); + aws_io_library_clean_up(); + return 0; +} +AWS_TEST_CASE(future_register_channel_callback, s_test_future_register_channel_callback); + +static int s_test_future_wait_timeout(struct aws_allocator *alloc, void *ctx) { + (void)ctx; + aws_io_library_init(alloc); + + struct aws_future_void *future = aws_future_void_new(alloc); + + uint64_t start_ns; + ASSERT_SUCCESS(aws_high_res_clock_get_ticks(&start_ns)); + + /* The future will never complete, so this should time out and return false */ + ASSERT_FALSE(aws_future_void_wait(future, ONE_SEC_IN_NS)); + + uint64_t end_ns; + ASSERT_SUCCESS(aws_high_res_clock_get_ticks(&end_ns)); + + /* Ensure that the wait actually took some time */ + uint64_t duration_ns = end_ns - start_ns; + ASSERT_TRUE(duration_ns >= (uint64_t)(0.9 * ONE_SEC_IN_NS)); + + aws_future_void_release(future); + aws_io_library_clean_up(); + return 0; +} +AWS_TEST_CASE(future_wait_timeout, s_test_future_wait_timeout) + +struct aws_destroyme { + struct aws_allocator *alloc; + bool *set_true_on_death; +}; + +struct aws_destroyme *aws_destroyme_new(struct aws_allocator *alloc, bool *set_true_on_death) { + struct aws_destroyme *destroyme = aws_mem_calloc(alloc, 1, sizeof(struct aws_destroyme)); + destroyme->alloc = alloc; + destroyme->set_true_on_death = set_true_on_death; + *destroyme->set_true_on_death = false; + return destroyme; +} + +void aws_destroyme_destroy(struct aws_destroyme *destroyme) { + AWS_FATAL_ASSERT(destroyme != NULL && "future should not call destroy() on NULL"); + AWS_FATAL_ASSERT(*destroyme->set_true_on_death == false && "destroy() called multiple times on same object"); + *destroyme->set_true_on_death = true; + aws_mem_release(destroyme->alloc, destroyme); +} + +/* Run through the basics of an AWS_FUTURE_T_POINTER_WITH_DESTROY */ +static int s_test_future_pointer_with_destroy(struct aws_allocator *alloc, void *ctx) { + (void)ctx; + aws_io_library_init(alloc); + + struct aws_future_destroyme *future = aws_future_destroyme_new(alloc); + ASSERT_FALSE(aws_future_destroyme_is_done(future)); + + /* set result */ + bool original_destroyme_died = false; + struct aws_destroyme *original_destroyme = aws_destroyme_new(alloc, &original_destroyme_died); + struct aws_destroyme *destroyme_pointer_copy = original_destroyme; + aws_future_destroyme_set_result_by_move(future, &original_destroyme); + + ASSERT_NULL(original_destroyme); /* future should NULL this out while taking ownership of the result */ + ASSERT_TRUE(aws_future_destroyme_is_done(future)); + ASSERT_FALSE(original_destroyme_died); + + /* messing with refcount shouldn't trigger destroy */ + aws_future_destroyme_acquire(future); + aws_future_destroyme_release(future); + ASSERT_FALSE(original_destroyme_died); + + /* get result (without taking ownership) */ + struct aws_destroyme *destroyme_from_future = aws_future_destroyme_peek_result(future); + ASSERT_NOT_NULL(destroyme_from_future); + ASSERT_PTR_EQUALS(destroyme_pointer_copy, destroyme_from_future); + ASSERT_FALSE(original_destroyme_died); + + /* result should be destroyed along with future */ + aws_future_destroyme_release(future); + ASSERT_TRUE(original_destroyme_died); + + aws_io_library_clean_up(); + return 0; +} +AWS_TEST_CASE(future_pointer_with_destroy, s_test_future_pointer_with_destroy) + +struct aws_refcountme { + struct aws_allocator *alloc; + struct aws_ref_count ref_count; + bool *set_true_on_death; +}; + +static void s_refcountme_destroy(void *user_data) { + struct aws_refcountme *refcountme = user_data; + *refcountme->set_true_on_death = true; + aws_mem_release(refcountme->alloc, refcountme); +} + +struct aws_refcountme *aws_refcountme_new(struct aws_allocator *alloc, bool *set_true_on_death) { + struct aws_refcountme *refcountme = aws_mem_calloc(alloc, 1, sizeof(struct aws_refcountme)); + refcountme->alloc = alloc; + aws_ref_count_init(&refcountme->ref_count, refcountme, s_refcountme_destroy); + refcountme->set_true_on_death = set_true_on_death; + *refcountme->set_true_on_death = false; + return refcountme; +} + +struct aws_refcountme *aws_refcountme_acquire(struct aws_refcountme *refcountme) { + aws_ref_count_acquire(&refcountme->ref_count); + return refcountme; +} + +/* Most release() functions accept NULL, but not this one, because we want to + * ensure that aws_future won't pass NULL to the release function */ +struct aws_refcountme *aws_refcountme_release(struct aws_refcountme *refcountme) { + AWS_FATAL_ASSERT(refcountme != NULL && "future should not call release() on NULL"); + AWS_FATAL_ASSERT(*refcountme->set_true_on_death == false && "release() called multiple times on same object"); + *refcountme->set_true_on_death = true; + aws_mem_release(refcountme->alloc, refcountme); + return NULL; +} + +/* Run through the basics of an AWS_FUTURE_T_POINTER_WITH_RELEASE */ +static int s_test_future_pointer_with_release(struct aws_allocator *alloc, void *ctx) { + (void)ctx; + aws_io_library_init(alloc); + + struct aws_future_refcountme *future = aws_future_refcountme_new(alloc); + ASSERT_FALSE(aws_future_refcountme_is_done(future)); + + /* set result */ + bool original_refcountme_died = false; + struct aws_refcountme *original_refcountme = aws_refcountme_new(alloc, &original_refcountme_died); + struct aws_refcountme *refcountme_pointer_copy = original_refcountme; + + aws_future_refcountme_set_result_by_move(future, &original_refcountme); + ASSERT_NULL(original_refcountme); /* future should NULL this out while taking ownership of the result */ + ASSERT_TRUE(aws_future_refcountme_is_done(future)); + ASSERT_FALSE(original_refcountme_died); + + /* get result (without taking ownership) */ + struct aws_refcountme *refcountme_from_future = aws_future_refcountme_peek_result(future); + ASSERT_NOT_NULL(refcountme_from_future); + ASSERT_PTR_EQUALS(refcountme_pointer_copy, refcountme_from_future); + + /* result should be destroyed along with future */ + aws_future_refcountme_release(future); + ASSERT_TRUE(original_refcountme_died); + + aws_io_library_clean_up(); + return 0; +} +AWS_TEST_CASE(future_pointer_with_release, s_test_future_pointer_with_release) + +/* Test that get_result_by_move() transfers ownership */ +static int s_test_future_get_result_by_move(struct aws_allocator *alloc, void *ctx) { + (void)ctx; + aws_io_library_init(alloc); + + { /* AWS_FUTURE_T_POINTER_WITH_DESTROY */ + bool destroyme_died = false; + struct aws_destroyme *original_destroyme = aws_destroyme_new(alloc, &destroyme_died); + struct aws_future_destroyme *future = aws_future_destroyme_new(alloc); + aws_future_destroyme_set_result_by_move(future, &original_destroyme); + + /* transfer ownership out of future */ + struct aws_destroyme *destroyme_from_future = aws_future_destroyme_get_result_by_move(future); + ASSERT_FALSE(destroyme_died); + + /* result should stay alive after future is destroyed */ + aws_future_destroyme_release(future); + ASSERT_FALSE(destroyme_died); + + /* clean up */ + aws_destroyme_destroy(destroyme_from_future); + ASSERT_TRUE(destroyme_died); + } + + { /* AWS_FUTURE_T_POINTER_WITH_RELEASE */ + bool refcountme_died = false; + struct aws_refcountme *original_refcountme = aws_refcountme_new(alloc, &refcountme_died); + struct aws_future_refcountme *future = aws_future_refcountme_new(alloc); + aws_future_refcountme_set_result_by_move(future, &original_refcountme); + + /* transfer ownership out of future */ + struct aws_refcountme *refcountme_from_future = aws_future_refcountme_get_result_by_move(future); + ASSERT_FALSE(refcountme_died); + + /* result should stay alive after future is destroyed */ + aws_future_refcountme_release(future); + ASSERT_FALSE(refcountme_died); + + /* clean up */ + aws_refcountme_release(refcountme_from_future); + ASSERT_TRUE(refcountme_died); + } + + aws_io_library_clean_up(); + return 0; +} +AWS_TEST_CASE(future_get_result_by_move, s_test_future_get_result_by_move) + +/* Check that, if an incomplete future dies, the result's destructor doesn't run again. + * We know this works because the destructor for destroyme and refcountme will assert if NULL is passed in */ +static int s_test_future_can_die_incomplete(struct aws_allocator *alloc, void *ctx) { + (void)ctx; + aws_io_library_init(alloc); + + struct aws_future_destroyme *future_destroyme = aws_future_destroyme_new(alloc); + aws_future_destroyme_release(future_destroyme); + + struct aws_future_refcountme *future_refcountme = aws_future_refcountme_new(alloc); + aws_future_refcountme_release(future_refcountme); + + aws_io_library_clean_up(); + return 0; +} +AWS_TEST_CASE(future_can_die_incomplete, s_test_future_can_die_incomplete) + +/* Check aws_future will accept NULL as a result, and not consider it an error, + * and not try to run the result destructor. */ +static int s_test_future_by_pointer_accepts_null_result(struct aws_allocator *alloc, void *ctx) { + (void)ctx; + { + struct aws_future_destroyme *future = aws_future_destroyme_new(alloc); + struct aws_destroyme *null_destroyme = NULL; + aws_future_destroyme_set_result_by_move(future, &null_destroyme); + ASSERT_TRUE(aws_future_destroyme_is_done(future)); + ASSERT_INT_EQUALS(0, aws_future_destroyme_get_error(future)); + ASSERT_NULL(aws_future_destroyme_peek_result(future)); + aws_future_destroyme_release(future); + } + { + struct aws_future_refcountme *future = aws_future_refcountme_new(alloc); + struct aws_refcountme *null_refcountme = NULL; + aws_future_refcountme_set_result_by_move(future, &null_refcountme); + ASSERT_TRUE(aws_future_refcountme_is_done(future)); + ASSERT_INT_EQUALS(0, aws_future_refcountme_get_error(future)); + ASSERT_NULL(aws_future_refcountme_peek_result(future)); + aws_future_refcountme_release(future); + } + aws_io_library_clean_up(); + return 0; +} +AWS_TEST_CASE(future_by_pointer_accepts_null_result, s_test_future_by_pointer_accepts_null_result) + +/* Check that, if an aws_future has a result set multiple times, only the 1st result sticks. + * Any 2nd or 3rd result will just get cleaned up. */ +static int s_test_future_set_multiple_times(struct aws_allocator *alloc, void *ctx) { + (void)ctx; + struct aws_future_destroyme *future = aws_future_destroyme_new(alloc); + + bool result1_destroyed = false; + struct aws_destroyme *result1 = aws_destroyme_new(alloc, &result1_destroyed); + struct aws_destroyme *result1_pointer_copy = result1; + + bool result2_destroyed = false; + struct aws_destroyme *result2 = aws_destroyme_new(alloc, &result2_destroyed); + + bool result3_destroyed = false; + struct aws_destroyme *result3 = aws_destroyme_new(alloc, &result3_destroyed); + + /* the future now owns result1 */ + aws_future_destroyme_set_result_by_move(future, &result1); + ASSERT_FALSE(result1_destroyed); + + /* attempt to set result2. + * the future should continue treating result1 as the result + * result2 will simply be destroyed */ + aws_future_destroyme_set_result_by_move(future, &result2); + ASSERT_PTR_EQUALS(result1_pointer_copy, aws_future_destroyme_peek_result(future)); + ASSERT_FALSE(result1_destroyed); + ASSERT_NULL(result2); + ASSERT_TRUE(result2_destroyed); + + /* likewise, result3 should be ignored and destroyed */ + aws_future_destroyme_set_result_by_move(future, &result3); + ASSERT_PTR_EQUALS(result1_pointer_copy, aws_future_destroyme_peek_result(future)); + ASSERT_FALSE(result1_destroyed); + ASSERT_NULL(result3); + ASSERT_TRUE(result3_destroyed); + + /* setting an error is ignored, if there's already a result */ + aws_future_destroyme_set_error(future, 999); + ASSERT_PTR_EQUALS(result1_pointer_copy, aws_future_destroyme_peek_result(future)); + ASSERT_FALSE(result1_destroyed); + ASSERT_INT_EQUALS(0, aws_future_destroyme_get_error(future)); + + /* result1 should finally be destroyed when the future is destroyed */ + aws_future_destroyme_release(future); + ASSERT_TRUE(result1_destroyed); + + aws_io_library_clean_up(); + return 0; +} +AWS_TEST_CASE(future_set_multiple_times, s_test_future_set_multiple_times) + +static int s_test_future_set_error(struct aws_allocator *alloc, void *ctx) { + (void)ctx; + aws_io_library_init(alloc); + + struct aws_future_destroyme *future = aws_future_destroyme_new(alloc); + + /* Set error code */ + aws_future_destroyme_set_error(future, 999); + ASSERT_TRUE(aws_future_destroyme_is_done(future)); + ASSERT_INT_EQUALS(999, aws_future_destroyme_get_error(future)); + + /* Attempts to change the error should be ignored */ + aws_future_destroyme_set_error(future, 222); + ASSERT_INT_EQUALS(999, aws_future_destroyme_get_error(future)); + + /* Attempts to set a result instead should be ignored (the new result should just get destroyed) */ + bool result_destroyed = false; + struct aws_destroyme *result = aws_destroyme_new(alloc, &result_destroyed); + aws_future_destroyme_set_result_by_move(future, &result); + ASSERT_INT_EQUALS(999, aws_future_destroyme_get_error(future)); + ASSERT_NULL(result); + ASSERT_TRUE(result_destroyed); + + aws_future_destroyme_release(future); + aws_io_library_clean_up(); + return 0; +} +AWS_TEST_CASE(future_set_error, s_test_future_set_error) diff --git a/tests/future_test.h b/tests/future_test.h new file mode 100644 index 000000000..649589ccc --- /dev/null +++ b/tests/future_test.h @@ -0,0 +1,22 @@ + +#ifndef AWS_FUTURE_TEST_H +#define AWS_FUTURE_TEST_H +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ + +#include + +struct aws_destroyme *aws_destroyme_new(struct aws_allocator *alloc, bool *set_true_on_death); +void aws_destroyme_destroy(struct aws_destroyme *destroyme); + +/* We get unused-function warnings if this macro is used in a .c file, so put it in a header */ +AWS_DECLARE_FUTURE_T_POINTER_WITH_DESTROY(aws_future_destroyme, struct aws_destroyme, aws_destroyme_destroy); + +struct aws_refcountme *aws_refcountme_new(struct aws_allocator *alloc, bool *set_true_on_death); +struct aws_refcountme *aws_refcountme_acquire(struct aws_refcountme *refcountme); +struct aws_refcountme *aws_refcountme_release(struct aws_refcountme *refcountme); +AWS_DECLARE_FUTURE_T_POINTER_WITH_RELEASE(aws_future_refcountme, struct aws_refcountme, aws_refcountme_release); + +#endif /* AWS_FUTURE_TEST_H */ From 7fa27aa55c84decfa1c80b2bcc9f5339e3464eb5 Mon Sep 17 00:00:00 2001 From: Michael Graeb Date: Wed, 31 May 2023 16:22:59 -0700 Subject: [PATCH 05/44] aws_async_input_stream (#573) An async API for reading a stream of bytes. Experimental, for now. --- .github/workflows/ci.yml | 2 +- codebuild/linux-integration-tests.yml | 5 +- include/aws/io/async_stream.h | 127 ++++++++++++++ source/async_stream.c | 232 ++++++++++++++++++++++++++ 4 files changed, 363 insertions(+), 3 deletions(-) create mode 100644 include/aws/io/async_stream.h create mode 100644 source/async_stream.c diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 49f1a1467..b550a1c66 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,7 +6,7 @@ on: - 'main' env: - BUILDER_VERSION: v0.9.43 + BUILDER_VERSION: v0.9.46 BUILDER_SOURCE: releases BUILDER_HOST: https://d19elf31gohf1l.cloudfront.net PACKAGE_NAME: aws-c-io diff --git a/codebuild/linux-integration-tests.yml b/codebuild/linux-integration-tests.yml index 743404b53..b7d32dddf 100644 --- a/codebuild/linux-integration-tests.yml +++ b/codebuild/linux-integration-tests.yml @@ -10,8 +10,9 @@ phases: pre_build: commands: - export CC=gcc-7 - - export BUILDER_VERSION=v0.9.29 - - export BUILDER_SOURCE=releases + - export BUILDER_VERSION=$(cat .github/workflows/ci.yml | grep 'BUILDER_VERSION:' | sed 's/\s*BUILDER_VERSION:\s*\(.*\)/\1/') + - export BUILDER_SOURCE=$(cat .github/workflows/ci.yml | grep 'BUILDER_SOURCE:' | sed 's/\s*BUILDER_SOURCE:\s*\(.*\)/\1/') + - echo "Using builder version='${BUILDER_VERSION}' source='${BUILDER_SOURCE}'" - export BUILDER_HOST=https://d19elf31gohf1l.cloudfront.net build: commands: diff --git a/include/aws/io/async_stream.h b/include/aws/io/async_stream.h new file mode 100644 index 000000000..79f7bb7c0 --- /dev/null +++ b/include/aws/io/async_stream.h @@ -0,0 +1,127 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ + +#ifndef AWS_IO_ASYNC_STREAM_H +#define AWS_IO_ASYNC_STREAM_H + +/** + * THIS IS AN EXPERIMENTAL AND UNSTABLE API + * TODO: logging + * TODO: modify API to return byte-bufs, instead of filling in the provided byte-buf? + * this would avoid a copy in the use-cases we know of, but it's more complex + * TODO: vtable acquire()/release()? + * TODO: protect against simultaneous reads? + * TODO: check results of vtable->read() (i.e. 0 byte reads not allowed)? + * this would require 1 or 2 additional allocations per read + */ + +#include + +#include + +AWS_PUSH_SANE_WARNING_LEVEL + +struct aws_async_input_stream; +struct aws_byte_buf; +struct aws_future_bool; +struct aws_input_stream; + +struct aws_async_input_stream { + const struct aws_async_input_stream_vtable *vtable; + struct aws_allocator *alloc; + struct aws_ref_count ref_count; + void *impl; +}; + +struct aws_async_input_stream_vtable { + /** + * Destroy the stream, its refcount has reached 0. + */ + void (*destroy)(struct aws_async_input_stream *stream); + + /** + * Read once into the buffer. + * Complete the read when at least 1 byte is read, the buffer is full, or EOF is reached. + * Do not resize the buffer (do not use "aws_byte_buf_xyz_dynamic()" functions) + * Do not assume that buffer len starts at 0. + * You may assume that read() won't be called again until the current one completes. + * You may assume that the buffer has some space available. + * Return a future, which will contain an error code if something went wrong, + * or a result bool indicating whether EOF has been reached. + */ + struct aws_future_bool *(*read)(struct aws_async_input_stream *stream, struct aws_byte_buf *dest); +}; + +AWS_EXTERN_C_BEGIN + +/** + * Initialize aws_async_input_stream "base class" + */ +AWS_IO_API +void aws_async_input_stream_init_base( + struct aws_async_input_stream *stream, + struct aws_allocator *alloc, + const struct aws_async_input_stream_vtable *vtable, + void *impl); + +/** + * Increment reference count. + * You may pass in NULL (has no effect). + * Returns whatever pointer was passed in. + */ +AWS_IO_API +struct aws_async_input_stream *aws_async_input_stream_acquire(struct aws_async_input_stream *stream); + +/** + * Decrement reference count. + * You may pass in NULL (has no effect). + * Always returns NULL. + */ +AWS_IO_API +struct aws_async_input_stream *aws_async_input_stream_release(struct aws_async_input_stream *stream); + +/** + * Read once from the async stream into the buffer. + * The read completes when at least 1 byte is read, the buffer is full, or EOF is reached. + * Depending on implementation, the read could complete at any time. + * It may complete synchronously. It may complete on another thread. + * Returns a future, which will contain an error code if something went wrong, + * or a result bool indicating whether EOF has been reached. + * + * WARNING: The buffer must have space available. + * WARNING: Do not read again until the previous read is complete. + */ +AWS_IO_API +struct aws_future_bool *aws_async_input_stream_read(struct aws_async_input_stream *stream, struct aws_byte_buf *dest); + +/** + * Read repeatedly from the async stream until the buffer is full, or EOF is reached. + * Depending on implementation, this could complete at any time. + * It may complete synchronously. It may complete on another thread. + * Returns a future, which will contain an error code if something went wrong, + * or a result bool indicating whether EOF has been reached. + * + * WARNING: The buffer must have space available. + * WARNING: Do not read again until the previous read is complete. + */ +AWS_IO_API +struct aws_future_bool *aws_async_input_stream_read_to_fill( + struct aws_async_input_stream *stream, + struct aws_byte_buf *dest); + +/** + * Create a new async stream, which wraps a synchronous aws_input_stream. + * The new stream acquires a reference to the `source` stream. + * This function cannot fail. + */ +AWS_IO_API +struct aws_async_input_stream *aws_async_input_stream_new_from_synchronous( + struct aws_allocator *alloc, + struct aws_input_stream *source); + +AWS_EXTERN_C_END +AWS_POP_SANE_WARNING_LEVEL + +#endif /* AWS_IO_ASYNC_STREAM_H */ diff --git a/source/async_stream.c b/source/async_stream.c new file mode 100644 index 000000000..20eea77fe --- /dev/null +++ b/source/async_stream.c @@ -0,0 +1,232 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ + +#include + +#include +#include +#include + +void aws_async_input_stream_init_base( + struct aws_async_input_stream *stream, + struct aws_allocator *alloc, + const struct aws_async_input_stream_vtable *vtable, + void *impl) { + + AWS_PRECONDITION(stream); + AWS_PRECONDITION(alloc); + AWS_PRECONDITION(vtable); + AWS_PRECONDITION(vtable->read); + AWS_PRECONDITION(vtable->destroy); + + AWS_ZERO_STRUCT(*stream); + stream->alloc = alloc; + stream->vtable = vtable; + stream->impl = impl; + aws_ref_count_init(&stream->ref_count, stream, (aws_simple_completion_callback *)vtable->destroy); +} + +struct aws_async_input_stream *aws_async_input_stream_acquire(struct aws_async_input_stream *stream) { + if (stream != NULL) { + aws_ref_count_acquire(&stream->ref_count); + } + return stream; +} + +struct aws_async_input_stream *aws_async_input_stream_release(struct aws_async_input_stream *stream) { + if (stream) { + aws_ref_count_release(&stream->ref_count); + } + return NULL; +} + +struct aws_future_bool *aws_async_input_stream_read(struct aws_async_input_stream *stream, struct aws_byte_buf *dest) { + AWS_PRECONDITION(stream); + AWS_PRECONDITION(dest); + + /* Ensure the buffer has space available */ + if (dest->len == dest->capacity) { + struct aws_future_bool *future = aws_future_bool_new(stream->alloc); + aws_future_bool_set_error(future, AWS_ERROR_SHORT_BUFFER); + return future; + } + + struct aws_future_bool *future = stream->vtable->read(stream, dest); + AWS_POSTCONDITION(future != NULL); + return future; +} + +/* Data to perform the aws_async_input_stream_read_to_fill() job */ +struct aws_async_input_stream_fill_job { + struct aws_allocator *alloc; + struct aws_async_input_stream *stream; + struct aws_byte_buf *dest; + /* Future for each read() step */ + struct aws_future_bool *read_step_future; + /* Future to set when this fill job completes */ + struct aws_future_bool *on_complete_future; +}; + +static void s_async_stream_fill_job_complete( + struct aws_async_input_stream_fill_job *fill_job, + bool eof, + int error_code) { + + if (error_code) { + aws_future_bool_set_error(fill_job->on_complete_future, error_code); + } else { + aws_future_bool_set_result(fill_job->on_complete_future, eof); + } + aws_future_bool_release(fill_job->on_complete_future); + aws_async_input_stream_release(fill_job->stream); + aws_mem_release(fill_job->alloc, fill_job); +} + +/* Call read() in a loop. + * It would be simpler to set a completion callback for each read() call, + * but this risks our call stack growing large if there are many small, synchronous, reads. + * So be complicated and loop until a read() ) call is actually async, + * and only then set the completion callback (which is this same function, where we resume looping). */ +static void s_async_stream_fill_job_loop(void *user_data) { + struct aws_async_input_stream_fill_job *fill_job = user_data; + + while (true) { + /* Process read_step_future from previous iteration of loop. + * It's NULL the first time the job ever enters the loop. + * But it's set in subsequent runs of the loop, + * and when this is a read_step_future completion callback. */ + if (fill_job->read_step_future) { + if (aws_future_bool_register_callback_if_not_done( + fill_job->read_step_future, s_async_stream_fill_job_loop, fill_job)) { + + /* not done, we'll resume this loop when callback fires */ + return; + } + + /* read_step_future is done */ + int error_code = aws_future_bool_get_error(fill_job->read_step_future); + bool eof = error_code ? false : aws_future_bool_get_result(fill_job->read_step_future); + bool reached_capacity = fill_job->dest->len == fill_job->dest->capacity; + fill_job->read_step_future = aws_future_bool_release(fill_job->read_step_future); /* release and NULL */ + + if (error_code || eof || reached_capacity) { + /* job complete! */ + s_async_stream_fill_job_complete(fill_job, eof, error_code); + return; + } + } + + /* Kick off a read, which may or may not complete async */ + fill_job->read_step_future = aws_async_input_stream_read(fill_job->stream, fill_job->dest); + } +} + +struct aws_future_bool *aws_async_input_stream_read_to_fill( + struct aws_async_input_stream *stream, + struct aws_byte_buf *dest) { + + AWS_PRECONDITION(stream); + AWS_PRECONDITION(dest); + + struct aws_future_bool *future = aws_future_bool_new(stream->alloc); + + /* Ensure the buffer has space available */ + if (dest->len == dest->capacity) { + aws_future_bool_set_error(future, AWS_ERROR_SHORT_BUFFER); + return future; + } + + /* Prepare for async job */ + struct aws_async_input_stream_fill_job *fill_job = + aws_mem_calloc(stream->alloc, 1, sizeof(struct aws_async_input_stream_fill_job)); + fill_job->alloc = stream->alloc; + fill_job->stream = aws_async_input_stream_acquire(stream); + fill_job->dest = dest; + fill_job->on_complete_future = aws_future_bool_acquire(future); + + /* Kick off work */ + s_async_stream_fill_job_loop(fill_job); + + return future; +} + +/******************************************************************************* + * aws_async_stream_wrapping_synchronous + ******************************************************************************/ + +struct aws_async_stream_wrapping_synchronous { + struct aws_async_input_stream base; + struct aws_input_stream *source; +}; + +static void s_async_wrapping_synchronous_stream_destroy(struct aws_async_input_stream *async_stream) { + struct aws_async_stream_wrapping_synchronous *async_impl = async_stream->impl; + aws_input_stream_release(async_impl->source); + aws_mem_release(async_stream->alloc, async_impl); +} + +static struct aws_future_bool *s_async_wrapping_synchronous_stream_read( + struct aws_async_input_stream *async_stream, + struct aws_byte_buf *dest) { + + struct aws_async_stream_wrapping_synchronous *async_impl = async_stream->impl; + + struct aws_future_bool *future = aws_future_bool_new(async_stream->alloc); + + /* Keep calling read() until we get some data, or hit EOF. + * We do this because the synchronous aws_input_stream API allows + * 0 byte reads, but the aws_async_input_stream API does not. + * + * The synchronous aws_input_stream API allows 0 bytes reads because we + * didn't used to have an async API, and 0 byte reads were the way to report + * "data not available yet". + * + * Continually calling read() is a waste of CPU, but I'm not sure tricks to + * work around this (sleeping between retries, retrying from a thread, etc) + * are worth the complexity. The real solution to an aws_input_stream + * doing 0 byte reads is to replace it with an actual async stream */ + size_t prev_len = dest->len; + struct aws_stream_status status = {.is_end_of_stream = false, .is_valid = true}; + while (!status.is_end_of_stream && (dest->len == prev_len)) { + /* read from stream */ + if (aws_input_stream_read(async_impl->source, dest) != AWS_OP_SUCCESS) { + aws_future_bool_set_error(future, aws_last_error()); + goto done; + } + + /* check if stream is done */ + if (aws_input_stream_get_status(async_impl->source, &status) != AWS_OP_SUCCESS) { + aws_future_bool_set_error(future, aws_last_error()); + goto done; + } + } + + aws_future_bool_set_result(future, status.is_end_of_stream); +done: + return future; +} + +static const struct aws_async_input_stream_vtable s_async_stream_wrapping_input_stream_vtable = { + .destroy = s_async_wrapping_synchronous_stream_destroy, + .read = s_async_wrapping_synchronous_stream_read, +}; + +struct aws_async_input_stream *aws_async_input_stream_new_from_synchronous( + struct aws_allocator *alloc, + struct aws_input_stream *source) { + + AWS_PRECONDITION(alloc); + AWS_PRECONDITION(source); + + struct aws_async_stream_wrapping_synchronous *async_impl = + aws_mem_calloc(alloc, 1, sizeof(struct aws_async_stream_wrapping_synchronous)); + + aws_async_input_stream_init_base( + &async_impl->base, alloc, &s_async_stream_wrapping_input_stream_vtable, async_impl); + + async_impl->source = aws_input_stream_acquire(source); + + return &async_impl->base; +} From 4055b2b05d6399ed0439a22a0d79d7ea697e9e60 Mon Sep 17 00:00:00 2001 From: Michael Graeb Date: Thu, 1 Jun 2023 11:18:29 -0700 Subject: [PATCH 06/44] aws_future keeps channel alive until callback fires (#574) **Issue:** The `future_register_channel_callback` test was failing occasionally. **Description of changes:** Previously, the future released its hold on the channel after the task was scheduled. Now, it doesn't release its hold until the task has actually run. There's still stuff about channel lifetime and tasks that doesn't seem 100% kosher, but this fixes the issue for aws_future. --- source/future.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/source/future.c b/source/future.c index 36aef227c..4c01b9a6b 100644 --- a/source/future.c +++ b/source/future.c @@ -211,6 +211,7 @@ void aws_future_impl_get_result_by_move(struct aws_future_impl *future, void *ds struct aws_future_event_loop_callback_job { struct aws_allocator *alloc; struct aws_task task; + struct aws_event_loop *event_loop; aws_future_callback_fn *callback; void *user_data; }; @@ -220,6 +221,7 @@ static void s_future_impl_event_loop_callback_task(struct aws_task *task, void * (void)status; struct aws_future_event_loop_callback_job *job = arg; job->callback(job->user_data); + // TODO: aws_event_loop_release(job->event_loop); aws_mem_release(job->alloc, job); } @@ -227,6 +229,7 @@ static void s_future_impl_event_loop_callback_task(struct aws_task *task, void * struct aws_future_channel_callback_job { struct aws_allocator *alloc; struct aws_channel_task task; + struct aws_channel *channel; aws_future_callback_fn *callback; void *user_data; }; @@ -236,6 +239,7 @@ static void s_future_impl_channel_callback_task(struct aws_channel_task *task, v (void)status; struct aws_future_channel_callback_job *job = arg; job->callback(job->user_data); + aws_channel_release_hold(job->channel); aws_mem_release(job->alloc, job); } @@ -253,11 +257,11 @@ static void s_future_impl_invoke_callback(struct aws_future_callback_data *callb aws_mem_calloc(alloc, 1, sizeof(struct aws_future_event_loop_callback_job)); job->alloc = alloc; aws_task_init(&job->task, s_future_impl_event_loop_callback_task, job, "aws_future_event_loop_callback"); + job->event_loop = callback->u.event_loop; job->callback = callback->fn; job->user_data = callback->user_data; aws_event_loop_schedule_task_now(callback->u.event_loop, &job->task); - // TODO: aws_event_loop_release(event_loop); } break; case AWS_FUTURE_CHANNEL_CALLBACK: { @@ -266,11 +270,11 @@ static void s_future_impl_invoke_callback(struct aws_future_callback_data *callb aws_mem_calloc(alloc, 1, sizeof(struct aws_future_channel_callback_job)); job->alloc = alloc; aws_channel_task_init(&job->task, s_future_impl_channel_callback_task, job, "aws_future_channel_callback"); + job->channel = callback->u.channel; job->callback = callback->fn; job->user_data = callback->user_data; aws_channel_schedule_task_now(callback->u.channel, &job->task); - aws_channel_release_hold(callback->u.channel); } break; } } From 396491c50801e1d861b14326c0d58d80da96597b Mon Sep 17 00:00:00 2001 From: Michael Graeb Date: Fri, 2 Jun 2023 16:07:23 -0700 Subject: [PATCH 07/44] tests for aws_async_input_stream (#575) Also, 2 new helper classes `aws_input_stream_tester` and `aws_async_input_stream_tester` to help us test edge cases in any system that reads streams. The tester-streams can be configured to be weird in whatever way your tests needs them to be. e.g. "fail the 3rd time a read occurs", or "create an async stream always that completes reads on a separate thread", or "always completes reads synchronously", or "randomly alternates between the 2". Also, 2 fixes in `future.h` where the docs didn't 100% match reality. Also, remove `aws_async_input_stream_new_from_synchronous()`. Turns out we don't need this right now, and red code is best code. --- include/aws/io/async_stream.h | 10 - include/aws/io/future.h | 4 +- include/aws/testing/async_stream_tester.h | 258 ++++++++++++++++++++++ include/aws/testing/stream_tester.h | 220 ++++++++++++++++++ source/async_stream.c | 79 ------- tests/CMakeLists.txt | 6 + tests/async_stream_test.c | 168 ++++++++++++++ 7 files changed, 654 insertions(+), 91 deletions(-) create mode 100644 include/aws/testing/async_stream_tester.h create mode 100644 include/aws/testing/stream_tester.h create mode 100644 tests/async_stream_test.c diff --git a/include/aws/io/async_stream.h b/include/aws/io/async_stream.h index 79f7bb7c0..2e76bdd7e 100644 --- a/include/aws/io/async_stream.h +++ b/include/aws/io/async_stream.h @@ -111,16 +111,6 @@ struct aws_future_bool *aws_async_input_stream_read_to_fill( struct aws_async_input_stream *stream, struct aws_byte_buf *dest); -/** - * Create a new async stream, which wraps a synchronous aws_input_stream. - * The new stream acquires a reference to the `source` stream. - * This function cannot fail. - */ -AWS_IO_API -struct aws_async_input_stream *aws_async_input_stream_new_from_synchronous( - struct aws_allocator *alloc, - struct aws_input_stream *source); - AWS_EXTERN_C_END AWS_POP_SANE_WARNING_LEVEL diff --git a/include/aws/io/future.h b/include/aws/io/future.h index 3b036b80d..e9baaa15f 100644 --- a/include/aws/io/future.h +++ b/include/aws/io/future.h @@ -361,7 +361,7 @@ T aws_future_T_get_result(const struct aws_future_T *future); aws_future_impl_set_result_by_move((struct aws_future_impl *)future, &result); \ } \ \ - AWS_STATIC_IMPL T FUTURE##_get_result(struct FUTURE *future) { \ + AWS_STATIC_IMPL T FUTURE##_get_result(const struct FUTURE *future) { \ return *(T *)aws_future_impl_get_result_address((const struct aws_future_impl *)future); \ } \ \ @@ -410,7 +410,7 @@ T* aws_future_T_peek_result(const struct aws_future_T *future); aws_future_impl_set_result_by_move((struct aws_future_impl *)future, value_address); \ } \ \ - AWS_STATIC_IMPL T *FUTURE##_get_result(const struct FUTURE *future) { \ + AWS_STATIC_IMPL T *FUTURE##_peek_result(const struct FUTURE *future) { \ return aws_future_impl_get_result_address((const struct aws_future_impl *)future); \ } \ \ diff --git a/include/aws/testing/async_stream_tester.h b/include/aws/testing/async_stream_tester.h new file mode 100644 index 000000000..f2098572f --- /dev/null +++ b/include/aws/testing/async_stream_tester.h @@ -0,0 +1,258 @@ +#ifndef AWS_TESTING_ASYNC_STREAM_TESTER_H +#define AWS_TESTING_ASYNC_STREAM_TESTER_H + +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ +#include + +#include +#include +#include +#include +#include +#include + +#ifndef AWS_UNSTABLE_TESTING_API +# error This code is designed for use by AWS owned libraries for the AWS C99 SDK. \ +You are welcome to use it, but we make no promises on the stability of this API. \ +To enable use of this code, set the AWS_UNSTABLE_TESTING_API compiler flag. +#endif + +/** + * Use aws_async_input_stream_tester to test edge cases in systems that take async streams. + * You can customize its behavior (e.g. fail on 3rd read, always complete async, always complete synchronously, etc) + */ + +struct aws_async_input_stream_tester_options { + /* the async tester uses the synchronous tester under the hood, + * so here are those options */ + struct aws_input_stream_tester_options base; + + enum aws_async_read_completion_strategy { + /* the tester has its own thread, and reads always complete from there */ + AWS_ASYNC_READ_COMPLETES_ON_ANOTHER_THREAD, + /* reads complete before read() even returns */ + AWS_ASYNC_READ_COMPLETES_IMMEDIATELY, + /* sometimes reads complete immediately, sometimes they complete on another thread */ + AWS_ASYNC_READ_COMPLETES_ON_RANDOM_THREAD, + } completion_strategy; + + /* if non-zero, a read will take at least this long to complete */ + uint64_t read_duration_ns; +}; + +struct aws_async_input_stream_tester { + struct aws_async_input_stream base; + struct aws_allocator *alloc; + struct aws_async_input_stream_tester_options options; + struct aws_input_stream *source_stream; + + struct aws_thread thread; + struct { + struct aws_mutex lock; + struct aws_condition_variable cvar; + + /* when thread should perform a read, these are set */ + struct aws_byte_buf *read_dest; + struct aws_future_bool *read_future; + + /* if true, thread should shut down */ + bool do_shutdown; + } synced_data; + + struct aws_atomic_var num_outstanding_reads; +}; + +AWS_STATIC_IMPL +void s_async_input_stream_tester_do_actual_read( + struct aws_async_input_stream_tester *impl, + struct aws_byte_buf *dest, + struct aws_future_bool *read_future) { + + int error_code = 0; + + /* delay, if that's how we're configured */ + if (impl->options.read_duration_ns != 0) { + aws_thread_current_sleep(impl->options.read_duration_ns); + } + + /* Keep calling read() until we get some data, or hit EOF. + * We do this because the synchronous aws_input_stream API allows + * 0 byte reads, but the aws_async_input_stream API does not. */ + size_t prev_len = dest->len; + struct aws_stream_status status = {.is_end_of_stream = false, .is_valid = true}; + while ((dest->len == prev_len) && !status.is_end_of_stream) { + /* read from stream */ + if (aws_input_stream_read(impl->source_stream, dest) != AWS_OP_SUCCESS) { + error_code = aws_last_error(); + goto done; + } + + /* check if stream is done */ + if (aws_input_stream_get_status(impl->source_stream, &status) != AWS_OP_SUCCESS) { + error_code = aws_last_error(); + goto done; + } + } + +done: + aws_atomic_fetch_sub(&impl->num_outstanding_reads, 1); + + if (error_code != 0) { + aws_future_bool_set_error(read_future, error_code); + } else { + aws_future_bool_set_result(read_future, status.is_end_of_stream); + } + + aws_future_bool_release(read_future); +} + +AWS_STATIC_IMPL +struct aws_future_bool *s_async_input_stream_tester_read( + struct aws_async_input_stream *stream, + struct aws_byte_buf *dest) { + + struct aws_async_input_stream_tester *impl = stream->impl; + + size_t prev_outstanding_reads = aws_atomic_fetch_add(&impl->num_outstanding_reads, 1); + AWS_FATAL_ASSERT(prev_outstanding_reads == 0 && "Overlapping read() calls are forbidden"); + + struct aws_future_bool *read_future = aws_future_bool_new(stream->alloc); + + bool do_on_thread = false; + switch (impl->options.completion_strategy) { + case AWS_ASYNC_READ_COMPLETES_ON_ANOTHER_THREAD: + do_on_thread = true; + break; + case AWS_ASYNC_READ_COMPLETES_IMMEDIATELY: + do_on_thread = false; + break; + case AWS_ASYNC_READ_COMPLETES_ON_RANDOM_THREAD: + do_on_thread = (rand() % 2 == 0); + break; + } + + if (do_on_thread) { + /* BEGIN CRITICAL SECTION */ + aws_mutex_lock(&impl->synced_data.lock); + impl->synced_data.read_dest = dest; + impl->synced_data.read_future = aws_future_bool_acquire(read_future); + AWS_FATAL_ASSERT(aws_condition_variable_notify_all(&impl->synced_data.cvar) == AWS_OP_SUCCESS); + aws_mutex_unlock(&impl->synced_data.lock); + /* END CRITICAL SECTION */ + } else { + /* acquire additional refcount on future, since we call release once it's complete */ + aws_future_bool_acquire(read_future); + s_async_input_stream_tester_do_actual_read(impl, dest, read_future); + } + + return read_future; +} + +AWS_STATIC_IMPL +void s_async_input_stream_tester_do_actual_destroy(struct aws_async_input_stream_tester *impl) { + if (impl->options.completion_strategy != AWS_ASYNC_READ_COMPLETES_IMMEDIATELY) { + aws_condition_variable_clean_up(&impl->synced_data.cvar); + aws_mutex_clean_up(&impl->synced_data.lock); + } + + aws_input_stream_release(impl->source_stream); + aws_mem_release(impl->base.alloc, impl); +} + +/* refcount has reached zero */ +AWS_STATIC_IMPL +void s_async_input_stream_tester_destroy(struct aws_async_input_stream *async_stream) { + struct aws_async_input_stream_tester *impl = async_stream->impl; + + if (impl->options.completion_strategy == AWS_ASYNC_READ_COMPLETES_IMMEDIATELY) { + s_async_input_stream_tester_do_actual_destroy(impl); + } else { + /* signal thread to finish cleaning things up */ + + /* BEGIN CRITICAL SECTION */ + aws_mutex_lock(&impl->synced_data.lock); + impl->synced_data.do_shutdown = true; + AWS_FATAL_ASSERT(aws_condition_variable_notify_all(&impl->synced_data.cvar) == AWS_OP_SUCCESS); + aws_mutex_unlock(&impl->synced_data.lock); + /* END CRITICAL SECTION */ + } +} + +AWS_STATIC_IMPL +bool s_async_input_stream_tester_thread_pred(void *arg) { + struct aws_async_input_stream_tester *impl = arg; + return impl->synced_data.do_shutdown || (impl->synced_data.read_dest != NULL); +} + +AWS_STATIC_IMPL +void s_async_input_stream_tester_thread(void *arg) { + struct aws_async_input_stream_tester *impl = arg; + bool do_shutdown = false; + struct aws_byte_buf *read_dest = NULL; + struct aws_future_bool *read_future = NULL; + while (!do_shutdown) { + /* BEGIN CRITICAL SECTION */ + aws_mutex_lock(&impl->synced_data.lock); + AWS_FATAL_ASSERT( + aws_condition_variable_wait_pred( + &impl->synced_data.cvar, &impl->synced_data.lock, s_async_input_stream_tester_thread_pred, impl) == + AWS_OP_SUCCESS); + + /* acquire work */ + do_shutdown = impl->synced_data.do_shutdown; + read_dest = impl->synced_data.read_dest; + impl->synced_data.read_dest = NULL; + read_future = impl->synced_data.read_future; + impl->synced_data.read_future = NULL; + + aws_mutex_unlock(&impl->synced_data.lock); + /* END CRITICAL SECTION */ + + if (read_dest != NULL) { + s_async_input_stream_tester_do_actual_read(impl, read_dest, read_future); + } + } + + /* thread has shut down, finish destruction */ + s_async_input_stream_tester_do_actual_destroy(impl); +} + +static struct aws_async_input_stream_vtable s_async_input_stream_tester_vtable = { + .destroy = s_async_input_stream_tester_destroy, + .read = s_async_input_stream_tester_read, +}; + +AWS_STATIC_IMPL +struct aws_async_input_stream *aws_async_input_stream_new_tester( + struct aws_allocator *alloc, + const struct aws_async_input_stream_tester_options *options) { + + struct aws_async_input_stream_tester *impl = aws_mem_calloc(alloc, 1, sizeof(struct aws_async_input_stream_tester)); + aws_async_input_stream_init_base(&impl->base, alloc, &s_async_input_stream_tester_vtable, impl); + impl->options = *options; + aws_atomic_init_int(&impl->num_outstanding_reads, 0); + + impl->source_stream = aws_input_stream_new_tester(alloc, &options->base); + AWS_FATAL_ASSERT(impl->source_stream); + + if (options->completion_strategy != AWS_ASYNC_READ_COMPLETES_IMMEDIATELY) { + aws_mutex_init(&impl->synced_data.lock); + aws_condition_variable_init(&impl->synced_data.cvar); + + AWS_FATAL_ASSERT(aws_thread_init(&impl->thread, alloc) == AWS_OP_SUCCESS); + struct aws_thread_options thread_options = *aws_default_thread_options(); + thread_options.name = aws_byte_cursor_from_c_str("AsyncStream"); + thread_options.join_strategy = AWS_TJS_MANAGED; + + AWS_FATAL_ASSERT( + aws_thread_launch(&impl->thread, s_async_input_stream_tester_thread, impl, &thread_options) == + AWS_OP_SUCCESS); + } + + return &impl->base; +} + +#endif /* AWS_TESTING_ASYNC_STREAM_TESTER_H */ diff --git a/include/aws/testing/stream_tester.h b/include/aws/testing/stream_tester.h new file mode 100644 index 000000000..cf4acafd2 --- /dev/null +++ b/include/aws/testing/stream_tester.h @@ -0,0 +1,220 @@ +#ifndef AWS_TESTING_STREAM_TESTER_H +#define AWS_TESTING_STREAM_TESTER_H + +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ +#include + +#ifndef AWS_UNSTABLE_TESTING_API +# error This code is designed for use by AWS owned libraries for the AWS C99 SDK. \ +You are welcome to use it, but we make no promises on the stability of this API. \ +To enable use of this code, set the AWS_UNSTABLE_TESTING_API compiler flag. +#endif + +/** + * Use aws_input_stream tester to test edge cases in systems that take input streams. + * You can make it behave in specific weird ways (e.g. fail on 3rd read). + * + * There are a few ways to set what gets streamed. + * - source_bytes: if set, stream these bytes. + * - source_stream: if set, wrap this stream (but insert weird behavior like failing on 3rd read). + * - autogen_length: autogen streaming content N bytes in length. + */ + +struct aws_input_stream_tester_options { + /* bytes to be streamed. + * the stream copies these to its own internal buffer. + * or you can set the autogen_length */ + struct aws_byte_cursor source_bytes; + + /* wrap another stream */ + struct aws_input_stream *source_stream; + + /* if non-zero, autogen streaming content N bytes in length */ + size_t autogen_length; + + /* style of contents (if using autogen) */ + enum aws_autogen_style { + AWS_AUTOGEN_LOREM_IPSUM, + AWS_AUTOGEN_ALPHABET, + AWS_AUTOGEN_NUMBERS, + } autogen_style; + + /* if non-zero, read at most N bytes per read() */ + size_t max_bytes_per_read; + + /* if non-zero, read 0 bytes the Nth time read() is called */ + size_t read_zero_bytes_on_nth_read; + + /* If false, EOF is reported by the read() which produces the last few bytes. + * If true, EOF isn't reported until there's one more read(), producing zero bytes. + * This emulates an underlying stream that reports EOF by reading 0 bytes */ + bool eof_requires_extra_read; + + /* if non-zero, fail the Nth time read() is called, raising `fail_with_error_code` */ + size_t fail_on_nth_read; + + /* error-code to raise if failing on purpose */ + int fail_with_error_code; +}; + +struct aws_input_stream_tester { + struct aws_input_stream base; + struct aws_allocator *alloc; + struct aws_input_stream_tester_options options; + struct aws_byte_buf source_buf; + struct aws_input_stream *source_stream; + size_t read_count; + bool num_bytes_last_read; /* number of bytes read in the most recent successful read() */ +}; + +AWS_STATIC_IMPL +int s_input_stream_tester_seek(struct aws_input_stream *stream, int64_t offset, enum aws_stream_seek_basis basis) { + struct aws_input_stream_tester *impl = AWS_CONTAINER_OF(stream, struct aws_input_stream_tester, base); + return aws_input_stream_seek(impl->source_stream, offset, basis); +} + +AWS_STATIC_IMPL +int s_input_stream_tester_read(struct aws_input_stream *stream, struct aws_byte_buf *original_dest) { + struct aws_input_stream_tester *impl = AWS_CONTAINER_OF(stream, struct aws_input_stream_tester, base); + + impl->read_count++; + + /* if we're configured to fail, then do it */ + if (impl->read_count == impl->options.fail_on_nth_read) { + AWS_FATAL_ASSERT(impl->options.fail_with_error_code != 0); + return aws_raise_error(impl->options.fail_with_error_code); + } + + /* cap how much is read, if that's how we're configured */ + size_t bytes_to_read = original_dest->capacity - original_dest->len; + if (impl->options.max_bytes_per_read != 0) { + bytes_to_read = aws_min_size(bytes_to_read, impl->options.max_bytes_per_read); + } + + if (impl->read_count == impl->options.read_zero_bytes_on_nth_read) { + bytes_to_read = 0; + } + + /* pass artificially capped buffer to actual stream */ + struct aws_byte_buf capped_buf = + aws_byte_buf_from_empty_array(original_dest->buffer + original_dest->len, bytes_to_read); + + if (aws_input_stream_read(impl->source_stream, &capped_buf)) { + return AWS_OP_ERR; + } + + size_t bytes_actually_read = capped_buf.len; + original_dest->len += bytes_actually_read; + impl->num_bytes_last_read = bytes_actually_read; + + return AWS_OP_SUCCESS; +} + +AWS_STATIC_IMPL +int s_input_stream_tester_get_status(struct aws_input_stream *stream, struct aws_stream_status *status) { + struct aws_input_stream_tester *impl = AWS_CONTAINER_OF(stream, struct aws_input_stream_tester, base); + if (aws_input_stream_get_status(impl->source_stream, status)) { + return AWS_OP_ERR; + } + + /* if we're emulating a stream that requires an additional 0 byte read to realize it's EOF */ + if (impl->options.eof_requires_extra_read) { + if (impl->num_bytes_last_read > 0) { + status->is_end_of_stream = false; + } + } + + return AWS_OP_SUCCESS; +} + +AWS_STATIC_IMPL +int s_input_stream_tester_get_length(struct aws_input_stream *stream, int64_t *out_length) { + struct aws_input_stream_tester *impl = AWS_CONTAINER_OF(stream, struct aws_input_stream_tester, base); + return aws_input_stream_get_length(impl->source_stream, out_length); +} + +static struct aws_input_stream_vtable s_input_stream_tester_vtable = { + .seek = s_input_stream_tester_seek, + .read = s_input_stream_tester_read, + .get_status = s_input_stream_tester_get_status, + .get_length = s_input_stream_tester_get_length, +}; + +/* init byte-buf and fill it autogenned content */ +AWS_STATIC_IMPL +void s_byte_buf_init_autogenned( + struct aws_byte_buf *buf, + struct aws_allocator *alloc, + size_t length, + enum aws_autogen_style style) { + + aws_byte_buf_init(buf, alloc, length); + struct aws_byte_cursor pattern = {0}; + switch (style) { + case AWS_AUTOGEN_LOREM_IPSUM: + pattern = aws_byte_cursor_from_c_str( + "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore " + "et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut " + "aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse " + "cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa " + "qui officia deserunt mollit anim id est laborum. "); + break; + case AWS_AUTOGEN_ALPHABET: + pattern = aws_byte_cursor_from_c_str("abcdefghijklmnopqrstuvwxyz"); + break; + case AWS_AUTOGEN_NUMBERS: + pattern = aws_byte_cursor_from_c_str("1234567890"); + break; + } + + struct aws_byte_cursor pattern_cursor = {0}; + while (buf->len < buf->capacity) { + if (pattern_cursor.len == 0) { + pattern_cursor = pattern; + } + aws_byte_buf_write_to_capacity(buf, &pattern_cursor); + } +} + +AWS_STATIC_IMPL +void s_input_stream_tester_destroy(void *user_data) { + struct aws_input_stream_tester *impl = user_data; + aws_input_stream_release(impl->source_stream); + aws_byte_buf_clean_up(&impl->source_buf); + aws_mem_release(impl->alloc, impl); +} + +AWS_STATIC_IMPL +struct aws_input_stream *aws_input_stream_new_tester( + struct aws_allocator *alloc, + const struct aws_input_stream_tester_options *options) { + + struct aws_input_stream_tester *impl = aws_mem_calloc(alloc, 1, sizeof(struct aws_input_stream_tester)); + impl->base.impl = impl; + impl->base.vtable = &s_input_stream_tester_vtable; + aws_ref_count_init(&impl->base.ref_count, impl, s_input_stream_tester_destroy); + impl->alloc = alloc; + impl->options = *options; + + if (options->source_stream != NULL) { + AWS_FATAL_ASSERT((options->autogen_length == 0) && (options->source_bytes.len == 0)); + impl->source_stream = aws_input_stream_acquire(options->source_stream); + } else { + if (options->autogen_length > 0) { + AWS_FATAL_ASSERT(options->source_bytes.len == 0); + s_byte_buf_init_autogenned(&impl->source_buf, alloc, options->autogen_length, options->autogen_style); + } else { + aws_byte_buf_init_copy_from_cursor(&impl->source_buf, alloc, options->source_bytes); + } + struct aws_byte_cursor source_buf_cursor = aws_byte_cursor_from_buf(&impl->source_buf); + impl->source_stream = aws_input_stream_new_from_cursor(alloc, &source_buf_cursor); + AWS_FATAL_ASSERT(impl->source_stream); + } + + return &impl->base; +} + +#endif /* AWS_TESTING_STREAM_TESTER_H */ diff --git a/source/async_stream.c b/source/async_stream.c index 20eea77fe..6422bb847 100644 --- a/source/async_stream.c +++ b/source/async_stream.c @@ -151,82 +151,3 @@ struct aws_future_bool *aws_async_input_stream_read_to_fill( return future; } - -/******************************************************************************* - * aws_async_stream_wrapping_synchronous - ******************************************************************************/ - -struct aws_async_stream_wrapping_synchronous { - struct aws_async_input_stream base; - struct aws_input_stream *source; -}; - -static void s_async_wrapping_synchronous_stream_destroy(struct aws_async_input_stream *async_stream) { - struct aws_async_stream_wrapping_synchronous *async_impl = async_stream->impl; - aws_input_stream_release(async_impl->source); - aws_mem_release(async_stream->alloc, async_impl); -} - -static struct aws_future_bool *s_async_wrapping_synchronous_stream_read( - struct aws_async_input_stream *async_stream, - struct aws_byte_buf *dest) { - - struct aws_async_stream_wrapping_synchronous *async_impl = async_stream->impl; - - struct aws_future_bool *future = aws_future_bool_new(async_stream->alloc); - - /* Keep calling read() until we get some data, or hit EOF. - * We do this because the synchronous aws_input_stream API allows - * 0 byte reads, but the aws_async_input_stream API does not. - * - * The synchronous aws_input_stream API allows 0 bytes reads because we - * didn't used to have an async API, and 0 byte reads were the way to report - * "data not available yet". - * - * Continually calling read() is a waste of CPU, but I'm not sure tricks to - * work around this (sleeping between retries, retrying from a thread, etc) - * are worth the complexity. The real solution to an aws_input_stream - * doing 0 byte reads is to replace it with an actual async stream */ - size_t prev_len = dest->len; - struct aws_stream_status status = {.is_end_of_stream = false, .is_valid = true}; - while (!status.is_end_of_stream && (dest->len == prev_len)) { - /* read from stream */ - if (aws_input_stream_read(async_impl->source, dest) != AWS_OP_SUCCESS) { - aws_future_bool_set_error(future, aws_last_error()); - goto done; - } - - /* check if stream is done */ - if (aws_input_stream_get_status(async_impl->source, &status) != AWS_OP_SUCCESS) { - aws_future_bool_set_error(future, aws_last_error()); - goto done; - } - } - - aws_future_bool_set_result(future, status.is_end_of_stream); -done: - return future; -} - -static const struct aws_async_input_stream_vtable s_async_stream_wrapping_input_stream_vtable = { - .destroy = s_async_wrapping_synchronous_stream_destroy, - .read = s_async_wrapping_synchronous_stream_read, -}; - -struct aws_async_input_stream *aws_async_input_stream_new_from_synchronous( - struct aws_allocator *alloc, - struct aws_input_stream *source) { - - AWS_PRECONDITION(alloc); - AWS_PRECONDITION(source); - - struct aws_async_stream_wrapping_synchronous *async_impl = - aws_mem_calloc(alloc, 1, sizeof(struct aws_async_stream_wrapping_synchronous)); - - aws_async_input_stream_init_base( - &async_impl->base, alloc, &s_async_stream_wrapping_input_stream_vtable, async_impl); - - async_impl->source = aws_input_stream_acquire(source); - - return &async_impl->base; -} diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index e78203a42..710cd7af7 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -254,6 +254,12 @@ add_test_case(test_input_stream_memory_length) add_test_case(test_input_stream_file_length) add_test_case(test_input_stream_binary) +add_test_case(async_input_stream_fill_completes_on_thread) +add_test_case(async_input_stream_fill_completes_immediately) +add_test_case(async_input_stream_fill_completes_randomly) +add_test_case(async_input_stream_fill_eof_requires_extra_read) +add_test_case(async_input_stream_fill_reports_error) + add_test_case(open_channel_statistics_test) add_test_case(shared_library_open_failure) diff --git a/tests/async_stream_test.c b/tests/async_stream_test.c new file mode 100644 index 000000000..376142627 --- /dev/null +++ b/tests/async_stream_test.c @@ -0,0 +1,168 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ +#include + +#include +#include +#include +#include +#include + +#define ONE_SEC_IN_NS ((uint64_t)AWS_TIMESTAMP_NANOS) +#define MAX_TIMEOUT_NS (10 * ONE_SEC_IN_NS) + +/* Common implementation for async_input_stream_fill_completes_on_XYZ() tests */ +static int s_test_async_input_stream_read_to_fill( + struct aws_allocator *alloc, + struct aws_async_input_stream_tester_options *options) { + + aws_io_library_init(alloc); + + options->base.source_bytes = aws_byte_cursor_from_c_str("123456789"); + struct aws_async_input_stream *async_stream = aws_async_input_stream_new_tester(alloc, options); + + /* read into slightly short buffer */ + struct aws_byte_buf buf; + aws_byte_buf_init(&buf, alloc, 5); + + struct aws_future_bool *read_future = aws_async_input_stream_read_to_fill(async_stream, &buf); + ASSERT_TRUE(aws_future_bool_wait(read_future, MAX_TIMEOUT_NS)); + ASSERT_INT_EQUALS(0, aws_future_bool_get_error(read_future)); + ASSERT_BIN_ARRAYS_EQUALS("12345", 5, buf.buffer, buf.len); + bool eof = aws_future_bool_get_result(read_future); + ASSERT_FALSE(eof); + aws_future_bool_release(read_future); + + /* read the rest */ + buf.len = 0; + read_future = aws_async_input_stream_read_to_fill(async_stream, &buf); + ASSERT_TRUE(aws_future_bool_wait(read_future, MAX_TIMEOUT_NS)); + ASSERT_INT_EQUALS(0, aws_future_bool_get_error(read_future)); + ASSERT_BIN_ARRAYS_EQUALS("6789", 4, buf.buffer, buf.len); + eof = aws_future_bool_get_result(read_future); + ASSERT_TRUE(eof); + aws_future_bool_release(read_future); + + /* cleanup */ + aws_byte_buf_clean_up(&buf); + aws_async_input_stream_release(async_stream); + aws_io_library_clean_up(); + return 0; +} + +/* Test aws_async_input_stream_read_to_fill() + * Ensure it works when reads always complete on another thread. */ +AWS_TEST_CASE(async_input_stream_fill_completes_on_thread, s_test_async_input_stream_fill_completes_on_thread) +static int s_test_async_input_stream_fill_completes_on_thread(struct aws_allocator *alloc, void *ctx) { + (void)ctx; + struct aws_async_input_stream_tester_options options = { + .completion_strategy = AWS_ASYNC_READ_COMPLETES_ON_ANOTHER_THREAD, + .base = {.max_bytes_per_read = 1}, + }; + return s_test_async_input_stream_read_to_fill(alloc, &options); +} + +/* Test aws_async_input_stream_read_to_fill() + * Ensure it works when reads always complete immediately */ +AWS_TEST_CASE(async_input_stream_fill_completes_immediately, s_test_async_input_stream_fill_completes_immediately) +static int s_test_async_input_stream_fill_completes_immediately(struct aws_allocator *alloc, void *ctx) { + (void)ctx; + struct aws_async_input_stream_tester_options options = { + .completion_strategy = AWS_ASYNC_READ_COMPLETES_IMMEDIATELY, + .base = {.max_bytes_per_read = 1}, + }; + return s_test_async_input_stream_read_to_fill(alloc, &options); +} + +/* Test aws_async_input_stream_read_to_fill() + * Ensure it works when it's kinda random which thread completes the read */ +AWS_TEST_CASE(async_input_stream_fill_completes_randomly, s_test_async_input_stream_fill_completes_randomly) +static int s_test_async_input_stream_fill_completes_randomly(struct aws_allocator *alloc, void *ctx) { + (void)ctx; + struct aws_async_input_stream_tester_options options = { + .completion_strategy = AWS_ASYNC_READ_COMPLETES_ON_RANDOM_THREAD, + .base = {.max_bytes_per_read = 1}, + }; + return s_test_async_input_stream_read_to_fill(alloc, &options); +} + +/* Test aws_async_input_stream_read_to_fill() + * Ensure that it works when it takes one more read to realize we're at EOF */ +AWS_TEST_CASE(async_input_stream_fill_eof_requires_extra_read, s_test_async_input_stream_fill_eof_requires_extra_read) +static int s_test_async_input_stream_fill_eof_requires_extra_read(struct aws_allocator *alloc, void *ctx) { + (void)ctx; + aws_io_library_init(alloc); + + struct aws_async_input_stream_tester_options options = { + .base = + { + .source_bytes = aws_byte_cursor_from_c_str("123456789"), + .eof_requires_extra_read = true, + }, + }; + struct aws_async_input_stream *async_stream = aws_async_input_stream_new_tester(alloc, &options); + + /* read into buffer of the exact length. we shouldn't realize it's at EOF yet */ + struct aws_byte_buf buf; + aws_byte_buf_init(&buf, alloc, 9); + + struct aws_future_bool *read_future = aws_async_input_stream_read_to_fill(async_stream, &buf); + ASSERT_TRUE(aws_future_bool_wait(read_future, MAX_TIMEOUT_NS)); + ASSERT_INT_EQUALS(0, aws_future_bool_get_error(read_future)); + ASSERT_BIN_ARRAYS_EQUALS("123456789", 9, buf.buffer, buf.len); + bool eof = aws_future_bool_get_result(read_future); + ASSERT_FALSE(eof); + aws_future_bool_release(read_future); + + /* read again, get no data, but learn it's at EOF */ + buf.len = 0; + read_future = aws_async_input_stream_read_to_fill(async_stream, &buf); + ASSERT_TRUE(aws_future_bool_wait(read_future, MAX_TIMEOUT_NS)); + ASSERT_INT_EQUALS(0, aws_future_bool_get_error(read_future)); + ASSERT_UINT_EQUALS(0, buf.len); + eof = aws_future_bool_get_result(read_future); + ASSERT_TRUE(eof); + aws_future_bool_release(read_future); + + /* cleanup */ + aws_byte_buf_clean_up(&buf); + aws_async_input_stream_release(async_stream); + aws_io_library_clean_up(); + return 0; +} + +/* Test aws_async_input_stream_read_to_fill() + * Ensure that it reports errors from an underlying read() call */ +AWS_TEST_CASE(async_input_stream_fill_reports_error, s_test_async_input_stream_fill_reports_error) +static int s_test_async_input_stream_fill_reports_error(struct aws_allocator *alloc, void *ctx) { + (void)ctx; + aws_io_library_init(alloc); + + struct aws_async_input_stream_tester_options options = { + .base = + { + .source_bytes = aws_byte_cursor_from_c_str("123456789"), + .max_bytes_per_read = 1, + .fail_on_nth_read = 2, + .fail_with_error_code = 999, + }, + }; + struct aws_async_input_stream *async_stream = aws_async_input_stream_new_tester(alloc, &options); + + /* read into buffer */ + struct aws_byte_buf buf; + aws_byte_buf_init(&buf, alloc, 512); + + struct aws_future_bool *read_future = aws_async_input_stream_read_to_fill(async_stream, &buf); + ASSERT_TRUE(aws_future_bool_wait(read_future, MAX_TIMEOUT_NS)); + ASSERT_INT_EQUALS(999, aws_future_bool_get_error(read_future)); + aws_future_bool_release(read_future); + + /* cleanup */ + aws_byte_buf_clean_up(&buf); + aws_async_input_stream_release(async_stream); + aws_io_library_clean_up(); + return 0; +} From af3af9967ff0f093520228b0eb4d55fc0e36b391 Mon Sep 17 00:00:00 2001 From: Michael Graeb Date: Mon, 5 Jun 2023 11:42:31 -0700 Subject: [PATCH 08/44] aws_future functions no longer inline (#577) Rust was having trouble calling `aws_future_bool` functions, due to them only being available as inline. These functions were inline so that the we'd only need 1 declaration macro in a header. It wasn't a performance thing. Fix is to have the macros generate normal non-inline functions, with a DECLARATION macro that goes in a header, and an IMPLEMENTATION macro that goes in a C file. --- include/aws/io/future.h | 169 +++++++++++++++++++++++++--------------- source/future.c | 73 +++++++++++++++++ tests/future_test.c | 3 + tests/future_test.h | 4 +- 4 files changed, 185 insertions(+), 64 deletions(-) diff --git a/include/aws/io/future.h b/include/aws/io/future.h index e9baaa15f..a32969289 100644 --- a/include/aws/io/future.h +++ b/include/aws/io/future.h @@ -123,7 +123,7 @@ bool aws_future_T_wait(struct aws_future_T *future, uint64_t timeout_ns); // // --- Defining new aws_future types --- -// +// TODO UPDATE THESE DOCS // To define new types of aws_future, add the appropriate macro to the appropriate header. // The macros are: // @@ -275,43 +275,59 @@ AWS_IO_API void aws_future_impl_get_result_by_move(struct aws_future_impl *future, void *dst_address); /* Common beginning to all aws_future declarations */ -#define AWS_FUTURE_T_DECLARATION_BEGIN(FUTURE) struct FUTURE; +#define AWS_FUTURE_T_DECLARATION_BEGIN(FUTURE, API) struct FUTURE; + +/* Common beginning to all aws_future implementations */ +#define AWS_FUTURE_T_IMPLEMENTATION_BEGIN(FUTURE) /* Common end to all aws_future declarations */ -#define AWS_FUTURE_T_DECLARATION_END(FUTURE) \ - AWS_STATIC_IMPL struct FUTURE *FUTURE##_acquire(struct FUTURE *future) { \ +#define AWS_FUTURE_T_DECLARATION_END(FUTURE, API) \ + API struct FUTURE *FUTURE##_acquire(struct FUTURE *future); \ + API struct FUTURE *FUTURE##_release(struct FUTURE *future); \ + API void FUTURE##_set_error(struct FUTURE *future, int error_code); \ + API bool FUTURE##_is_done(const struct FUTURE *future); \ + API int FUTURE##_get_error(const struct FUTURE *future); \ + API void FUTURE##_register_callback(struct FUTURE *future, aws_future_callback_fn *on_done, void *user_data); \ + API bool FUTURE##_register_callback_if_not_done( \ + struct FUTURE *future, aws_future_callback_fn *on_done, void *user_data); \ + API void FUTURE##_register_event_loop_callback( \ + struct FUTURE *future, struct aws_event_loop *event_loop, aws_future_callback_fn *on_done, void *user_data); \ + API void FUTURE##_register_channel_callback( \ + struct FUTURE *future, struct aws_channel *channel, aws_future_callback_fn *on_done, void *user_data); \ + API bool FUTURE##_wait(struct FUTURE *future, uint64_t timeout_ns); + +/* Common end to all aws_future implementations */ +#define AWS_FUTURE_T_IMPLEMENTATION_END(FUTURE) \ + struct FUTURE *FUTURE##_acquire(struct FUTURE *future) { \ return (struct FUTURE *)aws_future_impl_acquire((struct aws_future_impl *)future); \ } \ \ - AWS_STATIC_IMPL struct FUTURE *FUTURE##_release(struct FUTURE *future) { \ + struct FUTURE *FUTURE##_release(struct FUTURE *future) { \ return (struct FUTURE *)aws_future_impl_release((struct aws_future_impl *)future); \ } \ \ - AWS_STATIC_IMPL void FUTURE##_set_error(struct FUTURE *future, int error_code) { \ + void FUTURE##_set_error(struct FUTURE *future, int error_code) { \ aws_future_impl_set_error((struct aws_future_impl *)future, error_code); \ } \ \ - AWS_STATIC_IMPL bool FUTURE##_is_done(const struct FUTURE *future) { \ + bool FUTURE##_is_done(const struct FUTURE *future) { \ return aws_future_impl_is_done((const struct aws_future_impl *)future); \ } \ \ - AWS_STATIC_IMPL int FUTURE##_get_error(const struct FUTURE *future) { \ + int FUTURE##_get_error(const struct FUTURE *future) { \ return aws_future_impl_get_error((const struct aws_future_impl *)future); \ } \ \ - AWS_STATIC_IMPL \ void FUTURE##_register_callback(struct FUTURE *future, aws_future_callback_fn *on_done, void *user_data) { \ aws_future_impl_register_callback((struct aws_future_impl *)future, on_done, user_data); \ } \ \ - AWS_STATIC_IMPL \ bool FUTURE##_register_callback_if_not_done( \ struct FUTURE *future, aws_future_callback_fn *on_done, void *user_data) { \ \ return aws_future_impl_register_callback_if_not_done((struct aws_future_impl *)future, on_done, user_data); \ } \ \ - AWS_STATIC_IMPL \ void FUTURE##_register_event_loop_callback( \ struct FUTURE *future, struct aws_event_loop *event_loop, aws_future_callback_fn *on_done, void *user_data) { \ \ @@ -319,14 +335,12 @@ void aws_future_impl_get_result_by_move(struct aws_future_impl *future, void *ds (struct aws_future_impl *)future, event_loop, on_done, user_data); \ } \ \ - AWS_STATIC_IMPL \ void FUTURE##_register_channel_callback( \ struct FUTURE *future, struct aws_channel *channel, aws_future_callback_fn *on_done, void *user_data) { \ \ aws_future_impl_register_channel_callback((struct aws_future_impl *)future, channel, on_done, user_data); \ } \ \ - AWS_STATIC_IMPL \ bool FUTURE##_wait(struct FUTURE *future, uint64_t timeout_ns) { \ return aws_future_impl_wait((struct aws_future_impl *)future, timeout_ns); \ } @@ -350,22 +364,27 @@ void aws_future_T_set_result(const struct aws_future_T *future, T result); T aws_future_T_get_result(const struct aws_future_T *future); */ -#define AWS_DECLARE_FUTURE_T_BY_VALUE(FUTURE, T) \ - AWS_FUTURE_T_DECLARATION_BEGIN(FUTURE) \ - \ - AWS_STATIC_IMPL struct FUTURE *FUTURE##_new(struct aws_allocator *alloc) { \ +#define AWS_FUTURE_T_BY_VALUE_DECLARATION(FUTURE, T, API) \ + AWS_FUTURE_T_DECLARATION_BEGIN(FUTURE, API) \ + API struct FUTURE *FUTURE##_new(struct aws_allocator *alloc); \ + API void FUTURE##_set_result(struct FUTURE *future, T result); \ + API T FUTURE##_get_result(const struct FUTURE *future); \ + AWS_FUTURE_T_DECLARATION_END(FUTURE, API) + +#define AWS_FUTURE_T_BY_VALUE_IMPLEMENTATION(FUTURE, T) \ + AWS_FUTURE_T_IMPLEMENTATION_BEGIN(FUTURE) \ + struct FUTURE *FUTURE##_new(struct aws_allocator *alloc) { \ return (struct FUTURE *)aws_future_impl_new_by_value(alloc, sizeof(T)); \ } \ \ - AWS_STATIC_IMPL void FUTURE##_set_result(struct FUTURE *future, T result) { \ + void FUTURE##_set_result(struct FUTURE *future, T result) { \ aws_future_impl_set_result_by_move((struct aws_future_impl *)future, &result); \ } \ \ - AWS_STATIC_IMPL T FUTURE##_get_result(const struct FUTURE *future) { \ + T FUTURE##_get_result(const struct FUTURE *future) { \ return *(T *)aws_future_impl_get_result_address((const struct aws_future_impl *)future); \ } \ - \ - AWS_FUTURE_T_DECLARATION_END(FUTURE) + AWS_FUTURE_T_IMPLEMENTATION_END(FUTURE) /** * Declares a future that holds T by value, with destructor like: void aws_T_clean_up(T*) @@ -397,50 +416,65 @@ T aws_future_T_get_result_by_move(struct aws_future_T *future); T* aws_future_T_peek_result(const struct aws_future_T *future); */ -#define AWS_DECLARE_FUTURE_T_BY_VALUE_WITH_CLEAN_UP(FUTURE, T, CLEAN_UP_FN) \ - AWS_FUTURE_T_DECLARATION_BEGIN(FUTURE) \ - \ - AWS_STATIC_IMPL struct FUTURE *FUTURE##_new(struct aws_allocator *alloc) { \ +#define AWS_FUTURE_T_BY_VALUE_WITH_CLEAN_UP_DECLARATION(FUTURE, T, API) \ + AWS_FUTURE_T_DECLARATION_BEGIN(FUTURE, API) \ + API struct FUTURE *FUTURE##_new(struct aws_allocator *alloc); \ + API void FUTURE##_set_result_by_move(struct FUTURE *future, T *value_address); \ + API T *FUTURE##_peek_result(const struct FUTURE *future); \ + API T FUTURE##_get_result_by_move(struct FUTURE *future); \ + AWS_FUTURE_T_DECLARATION_END(FUTURE, API) + +#define AWS_FUTURE_T_BY_VALUE_WITH_CLEAN_UP_IMPLEMENTATION(FUTURE, T, CLEAN_UP_FN) \ + AWS_FUTURE_T_IMPLEMENTATION_BEGIN(FUTURE) \ + \ + struct FUTURE *FUTURE##_new(struct aws_allocator *alloc) { \ void (*clean_up_fn)(T *) = CLEAN_UP_FN; /* check clean_up() function signature */ \ return (struct FUTURE *)aws_future_impl_new_by_value_with_clean_up( \ alloc, sizeof(T), (aws_future_impl_result_clean_up_fn)clean_up_fn); \ } \ \ - AWS_STATIC_IMPL void FUTURE##_set_result_by_move(struct FUTURE *future, T *value_address) { \ + void FUTURE##_set_result_by_move(struct FUTURE *future, T *value_address) { \ aws_future_impl_set_result_by_move((struct aws_future_impl *)future, value_address); \ } \ \ - AWS_STATIC_IMPL T *FUTURE##_peek_result(const struct FUTURE *future) { \ + T *FUTURE##_peek_result(const struct FUTURE *future) { \ return aws_future_impl_get_result_address((const struct aws_future_impl *)future); \ } \ \ - AWS_STATIC_IMPL T FUTURE##_get_result_by_move(struct FUTURE *future) { \ + T FUTURE##_get_result_by_move(struct FUTURE *future) { \ T value; \ aws_future_impl_get_result_by_move((struct aws_future_impl *)future, &value); \ return value; \ } \ \ - AWS_FUTURE_T_DECLARATION_END(FUTURE) + AWS_FUTURE_T_IMPLEMENTATION_END(FUTURE) /** * Declares a future that holds T*, with no destructor. */ -#define AWS_DECLARE_FUTURE_T_POINTER(FUTURE, T) \ - AWS_FUTURE_T_DECLARATION_BEGIN(FUTURE) \ +#define AWS_FUTURE_T_POINTER_DECLARATION(FUTURE, T, API) \ + AWS_FUTURE_T_DECLARATION_BEGIN(FUTURE, API) \ + API struct FUTURE *FUTURE##_new(struct aws_allocator *alloc); \ + API void FUTURE##_set_result(struct FUTURE *future, T *result); \ + API T *FUTURE##_get_result(const struct FUTURE *future); \ + AWS_FUTURE_T_DECLARATION_END(FUTURE, API) + +#define AWS_FUTURE_T_POINTER_IMPLEMENTATION(FUTURE, T) \ + AWS_FUTURE_T_IMPLEMENTATION_BEGIN(FUTURE) \ \ - AWS_STATIC_IMPL struct FUTURE *FUTURE##_new(struct aws_allocator *alloc) { \ + struct FUTURE *FUTURE##_new(struct aws_allocator *alloc) { \ return (struct FUTURE *)aws_future_impl_new_pointer(alloc); \ } \ \ - AWS_STATIC_IMPL void FUTURE##_set_result(struct FUTURE *future, T *result) { \ + void FUTURE##_set_result(struct FUTURE *future, T *result) { \ aws_future_impl_set_result_by_move((struct aws_future_impl *)future, &result); \ } \ \ - AWS_STATIC_IMPL T *FUTURE##_get_result(const struct FUTURE *future) { \ + T *FUTURE##_get_result(const struct FUTURE *future) { \ return *(T **)aws_future_impl_get_result_address((const struct aws_future_impl *)future); \ } \ \ - AWS_FUTURE_T_DECLARATION_END(FUTURE) + AWS_FUTURE_T_IMPLEMENTATION_END(FUTURE) /** * Declares a future that holds T*, with destructor like: void aws_T_destroy(T*) @@ -471,30 +505,38 @@ T* aws_future_T_get_result_by_move(struct aws_future_T *future); T* aws_future_T_peek_result(const struct aws_future_T *future); */ -#define AWS_DECLARE_FUTURE_T_POINTER_WITH_DESTROY(FUTURE, T, DESTROY_FN) \ - AWS_FUTURE_T_DECLARATION_BEGIN(FUTURE) \ - \ - AWS_STATIC_IMPL struct FUTURE *FUTURE##_new(struct aws_allocator *alloc) { \ +#define AWS_FUTURE_T_POINTER_WITH_DESTROY_DECLARATION(FUTURE, T, API) \ + AWS_FUTURE_T_DECLARATION_BEGIN(FUTURE, API) \ + API struct FUTURE *FUTURE##_new(struct aws_allocator *alloc); \ + API void FUTURE##_set_result_by_move(struct FUTURE *future, T **pointer_address); \ + API T *FUTURE##_get_result_by_move(struct FUTURE *future); \ + API T *FUTURE##_peek_result(const struct FUTURE *future); \ + AWS_FUTURE_T_DECLARATION_END(FUTURE, API) + +#define AWS_FUTURE_T_POINTER_WITH_DESTROY_IMPLEMENTATION(FUTURE, T, DESTROY_FN) \ + AWS_FUTURE_T_IMPLEMENTATION_BEGIN(FUTURE) \ + \ + struct FUTURE *FUTURE##_new(struct aws_allocator *alloc) { \ void (*destroy_fn)(T *) = DESTROY_FN; /* check destroy() function signature */ \ return (struct FUTURE *)aws_future_impl_new_pointer_with_destroy( \ alloc, (aws_future_impl_result_destroy_fn *)destroy_fn); \ } \ \ - AWS_STATIC_IMPL void FUTURE##_set_result_by_move(struct FUTURE *future, T **pointer_address) { \ + void FUTURE##_set_result_by_move(struct FUTURE *future, T **pointer_address) { \ aws_future_impl_set_result_by_move((struct aws_future_impl *)future, pointer_address); \ } \ \ - AWS_STATIC_IMPL T *FUTURE##_get_result_by_move(struct FUTURE *future) { \ + T *FUTURE##_get_result_by_move(struct FUTURE *future) { \ T *pointer; \ aws_future_impl_get_result_by_move((struct aws_future_impl *)future, &pointer); \ return pointer; \ } \ \ - AWS_STATIC_IMPL T *FUTURE##_peek_result(const struct FUTURE *future) { \ + T *FUTURE##_peek_result(const struct FUTURE *future) { \ return *(T **)aws_future_impl_get_result_address((const struct aws_future_impl *)future); \ } \ \ - AWS_FUTURE_T_DECLARATION_END(FUTURE) + AWS_FUTURE_T_IMPLEMENTATION_END(FUTURE) /** * Declares a future that holds T*, with destructor like: T* aws_T_release(T*) @@ -525,56 +567,59 @@ T* aws_future_T_get_result_by_move(struct aws_future_T *future); T* aws_future_T_peek_result(const struct aws_future_T *future); */ -#define AWS_DECLARE_FUTURE_T_POINTER_WITH_RELEASE(FUTURE, T, RELEASE_FN) \ - AWS_FUTURE_T_DECLARATION_BEGIN(FUTURE) \ - \ - AWS_STATIC_IMPL struct FUTURE *FUTURE##_new(struct aws_allocator *alloc) { \ +#define AWS_FUTURE_T_POINTER_WITH_RELEASE_DECLARATION(FUTURE, T, API) \ + AWS_FUTURE_T_DECLARATION_BEGIN(FUTURE, API) \ + API struct FUTURE *FUTURE##_new(struct aws_allocator *alloc); \ + API void FUTURE##_set_result_by_move(struct FUTURE *future, T **pointer_address); \ + API T *FUTURE##_get_result_by_move(struct FUTURE *future); \ + API T *FUTURE##_peek_result(const struct FUTURE *future); \ + AWS_FUTURE_T_DECLARATION_END(FUTURE, API) + +#define AWS_FUTURE_T_POINTER_WITH_RELEASE_IMPLEMENTATION(FUTURE, T, RELEASE_FN) \ + AWS_FUTURE_T_IMPLEMENTATION_BEGIN(FUTURE) \ + \ + struct FUTURE *FUTURE##_new(struct aws_allocator *alloc) { \ T *(*release_fn)(T *) = RELEASE_FN; /* check release() function signature */ \ return (struct FUTURE *)aws_future_impl_new_pointer_with_release( \ alloc, (aws_future_impl_result_release_fn *)release_fn); \ } \ \ - AWS_STATIC_IMPL void FUTURE##_set_result_by_move(struct FUTURE *future, T **pointer_address) { \ + void FUTURE##_set_result_by_move(struct FUTURE *future, T **pointer_address) { \ aws_future_impl_set_result_by_move((struct aws_future_impl *)future, pointer_address); \ } \ \ - AWS_STATIC_IMPL T *FUTURE##_get_result_by_move(struct FUTURE *future) { \ + T *FUTURE##_get_result_by_move(struct FUTURE *future) { \ T *pointer; \ aws_future_impl_get_result_by_move((struct aws_future_impl *)future, &pointer); \ return pointer; \ } \ \ - AWS_STATIC_IMPL T *FUTURE##_peek_result(const struct FUTURE *future) { \ + T *FUTURE##_peek_result(const struct FUTURE *future) { \ return *(T **)aws_future_impl_get_result_address((const struct aws_future_impl *)future); \ } \ \ - AWS_FUTURE_T_DECLARATION_END(FUTURE) + AWS_FUTURE_T_IMPLEMENTATION_END(FUTURE) /** * aws_future */ -AWS_DECLARE_FUTURE_T_BY_VALUE(aws_future_size, size_t) +AWS_FUTURE_T_BY_VALUE_DECLARATION(aws_future_size, size_t, AWS_IO_API) /** * aws_future */ -AWS_DECLARE_FUTURE_T_BY_VALUE(aws_future_bool, bool) +AWS_FUTURE_T_BY_VALUE_DECLARATION(aws_future_bool, bool, AWS_IO_API) /** * aws_future */ -AWS_FUTURE_T_DECLARATION_BEGIN(aws_future_void) +AWS_FUTURE_T_DECLARATION_BEGIN(aws_future_void, AWS_IO_API) -AWS_STATIC_IMPL struct aws_future_void *aws_future_void_new(struct aws_allocator *alloc) { - /* Use aws_future under the hood, to avoid edge-cases with 0-sized result */ - return (struct aws_future_void *)aws_future_bool_new(alloc); -} +AWS_IO_API struct aws_future_void *aws_future_void_new(struct aws_allocator *alloc); -AWS_STATIC_IMPL void aws_future_void_set_result(struct aws_future_void *future) { - aws_future_bool_set_result((struct aws_future_bool *)future, false); -} +AWS_IO_API void aws_future_void_set_result(struct aws_future_void *future); -AWS_FUTURE_T_DECLARATION_END(aws_future_void) +AWS_FUTURE_T_DECLARATION_END(aws_future_void, AWS_IO_API) AWS_EXTERN_C_END AWS_POP_SANE_WARNING_LEVEL diff --git a/source/future.c b/source/future.c index 4c01b9a6b..92e44fe43 100644 --- a/source/future.c +++ b/source/future.c @@ -467,3 +467,76 @@ bool aws_future_impl_wait(const struct aws_future_impl *future, uint64_t timeout return is_done; } + +// AWS_FUTURE_T_BY_VALUE_IMPLEMENTATION(aws_future_bool, bool) +struct aws_future_bool *aws_future_bool_new(struct aws_allocator *alloc) { + return (struct aws_future_bool *)aws_future_impl_new_by_value(alloc, sizeof(_Bool)); +} +void aws_future_bool_set_result(struct aws_future_bool *future, _Bool result) { + aws_future_impl_set_result_by_move((struct aws_future_impl *)future, &result); +} +_Bool aws_future_bool_get_result(const struct aws_future_bool *future) { + return *(_Bool *)aws_future_impl_get_result_address((const struct aws_future_impl *)future); +} +struct aws_future_bool *aws_future_bool_acquire(struct aws_future_bool *future) { + return (struct aws_future_bool *)aws_future_impl_acquire((struct aws_future_impl *)future); +} +struct aws_future_bool *aws_future_bool_release(struct aws_future_bool *future) { + return (struct aws_future_bool *)aws_future_impl_release((struct aws_future_impl *)future); +} +void aws_future_bool_set_error(struct aws_future_bool *future, int error_code) { + aws_future_impl_set_error((struct aws_future_impl *)future, error_code); +} +_Bool aws_future_bool_is_done(const struct aws_future_bool *future) { + return aws_future_impl_is_done((const struct aws_future_impl *)future); +} +int aws_future_bool_get_error(const struct aws_future_bool *future) { + return aws_future_impl_get_error((const struct aws_future_impl *)future); +} +void aws_future_bool_register_callback( + struct aws_future_bool *future, + aws_future_callback_fn *on_done, + void *user_data) { + aws_future_impl_register_callback((struct aws_future_impl *)future, on_done, user_data); +} +_Bool aws_future_bool_register_callback_if_not_done( + struct aws_future_bool *future, + aws_future_callback_fn *on_done, + void *user_data) { + return aws_future_impl_register_callback_if_not_done((struct aws_future_impl *)future, on_done, user_data); +} +void aws_future_bool_register_event_loop_callback( + struct aws_future_bool *future, + struct aws_event_loop *event_loop, + aws_future_callback_fn *on_done, + void *user_data) { + aws_future_impl_register_event_loop_callback((struct aws_future_impl *)future, event_loop, on_done, user_data); +} +void aws_future_bool_register_channel_callback( + struct aws_future_bool *future, + struct aws_channel *channel, + aws_future_callback_fn *on_done, + void *user_data) { + aws_future_impl_register_channel_callback((struct aws_future_impl *)future, channel, on_done, user_data); +} +_Bool aws_future_bool_wait(struct aws_future_bool *future, uint64_t timeout_ns) { + return aws_future_impl_wait((struct aws_future_impl *)future, timeout_ns); +} + +AWS_FUTURE_T_BY_VALUE_IMPLEMENTATION(aws_future_size, size_t) + +/** + * aws_future + */ +AWS_FUTURE_T_IMPLEMENTATION_BEGIN(aws_future_void) + +struct aws_future_void *aws_future_void_new(struct aws_allocator *alloc) { + /* Use aws_future under the hood, to avoid edge-cases with 0-sized result */ + return (struct aws_future_void *)aws_future_bool_new(alloc); +} + +void aws_future_void_set_result(struct aws_future_void *future) { + aws_future_bool_set_result((struct aws_future_bool *)future, false); +} + +AWS_FUTURE_T_IMPLEMENTATION_END(aws_future_void) diff --git a/tests/future_test.c b/tests/future_test.c index a514d8226..45dfa7cea 100644 --- a/tests/future_test.c +++ b/tests/future_test.c @@ -17,6 +17,9 @@ #define ONE_SEC_IN_NS ((uint64_t)AWS_TIMESTAMP_NANOS) #define MAX_TIMEOUT_NS (10 * ONE_SEC_IN_NS) +AWS_FUTURE_T_POINTER_WITH_DESTROY_IMPLEMENTATION(aws_future_destroyme, struct aws_destroyme, aws_destroyme_destroy); +AWS_FUTURE_T_POINTER_WITH_RELEASE_IMPLEMENTATION(aws_future_refcountme, struct aws_refcountme, aws_refcountme_release); + /* Run through the basics of an AWS_FUTURE_T_BY_VALUE */ static int s_test_future_by_value(struct aws_allocator *alloc, void *ctx) { (void)ctx; diff --git a/tests/future_test.h b/tests/future_test.h index 649589ccc..00d270ebc 100644 --- a/tests/future_test.h +++ b/tests/future_test.h @@ -12,11 +12,11 @@ struct aws_destroyme *aws_destroyme_new(struct aws_allocator *alloc, bool *set_t void aws_destroyme_destroy(struct aws_destroyme *destroyme); /* We get unused-function warnings if this macro is used in a .c file, so put it in a header */ -AWS_DECLARE_FUTURE_T_POINTER_WITH_DESTROY(aws_future_destroyme, struct aws_destroyme, aws_destroyme_destroy); +AWS_FUTURE_T_POINTER_WITH_DESTROY_DECLARATION(aws_future_destroyme, struct aws_destroyme, /*private API*/); struct aws_refcountme *aws_refcountme_new(struct aws_allocator *alloc, bool *set_true_on_death); struct aws_refcountme *aws_refcountme_acquire(struct aws_refcountme *refcountme); struct aws_refcountme *aws_refcountme_release(struct aws_refcountme *refcountme); -AWS_DECLARE_FUTURE_T_POINTER_WITH_RELEASE(aws_future_refcountme, struct aws_refcountme, aws_refcountme_release); +AWS_FUTURE_T_POINTER_WITH_RELEASE_DECLARATION(aws_future_refcountme, struct aws_refcountme, /*private API*/); #endif /* AWS_FUTURE_TEST_H */ From 2ad88d3d7c804ad0224a04afaec59efcf1fa5cd2 Mon Sep 17 00:00:00 2001 From: Michael Graeb Date: Fri, 9 Jun 2023 12:40:17 -0700 Subject: [PATCH 09/44] stream-tester can report how much data was read (#578) --- include/aws/testing/async_stream_tester.h | 7 +++++++ include/aws/testing/stream_tester.h | 8 ++++++++ 2 files changed, 15 insertions(+) diff --git a/include/aws/testing/async_stream_tester.h b/include/aws/testing/async_stream_tester.h index f2098572f..2cdcb1a24 100644 --- a/include/aws/testing/async_stream_tester.h +++ b/include/aws/testing/async_stream_tester.h @@ -220,6 +220,13 @@ void s_async_input_stream_tester_thread(void *arg) { s_async_input_stream_tester_do_actual_destroy(impl); } +AWS_STATIC_IMPL +uint64_t aws_async_input_stream_tester_total_bytes_read(const struct aws_async_input_stream *async_stream) { + const struct aws_async_input_stream_tester *async_impl = async_stream->impl; + const struct aws_input_stream_tester *synchronous_impl = async_impl->source_stream->impl; + return synchronous_impl->total_bytes_read; +} + static struct aws_async_input_stream_vtable s_async_input_stream_tester_vtable = { .destroy = s_async_input_stream_tester_destroy, .read = s_async_input_stream_tester_read, diff --git a/include/aws/testing/stream_tester.h b/include/aws/testing/stream_tester.h index cf4acafd2..1962f29e8 100644 --- a/include/aws/testing/stream_tester.h +++ b/include/aws/testing/stream_tester.h @@ -68,6 +68,7 @@ struct aws_input_stream_tester { struct aws_input_stream *source_stream; size_t read_count; bool num_bytes_last_read; /* number of bytes read in the most recent successful read() */ + uint64_t total_bytes_read; }; AWS_STATIC_IMPL @@ -109,6 +110,7 @@ int s_input_stream_tester_read(struct aws_input_stream *stream, struct aws_byte_ size_t bytes_actually_read = capped_buf.len; original_dest->len += bytes_actually_read; impl->num_bytes_last_read = bytes_actually_read; + impl->total_bytes_read += bytes_actually_read; return AWS_OP_SUCCESS; } @@ -179,6 +181,12 @@ void s_byte_buf_init_autogenned( } } +AWS_STATIC_IMPL +uint64_t aws_input_stream_tester_total_bytes_read(const struct aws_input_stream *stream) { + struct aws_input_stream_tester *impl = stream->impl; + return impl->total_bytes_read; +} + AWS_STATIC_IMPL void s_input_stream_tester_destroy(void *user_data) { struct aws_input_stream_tester *impl = user_data; From cd39bb26db6deb11a35952627e70b6535e4c8ba0 Mon Sep 17 00:00:00 2001 From: Michael Graeb Date: Fri, 9 Jun 2023 13:57:49 -0700 Subject: [PATCH 10/44] Fix build issues with stream-tester files (#580) --- include/aws/testing/async_stream_tester.h | 61 +++++++++++------------ include/aws/testing/stream_tester.h | 55 ++++++++++---------- 2 files changed, 57 insertions(+), 59 deletions(-) diff --git a/include/aws/testing/async_stream_tester.h b/include/aws/testing/async_stream_tester.h index 2cdcb1a24..72fcfd3b7 100644 --- a/include/aws/testing/async_stream_tester.h +++ b/include/aws/testing/async_stream_tester.h @@ -25,19 +25,21 @@ To enable use of this code, set the AWS_UNSTABLE_TESTING_API compiler flag. * You can customize its behavior (e.g. fail on 3rd read, always complete async, always complete synchronously, etc) */ +enum aws_async_read_completion_strategy { + /* the tester has its own thread, and reads always complete from there */ + AWS_ASYNC_READ_COMPLETES_ON_ANOTHER_THREAD, + /* reads complete before read() even returns */ + AWS_ASYNC_READ_COMPLETES_IMMEDIATELY, + /* sometimes reads complete immediately, sometimes they complete on another thread */ + AWS_ASYNC_READ_COMPLETES_ON_RANDOM_THREAD, +}; + struct aws_async_input_stream_tester_options { /* the async tester uses the synchronous tester under the hood, * so here are those options */ struct aws_input_stream_tester_options base; - enum aws_async_read_completion_strategy { - /* the tester has its own thread, and reads always complete from there */ - AWS_ASYNC_READ_COMPLETES_ON_ANOTHER_THREAD, - /* reads complete before read() even returns */ - AWS_ASYNC_READ_COMPLETES_IMMEDIATELY, - /* sometimes reads complete immediately, sometimes they complete on another thread */ - AWS_ASYNC_READ_COMPLETES_ON_RANDOM_THREAD, - } completion_strategy; + enum aws_async_read_completion_strategy completion_strategy; /* if non-zero, a read will take at least this long to complete */ uint64_t read_duration_ns; @@ -65,8 +67,7 @@ struct aws_async_input_stream_tester { struct aws_atomic_var num_outstanding_reads; }; -AWS_STATIC_IMPL -void s_async_input_stream_tester_do_actual_read( +static inline void s_async_input_stream_tester_do_actual_read( struct aws_async_input_stream_tester *impl, struct aws_byte_buf *dest, struct aws_future_bool *read_future) { @@ -109,12 +110,11 @@ void s_async_input_stream_tester_do_actual_read( aws_future_bool_release(read_future); } -AWS_STATIC_IMPL -struct aws_future_bool *s_async_input_stream_tester_read( +static inline struct aws_future_bool *s_async_input_stream_tester_read( struct aws_async_input_stream *stream, struct aws_byte_buf *dest) { - struct aws_async_input_stream_tester *impl = stream->impl; + struct aws_async_input_stream_tester *impl = (struct aws_async_input_stream_tester *)stream->impl; size_t prev_outstanding_reads = aws_atomic_fetch_add(&impl->num_outstanding_reads, 1); AWS_FATAL_ASSERT(prev_outstanding_reads == 0 && "Overlapping read() calls are forbidden"); @@ -151,8 +151,7 @@ struct aws_future_bool *s_async_input_stream_tester_read( return read_future; } -AWS_STATIC_IMPL -void s_async_input_stream_tester_do_actual_destroy(struct aws_async_input_stream_tester *impl) { +static inline void s_async_input_stream_tester_do_actual_destroy(struct aws_async_input_stream_tester *impl) { if (impl->options.completion_strategy != AWS_ASYNC_READ_COMPLETES_IMMEDIATELY) { aws_condition_variable_clean_up(&impl->synced_data.cvar); aws_mutex_clean_up(&impl->synced_data.lock); @@ -163,9 +162,8 @@ void s_async_input_stream_tester_do_actual_destroy(struct aws_async_input_stream } /* refcount has reached zero */ -AWS_STATIC_IMPL -void s_async_input_stream_tester_destroy(struct aws_async_input_stream *async_stream) { - struct aws_async_input_stream_tester *impl = async_stream->impl; +static inline void s_async_input_stream_tester_destroy(struct aws_async_input_stream *async_stream) { + struct aws_async_input_stream_tester *impl = (struct aws_async_input_stream_tester *)async_stream->impl; if (impl->options.completion_strategy == AWS_ASYNC_READ_COMPLETES_IMMEDIATELY) { s_async_input_stream_tester_do_actual_destroy(impl); @@ -181,15 +179,13 @@ void s_async_input_stream_tester_destroy(struct aws_async_input_stream *async_st } } -AWS_STATIC_IMPL -bool s_async_input_stream_tester_thread_pred(void *arg) { - struct aws_async_input_stream_tester *impl = arg; +static inline bool s_async_input_stream_tester_thread_pred(void *arg) { + struct aws_async_input_stream_tester *impl = (struct aws_async_input_stream_tester *)arg; return impl->synced_data.do_shutdown || (impl->synced_data.read_dest != NULL); } -AWS_STATIC_IMPL -void s_async_input_stream_tester_thread(void *arg) { - struct aws_async_input_stream_tester *impl = arg; +static inline void s_async_input_stream_tester_thread(void *arg) { + struct aws_async_input_stream_tester *impl = (struct aws_async_input_stream_tester *)arg; bool do_shutdown = false; struct aws_byte_buf *read_dest = NULL; struct aws_future_bool *read_future = NULL; @@ -220,10 +216,13 @@ void s_async_input_stream_tester_thread(void *arg) { s_async_input_stream_tester_do_actual_destroy(impl); } -AWS_STATIC_IMPL -uint64_t aws_async_input_stream_tester_total_bytes_read(const struct aws_async_input_stream *async_stream) { - const struct aws_async_input_stream_tester *async_impl = async_stream->impl; - const struct aws_input_stream_tester *synchronous_impl = async_impl->source_stream->impl; +static inline uint64_t aws_async_input_stream_tester_total_bytes_read( + const struct aws_async_input_stream *async_stream) { + + const struct aws_async_input_stream_tester *async_impl = + (const struct aws_async_input_stream_tester *)async_stream->impl; + const struct aws_input_stream_tester *synchronous_impl = + (const struct aws_input_stream_tester *)async_impl->source_stream->impl; return synchronous_impl->total_bytes_read; } @@ -232,12 +231,12 @@ static struct aws_async_input_stream_vtable s_async_input_stream_tester_vtable = .read = s_async_input_stream_tester_read, }; -AWS_STATIC_IMPL -struct aws_async_input_stream *aws_async_input_stream_new_tester( +static inline struct aws_async_input_stream *aws_async_input_stream_new_tester( struct aws_allocator *alloc, const struct aws_async_input_stream_tester_options *options) { - struct aws_async_input_stream_tester *impl = aws_mem_calloc(alloc, 1, sizeof(struct aws_async_input_stream_tester)); + struct aws_async_input_stream_tester *impl = + (struct aws_async_input_stream_tester *)aws_mem_calloc(alloc, 1, sizeof(struct aws_async_input_stream_tester)); aws_async_input_stream_init_base(&impl->base, alloc, &s_async_input_stream_tester_vtable, impl); impl->options = *options; aws_atomic_init_int(&impl->num_outstanding_reads, 0); diff --git a/include/aws/testing/stream_tester.h b/include/aws/testing/stream_tester.h index 1962f29e8..faad16a6d 100644 --- a/include/aws/testing/stream_tester.h +++ b/include/aws/testing/stream_tester.h @@ -23,6 +23,12 @@ To enable use of this code, set the AWS_UNSTABLE_TESTING_API compiler flag. * - autogen_length: autogen streaming content N bytes in length. */ +enum aws_autogen_style { + AWS_AUTOGEN_LOREM_IPSUM, + AWS_AUTOGEN_ALPHABET, + AWS_AUTOGEN_NUMBERS, +}; + struct aws_input_stream_tester_options { /* bytes to be streamed. * the stream copies these to its own internal buffer. @@ -36,11 +42,7 @@ struct aws_input_stream_tester_options { size_t autogen_length; /* style of contents (if using autogen) */ - enum aws_autogen_style { - AWS_AUTOGEN_LOREM_IPSUM, - AWS_AUTOGEN_ALPHABET, - AWS_AUTOGEN_NUMBERS, - } autogen_style; + enum aws_autogen_style autogen_style; /* if non-zero, read at most N bytes per read() */ size_t max_bytes_per_read; @@ -71,15 +73,17 @@ struct aws_input_stream_tester { uint64_t total_bytes_read; }; -AWS_STATIC_IMPL -int s_input_stream_tester_seek(struct aws_input_stream *stream, int64_t offset, enum aws_stream_seek_basis basis) { - struct aws_input_stream_tester *impl = AWS_CONTAINER_OF(stream, struct aws_input_stream_tester, base); +static inline int s_input_stream_tester_seek( + struct aws_input_stream *stream, + int64_t offset, + enum aws_stream_seek_basis basis) { + + struct aws_input_stream_tester *impl = (struct aws_input_stream_tester *)stream->impl; return aws_input_stream_seek(impl->source_stream, offset, basis); } -AWS_STATIC_IMPL -int s_input_stream_tester_read(struct aws_input_stream *stream, struct aws_byte_buf *original_dest) { - struct aws_input_stream_tester *impl = AWS_CONTAINER_OF(stream, struct aws_input_stream_tester, base); +static inline int s_input_stream_tester_read(struct aws_input_stream *stream, struct aws_byte_buf *original_dest) { + struct aws_input_stream_tester *impl = (struct aws_input_stream_tester *)stream->impl; impl->read_count++; @@ -115,9 +119,8 @@ int s_input_stream_tester_read(struct aws_input_stream *stream, struct aws_byte_ return AWS_OP_SUCCESS; } -AWS_STATIC_IMPL -int s_input_stream_tester_get_status(struct aws_input_stream *stream, struct aws_stream_status *status) { - struct aws_input_stream_tester *impl = AWS_CONTAINER_OF(stream, struct aws_input_stream_tester, base); +static inline int s_input_stream_tester_get_status(struct aws_input_stream *stream, struct aws_stream_status *status) { + struct aws_input_stream_tester *impl = (struct aws_input_stream_tester *)stream->impl; if (aws_input_stream_get_status(impl->source_stream, status)) { return AWS_OP_ERR; } @@ -132,9 +135,8 @@ int s_input_stream_tester_get_status(struct aws_input_stream *stream, struct aws return AWS_OP_SUCCESS; } -AWS_STATIC_IMPL -int s_input_stream_tester_get_length(struct aws_input_stream *stream, int64_t *out_length) { - struct aws_input_stream_tester *impl = AWS_CONTAINER_OF(stream, struct aws_input_stream_tester, base); +static inline int s_input_stream_tester_get_length(struct aws_input_stream *stream, int64_t *out_length) { + struct aws_input_stream_tester *impl = (struct aws_input_stream_tester *)stream->impl; return aws_input_stream_get_length(impl->source_stream, out_length); } @@ -146,8 +148,7 @@ static struct aws_input_stream_vtable s_input_stream_tester_vtable = { }; /* init byte-buf and fill it autogenned content */ -AWS_STATIC_IMPL -void s_byte_buf_init_autogenned( +static inline void s_byte_buf_init_autogenned( struct aws_byte_buf *buf, struct aws_allocator *alloc, size_t length, @@ -181,26 +182,24 @@ void s_byte_buf_init_autogenned( } } -AWS_STATIC_IMPL -uint64_t aws_input_stream_tester_total_bytes_read(const struct aws_input_stream *stream) { - struct aws_input_stream_tester *impl = stream->impl; +static inline uint64_t aws_input_stream_tester_total_bytes_read(const struct aws_input_stream *stream) { + const struct aws_input_stream_tester *impl = (const struct aws_input_stream_tester *)stream->impl; return impl->total_bytes_read; } -AWS_STATIC_IMPL -void s_input_stream_tester_destroy(void *user_data) { - struct aws_input_stream_tester *impl = user_data; +static inline void s_input_stream_tester_destroy(void *user_data) { + struct aws_input_stream_tester *impl = (struct aws_input_stream_tester *)user_data; aws_input_stream_release(impl->source_stream); aws_byte_buf_clean_up(&impl->source_buf); aws_mem_release(impl->alloc, impl); } -AWS_STATIC_IMPL -struct aws_input_stream *aws_input_stream_new_tester( +static inline struct aws_input_stream *aws_input_stream_new_tester( struct aws_allocator *alloc, const struct aws_input_stream_tester_options *options) { - struct aws_input_stream_tester *impl = aws_mem_calloc(alloc, 1, sizeof(struct aws_input_stream_tester)); + struct aws_input_stream_tester *impl = + (struct aws_input_stream_tester *)aws_mem_calloc(alloc, 1, sizeof(struct aws_input_stream_tester)); impl->base.impl = impl; impl->base.vtable = &s_input_stream_tester_vtable; aws_ref_count_init(&impl->base.ref_count, impl, s_input_stream_tester_destroy); From c3f95ebf3d6d1608e1656bb08eca05e303cc4fd3 Mon Sep 17 00:00:00 2001 From: Dengke Tang Date: Fri, 9 Jun 2023 14:14:05 -0700 Subject: [PATCH 11/44] fix compiler warning (#579) --- source/future.c | 1 + 1 file changed, 1 insertion(+) diff --git a/source/future.c b/source/future.c index 92e44fe43..be213184b 100644 --- a/source/future.c +++ b/source/future.c @@ -295,6 +295,7 @@ static void s_future_impl_set_done(struct aws_future_impl *future, void *src_add future->error_code = error_code; } else { future->owns_result = true; + AWS_FATAL_ASSERT(src_address != NULL); memcpy(aws_future_impl_get_result_address(future), src_address, future->sizeof_result); } From 1f9a085027c5e0f3e0c0e2a9fbe685f12af8105d Mon Sep 17 00:00:00 2001 From: Bret Ambrose Date: Fri, 30 Jun 2023 09:13:08 -0700 Subject: [PATCH 12/44] Cleanup aws-lc thread locals in event loop threads (#581) * Cleanup aws-lc thread locals in event loop threads --------- Co-authored-by: Bret Ambrose --- .github/workflows/proof-alarm.yml | 2 +- source/bsd/kqueue_event_loop.c | 9 +++++++++ source/linux/epoll_event_loop.c | 9 +++++++++ 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/.github/workflows/proof-alarm.yml b/.github/workflows/proof-alarm.yml index f5367810a..d4b267f60 100644 --- a/.github/workflows/proof-alarm.yml +++ b/.github/workflows/proof-alarm.yml @@ -16,7 +16,7 @@ jobs: - name: Check run: | TMPFILE=$(mktemp) - echo "8391c38acd85cca2a2892d02ebfd4ceb source/linux/epoll_event_loop.c" > $TMPFILE + echo "59be2f2fbbd5ff4a374589cfe408609f source/linux/epoll_event_loop.c" > $TMPFILE md5sum --check $TMPFILE # No further steps if successful diff --git a/source/bsd/kqueue_event_loop.c b/source/bsd/kqueue_event_loop.c index 43130fa49..33a517e7b 100644 --- a/source/bsd/kqueue_event_loop.c +++ b/source/bsd/kqueue_event_loop.c @@ -7,6 +7,7 @@ #include +#include #include #include #include @@ -821,6 +822,12 @@ static int aws_event_loop_listen_for_io_events(int kq_fd, struct kevent kevents[ return kevent(kq_fd, NULL /*changelist*/, 0 /*nchanges*/, kevents /*eventlist*/, MAX_EVENTS /*nevents*/, timeout); } +static void s_aws_kqueue_cleanup_aws_lc_thread_local_state(void *user_data) { + (void)user_data; + + aws_cal_thread_clean_up(); +} + static void aws_event_loop_thread(void *user_data) { struct aws_event_loop *event_loop = user_data; AWS_LOGF_INFO(AWS_LS_IO_EVENT_LOOP, "id=%p: main loop started", (void *)event_loop); @@ -852,6 +859,8 @@ static void aws_event_loop_thread(void *user_data) { DEFAULT_TIMEOUT_SEC, MAX_EVENTS); + aws_thread_current_at_exit(s_aws_kqueue_cleanup_aws_lc_thread_local_state, NULL); + while (impl->thread_data.state == EVENT_THREAD_STATE_RUNNING) { int num_io_handle_events = 0; bool should_process_cross_thread_data = false; diff --git a/source/linux/epoll_event_loop.c b/source/linux/epoll_event_loop.c index af1ed765d..5eacac915 100644 --- a/source/linux/epoll_event_loop.c +++ b/source/linux/epoll_event_loop.c @@ -5,6 +5,7 @@ #include +#include #include #include #include @@ -562,6 +563,12 @@ static int aws_event_loop_listen_for_io_events(int epoll_fd, struct epoll_event return epoll_wait(epoll_fd, events, MAX_EVENTS, timeout); } +static void s_aws_epoll_cleanup_aws_lc_thread_local_state(void *user_data) { + (void)user_data; + + aws_cal_thread_clean_up(); +} + static void aws_event_loop_thread(void *args) { struct aws_event_loop *event_loop = args; AWS_LOGF_INFO(AWS_LS_IO_EVENT_LOOP, "id=%p: main loop started", (void *)event_loop); @@ -576,6 +583,8 @@ static void aws_event_loop_thread(void *args) { return; } + aws_thread_current_at_exit(s_aws_epoll_cleanup_aws_lc_thread_local_state, NULL); + int timeout = DEFAULT_TIMEOUT; struct epoll_event events[MAX_EVENTS]; From e87baa29fb621c8b42146c0206867f012f1acf23 Mon Sep 17 00:00:00 2001 From: Dengke Tang Date: Wed, 5 Jul 2023 17:21:07 -0700 Subject: [PATCH 13/44] Support Input Stream from read-only file (#582) Co-authored-by: Michael Graeb --- source/stream.c | 2 +- tests/CMakeLists.txt | 54 +++++++++++++------------ tests/stream_test.c | 94 ++++++++++++++++++++++++++++++++------------ 3 files changed, 99 insertions(+), 51 deletions(-) diff --git a/source/stream.c b/source/stream.c index b8040946d..968449949 100644 --- a/source/stream.c +++ b/source/stream.c @@ -287,7 +287,7 @@ struct aws_input_stream *aws_input_stream_new_from_file(struct aws_allocator *al struct aws_input_stream_file_impl *impl = aws_mem_calloc(allocator, 1, sizeof(struct aws_input_stream_file_impl)); - impl->file = aws_fopen(file_name, "r+b"); + impl->file = aws_fopen(file_name, "rb"); if (impl->file == NULL) { goto on_error; } diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 710cd7af7..e59e7b22a 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -32,9 +32,10 @@ add_pipe_test_case(pipe_clean_up_cancels_pending_writes) add_test_case(event_loop_xthread_scheduled_tasks_execute) add_test_case(event_loop_canceled_tasks_run_in_el_thread) -if (USE_IO_COMPLETION_PORTS) + +if(USE_IO_COMPLETION_PORTS) add_test_case(event_loop_completion_events) -else () +else() add_test_case(event_loop_subscribe_unsubscribe) add_test_case(event_loop_writable_event_on_subscribe) add_test_case(event_loop_no_readable_event_before_write) @@ -42,7 +43,7 @@ else () add_test_case(event_loop_readable_event_on_subscribe_if_data_present) add_test_case(event_loop_readable_event_on_2nd_time_readable) add_test_case(event_loop_no_events_after_unsubscribe) -endif () +endif() add_test_case(event_loop_stop_then_restart) add_test_case(event_loop_multiple_stops) @@ -58,9 +59,10 @@ add_net_test_case(udp_socket_communication) add_test_case(udp_bind_connect_communication) add_net_test_case(connect_timeout) add_net_test_case(connect_timeout_cancelation) -if (USE_VSOCK) - add_test_case(vsock_loopback_socket_communication) -endif () + +if(USE_VSOCK) + add_test_case(vsock_loopback_socket_communication) +endif() add_test_case(outgoing_local_sock_errors) add_test_case(outgoing_tcp_sock_error) @@ -75,7 +77,7 @@ add_test_case(cleanup_in_accept_doesnt_explode) add_test_case(cleanup_in_write_cb_doesnt_explode) add_test_case(sock_write_cb_is_async) -if (WIN32) +if(WIN32) add_test_case(local_socket_pipe_connected_race) endif() @@ -120,8 +122,8 @@ add_test_case(socket_handler_echo_and_backpressure) add_test_case(socket_handler_close) add_test_case(socket_pinned_event_loop) -if (NOT BYO_CRYPTO) - if (USE_S2N) +if(NOT BYO_CRYPTO) + if(USE_S2N) add_net_test_case(default_pki_path_exists) endif() @@ -131,11 +133,11 @@ if (NOT BYO_CRYPTO) # # We don't use the interception suite since that's a host configuration issue # We also don't check the domain security policy suite: - # 1. s2n does not support revocation checks and we do not currently enable any revocation checks - # in windows or osx, although we may add configurable support to those platforms(off-by-default) at a - # later date - # 2. s2n does not support public key pinning and, given its deprecated and http-centric position, there are no - # plans to add support nor investigate osx/windows support as well. + # 1. s2n does not support revocation checks and we do not currently enable any revocation checks + # in windows or osx, although we may add configurable support to those platforms(off-by-default) at a + # later date + # 2. s2n does not support public key pinning and, given its deprecated and http-centric position, there are no + # plans to add support nor investigate osx/windows support as well. # Badssl - Certificate Validation endpoint suite # For each failure case, we also include a positive test that verifies success when peer verification is disabled @@ -161,13 +163,13 @@ if (NOT BYO_CRYPTO) # Badssl - Legacy crypto suite, includes both negative and positive tests, with override checks where appropriate # Our current baseline/default is platform-specific, whereas badssl expects a baseline of 1.2 - # Linux - tls1.1 - # Windows - system default (1.0 is the only thing we could reasonable fixate to given win7 support) - # Mac - system default + # Linux - tls1.1 + # Windows - system default (1.0 is the only thing we could reasonable fixate to given win7 support) + # Mac - system default # We skip the cbc and 3des checks, as a positive connection result there does not yet represent a security risk # We don't include dh2048 as it succeeds on the windows baseline configuration and there does not seem # to be a way to disable it - if(NOT (WIN32 AND NOT CMAKE_SYSTEM_VERSION MATCHES "10\.0\.1.*")) + if(NOT(WIN32 AND NOT CMAKE_SYSTEM_VERSION MATCHES "10\.0\.1.*")) # Skip TLS 1.0 and TLS 1.1 test for windows later than windows server 2022, as they droped old TLS add_net_test_case(tls_client_channel_negotiation_error_legacy_crypto_tls10) add_net_test_case(tls_client_channel_negotiation_override_legacy_crypto_tls10) @@ -197,6 +199,7 @@ if (NOT BYO_CRYPTO) add_net_test_case(tls_client_channel_negotiation_success_rsa2048) add_net_test_case(tls_client_channel_negotiation_success_ecc256) add_net_test_case(tls_client_channel_negotiation_success_ecc384) + # add_net_test_case(tls_client_channel_negotiation_success_extended_validation) test disabled until badssl updates cert (expired 2022.08.10) add_net_test_case(tls_client_channel_negotiation_success_mozilla_modern) @@ -253,6 +256,7 @@ add_test_case(test_input_stream_file_seek_end) add_test_case(test_input_stream_memory_length) add_test_case(test_input_stream_file_length) add_test_case(test_input_stream_binary) +add_test_case(test_input_stream_read_only) add_test_case(async_input_stream_fill_completes_on_thread) add_test_case(async_input_stream_fill_completes_immediately) @@ -264,7 +268,7 @@ add_test_case(open_channel_statistics_test) add_test_case(shared_library_open_failure) -if (BUILD_SHARED_LIBS) +if(BUILD_SHARED_LIBS) add_test_case(shared_library_open_success) add_test_case(shared_library_find_function_failure) add_test_case(shared_library_find_function_success) @@ -283,7 +287,7 @@ add_test_case(test_standard_retry_strategy_failure_exhausts_bucket) add_test_case(test_standard_retry_strategy_failure_recovers) # See PKCS11.md for instructions on running these tests -if (ENABLE_PKCS11_TESTS) +if(ENABLE_PKCS11_TESTS) add_test_case(pkcs11_lib_sanity_check) add_test_case(pkcs11_lib_behavior_default) add_test_case(pkcs11_lib_behavior_omit_initialize) @@ -306,7 +310,7 @@ if (ENABLE_PKCS11_TESTS) add_test_case(pkcs11_login_tests) # TLS with PKCS#11 not currently supported on every platform - if (USE_S2N) + if(USE_S2N) add_test_case(pkcs11_tls_rsa_negotiation_succeeds) add_test_case(pkcs11_tls_ec_negotiation_succeeds) endif() @@ -315,11 +319,11 @@ endif() set(TEST_BINARY_NAME ${PROJECT_NAME}-tests) generate_test_driver(${TEST_BINARY_NAME}) -if (USE_S2N) +if(USE_S2N) target_compile_definitions(${PROJECT_NAME}-tests PRIVATE "-DUSE_S2N") endif() -#SSL certificates to use for testing. +# SSL certificates to use for testing. add_custom_command(TARGET ${TEST_BINARY_NAME} PRE_BUILD - COMMAND ${CMAKE_COMMAND} -E copy_directory - ${CMAKE_CURRENT_SOURCE_DIR}/resources $) + COMMAND ${CMAKE_COMMAND} -E copy_directory + ${CMAKE_CURRENT_SOURCE_DIR}/resources $) diff --git a/tests/stream_test.c b/tests/stream_test.c index 0af7b5ca8..355804550 100644 --- a/tests/stream_test.c +++ b/tests/stream_test.c @@ -9,14 +9,18 @@ #include #include +#include + +#ifdef _WIN32 +# include +#endif + AWS_STATIC_STRING_FROM_LITERAL(s_simple_test, "SimpleTest"); /* 0x1A represents the Windows end-of-file character. Having this in the test data set allows us to verify that file * stream reads on binary files do not terminate early on Windows.*/ const uint8_t s_simple_binary_test[] = {'a', 'b', 'c', 'd', 'e', 'f', 0x1A, 'g', 'h', 'i', 'j', 'k'}; -const char *s_test_file_name = "stream.dat"; - static struct aws_input_stream *s_create_memory_stream(struct aws_allocator *allocator) { struct aws_byte_cursor test_cursor = aws_byte_cursor_from_string(s_simple_test); return aws_input_stream_new_from_cursor(allocator, &test_cursor); @@ -26,30 +30,48 @@ static void s_destroy_memory_stream(struct aws_input_stream *stream) { aws_input_stream_destroy(stream); } -static struct aws_input_stream *s_create_file_stream(struct aws_allocator *allocator) { - remove(s_test_file_name); +static struct aws_input_stream *s_create_file_stream(struct aws_allocator *allocator, const char *file_path) { + remove(file_path); - FILE *file = aws_fopen(s_test_file_name, "w+"); + FILE *file = aws_fopen(file_path, "w"); fprintf(file, "%s", (char *)s_simple_test->bytes); fclose(file); - return aws_input_stream_new_from_file(allocator, s_test_file_name); + return aws_input_stream_new_from_file(allocator, file_path); } -static struct aws_input_stream *s_create_binary_file_stream(struct aws_allocator *allocator) { - remove(s_test_file_name); +static struct aws_input_stream *s_create_binary_file_stream(struct aws_allocator *allocator, const char *file_path) { + remove(file_path); - FILE *file = aws_fopen(s_test_file_name, "w+b"); + FILE *file = aws_fopen(file_path, "wb"); fwrite(s_simple_binary_test, sizeof(uint8_t), sizeof(s_simple_binary_test), file); fclose(file); - return aws_input_stream_new_from_file(allocator, s_test_file_name); + return aws_input_stream_new_from_file(allocator, file_path); } -static void s_destroy_file_stream(struct aws_input_stream *stream) { +static struct aws_input_stream *s_create_read_only_file_stream(struct aws_allocator *allocator, const char *file_path) { + remove(file_path); + + FILE *file = aws_fopen(file_path, "w"); + fprintf(file, "%s", (char *)s_simple_test->bytes); + fclose(file); +#ifdef _WIN32 + if (_chmod(file_path, _S_IREAD)) { + return NULL; + } +#else + if (chmod(file_path, S_IRUSR | S_IRGRP | S_IROTH)) { + return NULL; + } +#endif + return aws_input_stream_new_from_file(allocator, file_path); +} + +static void s_destroy_file_stream(struct aws_input_stream *stream, const char *file_path) { aws_input_stream_destroy(stream); - remove(s_test_file_name); + remove(file_path); } static int s_do_simple_input_stream_test( @@ -125,12 +147,13 @@ AWS_TEST_CASE(test_input_stream_memory_iterate, s_test_input_stream_memory_itera static int s_test_input_stream_file_simple(struct aws_allocator *allocator, void *ctx) { (void)ctx; - struct aws_input_stream *stream = s_create_file_stream(allocator); + const char *file_path = "test_input_stream_file_simple.txt"; /* unique name */ + struct aws_input_stream *stream = s_create_file_stream(allocator, file_path); struct aws_byte_cursor test_cursor = aws_byte_cursor_from_string(s_simple_test); ASSERT_TRUE(s_do_simple_input_stream_test(stream, allocator, 100, &test_cursor) == AWS_OP_SUCCESS); - s_destroy_file_stream(stream); + s_destroy_file_stream(stream, file_path); return AWS_OP_SUCCESS; } @@ -140,12 +163,13 @@ AWS_TEST_CASE(test_input_stream_file_simple, s_test_input_stream_file_simple); static int s_test_input_stream_file_iterate(struct aws_allocator *allocator, void *ctx) { (void)ctx; - struct aws_input_stream *stream = s_create_file_stream(allocator); + const char *file_path = "test_input_stream_file_iterate.txt"; /* unique name */ + struct aws_input_stream *stream = s_create_file_stream(allocator, file_path); struct aws_byte_cursor test_cursor = aws_byte_cursor_from_string(s_simple_test); ASSERT_TRUE(s_do_simple_input_stream_test(stream, allocator, 2, &test_cursor) == AWS_OP_SUCCESS); - s_destroy_file_stream(stream); + s_destroy_file_stream(stream, file_path); return AWS_OP_SUCCESS; } @@ -196,7 +220,8 @@ AWS_TEST_CASE(test_input_stream_memory_seek_beginning, s_test_input_stream_memor static int s_test_input_stream_file_seek_beginning(struct aws_allocator *allocator, void *ctx) { (void)ctx; - struct aws_input_stream *stream = s_create_file_stream(allocator); + const char *file_path = "test_input_stream_file_seek_beginning.txt"; /* unique name */ + struct aws_input_stream *stream = s_create_file_stream(allocator, file_path); struct aws_byte_cursor test_cursor = aws_byte_cursor_from_string(s_simple_test); aws_byte_cursor_advance(&test_cursor, SEEK_BEGINNING_OFFSET); @@ -204,7 +229,7 @@ static int s_test_input_stream_file_seek_beginning(struct aws_allocator *allocat s_do_input_stream_seek_test(stream, allocator, SEEK_BEGINNING_OFFSET, AWS_SSB_BEGIN, &test_cursor) == AWS_OP_SUCCESS); - s_destroy_file_stream(stream); + s_destroy_file_stream(stream, file_path); return AWS_OP_SUCCESS; } @@ -279,14 +304,15 @@ AWS_TEST_CASE(test_input_stream_memory_seek_multiple_times, s_test_input_stream_ static int s_test_input_stream_file_seek_end(struct aws_allocator *allocator, void *ctx) { (void)ctx; - struct aws_input_stream *stream = s_create_file_stream(allocator); + const char *file_path = "test_input_stream_file_seek_end.txt"; /* unique name */ + struct aws_input_stream *stream = s_create_file_stream(allocator, file_path); struct aws_byte_cursor test_cursor = aws_byte_cursor_from_string(s_simple_test); aws_byte_cursor_advance(&test_cursor, (size_t)((int64_t)s_simple_test->len + SEEK_END_OFFSET)); ASSERT_TRUE( s_do_input_stream_seek_test(stream, allocator, SEEK_END_OFFSET, AWS_SSB_END, &test_cursor) == AWS_OP_SUCCESS); - s_destroy_file_stream(stream); + s_destroy_file_stream(stream, file_path); return AWS_OP_SUCCESS; } @@ -360,8 +386,8 @@ AWS_TEST_CASE(test_input_stream_memory_length, s_test_input_stream_memory_length static int s_test_input_stream_file_length(struct aws_allocator *allocator, void *ctx) { (void)ctx; - struct aws_input_stream *stream = s_create_file_stream(allocator); - + const char *file_path = "test_input_stream_file_length.txt"; /* unique name */ + struct aws_input_stream *stream = s_create_file_stream(allocator, file_path); int64_t length = 0; ASSERT_TRUE(aws_input_stream_get_length(stream, &length) == AWS_OP_SUCCESS); ASSERT_TRUE(length == (int64_t)s_simple_test->len); @@ -372,7 +398,7 @@ static int s_test_input_stream_file_length(struct aws_allocator *allocator, void ASSERT_TRUE(aws_input_stream_get_length(stream, &length) == AWS_OP_SUCCESS); ASSERT_TRUE(length == (int64_t)s_simple_test->len); - s_destroy_file_stream(stream); + s_destroy_file_stream(stream, file_path); return AWS_OP_SUCCESS; } @@ -382,7 +408,8 @@ AWS_TEST_CASE(test_input_stream_file_length, s_test_input_stream_file_length); static int s_test_input_stream_binary(struct aws_allocator *allocator, void *ctx) { (void)ctx; - struct aws_input_stream *stream = s_create_binary_file_stream(allocator); + const char *file_path = "test_input_stream_binary.dat"; /* unique name */ + struct aws_input_stream *stream = s_create_binary_file_stream(allocator, file_path); struct aws_byte_cursor test_cursor = { .ptr = (uint8_t *)s_simple_binary_test, @@ -391,9 +418,26 @@ static int s_test_input_stream_binary(struct aws_allocator *allocator, void *ctx ASSERT_TRUE(s_do_simple_input_stream_test(stream, allocator, 100, &test_cursor) == AWS_OP_SUCCESS); - s_destroy_file_stream(stream); + s_destroy_file_stream(stream, file_path); return AWS_OP_SUCCESS; } AWS_TEST_CASE(test_input_stream_binary, s_test_input_stream_binary); + +static int s_test_input_stream_read_only(struct aws_allocator *allocator, void *ctx) { + (void)ctx; + + const char *file_path = "test_input_stream_read_only.txt"; /* unique name */ + struct aws_input_stream *stream = s_create_read_only_file_stream(allocator, file_path); + ASSERT_NOT_NULL(stream); + + struct aws_byte_cursor test_cursor = aws_byte_cursor_from_string(s_simple_test); + ASSERT_TRUE(s_do_simple_input_stream_test(stream, allocator, 100, &test_cursor) == AWS_OP_SUCCESS); + + s_destroy_file_stream(stream, file_path); + + return AWS_OP_SUCCESS; +} + +AWS_TEST_CASE(test_input_stream_read_only, s_test_input_stream_read_only); From 0642c68425f126e833fcf91bdc53dfc32366d0ba Mon Sep 17 00:00:00 2001 From: Michael Graeb Date: Fri, 14 Jul 2023 10:43:16 -0700 Subject: [PATCH 14/44] Change S2N security policy for 0-RTT in TLS 1.3 (#585) Change default S2N security policies to ones that prioritize P-256 in TLS 1.3 key, allowing zero round-trip connection setup to AWS servers supporting TLS 1.3 --- builder.json | 1 - source/s2n/s2n_tls_channel_handler.c | 41 +++++++++++++++++++--------- tests/tls_handler_test.c | 1 + 3 files changed, 29 insertions(+), 14 deletions(-) diff --git a/builder.json b/builder.json index b7ab5ce16..c44ce1dba 100644 --- a/builder.json +++ b/builder.json @@ -5,7 +5,6 @@ { "name": "aws-c-cal" }, { "name": "s2n", - "revision": "v1.3.11", "targets": ["linux", "android"] } ], diff --git a/source/s2n/s2n_tls_channel_handler.c b/source/s2n/s2n_tls_channel_handler.c index 4a7d8bf45..bc30ca73b 100644 --- a/source/s2n/s2n_tls_channel_handler.c +++ b/source/s2n/s2n_tls_channel_handler.c @@ -1372,20 +1372,22 @@ static struct aws_tls_ctx *s_tls_ctx_new( goto cleanup_s2n_config; } + const char *security_policy = NULL; if (options->custom_key_op_handler != NULL) { - /* PKCS#11 integration hasn't been tested with TLS 1.3, so don't use cipher preferences that allow 1.3 */ + /* When custom_key_op_handler is set, don't use security policy that allow TLS 1.3. + * This hack is necessary until our PKCS#11 custom_key_op_handler supports RSA PSS */ switch (options->minimum_tls_version) { case AWS_IO_SSLv3: - s2n_config_set_cipher_preferences(s2n_ctx->s2n_config, "CloudFront-SSL-v-3"); + security_policy = "CloudFront-SSL-v-3"; break; case AWS_IO_TLSv1: - s2n_config_set_cipher_preferences(s2n_ctx->s2n_config, "CloudFront-TLS-1-0-2014"); + security_policy = "CloudFront-TLS-1-0-2014"; break; case AWS_IO_TLSv1_1: - s2n_config_set_cipher_preferences(s2n_ctx->s2n_config, "ELBSecurityPolicy-TLS-1-1-2017-01"); + security_policy = "ELBSecurityPolicy-TLS-1-1-2017-01"; break; case AWS_IO_TLSv1_2: - s2n_config_set_cipher_preferences(s2n_ctx->s2n_config, "ELBSecurityPolicy-TLS-1-2-Ext-2018-06"); + security_policy = "ELBSecurityPolicy-TLS-1-2-Ext-2018-06"; break; case AWS_IO_TLSv1_3: AWS_LOGF_ERROR(AWS_LS_IO_TLS, "TLS 1.3 with PKCS#11 is not supported yet."); @@ -1393,28 +1395,29 @@ static struct aws_tls_ctx *s_tls_ctx_new( goto cleanup_s2n_config; case AWS_IO_TLS_VER_SYS_DEFAULTS: default: - s2n_config_set_cipher_preferences(s2n_ctx->s2n_config, "ELBSecurityPolicy-TLS-1-1-2017-01"); + security_policy = "ELBSecurityPolicy-TLS-1-1-2017-01"; } } else { + /* No custom_key_op_handler is set, use normal security policies */ switch (options->minimum_tls_version) { case AWS_IO_SSLv3: - s2n_config_set_cipher_preferences(s2n_ctx->s2n_config, "AWS-CRT-SDK-SSLv3.0"); + security_policy = "AWS-CRT-SDK-SSLv3.0-2023"; break; case AWS_IO_TLSv1: - s2n_config_set_cipher_preferences(s2n_ctx->s2n_config, "AWS-CRT-SDK-TLSv1.0"); + security_policy = "AWS-CRT-SDK-TLSv1.0-2023"; break; case AWS_IO_TLSv1_1: - s2n_config_set_cipher_preferences(s2n_ctx->s2n_config, "AWS-CRT-SDK-TLSv1.1"); + security_policy = "AWS-CRT-SDK-TLSv1.1-2023"; break; case AWS_IO_TLSv1_2: - s2n_config_set_cipher_preferences(s2n_ctx->s2n_config, "AWS-CRT-SDK-TLSv1.2"); + security_policy = "AWS-CRT-SDK-TLSv1.2-2023"; break; case AWS_IO_TLSv1_3: - s2n_config_set_cipher_preferences(s2n_ctx->s2n_config, "AWS-CRT-SDK-TLSv1.3"); + security_policy = "AWS-CRT-SDK-TLSv1.3-2023"; break; case AWS_IO_TLS_VER_SYS_DEFAULTS: default: - s2n_config_set_cipher_preferences(s2n_ctx->s2n_config, "AWS-CRT-SDK-TLSv1.0"); + security_policy = "AWS-CRT-SDK-TLSv1.0-2023"; } } @@ -1423,7 +1426,7 @@ static struct aws_tls_ctx *s_tls_ctx_new( /* No-Op, if the user configured a minimum_tls_version then a version-specific Cipher Preference was set */ break; case AWS_IO_TLS_CIPHER_PREF_PQ_TLSv1_0_2021_05: - s2n_config_set_cipher_preferences(s2n_ctx->s2n_config, "PQ-TLS-1-0-2021-05-26"); + security_policy = "PQ-TLS-1-0-2021-05-26"; break; default: AWS_LOGF_ERROR(AWS_LS_IO_TLS, "Unrecognized TLS Cipher Preference: %d", options->cipher_pref); @@ -1431,6 +1434,18 @@ static struct aws_tls_ctx *s_tls_ctx_new( goto cleanup_s2n_config; } + AWS_ASSERT(security_policy != NULL); + if (s2n_config_set_cipher_preferences(s2n_ctx->s2n_config, security_policy)) { + AWS_LOGF_ERROR( + AWS_LS_IO_TLS, + "ctx: Failed setting security policy '%s' (newer S2N required?): %s (%s)", + security_policy, + s2n_strerror(s2n_errno, "EN"), + s2n_strerror_debug(s2n_errno, "EN")); + aws_raise_error(AWS_IO_TLS_CTX_ERROR); + goto cleanup_s2n_config; + } + if (aws_tls_options_buf_is_set(&options->certificate) && aws_tls_options_buf_is_set(&options->private_key)) { AWS_LOGF_DEBUG(AWS_LS_IO_TLS, "ctx: Certificate and key have been set, setting them up now."); diff --git a/tests/tls_handler_test.c b/tests/tls_handler_test.c index 3718f675c..b44bc70fa 100644 --- a/tests/tls_handler_test.c +++ b/tests/tls_handler_test.c @@ -1114,6 +1114,7 @@ static int s_verify_good_host( } struct aws_tls_ctx *client_ctx = aws_tls_client_ctx_new(allocator, &client_ctx_options); + ASSERT_NOT_NULL(client_ctx); struct aws_tls_connection_options tls_client_conn_options; aws_tls_connection_options_init_from_ctx(&tls_client_conn_options, client_ctx); From f7bc831dd93a15aeb01e24c4175f205016b077ae Mon Sep 17 00:00:00 2001 From: Waqar Ahmed Khan Date: Fri, 21 Jul 2023 10:31:08 -0700 Subject: [PATCH 15/44] Maximum Backoff Implementation (#587) Co-authored-by: Michael Graeb --- include/aws/io/retry_strategy.h | 2 + source/exponential_backoff_retry_strategy.c | 14 +++-- tests/CMakeLists.txt | 1 + tests/exponential_backoff_retry_test.c | 57 +++++++++++++++++++++ 4 files changed, 71 insertions(+), 3 deletions(-) diff --git a/include/aws/io/retry_strategy.h b/include/aws/io/retry_strategy.h index 8f15d207f..3986db4d4 100644 --- a/include/aws/io/retry_strategy.h +++ b/include/aws/io/retry_strategy.h @@ -112,6 +112,8 @@ struct aws_exponential_backoff_retry_options { size_t max_retries; /** Scaling factor to add for the backoff. Default is 25ms */ uint32_t backoff_scale_factor_ms; + /** Max retry backoff in seconds. Default is 20 seconds */ + uint32_t max_backoff_secs; /** Jitter mode to use, see comments for aws_exponential_backoff_jitter_mode. * Default is AWS_EXPONENTIAL_BACKOFF_JITTER_DEFAULT */ enum aws_exponential_backoff_jitter_mode jitter_mode; diff --git a/source/exponential_backoff_retry_strategy.c b/source/exponential_backoff_retry_strategy.c index 298cca9af..0b2742e65 100644 --- a/source/exponential_backoff_retry_strategy.c +++ b/source/exponential_backoff_retry_strategy.c @@ -26,6 +26,7 @@ struct exponential_backoff_retry_token { struct aws_atomic_var last_backoff; size_t max_retries; uint64_t backoff_scale_factor_ns; + uint64_t maximum_backoff_ns; enum aws_exponential_backoff_jitter_mode jitter_mode; /* Let's not make this worse by constantly moving across threads if we can help it */ struct aws_event_loop *bound_loop; @@ -139,6 +140,8 @@ static int s_exponential_retry_acquire_token( backoff_retry_token->max_retries = exponential_backoff_strategy->config.max_retries; backoff_retry_token->backoff_scale_factor_ns = aws_timestamp_convert( exponential_backoff_strategy->config.backoff_scale_factor_ms, AWS_TIMESTAMP_MILLIS, AWS_TIMESTAMP_NANOS, NULL); + backoff_retry_token->maximum_backoff_ns = aws_timestamp_convert( + exponential_backoff_strategy->config.max_backoff_secs, AWS_TIMESTAMP_SECS, AWS_TIMESTAMP_NANOS, NULL); backoff_retry_token->jitter_mode = exponential_backoff_strategy->config.jitter_mode; backoff_retry_token->generate_random = exponential_backoff_strategy->config.generate_random; backoff_retry_token->generate_random_impl = exponential_backoff_strategy->config.generate_random_impl; @@ -184,7 +187,8 @@ typedef uint64_t(compute_backoff_fn)(struct exponential_backoff_retry_token *tok static uint64_t s_compute_no_jitter(struct exponential_backoff_retry_token *token) { uint64_t retry_count = aws_min_u64(aws_atomic_load_int(&token->current_retry_count), 63); - return aws_mul_u64_saturating((uint64_t)1 << retry_count, token->backoff_scale_factor_ns); + uint64_t backoff_ns = aws_mul_u64_saturating((uint64_t)1 << retry_count, token->backoff_scale_factor_ns); + return aws_min_u64(backoff_ns, token->maximum_backoff_ns); } static uint64_t s_compute_full_jitter(struct exponential_backoff_retry_token *token) { @@ -198,8 +202,8 @@ static uint64_t s_compute_deccorelated_jitter(struct exponential_backoff_retry_t if (!last_backoff_val) { return s_compute_full_jitter(token); } - - return s_random_in_range(token->backoff_scale_factor_ns, aws_mul_u64_saturating(last_backoff_val, 3), token); + uint64_t backoff_ns = aws_min_u64(token->maximum_backoff_ns, aws_mul_u64_saturating(last_backoff_val, 3)); + return s_random_in_range(token->backoff_scale_factor_ns, backoff_ns, token); } static compute_backoff_fn *s_backoff_compute_table[] = { @@ -372,6 +376,10 @@ struct aws_retry_strategy *aws_retry_strategy_new_exponential_backoff( exponential_backoff_strategy->config.backoff_scale_factor_ms = 25; } + if (!exponential_backoff_strategy->config.max_backoff_secs) { + exponential_backoff_strategy->config.max_backoff_secs = 20; + } + if (config->shutdown_options) { exponential_backoff_strategy->shutdown_options = *config->shutdown_options; } diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index e59e7b22a..c75bb0a5d 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -280,6 +280,7 @@ add_test_case(test_exponential_backoff_retry_too_many_retries_decorrelated_jitte add_test_case(test_exponential_backoff_retry_too_many_retries_default_jitter) add_test_case(test_exponential_backoff_retry_client_errors_do_not_count) add_test_case(test_exponential_backoff_retry_no_jitter_time_taken) +add_test_case(test_exponential_max_backoff_retry_no_jitter) add_test_case(test_exponential_backoff_retry_invalid_options) add_test_case(test_standard_retry_strategy_setup_shutdown) diff --git a/tests/exponential_backoff_retry_test.c b/tests/exponential_backoff_retry_test.c index 2d5c53089..a3bf7bde0 100644 --- a/tests/exponential_backoff_retry_test.c +++ b/tests/exponential_backoff_retry_test.c @@ -247,6 +247,63 @@ AWS_TEST_CASE( test_exponential_backoff_retry_no_jitter_time_taken, s_test_exponential_backoff_retry_no_jitter_time_taken_fn) +/* Test that in no jitter mode, max exponential backoff is actually applied as documented. */ +static int s_test_exponential_max_backoff_retry_no_jitter_fn(struct aws_allocator *allocator, void *ctx) { + (void)ctx; + + aws_io_library_init(allocator); + + struct aws_event_loop_group *el_group = aws_event_loop_group_new_default(allocator, 1, NULL); + struct aws_exponential_backoff_retry_options config = { + .max_retries = 3, + .jitter_mode = AWS_EXPONENTIAL_BACKOFF_JITTER_NONE, + .el_group = el_group, + .backoff_scale_factor_ms = 1000, + .max_backoff_secs = 3, + }; + + struct aws_retry_strategy *retry_strategy = aws_retry_strategy_new_exponential_backoff(allocator, &config); + ASSERT_NOT_NULL(retry_strategy); + + struct exponential_backoff_test_data test_data = { + .retry_count = 0, + .failure_error_code = 0, + .mutex = AWS_MUTEX_INIT, + .cvar = AWS_CONDITION_VARIABLE_INIT, + }; + + uint64_t before_time = 0; + ASSERT_SUCCESS(aws_high_res_clock_get_ticks(&before_time)); + ASSERT_SUCCESS(aws_mutex_lock(&test_data.mutex)); + ASSERT_SUCCESS(aws_retry_strategy_acquire_retry_token( + retry_strategy, NULL, s_too_many_retries_test_token_acquired, &test_data, 0)); + + ASSERT_SUCCESS(aws_condition_variable_wait_pred(&test_data.cvar, &test_data.mutex, s_retry_has_failed, &test_data)); + aws_mutex_unlock(&test_data.mutex); + uint64_t after_time = 0; + ASSERT_SUCCESS(aws_high_res_clock_get_ticks(&after_time)); + uint64_t backoff_scale_factor = + aws_timestamp_convert(config.backoff_scale_factor_ms, AWS_TIMESTAMP_MILLIS, AWS_TIMESTAMP_NANOS, NULL); + uint64_t max_backoff_scale_factor = + aws_timestamp_convert(config.max_backoff_secs, AWS_TIMESTAMP_SECS, AWS_TIMESTAMP_NANOS, NULL); + + uint64_t expected_interval = aws_min_u64(max_backoff_scale_factor, 1 * backoff_scale_factor) + + aws_min_u64(max_backoff_scale_factor, 2 * backoff_scale_factor) + + aws_min_u64(max_backoff_scale_factor, 4 * backoff_scale_factor); + ASSERT_TRUE(expected_interval <= after_time - before_time); + + ASSERT_UINT_EQUALS(config.max_retries, test_data.retry_count); + ASSERT_UINT_EQUALS(AWS_IO_MAX_RETRIES_EXCEEDED, test_data.failure_error_code); + + aws_retry_strategy_release(retry_strategy); + aws_event_loop_group_release(el_group); + + aws_io_library_clean_up(); + + return AWS_OP_SUCCESS; +} +AWS_TEST_CASE(test_exponential_max_backoff_retry_no_jitter, s_test_exponential_max_backoff_retry_no_jitter_fn) + /* verify that invalid options cause a failure at creation time. */ static int s_test_exponential_backoff_retry_invalid_options_fn(struct aws_allocator *allocator, void *ctx) { (void)ctx; From a3555c86bd10149a1ab0c1b2810756ec54cfbe3a Mon Sep 17 00:00:00 2001 From: xiazhvera Date: Thu, 3 Aug 2023 00:04:22 -0700 Subject: [PATCH 16/44] Fix: release alpn string before set for tls_ctx_options (#588) * release alpn string before set * Update source/tls_channel_handler.c Co-authored-by: Dengke Tang * clang-format --------- Co-authored-by: Dengke Tang --- source/tls_channel_handler.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/source/tls_channel_handler.c b/source/tls_channel_handler.c index aa80459b7..83955def1 100644 --- a/source/tls_channel_handler.c +++ b/source/tls_channel_handler.c @@ -441,6 +441,8 @@ int aws_tls_ctx_options_init_default_server( } int aws_tls_ctx_options_set_alpn_list(struct aws_tls_ctx_options *options, const char *alpn_list) { + aws_string_destroy(options->alpn_list); + options->alpn_list = aws_string_new_from_c_str(options->allocator, alpn_list); if (!options->alpn_list) { return AWS_OP_ERR; From b8aba4255dad2a26f7dff31331d628b3372ab6fb Mon Sep 17 00:00:00 2001 From: Joseph Klix Date: Wed, 9 Aug 2023 15:03:13 -0700 Subject: [PATCH 17/44] fix permissions for stale issue bot (#590) --- .github/workflows/stale_issue.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/stale_issue.yml b/.github/workflows/stale_issue.yml index 5624eec4b..bdc95a6fd 100644 --- a/.github/workflows/stale_issue.yml +++ b/.github/workflows/stale_issue.yml @@ -9,6 +9,9 @@ jobs: cleanup: runs-on: ubuntu-latest name: Stale issue job + permissions: + issues: write + pull-requests: write steps: - uses: aws-actions/stale-issue-cleanup@v3 with: From c4b661f44497b18201b56ffd200cc478441f6434 Mon Sep 17 00:00:00 2001 From: Waqar Ahmed Khan Date: Thu, 10 Aug 2023 14:19:05 -0700 Subject: [PATCH 18/44] Fix S2N blocked issue (#589) Co-authored-by: Michael Graeb --- include/aws/io/io.h | 2 ++ .../secure_transport_tls_channel_handler.c | 5 ++--- source/io.c | 4 ++++ source/s2n/s2n_tls_channel_handler.c | 19 +++++++++++++++++-- source/windows/secure_channel_tls_handler.c | 6 +++--- 5 files changed, 28 insertions(+), 8 deletions(-) diff --git a/include/aws/io/io.h b/include/aws/io/io.h index 0ce3f2bc8..fc9677fdb 100644 --- a/include/aws/io/io.h +++ b/include/aws/io/io.h @@ -250,6 +250,8 @@ enum aws_io_errors { AWS_IO_STREAM_SEEK_UNSUPPORTED, AWS_IO_STREAM_GET_LENGTH_UNSUPPORTED, + AWS_IO_TLS_ERROR_READ_FAILURE, + AWS_IO_ERROR_END_RANGE = AWS_ERROR_ENUM_END_RANGE(AWS_C_IO_PACKAGE_ID), AWS_IO_INVALID_FILE_HANDLE = AWS_ERROR_INVALID_FILE_HANDLE, }; diff --git a/source/darwin/secure_transport_tls_channel_handler.c b/source/darwin/secure_transport_tls_channel_handler.c index 23e49ad25..5846807e4 100644 --- a/source/darwin/secure_transport_tls_channel_handler.c +++ b/source/darwin/secure_transport_tls_channel_handler.c @@ -639,9 +639,8 @@ static int s_process_read_message( (int)status); if (status != errSSLClosedGraceful) { - aws_raise_error(AWS_IO_TLS_ERROR_ALERT_RECEIVED); - aws_channel_shutdown( - secure_transport_handler->parent_slot->channel, AWS_IO_TLS_ERROR_ALERT_RECEIVED); + aws_raise_error(AWS_IO_TLS_ERROR_READ_FAILURE); + aws_channel_shutdown(secure_transport_handler->parent_slot->channel, AWS_IO_TLS_ERROR_READ_FAILURE); } else { AWS_LOGF_TRACE(AWS_LS_IO_TLS, "id=%p: connection shutting down gracefully.", (void *)handler); aws_channel_shutdown(secure_transport_handler->parent_slot->channel, AWS_ERROR_SUCCESS); diff --git a/source/io.c b/source/io.c index 106ec0f97..b54e44d75 100644 --- a/source/io.c +++ b/source/io.c @@ -300,6 +300,10 @@ static struct aws_error_info s_errors[] = { AWS_DEFINE_ERROR_INFO_IO( AWS_IO_STREAM_GET_LENGTH_UNSUPPORTED, "Get length is not supported in the underlying I/O source."), + AWS_DEFINE_ERROR_INFO_IO( + AWS_IO_TLS_ERROR_READ_FAILURE, + "Failure during TLS read."), + }; /* clang-format on */ diff --git a/source/s2n/s2n_tls_channel_handler.c b/source/s2n/s2n_tls_channel_handler.c index bc30ca73b..01052e8c9 100644 --- a/source/s2n/s2n_tls_channel_handler.c +++ b/source/s2n/s2n_tls_channel_handler.c @@ -523,7 +523,7 @@ static int s_s2n_handler_process_read_message( AWS_LOGF_TRACE( AWS_LS_IO_TLS, "id=%p: Downstream window %llu", (void *)handler, (unsigned long long)downstream_window); - while (processed < downstream_window && blocked == S2N_NOT_BLOCKED) { + while (processed < downstream_window) { struct aws_io_message *outgoing_read_message = aws_channel_acquire_message_from_pool( slot->channel, AWS_IO_MESSAGE_APPLICATION_DATA, downstream_window - processed); @@ -558,9 +558,24 @@ static int s_s2n_handler_process_read_message( if (read < 0) { aws_mem_release(outgoing_read_message->allocator, outgoing_read_message); - continue; + + /* the socket blocked so exit from the loop */ + if (s2n_error_get_type(s2n_errno) == S2N_ERR_T_BLOCKED) { + break; + } + + /* the socket returned a fatal error so shut down */ + AWS_LOGF_ERROR( + AWS_LS_IO_TLS, + "id=%p: S2N failed to read with error: %s (%s)", + (void *)handler, + s2n_strerror(s2n_errno, "EN"), + s2n_strerror_debug(s2n_errno, "EN")); + aws_channel_shutdown(slot->channel, AWS_IO_TLS_ERROR_READ_FAILURE); + return AWS_OP_SUCCESS; }; + /* if read > 0 */ processed += read; outgoing_read_message->message_data.len = (size_t)read; diff --git a/source/windows/secure_channel_tls_handler.c b/source/windows/secure_channel_tls_handler.c index 415da7034..9ede8ded5 100644 --- a/source/windows/secure_channel_tls_handler.c +++ b/source/windows/secure_channel_tls_handler.c @@ -1053,7 +1053,7 @@ static int s_do_application_data_decrypt(struct aws_channel_handler *handler) { int error = AWS_OP_ERR; /* when we get an Extra buffer we have to move the pointer and replay the buffer, so we loop until we don't have any extra buffers left over, in the last phase, we then go ahead and send the output. This state function will - always say BLOCKED_ON_READ or SUCCESS. There will never be left over reads.*/ + always say BLOCKED_ON_READ, AWS_IO_TLS_ERROR_READ_FAILURE or SUCCESS. There will never be left over reads.*/ do { error = AWS_OP_ERR; /* 4 buffers are needed, only one is input, the others get zeroed out for the output operation. */ @@ -1079,6 +1079,7 @@ static int s_do_application_data_decrypt(struct aws_channel_handler *handler) { SECURITY_STATUS status = DecryptMessage(&sc_handler->sec_handle, &buffer_desc, 0, NULL); if (status == SEC_E_OK) { + error = AWS_OP_SUCCESS; /* if SECBUFFER_DATA is the buffer type of the second buffer, we have decrypted data to process. If SECBUFFER_DATA is the type for the fourth buffer we need to keep track of it so we can shift everything before doing another decrypt operation. @@ -1144,8 +1145,7 @@ static int s_do_application_data_decrypt(struct aws_channel_handler *handler) { } else { AWS_LOGF_ERROR( AWS_LS_IO_TLS, "id=%p: Error decrypting message. SECURITY_STATUS is %d.", (void *)handler, (int)status); - int aws_error = s_determine_sspi_error(status); - aws_raise_error(aws_error); + aws_raise_error(AWS_IO_TLS_ERROR_READ_FAILURE); } } while (sc_handler->read_extra); From e61253933b3b1878f4f2048e6275d6c16d52c113 Mon Sep 17 00:00:00 2001 From: Dengke Tang Date: Thu, 24 Aug 2023 10:37:20 -0700 Subject: [PATCH 19/44] downgrade log for socket connect and client bootstrap (#594) --- source/channel_bootstrap.c | 26 +++++++++++++++----------- source/posix/socket.c | 10 +++++----- source/windows/iocp/socket.c | 16 ++++++++-------- 3 files changed, 28 insertions(+), 24 deletions(-) diff --git a/source/channel_bootstrap.c b/source/channel_bootstrap.c index 4eac91745..dfafe02fc 100644 --- a/source/channel_bootstrap.c +++ b/source/channel_bootstrap.c @@ -567,10 +567,6 @@ static void s_attempt_connection(struct aws_task *task, void *arg, enum aws_task } struct aws_socket *outgoing_socket = aws_mem_acquire(allocator, sizeof(struct aws_socket)); - if (!outgoing_socket) { - goto socket_alloc_failed; - } - if (aws_socket_init(outgoing_socket, allocator, &task_data->options)) { goto socket_init_failed; } @@ -592,19 +588,27 @@ static void s_attempt_connection(struct aws_task *task, void *arg, enum aws_task aws_socket_clean_up(outgoing_socket); socket_init_failed: aws_mem_release(allocator, outgoing_socket); -socket_alloc_failed: - err_code = aws_last_error(); - AWS_LOGF_ERROR( - AWS_LS_IO_CHANNEL_BOOTSTRAP, - "id=%p: failed to create socket with error %d", - (void *)task_data->args->bootstrap, - err_code); task_cancelled: + err_code = aws_last_error(); task_data->args->failed_count++; /* if this is the last attempted connection and it failed, notify the user */ if (task_data->args->failed_count == task_data->args->addresses_count) { + AWS_LOGF_ERROR( + AWS_LS_IO_CHANNEL_BOOTSTRAP, + "id=%p: Last attempt failed to create socket with error %d", + (void *)task_data->args->bootstrap, + err_code); s_connection_args_setup_callback(task_data->args, err_code, NULL); + } else { + AWS_LOGF_DEBUG( + AWS_LS_IO_CHANNEL_BOOTSTRAP, + "id=%p: Socket connect attempt %d/%d failed with error %d. More attempts ongoing...", + (void *)task_data->args->bootstrap, + task_data->args->failed_count, + task_data->args->addresses_count, + err_code); } + s_client_connection_args_release(task_data->args); cleanup_task: diff --git a/source/posix/socket.c b/source/posix/socket.c index 088bfabdb..99361106f 100644 --- a/source/posix/socket.c +++ b/source/posix/socket.c @@ -384,7 +384,7 @@ static int s_on_connection_success(struct aws_socket *socket) { if (getsockopt(socket->io_handle.data.fd, SOL_SOCKET, SO_ERROR, &connect_result, &result_length) < 0) { int errno_value = errno; /* Always cache errno before potential side-effect */ - AWS_LOGF_ERROR( + AWS_LOGF_DEBUG( AWS_LS_IO_SOCKET, "id=%p fd=%d: failed to determine connection error %d", (void *)socket, @@ -397,7 +397,7 @@ static int s_on_connection_success(struct aws_socket *socket) { } if (connect_result) { - AWS_LOGF_ERROR( + AWS_LOGF_DEBUG( AWS_LS_IO_SOCKET, "id=%p fd=%d: connection error %d", (void *)socket, @@ -437,7 +437,7 @@ static int s_on_connection_success(struct aws_socket *socket) { static void s_on_connection_error(struct aws_socket *socket, int error) { socket->state = ERROR; - AWS_LOGF_ERROR(AWS_LS_IO_SOCKET, "id=%p fd=%d: connection failure", (void *)socket, socket->io_handle.data.fd); + AWS_LOGF_DEBUG(AWS_LS_IO_SOCKET, "id=%p fd=%d: connection failure", (void *)socket, socket->io_handle.data.fd); if (socket->connection_result_fn) { socket->connection_result_fn(socket, error, socket->connect_accept_user_data); } else if (socket->accept_result_fn) { @@ -674,7 +674,7 @@ int aws_socket_connect( if (pton_err != 1) { int errno_value = errno; /* Always cache errno before potential side-effect */ - AWS_LOGF_ERROR( + AWS_LOGF_DEBUG( AWS_LS_IO_SOCKET, "id=%p fd=%d: failed to parse address %s:%d.", (void *)socket, @@ -770,7 +770,7 @@ int aws_socket_connect( (unsigned long long)timeout); aws_event_loop_schedule_task_future(event_loop, timeout_task, timeout); } else { - AWS_LOGF_ERROR( + AWS_LOGF_DEBUG( AWS_LS_IO_SOCKET, "id=%p fd=%d: connect failed with error code %d.", (void *)socket, diff --git a/source/windows/iocp/socket.c b/source/windows/iocp/socket.c index 0a7089300..b3f899b13 100644 --- a/source/windows/iocp/socket.c +++ b/source/windows/iocp/socket.c @@ -679,7 +679,7 @@ static int s_ipv4_stream_connection_success(struct aws_socket *socket) { if (getsockopt( (SOCKET)socket->io_handle.data.handle, SOL_SOCKET, SO_ERROR, (char *)&connect_result, &result_length) < 0) { int wsa_err = WSAGetLastError(); /* logging may reset error, so cache it */ - AWS_LOGF_ERROR( + AWS_LOGF_DEBUG( AWS_LS_IO_SOCKET, "id=%p handle=%p: failed to determine connection error %d", (void *)socket, @@ -690,7 +690,7 @@ static int s_ipv4_stream_connection_success(struct aws_socket *socket) { } if (connect_result) { - AWS_LOGF_ERROR( + AWS_LOGF_DEBUG( AWS_LS_IO_SOCKET, "id=%p handle=%p: connection error %d", (void *)socket, @@ -740,7 +740,7 @@ static int s_ipv6_stream_connection_success(struct aws_socket *socket) { if (getsockopt( (SOCKET)socket->io_handle.data.handle, SOL_SOCKET, SO_ERROR, (char *)&connect_result, &result_length) < 0) { int wsa_err = WSAGetLastError(); /* logging may reset error, so cache it */ - AWS_LOGF_ERROR( + AWS_LOGF_DEBUG( AWS_LS_IO_SOCKET, "id=%p handle=%p: failed to determine connection error %d", (void *)socket, @@ -751,7 +751,7 @@ static int s_ipv6_stream_connection_success(struct aws_socket *socket) { } if (connect_result) { - AWS_LOGF_ERROR( + AWS_LOGF_DEBUG( AWS_LS_IO_SOCKET, "id=%p handle=%p: connection error %d", (void *)socket, @@ -806,7 +806,7 @@ static int s_local_and_udp_connection_success(struct aws_socket *socket) { static void s_connection_error(struct aws_socket *socket, int error) { socket->state = ERRORED; - AWS_LOGF_ERROR( + AWS_LOGF_DEBUG( AWS_LS_IO_SOCKET, "id=%p handle=%p: connection error with code %d", (void *)socket, @@ -988,7 +988,7 @@ static inline int s_tcp_connect( if (!connect_res) { int error_code = WSAGetLastError(); if (error_code != ERROR_IO_PENDING) { - AWS_LOGF_ERROR( + AWS_LOGF_DEBUG( AWS_LS_IO_TLS, "id=%p handle=%p: connection error %d", (void *)socket, @@ -1220,7 +1220,7 @@ static int s_local_connect( error:; int win_error = GetLastError(); /* logging may reset error, so cache it */ - AWS_LOGF_ERROR( + AWS_LOGF_DEBUG( AWS_LS_IO_SOCKET, "id=%p handle=%p: failed to connect to named pipe %s.", (void *)socket, @@ -1267,7 +1267,7 @@ static inline int s_dgram_connect( if (connect_err) { int wsa_err = WSAGetLastError(); /* logging may reset error, so cache it */ - AWS_LOGF_ERROR( + AWS_LOGF_DEBUG( AWS_LS_IO_SOCKET, "id=%p handle=%p: Failed to connect to %s:%d with error %d.", (void *)socket, From 248e39a6c4df1e9a7825e9d72f20d6f135dd7125 Mon Sep 17 00:00:00 2001 From: Yasmine Talby <108372980+yasminetalby@users.noreply.github.com> Date: Fri, 25 Aug 2023 09:43:16 +0200 Subject: [PATCH 20/44] added workflow for handling answerable discussions (#592) Co-authored-by: shailja Co-authored-by: Waqar Ahmed Khan --- .github/workflows/handle-stale-discussions.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 .github/workflows/handle-stale-discussions.yml diff --git a/.github/workflows/handle-stale-discussions.yml b/.github/workflows/handle-stale-discussions.yml new file mode 100644 index 000000000..2b89f2da1 --- /dev/null +++ b/.github/workflows/handle-stale-discussions.yml @@ -0,0 +1,18 @@ +name: HandleStaleDiscussions +on: + schedule: + - cron: '0 */4 * * *' + discussion_comment: + types: [created] + +jobs: + handle-stale-discussions: + name: Handle stale discussions + runs-on: ubuntu-latest + permissions: + discussions: write + steps: + - name: Stale discussions action + uses: aws-github-ops/handle-stale-discussions@v1 + env: + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} \ No newline at end of file From b4aa873e16db0824ad381ae78764d445ae62ee32 Mon Sep 17 00:00:00 2001 From: Waqar Ahmed Khan Date: Mon, 28 Aug 2023 12:28:58 -0500 Subject: [PATCH 21/44] Intel Vtune Markers for EventLoop and InputStream Read (#596) Co-authored-by: Michael Graeb --- .github/workflows/proof-alarm.yml | 5 +++-- include/aws/io/private/tracing.h | 22 ++++++++++++++++++++++ source/io.c | 2 ++ source/linux/epoll_event_loop.c | 8 ++++++++ source/stream.c | 3 +++ source/tracing.c | 20 ++++++++++++++++++++ 6 files changed, 58 insertions(+), 2 deletions(-) create mode 100644 include/aws/io/private/tracing.h create mode 100644 source/tracing.c diff --git a/.github/workflows/proof-alarm.yml b/.github/workflows/proof-alarm.yml index d4b267f60..b6e34c10c 100644 --- a/.github/workflows/proof-alarm.yml +++ b/.github/workflows/proof-alarm.yml @@ -16,7 +16,7 @@ jobs: - name: Check run: | TMPFILE=$(mktemp) - echo "59be2f2fbbd5ff4a374589cfe408609f source/linux/epoll_event_loop.c" > $TMPFILE + echo "c624a28de5af7f851a240a1e65a26c01 source/linux/epoll_event_loop.c" > $TMPFILE md5sum --check $TMPFILE # No further steps if successful @@ -26,4 +26,5 @@ jobs: run: | echo "The VCC proofs are based on a snapshot of epoll_event_loop.c. This push updates this file so the proofs must be rechecked to ensure they remain valid. - Please contact Nathan Chong." + Please contact Nathan Chong. + You can also update md5sum value by running `md5sum source/linux/epoll_event_loop.c` if the changes are trivial." diff --git a/include/aws/io/private/tracing.h b/include/aws/io/private/tracing.h new file mode 100644 index 000000000..99b543261 --- /dev/null +++ b/include/aws/io/private/tracing.h @@ -0,0 +1,22 @@ +#ifndef AWS_IO_TRACING_H +#define AWS_IO_TRACING_H + +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ +#include +#include + +extern __itt_domain *io_tracing_domain; +extern __itt_string_handle *tracing_input_stream_read; +extern __itt_string_handle *tracing_event_loop_run_tasks; +extern __itt_string_handle *tracing_event_loop_event; +extern __itt_string_handle *tracing_event_loop_events; + +AWS_EXTERN_C_BEGIN + +void aws_io_tracing_init(void); + +AWS_EXTERN_C_END +#endif /* AWS_IO_TRACING_H */ diff --git a/source/io.c b/source/io.c index b54e44d75..701e580d1 100644 --- a/source/io.c +++ b/source/io.c @@ -7,6 +7,7 @@ #include #include +#include #define AWS_DEFINE_ERROR_INFO_IO(CODE, STR) [(CODE)-0x0400] = AWS_DEFINE_ERROR_INFO(CODE, STR, "aws-c-io") @@ -360,6 +361,7 @@ void aws_io_library_init(struct aws_allocator *allocator) { aws_register_error_info(&s_list); aws_register_log_subject_info_list(&s_io_log_subject_list); aws_tls_init_static_state(allocator); + aws_io_tracing_init(); } } diff --git a/source/linux/epoll_event_loop.c b/source/linux/epoll_event_loop.c index 5eacac915..094a7836a 100644 --- a/source/linux/epoll_event_loop.c +++ b/source/linux/epoll_event_loop.c @@ -11,6 +11,7 @@ #include #include #include +#include #include @@ -615,6 +616,8 @@ static void aws_event_loop_thread(void *args) { AWS_LOGF_TRACE( AWS_LS_IO_EVENT_LOOP, "id=%p: wake up with %d events to process.", (void *)event_loop, event_count); + + __itt_task_begin(io_tracing_domain, __itt_null, __itt_null, tracing_event_loop_events); for (int i = 0; i < event_count; ++i) { struct epoll_event_data *event_data = (struct epoll_event_data *)events[i].data.ptr; @@ -645,9 +648,12 @@ static void aws_event_loop_thread(void *args) { "id=%p: activity on fd %d, invoking handler.", (void *)event_loop, event_data->handle->data.fd); + __itt_task_begin(io_tracing_domain, __itt_null, __itt_null, tracing_event_loop_event); event_data->on_event(event_loop, event_data->handle, event_mask, event_data->user_data); + __itt_task_end(io_tracing_domain); } } + __itt_task_end(io_tracing_domain); /* run scheduled tasks */ s_process_task_pre_queue(event_loop); @@ -656,7 +662,9 @@ static void aws_event_loop_thread(void *args) { event_loop->clock(&now_ns); /* if clock fails, now_ns will be 0 and tasks scheduled for a specific time will not be run. That's ok, we'll handle them next time around. */ AWS_LOGF_TRACE(AWS_LS_IO_EVENT_LOOP, "id=%p: running scheduled tasks.", (void *)event_loop); + __itt_task_begin(io_tracing_domain, __itt_null, __itt_null, tracing_event_loop_run_tasks); aws_task_scheduler_run_all(&epoll_loop->scheduler, now_ns); + __itt_task_end(io_tracing_domain); /* set timeout for next epoll_wait() call. * if clock fails, or scheduler has no tasks, use default timeout */ diff --git a/source/stream.c b/source/stream.c index 968449949..ecc565217 100644 --- a/source/stream.c +++ b/source/stream.c @@ -7,6 +7,7 @@ #include #include +#include #include @@ -32,7 +33,9 @@ int aws_input_stream_read(struct aws_input_stream *stream, struct aws_byte_buf * const size_t safe_buf_capacity = dest->capacity - dest->len; struct aws_byte_buf safe_buf = aws_byte_buf_from_empty_array(safe_buf_start, safe_buf_capacity); + __itt_task_begin(io_tracing_domain, __itt_null, __itt_null, tracing_input_stream_read); int read_result = stream->vtable->read(stream, &safe_buf); + __itt_task_end(io_tracing_domain); /* Ensure the implementation did not commit forbidden acts upon the buffer */ AWS_FATAL_ASSERT( diff --git a/source/tracing.c b/source/tracing.c new file mode 100644 index 000000000..fd6d233fa --- /dev/null +++ b/source/tracing.c @@ -0,0 +1,20 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ + +#include + +__itt_domain *io_tracing_domain; +__itt_string_handle *tracing_input_stream_read; +__itt_string_handle *tracing_event_loop_run_tasks; +__itt_string_handle *tracing_event_loop_event; +__itt_string_handle *tracing_event_loop_events; + +void aws_io_tracing_init() { + io_tracing_domain = __itt_domain_create("aws.c.io"); + tracing_input_stream_read = __itt_string_handle_create("Read:InputStream"); + tracing_event_loop_run_tasks = __itt_string_handle_create("RunTasks:EventLoop"); + tracing_event_loop_event = __itt_string_handle_create("IOEvent:EventLoop"); + tracing_event_loop_events = __itt_string_handle_create("IOEvents:EventLoop"); +} From f7d9318fded44b64939f2139482706fb04324a8c Mon Sep 17 00:00:00 2001 From: Dengke Tang Date: Wed, 6 Sep 2023 09:52:55 -0700 Subject: [PATCH 22/44] Fix compiling error (#600) --- .github/workflows/ci.yml | 16 ++++++++-------- source/tracing.c | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b550a1c66..28dac9707 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,7 +6,7 @@ on: - 'main' env: - BUILDER_VERSION: v0.9.46 + BUILDER_VERSION: v0.9.48 BUILDER_SOURCE: releases BUILDER_HOST: https://d19elf31gohf1l.cloudfront.net PACKAGE_NAME: aws-c-io @@ -18,7 +18,7 @@ env: jobs: linux-compat: - runs-on: ubuntu-20.04 # latest + runs-on: ubuntu-22.04 # latest strategy: fail-fast: false matrix: @@ -38,7 +38,7 @@ jobs: ./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-${{ matrix.image }} build -p ${{ env.PACKAGE_NAME }} linux-byo-crypto: - runs-on: ubuntu-20.04 # latest + runs-on: ubuntu-22.04 # latest steps: # We can't use the `uses: docker://image` version yet, GitHub lacks authentication for actions -> packages - name: Build ${{ env.PACKAGE_NAME }} + consumers @@ -47,7 +47,7 @@ jobs: ./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-al2-x64 build -p ${{ env.PACKAGE_NAME }} --cmake-extra=-DBYO_CRYPTO=ON linux-compiler-compat: - runs-on: ubuntu-20.04 # latest + runs-on: ubuntu-22.04 # latest strategy: matrix: compiler: @@ -70,7 +70,7 @@ jobs: ./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-${{ env.LINUX_BASE_IMAGE }} build -p ${{ env.PACKAGE_NAME }} --compiler=${{ matrix.compiler }} clang-sanitizers: - runs-on: ubuntu-20.04 # latest + runs-on: ubuntu-22.04 # latest strategy: matrix: sanitizers: [",thread", ",address,undefined"] @@ -82,7 +82,7 @@ jobs: ./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-${{ env.LINUX_BASE_IMAGE }} build -p ${{ env.PACKAGE_NAME }} --compiler=clang-11 --cmake-extra=-DENABLE_SANITIZERS=ON --cmake-extra=-DSANITIZERS="${{ matrix.sanitizers }}" linux-shared-libs: - runs-on: ubuntu-20.04 # latest + runs-on: ubuntu-22.04 # latest steps: # We can't use the `uses: docker://image` version yet, GitHub lacks authentication for actions -> packages - name: Build ${{ env.PACKAGE_NAME }} @@ -93,7 +93,7 @@ jobs: # Test downstream repos. # This should not be required because we can run into a chicken and egg problem if there is a change that needs some fix in a downstream repo. downstream: - runs-on: ubuntu-20.04 # latest + runs-on: ubuntu-22.04 # latest steps: # We can't use the `uses: docker://image` version yet, GitHub lacks authentication for actions -> packages - name: Build ${{ env.PACKAGE_NAME }} @@ -140,7 +140,7 @@ jobs: python .\aws-c-io\build\deps\aws-c-common\scripts\appverifier_ctest.py --build_directory .\aws-c-io\build\aws-c-io osx: - runs-on: macos-12 # latest + runs-on: macos-13 # latest steps: - name: Build ${{ env.PACKAGE_NAME }} + consumers run: | diff --git a/source/tracing.c b/source/tracing.c index fd6d233fa..680e96613 100644 --- a/source/tracing.c +++ b/source/tracing.c @@ -11,7 +11,7 @@ __itt_string_handle *tracing_event_loop_run_tasks; __itt_string_handle *tracing_event_loop_event; __itt_string_handle *tracing_event_loop_events; -void aws_io_tracing_init() { +void aws_io_tracing_init(void) { io_tracing_domain = __itt_domain_create("aws.c.io"); tracing_input_stream_read = __itt_string_handle_create("Read:InputStream"); tracing_event_loop_run_tasks = __itt_string_handle_create("RunTasks:EventLoop"); From a8d636014bb6085f728c2473acc6dde4604040be Mon Sep 17 00:00:00 2001 From: Yasmine Talby <108372980+yasminetalby@users.noreply.github.com> Date: Wed, 27 Sep 2023 18:45:27 +0200 Subject: [PATCH 23/44] Read me update (#604) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c480cb876..c922bb306 100644 --- a/README.md +++ b/README.md @@ -208,7 +208,7 @@ Sockets interact directly with the underlying io and are invoked directly by the Platform | Implementation --- | --- -Linux | Signal-to-noise (s2n) see github.com/awslabs/s2n +Linux | Signal-to-noise (s2n) see: https://github.com/aws/s2n-tls BSD Variants | s2n Apple Devices | Security Framework/ Secure Transport. See https://developer.apple.com/documentation/security/secure_transport Windows | Secure Channel. See https://msdn.microsoft.com/en-us/library/windows/desktop/aa380123(v=vs.85).aspx From 029587f2ddeee2425c0a018d67a073abf044f14b Mon Sep 17 00:00:00 2001 From: Dmitriy Musatkin <63878209+DmitriyMusatkin@users.noreply.github.com> Date: Mon, 9 Oct 2023 10:22:21 -0700 Subject: [PATCH 24/44] refactor pem (#605) Co-authored-by: Michael Graeb --- .gitignore | 1 + include/aws/io/io.h | 2 + include/aws/io/logging.h | 1 + include/aws/io/pem.h | 99 +++++ include/aws/io/private/pki_utils.h | 30 -- source/darwin/darwin_pki_utils.c | 54 +-- source/io.c | 3 +- source/pem.c | 437 +++++++++++++++++++ source/pem_utils.c | 98 ----- source/pki_utils.c | 224 ---------- source/windows/windows_pki_utils.c | 54 +-- tests/{pki_utils_test.c => pem_test.c} | 574 +++++++++++++++---------- tests/pem_utils_test.c | 145 ------- 13 files changed, 939 insertions(+), 783 deletions(-) create mode 100644 include/aws/io/pem.h create mode 100644 source/pem.c delete mode 100644 source/pem_utils.c delete mode 100644 source/pki_utils.c rename tests/{pki_utils_test.c => pem_test.c} (83%) delete mode 100644 tests/pem_utils_test.c diff --git a/.gitignore b/.gitignore index 6a8a36868..2ef3eccf7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,7 @@ # IDE Artifacts .metadata .build +.vscode .idea *.d Debug diff --git a/include/aws/io/io.h b/include/aws/io/io.h index fc9677fdb..011e1a779 100644 --- a/include/aws/io/io.h +++ b/include/aws/io/io.h @@ -252,6 +252,8 @@ enum aws_io_errors { AWS_IO_TLS_ERROR_READ_FAILURE, + AWS_ERROR_PEM_MALFORMED, + AWS_IO_ERROR_END_RANGE = AWS_ERROR_ENUM_END_RANGE(AWS_C_IO_PACKAGE_ID), AWS_IO_INVALID_FILE_HANDLE = AWS_ERROR_INVALID_FILE_HANDLE, }; diff --git a/include/aws/io/logging.h b/include/aws/io/logging.h index 5d8a144a0..a3bbee2fa 100644 --- a/include/aws/io/logging.h +++ b/include/aws/io/logging.h @@ -32,6 +32,7 @@ enum aws_io_log_subject { AWS_LS_IO_EXPONENTIAL_BACKOFF_RETRY_STRATEGY, AWS_LS_IO_STANDARD_RETRY_STRATEGY, AWS_LS_IO_PKCS11, + AWS_LS_IO_PEM, AWS_IO_LS_LAST = AWS_LOG_SUBJECT_END_RANGE(AWS_C_IO_PACKAGE_ID) }; AWS_POP_SANE_WARNING_LEVEL diff --git a/include/aws/io/pem.h b/include/aws/io/pem.h new file mode 100644 index 000000000..0a21cc0c6 --- /dev/null +++ b/include/aws/io/pem.h @@ -0,0 +1,99 @@ +#ifndef AWS_IO_PEM_H +#define AWS_IO_PEM_H + +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ +#include + +AWS_EXTERN_C_BEGIN + +/* + * Naming follows OpenSSL convention for PEM types. + * Refer to comment after each enum value for the type string it represents. + */ +enum aws_pem_object_type { + AWS_PEM_TYPE_UNKNOWN = 0, + AWS_PEM_TYPE_X509_OLD, /* X509 CERTIFICATE */ + AWS_PEM_TYPE_X509, /* CERTIFICATE */ + AWS_PEM_TYPE_X509_TRUSTED, /* TRUSTED CERTIFICATE */ + AWS_PEM_TYPE_X509_REQ_OLD, /* NEW CERTIFICATE REQUEST */ + AWS_PEM_TYPE_X509_REQ, /* CERTIFICATE REQUEST */ + AWS_PEM_TYPE_X509_CRL, /* X509 CRL */ + AWS_PEM_TYPE_EVP_PKEY, /* ANY PRIVATE KEY */ + AWS_PEM_TYPE_PUBLIC_PKCS8, /* PUBLIC KEY */ + AWS_PEM_TYPE_PRIVATE_RSA_PKCS1, /* RSA PRIVATE KEY */ + AWS_PEM_TYPE_PUBLIC_RSA_PKCS1, /* RSA PUBLIC KEY */ + AWS_PEM_TYPE_PRIVATE_DSA_PKCS1, /* RSA PRIVATE KEY */ + AWS_PEM_TYPE_PUBLIC_DSA_PKCS1, /* RSA PUBLIC KEY */ + AWS_PEM_TYPE_PKCS7, /* PKCS7 */ + AWS_PEM_TYPE_PKCS7_SIGNED_DATA, /* PKCS #7 SIGNED DATA */ + AWS_PEM_TYPE_PRIVATE_PKCS8_ENCRYPTED, /* ENCRYPTED PRIVATE KEY */ + AWS_PEM_TYPE_PRIVATE_PKCS8, /* PRIVATE KEY */ + AWS_PEM_TYPE_DH_PARAMETERS, /* X9.42 DH PARAMETERS */ + AWS_PEM_TYPE_DH_PARAMETERS_X942, /* X9.42 DH PARAMETERS */ + AWS_PEM_TYPE_SSL_SESSION_PARAMETERS, /* SSL SESSION PARAMETERS */ + AWS_PEM_TYPE_DSA_PARAMETERS, /* DSA PARAMETERS */ + AWS_PEM_TYPE_ECDSA_PUBLIC, /* ECDSA PUBLIC KEY */ + AWS_PEM_TYPE_EC_PARAMETERS, /* EC PARAMETERS */ + AWS_PEM_TYPE_EC_PRIVATE, /* EC PRIVATE KEY */ + AWS_PEM_TYPE_PARAMETERS, /* PARAMETERS */ + AWS_PEM_TYPE_CMS, /* CMS */ + AWS_PEM_TYPE_SM2_PARAMETERS /* SM2 PARAMETERS */ +}; + +/* + * Describes PEM object decoded from file. + * data points to raw data bytes of object (decoding will do additional base 64 + * decoding for each object). + * type will be set to object type or to AWS_PEM_TYPE_UNKNOWN if it could not + * figure out type. + * type_string is the string between -----BEGIN and ----- + */ +struct aws_pem_object { + enum aws_pem_object_type type; + struct aws_string *type_string; + struct aws_byte_buf data; +}; + +/** + * Cleans up elements of pem_objects list 'aws_pem_objects_init_from_file_contents()' + * and 'aws_pem_objects_init_from_file_path()'. + */ +AWS_IO_API void aws_pem_objects_clean_up(struct aws_array_list *pem_objects); + +/** + * Decodes PEM data and reads objects sequentially adding them to pem_objects. + * If it comes across an object it cannot read, list of all object read until + * that point is returned. + * If no objects can be read from PEM or objects could not be base 64 decoded, + * AWS_ERROR_PEM_MALFORMED is raised. + * out_pem_objects stores aws_pem_object struct by value. + * Function will initialize pem_objects list. + * This code is slow, and it allocates, so please try + * not to call this in the middle of something that needs to be fast or resource sensitive. + */ +AWS_IO_API int aws_pem_objects_init_from_file_contents( + struct aws_array_list *pem_objects, + struct aws_allocator *alloc, + struct aws_byte_cursor pem_cursor); + +/** + * Decodes PEM data from file and reads objects sequentially adding them to pem_objects. + * If it comes across an object it cannot read, list of all object read until + * that point is returned. + * If no objects can be read from PEM or objects could not be base 64 decoded, + * AWS_ERROR_PEM_MALFORMED is raised. + * out_pem_objects stores aws_pem_object struct by value. + * Function will initialize pem_objects list. + * This code is slow, and it allocates, so please try + * not to call this in the middle of something that needs to be fast or resource sensitive. + */ +AWS_IO_API int aws_pem_objects_init_from_file_path( + struct aws_array_list *pem_objects, + struct aws_allocator *allocator, + const char *filename); + +AWS_EXTERN_C_END +#endif /* AWS_IO_PEM_H */ diff --git a/include/aws/io/private/pki_utils.h b/include/aws/io/private/pki_utils.h index feb8d65ce..af0465560 100644 --- a/include/aws/io/private/pki_utils.h +++ b/include/aws/io/private/pki_utils.h @@ -21,23 +21,6 @@ struct aws_string; AWS_EXTERN_C_BEGIN -/** - * Cleans up and securely zeroes out the outputs of 'aws_decode_pem_to_buffer_list()' - * and 'aws_read_and_decode_pem_file_to_buffer_list()' - */ -AWS_IO_API void aws_cert_chain_clean_up(struct aws_array_list *cert_chain); - -/** - * Decodes a PEM file and adds the results to 'cert_chain_or_key' if successful. - * Otherwise, 'cert_chain_or_key' will be empty. The type stored in 'cert_chain_or_key' - * is 'struct aws_byte_buf' by value. This code is slow, and it allocates, so please try - * not to call this in the middle of something that needs to be fast or resource sensitive. - */ -AWS_IO_API int aws_decode_pem_to_buffer_list( - struct aws_allocator *alloc, - const struct aws_byte_cursor *pem_cursor, - struct aws_array_list *cert_chain_or_key); - /** * Returns the path to the directory and file, respectively, which holds the * SSL certificate trust store on the system. @@ -45,19 +28,6 @@ AWS_IO_API int aws_decode_pem_to_buffer_list( AWS_IO_API const char *aws_determine_default_pki_dir(void); AWS_IO_API const char *aws_determine_default_pki_ca_file(void); -/** - * Decodes a PEM file at 'filename' and adds the results to 'cert_chain_or_key' if successful. - * Otherwise, 'cert_chain_or_key' will be empty. - * The passed-in parameter 'cert_chain_or_key' should be empty and dynamically initialized array_list - * with item type 'struct aws_byte_buf' in value. - * This code is slow, and it allocates, so please try not to call this in the middle of - * something that needs to be fast or resource sensitive. - */ -AWS_IO_API int aws_read_and_decode_pem_file_to_buffer_list( - struct aws_allocator *alloc, - const char *filename, - struct aws_array_list *cert_chain_or_key); - #ifdef AWS_OS_APPLE # if !defined(AWS_OS_IOS) /** diff --git a/source/darwin/darwin_pki_utils.c b/source/darwin/darwin_pki_utils.c index 9d95fd1a9..7b60bab2c 100644 --- a/source/darwin/darwin_pki_utils.c +++ b/source/darwin/darwin_pki_utils.c @@ -7,6 +7,7 @@ #include #include #include +#include #include #include @@ -33,16 +34,13 @@ int aws_import_ecc_key_into_keychain( SecKeychainRef import_keychain) { // Ensure imported_keychain is not NULL AWS_PRECONDITION(import_keychain != NULL); + AWS_PRECONDITION(private_key != NULL); int result = AWS_OP_ERR; struct aws_array_list decoded_key_buffer_list; - /* Init empty array list, ideally, the PEM should only has one key included. */ - if (aws_array_list_init_dynamic(&decoded_key_buffer_list, alloc, 1, sizeof(struct aws_byte_buf))) { - return result; - } /* Decode PEM format file to DER format */ - if (aws_decode_pem_to_buffer_list(alloc, private_key, &decoded_key_buffer_list)) { + if (aws_pem_objects_init_from_file_contents(&decoded_key_buffer_list, alloc, *private_key)) { AWS_LOGF_ERROR(AWS_LS_IO_PKI, "static: Failed to decode PEM private key to DER format."); goto ecc_import_cleanup; } @@ -51,11 +49,11 @@ int aws_import_ecc_key_into_keychain( // A PEM file could contains multiple PEM data section. Try importing each PEM section until find the first // succeed key. for (size_t index = 0; index < aws_array_list_length(&decoded_key_buffer_list); index++) { - struct aws_byte_buf *decoded_key_buffer = NULL; + struct aws_pem_object *pem_object_ptr = NULL; /* We only check the first pem section. Currently, we dont support key with multiple pem section. */ - aws_array_list_get_at_ptr(&decoded_key_buffer_list, (void **)&decoded_key_buffer, index); + aws_array_list_get_at_ptr(&decoded_key_buffer_list, (void **)&pem_object_ptr, index); AWS_ASSERT(decoded_key_buffer); - CFDataRef key_data = CFDataCreate(cf_alloc, decoded_key_buffer->buffer, decoded_key_buffer->len); + CFDataRef key_data = CFDataCreate(cf_alloc, pem_object_ptr->data.buffer, pem_object_ptr->data.len); if (!key_data) { AWS_LOGF_ERROR(AWS_LS_IO_PKI, "static: error in creating ECC key data system call."); continue; @@ -68,6 +66,7 @@ int aws_import_ecc_key_into_keychain( AWS_ZERO_STRUCT(import_params); import_params.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION; import_params.passphrase = CFSTR(""); + format = kSecFormatUnknown; OSStatus key_status = SecItemImport(key_data, NULL, &format, &item_type, 0, &import_params, import_keychain, NULL); @@ -87,8 +86,7 @@ int aws_import_ecc_key_into_keychain( ecc_import_cleanup: // Zero out the array list and release it - aws_cert_chain_clean_up(&decoded_key_buffer_list); - aws_array_list_clean_up(&decoded_key_buffer_list); + aws_pem_objects_clean_up(&decoded_key_buffer_list); return result; } @@ -99,6 +97,8 @@ int aws_import_public_and_private_keys_to_identity( const struct aws_byte_cursor *private_key, CFArrayRef *identity, const struct aws_string *keychain_path) { + AWS_PRECONDITION(public_cert_chain != NULL); + AWS_PRECONDITION(private_key != NULL); int result = AWS_OP_ERR; @@ -179,7 +179,7 @@ int aws_import_public_and_private_keys_to_identity( /* * If the key format is unknown, we tried to decode the key into DER format import it. - * The PEM file might contians multiple key sections, we will only add the first succeed key into the keychain. + * The PEM file might contains multiple key sections, we will only add the first succeed key into the keychain. */ if (key_status == errSecUnknownFormat) { AWS_LOGF_TRACE(AWS_LS_IO_PKI, "static: error reading private key format, try ECC key format."); @@ -203,30 +203,24 @@ int aws_import_public_and_private_keys_to_identity( "Using key from Keychain instead of the one provided."); struct aws_array_list cert_chain_list; - if (aws_array_list_init_dynamic(&cert_chain_list, alloc, 2, sizeof(struct aws_byte_buf))) { - result = AWS_OP_ERR; - goto done; - } - - if (aws_decode_pem_to_buffer_list(alloc, public_cert_chain, &cert_chain_list)) { + if (aws_pem_objects_init_from_file_contents(&cert_chain_list, alloc, *public_cert_chain)) { AWS_LOGF_ERROR(AWS_LS_IO_PKI, "static: decoding certificate PEM failed."); - aws_array_list_clean_up(&cert_chain_list); + aws_pem_objects_clean_up(&cert_chain_list); result = AWS_OP_ERR; goto done; } - struct aws_byte_buf *root_cert_ptr = NULL; + struct aws_pem_object *root_cert_ptr = NULL; aws_array_list_get_at_ptr(&cert_chain_list, (void **)&root_cert_ptr, 0); AWS_ASSERT(root_cert_ptr); - CFDataRef root_cert_data = CFDataCreate(cf_alloc, root_cert_ptr->buffer, root_cert_ptr->len); + CFDataRef root_cert_data = CFDataCreate(cf_alloc, root_cert_ptr->data.buffer, root_cert_ptr->data.len); if (root_cert_data) { certificate_ref = SecCertificateCreateWithData(cf_alloc, root_cert_data); CFRelease(root_cert_data); } - aws_cert_chain_clean_up(&cert_chain_list); - aws_array_list_clean_up(&cert_chain_list); + aws_pem_objects_clean_up(&cert_chain_list); } else { certificate_ref = (SecCertificateRef)CFArrayGetValueAtIndex(cert_import_output, 0); /* SecCertificateCreateWithData returns an object with +1 retain, so we need to match that behavior here */ @@ -316,13 +310,11 @@ int aws_import_trusted_certificates( CFAllocatorRef cf_alloc, const struct aws_byte_cursor *certificates_blob, CFArrayRef *certs) { - struct aws_array_list certificates; + AWS_PRECONDITION(certificates_blob != NULL); - if (aws_array_list_init_dynamic(&certificates, alloc, 2, sizeof(struct aws_byte_buf))) { - return AWS_OP_ERR; - } + struct aws_array_list certificates; - if (aws_decode_pem_to_buffer_list(alloc, certificates_blob, &certificates)) { + if (aws_pem_objects_init_from_file_contents(&certificates, alloc, *certificates_blob)) { AWS_LOGF_ERROR(AWS_LS_IO_PKI, "static: decoding CA PEM failed."); aws_array_list_clean_up(&certificates); return AWS_OP_ERR; @@ -334,10 +326,10 @@ int aws_import_trusted_certificates( int err = AWS_OP_SUCCESS; aws_mutex_lock(&s_sec_mutex); for (size_t i = 0; i < cert_count; ++i) { - struct aws_byte_buf *byte_buf_ptr = NULL; - aws_array_list_get_at_ptr(&certificates, (void **)&byte_buf_ptr, i); + struct aws_pem_object *pem_object_ptr = NULL; + aws_array_list_get_at_ptr(&certificates, (void **)&pem_object_ptr, i); - CFDataRef cert_blob = CFDataCreate(cf_alloc, byte_buf_ptr->buffer, byte_buf_ptr->len); + CFDataRef cert_blob = CFDataCreate(cf_alloc, pem_object_ptr->data.buffer, pem_object_ptr->data.len); if (cert_blob) { SecCertificateRef certificate_ref = SecCertificateCreateWithData(cf_alloc, cert_blob); @@ -351,7 +343,7 @@ int aws_import_trusted_certificates( aws_mutex_unlock(&s_sec_mutex); *certs = temp_cert_array; - aws_cert_chain_clean_up(&certificates); + aws_pem_objects_clean_up(&certificates); aws_array_list_clean_up(&certificates); return err; } diff --git a/source/io.c b/source/io.c index 701e580d1..c47ce97a9 100644 --- a/source/io.c +++ b/source/io.c @@ -304,6 +304,7 @@ static struct aws_error_info s_errors[] = { AWS_DEFINE_ERROR_INFO_IO( AWS_IO_TLS_ERROR_READ_FAILURE, "Failure during TLS read."), + AWS_DEFINE_ERROR_INFO_IO(AWS_ERROR_PEM_MALFORMED, "Malformed PEM object encountered."), }; /* clang-format on */ @@ -341,7 +342,7 @@ static struct aws_log_subject_info s_io_log_subject_infos[] = { "standard-retry-strategy", "Subject for standard retry strategy"), DEFINE_LOG_SUBJECT_INFO(AWS_LS_IO_PKCS11, "pkcs11", "Subject for PKCS#11 library operations"), -}; + DEFINE_LOG_SUBJECT_INFO(AWS_LS_IO_PEM, "pem", "Subject for pem operations")}; static struct aws_log_subject_info_list s_io_log_subject_list = { .subject_list = s_io_log_subject_infos, diff --git a/source/pem.c b/source/pem.c new file mode 100644 index 000000000..dd8eaf56a --- /dev/null +++ b/source/pem.c @@ -0,0 +1,437 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ +#include +#include +#include +#include + +#include + +enum aws_pem_parse_state { + BEGIN, + ON_DATA, + END, +}; + +static const struct aws_byte_cursor begin_header = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("-----BEGIN"); +static const struct aws_byte_cursor end_header = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("-----END"); +static const struct aws_byte_cursor dashes = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("-----"); + +int aws_sanitize_pem(struct aws_byte_buf *pem, struct aws_allocator *allocator) { + if (!pem->len) { + /* reject files with no PEM data */ + return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); + } + struct aws_byte_buf clean_pem_buf; + if (aws_byte_buf_init(&clean_pem_buf, allocator, pem->len)) { + return AWS_OP_ERR; + } + struct aws_byte_cursor pem_cursor = aws_byte_cursor_from_buf(pem); + enum aws_pem_parse_state state = BEGIN; + + for (size_t i = 0; i < pem_cursor.len; i++) { + /* parse through the pem once */ + char current = *(pem_cursor.ptr + i); + switch (state) { + case BEGIN: + if (current == '-') { + struct aws_byte_cursor compare_cursor = pem_cursor; + compare_cursor.len = begin_header.len; + compare_cursor.ptr += i; + if (aws_byte_cursor_eq(&compare_cursor, &begin_header)) { + state = ON_DATA; + i--; + } + } + break; + case ON_DATA: + /* start copying everything */ + if (current == '-') { + struct aws_byte_cursor compare_cursor = pem_cursor; + compare_cursor.len = end_header.len; + compare_cursor.ptr += i; + if (aws_byte_cursor_eq(&compare_cursor, &end_header)) { + /* Copy the end header string and start to search for the end part of a pem */ + state = END; + aws_byte_buf_append(&clean_pem_buf, &end_header); + i += (end_header.len - 1); + break; + } + } + aws_byte_buf_append_byte_dynamic(&clean_pem_buf, (uint8_t)current); + break; + case END: + if (current == '-') { + struct aws_byte_cursor compare_cursor = pem_cursor; + compare_cursor.len = dashes.len; + compare_cursor.ptr += i; + if (aws_byte_cursor_eq(&compare_cursor, &dashes)) { + /* End part of a pem, copy the last 5 dashes and a new line, then ignore everything before next + * begin header */ + state = BEGIN; + aws_byte_buf_append(&clean_pem_buf, &dashes); + i += (dashes.len - 1); + aws_byte_buf_append_byte_dynamic(&clean_pem_buf, (uint8_t)'\n'); + break; + } + } + aws_byte_buf_append_byte_dynamic(&clean_pem_buf, (uint8_t)current); + break; + default: + break; + } + } + + if (clean_pem_buf.len == 0) { + /* No valid data remains after sanitization. File might have been the wrong format */ + aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); + goto error; + } + + struct aws_byte_cursor clean_pem_cursor = aws_byte_cursor_from_buf(&clean_pem_buf); + aws_byte_buf_reset(pem, true); + aws_byte_buf_append_dynamic(pem, &clean_pem_cursor); + aws_byte_buf_clean_up(&clean_pem_buf); + return AWS_OP_SUCCESS; + +error: + aws_byte_buf_clean_up(&clean_pem_buf); + return AWS_OP_ERR; +} + +/* + * Possible PEM object types. openssl/pem.h used as a source of truth for + * possible types. + */ +static struct aws_byte_cursor s_pem_type_x509_old_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("X509 CERTIFICATE"); +static struct aws_byte_cursor s_pem_type_x509_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("CERTIFICATE"); +static struct aws_byte_cursor s_pem_type_x509_trusted_cur = + AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("TRUSTED CERTIFICATE"); +static struct aws_byte_cursor s_pem_type_x509_req_old_cur = + AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("NEW CERTIFICATE REQUEST"); +static struct aws_byte_cursor s_pem_type_x509_req_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("CERTIFICATE REQUEST"); +static struct aws_byte_cursor s_pem_type_x509_crl_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("X509 CRL"); +static struct aws_byte_cursor s_pem_type_evp_pkey_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("ANY PRIVATE KEY"); +static struct aws_byte_cursor s_pem_type_public_pkcs8_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("PUBLIC KEY"); +static struct aws_byte_cursor s_pem_type_private_rsa_pkcs1_cur = + AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("RSA PRIVATE KEY"); +static struct aws_byte_cursor s_pem_type_public_rsa_pkcs1_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("RSA PUBLIC KEY"); +static struct aws_byte_cursor s_pem_type_private_dsa_pkcs1_cur = + AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("RSA PRIVATE KEY"); +static struct aws_byte_cursor s_pem_type_public_dsa_pkcs1_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("RSA PUBLIC KEY"); +static struct aws_byte_cursor s_pem_type_pkcs7_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("PKCS7"); +static struct aws_byte_cursor s_pem_type_pkcs7_signed_data_cur = + AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("PKCS #7 SIGNED DATA"); +static struct aws_byte_cursor s_pem_type_private_pkcs8_encrypted_cur = + AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("ENCRYPTED PRIVATE KEY"); +static struct aws_byte_cursor s_pem_type_private_pkcs8_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("PRIVATE KEY"); +static struct aws_byte_cursor s_pem_type_dh_parameters_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("DH PARAMETERS"); +static struct aws_byte_cursor s_pem_type_dh_parameters_x942_cur = + AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("X9.42 DH PARAMETERS"); +static struct aws_byte_cursor s_pem_type_ssl_session_parameters_cur = + AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("SSL SESSION PARAMETERS"); +static struct aws_byte_cursor s_pem_type_dsa_parameters_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("DSA PARAMETERS"); +static struct aws_byte_cursor s_pem_type_ecdsa_public_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("ECDSA PUBLIC KEY"); +static struct aws_byte_cursor s_pem_type_ec_parameters_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("EC PARAMETERS"); +static struct aws_byte_cursor s_pem_type_ec_private_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("EC PRIVATE KEY"); +static struct aws_byte_cursor s_pem_type_parameters_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("PARAMETERS"); +static struct aws_byte_cursor s_pem_type_cms_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("CMS"); +static struct aws_byte_cursor s_pem_type_sm2_parameters_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("SM2 PARAMETERS"); + +void aws_pem_objects_clean_up(struct aws_array_list *pem_objects) { + for (size_t i = 0; i < aws_array_list_length(pem_objects); ++i) { + struct aws_pem_object *pem_obj_ptr = NULL; + aws_array_list_get_at_ptr(pem_objects, (void **)&pem_obj_ptr, i); + + if (pem_obj_ptr != NULL) { + aws_byte_buf_clean_up_secure(&pem_obj_ptr->data); + aws_string_destroy(pem_obj_ptr->type_string); + } + } + + aws_array_list_clear(pem_objects); + aws_array_list_clean_up(pem_objects); +} + +enum aws_pem_object_type s_map_type_cur_to_type(struct aws_byte_cursor type_cur) { + /* + * Putting all those in a hash table might be a bit faster depending on + * hashing function cost, but it complicates code considerably for a + * potential small gain. PEM parsing is already slow due to multiple + * allocations and should not be used in perf critical places. + * So choosing dumb and easy approach over something more complicated and we + * can reevaluate decision in the future. + */ + if (aws_byte_cursor_eq(&type_cur, &s_pem_type_x509_old_cur)) { + return AWS_PEM_TYPE_X509_OLD; + } else if (aws_byte_cursor_eq(&type_cur, &s_pem_type_x509_cur)) { + return AWS_PEM_TYPE_X509; + } else if (aws_byte_cursor_eq(&type_cur, &s_pem_type_x509_trusted_cur)) { + return AWS_PEM_TYPE_X509_TRUSTED; + } else if (aws_byte_cursor_eq(&type_cur, &s_pem_type_x509_req_old_cur)) { + return AWS_PEM_TYPE_X509_REQ_OLD; + } else if (aws_byte_cursor_eq(&type_cur, &s_pem_type_x509_req_cur)) { + return AWS_PEM_TYPE_X509_REQ; + } else if (aws_byte_cursor_eq(&type_cur, &s_pem_type_x509_crl_cur)) { + return AWS_PEM_TYPE_X509_CRL; + } else if (aws_byte_cursor_eq(&type_cur, &s_pem_type_evp_pkey_cur)) { + return AWS_PEM_TYPE_EVP_PKEY; + } else if (aws_byte_cursor_eq(&type_cur, &s_pem_type_public_pkcs8_cur)) { + return AWS_PEM_TYPE_PUBLIC_PKCS8; + } else if (aws_byte_cursor_eq(&type_cur, &s_pem_type_private_rsa_pkcs1_cur)) { + return AWS_PEM_TYPE_PRIVATE_RSA_PKCS1; + } else if (aws_byte_cursor_eq(&type_cur, &s_pem_type_public_rsa_pkcs1_cur)) { + return AWS_PEM_TYPE_PUBLIC_RSA_PKCS1; + } else if (aws_byte_cursor_eq(&type_cur, &s_pem_type_private_dsa_pkcs1_cur)) { + return AWS_PEM_TYPE_PRIVATE_DSA_PKCS1; + } else if (aws_byte_cursor_eq(&type_cur, &s_pem_type_public_dsa_pkcs1_cur)) { + return AWS_PEM_TYPE_PUBLIC_DSA_PKCS1; + } else if (aws_byte_cursor_eq(&type_cur, &s_pem_type_pkcs7_cur)) { + return AWS_PEM_TYPE_PKCS7; + } else if (aws_byte_cursor_eq(&type_cur, &s_pem_type_pkcs7_signed_data_cur)) { + return AWS_PEM_TYPE_PKCS7_SIGNED_DATA; + } else if (aws_byte_cursor_eq(&type_cur, &s_pem_type_private_pkcs8_encrypted_cur)) { + return AWS_PEM_TYPE_PRIVATE_PKCS8_ENCRYPTED; + } else if (aws_byte_cursor_eq(&type_cur, &s_pem_type_private_pkcs8_cur)) { + return AWS_PEM_TYPE_PRIVATE_PKCS8; + } else if (aws_byte_cursor_eq(&type_cur, &s_pem_type_dh_parameters_cur)) { + return AWS_PEM_TYPE_DH_PARAMETERS; + } else if (aws_byte_cursor_eq(&type_cur, &s_pem_type_dh_parameters_x942_cur)) { + return AWS_PEM_TYPE_DH_PARAMETERS_X942; + } else if (aws_byte_cursor_eq(&type_cur, &s_pem_type_ssl_session_parameters_cur)) { + return AWS_PEM_TYPE_SSL_SESSION_PARAMETERS; + } else if (aws_byte_cursor_eq(&type_cur, &s_pem_type_dsa_parameters_cur)) { + return AWS_PEM_TYPE_DSA_PARAMETERS; + } else if (aws_byte_cursor_eq(&type_cur, &s_pem_type_ecdsa_public_cur)) { + return AWS_PEM_TYPE_ECDSA_PUBLIC; + } else if (aws_byte_cursor_eq(&type_cur, &s_pem_type_ec_parameters_cur)) { + return AWS_PEM_TYPE_EC_PARAMETERS; + } else if (aws_byte_cursor_eq(&type_cur, &s_pem_type_ec_private_cur)) { + return AWS_PEM_TYPE_EC_PRIVATE; + } else if (aws_byte_cursor_eq(&type_cur, &s_pem_type_parameters_cur)) { + return AWS_PEM_TYPE_PARAMETERS; + } else if (aws_byte_cursor_eq(&type_cur, &s_pem_type_cms_cur)) { + return AWS_PEM_TYPE_CMS; + } else if (aws_byte_cursor_eq(&type_cur, &s_pem_type_sm2_parameters_cur)) { + return AWS_PEM_TYPE_SM2_PARAMETERS; + } + + return AWS_PEM_TYPE_UNKNOWN; +} + +static struct aws_byte_cursor s_begin_header_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("-----BEGIN"); +static struct aws_byte_cursor s_end_header_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("-----END"); +static struct aws_byte_cursor s_delim_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("-----"); + +int s_extract_header_type_cur(struct aws_byte_cursor cur, struct aws_byte_cursor *out) { + if (!aws_byte_cursor_starts_with(&cur, &s_begin_header_cur)) { + AWS_LOGF_ERROR(AWS_LS_IO_PEM, "Invalid PEM buffer: invalid begin token"); + return aws_raise_error(AWS_ERROR_PEM_MALFORMED); + } + + aws_byte_cursor_advance(&cur, s_begin_header_cur.len); + aws_byte_cursor_advance(&cur, 1); // space after begin + struct aws_byte_cursor type_cur = aws_byte_cursor_advance(&cur, cur.len - s_delim_cur.len); + + if (!aws_byte_cursor_eq(&cur, &s_delim_cur)) { + AWS_LOGF_ERROR(AWS_LS_IO_PEM, "Invalid PEM buffer: invalid end token"); + return aws_raise_error(AWS_ERROR_PEM_MALFORMED); + } + + *out = type_cur; + return AWS_OP_SUCCESS; +} + +static int s_convert_pem_to_raw_base64( + struct aws_allocator *allocator, + struct aws_byte_cursor pem, + struct aws_array_list *pem_objects) { + + struct aws_array_list split_buffers; + if (aws_array_list_init_dynamic(&split_buffers, allocator, 16, sizeof(struct aws_byte_cursor))) { + return AWS_OP_ERR; + } + + if (aws_byte_cursor_split_on_char(&pem, '\n', &split_buffers)) { + aws_array_list_clean_up(&split_buffers); + AWS_LOGF_ERROR(AWS_LS_IO_PEM, "Invalid PEM buffer: failed to split on newline"); + return aws_raise_error(AWS_ERROR_PEM_MALFORMED); + } + + enum aws_pem_parse_state state = BEGIN; + bool on_length_calc = true; + size_t current_obj_len = 0; + size_t current_obj_start_index = 0; + struct aws_byte_buf current_obj_buf; + AWS_ZERO_STRUCT(current_obj_buf); + struct aws_byte_cursor current_obj_type_cur; + AWS_ZERO_STRUCT(current_obj_type_cur); + enum aws_pem_object_type current_obj_type = AWS_PEM_TYPE_UNKNOWN; + + size_t split_count = aws_array_list_length(&split_buffers); + size_t i = 0; + + while (i < split_count) { + struct aws_byte_cursor *line_cur_ptr = NULL; + int error = aws_array_list_get_at_ptr(&split_buffers, (void **)&line_cur_ptr, i); + /* should never fail as we control array size and how we index into list */ + AWS_FATAL_ASSERT(error == AWS_OP_SUCCESS); + + /* Burn off the padding in the buffer first. + * Worst case we'll only have to do this once per line in the buffer. */ + *line_cur_ptr = aws_byte_cursor_left_trim_pred(line_cur_ptr, aws_isspace); + + /* handle CRLF on Windows by burning '\r' off the end of the buffer */ + if (line_cur_ptr->len > 0 && (line_cur_ptr->ptr[line_cur_ptr->len - 1] == '\r')) { + --line_cur_ptr->len; + } + + switch (state) { + case BEGIN: + if (aws_byte_cursor_starts_with(line_cur_ptr, &s_begin_header_cur)) { + if (s_extract_header_type_cur(*line_cur_ptr, ¤t_obj_type_cur)) { + goto on_end_of_loop; + } + current_obj_type = s_map_type_cur_to_type(current_obj_type_cur); + current_obj_start_index = i + 1; + state = ON_DATA; + } + ++i; + break; + /* this loops through the lines containing data twice. First to figure out the length, a second + * time to actually copy the data. */ + case ON_DATA: + /* Found end tag. */ + if (aws_byte_cursor_starts_with(line_cur_ptr, &s_end_header_cur)) { + if (on_length_calc) { + on_length_calc = false; + state = ON_DATA; + i = current_obj_start_index; + aws_byte_buf_init(¤t_obj_buf, allocator, current_obj_len); + + } else { + struct aws_pem_object pem_object = { + .data = current_obj_buf, + .type_string = aws_string_new_from_cursor(allocator, ¤t_obj_type_cur), + .type = current_obj_type, + }; + + if (aws_array_list_push_back(pem_objects, &pem_object)) { + goto on_end_of_loop; + } + state = BEGIN; + on_length_calc = true; + current_obj_len = 0; + ++i; + AWS_ZERO_STRUCT(current_obj_buf); + AWS_ZERO_STRUCT(current_obj_type_cur); + current_obj_type = AWS_PEM_TYPE_UNKNOWN; + } + /* actually on a line with data in it. */ + } else { + if (on_length_calc) { + current_obj_len += line_cur_ptr->len; + } else { + if (aws_byte_buf_append(¤t_obj_buf, line_cur_ptr)) { + goto on_end_of_loop; + } + } + ++i; + } + break; + default: + AWS_FATAL_ASSERT(false); + } + } + +/* + * Note: this function only hard error if nothing can be parsed out of file. + * Otherwise it succeeds and returns whatever was parsed successfully. + */ +on_end_of_loop: + aws_array_list_clean_up(&split_buffers); + aws_byte_buf_clean_up_secure(¤t_obj_buf); + + if (state == BEGIN && aws_array_list_length(pem_objects) > 0) { + return AWS_OP_SUCCESS; + } + + AWS_LOGF_ERROR(AWS_LS_IO_PEM, "Invalid PEM buffer."); + aws_pem_objects_clean_up(pem_objects); + return aws_raise_error(AWS_ERROR_PEM_MALFORMED); +} + +int aws_pem_objects_init_from_file_contents( + struct aws_array_list *pem_objects, + struct aws_allocator *allocator, + struct aws_byte_cursor pem_cursor) { + AWS_PRECONDITION(allocator); + AWS_PRECONDITION(pem_objects != NULL); + + /* Init empty array list, ideally, the PEM should only has one key included. */ + if (aws_array_list_init_dynamic(pem_objects, allocator, 1, sizeof(struct aws_pem_object))) { + return AWS_OP_ERR; + } + + if (s_convert_pem_to_raw_base64(allocator, pem_cursor, pem_objects)) { + goto on_error; + } + + for (size_t i = 0; i < aws_array_list_length(pem_objects); ++i) { + struct aws_pem_object *pem_obj_ptr = NULL; + aws_array_list_get_at_ptr(pem_objects, (void **)&pem_obj_ptr, i); + struct aws_byte_cursor byte_cur = aws_byte_cursor_from_buf(&pem_obj_ptr->data); + + size_t decoded_len = 0; + if (aws_base64_compute_decoded_len(&byte_cur, &decoded_len)) { + AWS_LOGF_ERROR(AWS_LS_IO_PEM, "Failed to get length for decoded base64 pem object."); + aws_raise_error(AWS_ERROR_PEM_MALFORMED); + goto on_error; + } + + struct aws_byte_buf decoded_buffer; + aws_byte_buf_init(&decoded_buffer, allocator, decoded_len); + + if (aws_base64_decode(&byte_cur, &decoded_buffer)) { + AWS_LOGF_ERROR(AWS_LS_IO_PEM, "Failed to base 64 decode pem object."); + aws_raise_error(AWS_ERROR_PEM_MALFORMED); + aws_byte_buf_clean_up_secure(&decoded_buffer); + goto on_error; + } + + aws_byte_buf_clean_up_secure(&pem_obj_ptr->data); + pem_obj_ptr->data = decoded_buffer; + } + + return AWS_OP_SUCCESS; + +on_error: + aws_pem_objects_clean_up(pem_objects); + return AWS_OP_ERR; +} + +int aws_pem_objects_init_from_file_path( + struct aws_array_list *pem_objects, + struct aws_allocator *allocator, + const char *filename) { + + struct aws_byte_buf raw_file_buffer; + if (aws_byte_buf_init_from_file(&raw_file_buffer, allocator, filename)) { + AWS_LOGF_ERROR(AWS_LS_IO_PEM, "Failed to read file %s.", filename); + return AWS_OP_ERR; + } + AWS_ASSERT(raw_file_buffer.buffer); + + struct aws_byte_cursor file_cursor = aws_byte_cursor_from_buf(&raw_file_buffer); + if (aws_pem_objects_init_from_file_contents(pem_objects, allocator, file_cursor)) { + aws_byte_buf_clean_up_secure(&raw_file_buffer); + AWS_LOGF_ERROR(AWS_LS_IO_PEM, "Failed to decode PEM file %s.", filename); + return AWS_OP_ERR; + } + + aws_byte_buf_clean_up_secure(&raw_file_buffer); + + return AWS_OP_SUCCESS; +} diff --git a/source/pem_utils.c b/source/pem_utils.c deleted file mode 100644 index c3843ffd4..000000000 --- a/source/pem_utils.c +++ /dev/null @@ -1,98 +0,0 @@ -/** - * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. - * SPDX-License-Identifier: Apache-2.0. - */ -#include -#include - -enum aws_pem_util_state { - BEGIN, - ON_DATA, - END, -}; - -static const struct aws_byte_cursor begin_header = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("-----BEGIN"); -static const struct aws_byte_cursor end_header = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("-----END"); -static const struct aws_byte_cursor dashes = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("-----"); - -int aws_sanitize_pem(struct aws_byte_buf *pem, struct aws_allocator *allocator) { - if (!pem->len) { - /* reject files with no PEM data */ - return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); - } - struct aws_byte_buf clean_pem_buf; - if (aws_byte_buf_init(&clean_pem_buf, allocator, pem->len)) { - return AWS_OP_ERR; - } - struct aws_byte_cursor pem_cursor = aws_byte_cursor_from_buf(pem); - int state = BEGIN; - - for (size_t i = 0; i < pem_cursor.len; i++) { - /* parse through the pem once */ - char current = *(pem_cursor.ptr + i); - switch (state) { - case BEGIN: - if (current == '-') { - struct aws_byte_cursor compare_cursor = pem_cursor; - compare_cursor.len = begin_header.len; - compare_cursor.ptr += i; - if (aws_byte_cursor_eq(&compare_cursor, &begin_header)) { - state = ON_DATA; - i--; - } - } - break; - case ON_DATA: - /* start copying everything */ - if (current == '-') { - struct aws_byte_cursor compare_cursor = pem_cursor; - compare_cursor.len = end_header.len; - compare_cursor.ptr += i; - if (aws_byte_cursor_eq(&compare_cursor, &end_header)) { - /* Copy the end header string and start to search for the end part of a pem */ - state = END; - aws_byte_buf_append(&clean_pem_buf, &end_header); - i += (end_header.len - 1); - break; - } - } - aws_byte_buf_append_byte_dynamic(&clean_pem_buf, (uint8_t)current); - break; - case END: - if (current == '-') { - struct aws_byte_cursor compare_cursor = pem_cursor; - compare_cursor.len = dashes.len; - compare_cursor.ptr += i; - if (aws_byte_cursor_eq(&compare_cursor, &dashes)) { - /* End part of a pem, copy the last 5 dashes and a new line, then ignore everything before next - * begin header */ - state = BEGIN; - aws_byte_buf_append(&clean_pem_buf, &dashes); - i += (dashes.len - 1); - aws_byte_buf_append_byte_dynamic(&clean_pem_buf, (uint8_t)'\n'); - break; - } - } - aws_byte_buf_append_byte_dynamic(&clean_pem_buf, (uint8_t)current); - break; - default: - break; - } - } - - if (clean_pem_buf.len == 0) { - /* No valid data remains after sanitization. File might have been the wrong format */ - aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); - goto error; - } - - struct aws_byte_cursor clean_pem_cursor = aws_byte_cursor_from_buf(&clean_pem_buf); - aws_byte_buf_reset(pem, true); - aws_byte_buf_append_dynamic(pem, &clean_pem_cursor); - aws_byte_buf_clean_up(&clean_pem_buf); - return AWS_OP_SUCCESS; - -error: - aws_byte_buf_clean_up(&clean_pem_buf); - return AWS_OP_ERR; -} diff --git a/source/pki_utils.c b/source/pki_utils.c deleted file mode 100644 index 7da9dc9af..000000000 --- a/source/pki_utils.c +++ /dev/null @@ -1,224 +0,0 @@ -/** - * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. - * SPDX-License-Identifier: Apache-2.0. - */ -#include - -#include - -#include -#include - -#include -#include -#include - -enum PEM_PARSE_STATE { - BEGIN, - ON_DATA, -}; - -void aws_cert_chain_clean_up(struct aws_array_list *cert_chain) { - for (size_t i = 0; i < aws_array_list_length(cert_chain); ++i) { - struct aws_byte_buf *decoded_buffer_ptr = NULL; - aws_array_list_get_at_ptr(cert_chain, (void **)&decoded_buffer_ptr, i); - - if (decoded_buffer_ptr) { - aws_secure_zero(decoded_buffer_ptr->buffer, decoded_buffer_ptr->len); - aws_byte_buf_clean_up(decoded_buffer_ptr); - } - } - - /* remember, we don't own it so we don't free it, just undo whatever mutations we've done at this point. */ - aws_array_list_clear(cert_chain); -} - -static int s_convert_pem_to_raw_base64( - struct aws_allocator *allocator, - const struct aws_byte_cursor *pem, - struct aws_array_list *cert_chain_or_key) { - enum PEM_PARSE_STATE state = BEGIN; - - struct aws_byte_buf current_cert; - const char *begin_header = "-----BEGIN"; - const char *end_header = "-----END"; - size_t begin_header_len = strlen(begin_header); - size_t end_header_len = strlen(end_header); - bool on_length_calc = true; - - struct aws_array_list split_buffers; - if (aws_array_list_init_dynamic(&split_buffers, allocator, 16, sizeof(struct aws_byte_cursor))) { - return AWS_OP_ERR; - } - - if (aws_byte_cursor_split_on_char(pem, '\n', &split_buffers)) { - aws_array_list_clean_up(&split_buffers); - AWS_LOGF_ERROR(AWS_LS_IO_PKI, "static: Invalid PEM buffer: failed to split on newline"); - return AWS_OP_ERR; - } - - size_t split_count = aws_array_list_length(&split_buffers); - size_t i = 0; - size_t index_of_current_cert_start = 0; - size_t current_cert_len = 0; - - while (i < split_count) { - struct aws_byte_cursor *current_cur_ptr = NULL; - aws_array_list_get_at_ptr(&split_buffers, (void **)¤t_cur_ptr, i); - - /* burn off the padding in the buffer first. - * Worst case we'll only have to do this once per line in the buffer. */ - while (current_cur_ptr->len && aws_isspace(*current_cur_ptr->ptr)) { - aws_byte_cursor_advance(current_cur_ptr, 1); - } - - /* handle CRLF on Windows by burning '\r' off the end of the buffer */ - if (current_cur_ptr->len && (current_cur_ptr->ptr[current_cur_ptr->len - 1] == '\r')) { - current_cur_ptr->len--; - } - - switch (state) { - case BEGIN: - if (current_cur_ptr->len > begin_header_len && - !strncmp((const char *)current_cur_ptr->ptr, begin_header, begin_header_len)) { - state = ON_DATA; - index_of_current_cert_start = i + 1; - } - ++i; - break; - /* this loops through the lines containing data twice. First to figure out the length, a second - * time to actually copy the data. */ - case ON_DATA: - /* Found end tag. */ - if (current_cur_ptr->len > end_header_len && - !strncmp((const char *)current_cur_ptr->ptr, end_header, end_header_len)) { - if (on_length_calc) { - on_length_calc = false; - state = ON_DATA; - i = index_of_current_cert_start; - - if (aws_byte_buf_init(¤t_cert, allocator, current_cert_len)) { - goto end_of_loop; - } - - } else { - if (aws_array_list_push_back(cert_chain_or_key, ¤t_cert)) { - aws_secure_zero(¤t_cert.buffer, current_cert.len); - aws_byte_buf_clean_up(¤t_cert); - goto end_of_loop; - } - state = BEGIN; - on_length_calc = true; - current_cert_len = 0; - ++i; - } - /* actually on a line with data in it. */ - } else { - if (!on_length_calc) { - aws_byte_buf_write(¤t_cert, current_cur_ptr->ptr, current_cur_ptr->len); - } else { - current_cert_len += current_cur_ptr->len; - } - ++i; - } - break; - } - } - -end_of_loop: - aws_array_list_clean_up(&split_buffers); - - if (state == BEGIN && aws_array_list_length(cert_chain_or_key) > 0) { - return AWS_OP_SUCCESS; - } - - AWS_LOGF_ERROR(AWS_LS_IO_PKI, "static: Invalid PEM buffer."); - aws_cert_chain_clean_up(cert_chain_or_key); - return aws_raise_error(AWS_IO_FILE_VALIDATION_FAILURE); -} - -int aws_decode_pem_to_buffer_list( - struct aws_allocator *alloc, - const struct aws_byte_cursor *pem_cursor, - struct aws_array_list *cert_chain_or_key) { - AWS_ASSERT(aws_array_list_length(cert_chain_or_key) == 0); - struct aws_array_list base_64_buffer_list; - - if (aws_array_list_init_dynamic(&base_64_buffer_list, alloc, 2, sizeof(struct aws_byte_buf))) { - return AWS_OP_ERR; - } - - int err_code = AWS_OP_ERR; - - if (s_convert_pem_to_raw_base64(alloc, pem_cursor, &base_64_buffer_list)) { - goto cleanup_base64_buffer_list; - } - - for (size_t i = 0; i < aws_array_list_length(&base_64_buffer_list); ++i) { - size_t decoded_len = 0; - struct aws_byte_buf *byte_buf_ptr = NULL; - aws_array_list_get_at_ptr(&base_64_buffer_list, (void **)&byte_buf_ptr, i); - struct aws_byte_cursor byte_cur = aws_byte_cursor_from_buf(byte_buf_ptr); - - if (aws_base64_compute_decoded_len(&byte_cur, &decoded_len)) { - aws_raise_error(AWS_IO_FILE_VALIDATION_FAILURE); - goto cleanup_all; - } - - struct aws_byte_buf decoded_buffer; - if (aws_byte_buf_init(&decoded_buffer, alloc, decoded_len)) { - goto cleanup_all; - } - - if (aws_base64_decode(&byte_cur, &decoded_buffer)) { - aws_raise_error(AWS_IO_FILE_VALIDATION_FAILURE); - aws_byte_buf_clean_up_secure(&decoded_buffer); - goto cleanup_all; - } - - if (aws_array_list_push_back(cert_chain_or_key, &decoded_buffer)) { - aws_byte_buf_clean_up_secure(&decoded_buffer); - goto cleanup_all; - } - } - - err_code = AWS_OP_SUCCESS; - -cleanup_all: - if (err_code != AWS_OP_SUCCESS) { - AWS_LOGF_ERROR(AWS_LS_IO_PKI, "static: Invalid PEM buffer."); - aws_cert_chain_clean_up(cert_chain_or_key); - } - -cleanup_base64_buffer_list: - aws_cert_chain_clean_up(&base_64_buffer_list); - aws_array_list_clean_up(&base_64_buffer_list); - - return err_code; -} - -int aws_read_and_decode_pem_file_to_buffer_list( - struct aws_allocator *alloc, - const char *filename, - struct aws_array_list *cert_chain_or_key) { - - struct aws_byte_buf raw_file_buffer; - if (aws_byte_buf_init_from_file(&raw_file_buffer, alloc, filename)) { - AWS_LOGF_ERROR(AWS_LS_IO_PKI, "static: Failed to read file %s.", filename); - return AWS_OP_ERR; - } - AWS_ASSERT(raw_file_buffer.buffer); - - struct aws_byte_cursor file_cursor = aws_byte_cursor_from_buf(&raw_file_buffer); - if (aws_decode_pem_to_buffer_list(alloc, &file_cursor, cert_chain_or_key)) { - aws_secure_zero(raw_file_buffer.buffer, raw_file_buffer.len); - aws_byte_buf_clean_up(&raw_file_buffer); - AWS_LOGF_ERROR(AWS_LS_IO_PKI, "static: Failed to decode PEM file %s.", filename); - return AWS_OP_ERR; - } - - aws_secure_zero(raw_file_buffer.buffer, raw_file_buffer.len); - aws_byte_buf_clean_up(&raw_file_buffer); - - return AWS_OP_SUCCESS; -} diff --git a/source/windows/windows_pki_utils.c b/source/windows/windows_pki_utils.c index 921b1cc5a..e1c47d548 100644 --- a/source/windows/windows_pki_utils.c +++ b/source/windows/windows_pki_utils.c @@ -3,6 +3,7 @@ * SPDX-License-Identifier: Apache-2.0. */ +#include #include #include @@ -183,11 +184,7 @@ int aws_import_trusted_certificates( *cert_store = NULL; int result = AWS_OP_ERR; - if (aws_array_list_init_dynamic(&certificates, alloc, 2, sizeof(struct aws_byte_buf))) { - return AWS_OP_ERR; - } - - if (aws_decode_pem_to_buffer_list(alloc, certificates_blob, &certificates)) { + if (aws_pem_objects_init_from_file_contents(&certificates, alloc, *certificates_blob)) { goto clean_up; } @@ -210,14 +207,14 @@ int aws_import_trusted_certificates( AWS_LOGF_INFO(AWS_LS_IO_PKI, "static: loading %d certificates in cert chain for use as a CA", (int)cert_count); for (size_t i = 0; i < cert_count; ++i) { - struct aws_byte_buf *byte_buf_ptr = NULL; - aws_array_list_get_at_ptr(&certificates, (void **)&byte_buf_ptr, i); + struct aws_pem_object *pem_object_ptr = NULL; + aws_array_list_get_at_ptr(&certificates, (void **)&pem_object_ptr, i); CERT_BLOB cert_blob; CERT_CONTEXT *cert_context = NULL; - cert_blob.pbData = byte_buf_ptr->buffer; - cert_blob.cbData = (DWORD)byte_buf_ptr->len; + cert_blob.pbData = pem_object_ptr->data.buffer; + cert_blob.cbData = (DWORD)pem_object_ptr->data.len; DWORD content_type = 0; BOOL query_res = CryptQueryObject( @@ -258,8 +255,7 @@ int aws_import_trusted_certificates( clean_up: - aws_cert_chain_clean_up(&certificates); - aws_array_list_clean_up(&certificates); + aws_pem_objects_clean_up(&certificates); if (result == AWS_OP_ERR && *cert_store) { aws_close_cert_store(*cert_store); @@ -564,21 +560,13 @@ int aws_import_key_pair_to_cert_context( int result = AWS_OP_ERR; BYTE *key = NULL; - if (aws_array_list_init_dynamic(&certificates, alloc, 2, sizeof(struct aws_byte_buf))) { - return AWS_OP_ERR; - } - - if (aws_decode_pem_to_buffer_list(alloc, public_cert_chain, &certificates)) { + if (aws_pem_objects_init_from_file_contents(&certificates, alloc, *public_cert_chain)) { AWS_LOGF_ERROR( AWS_LS_IO_PKI, "static: failed to decode cert pem to buffer list with error %d", (int)aws_last_error()); goto clean_up; } - if (aws_array_list_init_dynamic(&private_keys, alloc, 1, sizeof(struct aws_byte_buf))) { - goto clean_up; - } - - if (aws_decode_pem_to_buffer_list(alloc, private_key, &private_keys)) { + if (aws_pem_objects_init_from_file_contents(&private_keys, alloc, *private_key)) { AWS_LOGF_ERROR( AWS_LS_IO_PKI, "static: failed to decode key pem to buffer list with error %d", (int)aws_last_error()); goto clean_up; @@ -598,13 +586,13 @@ int aws_import_key_pair_to_cert_context( } for (size_t i = 0; i < cert_count; ++i) { - struct aws_byte_buf *byte_buf_ptr = NULL; - aws_array_list_get_at_ptr(&certificates, (void **)&byte_buf_ptr, i); + struct aws_pem_object *pem_object_ptr = NULL; + aws_array_list_get_at_ptr(&certificates, (void **)&pem_object_ptr, i); CERT_BLOB cert_blob; - cert_blob.pbData = byte_buf_ptr->buffer; - cert_blob.cbData = (DWORD)byte_buf_ptr->len; + cert_blob.pbData = pem_object_ptr->data.buffer; + cert_blob.cbData = (DWORD)pem_object_ptr->data.len; DWORD content_type = 0; PCERT_CONTEXT cert_context = NULL; @@ -650,7 +638,7 @@ int aws_import_key_pair_to_cert_context( goto clean_up; } - struct aws_byte_buf *private_key_ptr = NULL; + struct aws_pem_object *private_key_ptr = NULL; DWORD decoded_len = 0; enum aws_certificate_type cert_type = AWS_CT_X509_UNKNOWN; size_t private_key_count = aws_array_list_length(&private_keys); @@ -660,8 +648,8 @@ int aws_import_key_pair_to_cert_context( if (CryptDecodeObjectEx( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, PKCS_RSA_PRIVATE_KEY, - private_key_ptr->buffer, - (DWORD)private_key_ptr->len, + private_key_ptr->data.buffer, + (DWORD)private_key_ptr->data.len, CRYPT_DECODE_ALLOC_FLAG, 0, &key, @@ -672,8 +660,8 @@ int aws_import_key_pair_to_cert_context( else if (CryptDecodeObjectEx( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, X509_ECC_PRIVATE_KEY, - private_key_ptr->buffer, - (DWORD)private_key_ptr->len, + private_key_ptr->data.buffer, + (DWORD)private_key_ptr->data.len, CRYPT_DECODE_ALLOC_FLAG, NULL, &key, @@ -729,10 +717,8 @@ int aws_import_key_pair_to_cert_context( } clean_up: - aws_cert_chain_clean_up(&certificates); - aws_array_list_clean_up(&certificates); - aws_cert_chain_clean_up(&private_keys); - aws_array_list_clean_up(&private_keys); + aws_pem_objects_clean_up(&certificates); + aws_pem_objects_clean_up(&private_keys); LocalFree(key); diff --git a/tests/pki_utils_test.c b/tests/pem_test.c similarity index 83% rename from tests/pki_utils_test.c rename to tests/pem_test.c index 584e4b0dc..767ef04a0 100644 --- a/tests/pki_utils_test.c +++ b/tests/pem_test.c @@ -2,10 +2,316 @@ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ +#include +#include +#include #include -#include +static int s_check_clean_pem_result( + struct aws_byte_cursor dirty_pem, + struct aws_byte_cursor expected_clean_pem, + struct aws_allocator *allocator) { + struct aws_byte_buf pem_buf; + ASSERT_SUCCESS(aws_byte_buf_init_copy_from_cursor(&pem_buf, allocator, dirty_pem)); + ASSERT_SUCCESS(aws_sanitize_pem(&pem_buf, allocator)); + ASSERT_TRUE(aws_byte_cursor_eq_byte_buf(&expected_clean_pem, &pem_buf)); + aws_byte_buf_clean_up(&pem_buf); + return AWS_OP_SUCCESS; +} + +static int s_test_pem_sanitize_comments_around_pem_object_removed(struct aws_allocator *allocator, void *ctx) { + (void)ctx; + /* comments around pem object will be removed */ + struct aws_byte_cursor dirty_pem = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("# comments\r\n" + "-----BEGIN CERTIFICATE-----\n" + "CERTIFICATES\n" + "-----END CERTIFICATE-----\n" + "# another comments\r\n" + "-----BEGIN CERTIFICATE-----\n" + "CERTIFICATES\n" + "-----END CERTIFICATE-----\n" + "# final comments\r\n"); + + struct aws_byte_cursor expected_clean_pem = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("-----BEGIN CERTIFICATE-----\n" + "CERTIFICATES\n" + "-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\n" + "CERTIFICATES\n" + "-----END CERTIFICATE-----\n"); + + return s_check_clean_pem_result(dirty_pem, expected_clean_pem, allocator); +} + +AWS_TEST_CASE(pem_sanitize_comments_around_pem_object_removed, s_test_pem_sanitize_comments_around_pem_object_removed); + +static int s_test_pem_sanitize_empty_file_rejected(struct aws_allocator *allocator, void *ctx) { + (void)ctx; + /* We don't allow empty files. */ + struct aws_byte_buf pem; + ASSERT_SUCCESS(aws_byte_buf_init(&pem, allocator, 512)); + + ASSERT_ERROR(AWS_ERROR_INVALID_ARGUMENT, aws_sanitize_pem(&pem, allocator)); + + aws_byte_buf_clean_up(&pem); + return AWS_OP_SUCCESS; +} + +AWS_TEST_CASE(pem_sanitize_empty_file_rejected, s_test_pem_sanitize_empty_file_rejected) + +AWS_TEST_CASE(pem_sanitize_wrong_format_rejected, s_test_pem_sanitize_wrong_format_rejected) +static int s_test_pem_sanitize_wrong_format_rejected(struct aws_allocator *allocator, void *ctx) { + (void)ctx; + /* A file with the wrong format will "sanitize" to an empty PEM file, which we do not accept */ + + /* This is not a PEM file, it's a DER encoded binary x.509 certificate */ + const uint8_t not_a_pem_src[] = { + 0x30, 0x82, 0x04, 0xD3, 0x30, 0x82, 0x03, 0xBB, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x18, 0xDA, 0xD1, + 0x9E, 0x26, 0x7D, 0xE8, 0xBB, 0x4A, 0x21, 0x58, 0xCD, 0xCC, 0x6B, 0x3B, 0x4A, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x81, 0xCA, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, + 0x0E, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6E, 0x2C, 0x20, 0x49, 0x6E, 0x63, 0x2E, 0x31, 0x1F, 0x30, + 0x1D, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x16, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6E, 0x20, 0x54, + 0x72, 0x75, 0x73, 0x74, 0x20, 0x4E, 0x65, 0x74, 0x77, 0x6F, 0x72, 0x6B, 0x31, 0x3A, 0x30, 0x38, 0x06, 0x03, + 0x55, 0x04, 0x0B, 0x13, 0x31, 0x28, 0x63, 0x29, 0x20, 0x32, 0x30, 0x30, 0x36, 0x20, 0x56, 0x65, 0x72, 0x69, + 0x53, 0x69, 0x67, 0x6E, 0x2C, 0x20, 0x49, 0x6E, 0x63, 0x2E, 0x20, 0x2D, 0x20, 0x46, 0x6F, 0x72, 0x20, 0x61, + 0x75, 0x74, 0x68, 0x6F, 0x72, 0x69, 0x7A, 0x65, 0x64, 0x20, 0x75, 0x73, 0x65, 0x20, 0x6F, 0x6E, 0x6C, 0x79, + 0x31, 0x45, 0x30, 0x43, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x3C, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, + 0x6E, 0x20, 0x43, 0x6C, 0x61, 0x73, 0x73, 0x20, 0x33, 0x20, 0x50, 0x75, 0x62, 0x6C, 0x69, 0x63, 0x20, 0x50, + 0x72, 0x69, 0x6D, 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, + 0x6F, 0x6E, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6F, 0x72, 0x69, 0x74, 0x79, 0x20, 0x2D, 0x20, 0x47, 0x35, 0x30, + 0x1E, 0x17, 0x0D, 0x30, 0x36, 0x31, 0x31, 0x30, 0x38, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5A, 0x17, 0x0D, + 0x33, 0x36, 0x30, 0x37, 0x31, 0x36, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5A, 0x30, 0x81, 0xCA, 0x31, 0x0B, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, + 0x04, 0x0A, 0x13, 0x0E, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6E, 0x2C, 0x20, 0x49, 0x6E, 0x63, 0x2E, + 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x16, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, + 0x6E, 0x20, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x4E, 0x65, 0x74, 0x77, 0x6F, 0x72, 0x6B, 0x31, 0x3A, 0x30, + 0x38, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x31, 0x28, 0x63, 0x29, 0x20, 0x32, 0x30, 0x30, 0x36, 0x20, 0x56, + 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6E, 0x2C, 0x20, 0x49, 0x6E, 0x63, 0x2E, 0x20, 0x2D, 0x20, 0x46, 0x6F, + 0x72, 0x20, 0x61, 0x75, 0x74, 0x68, 0x6F, 0x72, 0x69, 0x7A, 0x65, 0x64, 0x20, 0x75, 0x73, 0x65, 0x20, 0x6F, + 0x6E, 0x6C, 0x79, 0x31, 0x45, 0x30, 0x43, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x3C, 0x56, 0x65, 0x72, 0x69, + 0x53, 0x69, 0x67, 0x6E, 0x20, 0x43, 0x6C, 0x61, 0x73, 0x73, 0x20, 0x33, 0x20, 0x50, 0x75, 0x62, 0x6C, 0x69, + 0x63, 0x20, 0x50, 0x72, 0x69, 0x6D, 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, + 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6F, 0x72, 0x69, 0x74, 0x79, 0x20, 0x2D, 0x20, + 0x47, 0x35, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xAF, + 0x24, 0x08, 0x08, 0x29, 0x7A, 0x35, 0x9E, 0x60, 0x0C, 0xAA, 0xE7, 0x4B, 0x3B, 0x4E, 0xDC, 0x7C, 0xBC, 0x3C, + 0x45, 0x1C, 0xBB, 0x2B, 0xE0, 0xFE, 0x29, 0x02, 0xF9, 0x57, 0x08, 0xA3, 0x64, 0x85, 0x15, 0x27, 0xF5, 0xF1, + 0xAD, 0xC8, 0x31, 0x89, 0x5D, 0x22, 0xE8, 0x2A, 0xAA, 0xA6, 0x42, 0xB3, 0x8F, 0xF8, 0xB9, 0x55, 0xB7, 0xB1, + 0xB7, 0x4B, 0xB3, 0xFE, 0x8F, 0x7E, 0x07, 0x57, 0xEC, 0xEF, 0x43, 0xDB, 0x66, 0x62, 0x15, 0x61, 0xCF, 0x60, + 0x0D, 0xA4, 0xD8, 0xDE, 0xF8, 0xE0, 0xC3, 0x62, 0x08, 0x3D, 0x54, 0x13, 0xEB, 0x49, 0xCA, 0x59, 0x54, 0x85, + 0x26, 0xE5, 0x2B, 0x8F, 0x1B, 0x9F, 0xEB, 0xF5, 0xA1, 0x91, 0xC2, 0x33, 0x49, 0xD8, 0x43, 0x63, 0x6A, 0x52, + 0x4B, 0xD2, 0x8F, 0xE8, 0x70, 0x51, 0x4D, 0xD1, 0x89, 0x69, 0x7B, 0xC7, 0x70, 0xF6, 0xB3, 0xDC, 0x12, 0x74, + 0xDB, 0x7B, 0x5D, 0x4B, 0x56, 0xD3, 0x96, 0xBF, 0x15, 0x77, 0xA1, 0xB0, 0xF4, 0xA2, 0x25, 0xF2, 0xAF, 0x1C, + 0x92, 0x67, 0x18, 0xE5, 0xF4, 0x06, 0x04, 0xEF, 0x90, 0xB9, 0xE4, 0x00, 0xE4, 0xDD, 0x3A, 0xB5, 0x19, 0xFF, + 0x02, 0xBA, 0xF4, 0x3C, 0xEE, 0xE0, 0x8B, 0xEB, 0x37, 0x8B, 0xEC, 0xF4, 0xD7, 0xAC, 0xF2, 0xF6, 0xF0, 0x3D, + 0xAF, 0xDD, 0x75, 0x91, 0x33, 0x19, 0x1D, 0x1C, 0x40, 0xCB, 0x74, 0x24, 0x19, 0x21, 0x93, 0xD9, 0x14, 0xFE, + 0xAC, 0x2A, 0x52, 0xC7, 0x8F, 0xD5, 0x04, 0x49, 0xE4, 0x8D, 0x63, 0x47, 0x88, 0x3C, 0x69, 0x83, 0xCB, 0xFE, + 0x47, 0xBD, 0x2B, 0x7E, 0x4F, 0xC5, 0x95, 0xAE, 0x0E, 0x9D, 0xD4, 0xD1, 0x43, 0xC0, 0x67, 0x73, 0xE3, 0x14, + 0x08, 0x7E, 0xE5, 0x3F, 0x9F, 0x73, 0xB8, 0x33, 0x0A, 0xCF, 0x5D, 0x3F, 0x34, 0x87, 0x96, 0x8A, 0xEE, 0x53, + 0xE8, 0x25, 0x15, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x81, 0xB2, 0x30, 0x81, 0xAF, 0x30, 0x0F, 0x06, 0x03, + 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, + 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x6D, 0x06, 0x08, 0x2B, 0x06, 0x01, + 0x05, 0x05, 0x07, 0x01, 0x0C, 0x04, 0x61, 0x30, 0x5F, 0xA1, 0x5D, 0xA0, 0x5B, 0x30, 0x59, 0x30, 0x57, 0x30, + 0x55, 0x16, 0x09, 0x69, 0x6D, 0x61, 0x67, 0x65, 0x2F, 0x67, 0x69, 0x66, 0x30, 0x21, 0x30, 0x1F, 0x30, 0x07, + 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x04, 0x14, 0x8F, 0xE5, 0xD3, 0x1A, 0x86, 0xAC, 0x8D, 0x8E, 0x6B, + 0xC3, 0xCF, 0x80, 0x6A, 0xD4, 0x48, 0x18, 0x2C, 0x7B, 0x19, 0x2E, 0x30, 0x25, 0x16, 0x23, 0x68, 0x74, 0x74, + 0x70, 0x3A, 0x2F, 0x2F, 0x6C, 0x6F, 0x67, 0x6F, 0x2E, 0x76, 0x65, 0x72, 0x69, 0x73, 0x69, 0x67, 0x6E, 0x2E, + 0x63, 0x6F, 0x6D, 0x2F, 0x76, 0x73, 0x6C, 0x6F, 0x67, 0x6F, 0x2E, 0x67, 0x69, 0x66, 0x30, 0x1D, 0x06, 0x03, + 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x7F, 0xD3, 0x65, 0xA7, 0xC2, 0xDD, 0xEC, 0xBB, 0xF0, 0x30, 0x09, + 0xF3, 0x43, 0x39, 0xFA, 0x02, 0xAF, 0x33, 0x31, 0x33, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x93, 0x24, 0x4A, 0x30, 0x5F, 0x62, 0xCF, + 0xD8, 0x1A, 0x98, 0x2F, 0x3D, 0xEA, 0xDC, 0x99, 0x2D, 0xBD, 0x77, 0xF6, 0xA5, 0x79, 0x22, 0x38, 0xEC, 0xC4, + 0xA7, 0xA0, 0x78, 0x12, 0xAD, 0x62, 0x0E, 0x45, 0x70, 0x64, 0xC5, 0xE7, 0x97, 0x66, 0x2D, 0x98, 0x09, 0x7E, + 0x5F, 0xAF, 0xD6, 0xCC, 0x28, 0x65, 0xF2, 0x01, 0xAA, 0x08, 0x1A, 0x47, 0xDE, 0xF9, 0xF9, 0x7C, 0x92, 0x5A, + 0x08, 0x69, 0x20, 0x0D, 0xD9, 0x3E, 0x6D, 0x6E, 0x3C, 0x0D, 0x6E, 0xD8, 0xE6, 0x06, 0x91, 0x40, 0x18, 0xB9, + 0xF8, 0xC1, 0xED, 0xDF, 0xDB, 0x41, 0xAA, 0xE0, 0x96, 0x20, 0xC9, 0xCD, 0x64, 0x15, 0x38, 0x81, 0xC9, 0x94, + 0xEE, 0xA2, 0x84, 0x29, 0x0B, 0x13, 0x6F, 0x8E, 0xDB, 0x0C, 0xDD, 0x25, 0x02, 0xDB, 0xA4, 0x8B, 0x19, 0x44, + 0xD2, 0x41, 0x7A, 0x05, 0x69, 0x4A, 0x58, 0x4F, 0x60, 0xCA, 0x7E, 0x82, 0x6A, 0x0B, 0x02, 0xAA, 0x25, 0x17, + 0x39, 0xB5, 0xDB, 0x7F, 0xE7, 0x84, 0x65, 0x2A, 0x95, 0x8A, 0xBD, 0x86, 0xDE, 0x5E, 0x81, 0x16, 0x83, 0x2D, + 0x10, 0xCC, 0xDE, 0xFD, 0xA8, 0x82, 0x2A, 0x6D, 0x28, 0x1F, 0x0D, 0x0B, 0xC4, 0xE5, 0xE7, 0x1A, 0x26, 0x19, + 0xE1, 0xF4, 0x11, 0x6F, 0x10, 0xB5, 0x95, 0xFC, 0xE7, 0x42, 0x05, 0x32, 0xDB, 0xCE, 0x9D, 0x51, 0x5E, 0x28, + 0xB6, 0x9E, 0x85, 0xD3, 0x5B, 0xEF, 0xA5, 0x7D, 0x45, 0x40, 0x72, 0x8E, 0xB7, 0x0E, 0x6B, 0x0E, 0x06, 0xFB, + 0x33, 0x35, 0x48, 0x71, 0xB8, 0x9D, 0x27, 0x8B, 0xC4, 0x65, 0x5F, 0x0D, 0x86, 0x76, 0x9C, 0x44, 0x7A, 0xF6, + 0x95, 0x5C, 0xF6, 0x5D, 0x32, 0x08, 0x33, 0xA4, 0x54, 0xB6, 0x18, 0x3F, 0x68, 0x5C, 0xF2, 0x42, 0x4A, 0x85, + 0x38, 0x54, 0x83, 0x5F, 0xD1, 0xE8, 0x2C, 0xF2, 0xAC, 0x11, 0xD6, 0xA8, 0xED, 0x63, 0x6A}; + struct aws_byte_cursor not_a_pem_cursor = aws_byte_cursor_from_array(not_a_pem_src, sizeof(not_a_pem_src)); + struct aws_byte_buf not_a_pem; + ASSERT_SUCCESS(aws_byte_buf_init_copy_from_cursor(¬_a_pem, allocator, not_a_pem_cursor)); + + ASSERT_ERROR(AWS_ERROR_INVALID_ARGUMENT, aws_sanitize_pem(¬_a_pem, allocator)); + + aws_byte_buf_clean_up(¬_a_pem); + return AWS_OP_SUCCESS; +} + +static int s_test_pem_cert_parse_from_file(struct aws_allocator *allocator, void *ctx) { + (void)ctx; + + static const uint8_t s_expected[] = { + 0x30, 0x82, 0x03, 0xec, 0x30, 0x82, 0x02, 0xd4, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x84, 0x7d, + 0x2e, 0xed, 0x4d, 0xfc, 0x26, 0x87, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x0b, 0x05, 0x00, 0x30, 0x81, 0x9a, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, + 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, + 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, + 0x74, 0x74, 0x6c, 0x65, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x06, 0x41, 0x6d, 0x61, + 0x7a, 0x6f, 0x6e, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x04, 0x53, 0x44, 0x4b, 0x73, + 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, + 0x73, 0x74, 0x31, 0x30, 0x30, 0x2e, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, + 0x21, 0x61, 0x77, 0x73, 0x2d, 0x73, 0x64, 0x6b, 0x2d, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2d, 0x72, 0x75, + 0x6e, 0x74, 0x69, 0x6d, 0x65, 0x40, 0x61, 0x6d, 0x61, 0x7a, 0x6f, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, + 0x17, 0x0d, 0x32, 0x31, 0x30, 0x36, 0x31, 0x36, 0x30, 0x36, 0x31, 0x37, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, + 0x33, 0x30, 0x39, 0x31, 0x38, 0x30, 0x36, 0x31, 0x37, 0x30, 0x30, 0x5a, 0x30, 0x81, 0x9a, 0x31, 0x0b, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x0f, 0x30, 0x0d, 0x06, + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x06, 0x41, 0x6d, 0x61, 0x7a, 0x6f, 0x6e, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, + 0x55, 0x04, 0x0b, 0x0c, 0x04, 0x53, 0x44, 0x4b, 0x73, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0c, 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x31, 0x30, 0x30, 0x2e, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x21, 0x61, 0x77, 0x73, 0x2d, 0x73, 0x64, 0x6b, 0x2d, + 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2d, 0x72, 0x75, 0x6e, 0x74, 0x69, 0x6d, 0x65, 0x40, 0x61, 0x6d, 0x61, + 0x7a, 0x6f, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, + 0x82, 0x01, 0x01, 0x00, 0xd7, 0x6a, 0x57, 0x48, 0xf8, 0x0e, 0x44, 0x03, 0x25, 0x42, 0xd6, 0x11, 0x6f, 0x1b, + 0xb3, 0xfc, 0xe7, 0x1a, 0xa2, 0xb6, 0xa7, 0xdc, 0x2d, 0x85, 0x8f, 0x28, 0xe1, 0xbb, 0x4b, 0xee, 0x71, 0x21, + 0x19, 0x4b, 0x0c, 0x43, 0x26, 0x9e, 0xf9, 0x4c, 0x14, 0x04, 0x31, 0xa7, 0xd2, 0xa5, 0x21, 0x0a, 0x01, 0x02, + 0xde, 0x0e, 0xde, 0xf1, 0xb8, 0x34, 0x43, 0x62, 0x7e, 0x76, 0x57, 0x85, 0x04, 0xe9, 0xc1, 0x7e, 0xc5, 0x35, + 0xa1, 0xb7, 0x3b, 0x1f, 0xee, 0x68, 0x4d, 0xfe, 0x51, 0xda, 0x0c, 0xf7, 0x2f, 0x47, 0x60, 0x12, 0x3c, 0x01, + 0x24, 0xce, 0x48, 0xa5, 0xf0, 0xa0, 0x8b, 0x63, 0x87, 0xba, 0xb5, 0x3c, 0x52, 0xc1, 0x0f, 0x7b, 0xb2, 0x99, + 0x4d, 0xb8, 0x46, 0x74, 0xf7, 0xd1, 0xe8, 0x25, 0x84, 0xd3, 0x2c, 0x56, 0x91, 0x78, 0x87, 0xdd, 0xd4, 0x3d, + 0xf3, 0x67, 0x51, 0x18, 0x71, 0x2c, 0x3c, 0xc3, 0xe1, 0x99, 0xd9, 0x2c, 0x44, 0x51, 0xf6, 0x14, 0x48, 0xbd, + 0x82, 0x16, 0x62, 0x18, 0x4a, 0x44, 0x23, 0x9e, 0x5b, 0x09, 0x08, 0x8a, 0x42, 0xa0, 0x68, 0x03, 0x88, 0x10, + 0x0f, 0x6c, 0x85, 0x09, 0x3b, 0x72, 0x96, 0x04, 0x35, 0xf4, 0x26, 0x01, 0x83, 0x6f, 0x1d, 0xd6, 0x7f, 0x78, + 0xd7, 0x1b, 0xf6, 0x3a, 0x4f, 0xad, 0xcb, 0x3e, 0xc3, 0xbe, 0x01, 0x2d, 0xb4, 0x44, 0x2b, 0xdc, 0x10, 0x5d, + 0x05, 0xfe, 0xb9, 0x43, 0x20, 0xdc, 0xc8, 0xe4, 0x40, 0x07, 0x3b, 0x54, 0xce, 0x11, 0xdf, 0x5f, 0x28, 0xeb, + 0xbe, 0x24, 0x02, 0xb4, 0xe8, 0xfc, 0x35, 0x9b, 0xbe, 0xc1, 0x80, 0xea, 0xc4, 0xec, 0x5b, 0x6f, 0x20, 0x6e, + 0xe4, 0x60, 0xd5, 0x6e, 0x38, 0x43, 0xde, 0x22, 0x73, 0x87, 0x90, 0xeb, 0xaa, 0xaf, 0x20, 0xe2, 0xb0, 0x1d, + 0x4f, 0xc2, 0x2c, 0x8f, 0x34, 0x86, 0xea, 0x75, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x33, 0x30, 0x31, 0x30, + 0x13, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x0c, 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, + 0x03, 0x01, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x13, 0x30, 0x11, 0x82, 0x09, 0x6c, 0x6f, 0x63, + 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x07, 0xb4, 0x9a, 0x48, + 0x4e, 0x6d, 0x71, 0x32, 0xf4, 0x35, 0x89, 0xf5, 0xe1, 0xe8, 0x27, 0x5e, 0xe3, 0x51, 0x0d, 0x54, 0xf2, 0xde, + 0x1e, 0x2f, 0x9a, 0x0d, 0xdd, 0x02, 0xd4, 0xce, 0x15, 0x93, 0x8b, 0xe6, 0x75, 0x77, 0xc2, 0x41, 0xf6, 0xbf, + 0xfc, 0xac, 0x25, 0x96, 0xea, 0x80, 0x38, 0x68, 0xe2, 0xa5, 0x72, 0x9a, 0x31, 0xa2, 0x95, 0x43, 0xa9, 0x90, + 0x39, 0x64, 0xe3, 0x6c, 0x29, 0x37, 0x0c, 0x7a, 0xb7, 0x18, 0x97, 0x47, 0x0e, 0x16, 0x79, 0x2f, 0x9a, 0x92, + 0x7b, 0x51, 0xac, 0xe4, 0x4c, 0x70, 0xc2, 0xe4, 0xf3, 0x7f, 0x2b, 0x63, 0x53, 0x2c, 0x3b, 0xdb, 0xf1, 0xef, + 0x84, 0xda, 0xf3, 0x71, 0x6c, 0x6e, 0xb8, 0x41, 0x48, 0xae, 0xb5, 0x12, 0x1b, 0x20, 0xec, 0xdf, 0xff, 0x9f, + 0x2b, 0x2d, 0x66, 0x52, 0x0a, 0x72, 0x17, 0x99, 0xa5, 0x4d, 0x28, 0x29, 0x8a, 0x9c, 0xc8, 0x51, 0xd0, 0xe8, + 0x5c, 0x42, 0x66, 0x3e, 0xef, 0x06, 0xda, 0x72, 0xea, 0xa8, 0x5a, 0x5a, 0x02, 0x0f, 0xa2, 0x68, 0x80, 0xa9, + 0x9a, 0xa4, 0x30, 0x8c, 0x9e, 0x69, 0x75, 0xa5, 0x5c, 0x34, 0x8b, 0x71, 0x49, 0xe5, 0x3a, 0x1a, 0x74, 0xa9, + 0x51, 0x86, 0xee, 0x06, 0xf9, 0x54, 0x37, 0x0c, 0xf6, 0x17, 0x8a, 0x1e, 0xc3, 0x54, 0x6d, 0xa9, 0x52, 0x4a, + 0x2f, 0xf8, 0xd0, 0xe3, 0x56, 0xc2, 0x61, 0x14, 0xfd, 0x7c, 0x77, 0x2b, 0x5b, 0x8b, 0x93, 0x2c, 0x6e, 0x76, + 0x46, 0xa9, 0x00, 0x34, 0x8d, 0x55, 0x42, 0x6a, 0xe2, 0x6b, 0xa3, 0xd8, 0xe6, 0x5a, 0x5b, 0x65, 0x98, 0xa8, + 0xb1, 0x85, 0x01, 0x92, 0x42, 0xf4, 0xd6, 0x73, 0x4d, 0xc6, 0xf6, 0xf1, 0x34, 0x36, 0x16, 0x44, 0xc6, 0x09, + 0xc7, 0x94, 0x46, 0x1c, 0x06, 0x94, 0x84, 0xa9, 0x4f, 0x41, 0x0b, 0x46, 0xa6, 0xb4, 0x48, 0x1a, 0x14, 0x45, + }; + + struct aws_array_list output_list; + ASSERT_SUCCESS(aws_pem_objects_init_from_file_path(&output_list, allocator, "testparse.crt")); + ASSERT_UINT_EQUALS(1, aws_array_list_length(&output_list)); + + struct aws_pem_object *pem_object = NULL; + aws_array_list_get_at_ptr(&output_list, (void **)&pem_object, 0); + ASSERT_BIN_ARRAYS_EQUALS(s_expected, sizeof(s_expected), pem_object->data.buffer, pem_object->data.len); + ASSERT_CURSOR_VALUE_CSTRING_EQUALS(aws_byte_cursor_from_string(pem_object->type_string), "CERTIFICATE"); + ASSERT_INT_EQUALS(AWS_PEM_TYPE_X509, pem_object->type); + + aws_pem_objects_clean_up(&output_list); + + return AWS_OP_SUCCESS; +} +AWS_TEST_CASE(test_pem_cert_parse_from_file, s_test_pem_cert_parse_from_file) + +static int s_test_pem_private_key_parse_from_file(struct aws_allocator *allocator, void *ctx) { + (void)ctx; + + static const uint8_t s_expected[] = { + 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 0xd7, 0x6a, 0x57, 0x48, 0xf8, 0x0e, + 0x44, 0x03, 0x25, 0x42, 0xd6, 0x11, 0x6f, 0x1b, 0xb3, 0xfc, 0xe7, 0x1a, 0xa2, 0xb6, 0xa7, 0xdc, 0x2d, 0x85, + 0x8f, 0x28, 0xe1, 0xbb, 0x4b, 0xee, 0x71, 0x21, 0x19, 0x4b, 0x0c, 0x43, 0x26, 0x9e, 0xf9, 0x4c, 0x14, 0x04, + 0x31, 0xa7, 0xd2, 0xa5, 0x21, 0x0a, 0x01, 0x02, 0xde, 0x0e, 0xde, 0xf1, 0xb8, 0x34, 0x43, 0x62, 0x7e, 0x76, + 0x57, 0x85, 0x04, 0xe9, 0xc1, 0x7e, 0xc5, 0x35, 0xa1, 0xb7, 0x3b, 0x1f, 0xee, 0x68, 0x4d, 0xfe, 0x51, 0xda, + 0x0c, 0xf7, 0x2f, 0x47, 0x60, 0x12, 0x3c, 0x01, 0x24, 0xce, 0x48, 0xa5, 0xf0, 0xa0, 0x8b, 0x63, 0x87, 0xba, + 0xb5, 0x3c, 0x52, 0xc1, 0x0f, 0x7b, 0xb2, 0x99, 0x4d, 0xb8, 0x46, 0x74, 0xf7, 0xd1, 0xe8, 0x25, 0x84, 0xd3, + 0x2c, 0x56, 0x91, 0x78, 0x87, 0xdd, 0xd4, 0x3d, 0xf3, 0x67, 0x51, 0x18, 0x71, 0x2c, 0x3c, 0xc3, 0xe1, 0x99, + 0xd9, 0x2c, 0x44, 0x51, 0xf6, 0x14, 0x48, 0xbd, 0x82, 0x16, 0x62, 0x18, 0x4a, 0x44, 0x23, 0x9e, 0x5b, 0x09, + 0x08, 0x8a, 0x42, 0xa0, 0x68, 0x03, 0x88, 0x10, 0x0f, 0x6c, 0x85, 0x09, 0x3b, 0x72, 0x96, 0x04, 0x35, 0xf4, + 0x26, 0x01, 0x83, 0x6f, 0x1d, 0xd6, 0x7f, 0x78, 0xd7, 0x1b, 0xf6, 0x3a, 0x4f, 0xad, 0xcb, 0x3e, 0xc3, 0xbe, + 0x01, 0x2d, 0xb4, 0x44, 0x2b, 0xdc, 0x10, 0x5d, 0x05, 0xfe, 0xb9, 0x43, 0x20, 0xdc, 0xc8, 0xe4, 0x40, 0x07, + 0x3b, 0x54, 0xce, 0x11, 0xdf, 0x5f, 0x28, 0xeb, 0xbe, 0x24, 0x02, 0xb4, 0xe8, 0xfc, 0x35, 0x9b, 0xbe, 0xc1, + 0x80, 0xea, 0xc4, 0xec, 0x5b, 0x6f, 0x20, 0x6e, 0xe4, 0x60, 0xd5, 0x6e, 0x38, 0x43, 0xde, 0x22, 0x73, 0x87, + 0x90, 0xeb, 0xaa, 0xaf, 0x20, 0xe2, 0xb0, 0x1d, 0x4f, 0xc2, 0x2c, 0x8f, 0x34, 0x86, 0xea, 0x75, 0x02, 0x03, + 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x00, 0x44, 0x90, 0xb8, 0x8f, 0xa5, 0x45, 0x05, 0x28, 0xeb, 0x27, 0x46, + 0xf3, 0xed, 0xa5, 0xa7, 0xb8, 0x8b, 0xe6, 0xd2, 0x7b, 0xc9, 0x1a, 0x2f, 0xf3, 0x1f, 0x0a, 0x28, 0x2f, 0x71, + 0x8f, 0xc7, 0xba, 0x7d, 0x4e, 0x81, 0xec, 0xad, 0xd2, 0x54, 0x0f, 0x7f, 0x1f, 0x86, 0x9e, 0xa0, 0x51, 0xa7, + 0x1e, 0x84, 0x0b, 0xe1, 0x9a, 0x62, 0x24, 0x16, 0x39, 0xac, 0x69, 0x21, 0x4f, 0x91, 0xb3, 0xe9, 0x48, 0x6e, + 0x2a, 0x67, 0xa3, 0x16, 0x82, 0x37, 0xf3, 0x85, 0xf2, 0xf5, 0x40, 0x49, 0xd5, 0x59, 0xe3, 0x23, 0xcd, 0x58, + 0x2a, 0xf5, 0xa6, 0x77, 0x8c, 0xa1, 0x5b, 0x10, 0x28, 0x49, 0xb5, 0xb8, 0x72, 0x19, 0x55, 0xc6, 0x11, 0x65, + 0x58, 0x3e, 0x14, 0xc5, 0xc4, 0x2d, 0xc8, 0xf5, 0x48, 0x7e, 0xd7, 0xd2, 0x5b, 0x54, 0xf5, 0x89, 0x00, 0x10, + 0x5e, 0xef, 0x3b, 0x78, 0xca, 0x1d, 0xe9, 0xe5, 0xbb, 0x55, 0x69, 0x72, 0x30, 0xa8, 0x9c, 0x62, 0x40, 0x46, + 0x07, 0x6a, 0x21, 0x23, 0x48, 0x56, 0xf1, 0xc8, 0x71, 0xdf, 0xad, 0x73, 0xf7, 0xa4, 0x1c, 0xa7, 0x18, 0x40, + 0xc8, 0x10, 0x1f, 0x9e, 0x1c, 0x6e, 0x4e, 0x02, 0x85, 0x61, 0x24, 0x55, 0x7f, 0x06, 0x12, 0x3a, 0x31, 0xd8, + 0x3c, 0xeb, 0xe8, 0xce, 0x65, 0x3b, 0x5a, 0x3d, 0x22, 0x51, 0x14, 0xfe, 0xd4, 0xc3, 0x38, 0x88, 0xef, 0x18, + 0x94, 0x10, 0xee, 0x64, 0x42, 0x40, 0xae, 0xcd, 0xd6, 0x01, 0xd2, 0x1e, 0xa6, 0x60, 0xaa, 0xea, 0xc9, 0xf3, + 0x38, 0x02, 0x7a, 0x63, 0xd8, 0x84, 0xd0, 0x41, 0xad, 0x8b, 0xd4, 0x06, 0x88, 0x0a, 0x3a, 0x9d, 0xaf, 0xe7, + 0x58, 0x07, 0xd5, 0x95, 0x14, 0x8c, 0xc9, 0x2f, 0xc2, 0xd4, 0x60, 0xb4, 0xa0, 0xcd, 0x0c, 0x9e, 0x94, 0x4a, + 0x48, 0xb5, 0xb4, 0xb6, 0xf2, 0xd5, 0xbe, 0xd2, 0x46, 0xf3, 0x51, 0x02, 0x81, 0x81, 0x00, 0xee, 0x5c, 0xc6, + 0xa5, 0xd9, 0x40, 0x2b, 0x05, 0x8d, 0x28, 0xf7, 0x36, 0x60, 0x86, 0xed, 0x50, 0xda, 0x26, 0x0f, 0xf7, 0x8e, + 0xaf, 0xb4, 0xf3, 0x61, 0xe7, 0x58, 0xc4, 0x9f, 0x3c, 0x48, 0x6e, 0x76, 0x4c, 0x78, 0xe0, 0x13, 0x73, 0xee, + 0xa6, 0x81, 0x77, 0xc1, 0x91, 0x63, 0x76, 0xd9, 0x70, 0xc7, 0x5b, 0xb8, 0x9e, 0xcc, 0x65, 0x55, 0xee, 0x74, + 0x14, 0x14, 0xc2, 0x37, 0x9b, 0x36, 0x15, 0x5e, 0x3f, 0xf1, 0x83, 0xfd, 0xf3, 0x4c, 0xe2, 0xb3, 0xe1, 0xed, + 0x50, 0x2e, 0x69, 0x58, 0x23, 0xb7, 0x3b, 0x2e, 0xbe, 0x0e, 0x34, 0xa3, 0x2b, 0xdb, 0x2d, 0xfa, 0x61, 0xb2, + 0xcd, 0x88, 0xe5, 0xde, 0x8a, 0x55, 0xa9, 0xc4, 0x19, 0x90, 0x78, 0xf5, 0x2c, 0xfa, 0x8d, 0xc4, 0x19, 0xaf, + 0x16, 0x90, 0xe0, 0x02, 0xd5, 0x59, 0x7d, 0xd2, 0x92, 0x77, 0x2b, 0xb3, 0x66, 0x98, 0xfc, 0xb3, 0x9b, 0x02, + 0x81, 0x81, 0x00, 0xe7, 0x5a, 0xe3, 0x10, 0x56, 0xbf, 0x8a, 0x32, 0x0b, 0xa7, 0x53, 0xf9, 0xbc, 0xa9, 0xfc, + 0x6f, 0x7a, 0x48, 0x7d, 0x01, 0x52, 0xb1, 0x4b, 0x17, 0xe4, 0xd5, 0xd3, 0xcb, 0x7d, 0x5f, 0xff, 0x65, 0x30, + 0x55, 0x5e, 0x3d, 0xd5, 0xd8, 0xcc, 0xc8, 0xdc, 0xa1, 0xb5, 0xa4, 0x5c, 0xad, 0x73, 0xfd, 0x09, 0x8a, 0x6a, + 0xdf, 0xca, 0x35, 0xc6, 0xf5, 0x1a, 0xc5, 0xed, 0xa1, 0x94, 0xd0, 0xff, 0x8e, 0x20, 0x63, 0x04, 0x77, 0xec, + 0x0b, 0x5d, 0xe8, 0x50, 0xe5, 0x73, 0xf1, 0x3a, 0xc0, 0xcf, 0x10, 0xca, 0x03, 0x36, 0xc6, 0x2d, 0xc3, 0x93, + 0xda, 0xda, 0xe0, 0xc4, 0xc1, 0x5b, 0x47, 0xc1, 0x33, 0xfa, 0x3b, 0xab, 0xd7, 0x24, 0x1b, 0x3e, 0x7a, 0x0a, + 0x66, 0xb0, 0x7b, 0x4a, 0x8a, 0x40, 0x91, 0xc5, 0x6a, 0x66, 0xfe, 0x24, 0xb3, 0x42, 0xcb, 0xbb, 0xe0, 0x4b, + 0x7c, 0x41, 0x57, 0x63, 0x2f, 0x02, 0x81, 0x81, 0x00, 0xa4, 0xdf, 0x31, 0x5c, 0x38, 0x28, 0x45, 0x59, 0xc2, + 0xa9, 0x0a, 0x4d, 0xe7, 0x78, 0x8c, 0x9f, 0xf7, 0x34, 0x8a, 0xa8, 0xce, 0x5e, 0x44, 0xc8, 0x6f, 0xf8, 0xc8, + 0x92, 0xc0, 0x1d, 0xbf, 0x70, 0x00, 0x8d, 0xa6, 0xb2, 0x3f, 0x62, 0x5a, 0x39, 0x7b, 0xa5, 0xed, 0x12, 0xf6, + 0x7c, 0x97, 0xac, 0x85, 0x88, 0xb0, 0xeb, 0xce, 0x2f, 0x6d, 0xbf, 0xd1, 0x34, 0xae, 0xa3, 0x24, 0x39, 0x4c, + 0xb0, 0x7d, 0x0f, 0xb7, 0xab, 0x77, 0xb5, 0x99, 0x81, 0xd9, 0xb0, 0xb5, 0x28, 0x57, 0xe1, 0xef, 0xe0, 0x4c, + 0x76, 0x38, 0x3f, 0xa7, 0xad, 0xcb, 0x0b, 0xa3, 0xc0, 0x6a, 0xc6, 0xb7, 0x19, 0xa9, 0xce, 0x6e, 0x1e, 0xbb, + 0x60, 0x00, 0xcf, 0x39, 0xfa, 0x20, 0x84, 0x2b, 0x0e, 0x72, 0x0c, 0xdd, 0xe9, 0xba, 0xed, 0xe7, 0xa7, 0xd1, + 0x0d, 0xd1, 0xe0, 0x13, 0x63, 0xfb, 0xe4, 0x44, 0x7f, 0xce, 0x6f, 0x02, 0x81, 0x81, 0x00, 0xac, 0x0c, 0x71, + 0xe9, 0xb7, 0xa9, 0x4f, 0x7b, 0x32, 0x21, 0x68, 0x98, 0xc3, 0x0d, 0xe2, 0xb5, 0x80, 0x49, 0xa1, 0xf4, 0xb6, + 0xeb, 0x33, 0xfd, 0xfb, 0xe6, 0x6c, 0x4f, 0xda, 0xd7, 0xe6, 0x14, 0xf9, 0x21, 0xb3, 0x28, 0xe6, 0xfc, 0x08, + 0x26, 0xa3, 0xb4, 0xfa, 0x60, 0xd5, 0xaf, 0x04, 0x1f, 0xbb, 0xd5, 0x9c, 0xee, 0xf9, 0xf0, 0x8e, 0x19, 0xbe, + 0xa4, 0x4c, 0xb8, 0xa9, 0xf3, 0xd6, 0xe8, 0x79, 0xfb, 0x48, 0xda, 0x69, 0xc6, 0x76, 0x3a, 0x8a, 0xd6, 0x68, + 0x27, 0x8f, 0xda, 0xcc, 0xe2, 0x1e, 0x68, 0xcf, 0x76, 0x07, 0x98, 0x77, 0x3e, 0xfd, 0x20, 0xc4, 0x11, 0x4a, + 0xf1, 0x8c, 0xa3, 0x3b, 0xc6, 0xde, 0x5e, 0xea, 0xf1, 0xfb, 0xbf, 0x44, 0x36, 0xe3, 0xad, 0x7c, 0x5c, 0x5d, + 0xf2, 0x49, 0xce, 0x7b, 0xf3, 0x29, 0x95, 0xc9, 0xe9, 0xba, 0xb8, 0xed, 0x49, 0xe5, 0x49, 0xb8, 0x6f, 0x02, + 0x81, 0x80, 0x71, 0x11, 0x8a, 0x2e, 0x38, 0xcf, 0x54, 0xb9, 0x99, 0x5b, 0x95, 0x74, 0x17, 0x7e, 0xe7, 0x53, + 0x59, 0x67, 0xfe, 0xc7, 0x90, 0x84, 0x5b, 0x1c, 0x89, 0x80, 0xa6, 0xa4, 0xb4, 0x71, 0x21, 0xde, 0x27, 0x9e, + 0xb3, 0x58, 0x01, 0xed, 0x93, 0xdb, 0x39, 0xec, 0x0b, 0x6b, 0xc0, 0x18, 0x56, 0x3a, 0x9b, 0x36, 0x04, 0xbf, + 0xaf, 0xf6, 0x94, 0x16, 0x3a, 0x41, 0x6c, 0x2a, 0x2f, 0xf0, 0x80, 0xb1, 0x73, 0x2f, 0x3a, 0x4a, 0xe1, 0x9d, + 0x6b, 0x5d, 0x0b, 0x0c, 0x55, 0xfc, 0xde, 0xc6, 0xf2, 0x32, 0x6f, 0x17, 0x86, 0x4b, 0x5f, 0xc8, 0x2d, 0xcb, + 0xe7, 0x88, 0xab, 0x55, 0x6e, 0x66, 0x35, 0x40, 0xdc, 0x03, 0xcb, 0x3d, 0xf8, 0x39, 0x68, 0x79, 0x39, 0x54, + 0x94, 0x92, 0x2b, 0xf0, 0x9f, 0xd1, 0x00, 0x30, 0xbd, 0xae, 0x9a, 0x87, 0x2d, 0xa6, 0x73, 0x71, 0xdb, 0xe9, + 0x20, 0xc8, 0x55, 0xb3, + }; + + struct aws_array_list output_list; + + ASSERT_SUCCESS(aws_pem_objects_init_from_file_path(&output_list, allocator, "unittests.key")); + ASSERT_UINT_EQUALS(1, aws_array_list_length(&output_list)); + + struct aws_pem_object *pem_object = NULL; + aws_array_list_get_at_ptr(&output_list, (void **)&pem_object, 0); + ASSERT_BIN_ARRAYS_EQUALS(s_expected, sizeof(s_expected), pem_object->data.buffer, pem_object->data.len); + ASSERT_CURSOR_VALUE_CSTRING_EQUALS(aws_byte_cursor_from_string(pem_object->type_string), "RSA PRIVATE KEY"); + ASSERT_INT_EQUALS(AWS_PEM_TYPE_PRIVATE_RSA_PKCS1, pem_object->type); + + aws_pem_objects_clean_up(&output_list); + + return AWS_OP_SUCCESS; +} +AWS_TEST_CASE(test_pem_private_key_parse_from_file, s_test_pem_private_key_parse_from_file) static int s_test_pem_single_cert_parse(struct aws_allocator *allocator, void *ctx) { (void)ctx; @@ -68,20 +374,19 @@ static int s_test_pem_single_cert_parse(struct aws_allocator *allocator, void *c struct aws_byte_cursor pem_data = aws_byte_cursor_from_c_str(s_rsa_1024_sha224_client_crt_pem); struct aws_array_list output_list; - ASSERT_SUCCESS(aws_array_list_init_dynamic(&output_list, allocator, 1, sizeof(struct aws_byte_buf))); - ASSERT_SUCCESS(aws_decode_pem_to_buffer_list(allocator, &pem_data, &output_list)); + ASSERT_SUCCESS(aws_pem_objects_init_from_file_contents(&output_list, allocator, pem_data)); ASSERT_UINT_EQUALS(1, aws_array_list_length(&output_list)); - struct aws_byte_buf *cert_data = NULL; - aws_array_list_get_at_ptr(&output_list, (void **)&cert_data, 0); - ASSERT_BIN_ARRAYS_EQUALS(s_expected, sizeof(s_expected), cert_data->buffer, cert_data->len); + struct aws_pem_object *pem_object = NULL; + aws_array_list_get_at_ptr(&output_list, (void **)&pem_object, 0); + ASSERT_BIN_ARRAYS_EQUALS(s_expected, sizeof(s_expected), pem_object->data.buffer, pem_object->data.len); + ASSERT_CURSOR_VALUE_CSTRING_EQUALS(aws_byte_cursor_from_string(pem_object->type_string), "CERTIFICATE"); + ASSERT_INT_EQUALS(AWS_PEM_TYPE_X509, pem_object->type); - aws_cert_chain_clean_up(&output_list); - aws_array_list_clean_up(&output_list); + aws_pem_objects_clean_up(&output_list); return AWS_OP_SUCCESS; } - AWS_TEST_CASE(test_pem_single_cert_parse, s_test_pem_single_cert_parse) static int s_test_pem_cert_chain_parse(struct aws_allocator *allocator, void *ctx) { @@ -281,26 +586,29 @@ static int s_test_pem_cert_chain_parse(struct aws_allocator *allocator, void *ct struct aws_byte_cursor pem_data = aws_byte_cursor_from_c_str(s_rsa_2048_pkcs1_crt_pem); struct aws_array_list output_list; - ASSERT_SUCCESS(aws_array_list_init_dynamic(&output_list, allocator, 1, sizeof(struct aws_byte_buf))); - ASSERT_SUCCESS(aws_decode_pem_to_buffer_list(allocator, &pem_data, &output_list)); + ASSERT_SUCCESS(aws_pem_objects_init_from_file_contents(&output_list, allocator, pem_data)); ASSERT_UINT_EQUALS(3, aws_array_list_length(&output_list)); - struct aws_byte_buf *cert_data = NULL; - aws_array_list_get_at_ptr(&output_list, (void **)&cert_data, 0); + struct aws_pem_object *pem_object = NULL; + aws_array_list_get_at_ptr(&output_list, (void **)&pem_object, 0); ASSERT_BIN_ARRAYS_EQUALS( - s_expected_intermediate_1, sizeof(s_expected_intermediate_1), cert_data->buffer, cert_data->len); - aws_array_list_get_at_ptr(&output_list, (void **)&cert_data, 1); + s_expected_intermediate_1, sizeof(s_expected_intermediate_1), pem_object->data.buffer, pem_object->data.len); + ASSERT_CURSOR_VALUE_CSTRING_EQUALS(aws_byte_cursor_from_string(pem_object->type_string), "CERTIFICATE"); + ASSERT_INT_EQUALS(AWS_PEM_TYPE_X509, pem_object->type); + aws_array_list_get_at_ptr(&output_list, (void **)&pem_object, 1); ASSERT_BIN_ARRAYS_EQUALS( - s_expected_intermediate_2, sizeof(s_expected_intermediate_2), cert_data->buffer, cert_data->len); - aws_array_list_get_at_ptr(&output_list, (void **)&cert_data, 2); - ASSERT_BIN_ARRAYS_EQUALS(s_expected_leaf, sizeof(s_expected_leaf), cert_data->buffer, cert_data->len); + s_expected_intermediate_2, sizeof(s_expected_intermediate_2), pem_object->data.buffer, pem_object->data.len); + ASSERT_CURSOR_VALUE_CSTRING_EQUALS(aws_byte_cursor_from_string(pem_object->type_string), "CERTIFICATE"); + ASSERT_INT_EQUALS(AWS_PEM_TYPE_X509, pem_object->type); + aws_array_list_get_at_ptr(&output_list, (void **)&pem_object, 2); + ASSERT_BIN_ARRAYS_EQUALS(s_expected_leaf, sizeof(s_expected_leaf), pem_object->data.buffer, pem_object->data.len); + ASSERT_CURSOR_VALUE_CSTRING_EQUALS(aws_byte_cursor_from_string(pem_object->type_string), "CERTIFICATE"); + ASSERT_INT_EQUALS(AWS_PEM_TYPE_X509, pem_object->type); - aws_cert_chain_clean_up(&output_list); - aws_array_list_clean_up(&output_list); + aws_pem_objects_clean_up(&output_list); return AWS_OP_SUCCESS; } - AWS_TEST_CASE(test_pem_cert_chain_parse, s_test_pem_cert_chain_parse) static int s_test_pem_private_key_parse(struct aws_allocator *allocator, void *ctx) { @@ -406,193 +714,21 @@ static int s_test_pem_private_key_parse(struct aws_allocator *allocator, void *c struct aws_byte_cursor pem_data = aws_byte_cursor_from_c_str(s_private_key_pem); struct aws_array_list output_list; - ASSERT_SUCCESS(aws_array_list_init_dynamic(&output_list, allocator, 1, sizeof(struct aws_byte_buf))); - ASSERT_SUCCESS(aws_decode_pem_to_buffer_list(allocator, &pem_data, &output_list)); + ASSERT_SUCCESS(aws_pem_objects_init_from_file_contents(&output_list, allocator, pem_data)); ASSERT_UINT_EQUALS(1, aws_array_list_length(&output_list)); - struct aws_byte_buf *cert_data = NULL; - aws_array_list_get_at_ptr(&output_list, (void **)&cert_data, 0); - ASSERT_BIN_ARRAYS_EQUALS(s_expected, sizeof(s_expected), cert_data->buffer, cert_data->len); + struct aws_pem_object *pem_object = NULL; + aws_array_list_get_at_ptr(&output_list, (void **)&pem_object, 0); + ASSERT_BIN_ARRAYS_EQUALS(s_expected, sizeof(s_expected), pem_object->data.buffer, pem_object->data.len); + ASSERT_CURSOR_VALUE_CSTRING_EQUALS(aws_byte_cursor_from_string(pem_object->type_string), "RSA PRIVATE KEY"); + ASSERT_INT_EQUALS(AWS_PEM_TYPE_PRIVATE_RSA_PKCS1, pem_object->type); - aws_cert_chain_clean_up(&output_list); - aws_array_list_clean_up(&output_list); + aws_pem_objects_clean_up(&output_list); return AWS_OP_SUCCESS; } - AWS_TEST_CASE(test_pem_private_key_parse, s_test_pem_private_key_parse) -static int s_test_pem_cert_parse_from_file(struct aws_allocator *allocator, void *ctx) { - (void)ctx; - - static const uint8_t s_expected[] = { - 0x30, 0x82, 0x03, 0xec, 0x30, 0x82, 0x02, 0xd4, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x84, 0x7d, - 0x2e, 0xed, 0x4d, 0xfc, 0x26, 0x87, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x0b, 0x05, 0x00, 0x30, 0x81, 0x9a, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, - 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, - 0x74, 0x74, 0x6c, 0x65, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x06, 0x41, 0x6d, 0x61, - 0x7a, 0x6f, 0x6e, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x04, 0x53, 0x44, 0x4b, 0x73, - 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, - 0x73, 0x74, 0x31, 0x30, 0x30, 0x2e, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, - 0x21, 0x61, 0x77, 0x73, 0x2d, 0x73, 0x64, 0x6b, 0x2d, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2d, 0x72, 0x75, - 0x6e, 0x74, 0x69, 0x6d, 0x65, 0x40, 0x61, 0x6d, 0x61, 0x7a, 0x6f, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, - 0x17, 0x0d, 0x32, 0x31, 0x30, 0x36, 0x31, 0x36, 0x30, 0x36, 0x31, 0x37, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, - 0x33, 0x30, 0x39, 0x31, 0x38, 0x30, 0x36, 0x31, 0x37, 0x30, 0x30, 0x5a, 0x30, 0x81, 0x9a, 0x31, 0x0b, 0x30, - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, - 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, - 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x0f, 0x30, 0x0d, 0x06, - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x06, 0x41, 0x6d, 0x61, 0x7a, 0x6f, 0x6e, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, - 0x55, 0x04, 0x0b, 0x0c, 0x04, 0x53, 0x44, 0x4b, 0x73, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x0c, 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x31, 0x30, 0x30, 0x2e, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x21, 0x61, 0x77, 0x73, 0x2d, 0x73, 0x64, 0x6b, 0x2d, - 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2d, 0x72, 0x75, 0x6e, 0x74, 0x69, 0x6d, 0x65, 0x40, 0x61, 0x6d, 0x61, - 0x7a, 0x6f, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, - 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, - 0x82, 0x01, 0x01, 0x00, 0xd7, 0x6a, 0x57, 0x48, 0xf8, 0x0e, 0x44, 0x03, 0x25, 0x42, 0xd6, 0x11, 0x6f, 0x1b, - 0xb3, 0xfc, 0xe7, 0x1a, 0xa2, 0xb6, 0xa7, 0xdc, 0x2d, 0x85, 0x8f, 0x28, 0xe1, 0xbb, 0x4b, 0xee, 0x71, 0x21, - 0x19, 0x4b, 0x0c, 0x43, 0x26, 0x9e, 0xf9, 0x4c, 0x14, 0x04, 0x31, 0xa7, 0xd2, 0xa5, 0x21, 0x0a, 0x01, 0x02, - 0xde, 0x0e, 0xde, 0xf1, 0xb8, 0x34, 0x43, 0x62, 0x7e, 0x76, 0x57, 0x85, 0x04, 0xe9, 0xc1, 0x7e, 0xc5, 0x35, - 0xa1, 0xb7, 0x3b, 0x1f, 0xee, 0x68, 0x4d, 0xfe, 0x51, 0xda, 0x0c, 0xf7, 0x2f, 0x47, 0x60, 0x12, 0x3c, 0x01, - 0x24, 0xce, 0x48, 0xa5, 0xf0, 0xa0, 0x8b, 0x63, 0x87, 0xba, 0xb5, 0x3c, 0x52, 0xc1, 0x0f, 0x7b, 0xb2, 0x99, - 0x4d, 0xb8, 0x46, 0x74, 0xf7, 0xd1, 0xe8, 0x25, 0x84, 0xd3, 0x2c, 0x56, 0x91, 0x78, 0x87, 0xdd, 0xd4, 0x3d, - 0xf3, 0x67, 0x51, 0x18, 0x71, 0x2c, 0x3c, 0xc3, 0xe1, 0x99, 0xd9, 0x2c, 0x44, 0x51, 0xf6, 0x14, 0x48, 0xbd, - 0x82, 0x16, 0x62, 0x18, 0x4a, 0x44, 0x23, 0x9e, 0x5b, 0x09, 0x08, 0x8a, 0x42, 0xa0, 0x68, 0x03, 0x88, 0x10, - 0x0f, 0x6c, 0x85, 0x09, 0x3b, 0x72, 0x96, 0x04, 0x35, 0xf4, 0x26, 0x01, 0x83, 0x6f, 0x1d, 0xd6, 0x7f, 0x78, - 0xd7, 0x1b, 0xf6, 0x3a, 0x4f, 0xad, 0xcb, 0x3e, 0xc3, 0xbe, 0x01, 0x2d, 0xb4, 0x44, 0x2b, 0xdc, 0x10, 0x5d, - 0x05, 0xfe, 0xb9, 0x43, 0x20, 0xdc, 0xc8, 0xe4, 0x40, 0x07, 0x3b, 0x54, 0xce, 0x11, 0xdf, 0x5f, 0x28, 0xeb, - 0xbe, 0x24, 0x02, 0xb4, 0xe8, 0xfc, 0x35, 0x9b, 0xbe, 0xc1, 0x80, 0xea, 0xc4, 0xec, 0x5b, 0x6f, 0x20, 0x6e, - 0xe4, 0x60, 0xd5, 0x6e, 0x38, 0x43, 0xde, 0x22, 0x73, 0x87, 0x90, 0xeb, 0xaa, 0xaf, 0x20, 0xe2, 0xb0, 0x1d, - 0x4f, 0xc2, 0x2c, 0x8f, 0x34, 0x86, 0xea, 0x75, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x33, 0x30, 0x31, 0x30, - 0x13, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x0c, 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x03, 0x01, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x13, 0x30, 0x11, 0x82, 0x09, 0x6c, 0x6f, 0x63, - 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x07, 0xb4, 0x9a, 0x48, - 0x4e, 0x6d, 0x71, 0x32, 0xf4, 0x35, 0x89, 0xf5, 0xe1, 0xe8, 0x27, 0x5e, 0xe3, 0x51, 0x0d, 0x54, 0xf2, 0xde, - 0x1e, 0x2f, 0x9a, 0x0d, 0xdd, 0x02, 0xd4, 0xce, 0x15, 0x93, 0x8b, 0xe6, 0x75, 0x77, 0xc2, 0x41, 0xf6, 0xbf, - 0xfc, 0xac, 0x25, 0x96, 0xea, 0x80, 0x38, 0x68, 0xe2, 0xa5, 0x72, 0x9a, 0x31, 0xa2, 0x95, 0x43, 0xa9, 0x90, - 0x39, 0x64, 0xe3, 0x6c, 0x29, 0x37, 0x0c, 0x7a, 0xb7, 0x18, 0x97, 0x47, 0x0e, 0x16, 0x79, 0x2f, 0x9a, 0x92, - 0x7b, 0x51, 0xac, 0xe4, 0x4c, 0x70, 0xc2, 0xe4, 0xf3, 0x7f, 0x2b, 0x63, 0x53, 0x2c, 0x3b, 0xdb, 0xf1, 0xef, - 0x84, 0xda, 0xf3, 0x71, 0x6c, 0x6e, 0xb8, 0x41, 0x48, 0xae, 0xb5, 0x12, 0x1b, 0x20, 0xec, 0xdf, 0xff, 0x9f, - 0x2b, 0x2d, 0x66, 0x52, 0x0a, 0x72, 0x17, 0x99, 0xa5, 0x4d, 0x28, 0x29, 0x8a, 0x9c, 0xc8, 0x51, 0xd0, 0xe8, - 0x5c, 0x42, 0x66, 0x3e, 0xef, 0x06, 0xda, 0x72, 0xea, 0xa8, 0x5a, 0x5a, 0x02, 0x0f, 0xa2, 0x68, 0x80, 0xa9, - 0x9a, 0xa4, 0x30, 0x8c, 0x9e, 0x69, 0x75, 0xa5, 0x5c, 0x34, 0x8b, 0x71, 0x49, 0xe5, 0x3a, 0x1a, 0x74, 0xa9, - 0x51, 0x86, 0xee, 0x06, 0xf9, 0x54, 0x37, 0x0c, 0xf6, 0x17, 0x8a, 0x1e, 0xc3, 0x54, 0x6d, 0xa9, 0x52, 0x4a, - 0x2f, 0xf8, 0xd0, 0xe3, 0x56, 0xc2, 0x61, 0x14, 0xfd, 0x7c, 0x77, 0x2b, 0x5b, 0x8b, 0x93, 0x2c, 0x6e, 0x76, - 0x46, 0xa9, 0x00, 0x34, 0x8d, 0x55, 0x42, 0x6a, 0xe2, 0x6b, 0xa3, 0xd8, 0xe6, 0x5a, 0x5b, 0x65, 0x98, 0xa8, - 0xb1, 0x85, 0x01, 0x92, 0x42, 0xf4, 0xd6, 0x73, 0x4d, 0xc6, 0xf6, 0xf1, 0x34, 0x36, 0x16, 0x44, 0xc6, 0x09, - 0xc7, 0x94, 0x46, 0x1c, 0x06, 0x94, 0x84, 0xa9, 0x4f, 0x41, 0x0b, 0x46, 0xa6, 0xb4, 0x48, 0x1a, 0x14, 0x45, - }; - - struct aws_array_list output_list; - - ASSERT_SUCCESS(aws_array_list_init_dynamic(&output_list, allocator, 1, sizeof(struct aws_byte_buf))); - ASSERT_SUCCESS(aws_read_and_decode_pem_file_to_buffer_list(allocator, "testparse.crt", &output_list)); - ASSERT_UINT_EQUALS(1, aws_array_list_length(&output_list)); - - struct aws_byte_buf *cert_data = NULL; - aws_array_list_get_at_ptr(&output_list, (void **)&cert_data, 0); - ASSERT_BIN_ARRAYS_EQUALS(s_expected, sizeof(s_expected), cert_data->buffer, cert_data->len); - - aws_cert_chain_clean_up(&output_list); - aws_array_list_clean_up(&output_list); - - return AWS_OP_SUCCESS; -} - -AWS_TEST_CASE(test_pem_cert_parse_from_file, s_test_pem_cert_parse_from_file) - -static int s_test_pem_private_key_parse_from_file(struct aws_allocator *allocator, void *ctx) { - (void)ctx; - - static const uint8_t s_expected[] = { - 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 0xd7, 0x6a, 0x57, 0x48, 0xf8, 0x0e, - 0x44, 0x03, 0x25, 0x42, 0xd6, 0x11, 0x6f, 0x1b, 0xb3, 0xfc, 0xe7, 0x1a, 0xa2, 0xb6, 0xa7, 0xdc, 0x2d, 0x85, - 0x8f, 0x28, 0xe1, 0xbb, 0x4b, 0xee, 0x71, 0x21, 0x19, 0x4b, 0x0c, 0x43, 0x26, 0x9e, 0xf9, 0x4c, 0x14, 0x04, - 0x31, 0xa7, 0xd2, 0xa5, 0x21, 0x0a, 0x01, 0x02, 0xde, 0x0e, 0xde, 0xf1, 0xb8, 0x34, 0x43, 0x62, 0x7e, 0x76, - 0x57, 0x85, 0x04, 0xe9, 0xc1, 0x7e, 0xc5, 0x35, 0xa1, 0xb7, 0x3b, 0x1f, 0xee, 0x68, 0x4d, 0xfe, 0x51, 0xda, - 0x0c, 0xf7, 0x2f, 0x47, 0x60, 0x12, 0x3c, 0x01, 0x24, 0xce, 0x48, 0xa5, 0xf0, 0xa0, 0x8b, 0x63, 0x87, 0xba, - 0xb5, 0x3c, 0x52, 0xc1, 0x0f, 0x7b, 0xb2, 0x99, 0x4d, 0xb8, 0x46, 0x74, 0xf7, 0xd1, 0xe8, 0x25, 0x84, 0xd3, - 0x2c, 0x56, 0x91, 0x78, 0x87, 0xdd, 0xd4, 0x3d, 0xf3, 0x67, 0x51, 0x18, 0x71, 0x2c, 0x3c, 0xc3, 0xe1, 0x99, - 0xd9, 0x2c, 0x44, 0x51, 0xf6, 0x14, 0x48, 0xbd, 0x82, 0x16, 0x62, 0x18, 0x4a, 0x44, 0x23, 0x9e, 0x5b, 0x09, - 0x08, 0x8a, 0x42, 0xa0, 0x68, 0x03, 0x88, 0x10, 0x0f, 0x6c, 0x85, 0x09, 0x3b, 0x72, 0x96, 0x04, 0x35, 0xf4, - 0x26, 0x01, 0x83, 0x6f, 0x1d, 0xd6, 0x7f, 0x78, 0xd7, 0x1b, 0xf6, 0x3a, 0x4f, 0xad, 0xcb, 0x3e, 0xc3, 0xbe, - 0x01, 0x2d, 0xb4, 0x44, 0x2b, 0xdc, 0x10, 0x5d, 0x05, 0xfe, 0xb9, 0x43, 0x20, 0xdc, 0xc8, 0xe4, 0x40, 0x07, - 0x3b, 0x54, 0xce, 0x11, 0xdf, 0x5f, 0x28, 0xeb, 0xbe, 0x24, 0x02, 0xb4, 0xe8, 0xfc, 0x35, 0x9b, 0xbe, 0xc1, - 0x80, 0xea, 0xc4, 0xec, 0x5b, 0x6f, 0x20, 0x6e, 0xe4, 0x60, 0xd5, 0x6e, 0x38, 0x43, 0xde, 0x22, 0x73, 0x87, - 0x90, 0xeb, 0xaa, 0xaf, 0x20, 0xe2, 0xb0, 0x1d, 0x4f, 0xc2, 0x2c, 0x8f, 0x34, 0x86, 0xea, 0x75, 0x02, 0x03, - 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x00, 0x44, 0x90, 0xb8, 0x8f, 0xa5, 0x45, 0x05, 0x28, 0xeb, 0x27, 0x46, - 0xf3, 0xed, 0xa5, 0xa7, 0xb8, 0x8b, 0xe6, 0xd2, 0x7b, 0xc9, 0x1a, 0x2f, 0xf3, 0x1f, 0x0a, 0x28, 0x2f, 0x71, - 0x8f, 0xc7, 0xba, 0x7d, 0x4e, 0x81, 0xec, 0xad, 0xd2, 0x54, 0x0f, 0x7f, 0x1f, 0x86, 0x9e, 0xa0, 0x51, 0xa7, - 0x1e, 0x84, 0x0b, 0xe1, 0x9a, 0x62, 0x24, 0x16, 0x39, 0xac, 0x69, 0x21, 0x4f, 0x91, 0xb3, 0xe9, 0x48, 0x6e, - 0x2a, 0x67, 0xa3, 0x16, 0x82, 0x37, 0xf3, 0x85, 0xf2, 0xf5, 0x40, 0x49, 0xd5, 0x59, 0xe3, 0x23, 0xcd, 0x58, - 0x2a, 0xf5, 0xa6, 0x77, 0x8c, 0xa1, 0x5b, 0x10, 0x28, 0x49, 0xb5, 0xb8, 0x72, 0x19, 0x55, 0xc6, 0x11, 0x65, - 0x58, 0x3e, 0x14, 0xc5, 0xc4, 0x2d, 0xc8, 0xf5, 0x48, 0x7e, 0xd7, 0xd2, 0x5b, 0x54, 0xf5, 0x89, 0x00, 0x10, - 0x5e, 0xef, 0x3b, 0x78, 0xca, 0x1d, 0xe9, 0xe5, 0xbb, 0x55, 0x69, 0x72, 0x30, 0xa8, 0x9c, 0x62, 0x40, 0x46, - 0x07, 0x6a, 0x21, 0x23, 0x48, 0x56, 0xf1, 0xc8, 0x71, 0xdf, 0xad, 0x73, 0xf7, 0xa4, 0x1c, 0xa7, 0x18, 0x40, - 0xc8, 0x10, 0x1f, 0x9e, 0x1c, 0x6e, 0x4e, 0x02, 0x85, 0x61, 0x24, 0x55, 0x7f, 0x06, 0x12, 0x3a, 0x31, 0xd8, - 0x3c, 0xeb, 0xe8, 0xce, 0x65, 0x3b, 0x5a, 0x3d, 0x22, 0x51, 0x14, 0xfe, 0xd4, 0xc3, 0x38, 0x88, 0xef, 0x18, - 0x94, 0x10, 0xee, 0x64, 0x42, 0x40, 0xae, 0xcd, 0xd6, 0x01, 0xd2, 0x1e, 0xa6, 0x60, 0xaa, 0xea, 0xc9, 0xf3, - 0x38, 0x02, 0x7a, 0x63, 0xd8, 0x84, 0xd0, 0x41, 0xad, 0x8b, 0xd4, 0x06, 0x88, 0x0a, 0x3a, 0x9d, 0xaf, 0xe7, - 0x58, 0x07, 0xd5, 0x95, 0x14, 0x8c, 0xc9, 0x2f, 0xc2, 0xd4, 0x60, 0xb4, 0xa0, 0xcd, 0x0c, 0x9e, 0x94, 0x4a, - 0x48, 0xb5, 0xb4, 0xb6, 0xf2, 0xd5, 0xbe, 0xd2, 0x46, 0xf3, 0x51, 0x02, 0x81, 0x81, 0x00, 0xee, 0x5c, 0xc6, - 0xa5, 0xd9, 0x40, 0x2b, 0x05, 0x8d, 0x28, 0xf7, 0x36, 0x60, 0x86, 0xed, 0x50, 0xda, 0x26, 0x0f, 0xf7, 0x8e, - 0xaf, 0xb4, 0xf3, 0x61, 0xe7, 0x58, 0xc4, 0x9f, 0x3c, 0x48, 0x6e, 0x76, 0x4c, 0x78, 0xe0, 0x13, 0x73, 0xee, - 0xa6, 0x81, 0x77, 0xc1, 0x91, 0x63, 0x76, 0xd9, 0x70, 0xc7, 0x5b, 0xb8, 0x9e, 0xcc, 0x65, 0x55, 0xee, 0x74, - 0x14, 0x14, 0xc2, 0x37, 0x9b, 0x36, 0x15, 0x5e, 0x3f, 0xf1, 0x83, 0xfd, 0xf3, 0x4c, 0xe2, 0xb3, 0xe1, 0xed, - 0x50, 0x2e, 0x69, 0x58, 0x23, 0xb7, 0x3b, 0x2e, 0xbe, 0x0e, 0x34, 0xa3, 0x2b, 0xdb, 0x2d, 0xfa, 0x61, 0xb2, - 0xcd, 0x88, 0xe5, 0xde, 0x8a, 0x55, 0xa9, 0xc4, 0x19, 0x90, 0x78, 0xf5, 0x2c, 0xfa, 0x8d, 0xc4, 0x19, 0xaf, - 0x16, 0x90, 0xe0, 0x02, 0xd5, 0x59, 0x7d, 0xd2, 0x92, 0x77, 0x2b, 0xb3, 0x66, 0x98, 0xfc, 0xb3, 0x9b, 0x02, - 0x81, 0x81, 0x00, 0xe7, 0x5a, 0xe3, 0x10, 0x56, 0xbf, 0x8a, 0x32, 0x0b, 0xa7, 0x53, 0xf9, 0xbc, 0xa9, 0xfc, - 0x6f, 0x7a, 0x48, 0x7d, 0x01, 0x52, 0xb1, 0x4b, 0x17, 0xe4, 0xd5, 0xd3, 0xcb, 0x7d, 0x5f, 0xff, 0x65, 0x30, - 0x55, 0x5e, 0x3d, 0xd5, 0xd8, 0xcc, 0xc8, 0xdc, 0xa1, 0xb5, 0xa4, 0x5c, 0xad, 0x73, 0xfd, 0x09, 0x8a, 0x6a, - 0xdf, 0xca, 0x35, 0xc6, 0xf5, 0x1a, 0xc5, 0xed, 0xa1, 0x94, 0xd0, 0xff, 0x8e, 0x20, 0x63, 0x04, 0x77, 0xec, - 0x0b, 0x5d, 0xe8, 0x50, 0xe5, 0x73, 0xf1, 0x3a, 0xc0, 0xcf, 0x10, 0xca, 0x03, 0x36, 0xc6, 0x2d, 0xc3, 0x93, - 0xda, 0xda, 0xe0, 0xc4, 0xc1, 0x5b, 0x47, 0xc1, 0x33, 0xfa, 0x3b, 0xab, 0xd7, 0x24, 0x1b, 0x3e, 0x7a, 0x0a, - 0x66, 0xb0, 0x7b, 0x4a, 0x8a, 0x40, 0x91, 0xc5, 0x6a, 0x66, 0xfe, 0x24, 0xb3, 0x42, 0xcb, 0xbb, 0xe0, 0x4b, - 0x7c, 0x41, 0x57, 0x63, 0x2f, 0x02, 0x81, 0x81, 0x00, 0xa4, 0xdf, 0x31, 0x5c, 0x38, 0x28, 0x45, 0x59, 0xc2, - 0xa9, 0x0a, 0x4d, 0xe7, 0x78, 0x8c, 0x9f, 0xf7, 0x34, 0x8a, 0xa8, 0xce, 0x5e, 0x44, 0xc8, 0x6f, 0xf8, 0xc8, - 0x92, 0xc0, 0x1d, 0xbf, 0x70, 0x00, 0x8d, 0xa6, 0xb2, 0x3f, 0x62, 0x5a, 0x39, 0x7b, 0xa5, 0xed, 0x12, 0xf6, - 0x7c, 0x97, 0xac, 0x85, 0x88, 0xb0, 0xeb, 0xce, 0x2f, 0x6d, 0xbf, 0xd1, 0x34, 0xae, 0xa3, 0x24, 0x39, 0x4c, - 0xb0, 0x7d, 0x0f, 0xb7, 0xab, 0x77, 0xb5, 0x99, 0x81, 0xd9, 0xb0, 0xb5, 0x28, 0x57, 0xe1, 0xef, 0xe0, 0x4c, - 0x76, 0x38, 0x3f, 0xa7, 0xad, 0xcb, 0x0b, 0xa3, 0xc0, 0x6a, 0xc6, 0xb7, 0x19, 0xa9, 0xce, 0x6e, 0x1e, 0xbb, - 0x60, 0x00, 0xcf, 0x39, 0xfa, 0x20, 0x84, 0x2b, 0x0e, 0x72, 0x0c, 0xdd, 0xe9, 0xba, 0xed, 0xe7, 0xa7, 0xd1, - 0x0d, 0xd1, 0xe0, 0x13, 0x63, 0xfb, 0xe4, 0x44, 0x7f, 0xce, 0x6f, 0x02, 0x81, 0x81, 0x00, 0xac, 0x0c, 0x71, - 0xe9, 0xb7, 0xa9, 0x4f, 0x7b, 0x32, 0x21, 0x68, 0x98, 0xc3, 0x0d, 0xe2, 0xb5, 0x80, 0x49, 0xa1, 0xf4, 0xb6, - 0xeb, 0x33, 0xfd, 0xfb, 0xe6, 0x6c, 0x4f, 0xda, 0xd7, 0xe6, 0x14, 0xf9, 0x21, 0xb3, 0x28, 0xe6, 0xfc, 0x08, - 0x26, 0xa3, 0xb4, 0xfa, 0x60, 0xd5, 0xaf, 0x04, 0x1f, 0xbb, 0xd5, 0x9c, 0xee, 0xf9, 0xf0, 0x8e, 0x19, 0xbe, - 0xa4, 0x4c, 0xb8, 0xa9, 0xf3, 0xd6, 0xe8, 0x79, 0xfb, 0x48, 0xda, 0x69, 0xc6, 0x76, 0x3a, 0x8a, 0xd6, 0x68, - 0x27, 0x8f, 0xda, 0xcc, 0xe2, 0x1e, 0x68, 0xcf, 0x76, 0x07, 0x98, 0x77, 0x3e, 0xfd, 0x20, 0xc4, 0x11, 0x4a, - 0xf1, 0x8c, 0xa3, 0x3b, 0xc6, 0xde, 0x5e, 0xea, 0xf1, 0xfb, 0xbf, 0x44, 0x36, 0xe3, 0xad, 0x7c, 0x5c, 0x5d, - 0xf2, 0x49, 0xce, 0x7b, 0xf3, 0x29, 0x95, 0xc9, 0xe9, 0xba, 0xb8, 0xed, 0x49, 0xe5, 0x49, 0xb8, 0x6f, 0x02, - 0x81, 0x80, 0x71, 0x11, 0x8a, 0x2e, 0x38, 0xcf, 0x54, 0xb9, 0x99, 0x5b, 0x95, 0x74, 0x17, 0x7e, 0xe7, 0x53, - 0x59, 0x67, 0xfe, 0xc7, 0x90, 0x84, 0x5b, 0x1c, 0x89, 0x80, 0xa6, 0xa4, 0xb4, 0x71, 0x21, 0xde, 0x27, 0x9e, - 0xb3, 0x58, 0x01, 0xed, 0x93, 0xdb, 0x39, 0xec, 0x0b, 0x6b, 0xc0, 0x18, 0x56, 0x3a, 0x9b, 0x36, 0x04, 0xbf, - 0xaf, 0xf6, 0x94, 0x16, 0x3a, 0x41, 0x6c, 0x2a, 0x2f, 0xf0, 0x80, 0xb1, 0x73, 0x2f, 0x3a, 0x4a, 0xe1, 0x9d, - 0x6b, 0x5d, 0x0b, 0x0c, 0x55, 0xfc, 0xde, 0xc6, 0xf2, 0x32, 0x6f, 0x17, 0x86, 0x4b, 0x5f, 0xc8, 0x2d, 0xcb, - 0xe7, 0x88, 0xab, 0x55, 0x6e, 0x66, 0x35, 0x40, 0xdc, 0x03, 0xcb, 0x3d, 0xf8, 0x39, 0x68, 0x79, 0x39, 0x54, - 0x94, 0x92, 0x2b, 0xf0, 0x9f, 0xd1, 0x00, 0x30, 0xbd, 0xae, 0x9a, 0x87, 0x2d, 0xa6, 0x73, 0x71, 0xdb, 0xe9, - 0x20, 0xc8, 0x55, 0xb3, - }; - - struct aws_array_list output_list; - - ASSERT_SUCCESS(aws_array_list_init_dynamic(&output_list, allocator, 1, sizeof(struct aws_byte_buf))); - ASSERT_SUCCESS(aws_read_and_decode_pem_file_to_buffer_list(allocator, "unittests.key", &output_list)); - ASSERT_UINT_EQUALS(1, aws_array_list_length(&output_list)); - - struct aws_byte_buf *cert_data = NULL; - aws_array_list_get_at_ptr(&output_list, (void **)&cert_data, 0); - ASSERT_BIN_ARRAYS_EQUALS(s_expected, sizeof(s_expected), cert_data->buffer, cert_data->len); - - aws_cert_chain_clean_up(&output_list); - aws_array_list_clean_up(&output_list); - - return AWS_OP_SUCCESS; -} - -AWS_TEST_CASE(test_pem_private_key_parse_from_file, s_test_pem_private_key_parse_from_file) - static int s_test_pem_cert_chain_comments_and_whitespace(struct aws_allocator *allocator, void *ctx) { (void)ctx; @@ -806,26 +942,29 @@ static int s_test_pem_cert_chain_comments_and_whitespace(struct aws_allocator *a struct aws_byte_cursor pem_data = aws_byte_cursor_from_c_str(s_pem_data_str); struct aws_array_list output_list; - ASSERT_SUCCESS(aws_array_list_init_dynamic(&output_list, allocator, 1, sizeof(struct aws_byte_buf))); - ASSERT_SUCCESS(aws_decode_pem_to_buffer_list(allocator, &pem_data, &output_list)); + ASSERT_SUCCESS(aws_pem_objects_init_from_file_contents(&output_list, allocator, pem_data)); ASSERT_UINT_EQUALS(3, aws_array_list_length(&output_list)); - struct aws_byte_buf *cert_data = NULL; - aws_array_list_get_at_ptr(&output_list, (void **)&cert_data, 0); + struct aws_pem_object *pem_object = NULL; + aws_array_list_get_at_ptr(&output_list, (void **)&pem_object, 0); ASSERT_BIN_ARRAYS_EQUALS( - s_expected_intermediate_1, sizeof(s_expected_intermediate_1), cert_data->buffer, cert_data->len); - aws_array_list_get_at_ptr(&output_list, (void **)&cert_data, 1); + s_expected_intermediate_1, sizeof(s_expected_intermediate_1), pem_object->data.buffer, pem_object->data.len); + ASSERT_CURSOR_VALUE_CSTRING_EQUALS(aws_byte_cursor_from_string(pem_object->type_string), "CERTIFICATE"); + ASSERT_INT_EQUALS(AWS_PEM_TYPE_X509, pem_object->type); + aws_array_list_get_at_ptr(&output_list, (void **)&pem_object, 1); ASSERT_BIN_ARRAYS_EQUALS( - s_expected_intermediate_2, sizeof(s_expected_intermediate_2), cert_data->buffer, cert_data->len); - aws_array_list_get_at_ptr(&output_list, (void **)&cert_data, 2); - ASSERT_BIN_ARRAYS_EQUALS(s_expected_leaf, sizeof(s_expected_leaf), cert_data->buffer, cert_data->len); + s_expected_intermediate_2, sizeof(s_expected_intermediate_2), pem_object->data.buffer, pem_object->data.len); + ASSERT_CURSOR_VALUE_CSTRING_EQUALS(aws_byte_cursor_from_string(pem_object->type_string), "CERTIFICATE"); + ASSERT_INT_EQUALS(AWS_PEM_TYPE_X509, pem_object->type); + aws_array_list_get_at_ptr(&output_list, (void **)&pem_object, 2); + ASSERT_BIN_ARRAYS_EQUALS(s_expected_leaf, sizeof(s_expected_leaf), pem_object->data.buffer, pem_object->data.len); + ASSERT_CURSOR_VALUE_CSTRING_EQUALS(aws_byte_cursor_from_string(pem_object->type_string), "CERTIFICATE"); + ASSERT_INT_EQUALS(AWS_PEM_TYPE_X509, pem_object->type); - aws_cert_chain_clean_up(&output_list); - aws_array_list_clean_up(&output_list); + aws_pem_objects_clean_up(&output_list); return AWS_OP_SUCCESS; } - AWS_TEST_CASE(test_pem_cert_chain_comments_and_whitespace, s_test_pem_cert_chain_comments_and_whitespace) static int s_test_pem_invalid_parse(struct aws_allocator *allocator, void *ctx) { @@ -851,15 +990,13 @@ static int s_test_pem_invalid_parse(struct aws_allocator *allocator, void *ctx) struct aws_byte_cursor pem_data = aws_byte_cursor_from_c_str(s_invalid_pem); struct aws_array_list output_list; - ASSERT_SUCCESS(aws_array_list_init_dynamic(&output_list, allocator, 1, sizeof(struct aws_byte_buf))); - ASSERT_ERROR(AWS_IO_FILE_VALIDATION_FAILURE, aws_decode_pem_to_buffer_list(allocator, &pem_data, &output_list)); + ASSERT_ERROR(AWS_ERROR_PEM_MALFORMED, aws_pem_objects_init_from_file_contents(&output_list, allocator, pem_data)); ASSERT_UINT_EQUALS(0, aws_array_list_length(&output_list)); aws_array_list_clean_up(&output_list); return AWS_OP_SUCCESS; } - AWS_TEST_CASE(test_pem_invalid_parse, s_test_pem_invalid_parse) static int s_test_pem_valid_data_invalid_parse(struct aws_allocator *allocator, void *ctx) { @@ -885,15 +1022,13 @@ static int s_test_pem_valid_data_invalid_parse(struct aws_allocator *allocator, struct aws_byte_cursor pem_data = aws_byte_cursor_from_c_str(s_invalid_data); struct aws_array_list output_list; - ASSERT_SUCCESS(aws_array_list_init_dynamic(&output_list, allocator, 1, sizeof(struct aws_byte_buf))); - ASSERT_ERROR(AWS_IO_FILE_VALIDATION_FAILURE, aws_decode_pem_to_buffer_list(allocator, &pem_data, &output_list)); + ASSERT_ERROR(AWS_ERROR_PEM_MALFORMED, aws_pem_objects_init_from_file_contents(&output_list, allocator, pem_data)); ASSERT_UINT_EQUALS(0, aws_array_list_length(&output_list)); aws_array_list_clean_up(&output_list); return AWS_OP_SUCCESS; } - AWS_TEST_CASE(test_pem_valid_data_invalid_parse, s_test_pem_valid_data_invalid_parse) static int s_test_pem_invalid_in_chain_parse(struct aws_allocator *allocator, void *ctx) { @@ -958,8 +1093,7 @@ static int s_test_pem_invalid_in_chain_parse(struct aws_allocator *allocator, vo struct aws_byte_cursor pem_data = aws_byte_cursor_from_c_str(s_invalid_data); struct aws_array_list output_list; - ASSERT_SUCCESS(aws_array_list_init_dynamic(&output_list, allocator, 1, sizeof(struct aws_byte_buf))); - ASSERT_ERROR(AWS_IO_FILE_VALIDATION_FAILURE, aws_decode_pem_to_buffer_list(allocator, &pem_data, &output_list)); + ASSERT_ERROR(AWS_ERROR_PEM_MALFORMED, aws_pem_objects_init_from_file_contents(&output_list, allocator, pem_data)); ASSERT_UINT_EQUALS(0, aws_array_list_length(&output_list)); aws_array_list_clean_up(&output_list); diff --git a/tests/pem_utils_test.c b/tests/pem_utils_test.c deleted file mode 100644 index 4e19aec66..000000000 --- a/tests/pem_utils_test.c +++ /dev/null @@ -1,145 +0,0 @@ -/** - * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. - * SPDX-License-Identifier: Apache-2.0. - */ -#include -#include - -#include - -static int s_check_clean_pem_result( - struct aws_byte_cursor dirty_pem, - struct aws_byte_cursor expected_clean_pem, - struct aws_allocator *allocator) { - struct aws_byte_buf pem_buf; - ASSERT_SUCCESS(aws_byte_buf_init_copy_from_cursor(&pem_buf, allocator, dirty_pem)); - ASSERT_SUCCESS(aws_sanitize_pem(&pem_buf, allocator)); - ASSERT_TRUE(aws_byte_cursor_eq_byte_buf(&expected_clean_pem, &pem_buf)); - aws_byte_buf_clean_up(&pem_buf); - return AWS_OP_SUCCESS; -} - -static int s_test_pem_sanitize_comments_around_pem_object_removed(struct aws_allocator *allocator, void *ctx) { - (void)ctx; - /* comments around pem object will be removed */ - struct aws_byte_cursor dirty_pem = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("# comments\r\n" - "-----BEGIN CERTIFICATE-----\n" - "CERTIFICATES\n" - "-----END CERTIFICATE-----\n" - "# another comments\r\n" - "-----BEGIN CERTIFICATE-----\n" - "CERTIFICATES\n" - "-----END CERTIFICATE-----\n" - "# final comments\r\n"); - - struct aws_byte_cursor expected_clean_pem = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("-----BEGIN CERTIFICATE-----\n" - "CERTIFICATES\n" - "-----END CERTIFICATE-----\n" - "-----BEGIN CERTIFICATE-----\n" - "CERTIFICATES\n" - "-----END CERTIFICATE-----\n"); - - return s_check_clean_pem_result(dirty_pem, expected_clean_pem, allocator); -} - -AWS_TEST_CASE(pem_sanitize_comments_around_pem_object_removed, s_test_pem_sanitize_comments_around_pem_object_removed); - -static int s_test_pem_sanitize_empty_file_rejected(struct aws_allocator *allocator, void *ctx) { - (void)ctx; - /* We don't allow empty files. */ - struct aws_byte_buf pem; - ASSERT_SUCCESS(aws_byte_buf_init(&pem, allocator, 512)); - - ASSERT_ERROR(AWS_ERROR_INVALID_ARGUMENT, aws_sanitize_pem(&pem, allocator)); - - aws_byte_buf_clean_up(&pem); - return AWS_OP_SUCCESS; -} - -AWS_TEST_CASE(pem_sanitize_empty_file_rejected, s_test_pem_sanitize_empty_file_rejected) - -AWS_TEST_CASE(pem_sanitize_wrong_format_rejected, s_test_pem_sanitize_wrong_format_rejected) -static int s_test_pem_sanitize_wrong_format_rejected(struct aws_allocator *allocator, void *ctx) { - (void)ctx; - /* A file with the wrong format will "sanitize" to an empty PEM file, which we do not accept */ - - /* This is not a PEM file, it's a DER encoded binary x.509 certificate */ - const uint8_t not_a_pem_src[] = { - 0x30, 0x82, 0x04, 0xD3, 0x30, 0x82, 0x03, 0xBB, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x18, 0xDA, 0xD1, - 0x9E, 0x26, 0x7D, 0xE8, 0xBB, 0x4A, 0x21, 0x58, 0xCD, 0xCC, 0x6B, 0x3B, 0x4A, 0x30, 0x0D, 0x06, 0x09, 0x2A, - 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x81, 0xCA, 0x31, 0x0B, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, - 0x0E, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6E, 0x2C, 0x20, 0x49, 0x6E, 0x63, 0x2E, 0x31, 0x1F, 0x30, - 0x1D, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x16, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6E, 0x20, 0x54, - 0x72, 0x75, 0x73, 0x74, 0x20, 0x4E, 0x65, 0x74, 0x77, 0x6F, 0x72, 0x6B, 0x31, 0x3A, 0x30, 0x38, 0x06, 0x03, - 0x55, 0x04, 0x0B, 0x13, 0x31, 0x28, 0x63, 0x29, 0x20, 0x32, 0x30, 0x30, 0x36, 0x20, 0x56, 0x65, 0x72, 0x69, - 0x53, 0x69, 0x67, 0x6E, 0x2C, 0x20, 0x49, 0x6E, 0x63, 0x2E, 0x20, 0x2D, 0x20, 0x46, 0x6F, 0x72, 0x20, 0x61, - 0x75, 0x74, 0x68, 0x6F, 0x72, 0x69, 0x7A, 0x65, 0x64, 0x20, 0x75, 0x73, 0x65, 0x20, 0x6F, 0x6E, 0x6C, 0x79, - 0x31, 0x45, 0x30, 0x43, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x3C, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, - 0x6E, 0x20, 0x43, 0x6C, 0x61, 0x73, 0x73, 0x20, 0x33, 0x20, 0x50, 0x75, 0x62, 0x6C, 0x69, 0x63, 0x20, 0x50, - 0x72, 0x69, 0x6D, 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, - 0x6F, 0x6E, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6F, 0x72, 0x69, 0x74, 0x79, 0x20, 0x2D, 0x20, 0x47, 0x35, 0x30, - 0x1E, 0x17, 0x0D, 0x30, 0x36, 0x31, 0x31, 0x30, 0x38, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5A, 0x17, 0x0D, - 0x33, 0x36, 0x30, 0x37, 0x31, 0x36, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5A, 0x30, 0x81, 0xCA, 0x31, 0x0B, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, - 0x04, 0x0A, 0x13, 0x0E, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6E, 0x2C, 0x20, 0x49, 0x6E, 0x63, 0x2E, - 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x16, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, - 0x6E, 0x20, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x4E, 0x65, 0x74, 0x77, 0x6F, 0x72, 0x6B, 0x31, 0x3A, 0x30, - 0x38, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x31, 0x28, 0x63, 0x29, 0x20, 0x32, 0x30, 0x30, 0x36, 0x20, 0x56, - 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6E, 0x2C, 0x20, 0x49, 0x6E, 0x63, 0x2E, 0x20, 0x2D, 0x20, 0x46, 0x6F, - 0x72, 0x20, 0x61, 0x75, 0x74, 0x68, 0x6F, 0x72, 0x69, 0x7A, 0x65, 0x64, 0x20, 0x75, 0x73, 0x65, 0x20, 0x6F, - 0x6E, 0x6C, 0x79, 0x31, 0x45, 0x30, 0x43, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x3C, 0x56, 0x65, 0x72, 0x69, - 0x53, 0x69, 0x67, 0x6E, 0x20, 0x43, 0x6C, 0x61, 0x73, 0x73, 0x20, 0x33, 0x20, 0x50, 0x75, 0x62, 0x6C, 0x69, - 0x63, 0x20, 0x50, 0x72, 0x69, 0x6D, 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6F, 0x72, 0x69, 0x74, 0x79, 0x20, 0x2D, 0x20, - 0x47, 0x35, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, - 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xAF, - 0x24, 0x08, 0x08, 0x29, 0x7A, 0x35, 0x9E, 0x60, 0x0C, 0xAA, 0xE7, 0x4B, 0x3B, 0x4E, 0xDC, 0x7C, 0xBC, 0x3C, - 0x45, 0x1C, 0xBB, 0x2B, 0xE0, 0xFE, 0x29, 0x02, 0xF9, 0x57, 0x08, 0xA3, 0x64, 0x85, 0x15, 0x27, 0xF5, 0xF1, - 0xAD, 0xC8, 0x31, 0x89, 0x5D, 0x22, 0xE8, 0x2A, 0xAA, 0xA6, 0x42, 0xB3, 0x8F, 0xF8, 0xB9, 0x55, 0xB7, 0xB1, - 0xB7, 0x4B, 0xB3, 0xFE, 0x8F, 0x7E, 0x07, 0x57, 0xEC, 0xEF, 0x43, 0xDB, 0x66, 0x62, 0x15, 0x61, 0xCF, 0x60, - 0x0D, 0xA4, 0xD8, 0xDE, 0xF8, 0xE0, 0xC3, 0x62, 0x08, 0x3D, 0x54, 0x13, 0xEB, 0x49, 0xCA, 0x59, 0x54, 0x85, - 0x26, 0xE5, 0x2B, 0x8F, 0x1B, 0x9F, 0xEB, 0xF5, 0xA1, 0x91, 0xC2, 0x33, 0x49, 0xD8, 0x43, 0x63, 0x6A, 0x52, - 0x4B, 0xD2, 0x8F, 0xE8, 0x70, 0x51, 0x4D, 0xD1, 0x89, 0x69, 0x7B, 0xC7, 0x70, 0xF6, 0xB3, 0xDC, 0x12, 0x74, - 0xDB, 0x7B, 0x5D, 0x4B, 0x56, 0xD3, 0x96, 0xBF, 0x15, 0x77, 0xA1, 0xB0, 0xF4, 0xA2, 0x25, 0xF2, 0xAF, 0x1C, - 0x92, 0x67, 0x18, 0xE5, 0xF4, 0x06, 0x04, 0xEF, 0x90, 0xB9, 0xE4, 0x00, 0xE4, 0xDD, 0x3A, 0xB5, 0x19, 0xFF, - 0x02, 0xBA, 0xF4, 0x3C, 0xEE, 0xE0, 0x8B, 0xEB, 0x37, 0x8B, 0xEC, 0xF4, 0xD7, 0xAC, 0xF2, 0xF6, 0xF0, 0x3D, - 0xAF, 0xDD, 0x75, 0x91, 0x33, 0x19, 0x1D, 0x1C, 0x40, 0xCB, 0x74, 0x24, 0x19, 0x21, 0x93, 0xD9, 0x14, 0xFE, - 0xAC, 0x2A, 0x52, 0xC7, 0x8F, 0xD5, 0x04, 0x49, 0xE4, 0x8D, 0x63, 0x47, 0x88, 0x3C, 0x69, 0x83, 0xCB, 0xFE, - 0x47, 0xBD, 0x2B, 0x7E, 0x4F, 0xC5, 0x95, 0xAE, 0x0E, 0x9D, 0xD4, 0xD1, 0x43, 0xC0, 0x67, 0x73, 0xE3, 0x14, - 0x08, 0x7E, 0xE5, 0x3F, 0x9F, 0x73, 0xB8, 0x33, 0x0A, 0xCF, 0x5D, 0x3F, 0x34, 0x87, 0x96, 0x8A, 0xEE, 0x53, - 0xE8, 0x25, 0x15, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x81, 0xB2, 0x30, 0x81, 0xAF, 0x30, 0x0F, 0x06, 0x03, - 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, - 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x6D, 0x06, 0x08, 0x2B, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x01, 0x0C, 0x04, 0x61, 0x30, 0x5F, 0xA1, 0x5D, 0xA0, 0x5B, 0x30, 0x59, 0x30, 0x57, 0x30, - 0x55, 0x16, 0x09, 0x69, 0x6D, 0x61, 0x67, 0x65, 0x2F, 0x67, 0x69, 0x66, 0x30, 0x21, 0x30, 0x1F, 0x30, 0x07, - 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x04, 0x14, 0x8F, 0xE5, 0xD3, 0x1A, 0x86, 0xAC, 0x8D, 0x8E, 0x6B, - 0xC3, 0xCF, 0x80, 0x6A, 0xD4, 0x48, 0x18, 0x2C, 0x7B, 0x19, 0x2E, 0x30, 0x25, 0x16, 0x23, 0x68, 0x74, 0x74, - 0x70, 0x3A, 0x2F, 0x2F, 0x6C, 0x6F, 0x67, 0x6F, 0x2E, 0x76, 0x65, 0x72, 0x69, 0x73, 0x69, 0x67, 0x6E, 0x2E, - 0x63, 0x6F, 0x6D, 0x2F, 0x76, 0x73, 0x6C, 0x6F, 0x67, 0x6F, 0x2E, 0x67, 0x69, 0x66, 0x30, 0x1D, 0x06, 0x03, - 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x7F, 0xD3, 0x65, 0xA7, 0xC2, 0xDD, 0xEC, 0xBB, 0xF0, 0x30, 0x09, - 0xF3, 0x43, 0x39, 0xFA, 0x02, 0xAF, 0x33, 0x31, 0x33, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, - 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x93, 0x24, 0x4A, 0x30, 0x5F, 0x62, 0xCF, - 0xD8, 0x1A, 0x98, 0x2F, 0x3D, 0xEA, 0xDC, 0x99, 0x2D, 0xBD, 0x77, 0xF6, 0xA5, 0x79, 0x22, 0x38, 0xEC, 0xC4, - 0xA7, 0xA0, 0x78, 0x12, 0xAD, 0x62, 0x0E, 0x45, 0x70, 0x64, 0xC5, 0xE7, 0x97, 0x66, 0x2D, 0x98, 0x09, 0x7E, - 0x5F, 0xAF, 0xD6, 0xCC, 0x28, 0x65, 0xF2, 0x01, 0xAA, 0x08, 0x1A, 0x47, 0xDE, 0xF9, 0xF9, 0x7C, 0x92, 0x5A, - 0x08, 0x69, 0x20, 0x0D, 0xD9, 0x3E, 0x6D, 0x6E, 0x3C, 0x0D, 0x6E, 0xD8, 0xE6, 0x06, 0x91, 0x40, 0x18, 0xB9, - 0xF8, 0xC1, 0xED, 0xDF, 0xDB, 0x41, 0xAA, 0xE0, 0x96, 0x20, 0xC9, 0xCD, 0x64, 0x15, 0x38, 0x81, 0xC9, 0x94, - 0xEE, 0xA2, 0x84, 0x29, 0x0B, 0x13, 0x6F, 0x8E, 0xDB, 0x0C, 0xDD, 0x25, 0x02, 0xDB, 0xA4, 0x8B, 0x19, 0x44, - 0xD2, 0x41, 0x7A, 0x05, 0x69, 0x4A, 0x58, 0x4F, 0x60, 0xCA, 0x7E, 0x82, 0x6A, 0x0B, 0x02, 0xAA, 0x25, 0x17, - 0x39, 0xB5, 0xDB, 0x7F, 0xE7, 0x84, 0x65, 0x2A, 0x95, 0x8A, 0xBD, 0x86, 0xDE, 0x5E, 0x81, 0x16, 0x83, 0x2D, - 0x10, 0xCC, 0xDE, 0xFD, 0xA8, 0x82, 0x2A, 0x6D, 0x28, 0x1F, 0x0D, 0x0B, 0xC4, 0xE5, 0xE7, 0x1A, 0x26, 0x19, - 0xE1, 0xF4, 0x11, 0x6F, 0x10, 0xB5, 0x95, 0xFC, 0xE7, 0x42, 0x05, 0x32, 0xDB, 0xCE, 0x9D, 0x51, 0x5E, 0x28, - 0xB6, 0x9E, 0x85, 0xD3, 0x5B, 0xEF, 0xA5, 0x7D, 0x45, 0x40, 0x72, 0x8E, 0xB7, 0x0E, 0x6B, 0x0E, 0x06, 0xFB, - 0x33, 0x35, 0x48, 0x71, 0xB8, 0x9D, 0x27, 0x8B, 0xC4, 0x65, 0x5F, 0x0D, 0x86, 0x76, 0x9C, 0x44, 0x7A, 0xF6, - 0x95, 0x5C, 0xF6, 0x5D, 0x32, 0x08, 0x33, 0xA4, 0x54, 0xB6, 0x18, 0x3F, 0x68, 0x5C, 0xF2, 0x42, 0x4A, 0x85, - 0x38, 0x54, 0x83, 0x5F, 0xD1, 0xE8, 0x2C, 0xF2, 0xAC, 0x11, 0xD6, 0xA8, 0xED, 0x63, 0x6A}; - struct aws_byte_cursor not_a_pem_cursor = aws_byte_cursor_from_array(not_a_pem_src, sizeof(not_a_pem_src)); - struct aws_byte_buf not_a_pem; - ASSERT_SUCCESS(aws_byte_buf_init_copy_from_cursor(¬_a_pem, allocator, not_a_pem_cursor)); - - ASSERT_ERROR(AWS_ERROR_INVALID_ARGUMENT, aws_sanitize_pem(¬_a_pem, allocator)); - - aws_byte_buf_clean_up(¬_a_pem); - return AWS_OP_SUCCESS; -} From 350a4781e4932e5a8f03dc33cb7b08ed6da76cd5 Mon Sep 17 00:00:00 2001 From: Dmitriy Musatkin <63878209+DmitriyMusatkin@users.noreply.github.com> Date: Mon, 9 Oct 2023 12:55:55 -0700 Subject: [PATCH 25/44] add format unknown (#606) --- source/darwin/darwin_pki_utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/darwin/darwin_pki_utils.c b/source/darwin/darwin_pki_utils.c index 7b60bab2c..decdf2adc 100644 --- a/source/darwin/darwin_pki_utils.c +++ b/source/darwin/darwin_pki_utils.c @@ -66,7 +66,6 @@ int aws_import_ecc_key_into_keychain( AWS_ZERO_STRUCT(import_params); import_params.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION; import_params.passphrase = CFSTR(""); - format = kSecFormatUnknown; OSStatus key_status = SecItemImport(key_data, NULL, &format, &item_type, 0, &import_params, import_keychain, NULL); @@ -164,6 +163,7 @@ int aws_import_public_and_private_keys_to_identity( SecItemImport(cert_data, NULL, &format, &item_type, 0, &import_params, import_keychain, &cert_import_output); /* import private key */ + format = kSecFormatUnknown; item_type = kSecItemTypePrivateKey; OSStatus key_status = SecItemImport(key_data, NULL, &format, &item_type, 0, &import_params, import_keychain, &key_import_output); From 54719551837b96533f659470c0f016814ce00d2f Mon Sep 17 00:00:00 2001 From: Michael Graeb Date: Thu, 12 Oct 2023 12:55:48 -0700 Subject: [PATCH 26/44] Fix assert statement (#607) --- source/darwin/darwin_pki_utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/darwin/darwin_pki_utils.c b/source/darwin/darwin_pki_utils.c index decdf2adc..b18a757cb 100644 --- a/source/darwin/darwin_pki_utils.c +++ b/source/darwin/darwin_pki_utils.c @@ -52,7 +52,7 @@ int aws_import_ecc_key_into_keychain( struct aws_pem_object *pem_object_ptr = NULL; /* We only check the first pem section. Currently, we dont support key with multiple pem section. */ aws_array_list_get_at_ptr(&decoded_key_buffer_list, (void **)&pem_object_ptr, index); - AWS_ASSERT(decoded_key_buffer); + AWS_ASSERT(pem_object_ptr); CFDataRef key_data = CFDataCreate(cf_alloc, pem_object_ptr->data.buffer, pem_object_ptr->data.len); if (!key_data) { AWS_LOGF_ERROR(AWS_LS_IO_PKI, "static: error in creating ECC key data system call."); From c9cb77747d3fd2809cf3d9c43be7d5decc17e4b3 Mon Sep 17 00:00:00 2001 From: Vera Xia Date: Fri, 13 Oct 2023 16:32:46 -0700 Subject: [PATCH 27/44] Handle CRLF for windows (#608) --- .gitattributes | 5 ++ source/pem.c | 7 ++- tests/CMakeLists.txt | 1 + tests/pem_test.c | 78 ++++++++++++++++++++++++++++++ tests/resources/testparse_crlf.crt | 23 +++++++++ 5 files changed, 110 insertions(+), 4 deletions(-) create mode 100644 .gitattributes create mode 100644 tests/resources/testparse_crlf.crt diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 000000000..928edb154 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,5 @@ +# Set the default behavior, in case people don't have core.autocrlf set. +* text=auto + +# Declare files that will always have CRLF line endings on checkout. +tests/resources/testparse_crlf.crt text eol=crlf \ No newline at end of file diff --git a/source/pem.c b/source/pem.c index dd8eaf56a..154a32cd9 100644 --- a/source/pem.c +++ b/source/pem.c @@ -233,6 +233,7 @@ int s_extract_header_type_cur(struct aws_byte_cursor cur, struct aws_byte_cursor aws_byte_cursor_advance(&cur, s_begin_header_cur.len); aws_byte_cursor_advance(&cur, 1); // space after begin + struct aws_byte_cursor type_cur = aws_byte_cursor_advance(&cur, cur.len - s_delim_cur.len); if (!aws_byte_cursor_eq(&cur, &s_delim_cur)) { @@ -283,10 +284,8 @@ static int s_convert_pem_to_raw_base64( * Worst case we'll only have to do this once per line in the buffer. */ *line_cur_ptr = aws_byte_cursor_left_trim_pred(line_cur_ptr, aws_isspace); - /* handle CRLF on Windows by burning '\r' off the end of the buffer */ - if (line_cur_ptr->len > 0 && (line_cur_ptr->ptr[line_cur_ptr->len - 1] == '\r')) { - --line_cur_ptr->len; - } + /* And make sure remove any space from right side */ + *line_cur_ptr = aws_byte_cursor_right_trim_pred(line_cur_ptr, aws_isspace); switch (state) { case BEGIN: diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index c75bb0a5d..992e7456b 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -108,6 +108,7 @@ add_test_case(test_pem_single_cert_parse) add_test_case(test_pem_private_key_parse) add_test_case(test_pem_cert_chain_parse) add_test_case(test_pem_cert_parse_from_file) +add_test_case(test_pem_cert_parse_from_file_crlf) add_test_case(test_pem_private_key_parse_from_file) add_test_case(test_pem_cert_chain_comments_and_whitespace) add_test_case(test_pem_invalid_parse) diff --git a/tests/pem_test.c b/tests/pem_test.c index 767ef04a0..656a19d15 100644 --- a/tests/pem_test.c +++ b/tests/pem_test.c @@ -223,6 +223,84 @@ static int s_test_pem_cert_parse_from_file(struct aws_allocator *allocator, void } AWS_TEST_CASE(test_pem_cert_parse_from_file, s_test_pem_cert_parse_from_file) +static int s_test_pem_cert_parse_from_file_crlf(struct aws_allocator *allocator, void *ctx) { + (void)ctx; + + static const uint8_t s_expected[] = { + 0x30, 0x82, 0x03, 0xec, 0x30, 0x82, 0x02, 0xd4, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x84, 0x7d, + 0x2e, 0xed, 0x4d, 0xfc, 0x26, 0x87, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x0b, 0x05, 0x00, 0x30, 0x81, 0x9a, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, + 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, + 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, + 0x74, 0x74, 0x6c, 0x65, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x06, 0x41, 0x6d, 0x61, + 0x7a, 0x6f, 0x6e, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x04, 0x53, 0x44, 0x4b, 0x73, + 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, + 0x73, 0x74, 0x31, 0x30, 0x30, 0x2e, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, + 0x21, 0x61, 0x77, 0x73, 0x2d, 0x73, 0x64, 0x6b, 0x2d, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2d, 0x72, 0x75, + 0x6e, 0x74, 0x69, 0x6d, 0x65, 0x40, 0x61, 0x6d, 0x61, 0x7a, 0x6f, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, + 0x17, 0x0d, 0x32, 0x31, 0x30, 0x36, 0x31, 0x36, 0x30, 0x36, 0x31, 0x37, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, + 0x33, 0x30, 0x39, 0x31, 0x38, 0x30, 0x36, 0x31, 0x37, 0x30, 0x30, 0x5a, 0x30, 0x81, 0x9a, 0x31, 0x0b, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x0f, 0x30, 0x0d, 0x06, + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x06, 0x41, 0x6d, 0x61, 0x7a, 0x6f, 0x6e, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, + 0x55, 0x04, 0x0b, 0x0c, 0x04, 0x53, 0x44, 0x4b, 0x73, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0c, 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x31, 0x30, 0x30, 0x2e, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x21, 0x61, 0x77, 0x73, 0x2d, 0x73, 0x64, 0x6b, 0x2d, + 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2d, 0x72, 0x75, 0x6e, 0x74, 0x69, 0x6d, 0x65, 0x40, 0x61, 0x6d, 0x61, + 0x7a, 0x6f, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, + 0x82, 0x01, 0x01, 0x00, 0xd7, 0x6a, 0x57, 0x48, 0xf8, 0x0e, 0x44, 0x03, 0x25, 0x42, 0xd6, 0x11, 0x6f, 0x1b, + 0xb3, 0xfc, 0xe7, 0x1a, 0xa2, 0xb6, 0xa7, 0xdc, 0x2d, 0x85, 0x8f, 0x28, 0xe1, 0xbb, 0x4b, 0xee, 0x71, 0x21, + 0x19, 0x4b, 0x0c, 0x43, 0x26, 0x9e, 0xf9, 0x4c, 0x14, 0x04, 0x31, 0xa7, 0xd2, 0xa5, 0x21, 0x0a, 0x01, 0x02, + 0xde, 0x0e, 0xde, 0xf1, 0xb8, 0x34, 0x43, 0x62, 0x7e, 0x76, 0x57, 0x85, 0x04, 0xe9, 0xc1, 0x7e, 0xc5, 0x35, + 0xa1, 0xb7, 0x3b, 0x1f, 0xee, 0x68, 0x4d, 0xfe, 0x51, 0xda, 0x0c, 0xf7, 0x2f, 0x47, 0x60, 0x12, 0x3c, 0x01, + 0x24, 0xce, 0x48, 0xa5, 0xf0, 0xa0, 0x8b, 0x63, 0x87, 0xba, 0xb5, 0x3c, 0x52, 0xc1, 0x0f, 0x7b, 0xb2, 0x99, + 0x4d, 0xb8, 0x46, 0x74, 0xf7, 0xd1, 0xe8, 0x25, 0x84, 0xd3, 0x2c, 0x56, 0x91, 0x78, 0x87, 0xdd, 0xd4, 0x3d, + 0xf3, 0x67, 0x51, 0x18, 0x71, 0x2c, 0x3c, 0xc3, 0xe1, 0x99, 0xd9, 0x2c, 0x44, 0x51, 0xf6, 0x14, 0x48, 0xbd, + 0x82, 0x16, 0x62, 0x18, 0x4a, 0x44, 0x23, 0x9e, 0x5b, 0x09, 0x08, 0x8a, 0x42, 0xa0, 0x68, 0x03, 0x88, 0x10, + 0x0f, 0x6c, 0x85, 0x09, 0x3b, 0x72, 0x96, 0x04, 0x35, 0xf4, 0x26, 0x01, 0x83, 0x6f, 0x1d, 0xd6, 0x7f, 0x78, + 0xd7, 0x1b, 0xf6, 0x3a, 0x4f, 0xad, 0xcb, 0x3e, 0xc3, 0xbe, 0x01, 0x2d, 0xb4, 0x44, 0x2b, 0xdc, 0x10, 0x5d, + 0x05, 0xfe, 0xb9, 0x43, 0x20, 0xdc, 0xc8, 0xe4, 0x40, 0x07, 0x3b, 0x54, 0xce, 0x11, 0xdf, 0x5f, 0x28, 0xeb, + 0xbe, 0x24, 0x02, 0xb4, 0xe8, 0xfc, 0x35, 0x9b, 0xbe, 0xc1, 0x80, 0xea, 0xc4, 0xec, 0x5b, 0x6f, 0x20, 0x6e, + 0xe4, 0x60, 0xd5, 0x6e, 0x38, 0x43, 0xde, 0x22, 0x73, 0x87, 0x90, 0xeb, 0xaa, 0xaf, 0x20, 0xe2, 0xb0, 0x1d, + 0x4f, 0xc2, 0x2c, 0x8f, 0x34, 0x86, 0xea, 0x75, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x33, 0x30, 0x31, 0x30, + 0x13, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x0c, 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, + 0x03, 0x01, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x13, 0x30, 0x11, 0x82, 0x09, 0x6c, 0x6f, 0x63, + 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x07, 0xb4, 0x9a, 0x48, + 0x4e, 0x6d, 0x71, 0x32, 0xf4, 0x35, 0x89, 0xf5, 0xe1, 0xe8, 0x27, 0x5e, 0xe3, 0x51, 0x0d, 0x54, 0xf2, 0xde, + 0x1e, 0x2f, 0x9a, 0x0d, 0xdd, 0x02, 0xd4, 0xce, 0x15, 0x93, 0x8b, 0xe6, 0x75, 0x77, 0xc2, 0x41, 0xf6, 0xbf, + 0xfc, 0xac, 0x25, 0x96, 0xea, 0x80, 0x38, 0x68, 0xe2, 0xa5, 0x72, 0x9a, 0x31, 0xa2, 0x95, 0x43, 0xa9, 0x90, + 0x39, 0x64, 0xe3, 0x6c, 0x29, 0x37, 0x0c, 0x7a, 0xb7, 0x18, 0x97, 0x47, 0x0e, 0x16, 0x79, 0x2f, 0x9a, 0x92, + 0x7b, 0x51, 0xac, 0xe4, 0x4c, 0x70, 0xc2, 0xe4, 0xf3, 0x7f, 0x2b, 0x63, 0x53, 0x2c, 0x3b, 0xdb, 0xf1, 0xef, + 0x84, 0xda, 0xf3, 0x71, 0x6c, 0x6e, 0xb8, 0x41, 0x48, 0xae, 0xb5, 0x12, 0x1b, 0x20, 0xec, 0xdf, 0xff, 0x9f, + 0x2b, 0x2d, 0x66, 0x52, 0x0a, 0x72, 0x17, 0x99, 0xa5, 0x4d, 0x28, 0x29, 0x8a, 0x9c, 0xc8, 0x51, 0xd0, 0xe8, + 0x5c, 0x42, 0x66, 0x3e, 0xef, 0x06, 0xda, 0x72, 0xea, 0xa8, 0x5a, 0x5a, 0x02, 0x0f, 0xa2, 0x68, 0x80, 0xa9, + 0x9a, 0xa4, 0x30, 0x8c, 0x9e, 0x69, 0x75, 0xa5, 0x5c, 0x34, 0x8b, 0x71, 0x49, 0xe5, 0x3a, 0x1a, 0x74, 0xa9, + 0x51, 0x86, 0xee, 0x06, 0xf9, 0x54, 0x37, 0x0c, 0xf6, 0x17, 0x8a, 0x1e, 0xc3, 0x54, 0x6d, 0xa9, 0x52, 0x4a, + 0x2f, 0xf8, 0xd0, 0xe3, 0x56, 0xc2, 0x61, 0x14, 0xfd, 0x7c, 0x77, 0x2b, 0x5b, 0x8b, 0x93, 0x2c, 0x6e, 0x76, + 0x46, 0xa9, 0x00, 0x34, 0x8d, 0x55, 0x42, 0x6a, 0xe2, 0x6b, 0xa3, 0xd8, 0xe6, 0x5a, 0x5b, 0x65, 0x98, 0xa8, + 0xb1, 0x85, 0x01, 0x92, 0x42, 0xf4, 0xd6, 0x73, 0x4d, 0xc6, 0xf6, 0xf1, 0x34, 0x36, 0x16, 0x44, 0xc6, 0x09, + 0xc7, 0x94, 0x46, 0x1c, 0x06, 0x94, 0x84, 0xa9, 0x4f, 0x41, 0x0b, 0x46, 0xa6, 0xb4, 0x48, 0x1a, 0x14, 0x45, + }; + + struct aws_array_list output_list; + ASSERT_SUCCESS(aws_pem_objects_init_from_file_path(&output_list, allocator, "testparse_crlf.crt")); + ASSERT_UINT_EQUALS(1, aws_array_list_length(&output_list)); + + struct aws_pem_object *pem_object = NULL; + aws_array_list_get_at_ptr(&output_list, (void **)&pem_object, 0); + ASSERT_BIN_ARRAYS_EQUALS(s_expected, sizeof(s_expected), pem_object->data.buffer, pem_object->data.len); + ASSERT_CURSOR_VALUE_CSTRING_EQUALS(aws_byte_cursor_from_string(pem_object->type_string), "CERTIFICATE"); + ASSERT_INT_EQUALS(AWS_PEM_TYPE_X509, pem_object->type); + + aws_pem_objects_clean_up(&output_list); + + return AWS_OP_SUCCESS; +} +AWS_TEST_CASE(test_pem_cert_parse_from_file_crlf, s_test_pem_cert_parse_from_file_crlf) + static int s_test_pem_private_key_parse_from_file(struct aws_allocator *allocator, void *ctx) { (void)ctx; diff --git a/tests/resources/testparse_crlf.crt b/tests/resources/testparse_crlf.crt new file mode 100644 index 000000000..3a0e25619 --- /dev/null +++ b/tests/resources/testparse_crlf.crt @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID7DCCAtSgAwIBAgIJAIR9Lu1N/CaHMA0GCSqGSIb3DQEBCwUAMIGaMQswCQYD +VQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEP +MA0GA1UECgwGQW1hem9uMQ0wCwYDVQQLDARTREtzMRIwEAYDVQQDDAlsb2NhbGhv +c3QxMDAuBgkqhkiG9w0BCQEWIWF3cy1zZGstY29tbW9uLXJ1bnRpbWVAYW1hem9u +LmNvbTAeFw0yMTA2MTYwNjE3MDBaFw0yMzA5MTgwNjE3MDBaMIGaMQswCQYDVQQG +EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEPMA0G +A1UECgwGQW1hem9uMQ0wCwYDVQQLDARTREtzMRIwEAYDVQQDDAlsb2NhbGhvc3Qx +MDAuBgkqhkiG9w0BCQEWIWF3cy1zZGstY29tbW9uLXJ1bnRpbWVAYW1hem9uLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANdqV0j4DkQDJULWEW8b +s/znGqK2p9wthY8o4btL7nEhGUsMQyae+UwUBDGn0qUhCgEC3g7e8bg0Q2J+dleF +BOnBfsU1obc7H+5oTf5R2gz3L0dgEjwBJM5IpfCgi2OHurU8UsEPe7KZTbhGdPfR +6CWE0yxWkXiH3dQ982dRGHEsPMPhmdksRFH2FEi9ghZiGEpEI55bCQiKQqBoA4gQ +D2yFCTtylgQ19CYBg28d1n941xv2Ok+tyz7DvgEttEQr3BBdBf65QyDcyORABztU +zhHfXyjrviQCtOj8NZu+wYDqxOxbbyBu5GDVbjhD3iJzh5Drqq8g4rAdT8IsjzSG +6nUCAwEAAaMzMDEwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGgYDVR0RBBMwEYIJbG9j +YWxob3N0hwR/AAABMA0GCSqGSIb3DQEBCwUAA4IBAQAHtJpITm1xMvQ1ifXh6Cde +41ENVPLeHi+aDd0C1M4Vk4vmdXfCQfa//KwlluqAOGjipXKaMaKVQ6mQOWTjbCk3 +DHq3GJdHDhZ5L5qSe1Gs5ExwwuTzfytjUyw72/HvhNrzcWxuuEFIrrUSGyDs3/+f +Ky1mUgpyF5mlTSgpipzIUdDoXEJmPu8G2nLqqFpaAg+iaICpmqQwjJ5pdaVcNItx +SeU6GnSpUYbuBvlUNwz2F4oew1RtqVJKL/jQ41bCYRT9fHcrW4uTLG52RqkANI1V +Qmria6PY5lpbZZiosYUBkkL01nNNxvbxNDYWRMYJx5RGHAaUhKlPQQtGprRIGhRF +-----END CERTIFICATE----- From 8583ba74fed011ce936f79628c1c18887637515a Mon Sep 17 00:00:00 2001 From: Vera Xia Date: Mon, 16 Oct 2023 14:48:30 -0700 Subject: [PATCH 28/44] Remove null check for aws_pkcs11_lib_login_user (#611) --- source/pkcs11_tls_op_handler.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/source/pkcs11_tls_op_handler.c b/source/pkcs11_tls_op_handler.c index 6d155cbd9..0951d5c87 100644 --- a/source/pkcs11_tls_op_handler.c +++ b/source/pkcs11_tls_op_handler.c @@ -183,10 +183,8 @@ struct aws_custom_key_op_handler *aws_pkcs11_tls_op_handler_new( goto done; } - if (pkcs_user_pin != NULL) { - if (aws_pkcs11_lib_login_user(pkcs11_handler->lib, pkcs11_handler->session_handle, pkcs_user_pin)) { - goto done; - } + if (aws_pkcs11_lib_login_user(pkcs11_handler->lib, pkcs11_handler->session_handle, pkcs_user_pin)) { + goto done; } if (aws_pkcs11_lib_find_private_key( From df64f57feb63ab1a489ded86a87b756a48c46f35 Mon Sep 17 00:00:00 2001 From: "Jonathan M. Henson" Date: Tue, 21 Nov 2023 09:42:53 -0800 Subject: [PATCH 29/44] Use 500ms rather than 25ms for the exponential backoff defaults. (#612) --- include/aws/io/retry_strategy.h | 2 +- source/exponential_backoff_retry_strategy.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/aws/io/retry_strategy.h b/include/aws/io/retry_strategy.h index 3986db4d4..3d63c35e6 100644 --- a/include/aws/io/retry_strategy.h +++ b/include/aws/io/retry_strategy.h @@ -110,7 +110,7 @@ struct aws_exponential_backoff_retry_options { struct aws_event_loop_group *el_group; /** Max retries to allow. The default value is 10 */ size_t max_retries; - /** Scaling factor to add for the backoff. Default is 25ms */ + /** Scaling factor to add for the backoff. Default is 500ms */ uint32_t backoff_scale_factor_ms; /** Max retry backoff in seconds. Default is 20 seconds */ uint32_t max_backoff_secs; diff --git a/source/exponential_backoff_retry_strategy.c b/source/exponential_backoff_retry_strategy.c index 0b2742e65..cf2472269 100644 --- a/source/exponential_backoff_retry_strategy.c +++ b/source/exponential_backoff_retry_strategy.c @@ -373,7 +373,7 @@ struct aws_retry_strategy *aws_retry_strategy_new_exponential_backoff( } if (!exponential_backoff_strategy->config.backoff_scale_factor_ms) { - exponential_backoff_strategy->config.backoff_scale_factor_ms = 25; + exponential_backoff_strategy->config.backoff_scale_factor_ms = 500; } if (!exponential_backoff_strategy->config.max_backoff_secs) { From 749c87e551465ff1a3c2e8a77b1181bccff2f4b6 Mon Sep 17 00:00:00 2001 From: Michael Graeb Date: Fri, 29 Dec 2023 16:14:02 -0800 Subject: [PATCH 30/44] Change `port` from uint16_t to uint32_t, to support VSOCK (#613) --- include/aws/io/channel_bootstrap.h | 4 +- include/aws/io/socket.h | 18 ++++++- source/channel_bootstrap.c | 12 ++--- source/posix/socket.c | 53 ++++++++++----------- source/socket_shared.c | 75 +++++++++++++++++++++++++++++ source/windows/iocp/socket.c | 76 +++++++++++++++++------------- tests/CMakeLists.txt | 1 + tests/socket_test.c | 53 +++++++++++++++++++++ tests/tls_handler_test.c | 8 ++-- 9 files changed, 226 insertions(+), 74 deletions(-) create mode 100644 source/socket_shared.c diff --git a/include/aws/io/channel_bootstrap.h b/include/aws/io/channel_bootstrap.h index 8e28579df..e65794756 100644 --- a/include/aws/io/channel_bootstrap.h +++ b/include/aws/io/channel_bootstrap.h @@ -178,7 +178,7 @@ struct aws_server_bootstrap { struct aws_socket_channel_bootstrap_options { struct aws_client_bootstrap *bootstrap; const char *host_name; - uint16_t port; + uint32_t port; const struct aws_socket_options *socket_options; const struct aws_tls_connection_options *tls_options; aws_client_bootstrap_on_channel_event_fn *creation_callback; @@ -208,7 +208,7 @@ struct aws_socket_channel_bootstrap_options { struct aws_server_socket_channel_bootstrap_options { struct aws_server_bootstrap *bootstrap; const char *host_name; - uint16_t port; + uint32_t port; const struct aws_socket_options *socket_options; const struct aws_tls_connection_options *tls_options; aws_server_bootstrap_on_accept_channel_setup_fn *incoming_callback; diff --git a/include/aws/io/socket.h b/include/aws/io/socket.h index de4fed356..a6223b05e 100644 --- a/include/aws/io/socket.h +++ b/include/aws/io/socket.h @@ -98,7 +98,7 @@ typedef void(aws_socket_on_readable_fn)(struct aws_socket *socket, int error_cod #endif struct aws_socket_endpoint { char address[AWS_ADDRESS_MAX_LEN]; - uint16_t port; + uint32_t port; }; struct aws_socket { @@ -302,6 +302,22 @@ AWS_IO_API int aws_socket_get_error(struct aws_socket *socket); */ AWS_IO_API bool aws_socket_is_open(struct aws_socket *socket); +/** + * Raises AWS_IO_SOCKET_INVALID_ADDRESS and logs an error if connecting to this port is illegal. + * For example, port must be in range 1-65535 to connect with IPv4. + * These port values would fail eventually in aws_socket_connect(), + * but you can use this function to validate earlier. + */ +AWS_IO_API int aws_socket_validate_port_for_connect(uint32_t port, enum aws_socket_domain domain); + +/** + * Raises AWS_IO_SOCKET_INVALID_ADDRESS and logs an error if binding to this port is illegal. + * For example, port must in range 0-65535 to bind with IPv4. + * These port values would fail eventually in aws_socket_bind(), + * but you can use this function to validate earlier. + */ +AWS_IO_API int aws_socket_validate_port_for_bind(uint32_t port, enum aws_socket_domain domain); + /** * Assigns a random address (UUID) for use with AWS_SOCKET_LOCAL (Unix Domain Sockets). * For use in internal tests only. diff --git a/source/channel_bootstrap.c b/source/channel_bootstrap.c index dfafe02fc..f5e364261 100644 --- a/source/channel_bootstrap.c +++ b/source/channel_bootstrap.c @@ -118,7 +118,7 @@ struct client_connection_args { aws_client_bootstrap_on_channel_event_fn *shutdown_callback; struct client_channel_data channel_data; struct aws_socket_options outgoing_options; - uint16_t outgoing_port; + uint32_t outgoing_port; struct aws_string *host_name; void *user_data; uint8_t addresses_count; @@ -764,14 +764,14 @@ int aws_client_bootstrap_new_socket_channel(struct aws_socket_channel_bootstrap_ } const char *host_name = options->host_name; - uint16_t port = options->port; + uint32_t port = options->port; AWS_LOGF_TRACE( AWS_LS_IO_CHANNEL_BOOTSTRAP, - "id=%p: attempting to initialize a new client channel to %s:%d", + "id=%p: attempting to initialize a new client channel to %s:%u", (void *)bootstrap, host_name, - (int)port); + port); aws_ref_count_init( &client_connection_args->ref_count, @@ -1363,10 +1363,10 @@ struct aws_socket *aws_server_bootstrap_new_socket_listener( AWS_LOGF_INFO( AWS_LS_IO_CHANNEL_BOOTSTRAP, "id=%p: attempting to initialize a new " - "server socket listener for %s:%d", + "server socket listener for %s:%u", (void *)bootstrap_options->bootstrap, bootstrap_options->host_name, - (int)bootstrap_options->port); + bootstrap_options->port); aws_ref_count_init( &server_connection_args->ref_count, diff --git a/source/posix/socket.c b/source/posix/socket.c index 99361106f..dcf0c9d55 100644 --- a/source/posix/socket.c +++ b/source/posix/socket.c @@ -340,18 +340,7 @@ static int s_update_local_endpoint(struct aws_socket *socket) { } else if (address.ss_family == AF_VSOCK) { struct sockaddr_vm *s = (struct sockaddr_vm *)&address; - /* VSOCK port is 32bit, but aws_socket_endpoint.port is only 16bit. - * Hopefully this isn't an issue, since users can only pass in 16bit values. - * But if it becomes an issue, we'll need to make aws_socket_endpoint more flexible */ - if (s->svm_port > UINT16_MAX) { - AWS_LOGF_ERROR( - AWS_LS_IO_SOCKET, - "id=%p fd=%d: aws_socket_endpoint can't deal with VSOCK port > UINT16_MAX", - (void *)socket, - socket->io_handle.data.fd); - return aws_raise_error(AWS_IO_SOCKET_INVALID_ADDRESS); - } - tmp_endpoint.port = (uint16_t)s->svm_port; + tmp_endpoint.port = s->svm_port; snprintf(tmp_endpoint.address, sizeof(tmp_endpoint.address), "%" PRIu32, s->svm_cid); return AWS_OP_SUCCESS; @@ -642,18 +631,22 @@ int aws_socket_connect( return AWS_OP_ERR; } + if (aws_socket_validate_port_for_connect(remote_endpoint->port, socket->options.domain)) { + return AWS_OP_ERR; + } + struct socket_address address; AWS_ZERO_STRUCT(address); socklen_t sock_size = 0; int pton_err = 1; if (socket->options.domain == AWS_SOCKET_IPV4) { pton_err = inet_pton(AF_INET, remote_endpoint->address, &address.sock_addr_types.addr_in.sin_addr); - address.sock_addr_types.addr_in.sin_port = htons(remote_endpoint->port); + address.sock_addr_types.addr_in.sin_port = htons((uint16_t)remote_endpoint->port); address.sock_addr_types.addr_in.sin_family = AF_INET; sock_size = sizeof(address.sock_addr_types.addr_in); } else if (socket->options.domain == AWS_SOCKET_IPV6) { pton_err = inet_pton(AF_INET6, remote_endpoint->address, &address.sock_addr_types.addr_in6.sin6_addr); - address.sock_addr_types.addr_in6.sin6_port = htons(remote_endpoint->port); + address.sock_addr_types.addr_in6.sin6_port = htons((uint16_t)remote_endpoint->port); address.sock_addr_types.addr_in6.sin6_family = AF_INET6; sock_size = sizeof(address.sock_addr_types.addr_in6); } else if (socket->options.domain == AWS_SOCKET_LOCAL) { @@ -664,7 +657,7 @@ int aws_socket_connect( } else if (socket->options.domain == AWS_SOCKET_VSOCK) { pton_err = parse_cid(remote_endpoint->address, &address.sock_addr_types.vm_addr.svm_cid); address.sock_addr_types.vm_addr.svm_family = AF_VSOCK; - address.sock_addr_types.vm_addr.svm_port = (unsigned int)remote_endpoint->port; + address.sock_addr_types.vm_addr.svm_port = remote_endpoint->port; sock_size = sizeof(address.sock_addr_types.vm_addr); #endif } else { @@ -676,21 +669,21 @@ int aws_socket_connect( int errno_value = errno; /* Always cache errno before potential side-effect */ AWS_LOGF_DEBUG( AWS_LS_IO_SOCKET, - "id=%p fd=%d: failed to parse address %s:%d.", + "id=%p fd=%d: failed to parse address %s:%u.", (void *)socket, socket->io_handle.data.fd, remote_endpoint->address, - (int)remote_endpoint->port); + remote_endpoint->port); return aws_raise_error(s_convert_pton_error(pton_err, errno_value)); } AWS_LOGF_DEBUG( AWS_LS_IO_SOCKET, - "id=%p fd=%d: connecting to endpoint %s:%d.", + "id=%p fd=%d: connecting to endpoint %s:%u.", (void *)socket, socket->io_handle.data.fd, remote_endpoint->address, - (int)remote_endpoint->port); + remote_endpoint->port); socket->state = CONNECTING; socket->remote_endpoint = *remote_endpoint; @@ -806,13 +799,17 @@ int aws_socket_bind(struct aws_socket *socket, const struct aws_socket_endpoint return AWS_OP_ERR; } + if (aws_socket_validate_port_for_bind(local_endpoint->port, socket->options.domain)) { + return AWS_OP_ERR; + } + AWS_LOGF_INFO( AWS_LS_IO_SOCKET, - "id=%p fd=%d: binding to %s:%d.", + "id=%p fd=%d: binding to %s:%u.", (void *)socket, socket->io_handle.data.fd, local_endpoint->address, - (int)local_endpoint->port); + local_endpoint->port); struct socket_address address; AWS_ZERO_STRUCT(address); @@ -820,12 +817,12 @@ int aws_socket_bind(struct aws_socket *socket, const struct aws_socket_endpoint int pton_err = 1; if (socket->options.domain == AWS_SOCKET_IPV4) { pton_err = inet_pton(AF_INET, local_endpoint->address, &address.sock_addr_types.addr_in.sin_addr); - address.sock_addr_types.addr_in.sin_port = htons(local_endpoint->port); + address.sock_addr_types.addr_in.sin_port = htons((uint16_t)local_endpoint->port); address.sock_addr_types.addr_in.sin_family = AF_INET; sock_size = sizeof(address.sock_addr_types.addr_in); } else if (socket->options.domain == AWS_SOCKET_IPV6) { pton_err = inet_pton(AF_INET6, local_endpoint->address, &address.sock_addr_types.addr_in6.sin6_addr); - address.sock_addr_types.addr_in6.sin6_port = htons(local_endpoint->port); + address.sock_addr_types.addr_in6.sin6_port = htons((uint16_t)local_endpoint->port); address.sock_addr_types.addr_in6.sin6_family = AF_INET6; sock_size = sizeof(address.sock_addr_types.addr_in6); } else if (socket->options.domain == AWS_SOCKET_LOCAL) { @@ -836,7 +833,7 @@ int aws_socket_bind(struct aws_socket *socket, const struct aws_socket_endpoint } else if (socket->options.domain == AWS_SOCKET_VSOCK) { pton_err = parse_cid(local_endpoint->address, &address.sock_addr_types.vm_addr.svm_cid); address.sock_addr_types.vm_addr.svm_family = AF_VSOCK; - address.sock_addr_types.vm_addr.svm_port = (unsigned int)local_endpoint->port; + address.sock_addr_types.vm_addr.svm_port = local_endpoint->port; sock_size = sizeof(address.sock_addr_types.vm_addr); #endif } else { @@ -848,11 +845,11 @@ int aws_socket_bind(struct aws_socket *socket, const struct aws_socket_endpoint int errno_value = errno; /* Always cache errno before potential side-effect */ AWS_LOGF_ERROR( AWS_LS_IO_SOCKET, - "id=%p fd=%d: failed to parse address %s:%d.", + "id=%p fd=%d: failed to parse address %s:%u.", (void *)socket, socket->io_handle.data.fd, local_endpoint->address, - (int)local_endpoint->port); + local_endpoint->port); return aws_raise_error(s_convert_pton_error(pton_err, errno_value)); } @@ -882,7 +879,7 @@ int aws_socket_bind(struct aws_socket *socket, const struct aws_socket_endpoint AWS_LOGF_DEBUG( AWS_LS_IO_SOCKET, - "id=%p fd=%d: successfully bound to %s:%d", + "id=%p fd=%d: successfully bound to %s:%u", (void *)socket, socket->io_handle.data.fd, socket->local_endpoint.address, @@ -996,7 +993,7 @@ static void s_socket_accept_event( new_sock->local_endpoint = socket->local_endpoint; new_sock->state = CONNECTED_READ | CONNECTED_WRITE; - uint16_t port = 0; + uint32_t port = 0; /* get the info on the incoming socket's address */ if (in_addr.ss_family == AF_INET) { diff --git a/source/socket_shared.c b/source/socket_shared.c new file mode 100644 index 000000000..63c640b49 --- /dev/null +++ b/source/socket_shared.c @@ -0,0 +1,75 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ +#include + +#include + +/* common validation for connect() and bind() */ +static int s_socket_validate_port_for_domain(uint32_t port, enum aws_socket_domain domain) { + switch (domain) { + case AWS_SOCKET_IPV4: + case AWS_SOCKET_IPV6: + if (port > UINT16_MAX) { + AWS_LOGF_ERROR( + AWS_LS_IO_SOCKET, + "Invalid port=%u for %s. Cannot exceed 65535", + port, + domain == AWS_SOCKET_IPV4 ? "IPv4" : "IPv6"); + return aws_raise_error(AWS_IO_SOCKET_INVALID_ADDRESS); + } + break; + + case AWS_SOCKET_LOCAL: + /* port is ignored */ + break; + + case AWS_SOCKET_VSOCK: + /* any 32bit port is legal */ + break; + + default: + AWS_LOGF_ERROR(AWS_LS_IO_SOCKET, "Cannot validate port for unknown domain=%d", domain); + return aws_raise_error(AWS_IO_SOCKET_INVALID_ADDRESS); + } + return AWS_OP_SUCCESS; +} + +int aws_socket_validate_port_for_connect(uint32_t port, enum aws_socket_domain domain) { + if (s_socket_validate_port_for_domain(port, domain)) { + return AWS_OP_ERR; + } + + /* additional validation */ + switch (domain) { + case AWS_SOCKET_IPV4: + case AWS_SOCKET_IPV6: + if (port == 0) { + AWS_LOGF_ERROR( + AWS_LS_IO_SOCKET, + "Invalid port=%u for %s connections. Must use 1-65535", + port, + domain == AWS_SOCKET_IPV4 ? "IPv4" : "IPv6"); + return aws_raise_error(AWS_IO_SOCKET_INVALID_ADDRESS); + } + break; + + case AWS_SOCKET_VSOCK: + if (port == (uint32_t)-1) { + AWS_LOGF_ERROR( + AWS_LS_IO_SOCKET, "Invalid port for VSOCK connections. Cannot use VMADDR_PORT_ANY (-1U)."); + return aws_raise_error(AWS_IO_SOCKET_INVALID_ADDRESS); + } + break; + + default: + /* no extra validation */ + break; + } + return AWS_OP_SUCCESS; +} + +int aws_socket_validate_port_for_bind(uint32_t port, enum aws_socket_domain domain) { + return s_socket_validate_port_for_domain(port, domain); +} diff --git a/source/windows/iocp/socket.c b/source/windows/iocp/socket.c index b3f899b13..6d879417b 100644 --- a/source/windows/iocp/socket.c +++ b/source/windows/iocp/socket.c @@ -449,6 +449,11 @@ int aws_socket_connect( return aws_raise_error(AWS_IO_SOCKET_ILLEGAL_OPERATION_FOR_STATE); } } + + if (aws_socket_validate_port_for_connect(remote_endpoint->port, socket->options.domain)) { + return AWS_OP_ERR; + } + return socket_impl->vtable->connect(socket, remote_endpoint, event_loop, on_connection_result, user_data); } @@ -457,6 +462,11 @@ int aws_socket_bind(struct aws_socket *socket, const struct aws_socket_endpoint socket->state = ERRORED; return aws_raise_error(AWS_IO_SOCKET_ILLEGAL_OPERATION_FOR_STATE); } + + if (aws_socket_validate_port_for_bind(local_endpoint->port, socket->options.domain)) { + return AWS_OP_ERR; + } + struct iocp_socket *socket_impl = socket->impl; return socket_impl->vtable->bind(socket, local_endpoint); } @@ -709,11 +719,11 @@ static int s_ipv4_stream_connection_success(struct aws_socket *socket) { AWS_LOGF_DEBUG( AWS_LS_IO_SOCKET, - "id=%p handle=%p: local endpoint %s:%d", + "id=%p handle=%p: local endpoint %s:%u", (void *)socket, (void *)socket->io_handle.data.handle, socket->local_endpoint.address, - (int)socket->local_endpoint.port); + socket->local_endpoint.port); setsockopt((SOCKET)socket->io_handle.data.handle, SOL_SOCKET, SO_UPDATE_CONNECT_CONTEXT, NULL, 0); socket->state = CONNECTED_WRITE | CONNECTED_READ; @@ -770,11 +780,11 @@ static int s_ipv6_stream_connection_success(struct aws_socket *socket) { AWS_LOGF_DEBUG( AWS_LS_IO_SOCKET, - "id=%p handle=%p: local endpoint %s:%d", + "id=%p handle=%p: local endpoint %s:%u", (void *)socket, (void *)socket->io_handle.data.handle, socket->local_endpoint.address, - (int)socket->local_endpoint.port); + socket->local_endpoint.port); setsockopt((SOCKET)socket->io_handle.data.handle, SOL_SOCKET, SO_UPDATE_CONNECT_CONTEXT, NULL, 0); @@ -1050,23 +1060,23 @@ static int s_ipv4_stream_connect( int aws_err = s_convert_pton_error(err); /* call before logging or WSAError may get cleared */ AWS_LOGF_ERROR( AWS_LS_IO_SOCKET, - "id=%p handle=%p: failed to parse address %s:%d.", + "id=%p handle=%p: failed to parse address %s:%u.", (void *)socket, (void *)socket->io_handle.data.handle, remote_endpoint->address, - (int)remote_endpoint->port); + remote_endpoint->port); return aws_raise_error(aws_err); } AWS_LOGF_DEBUG( AWS_LS_IO_SOCKET, - "id=%p handle=%p: connecting to endpoint %s:%d.", + "id=%p handle=%p: connecting to endpoint %s:%u.", (void *)socket, (void *)socket->io_handle.data.handle, remote_endpoint->address, - (int)remote_endpoint->port); + remote_endpoint->port); - addr_in.sin_port = htons(remote_endpoint->port); + addr_in.sin_port = htons((uint16_t)remote_endpoint->port); addr_in.sin_family = AF_INET; /* stupid as hell, we have to bind first*/ @@ -1117,23 +1127,23 @@ static int s_ipv6_stream_connect( int aws_err = s_convert_pton_error(pton_err); /* call before logging or WSAError may get cleared */ AWS_LOGF_ERROR( AWS_LS_IO_SOCKET, - "id=%p handle=%p: failed to parse address %s:%d.", + "id=%p handle=%p: failed to parse address %s:%u.", (void *)socket, (void *)socket->io_handle.data.handle, remote_endpoint->address, - (int)remote_endpoint->port); + remote_endpoint->port); return aws_raise_error(aws_err); } AWS_LOGF_DEBUG( AWS_LS_IO_SOCKET, - "id=%p handle=%p: connecting to endpoint %s:%d.", + "id=%p handle=%p: connecting to endpoint %s:%u.", (void *)socket, (void *)socket->io_handle.data.handle, remote_endpoint->address, - (int)remote_endpoint->port); + remote_endpoint->port); - addr_in6.sin6_port = htons(remote_endpoint->port); + addr_in6.sin6_port = htons((uint16_t)remote_endpoint->port); addr_in6.sin6_family = AF_INET6; return s_tcp_connect( @@ -1244,11 +1254,11 @@ static inline int s_dgram_connect( AWS_LOGF_DEBUG( AWS_LS_IO_SOCKET, - "id=%p handle=%p: connecting to to %s:%d", + "id=%p handle=%p: connecting to to %s:%u", (void *)socket, (void *)socket->io_handle.data.handle, remote_endpoint->address, - (int)remote_endpoint->port); + remote_endpoint->port); int reuse = 1; if (setsockopt((SOCKET)socket->io_handle.data.handle, SOL_SOCKET, SO_REUSEADDR, (char *)&reuse, sizeof(int))) { @@ -1269,11 +1279,11 @@ static inline int s_dgram_connect( int wsa_err = WSAGetLastError(); /* logging may reset error, so cache it */ AWS_LOGF_DEBUG( AWS_LS_IO_SOCKET, - "id=%p handle=%p: Failed to connect to %s:%d with error %d.", + "id=%p handle=%p: Failed to connect to %s:%u with error %d.", (void *)socket, (void *)socket->io_handle.data.handle, remote_endpoint->address, - (int)remote_endpoint->port, + remote_endpoint->port, wsa_err); aws_raise_error(s_determine_socket_error(wsa_err)); goto error; @@ -1285,11 +1295,11 @@ static inline int s_dgram_connect( AWS_LOGF_DEBUG( AWS_LS_IO_SOCKET, - "id=%p handle=%p: local endpoint %s:%d", + "id=%p handle=%p: local endpoint %s:%u", (void *)socket, (void *)socket->io_handle.data.handle, socket->local_endpoint.address, - (int)socket->local_endpoint.port); + socket->local_endpoint.port); if (s_process_tcp_sock_options(socket)) { goto error; @@ -1334,7 +1344,7 @@ static int s_ipv4_dgram_connect( return aws_raise_error(aws_err); } - addr_in.sin_port = htons(remote_endpoint->port); + addr_in.sin_port = htons((uint16_t)remote_endpoint->port); addr_in.sin_family = AF_INET; return s_dgram_connect(socket, remote_endpoint, connect_loop, (struct sockaddr *)&addr_in, sizeof(addr_in)); @@ -1361,7 +1371,7 @@ static int s_ipv6_dgram_connect( return aws_raise_error(aws_err); } - addr_in6.sin6_port = htons(remote_endpoint->port); + addr_in6.sin6_port = htons((uint16_t)remote_endpoint->port); addr_in6.sin6_family = AF_INET6; return s_dgram_connect(socket, remote_endpoint, connect_loop, (struct sockaddr *)&addr_in6, sizeof(addr_in6)); @@ -1406,11 +1416,11 @@ static inline int s_tcp_bind(struct aws_socket *socket, struct sockaddr *sock_ad AWS_LOGF_INFO( AWS_LS_IO_SOCKET, - "id=%p handle=%p: binding to tcp %s:%d", + "id=%p handle=%p: binding to tcp %s:%u", (void *)socket, (void *)socket->io_handle.data.handle, socket->local_endpoint.address, - (int)socket->local_endpoint.port); + socket->local_endpoint.port); socket->state = BOUND; return AWS_OP_SUCCESS; @@ -1431,7 +1441,7 @@ static int s_ipv4_stream_bind(struct aws_socket *socket, const struct aws_socket return aws_raise_error(aws_err); } - addr_in.sin_port = htons(local_endpoint->port); + addr_in.sin_port = htons((uint16_t)local_endpoint->port); addr_in.sin_family = AF_INET; return s_tcp_bind(socket, (struct sockaddr *)&addr_in, sizeof(addr_in)); @@ -1448,7 +1458,7 @@ static int s_ipv6_stream_bind(struct aws_socket *socket, const struct aws_socket return aws_raise_error(aws_err); } - addr_in6.sin6_port = htons(local_endpoint->port); + addr_in6.sin6_port = htons((uint16_t)local_endpoint->port); addr_in6.sin6_family = AF_INET6; return s_tcp_bind(socket, (struct sockaddr *)&addr_in6, sizeof(addr_in6)); @@ -1474,11 +1484,11 @@ static inline int s_udp_bind(struct aws_socket *socket, struct sockaddr *sock_ad AWS_LOGF_INFO( AWS_LS_IO_SOCKET, - "id=%p handle=%p: binding to udp %s:%p", + "id=%p handle=%p: binding to udp %s:%u", (void *)socket, (void *)socket->io_handle.data.handle, socket->local_endpoint.address, - (int)socket->local_endpoint.port); + socket->local_endpoint.port); socket->state = CONNECTED_READ; return AWS_OP_SUCCESS; @@ -1499,7 +1509,7 @@ static int s_ipv4_dgram_bind(struct aws_socket *socket, const struct aws_socket_ return aws_raise_error(aws_err); } - addr_in.sin_port = htons(local_endpoint->port); + addr_in.sin_port = htons((uint16_t)local_endpoint->port); addr_in.sin_family = AF_INET; return s_udp_bind(socket, (struct sockaddr *)&addr_in, sizeof(addr_in)); @@ -1516,7 +1526,7 @@ static int s_ipv6_dgram_bind(struct aws_socket *socket, const struct aws_socket_ return aws_raise_error(aws_err); } - addr_in6.sin6_port = htons(local_endpoint->port); + addr_in6.sin6_port = htons((uint16_t)local_endpoint->port); addr_in6.sin6_family = AF_INET6; return s_udp_bind(socket, (struct sockaddr *)&addr_in6, sizeof(addr_in6)); @@ -1888,7 +1898,7 @@ static void s_tcp_accept_event( do { socket_impl->incoming_socket->state = CONNECTED_WRITE | CONNECTED_READ; - uint16_t port = 0; + uint32_t port = 0; struct sockaddr_storage *in_addr = (struct sockaddr_storage *)socket_impl->accept_buffer; @@ -1917,11 +1927,11 @@ static void s_tcp_accept_event( socket_impl->incoming_socket->remote_endpoint.port = port; AWS_LOGF_INFO( AWS_LS_IO_SOCKET, - "id=%p handle=%p: incoming connection accepted from %s:%d.", + "id=%p handle=%p: incoming connection accepted from %s:%u.", (void *)socket, (void *)socket->io_handle.data.handle, socket_impl->incoming_socket->remote_endpoint.address, - (int)port); + port); u_long non_blocking = 1; ioctlsocket((SOCKET)socket_impl->incoming_socket->io_handle.data.handle, FIONBIO, &non_blocking); diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 992e7456b..7f263f850 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -76,6 +76,7 @@ add_net_test_case(cleanup_before_connect_or_timeout_doesnt_explode) add_test_case(cleanup_in_accept_doesnt_explode) add_test_case(cleanup_in_write_cb_doesnt_explode) add_test_case(sock_write_cb_is_async) +add_test_case(socket_validate_port) if(WIN32) add_test_case(local_socket_pipe_connected_race) diff --git a/tests/socket_test.c b/tests/socket_test.c index c654742d2..b23ed084b 100644 --- a/tests/socket_test.c +++ b/tests/socket_test.c @@ -1752,3 +1752,56 @@ static int s_local_socket_pipe_connected_race(struct aws_allocator *allocator, v AWS_TEST_CASE(local_socket_pipe_connected_race, s_local_socket_pipe_connected_race) #endif + +static int s_test_socket_validate_port(struct aws_allocator *allocator, void *ctx) { + (void)allocator; + (void)ctx; + + /* IPv4 - 16bit port, only bind can use 0 */ + ASSERT_SUCCESS(aws_socket_validate_port_for_connect(80, AWS_SOCKET_IPV4)); + ASSERT_SUCCESS(aws_socket_validate_port_for_bind(80, AWS_SOCKET_IPV4)); + + ASSERT_ERROR(AWS_IO_SOCKET_INVALID_ADDRESS, aws_socket_validate_port_for_connect(0, AWS_SOCKET_IPV4)); + ASSERT_SUCCESS(aws_socket_validate_port_for_bind(0, AWS_SOCKET_IPV4)); + + ASSERT_ERROR(AWS_IO_SOCKET_INVALID_ADDRESS, aws_socket_validate_port_for_connect(0xFFFFFFFF, AWS_SOCKET_IPV4)); + ASSERT_ERROR(AWS_IO_SOCKET_INVALID_ADDRESS, aws_socket_validate_port_for_bind(0xFFFFFFFF, AWS_SOCKET_IPV4)); + + /* IPv6 - 16bit port, only bind can use 0 */ + ASSERT_SUCCESS(aws_socket_validate_port_for_connect(80, AWS_SOCKET_IPV6)); + ASSERT_SUCCESS(aws_socket_validate_port_for_bind(80, AWS_SOCKET_IPV6)); + + ASSERT_ERROR(AWS_IO_SOCKET_INVALID_ADDRESS, aws_socket_validate_port_for_connect(0, AWS_SOCKET_IPV6)); + ASSERT_SUCCESS(aws_socket_validate_port_for_bind(0, AWS_SOCKET_IPV6)); + + ASSERT_ERROR(AWS_IO_SOCKET_INVALID_ADDRESS, aws_socket_validate_port_for_connect(0xFFFFFFFF, AWS_SOCKET_IPV6)); + ASSERT_ERROR(AWS_IO_SOCKET_INVALID_ADDRESS, aws_socket_validate_port_for_bind(0xFFFFFFFF, AWS_SOCKET_IPV6)); + + /* VSOCK - 32bit port, only bind can use VMADDR_PORT_ANY (-1U) */ + ASSERT_SUCCESS(aws_socket_validate_port_for_connect(80, AWS_SOCKET_VSOCK)); + ASSERT_SUCCESS(aws_socket_validate_port_for_bind(80, AWS_SOCKET_VSOCK)); + + ASSERT_SUCCESS(aws_socket_validate_port_for_connect(0, AWS_SOCKET_VSOCK)); + ASSERT_SUCCESS(aws_socket_validate_port_for_bind(0, AWS_SOCKET_VSOCK)); + + ASSERT_SUCCESS(aws_socket_validate_port_for_connect(0x7FFFFFFF, AWS_SOCKET_VSOCK)); + ASSERT_SUCCESS(aws_socket_validate_port_for_bind(0x7FFFFFFF, AWS_SOCKET_VSOCK)); + + ASSERT_ERROR(AWS_IO_SOCKET_INVALID_ADDRESS, aws_socket_validate_port_for_connect((uint32_t)-1, AWS_SOCKET_VSOCK)); + ASSERT_SUCCESS(aws_socket_validate_port_for_bind((uint32_t)-1, AWS_SOCKET_VSOCK)); + + /* LOCAL - ignores port */ + ASSERT_SUCCESS(aws_socket_validate_port_for_connect(0, AWS_SOCKET_LOCAL)); + ASSERT_SUCCESS(aws_socket_validate_port_for_bind(0, AWS_SOCKET_LOCAL)); + ASSERT_SUCCESS(aws_socket_validate_port_for_connect(80, AWS_SOCKET_LOCAL)); + ASSERT_SUCCESS(aws_socket_validate_port_for_bind(80, AWS_SOCKET_LOCAL)); + ASSERT_SUCCESS(aws_socket_validate_port_for_connect((uint32_t)-1, AWS_SOCKET_LOCAL)); + ASSERT_SUCCESS(aws_socket_validate_port_for_bind((uint32_t)-1, AWS_SOCKET_LOCAL)); + + /* invalid domain should fail */ + ASSERT_ERROR(AWS_IO_SOCKET_INVALID_ADDRESS, aws_socket_validate_port_for_connect(80, (enum aws_socket_domain)(-1))); + ASSERT_ERROR(AWS_IO_SOCKET_INVALID_ADDRESS, aws_socket_validate_port_for_bind(80, (enum aws_socket_domain)(-1))); + + return 0; +} +AWS_TEST_CASE(socket_validate_port, s_test_socket_validate_port) diff --git a/tests/tls_handler_test.c b/tests/tls_handler_test.c index b44bc70fa..fb1b6a4d5 100644 --- a/tests/tls_handler_test.c +++ b/tests/tls_handler_test.c @@ -672,7 +672,7 @@ struct default_host_callback_data { static int s_verify_negotiation_fails_helper( struct aws_allocator *allocator, const struct aws_string *host_name, - uint16_t port, + uint32_t port, struct aws_tls_ctx_options *client_ctx_options) { struct aws_tls_ctx *client_ctx = aws_tls_client_ctx_new(allocator, client_ctx_options); @@ -755,7 +755,7 @@ static int s_verify_negotiation_fails_helper( static int s_verify_negotiation_fails( struct aws_allocator *allocator, const struct aws_string *host_name, - uint16_t port, + uint32_t port, void (*context_options_override_fn)(struct aws_tls_ctx_options *)) { aws_io_library_init(allocator); @@ -1019,7 +1019,7 @@ static int s_tls_client_channel_negotiation_error_socket_closed_fn(struct aws_al (void)ctx; const char *host_name = "aws-crt-test-stuff.s3.amazonaws.com"; - uint16_t port = 80; /* Note: intentionally wrong and not 443 */ + uint32_t port = 80; /* Note: intentionally wrong and not 443 */ aws_io_library_init(allocator); @@ -1084,7 +1084,7 @@ AWS_TEST_CASE( static int s_verify_good_host( struct aws_allocator *allocator, const struct aws_string *host_name, - uint16_t port, + uint32_t port, void (*override_tls_options_fn)(struct aws_tls_ctx_options *)) { aws_io_library_init(allocator); From 64c06afc292dbd3ad618485d38e4f501085519e0 Mon Sep 17 00:00:00 2001 From: Steve Kim <86316075+sbSteveK@users.noreply.github.com> Date: Mon, 8 Jan 2024 11:35:10 -0800 Subject: [PATCH 31/44] Surface proper PKCS11 error (#617) --- source/tls_channel_handler.c | 1 - 1 file changed, 1 deletion(-) diff --git a/source/tls_channel_handler.c b/source/tls_channel_handler.c index 83955def1..5c6426872 100644 --- a/source/tls_channel_handler.c +++ b/source/tls_channel_handler.c @@ -199,7 +199,6 @@ int aws_tls_ctx_options_init_client_mtls_with_pkcs11( int custom_key_result = AWS_OP_ERR; if (pkcs11_handler == NULL) { - aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); goto finish; } From 6225ebb9da28f1023ad5e21694de9d165cd65f3b Mon Sep 17 00:00:00 2001 From: Bret Ambrose Date: Wed, 10 Jan 2024 11:18:57 -0800 Subject: [PATCH 32/44] Always run channel setup callback on pinned event loop if one exists (#618) Co-authored-by: Bret Ambrose --- source/channel_bootstrap.c | 75 +++++++++++++++++++++++++- tests/CMakeLists.txt | 1 + tests/socket_handler_test.c | 105 ++++++++++++++++++++++++++++++++++++ 3 files changed, 180 insertions(+), 1 deletion(-) diff --git a/source/channel_bootstrap.c b/source/channel_bootstrap.c index f5e364261..2ccd3873a 100644 --- a/source/channel_bootstrap.c +++ b/source/channel_bootstrap.c @@ -182,10 +182,14 @@ static struct aws_event_loop *s_get_connection_event_loop(struct client_connecti return aws_event_loop_group_get_next_loop(args->bootstrap->event_loop_group); } -static void s_connection_args_setup_callback( +static void s_connect_args_setup_callback_safe( struct client_connection_args *args, int error_code, struct aws_channel *channel) { + + AWS_FATAL_ASSERT( + (args->requested_event_loop == NULL) || aws_event_loop_thread_is_callers_thread(args->requested_event_loop)); + /* setup_callback is always called exactly once */ AWS_FATAL_ASSERT(!args->setup_called); @@ -200,6 +204,75 @@ static void s_connection_args_setup_callback( s_client_connection_args_release(args); } +struct aws_connection_args_setup_callback_task { + struct aws_allocator *allocator; + struct aws_task task; + struct client_connection_args *args; + int error_code; + struct aws_channel *channel; +}; + +static void s_aws_connection_args_setup_callback_task_delete(struct aws_connection_args_setup_callback_task *task) { + if (task == NULL) { + return; + } + + s_client_connection_args_release(task->args); + if (task->channel) { + aws_channel_release_hold(task->channel); + } + + aws_mem_release(task->allocator, task); +} + +void s_aws_connection_args_setup_callback_task_fn(struct aws_task *task, void *arg, enum aws_task_status status) { + (void)task; + + struct aws_connection_args_setup_callback_task *callback_task = arg; + + if (status == AWS_TASK_STATUS_RUN_READY) { + s_connect_args_setup_callback_safe(callback_task->args, callback_task->error_code, callback_task->channel); + } + + s_aws_connection_args_setup_callback_task_delete(callback_task); +} + +static struct aws_connection_args_setup_callback_task *s_aws_connection_args_setup_callback_task_new( + struct aws_allocator *allocator, + struct client_connection_args *args, + int error_code, + struct aws_channel *channel) { + + struct aws_connection_args_setup_callback_task *task = + aws_mem_calloc(allocator, 1, sizeof(struct aws_connection_args_setup_callback_task)); + task->allocator = allocator; + task->args = s_client_connection_args_acquire(args); + task->error_code = error_code; + task->channel = channel; + if (channel != NULL) { + aws_channel_acquire_hold(channel); + } + + aws_task_init( + &task->task, s_aws_connection_args_setup_callback_task_fn, task, "safe connection args setup callback"); + + return task; +} + +static void s_connection_args_setup_callback( + struct client_connection_args *args, + int error_code, + struct aws_channel *channel) { + + if (args->requested_event_loop == NULL || aws_event_loop_thread_is_callers_thread(args->requested_event_loop)) { + s_connect_args_setup_callback_safe(args, error_code, channel); + } else { + struct aws_connection_args_setup_callback_task *callback_task = + s_aws_connection_args_setup_callback_task_new(args->bootstrap->allocator, args, error_code, channel); + aws_event_loop_schedule_task_now(args->requested_event_loop, &callback_task->task); + } +} + static void s_connection_args_creation_callback(struct client_connection_args *args, struct aws_channel *channel) { AWS_FATAL_ASSERT(channel != NULL); diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 7f263f850..a1da0c5d9 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -123,6 +123,7 @@ add_test_case(pem_sanitize_wrong_format_rejected) add_test_case(socket_handler_echo_and_backpressure) add_test_case(socket_handler_close) add_test_case(socket_pinned_event_loop) +add_net_test_case(socket_pinned_event_loop_dns_failure) if(NOT BYO_CRYPTO) if(USE_S2N) diff --git a/tests/socket_handler_test.c b/tests/socket_handler_test.c index 26e272d6a..ed94eff8c 100644 --- a/tests/socket_handler_test.c +++ b/tests/socket_handler_test.c @@ -39,6 +39,10 @@ struct socket_common_tester { struct aws_event_loop_group *el_group; struct aws_atomic_var current_time_ns; struct aws_atomic_var stats_handler; + + bool setup_called; + struct aws_event_loop *requested_callback_event_loop; + int setup_error_code; }; static struct socket_common_tester c_tester; @@ -399,6 +403,107 @@ static int s_socket_pinned_event_loop_test(struct aws_allocator *allocator, void AWS_TEST_CASE(socket_pinned_event_loop, s_socket_pinned_event_loop_test) +static void s_dns_failure_test_client_setup_callback( + struct aws_client_bootstrap *bootstrap, + int error_code, + struct aws_channel *channel, + void *user_data) { + + (void)bootstrap; + (void)channel; + + struct socket_common_tester *socket_tester = (struct socket_common_tester *)user_data; + + aws_mutex_lock(&socket_tester->mutex); + + socket_tester->setup_error_code = error_code; + socket_tester->setup_called = true; + AWS_FATAL_ASSERT(aws_event_loop_thread_is_callers_thread(socket_tester->requested_callback_event_loop)); + AWS_FATAL_ASSERT(channel == NULL); + + aws_mutex_unlock(&socket_tester->mutex); + aws_condition_variable_notify_one(&socket_tester->condition_variable); +} + +static void s_dns_failure_handler_test_client_shutdown_callback( + struct aws_client_bootstrap *bootstrap, + int error_code, + struct aws_channel *channel, + void *user_data) { + + (void)error_code; + (void)bootstrap; + (void)channel; + (void)user_data; + + // Should never be called + AWS_FATAL_ASSERT(false); +} + +static bool s_dns_failure_channel_setup_predicate(void *user_data) { + struct socket_common_tester *socket_tester = (struct socket_common_tester *)user_data; + return socket_tester->setup_called; +} + +static int s_socket_pinned_event_loop_dns_failure_test(struct aws_allocator *allocator, void *ctx) { + (void)ctx; + + s_socket_common_tester_init(allocator, &c_tester); + + struct aws_host_resolver_default_options resolver_options = { + .el_group = c_tester.el_group, + .max_entries = 8, + }; + struct aws_host_resolver *resolver = aws_host_resolver_new_default(allocator, &resolver_options); + + struct aws_client_bootstrap_options client_bootstrap_options = { + .event_loop_group = c_tester.el_group, + .host_resolver = resolver, + }; + struct aws_client_bootstrap *client_bootstrap = aws_client_bootstrap_new(allocator, &client_bootstrap_options); + ASSERT_NOT_NULL(client_bootstrap); + + struct aws_event_loop *pinned_event_loop = aws_event_loop_group_get_next_loop(c_tester.el_group); + c_tester.requested_callback_event_loop = pinned_event_loop; + + struct aws_socket_options socket_options = { + .domain = AWS_SOCKET_IPV4, + .type = AWS_SOCKET_STREAM, + .connect_timeout_ms = 10000, + }; + + struct aws_socket_channel_bootstrap_options client_channel_options; + AWS_ZERO_STRUCT(client_channel_options); + client_channel_options.bootstrap = client_bootstrap; + client_channel_options.host_name = "notavalid.domain-seriously.uffda"; + client_channel_options.port = 443; + client_channel_options.socket_options = &socket_options; + client_channel_options.setup_callback = s_dns_failure_test_client_setup_callback; + client_channel_options.shutdown_callback = s_dns_failure_handler_test_client_shutdown_callback; + client_channel_options.enable_read_back_pressure = false; + client_channel_options.requested_event_loop = pinned_event_loop; + client_channel_options.user_data = &c_tester; + + ASSERT_SUCCESS(aws_client_bootstrap_new_socket_channel(&client_channel_options)); + + ASSERT_SUCCESS(aws_mutex_lock(&c_tester.mutex)); + ASSERT_SUCCESS(aws_condition_variable_wait_pred( + &c_tester.condition_variable, &c_tester.mutex, s_dns_failure_channel_setup_predicate, &c_tester)); + + /* Verify the setup callback failure was on the requested event loop */ + ASSERT_TRUE(c_tester.setup_error_code != 0); + + aws_mutex_unlock(&c_tester.mutex); + + aws_client_bootstrap_release(client_bootstrap); + aws_host_resolver_release(resolver); + ASSERT_SUCCESS(s_socket_common_tester_clean_up(&c_tester)); + + return AWS_OP_SUCCESS; +} + +AWS_TEST_CASE(socket_pinned_event_loop_dns_failure, s_socket_pinned_event_loop_dns_failure_test) + static int s_socket_echo_and_backpressure_test(struct aws_allocator *allocator, void *ctx) { (void)ctx; From 0b03c30949a2d6327557f25fd02ea1d148e1900b Mon Sep 17 00:00:00 2001 From: Waqar Ahmed Khan Date: Wed, 24 Jan 2024 16:21:37 -0800 Subject: [PATCH 33/44] Cache the Error Before Any Side Effects (#619) --- source/event_loop.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/source/event_loop.c b/source/event_loop.c index 5870b87e8..a6d51da66 100644 --- a/source/event_loop.c +++ b/source/event_loop.c @@ -165,12 +165,16 @@ static struct aws_event_loop_group *s_event_loop_group_new( return el_group; -on_error: +on_error:; + /* cache the error code to prevent any potential side effects */ + int cached_error_code = aws_last_error(); aws_mem_release(alloc, usable_cpus); s_aws_event_loop_group_shutdown_sync(el_group); s_event_loop_group_thread_exit(el_group); + /* raise the cached error code */ + aws_raise_error(cached_error_code); return NULL; } From 4c65ce51d2d7050e1ce1030881b6a4df22d33544 Mon Sep 17 00:00:00 2001 From: Waqar Ahmed Khan Date: Mon, 29 Jan 2024 13:18:02 -0800 Subject: [PATCH 34/44] Fix NULL config clean-up (#620) --- source/s2n/s2n_tls_channel_handler.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/source/s2n/s2n_tls_channel_handler.c b/source/s2n/s2n_tls_channel_handler.c index 01052e8c9..80770b62b 100644 --- a/source/s2n/s2n_tls_channel_handler.c +++ b/source/s2n/s2n_tls_channel_handler.c @@ -1312,8 +1312,9 @@ struct aws_channel_handler *aws_tls_server_handler_new( static void s_s2n_ctx_destroy(struct s2n_ctx *s2n_ctx) { if (s2n_ctx != NULL) { - s2n_config_free(s2n_ctx->s2n_config); - + if (s2n_ctx->s2n_config) { + s2n_config_free(s2n_ctx->s2n_config); + } if (s2n_ctx->custom_cert_chain_and_key) { s2n_cert_chain_and_key_free(s2n_ctx->custom_cert_chain_and_key); } From 2a84a98dd77343a8218d2b9f7956ce7ddacee6b4 Mon Sep 17 00:00:00 2001 From: Michael Graeb Date: Tue, 13 Feb 2024 09:44:51 -0800 Subject: [PATCH 35/44] Fix a bunch of places we forget to aws_raise_error() (#622) --- .github/workflows/ci.yml | 2 +- source/channel.c | 2 +- source/darwin/darwin_pki_utils.c | 87 ++++++++++++------- .../secure_transport_tls_channel_handler.c | 17 ++-- source/event_loop.c | 2 +- source/posix/socket.c | 2 +- source/windows/iocp/iocp_event_loop.c | 2 +- source/windows/secure_channel_tls_handler.c | 6 +- 8 files changed, 75 insertions(+), 45 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 28dac9707..99ca48dec 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,7 +6,7 @@ on: - 'main' env: - BUILDER_VERSION: v0.9.48 + BUILDER_VERSION: v0.9.55 BUILDER_SOURCE: releases BUILDER_HOST: https://d19elf31gohf1l.cloudfront.net PACKAGE_NAME: aws-c-io diff --git a/source/channel.c b/source/channel.c index b741513cc..36a3975b2 100644 --- a/source/channel.c +++ b/source/channel.c @@ -743,7 +743,7 @@ int aws_channel_slot_insert_end(struct aws_channel *channel, struct aws_channel_ } AWS_ASSERT(0); - return AWS_OP_ERR; + return aws_raise_error(AWS_ERROR_INVALID_STATE); } int aws_channel_slot_insert_left(struct aws_channel_slot *slot, struct aws_channel_slot *to_add) { diff --git a/source/darwin/darwin_pki_utils.c b/source/darwin/darwin_pki_utils.c index b18a757cb..479932d11 100644 --- a/source/darwin/darwin_pki_utils.c +++ b/source/darwin/darwin_pki_utils.c @@ -101,12 +101,8 @@ int aws_import_public_and_private_keys_to_identity( int result = AWS_OP_ERR; - CFDataRef cert_data = CFDataCreate(cf_alloc, public_cert_chain->ptr, public_cert_chain->len); - CFDataRef key_data = CFDataCreate(cf_alloc, private_key->ptr, private_key->len); - - if (!cert_data || !key_data) { - return aws_raise_error(AWS_ERROR_SYS_CALL_FAILURE); - } + CFDataRef cert_data = NULL; + CFDataRef key_data = NULL; CFArrayRef cert_import_output = NULL; CFArrayRef key_import_output = NULL; @@ -118,9 +114,26 @@ int aws_import_public_and_private_keys_to_identity( import_params.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION; import_params.passphrase = CFSTR(""); + struct aws_array_list cert_chain_list; + AWS_ZERO_STRUCT(cert_chain_list); + CFDataRef root_cert_data = NULL; SecCertificateRef certificate_ref = NULL; SecKeychainRef import_keychain = NULL; + cert_data = CFDataCreate(cf_alloc, public_cert_chain->ptr, public_cert_chain->len); + if (!cert_data) { + AWS_LOGF_ERROR(AWS_LS_IO_PKI, "static: failed creating public cert chain data."); + result = aws_raise_error(AWS_ERROR_SYS_CALL_FAILURE); + goto done; + } + + key_data = CFDataCreate(cf_alloc, private_key->ptr, private_key->len); + if (!key_data) { + AWS_LOGF_ERROR(AWS_LS_IO_PKI, "static: failed creating private key data."); + result = aws_raise_error(AWS_ERROR_SYS_CALL_FAILURE); + goto done; + } + # pragma clang diagnostic push # pragma clang diagnostic ignored "-Wdeprecated-declarations" /* SecKeychain functions are marked as deprecated. @@ -134,7 +147,8 @@ int aws_import_public_and_private_keys_to_identity( "static: error opening keychain \"%s\" with OSStatus %d", aws_string_c_str(keychain_path), keychain_status); - return AWS_OP_ERR; + result = aws_raise_error(AWS_ERROR_SYS_CALL_FAILURE); + goto done; } keychain_status = SecKeychainUnlock(import_keychain, 0, "", true); if (keychain_status != errSecSuccess) { @@ -143,14 +157,16 @@ int aws_import_public_and_private_keys_to_identity( "static: error unlocking keychain \"%s\" with OSStatus %d", aws_string_c_str(keychain_path), keychain_status); - return AWS_OP_ERR; + result = aws_raise_error(AWS_ERROR_SYS_CALL_FAILURE); + goto done; } } else { OSStatus keychain_status = SecKeychainCopyDefault(&import_keychain); if (keychain_status != errSecSuccess) { AWS_LOGF_ERROR( AWS_LS_IO_PKI, "static: error opening the default keychain with OSStatus %d", keychain_status); - return AWS_OP_ERR; + result = aws_raise_error(AWS_ERROR_SYS_CALL_FAILURE); + goto done; } } @@ -168,9 +184,6 @@ int aws_import_public_and_private_keys_to_identity( OSStatus key_status = SecItemImport(key_data, NULL, &format, &item_type, 0, &import_params, import_keychain, &key_import_output); - CFRelease(cert_data); - CFRelease(key_data); - if (cert_status != errSecSuccess && cert_status != errSecDuplicateItem) { AWS_LOGF_ERROR(AWS_LS_IO_PKI, "static: error importing certificate with OSStatus %d", (int)cert_status); result = aws_raise_error(AWS_IO_FILE_VALIDATION_FAILURE); @@ -201,11 +214,8 @@ int aws_import_public_and_private_keys_to_identity( AWS_LS_IO_PKI, "static: certificate has an existing certificate-key pair that was previously imported into the Keychain. " "Using key from Keychain instead of the one provided."); - struct aws_array_list cert_chain_list; - if (aws_pem_objects_init_from_file_contents(&cert_chain_list, alloc, *public_cert_chain)) { AWS_LOGF_ERROR(AWS_LS_IO_PKI, "static: decoding certificate PEM failed."); - aws_pem_objects_clean_up(&cert_chain_list); result = AWS_OP_ERR; goto done; } @@ -214,36 +224,46 @@ int aws_import_public_and_private_keys_to_identity( aws_array_list_get_at_ptr(&cert_chain_list, (void **)&root_cert_ptr, 0); AWS_ASSERT(root_cert_ptr); CFDataRef root_cert_data = CFDataCreate(cf_alloc, root_cert_ptr->data.buffer, root_cert_ptr->data.len); - - if (root_cert_data) { - certificate_ref = SecCertificateCreateWithData(cf_alloc, root_cert_data); - CFRelease(root_cert_data); + if (!root_cert_data) { + AWS_LOGF_ERROR(AWS_LS_IO_PKI, "static: failed creating root cert data."); + result = aws_raise_error(AWS_ERROR_SYS_CALL_FAILURE); + goto done; } - aws_pem_objects_clean_up(&cert_chain_list); + certificate_ref = SecCertificateCreateWithData(cf_alloc, root_cert_data); + if (!certificate_ref) { + AWS_LOGF_ERROR(AWS_LS_IO_PKI, "static: failed to create certificate."); + result = aws_raise_error(AWS_IO_FILE_VALIDATION_FAILURE); + goto done; + } } else { certificate_ref = (SecCertificateRef)CFArrayGetValueAtIndex(cert_import_output, 0); /* SecCertificateCreateWithData returns an object with +1 retain, so we need to match that behavior here */ CFRetain(certificate_ref); } - /* if we got a cert one way or the other, create the identity and return it */ - if (certificate_ref) { - SecIdentityRef identity_output; - OSStatus status = SecIdentityCreateWithCertificate(import_keychain, certificate_ref, &identity_output); - if (status == errSecSuccess) { - CFTypeRef certs[] = {identity_output}; - *identity = CFArrayCreate(cf_alloc, (const void **)certs, 1L, &kCFTypeArrayCallBacks); - result = AWS_OP_SUCCESS; - goto done; - } + /* we got a cert one way or the other, create the identity and return it */ + AWS_ASSERT(certificate_ref); + SecIdentityRef identity_output; + OSStatus status = SecIdentityCreateWithCertificate(import_keychain, certificate_ref, &identity_output); + if (status != errSecSuccess) { + AWS_LOGF_ERROR(AWS_LS_IO_PKI, "static: error creating identity with OSStatus %d", key_status); + result = aws_raise_error(AWS_ERROR_SYS_CALL_FAILURE); + goto done; } + CFTypeRef certs[] = {identity_output}; + *identity = CFArrayCreate(cf_alloc, (const void **)certs, 1L, &kCFTypeArrayCallBacks); + result = AWS_OP_SUCCESS; + done: aws_mutex_unlock(&s_sec_mutex); if (certificate_ref) { CFRelease(certificate_ref); } + if (root_cert_data) { + CFRelease(root_cert_data); + } if (cert_import_output) { CFRelease(cert_import_output); } @@ -253,6 +273,13 @@ int aws_import_public_and_private_keys_to_identity( if (import_keychain) { CFRelease(import_keychain); } + if (cert_data) { + CFRelease(cert_data); + } + if (key_data) { + CFRelease(key_data); + } + aws_pem_objects_clean_up(&cert_chain_list); return result; } diff --git a/source/darwin/secure_transport_tls_channel_handler.c b/source/darwin/secure_transport_tls_channel_handler.c index 5846807e4..fe647dd24 100644 --- a/source/darwin/secure_transport_tls_channel_handler.c +++ b/source/darwin/secure_transport_tls_channel_handler.c @@ -335,7 +335,7 @@ static int s_drive_negotiation(struct aws_channel_handler *handler) { &secure_transport_handler->protocol, handler->alloc, (size_t)CFStringGetLength(protocol) + 1)) { CFRelease(protocol); s_invoke_negotiation_callback(handler, AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE); - return AWS_OP_ERR; + return aws_raise_error(AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE); } memset(secure_transport_handler->protocol.buffer, 0, secure_transport_handler->protocol.capacity); @@ -399,7 +399,7 @@ static int s_drive_negotiation(struct aws_channel_handler *handler) { if (secure_transport_handler->verify_peer) { if (!secure_transport_handler->ca_certs) { s_invoke_negotiation_callback(handler, AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE); - return AWS_OP_ERR; + return aws_raise_error(AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE); } SecTrustRef trust; @@ -407,7 +407,7 @@ static int s_drive_negotiation(struct aws_channel_handler *handler) { if (status != errSecSuccess) { s_invoke_negotiation_callback(handler, AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE); - return AWS_OP_ERR; + return aws_raise_error(AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE); } SecPolicyRef policy; @@ -428,7 +428,7 @@ static int s_drive_negotiation(struct aws_channel_handler *handler) { AWS_LOGF_ERROR(AWS_LS_IO_TLS, "id=%p: Failed to set trust policy %d\n", (void *)handler, (int)status); CFRelease(trust); s_invoke_negotiation_callback(handler, AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE); - return AWS_OP_ERR; + return aws_raise_error(AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE); } status = SecTrustSetAnchorCertificates(trust, secure_transport_handler->ca_certs); @@ -440,7 +440,7 @@ static int s_drive_negotiation(struct aws_channel_handler *handler) { (int)status); CFRelease(trust); s_invoke_negotiation_callback(handler, AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE); - return AWS_OP_ERR; + return aws_raise_error(AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE); } /* Use ONLY the custom CA bundle (ignoring system anchors) */ @@ -453,7 +453,7 @@ static int s_drive_negotiation(struct aws_channel_handler *handler) { (int)status); CFRelease(trust); s_invoke_negotiation_callback(handler, AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE); - return AWS_OP_ERR; + return aws_raise_error(AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE); } SecTrustResultType trust_eval = 0; @@ -471,7 +471,7 @@ static int s_drive_negotiation(struct aws_channel_handler *handler) { (void *)handler, (int)status, (int)trust_eval); - return AWS_OP_ERR; + return aws_raise_error(AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE); } return s_drive_negotiation(handler); /* if this is here, everything went wrong. */ @@ -479,9 +479,8 @@ static int s_drive_negotiation(struct aws_channel_handler *handler) { secure_transport_handler->negotiation_finished = false; AWS_LOGF_WARN(AWS_LS_IO_TLS, "id=%p: negotiation failed with OSStatus %d.", (void *)handler, (int)status); - aws_raise_error(AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE); s_invoke_negotiation_callback(handler, AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE); - return AWS_OP_ERR; + return aws_raise_error(AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE); } return AWS_OP_SUCCESS; diff --git a/source/event_loop.c b/source/event_loop.c index a6d51da66..1e7aef676 100644 --- a/source/event_loop.c +++ b/source/event_loop.c @@ -402,7 +402,7 @@ int aws_event_loop_fetch_local_object( return AWS_OP_SUCCESS; } - return AWS_OP_ERR; + return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); } int aws_event_loop_put_local_object(struct aws_event_loop *event_loop, struct aws_event_loop_local_object *obj) { diff --git a/source/posix/socket.c b/source/posix/socket.c index dcf0c9d55..0dac9442c 100644 --- a/source/posix/socket.c +++ b/source/posix/socket.c @@ -1892,7 +1892,7 @@ int aws_socket_get_error(struct aws_socket *socket) { socklen_t result_length = sizeof(connect_result); if (getsockopt(socket->io_handle.data.fd, SOL_SOCKET, SO_ERROR, &connect_result, &result_length) < 0) { - return AWS_OP_ERR; + return s_determine_socket_error(errno); } if (connect_result) { diff --git a/source/windows/iocp/iocp_event_loop.c b/source/windows/iocp/iocp_event_loop.c index 9ccce3007..b6716a543 100644 --- a/source/windows/iocp/iocp_event_loop.c +++ b/source/windows/iocp/iocp_event_loop.c @@ -635,7 +635,7 @@ static int s_unsubscribe_from_io_events(struct aws_event_loop *event_loop, struc "id=%p: failed to un-subscribe from events on handle %p", (void *)event_loop, (void *)handle->data.handle); - return AWS_OP_ERR; + return aws_raise_error(AWS_ERROR_SYS_CALL_FAILURE); } static void s_free_io_event_resources(void *user_data) { diff --git a/source/windows/secure_channel_tls_handler.c b/source/windows/secure_channel_tls_handler.c index 9ede8ded5..b62b1a0b7 100644 --- a/source/windows/secure_channel_tls_handler.c +++ b/source/windows/secure_channel_tls_handler.c @@ -1367,9 +1367,13 @@ static int s_process_write_message( struct aws_io_message *outgoing_message = aws_channel_acquire_message_from_pool(slot->channel, AWS_IO_MESSAGE_APPLICATION_DATA, to_write); - if (!outgoing_message || outgoing_message->message_data.capacity <= upstream_overhead) { + if (!outgoing_message) { return AWS_OP_ERR; } + if (outgoing_message->message_data.capacity <= upstream_overhead) { + aws_mem_release(outgoing_message->allocator, outgoing_message); + return aws_raise_error(AWS_ERROR_INVALID_STATE); + } /* what if message is larger than one record? */ size_t original_message_fragment_to_process = outgoing_message->message_data.capacity - upstream_overhead; From 267bb4c49fbfd773a299b9993eac53dd2893ee5c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mos=C3=A8=20Giordano?= Date: Tue, 13 Feb 2024 18:21:06 +0000 Subject: [PATCH 36/44] Consistently use lowercase for Windows libraries (#603) --- CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index cd12fa725..3f763bec2 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -95,7 +95,7 @@ if (WIN32) #platform libs come from aws-c-common transitively, so we don't specify them here, but for documentation purposes, #Kernel32 and wsock2 are pulled in automatically. Here we add the lib containing the schannel API. #Also note, you don't get a choice on TLS implementation for Windows. - set(PLATFORM_LIBS Secur32 Crypt32) + set(PLATFORM_LIBS secur32 crypt32) elseif (CMAKE_SYSTEM_NAME STREQUAL "Linux" OR CMAKE_SYSTEM_NAME STREQUAL "Android") option(USE_VSOCK "Build in support for VSOCK sockets" From 1779683c6ba566d3ed4750871eb5cb2ff430a678 Mon Sep 17 00:00:00 2001 From: Michael Graeb Date: Wed, 14 Feb 2024 08:33:57 -0800 Subject: [PATCH 37/44] Use Public Domain PKCS#11 headers, to avoid OASIS license (#623) **Issue #:** https://github.com/awslabs/aws-c-io/discussions/621 The OASIS IPR license is not on Fedora's approved license list. This license is at the top of the PKCS#11 headers released by the OASIS technical committee that standardizes PKCS#11. So it's a good idea to use the official headers, right? No, wrong, apparently. [Here](https://github.com/latchset/pkcs11-provider/issues/76) [are](https://github.com/tpm2-software/tpm2-pkcs11/issues/338) [many](https://github.com/opendnssec/SoftHSMv2/pull/412) [other](https://gitlab.isc.org/isc-projects/bind9/-/issues/414) [open](https://github.com/containers/podman/issues/13906) [source](https://mail.openjdk.org/pipermail/jdk-dev/2021-May/005526.html) [projects](https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org/thread/2QXHMTZ47DMMARJVI6PUMSYUPVFAGLCV/) being confused by the license, and replacing the headers that container it. **Description of changes:** Replace OASIS headers with public domain headers, sourced from https://github.com/latchset/pkcs11-headers --- NOTICE | 2 + THIRD-PARTY-LICENSES.txt | 31 - source/pkcs11/v2.40/pkcs11.h | 1967 ++++++++++++++++++++++++++++---- source/pkcs11/v2.40/pkcs11f.h | 939 ---------------- source/pkcs11/v2.40/pkcs11t.h | 2003 --------------------------------- source/pkcs11_lib.c | 2 +- source/pkcs11_private.h | 7 - tests/pkcs11_test.c | 17 +- 8 files changed, 1744 insertions(+), 3224 deletions(-) delete mode 100644 THIRD-PARTY-LICENSES.txt delete mode 100644 source/pkcs11/v2.40/pkcs11f.h delete mode 100644 source/pkcs11/v2.40/pkcs11t.h diff --git a/NOTICE b/NOTICE index 37529d92f..7939cd239 100644 --- a/NOTICE +++ b/NOTICE @@ -1,3 +1,5 @@ AWS C Io Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. SPDX-License-Identifier: Apache-2.0. + +The source/pkcs11/v2.40/pkcs11.h header file is based on Public Domain content from https://github.com/latchset/pkcs11-headers diff --git a/THIRD-PARTY-LICENSES.txt b/THIRD-PARTY-LICENSES.txt deleted file mode 100644 index ae301c689..000000000 --- a/THIRD-PARTY-LICENSES.txt +++ /dev/null @@ -1,31 +0,0 @@ -** PKCS#11 Headers; version 2.40 -- http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/errata01/os/include/pkcs11-v2.40/ - -Copyright (c) OASIS Open 2016. All Rights Reserved. - -All capitalized terms in the following text have the meanings assigned to them -in the OASIS Intellectual Property Rights Policy (the "OASIS IPR Policy"). The -full Policy may be found at the OASIS website: -[http://www.oasis-open.org/policies-guidelines/ipr] - -This document and translations of it may be copied and furnished to others, and -derivative works that comment on or otherwise explain it or assist in its -implementation may be prepared, copied, published, and distributed, in whole or -in part, without restriction of any kind, provided that the above copyright -notice and this section are included on all such copies and derivative works. -However, this document itself may not be modified in any way, including by -removing the copyright notice or references to OASIS, except as needed for the -purpose of developing any document or deliverable produced by an OASIS -Technical Committee (in which case the rules applicable to copyrights, as set -forth in the OASIS IPR Policy, must be followed) or as required to translate it -into languages other than English. - -The limited permissions granted above are perpetual and will not be revoked by -OASIS or its successors or assigns. - -This document and the information contained herein is provided on an "AS IS" -basis and OASIS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT -LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT -INFRINGE ANY OWNERSHIP RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR -FITNESS FOR A PARTICULAR PURPOSE. OASIS AND ITS MEMBERS WILL NOT BE LIABLE FOR -ANY DIRECT, INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF ANY USE -OF THIS DOCUMENT OR ANY PART THEREOF. diff --git a/source/pkcs11/v2.40/pkcs11.h b/source/pkcs11/v2.40/pkcs11.h index 0d78dd711..dd3d3549f 100644 --- a/source/pkcs11/v2.40/pkcs11.h +++ b/source/pkcs11/v2.40/pkcs11.h @@ -1,265 +1,1766 @@ -/* Copyright (c) OASIS Open 2016. All Rights Reserved./ - * /Distributed under the terms of the OASIS IPR Policy, - * [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY - * IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS FOR A - * PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others. - */ - -/* Latest version of the specification: - * http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html +/* This file is in the Public Domain. */ +/* This file is based on: https://github.com/latchset/pkcs11-headers/blob/main/public-domain/2.40/pkcs11.h */ +/* This file has been modified from its original version by Amazon: + * - removed final semicolon from #define ULONGDEF, to avoid "extra-semi" warning + * - removed final semicolon from #define STRUCTDEF, to avoid "extra-semi" warning */ -#ifndef _PKCS11_H_ -#define _PKCS11_H_ 1 +#ifndef _PD_PKCS11_ +#define _PD_PKCS11_ + +#define CRYPTOKI_VERSION_MAJOR 2 +#define CRYPTOKI_VERSION_MINOR 40 +#define CRYPTOKI_VERSION_AMENDMENT 0 + +/* Basic types */ +typedef unsigned char CK_BBOOL; +typedef unsigned char CK_BYTE; +typedef unsigned char CK_CHAR; +typedef unsigned char CK_UTF8CHAR; +typedef unsigned long int CK_ULONG; + +typedef CK_BBOOL * CK_BBOOL_PTR; +typedef CK_BYTE * CK_BYTE_PTR; +typedef CK_CHAR * CK_CHAR_PTR; +typedef CK_UTF8CHAR * CK_UTF8CHAR_PTR; +typedef CK_ULONG * CK_ULONG_PTR; + +/* Basic defines */ +#define NULL_PTR ((void *)0) +typedef void * CK_VOID_PTR; +typedef void ** CK_VOID_PTR_PTR; + +#define CK_EFFECTIVELY_INFINITE 0UL +#define CK_UNAVAILABLE_INFORMATION ~0UL +#define CK_INVALID_HANDLE 0UL +#define CK_TRUE 1 +#define CK_FALSE 0 + +/* CK_ types in alphabetical order */ +#define ULONGDEF(__name__) \ +typedef CK_ULONG __name__; \ +typedef __name__ * __name__ ## _PTR + +ULONGDEF(CK_ATTRIBUTE_TYPE); +ULONGDEF(CK_CERTIFICATE_CATEGORY); +ULONGDEF(CK_CERTIFICATE_TYPE); +ULONGDEF(CK_EC_KDF_TYPE); +ULONGDEF(CK_EXTRACT_PARAMS); +ULONGDEF(CK_FLAGS); +ULONGDEF(CK_HW_FEATURE_TYPE); +ULONGDEF(CK_JAVA_MIDP_SECURITY_DOMAIN); +ULONGDEF(CK_KEY_TYPE); +ULONGDEF(CK_MAC_GENERAL_PARAMS); +ULONGDEF(CK_MECHANISM_TYPE); +ULONGDEF(CK_NOTIFICATION); +ULONGDEF(CK_OBJECT_CLASS); +ULONGDEF(CK_OBJECT_HANDLE); +ULONGDEF(CK_OTP_PARAM_TYPE); +ULONGDEF(CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE); +ULONGDEF(CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE); +ULONGDEF(CK_RC2_PARAMS); +ULONGDEF(CK_RSA_PKCS_MGF_TYPE); +ULONGDEF(CK_RSA_PKCS_OAEP_SOURCE_TYPE); +ULONGDEF(CK_RV); +ULONGDEF(CK_SESSION_HANDLE); +ULONGDEF(CK_SLOT_ID); +ULONGDEF(CK_STATE); +ULONGDEF(CK_USER_TYPE); +ULONGDEF(CK_X9_42_DH_KDF_TYPE); + +/* domain specific values and constants */ + +/* CK (certificate) */ +#define CK_CERTIFICATE_CATEGORY_UNSPECIFIED 0UL +#define CK_CERTIFICATE_CATEGORY_TOKEN_USER 1UL +#define CK_CERTIFICATE_CATEGORY_AUTHORITY 2UL +#define CK_CERTIFICATE_CATEGORY_OTHER_ENTITY 3UL + +/* CK (OTP) */ +#define CK_OTP_VALUE 0UL +#define CK_OTP_PIN 1UL +#define CK_OTP_CHALLENGE 2UL +#define CK_OTP_TIME 3UL +#define CK_OTP_COUNTER 4UL +#define CK_OTP_FLAGS 5UL +#define CK_OTP_OUTPUT_LENGTH 6UL +#define CK_OTP_OUTPUT_FORMAT 7UL -#ifdef __cplusplus -extern "C" { +/* CK (OTP format) */ +#define CK_OTP_FORMAT_DECIMAL 0UL +#define CK_OTP_FORMAT_HEXADECIMAL 1UL +#define CK_OTP_FORMAT_ALPHANUMERIC 2UL +#define CK_OTP_FORMAT_BINARY 3UL + +/* CK (OTP requirement) */ +#define CK_OTP_PARAM_IGNORED 0UL +#define CK_OTP_PARAM_OPTIONAL 1UL +#define CK_OTP_PARAM_MANDATORY 2UL + +/* CK (security) */ +#define CK_SECURITY_DOMAIN_UNSPECIFIED 0UL +#define CK_SECURITY_DOMAIN_MANUFACTURER 1UL +#define CK_SECURITY_DOMAIN_OPERATOR 2UL +#define CK_SECURITY_DOMAIN_THIRD_PARTY 3UL + +/* CK (SP800 DKM) */ +#define CK_SP800_108_DKM_LENGTH_SUM_OF_KEYS 0x00000001UL +#define CK_SP800_108_DKM_LENGTH_SUM_OF_SEGMENTS 0x00000002UL + +/* CKA */ +#define CKA_CLASS 0x00000000UL +#define CKA_TOKEN 0x00000001UL +#define CKA_PRIVATE 0x00000002UL +#define CKA_LABEL 0x00000003UL +#define CKA_APPLICATION 0x00000010UL +#define CKA_VALUE 0x00000011UL +#define CKA_OBJECT_ID 0x00000012UL +#define CKA_CERTIFICATE_TYPE 0x00000080UL +#define CKA_ISSUER 0x00000081UL +#define CKA_SERIAL_NUMBER 0x00000082UL +#define CKA_AC_ISSUER 0x00000083UL +#define CKA_OWNER 0x00000084UL +#define CKA_ATTR_TYPES 0x00000085UL +#define CKA_TRUSTED 0x00000086UL +#define CKA_CERTIFICATE_CATEGORY 0x00000087UL +#define CKA_JAVA_MIDP_SECURITY_DOMAIN 0x00000088UL +#define CKA_URL 0x00000089UL +#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY 0x0000008AUL +#define CKA_HASH_OF_ISSUER_PUBLIC_KEY 0x0000008BUL +#define CKA_NAME_HASH_ALGORITHM 0x0000008CUL +#define CKA_CHECK_VALUE 0x00000090UL +#define CKA_KEY_TYPE 0x00000100UL +#define CKA_SUBJECT 0x00000101UL +#define CKA_ID 0x00000102UL +#define CKA_SENSITIVE 0x00000103UL +#define CKA_ENCRYPT 0x00000104UL +#define CKA_DECRYPT 0x00000105UL +#define CKA_WRAP 0x00000106UL +#define CKA_UNWRAP 0x00000107UL +#define CKA_SIGN 0x00000108UL +#define CKA_SIGN_RECOVER 0x00000109UL +#define CKA_VERIFY 0x0000010AUL +#define CKA_VERIFY_RECOVER 0x0000010BUL +#define CKA_DERIVE 0x0000010CUL +#define CKA_START_DATE 0x00000110UL +#define CKA_END_DATE 0x00000111UL +#define CKA_MODULUS 0x00000120UL +#define CKA_MODULUS_BITS 0x00000121UL +#define CKA_PUBLIC_EXPONENT 0x00000122UL +#define CKA_PRIVATE_EXPONENT 0x00000123UL +#define CKA_PRIME_1 0x00000124UL +#define CKA_PRIME_2 0x00000125UL +#define CKA_EXPONENT_1 0x00000126UL +#define CKA_EXPONENT_2 0x00000127UL +#define CKA_COEFFICIENT 0x00000128UL +#define CKA_PUBLIC_KEY_INFO 0x00000129UL +#define CKA_PRIME 0x00000130UL +#define CKA_SUBPRIME 0x00000131UL +#define CKA_BASE 0x00000132UL +#define CKA_PRIME_BITS 0x00000133UL +#define CKA_SUBPRIME_BITS 0x00000134UL +#define CKA_SUB_PRIME_BITS 0x00000134UL +#define CKA_VALUE_BITS 0x00000160UL +#define CKA_VALUE_LEN 0x00000161UL +#define CKA_EXTRACTABLE 0x00000162UL +#define CKA_LOCAL 0x00000163UL +#define CKA_NEVER_EXTRACTABLE 0x00000164UL +#define CKA_ALWAYS_SENSITIVE 0x00000165UL +#define CKA_KEY_GEN_MECHANISM 0x00000166UL +#define CKA_MODIFIABLE 0x00000170UL +#define CKA_COPYABLE 0x00000171UL +#define CKA_DESTROYABLE 0x00000172UL +#define CKA_EC_PARAMS 0x00000180UL +#define CKA_EC_POINT 0x00000181UL +#define CKA_ALWAYS_AUTHENTICATE 0x00000202UL +#define CKA_WRAP_WITH_TRUSTED 0x00000210UL +#define CKA_OTP_FORMAT 0x00000220UL +#define CKA_OTP_LENGTH 0x00000221UL +#define CKA_OTP_TIME_INTERVAL 0x00000222UL +#define CKA_OTP_USER_FRIENDLY_MODE 0x00000223UL +#define CKA_OTP_CHALLENGE_REQUIREMENT 0x00000224UL +#define CKA_OTP_TIME_REQUIREMENT 0x00000225UL +#define CKA_OTP_COUNTER_REQUIREMENT 0x00000226UL +#define CKA_OTP_PIN_REQUIREMENT 0x00000227UL +#define CKA_OTP_COUNTER 0x0000022EUL +#define CKA_OTP_TIME 0x0000022FUL +#define CKA_OTP_USER_IDENTIFIER 0x0000022AUL +#define CKA_OTP_SERVICE_IDENTIFIER 0x0000022BUL +#define CKA_OTP_SERVICE_LOGO 0x0000022CUL +#define CKA_OTP_SERVICE_LOGO_TYPE 0x0000022DUL +#define CKA_GOSTR3410_PARAMS 0x00000250UL +#define CKA_GOSTR3411_PARAMS 0x00000251UL +#define CKA_GOST28147_PARAMS 0x00000252UL +#define CKA_HW_FEATURE_TYPE 0x00000300UL +#define CKA_RESET_ON_INIT 0x00000301UL +#define CKA_HAS_RESET 0x00000302UL +#define CKA_PIXEL_X 0x00000400UL +#define CKA_PIXEL_Y 0x00000401UL +#define CKA_RESOLUTION 0x00000402UL +#define CKA_CHAR_ROWS 0x00000403UL +#define CKA_CHAR_COLUMNS 0x00000404UL +#define CKA_COLOR 0x00000405UL +#define CKA_BITS_PER_PIXEL 0x00000406UL +#define CKA_CHAR_SETS 0x00000480UL +#define CKA_ENCODING_METHODS 0x00000481UL +#define CKA_MIME_TYPES 0x00000482UL +#define CKA_MECHANISM_TYPE 0x00000500UL +#define CKA_REQUIRED_CMS_ATTRIBUTES 0x00000501UL +#define CKA_DEFAULT_CMS_ATTRIBUTES 0x00000502UL +#define CKA_SUPPORTED_CMS_ATTRIBUTES 0x00000503UL +#define CKA_VENDOR_DEFINED 0x80000000UL +/* Array attributes */ +#define CKA_WRAP_TEMPLATE 0x40000211UL +#define CKA_UNWRAP_TEMPLATE 0x40000212UL +#define CKA_DERIVE_TEMPLATE 0x40000213UL +#define CKA_ALLOWED_MECHANISMS 0x40000600UL +/* Deprecated */ +#ifdef PKCS11_DEPRECATED +#define CKA_ECDSA_PARAMS 0x00000180UL +#define CKA_SECONDARY_AUTH 0x00000200UL +#define CKA_AUTH_PIN_FLAGS 0x00000201UL #endif -/* Before including this file (pkcs11.h) (or pkcs11t.h by - * itself), 5 platform-specific macros must be defined. These - * macros are described below, and typical definitions for them - * are also given. Be advised that these definitions can depend - * on both the platform and the compiler used (and possibly also - * on whether a Cryptoki library is linked statically or - * dynamically). - * - * In addition to defining these 5 macros, the packing convention - * for Cryptoki structures should be set. The Cryptoki - * convention on packing is that structures should be 1-byte - * aligned. - * - * If you're using Microsoft Developer Studio 5.0 to produce - * Win32 stuff, this might be done by using the following - * preprocessor directive before including pkcs11.h or pkcs11t.h: - * - * #pragma pack(push, cryptoki, 1) - * - * and using the following preprocessor directive after including - * pkcs11.h or pkcs11t.h: - * - * #pragma pack(pop, cryptoki) - * - * If you're using an earlier version of Microsoft Developer - * Studio to produce Win16 stuff, this might be done by using - * the following preprocessor directive before including - * pkcs11.h or pkcs11t.h: - * - * #pragma pack(1) - * - * In a UNIX environment, you're on your own for this. You might - * not need to do (or be able to do!) anything. - * - * - * Now for the macros: - * - * - * 1. CK_PTR: The indirection string for making a pointer to an - * object. It can be used like this: - * - * typedef CK_BYTE CK_PTR CK_BYTE_PTR; - * - * If you're using Microsoft Developer Studio 5.0 to produce - * Win32 stuff, it might be defined by: - * - * #define CK_PTR * - * - * If you're using an earlier version of Microsoft Developer - * Studio to produce Win16 stuff, it might be defined by: - * - * #define CK_PTR far * - * - * In a typical UNIX environment, it might be defined by: - * - * #define CK_PTR * - * - * - * 2. CK_DECLARE_FUNCTION(returnType, name): A macro which makes - * an importable Cryptoki library function declaration out of a - * return type and a function name. It should be used in the - * following fashion: - * - * extern CK_DECLARE_FUNCTION(CK_RV, C_Initialize)( - * CK_VOID_PTR pReserved - * ); - * - * If you're using Microsoft Developer Studio 5.0 to declare a - * function in a Win32 Cryptoki .dll, it might be defined by: - * - * #define CK_DECLARE_FUNCTION(returnType, name) \ - * returnType __declspec(dllimport) name - * - * If you're using an earlier version of Microsoft Developer - * Studio to declare a function in a Win16 Cryptoki .dll, it - * might be defined by: - * - * #define CK_DECLARE_FUNCTION(returnType, name) \ - * returnType __export _far _pascal name - * - * In a UNIX environment, it might be defined by: - * - * #define CK_DECLARE_FUNCTION(returnType, name) \ - * returnType name - * - * - * 3. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro - * which makes a Cryptoki API function pointer declaration or - * function pointer type declaration out of a return type and a - * function name. It should be used in the following fashion: - * - * // Define funcPtr to be a pointer to a Cryptoki API function - * // taking arguments args and returning CK_RV. - * CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtr)(args); - * - * or - * - * // Define funcPtrType to be the type of a pointer to a - * // Cryptoki API function taking arguments args and returning - * // CK_RV, and then define funcPtr to be a variable of type - * // funcPtrType. - * typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtrType)(args); - * funcPtrType funcPtr; - * - * If you're using Microsoft Developer Studio 5.0 to access - * functions in a Win32 Cryptoki .dll, in might be defined by: - * - * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \ - * returnType __declspec(dllimport) (* name) - * - * If you're using an earlier version of Microsoft Developer - * Studio to access functions in a Win16 Cryptoki .dll, it might - * be defined by: - * - * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \ - * returnType __export _far _pascal (* name) - * - * In a UNIX environment, it might be defined by: - * - * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \ - * returnType (* name) - * - * - * 4. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes - * a function pointer type for an application callback out of - * a return type for the callback and a name for the callback. - * It should be used in the following fashion: - * - * CK_CALLBACK_FUNCTION(CK_RV, myCallback)(args); - * - * to declare a function pointer, myCallback, to a callback - * which takes arguments args and returns a CK_RV. It can also - * be used like this: - * - * typedef CK_CALLBACK_FUNCTION(CK_RV, myCallbackType)(args); - * myCallbackType myCallback; - * - * If you're using Microsoft Developer Studio 5.0 to do Win32 - * Cryptoki development, it might be defined by: - * - * #define CK_CALLBACK_FUNCTION(returnType, name) \ - * returnType (* name) - * - * If you're using an earlier version of Microsoft Developer - * Studio to do Win16 development, it might be defined by: - * - * #define CK_CALLBACK_FUNCTION(returnType, name) \ - * returnType _far _pascal (* name) - * - * In a UNIX environment, it might be defined by: - * - * #define CK_CALLBACK_FUNCTION(returnType, name) \ - * returnType (* name) - * - * - * 5. NULL_PTR: This macro is the value of a NULL pointer. - * - * In any ANSI/ISO C environment (and in many others as well), - * this should best be defined by - * - * #ifndef NULL_PTR - * #define NULL_PTR 0 - * #endif - */ +/* CKC */ +#define CKC_X_509 0x00000000UL +#define CKC_X_509_ATTR_CERT 0x00000001UL +#define CKC_WTLS 0x00000002UL +#define CKC_VENDOR_DEFINED 0x80000000UL +/* CKD */ +#define CKD_NULL 0x00000001UL +#define CKD_SHA1_KDF 0x00000002UL +#define CKD_SHA1_KDF_ASN1 0x00000003UL +#define CKD_SHA1_KDF_CONCATENATE 0x00000004UL +#define CKD_SHA224_KDF 0x00000005UL +#define CKD_SHA256_KDF 0x00000006UL +#define CKD_SHA384_KDF 0x00000007UL +#define CKD_SHA512_KDF 0x00000008UL +#define CKD_CPDIVERSIFY_KDF 0x00000009UL -/* All the various Cryptoki types and #define'd values are in the - * file pkcs11t.h. - */ -#include "pkcs11t.h" +/* CFK (array attributes) */ +#define CKF_ARRAY_ATTRIBUTE 0x40000000UL -#define __PASTE(x,y) x##y +/* CKF (capabilities) */ +#define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001UL +#define CKF_OS_LOCKING_OK 0x00000002UL +/* CKF (mechanism) */ +#define CKF_HW 0x00000001UL +#define CKF_ENCRYPT 0x00000100UL +#define CKF_DECRYPT 0x00000200UL +#define CKF_DIGEST 0x00000400UL +#define CKF_SIGN 0x00000800UL +#define CKF_SIGN_RECOVER 0x00001000UL +#define CKF_VERIFY 0x00002000UL +#define CKF_VERIFY_RECOVER 0x00004000UL +#define CKF_GENERATE 0x00008000UL +#define CKF_GENERATE_KEY_PAIR 0x00010000UL +#define CKF_WRAP 0x00020000UL +#define CKF_UNWRAP 0x00040000UL +#define CKF_DERIVE 0x00080000UL +#define CKF_EC_F_P 0x00100000UL +#define CKF_EC_F_2M 0x00200000UL +#define CKF_EC_ECPARAMETERS 0x00400000UL +#define CKF_EC_NAMEDCURVE 0x00800000U +#define CKF_EC_UNCOMPRESS 0x01000000UL +#define CKF_EC_COMPRESS 0x02000000UL +#define CKF_EXTENSION 0x80000000UL -/* ============================================================== - * Define the "extern" form of all the entry points. - * ============================================================== - */ +/* CKF (OTP) */ +#define CKF_NEXT_OTP 0x00000001UL +#define CKF_EXCLUDE_TIME 0x00000002UL +#define CKF_EXCLUDE_COUNTER 0x00000004UL +#define CKF_EXCLUDE_CHALLENGE 0x00000008UL +#define CKF_EXCLUDE_PIN 0x00000010UL +#define CKF_USER_FRIENDLY_OTP 0x00000020UL -#define CK_NEED_ARG_LIST 1 -#define CK_PKCS11_FUNCTION_INFO(name) \ - extern CK_DECLARE_FUNCTION(CK_RV, name) +/* CKF (paramters to functions) */ +#define CKF_DONT_BLOCK 1 -/* pkcs11f.h has all the information about the Cryptoki - * function prototypes. - */ -#include "pkcs11f.h" +/* CKF (session) */ +#define CKF_RW_SESSION 0x00000002UL +#define CKF_SERIAL_SESSION 0x00000004UL -#undef CK_NEED_ARG_LIST -#undef CK_PKCS11_FUNCTION_INFO +/* CFK (slot) */ +#define CKF_TOKEN_PRESENT 0x00000001UL +#define CKF_REMOVABLE_DEVICE 0x00000002UL +#define CKF_HW_SLOT 0x00000004UL +/* CKF (token) */ +#define CKF_RNG 0x00000001UL +#define CKF_WRITE_PROTECTED 0x00000002UL +#define CKF_LOGIN_REQUIRED 0x00000004UL +#define CKF_USER_PIN_INITIALIZED 0x00000008UL +#define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020UL +#define CKF_CLOCK_ON_TOKEN 0x00000040UL +#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100UL +#define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200UL +#define CKF_TOKEN_INITIALIZED 0x00000400UL +#define CKF_SECONDARY_AUTHENTICATION 0x00000800UL +#define CKF_USER_PIN_COUNT_LOW 0x00010000UL +#define CKF_USER_PIN_FINAL_TRY 0x00020000UL +#define CKF_USER_PIN_LOCKED 0x00040000UL +#define CKF_USER_PIN_TO_BE_CHANGED 0x00080000UL +#define CKF_SO_PIN_COUNT_LOW 0x00100000UL +#define CKF_SO_PIN_FINAL_TRY 0x00200000UL +#define CKF_SO_PIN_LOCKED 0x00400000UL +#define CKF_SO_PIN_TO_BE_CHANGED 0x00800000UL +#define CKF_ERROR_STATE 0x01000000UL -/* ============================================================== - * Define the typedef form of all the entry points. That is, for - * each Cryptoki function C_XXX, define a type CK_C_XXX which is - * a pointer to that kind of function. - * ============================================================== - */ +/* CKG (MFG) */ +#define CKG_MGF1_SHA1 0x00000001UL +#define CKG_MGF1_SHA256 0x00000002UL +#define CKG_MGF1_SHA384 0x00000003UL +#define CKG_MGF1_SHA512 0x00000004UL +#define CKG_MGF1_SHA224 0x00000005UL -#define CK_NEED_ARG_LIST 1 -#define CK_PKCS11_FUNCTION_INFO(name) \ - typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, __PASTE(CK_,name)) +/* CKH */ +#define CKH_MONOTONIC_COUNTER 0x00000001UL +#define CKH_CLOCK 0x00000002UL +#define CKH_USER_INTERFACE 0x00000003UL +#define CKH_VENDOR_DEFINED 0x80000000UL -/* pkcs11f.h has all the information about the Cryptoki - * function prototypes. - */ -#include "pkcs11f.h" +/* CKK */ +#define CKK_RSA 0x00000000UL +#define CKK_DSA 0x00000001UL +#define CKK_DH 0x00000002UL +#define CKK_EC 0x00000003UL +#define CKK_X9_42_DH 0x00000004UL +#define CKK_KEA 0x00000005UL +#define CKK_GENERIC_SECRET 0x00000010UL +#define CKK_RC2 0x00000011UL +#define CKK_RC4 0x00000012UL +#define CKK_DES 0x00000013UL +#define CKK_DES2 0x00000014UL +#define CKK_DES3 0x00000015UL +#define CKK_CAST 0x00000016UL +#define CKK_CAST3 0x00000017UL +#define CKK_CAST128 0x00000018UL +#define CKK_RC5 0x00000019UL +#define CKK_IDEA 0x0000001AUL +#define CKK_SKIPJACK 0x0000001BUL +#define CKK_BATON 0x0000001CUL +#define CKK_JUNIPER 0x0000001DUL +#define CKK_CDMF 0x0000001EUL +#define CKK_AES 0x0000001FUL +#define CKK_BLOWFISH 0x00000020UL +#define CKK_TWOFISH 0x00000021UL +#define CKK_SECURID 0x00000022UL +#define CKK_HOTP 0x00000023UL +#define CKK_ACTI 0x00000024UL +#define CKK_CAMELLIA 0x00000025UL +#define CKK_ARIA 0x00000026UL +#define CKK_MD5_HMAC 0x00000027UL +#define CKK_SHA_1_HMAC 0x00000028UL +#define CKK_RIPEMD128_HMAC 0x00000029UL +#define CKK_RIPEMD160_HMAC 0x0000002AUL +#define CKK_SHA256_HMAC 0x0000002BUL +#define CKK_SHA384_HMAC 0x0000002CUL +#define CKK_SHA512_HMAC 0x0000002DUL +#define CKK_SHA224_HMAC 0x0000002EUL +#define CKK_SEED 0x0000002FUL +#define CKK_GOSTR3410 0x00000030UL +#define CKK_GOSTR3411 0x00000031UL +#define CKK_GOST28147 0x00000032UL +#define CKK_VENDOR_DEFINED 0x80000000UL +/* Deprecated */ +#ifdef PKCS11_DEPRECATED +#define CKK_ECDSA 0x00000003UL +#define CKK_CAST5 0x00000018UL +#endif -#undef CK_NEED_ARG_LIST -#undef CK_PKCS11_FUNCTION_INFO +/* CKM */ +#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000UL +#define CKM_RSA_PKCS 0x00000001UL +#define CKM_RSA_9796 0x00000002UL +#define CKM_RSA_X_509 0x00000003UL +#define CKM_MD2_RSA_PKCS 0x00000004UL +#define CKM_MD5_RSA_PKCS 0x00000005UL +#define CKM_SHA1_RSA_PKCS 0x00000006UL +#define CKM_RIPEMD128_RSA_PKCS 0x00000007UL +#define CKM_RIPEMD160_RSA_PKCS 0x00000008UL +#define CKM_RSA_PKCS_OAEP 0x00000009UL +#define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000AUL +#define CKM_RSA_X9_31 0x0000000BUL +#define CKM_SHA1_RSA_X9_31 0x0000000CUL +#define CKM_RSA_PKCS_PSS 0x0000000DUL +#define CKM_SHA1_RSA_PKCS_PSS 0x0000000EUL +#define CKM_DSA_KEY_PAIR_GEN 0x00000010UL +#define CKM_DSA 0x00000011UL +#define CKM_DSA_SHA1 0x00000012UL +#define CKM_DSA_SHA224 0x00000013UL +#define CKM_DSA_SHA256 0x00000014UL +#define CKM_DSA_SHA384 0x00000015UL +#define CKM_DSA_SHA512 0x00000016UL +#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020UL +#define CKM_DH_PKCS_DERIVE 0x00000021UL +#define CKM_X9_42_DH_KEY_PAIR_GEN 0x00000030UL +#define CKM_X9_42_DH_DERIVE 0x00000031UL +#define CKM_X9_42_DH_HYBRID_DERIVE 0x00000032UL +#define CKM_X9_42_MQV_DERIVE 0x00000033UL +#define CKM_SHA256_RSA_PKCS 0x00000040UL +#define CKM_SHA384_RSA_PKCS 0x00000041UL +#define CKM_SHA512_RSA_PKCS 0x00000042UL +#define CKM_SHA256_RSA_PKCS_PSS 0x00000043UL +#define CKM_SHA384_RSA_PKCS_PSS 0x00000044UL +#define CKM_SHA512_RSA_PKCS_PSS 0x00000045UL +#define CKM_SHA224_RSA_PKCS 0x00000046UL +#define CKM_SHA224_RSA_PKCS_PSS 0x00000047UL +#define CKM_SHA512_224 0x00000048UL +#define CKM_SHA512_224_HMAC 0x00000049UL +#define CKM_SHA512_224_HMAC_GENERAL 0x0000004AUL +#define CKM_SHA512_224_KEY_DERIVATION 0x0000004BUL +#define CKM_SHA512_256 0x0000004CUL +#define CKM_SHA512_256_HMAC 0x0000004DUL +#define CKM_SHA512_256_HMAC_GENERAL 0x0000004EUL +#define CKM_SHA512_256_KEY_DERIVATION 0x0000004FUL +#define CKM_SHA512_T 0x00000050UL +#define CKM_SHA512_T_HMAC 0x00000051UL +#define CKM_SHA512_T_HMAC_GENERAL 0x00000052UL +#define CKM_SHA512_T_KEY_DERIVATION 0x00000053UL +#define CKM_RC2_KEY_GEN 0x00000100UL +#define CKM_RC2_ECB 0x00000101UL +#define CKM_RC2_CBC 0x00000102UL +#define CKM_RC2_MAC 0x00000103UL +#define CKM_RC2_MAC_GENERAL 0x00000104UL +#define CKM_RC2_CBC_PAD 0x00000105UL +#define CKM_RC4_KEY_GEN 0x00000110UL +#define CKM_RC4 0x00000111UL +#define CKM_DES_KEY_GEN 0x00000120UL +#define CKM_DES_ECB 0x00000121UL +#define CKM_DES_CBC 0x00000122UL +#define CKM_DES_MAC 0x00000123UL +#define CKM_DES_MAC_GENERAL 0x00000124UL +#define CKM_DES_CBC_PAD 0x00000125UL +#define CKM_DES2_KEY_GEN 0x00000130UL +#define CKM_DES3_KEY_GEN 0x00000131UL +#define CKM_DES3_ECB 0x00000132UL +#define CKM_DES3_CBC 0x00000133UL +#define CKM_DES3_MAC 0x00000134UL +#define CKM_DES3_MAC_GENERAL 0x00000135UL +#define CKM_DES3_CBC_PAD 0x00000136UL +#define CKM_DES3_CMAC_GENERAL 0x00000137UL +#define CKM_DES3_CMAC 0x00000138UL +#define CKM_CDMF_KEY_GEN 0x00000140UL +#define CKM_CDMF_ECB 0x00000141UL +#define CKM_CDMF_CBC 0x00000142UL +#define CKM_CDMF_MAC 0x00000143UL +#define CKM_CDMF_MAC_GENERAL 0x00000144UL +#define CKM_CDMF_CBC_PAD 0x00000145UL +#define CKM_DES_OFB64 0x00000150UL +#define CKM_DES_OFB8 0x00000151UL +#define CKM_DES_CFB64 0x00000152UL +#define CKM_DES_CFB8 0x00000153UL +#define CKM_MD2 0x00000200UL +#define CKM_MD2_HMAC 0x00000201UL +#define CKM_MD2_HMAC_GENERAL 0x00000202UL +#define CKM_MD5 0x00000210UL +#define CKM_MD5_HMAC 0x00000211UL +#define CKM_MD5_HMAC_GENERAL 0x00000212UL +#define CKM_SHA_1 0x00000220UL +#define CKM_SHA_1_HMAC 0x00000221UL +#define CKM_SHA_1_HMAC_GENERAL 0x00000222UL +#define CKM_RIPEMD128 0x00000230UL +#define CKM_RIPEMD128_HMAC 0x00000231UL +#define CKM_RIPEMD128_HMAC_GENERAL 0x00000232UL +#define CKM_RIPEMD160 0x00000240UL +#define CKM_RIPEMD160_HMAC 0x00000241UL +#define CKM_RIPEMD160_HMAC_GENERAL 0x00000242UL +#define CKM_SHA256 0x00000250UL +#define CKM_SHA256_HMAC 0x00000251UL +#define CKM_SHA256_HMAC_GENERAL 0x00000252UL +#define CKM_SHA224 0x00000255UL +#define CKM_SHA224_HMAC 0x00000256UL +#define CKM_SHA224_HMAC_GENERAL 0x00000257UL +#define CKM_SHA384 0x00000260UL +#define CKM_SHA384_HMAC 0x00000261UL +#define CKM_SHA384_HMAC_GENERAL 0x00000262UL +#define CKM_SHA512 0x00000270UL +#define CKM_SHA512_HMAC 0x00000271UL +#define CKM_SHA512_HMAC_GENERAL 0x00000272UL +#define CKM_SECURID_KEY_GEN 0x00000280UL +#define CKM_SECURID 0x00000282UL +#define CKM_HOTP_KEY_GEN 0x00000290UL +#define CKM_HOTP 0x00000291UL +#define CKM_ACTI 0x000002A0UL +#define CKM_ACTI_KEY_GEN 0x000002A1UL +#define CKM_CAST_KEY_GEN 0x00000300UL +#define CKM_CAST_ECB 0x00000301UL +#define CKM_CAST_CBC 0x00000302UL +#define CKM_CAST_MAC 0x00000303UL +#define CKM_CAST_MAC_GENERAL 0x00000304UL +#define CKM_CAST_CBC_PAD 0x00000305UL +#define CKM_CAST3_KEY_GEN 0x00000310UL +#define CKM_CAST3_ECB 0x00000311UL +#define CKM_CAST3_CBC 0x00000312UL +#define CKM_CAST3_MAC 0x00000313UL +#define CKM_CAST3_MAC_GENERAL 0x00000314UL +#define CKM_CAST3_CBC_PAD 0x00000315UL +#define CKM_CAST128_KEY_GEN 0x00000320UL +#define CKM_CAST5_ECB 0x00000321UL +#define CKM_CAST128_ECB 0x00000321UL +#define CKM_CAST128_MAC 0x00000323UL +#define CKM_CAST128_CBC 0x00000322UL +#define CKM_CAST128_MAC_GENERAL 0x00000324UL +#define CKM_CAST128_CBC_PAD 0x00000325UL +#define CKM_RC5_KEY_GEN 0x00000330UL +#define CKM_RC5_ECB 0x00000331UL +#define CKM_RC5_CBC 0x00000332UL +#define CKM_RC5_MAC 0x00000333UL +#define CKM_RC5_MAC_GENERAL 0x00000334UL +#define CKM_RC5_CBC_PAD 0x00000335UL +#define CKM_IDEA_KEY_GEN 0x00000340UL +#define CKM_IDEA_ECB 0x00000341UL +#define CKM_IDEA_CBC 0x00000342UL +#define CKM_IDEA_MAC 0x00000343UL +#define CKM_IDEA_MAC_GENERAL 0x00000344UL +#define CKM_IDEA_CBC_PAD 0x00000345UL +#define CKM_GENERIC_SECRET_KEY_GEN 0x00000350UL +#define CKM_CONCATENATE_BASE_AND_KEY 0x00000360UL +#define CKM_CONCATENATE_BASE_AND_DATA 0x00000362UL +#define CKM_CONCATENATE_DATA_AND_BASE 0x00000363UL +#define CKM_XOR_BASE_AND_DATA 0x00000364UL +#define CKM_EXTRACT_KEY_FROM_KEY 0x00000365UL +#define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370UL +#define CKM_SSL3_MASTER_KEY_DERIVE 0x00000371UL +#define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372UL +#define CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373UL +#define CKM_TLS_PRE_MASTER_KEY_GEN 0x00000374UL +#define CKM_TLS_MASTER_KEY_DERIVE 0x00000375UL +#define CKM_TLS_KEY_AND_MAC_DERIVE 0x00000376UL +#define CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377UL +#define CKM_TLS_PRF 0x00000378UL +#define CKM_SSL3_MD5_MAC 0x00000380UL +#define CKM_SSL3_SHA1_MAC 0x00000381UL +#define CKM_MD5_KEY_DERIVATION 0x00000390UL +#define CKM_MD2_KEY_DERIVATION 0x00000391UL +#define CKM_SHA1_KEY_DERIVATION 0x00000392UL +#define CKM_SHA256_KEY_DERIVATION 0x00000393UL +#define CKM_SHA384_KEY_DERIVATION 0x00000394UL +#define CKM_SHA512_KEY_DERIVATION 0x00000395UL +#define CKM_SHA224_KEY_DERIVATION 0x00000396UL +#define CKM_PBE_MD2_DES_CBC 0x000003A0UL +#define CKM_PBE_MD5_DES_CBC 0x000003A1UL +#define CKM_PBE_MD5_CAST_CBC 0x000003A2UL +#define CKM_PBE_MD5_CAST3_CBC 0x000003A3UL +#define CKM_PBE_MD5_CAST128_CBC 0x000003A4UL +#define CKM_PBE_SHA1_CAST128_CBC 0x000003A5UL +#define CKM_PBE_SHA1_RC4_128 0x000003A6UL +#define CKM_PBE_SHA1_RC4_40 0x000003A7UL +#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8UL +#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9UL +#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AAUL +#define CKM_PBE_SHA1_RC2_40_CBC 0x000003ABUL +#define CKM_PKCS5_PBKD2 0x000003B0UL +#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0UL +#define CKM_WTLS_PRE_MASTER_KEY_GEN 0x000003D0UL +#define CKM_WTLS_MASTER_KEY_DERIVE 0x000003D1UL +#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC 0x000003D2UL +#define CKM_WTLS_PRF 0x000003D3UL +#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4UL +#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5UL +#define CKM_TLS10_MAC_SERVER 0x000003D6UL +#define CKM_TLS10_MAC_CLIENT 0x000003D7UL +#define CKM_TLS12_MAC 0x000003D8UL +#define CKM_TLS12_KDF 0x000003D9UL +#define CKM_TLS12_MASTER_KEY_DERIVE 0x000003E0UL +#define CKM_TLS12_KEY_AND_MAC_DERIVE 0x000003E1UL +#define CKM_TLS12_MASTER_KEY_DERIVE_DH 0x000003E2UL +#define CKM_TLS12_KEY_SAFE_DERIVE 0x000003E3UL +#define CKM_TLS_MAC 0x000003E4UL +#define CKM_TLS_KDF 0x000003E5UL +#define CKM_KEY_WRAP_LYNKS 0x00000400UL +#define CKM_KEY_WRAP_SET_OAEP 0x00000401UL +#define CKM_CMS_SIG 0x00000500UL +#define CKM_KIP_DERIVE 0x00000510UL +#define CKM_KIP_WRAP 0x00000511UL +#define CKM_KIP_MAC 0x00000512UL +#define CKM_CAMELLIA_KEY_GEN 0x00000550UL +#define CKM_CAMELLIA_ECB 0x00000551UL +#define CKM_CAMELLIA_CBC 0x00000552UL +#define CKM_CAMELLIA_MAC 0x00000553UL +#define CKM_CAMELLIA_MAC_GENERAL 0x00000554UL +#define CKM_CAMELLIA_CBC_PAD 0x00000555UL +#define CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556UL +#define CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557UL +#define CKM_CAMELLIA_CTR 0x00000558UL +#define CKM_ARIA_KEY_GEN 0x00000560UL +#define CKM_ARIA_ECB 0x00000561UL +#define CKM_ARIA_CBC 0x00000562UL +#define CKM_ARIA_MAC 0x00000563UL +#define CKM_ARIA_MAC_GENERAL 0x00000564UL +#define CKM_ARIA_CBC_PAD 0x00000565UL +#define CKM_ARIA_ECB_ENCRYPT_DATA 0x00000566UL +#define CKM_ARIA_CBC_ENCRYPT_DATA 0x00000567UL +#define CKM_SEED_KEY_GEN 0x00000650UL +#define CKM_SEED_ECB 0x00000651UL +#define CKM_SEED_CBC 0x00000652UL +#define CKM_SEED_MAC 0x00000653UL +#define CKM_SEED_MAC_GENERAL 0x00000654UL +#define CKM_SEED_CBC_PAD 0x00000655UL +#define CKM_SEED_ECB_ENCRYPT_DATA 0x00000656UL +#define CKM_SEED_CBC_ENCRYPT_DATA 0x00000657UL +#define CKM_SKIPJACK_KEY_GEN 0x00001000UL +#define CKM_SKIPJACK_ECB64 0x00001001UL +#define CKM_SKIPJACK_CBC64 0x00001002UL +#define CKM_SKIPJACK_OFB64 0x00001003UL +#define CKM_SKIPJACK_CFB64 0x00001004UL +#define CKM_SKIPJACK_CFB32 0x00001005UL +#define CKM_SKIPJACK_CFB16 0x00001006UL +#define CKM_SKIPJACK_CFB8 0x00001007UL +#define CKM_SKIPJACK_WRAP 0x00001008UL +#define CKM_SKIPJACK_PRIVATE_WRAP 0x00001009UL +#define CKM_SKIPJACK_RELAYX 0x0000100AUL +#define CKM_KEA_KEY_PAIR_GEN 0x00001010UL +#define CKM_KEA_KEY_DERIVE 0x00001011UL +#define CKM_KEA_DERIVE 0x00001012UL +#define CKM_FORTEZZA_TIMESTAMP 0x00001020UL +#define CKM_BATON_KEY_GEN 0x00001030UL +#define CKM_BATON_ECB128 0x00001031UL +#define CKM_BATON_ECB96 0x00001032UL +#define CKM_BATON_CBC128 0x00001033UL +#define CKM_BATON_COUNTER 0x00001034UL +#define CKM_BATON_SHUFFLE 0x00001035UL +#define CKM_BATON_WRAP 0x00001036UL +#define CKM_EC_KEY_PAIR_GEN 0x00001040UL +#define CKM_ECDSA 0x00001041UL +#define CKM_ECDSA_SHA1 0x00001042UL +#define CKM_ECDSA_SHA224 0x00001043UL +#define CKM_ECDSA_SHA256 0x00001044UL +#define CKM_ECDSA_SHA384 0x00001045UL +#define CKM_ECDSA_SHA512 0x00001046UL +#define CKM_ECDH1_DERIVE 0x00001050UL +#define CKM_ECDH1_COFACTOR_DERIVE 0x00001051UL +#define CKM_ECMQV_DERIVE 0x00001052UL +#define CKM_ECDH_AES_KEY_WRAP 0x00001053UL +#define CKM_RSA_AES_KEY_WRAP 0x00001054UL +#define CKM_JUNIPER_KEY_GEN 0x00001060UL +#define CKM_JUNIPER_ECB128 0x00001061UL +#define CKM_JUNIPER_CBC128 0x00001062UL +#define CKM_JUNIPER_COUNTER 0x00001063UL +#define CKM_JUNIPER_SHUFFLE 0x00001064UL +#define CKM_JUNIPER_WRAP 0x00001065UL +#define CKM_FASTHASH 0x00001070UL +#define CKM_AES_KEY_GEN 0x00001080UL +#define CKM_AES_ECB 0x00001081UL +#define CKM_AES_CBC 0x00001082UL +#define CKM_AES_MAC 0x00001083UL +#define CKM_AES_MAC_GENERAL 0x00001084UL +#define CKM_AES_CBC_PAD 0x00001085UL +#define CKM_AES_CTR 0x00001086UL +#define CKM_AES_GCM 0x00001087UL +#define CKM_AES_CCM 0x00001088UL +#define CKM_AES_CTS 0x00001089UL +#define CKM_AES_CMAC 0x0000108AUL +#define CKM_AES_CMAC_GENERAL 0x0000108BUL +#define CKM_AES_XCBC_MAC 0x0000108CUL +#define CKM_AES_XCBC_MAC_96 0x0000108DUL +#define CKM_AES_GMAC 0x0000108EUL +#define CKM_BLOWFISH_KEY_GEN 0x00001090UL +#define CKM_BLOWFISH_CBC 0x00001091UL +#define CKM_TWOFISH_KEY_GEN 0x00001092UL +#define CKM_TWOFISH_CBC 0x00001093UL +#define CKM_BLOWFISH_CBC_PAD 0x00001094UL +#define CKM_TWOFISH_CBC_PAD 0x00001095UL +#define CKM_DES_ECB_ENCRYPT_DATA 0x00001100UL +#define CKM_DES_CBC_ENCRYPT_DATA 0x00001101UL +#define CKM_DES3_ECB_ENCRYPT_DATA 0x00001102UL +#define CKM_DES3_CBC_ENCRYPT_DATA 0x00001103UL +#define CKM_AES_ECB_ENCRYPT_DATA 0x00001104UL +#define CKM_AES_CBC_ENCRYPT_DATA 0x00001105UL +#define CKM_GOSTR3410_KEY_PAIR_GEN 0x00001200UL +#define CKM_GOSTR3410 0x00001201UL +#define CKM_GOSTR3410_WITH_GOSTR3411 0x00001202UL +#define CKM_GOSTR3410_KEY_WRAP 0x00001203UL +#define CKM_GOSTR3410_DERIVE 0x00001204UL +#define CKM_GOSTR3411 0x00001210UL +#define CKM_GOSTR3411_HMAC 0x00001211UL +#define CKM_GOST28147_KEY_GEN 0x00001220UL +#define CKM_GOST28147_ECB 0x00001221UL +#define CKM_GOST28147 0x00001222UL +#define CKM_GOST28147_MAC 0x00001223UL +#define CKM_GOST28147_KEY_WRAP 0x00001224UL +#define CKM_DSA_PARAMETER_GEN 0x00002000UL +#define CKM_DH_PKCS_PARAMETER_GEN 0x00002001UL +#define CKM_X9_42_DH_PARAMETER_GEN 0x00002002UL +#define CKM_DSA_PROBABILISTIC_PARAMETER_GEN 0x00002003UL +#define CKM_DSA_PROBABLISTIC_PARAMETER_GEN 0x00002003UL +#define CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN 0x00002004UL +#define CKM_AES_OFB 0x00002104UL +#define CKM_AES_CFB64 0x00002105UL +#define CKM_AES_CFB8 0x00002106UL +#define CKM_AES_CFB128 0x00002107UL +#define CKM_AES_CFB1 0x00002108UL +#define CKM_AES_KEY_WRAP 0x00002109UL +#define CKM_AES_KEY_WRAP_PAD 0x0000210AUL +#define CKM_RSA_PKCS_TPM_1_1 0x00004001UL +#define CKM_RSA_PKCS_OAEP_TPM_1_1 0x00004002UL +#define CKM_VENDOR_DEFINED 0x80000000UL +/* Deprecated */ +#ifdef PKCS11_DEPRECATED +#define CKM_CAST5_KEY_GEN 0x00000320UL +#define CKM_CAST5_CBC 0x00000322UL +#define CKM_CAST5_MAC 0x00000323UL +#define CKM_CAST5_MAC_GENERAL 0x00000324UL +#define CKM_CAST5_CBC_PAD 0x00000325UL +#define CKM_PBE_MD5_CAST5_CBC 0x000003A4UL +#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5UL +#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040UL +#endif +/* CKN */ +#define CKN_SURRENDER 0UL +#define CKN_OTP_CHANGED 1UL -/* ============================================================== - * Define structed vector of entry points. A CK_FUNCTION_LIST - * contains a CK_VERSION indicating a library's Cryptoki version - * and then a whole slew of function pointers to the routines in - * the library. This type was declared, but not defined, in - * pkcs11t.h. - * ============================================================== - */ +/* CKO */ +#define CKO_DATA 0x00000000UL +#define CKO_CERTIFICATE 0x00000001UL +#define CKO_PUBLIC_KEY 0x00000002UL +#define CKO_PRIVATE_KEY 0x00000003UL +#define CKO_SECRET_KEY 0x00000004UL +#define CKO_HW_FEATURE 0x00000005UL +#define CKO_DOMAIN_PARAMETERS 0x00000006UL +#define CKO_MECHANISM 0x00000007UL +#define CKO_OTP_KEY 0x00000008UL +#define CKO_VENDOR_DEFINED 0x80000000UL -#define CK_PKCS11_FUNCTION_INFO(name) \ - __PASTE(CK_,name) name; +/* CKP (PBKD2) */ +#define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001UL +#define CKP_PKCS5_PBKD2_HMAC_GOSTR3411 0x00000002UL +#define CKP_PKCS5_PBKD2_HMAC_SHA224 0x00000003UL +#define CKP_PKCS5_PBKD2_HMAC_SHA256 0x00000004UL +#define CKP_PKCS5_PBKD2_HMAC_SHA384 0x00000005UL +#define CKP_PKCS5_PBKD2_HMAC_SHA512 0x00000006UL +#define CKP_PKCS5_PBKD2_HMAC_SHA512_224 0x00000007UL +#define CKP_PKCS5_PBKD2_HMAC_SHA512_256 0x00000008UL -struct CK_FUNCTION_LIST { +/* CKR */ +#define CKR_OK 0x00000000UL +#define CKR_CANCEL 0x00000001UL +#define CKR_HOST_MEMORY 0x00000002UL +#define CKR_SLOT_ID_INVALID 0x00000003UL +#define CKR_GENERAL_ERROR 0x00000005UL +#define CKR_FUNCTION_FAILED 0x00000006UL +#define CKR_ARGUMENTS_BAD 0x00000007UL +#define CKR_NO_EVENT 0x00000008UL +#define CKR_NEED_TO_CREATE_THREADS 0x00000009UL +#define CKR_CANT_LOCK 0x0000000AUL +#define CKR_ATTRIBUTE_READ_ONLY 0x00000010UL +#define CKR_ATTRIBUTE_SENSITIVE 0x00000011UL +#define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012UL +#define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013UL +#define CKR_ACTION_PROHIBITED 0x0000001BUL +#define CKR_DATA_INVALID 0x00000020UL +#define CKR_DATA_LEN_RANGE 0x00000021UL +#define CKR_DEVICE_ERROR 0x00000030UL +#define CKR_DEVICE_MEMORY 0x00000031UL +#define CKR_DEVICE_REMOVED 0x00000032UL +#define CKR_ENCRYPTED_DATA_INVALID 0x00000040UL +#define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041UL +#define CKR_FUNCTION_CANCELED 0x00000050UL +#define CKR_FUNCTION_NOT_PARALLEL 0x00000051UL +#define CKR_FUNCTION_NOT_SUPPORTED 0x00000054UL +#define CKR_KEY_HANDLE_INVALID 0x00000060UL +#define CKR_KEY_SIZE_RANGE 0x00000062UL +#define CKR_KEY_TYPE_INCONSISTENT 0x00000063UL +#define CKR_KEY_NOT_NEEDED 0x00000064UL +#define CKR_KEY_CHANGED 0x00000065UL +#define CKR_KEY_NEEDED 0x00000066UL +#define CKR_KEY_INDIGESTIBLE 0x00000067UL +#define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068UL +#define CKR_KEY_NOT_WRAPPABLE 0x00000069UL +#define CKR_KEY_UNEXTRACTABLE 0x0000006AUL +#define CKR_MECHANISM_INVALID 0x00000070UL +#define CKR_MECHANISM_PARAM_INVALID 0x00000071UL +#define CKR_OBJECT_HANDLE_INVALID 0x00000082UL +#define CKR_OPERATION_ACTIVE 0x00000090UL +#define CKR_OPERATION_NOT_INITIALIZED 0x00000091UL +#define CKR_PIN_INCORRECT 0x000000A0UL +#define CKR_PIN_INVALID 0x000000A1UL +#define CKR_PIN_LEN_RANGE 0x000000A2UL +#define CKR_PIN_EXPIRED 0x000000A3UL +#define CKR_PIN_LOCKED 0x000000A4UL +#define CKR_SESSION_CLOSED 0x000000B0UL +#define CKR_SESSION_COUNT 0x000000B1UL +#define CKR_SESSION_HANDLE_INVALID 0x000000B3UL +#define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4UL +#define CKR_SESSION_READ_ONLY 0x000000B5UL +#define CKR_SESSION_EXISTS 0x000000B6UL +#define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7UL +#define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8UL +#define CKR_SIGNATURE_INVALID 0x000000C0UL +#define CKR_SIGNATURE_LEN_RANGE 0x000000C1UL +#define CKR_TEMPLATE_INCOMPLETE 0x000000D0UL +#define CKR_TEMPLATE_INCONSISTENT 0x000000D1UL +#define CKR_TOKEN_NOT_PRESENT 0x000000E0UL +#define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1UL +#define CKR_TOKEN_WRITE_PROTECTED 0x000000E2UL +#define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0UL +#define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1UL +#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2UL +#define CKR_USER_ALREADY_LOGGED_IN 0x00000100UL +#define CKR_USER_NOT_LOGGED_IN 0x00000101UL +#define CKR_USER_PIN_NOT_INITIALIZED 0x00000102UL +#define CKR_USER_TYPE_INVALID 0x00000103UL +#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104UL +#define CKR_USER_TOO_MANY_TYPES 0x00000105UL +#define CKR_WRAPPED_KEY_INVALID 0x00000110UL +#define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112UL +#define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113UL +#define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114UL +#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115UL +#define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120UL +#define CKR_RANDOM_NO_RNG 0x00000121UL +#define CKR_DOMAIN_PARAMS_INVALID 0x00000130UL +#define CKR_CURVE_NOT_SUPPORTED 0x00000140UL +#define CKR_BUFFER_TOO_SMALL 0x00000150UL +#define CKR_SAVED_STATE_INVALID 0x00000160UL +#define CKR_INFORMATION_SENSITIVE 0x00000170UL +#define CKR_STATE_UNSAVEABLE 0x00000180UL +#define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190UL +#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191UL +#define CKR_MUTEX_BAD 0x000001A0UL +#define CKR_MUTEX_NOT_LOCKED 0x000001A1UL +#define CKR_NEW_PIN_MODE 0x000001B0UL +#define CKR_NEXT_OTP 0x000001B1UL +#define CKR_EXCEEDED_MAX_ITERATIONS 0x000001B5UL +#define CKR_FIPS_SELF_TEST_FAILED 0x000001B6UL +#define CKR_LIBRARY_LOAD_FAILED 0x000001B7UL +#define CKR_PIN_TOO_WEAK 0x000001B8UL +#define CKR_PUBLIC_KEY_INVALID 0x000001B9UL +#define CKR_FUNCTION_REJECTED 0x00000200UL +#define CKR_VENDOR_DEFINED 0x80000000UL - CK_VERSION version; /* Cryptoki version */ -/* Pile all the function pointers into the CK_FUNCTION_LIST. */ -/* pkcs11f.h has all the information about the Cryptoki - * function prototypes. - */ -#include "pkcs11f.h" +/* CKS */ +#define CKS_RO_PUBLIC_SESSION 0UL +#define CKS_RO_USER_FUNCTIONS 1UL +#define CKS_RW_PUBLIC_SESSION 2UL +#define CKS_RW_USER_FUNCTIONS 3UL +#define CKS_RW_SO_FUNCTIONS 4UL + +/* CKU */ +#define CKU_SO 0UL +#define CKU_USER 1UL +#define CKU_CONTEXT_SPECIFIC 2UL + +/* CKZ (data) */ +#define CKZ_DATA_SPECIFIED 0x00000001UL + +/* CKZ (salt) */ +#define CKZ_SALT_SPECIFIED 0x00000001UL + +/* Sundry structures type definition in alphabetical order */ +#define STRUCTDEF(__name__) \ +struct __name__; \ +typedef struct __name__ __name__; \ +typedef struct __name__ * __name__ ## _PTR; \ +typedef struct __name__ ** __name__ ## _PTR_PTR + +STRUCTDEF(CK_ATTRIBUTE); +STRUCTDEF(CK_C_INITIALIZE_ARGS); +STRUCTDEF(CK_DATE); +STRUCTDEF(CK_FUNCTION_LIST); +STRUCTDEF(CK_FUNCTION_LIST_3_0); +STRUCTDEF(CK_INFO); +STRUCTDEF(CK_MECHANISM); +STRUCTDEF(CK_MECHANISM_INFO); +STRUCTDEF(CK_SESSION_INFO); +STRUCTDEF(CK_SLOT_INFO); +STRUCTDEF(CK_TOKEN_INFO); +STRUCTDEF(CK_VERSION); + +/* Function type definitions */ +typedef CK_RV (* CK_NOTIFY)(CK_SESSION_HANDLE, CK_NOTIFICATION, void *); +typedef CK_RV (* CK_CREATEMUTEX)(void **); +typedef CK_RV (* CK_DESTROYMUTEX)(void *); +typedef CK_RV (* CK_LOCKMUTEX)(void *); +typedef CK_RV (* CK_UNLOCKMUTEX)(void *); +/* General Structure definitions */ +struct CK_ATTRIBUTE { + CK_ATTRIBUTE_TYPE type; + void * pValue; + CK_ULONG ulValueLen; }; -#undef CK_PKCS11_FUNCTION_INFO +struct CK_C_INITIALIZE_ARGS { + CK_CREATEMUTEX CreateMutex; + CK_DESTROYMUTEX DestroyMutex; + CK_LOCKMUTEX LockMutex; + CK_UNLOCKMUTEX UnlockMutex; + CK_FLAGS flags; + void * pReserved; +}; +struct CK_DATE{ + CK_CHAR year[4]; + CK_CHAR month[2]; + CK_CHAR day[2]; +}; -#undef __PASTE +struct CK_VERSION { + CK_BYTE major; + CK_BYTE minor; +}; -#ifdef __cplusplus -} -#endif +struct CK_INFO { + struct CK_VERSION cryptokiVersion; + CK_UTF8CHAR manufacturerID[32]; + CK_FLAGS flags; + CK_UTF8CHAR libraryDescription[32]; + struct CK_VERSION libraryVersion; +}; + +struct CK_MECHANISM { + CK_MECHANISM_TYPE mechanism; + void * pParameter; + CK_ULONG ulParameterLen; +}; + +struct CK_MECHANISM_INFO { + CK_ULONG ulMinKeySize; + CK_ULONG ulMaxKeySize; + CK_FLAGS flags; +}; + +struct CK_SESSION_INFO { + CK_SLOT_ID slotID; + CK_STATE state; + CK_FLAGS flags; + CK_ULONG ulDeviceError; +}; + +struct CK_SLOT_INFO { + CK_UTF8CHAR slotDescription[64]; + CK_UTF8CHAR manufacturerID[32]; + CK_FLAGS flags; + CK_VERSION hardwareVersion; + CK_VERSION firmwareVersion; +}; + +struct CK_TOKEN_INFO { + CK_UTF8CHAR label[32]; + CK_UTF8CHAR manufacturerID[32]; + CK_UTF8CHAR model[16]; + CK_CHAR serialNumber[16]; + CK_FLAGS flags; + CK_ULONG ulMaxSessionCount; + CK_ULONG ulSessionCount; + CK_ULONG ulMaxRwSessionCount; + CK_ULONG ulRwSessionCount; + CK_ULONG ulMaxPinLen; + CK_ULONG ulMinPinLen; + CK_ULONG ulTotalPublicMemory; + CK_ULONG ulFreePublicMemory; + CK_ULONG ulTotalPrivateMemory; + CK_ULONG ulFreePrivateMemory; + CK_VERSION hardwareVersion; + CK_VERSION firmwareVersion; + CK_CHAR utcTime[16]; +}; + +/* Param Structure definitions in alphabetical order */ +STRUCTDEF(CK_AES_CBC_ENCRYPT_DATA_PARAMS); +STRUCTDEF(CK_AES_CCM_PARAMS); +STRUCTDEF(CK_AES_CTR_PARAMS); +STRUCTDEF(CK_AES_GCM_PARAMS); +STRUCTDEF(CK_ARIA_CBC_ENCRYPT_DATA_PARAMS); +STRUCTDEF(CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS); +STRUCTDEF(CK_CAMELLIA_CTR_PARAMS); +STRUCTDEF(CK_CCM_PARAMS); +STRUCTDEF(CK_CMS_SIG_PARAMS); +STRUCTDEF(CK_DES_CBC_ENCRYPT_DATA_PARAMS); +STRUCTDEF(CK_DSA_PARAMETER_GEN_PARAM); +STRUCTDEF(CK_ECDH_AES_KEY_WRAP_PARAMS); +STRUCTDEF(CK_ECDH1_DERIVE_PARAMS); +STRUCTDEF(CK_ECDH2_DERIVE_PARAMS); +STRUCTDEF(CK_ECMQV_DERIVE_PARAMS); +STRUCTDEF(CK_GCM_PARAMS); +STRUCTDEF(CK_GOSTR3410_DERIVE_PARAMS); +STRUCTDEF(CK_GOSTR3410_KEY_WRAP_PARAMS); +STRUCTDEF(CK_KEA_DERIVE_PARAMS); +STRUCTDEF(CK_KEY_DERIVATION_STRING_DATA); +STRUCTDEF(CK_KEY_WRAP_SET_OAEP_PARAMS); +STRUCTDEF(CK_KIP_PARAMS); +STRUCTDEF(CK_OTP_PARAM); +STRUCTDEF(CK_OTP_PARAMS); +STRUCTDEF(CK_OTP_SIGNATURE_INFO); +STRUCTDEF(CK_PBE_PARAMS); +STRUCTDEF(CK_PKCS5_PBKD2_PARAMS); +STRUCTDEF(CK_PKCS5_PBKD2_PARAMS2); +STRUCTDEF(CK_RC2_CBC_PARAMS); +STRUCTDEF(CK_RC2_MAC_GENERAL_PARAMS); +STRUCTDEF(CK_RC5_CBC_PARAMS); +STRUCTDEF(CK_RC5_MAC_GENERAL_PARAMS); +STRUCTDEF(CK_RC5_PARAMS); +STRUCTDEF(CK_RSA_AES_KEY_WRAP_PARAMS); +STRUCTDEF(CK_RSA_PKCS_OAEP_PARAMS); +STRUCTDEF(CK_RSA_PKCS_PSS_PARAMS); +STRUCTDEF(CK_SEED_CBC_ENCRYPT_DATA_PARAMS); +STRUCTDEF(CK_SKIPJACK_PRIVATE_WRAP_PARAMS); +STRUCTDEF(CK_SKIPJACK_RELAYX_PARAMS); +STRUCTDEF(CK_X2RATCHET_INITIALIZE_PARAMS); +STRUCTDEF(CK_X2RATCHET_RESPOND_PARAMS); +STRUCTDEF(CK_X9_42_DH1_DERIVE_PARAMS); +STRUCTDEF(CK_X9_42_DH2_DERIVE_PARAMS); +STRUCTDEF(CK_X9_42_MQV_DERIVE_PARAMS); +STRUCTDEF(specifiedParams); + +struct CK_AES_CBC_ENCRYPT_DATA_PARAMS { + CK_BYTE iv[16]; + CK_BYTE * pData; + CK_ULONG length; +}; + +struct CK_AES_CCM_PARAMS { + CK_ULONG ulDataLen; + CK_BYTE * pNonce; + CK_ULONG ulNonceLen; + CK_BYTE * pAAD; + CK_ULONG ulAADLen; + CK_ULONG ulMACLen; +}; + +struct CK_AES_CTR_PARAMS { + CK_ULONG ulCounterBits; + CK_BYTE cb[16]; +}; + +struct CK_AES_GCM_PARAMS { + CK_BYTE * pIv; + CK_ULONG ulIvLen; + CK_ULONG ulIvBits; + CK_BYTE * pAAD; + CK_ULONG ulAADLen; + CK_ULONG ulTagBits; +}; + +struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS { + CK_BYTE iv[16]; + CK_BYTE * pData; + CK_ULONG length; +}; + +struct CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS { + CK_BYTE iv[16]; + CK_BYTE * pData; + CK_ULONG length; +}; + +struct CK_CAMELLIA_CTR_PARAMS { + CK_ULONG ulCounterBits; + CK_BYTE cb[16]; +}; + +struct CK_CCM_PARAMS { + CK_ULONG ulDataLen; + CK_BYTE * pNonce; + CK_ULONG ulNonceLen; + CK_BYTE * pAAD; + CK_ULONG ulAADLen; + CK_ULONG ulMACLen; +}; + +struct CK_CMS_SIG_PARAMS { + CK_OBJECT_HANDLE certificateHandle; + CK_MECHANISM * pSigningMechanism; + CK_MECHANISM * pDigestMechanism; + CK_UTF8CHAR * pContentType; + CK_BYTE * pRequestedAttributes; + CK_ULONG ulRequestedAttributesLen; + CK_BYTE * pRequiredAttributes; + CK_ULONG ulRequiredAttributesLen; +}; -#endif /* _PKCS11_H_ */ +struct CK_DES_CBC_ENCRYPT_DATA_PARAMS { + CK_BYTE iv[8]; + CK_BYTE * pData; + CK_ULONG length; +}; + +struct CK_DSA_PARAMETER_GEN_PARAM { + CK_MECHANISM_TYPE hash; + CK_BYTE * pSeed; + CK_ULONG ulSeedLen; + CK_ULONG ulIndex; +}; +struct CK_ECDH_AES_KEY_WRAP_PARAMS { + CK_ULONG ulAESKeyBits; + CK_EC_KDF_TYPE kdf; + CK_ULONG ulSharedDataLen; + CK_BYTE * pSharedData; +}; + +struct CK_ECDH1_DERIVE_PARAMS { + CK_EC_KDF_TYPE kdf; + CK_ULONG ulSharedDataLen; + CK_BYTE * pSharedData; + CK_ULONG ulPublicDataLen; + CK_BYTE * pPublicData; +}; + +struct CK_ECDH2_DERIVE_PARAMS { + CK_EC_KDF_TYPE kdf; + CK_ULONG ulSharedDataLen; + CK_BYTE * pSharedData; + CK_ULONG ulPublicDataLen; + CK_BYTE * pPublicData; + CK_ULONG ulPrivateDataLen; + CK_OBJECT_HANDLE hPrivateData; + CK_ULONG ulPublicDataLen2; + CK_BYTE * pPublicData2; +}; + +struct CK_ECMQV_DERIVE_PARAMS { + CK_EC_KDF_TYPE kdf; + CK_ULONG ulSharedDataLen; + CK_BYTE * pSharedData; + CK_ULONG ulPublicDataLen; + CK_BYTE * pPublicData; + CK_ULONG ulPrivateDataLen; + CK_OBJECT_HANDLE hPrivateData; + CK_ULONG ulPublicDataLen2; + CK_BYTE * pPublicData2; + CK_OBJECT_HANDLE publicKey; +}; + +struct CK_GCM_PARAMS { + CK_BYTE * pIv; + CK_ULONG ulIvLen; + CK_ULONG ulIvBits; + CK_BYTE * pAAD; + CK_ULONG ulAADLen; + CK_ULONG ulTagBits; +}; + +struct CK_GOSTR3410_DERIVE_PARAMS { + CK_EC_KDF_TYPE kdf; + CK_BYTE * pPublicData; + CK_ULONG ulPublicDataLen; + CK_BYTE * pUKM; + CK_ULONG ulUKMLen; +}; + +struct CK_GOSTR3410_KEY_WRAP_PARAMS { + CK_BYTE * pWrapOID; + CK_ULONG ulWrapOIDLen; + CK_BYTE * pUKM; + CK_ULONG ulUKMLen; + CK_OBJECT_HANDLE hKey; +}; + +struct CK_KEA_DERIVE_PARAMS { + CK_BBOOL isSender; + CK_ULONG ulRandomLen; + CK_BYTE * RandomA; + CK_BYTE * RandomB; + CK_ULONG ulPublicDataLen; + CK_BYTE * PublicData; +}; + +struct CK_KEY_DERIVATION_STRING_DATA { + CK_BYTE * pData; + CK_ULONG ulLen; +}; + +struct CK_KEY_WRAP_SET_OAEP_PARAMS { + CK_BYTE bBC; + CK_BYTE * pX; + CK_ULONG ulXLen; +}; + +struct CK_KIP_PARAMS { + CK_MECHANISM * pMechanism; + CK_OBJECT_HANDLE hKey; + CK_BYTE * pSeed; + CK_ULONG ulSeedLen; +}; + +struct CK_OTP_PARAM { + CK_OTP_PARAM_TYPE type; + void * pValue; + CK_ULONG ulValueLen; +}; + +struct CK_OTP_PARAMS { + CK_OTP_PARAM * pParams; + CK_ULONG ulCount; +}; + +struct CK_OTP_SIGNATURE_INFO { + CK_OTP_PARAM * pParams; + CK_ULONG ulCount; +}; + +struct CK_PBE_PARAMS { + CK_BYTE * pInitVector; + CK_UTF8CHAR * pPassword; + CK_ULONG ulPasswordLen; + CK_BYTE * pSalt; + CK_ULONG ulSaltLen; + CK_ULONG ulIteration; +}; + +struct CK_PKCS5_PBKD2_PARAMS { + CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource; + void * pSaltSourceData; + CK_ULONG ulSaltSourceDataLen; + CK_ULONG iterations; + CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf; + void * pPrfData; + CK_ULONG ulPrfDataLen; + CK_UTF8CHAR * pPassword; + CK_ULONG * ulPasswordLen; +}; + +struct CK_PKCS5_PBKD2_PARAMS2 { + CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource; + void * pSaltSourceData; + CK_ULONG ulSaltSourceDataLen; + CK_ULONG iterations; + CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf; + void * pPrfData; + CK_ULONG ulPrfDataLen; + CK_UTF8CHAR * pPassword; + CK_ULONG ulPasswordLen; +}; + +struct CK_RC2_CBC_PARAMS { + CK_ULONG ulEffectiveBits; + CK_BYTE iv[8]; +}; + +struct CK_RC2_MAC_GENERAL_PARAMS { + CK_ULONG ulEffectiveBits; + CK_ULONG ulMacLength; +}; + +struct CK_RC5_CBC_PARAMS { + CK_ULONG ulWordsize; + CK_ULONG ulRounds; + CK_BYTE * pIv; + CK_ULONG ulIvLen; +}; + +struct CK_RC5_MAC_GENERAL_PARAMS { + CK_ULONG ulWordsize; + CK_ULONG ulRounds; + CK_ULONG ulMacLength; +}; + +struct CK_RC5_PARAMS { + CK_ULONG ulWordsize; + CK_ULONG ulRounds; +}; + +struct CK_RSA_AES_KEY_WRAP_PARAMS { + CK_ULONG ulAESKeyBits; + CK_RSA_PKCS_OAEP_PARAMS * pOAEPParams; +}; + +struct CK_RSA_PKCS_OAEP_PARAMS { + CK_MECHANISM_TYPE hashAlg; + CK_RSA_PKCS_MGF_TYPE mgf; + CK_RSA_PKCS_OAEP_SOURCE_TYPE source; + void * pSourceData; + CK_ULONG ulSourceDataLen; +}; + +struct CK_RSA_PKCS_PSS_PARAMS { + CK_MECHANISM_TYPE hashAlg; + CK_RSA_PKCS_MGF_TYPE mgf; + CK_ULONG sLen; +}; + +struct CK_SEED_CBC_ENCRYPT_DATA_PARAMS { + CK_BYTE iv[16]; + CK_BYTE * pData; + CK_ULONG length; +}; + +struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS { + CK_ULONG ulPasswordLen; + CK_BYTE * pPassword; + CK_ULONG ulPublicDataLen; + CK_BYTE * pPublicData; + CK_ULONG ulPAndGLen; + CK_ULONG ulQLen; + CK_ULONG ulRandomLen; + CK_BYTE * pRandomA; + CK_BYTE * pPrimeP; + CK_BYTE * pBaseG; + CK_BYTE * pSubprimeQ; +}; + +struct CK_SKIPJACK_RELAYX_PARAMS { + CK_ULONG ulOldWrappedXLen; + CK_BYTE * pOldWrappedX; + CK_ULONG ulOldPasswordLen; + CK_BYTE * pOldPassword; + CK_ULONG ulOldPublicDataLen; + CK_BYTE * pOldPublicData; + CK_ULONG ulOldRandomLen; + CK_BYTE * pOldRandomA; + CK_ULONG ulNewPasswordLen; + CK_BYTE * pNewPassword; + CK_ULONG ulNewPublicDataLen; + CK_BYTE * pNewPublicData; + CK_ULONG ulNewRandomLen; + CK_BYTE * pNewRandomA; +}; + +struct CK_X9_42_DH1_DERIVE_PARAMS { + CK_X9_42_DH_KDF_TYPE kdf; + CK_ULONG ulOtherInfoLen; + CK_BYTE * pOtherInfo; + CK_ULONG ulPublicDataLen; + CK_BYTE * pPublicData; +}; + +struct CK_X9_42_DH2_DERIVE_PARAMS { + CK_X9_42_DH_KDF_TYPE kdf; + CK_ULONG ulOtherInfoLen; + CK_BYTE * pOtherInfo; + CK_ULONG ulPublicDataLen; + CK_BYTE * pPublicData; + CK_ULONG ulPrivateDataLen; + CK_OBJECT_HANDLE hPrivateData; + CK_ULONG ulPublicDataLen2; + CK_BYTE * pPublicData2; +}; + +struct CK_X9_42_MQV_DERIVE_PARAMS { + CK_X9_42_DH_KDF_TYPE kdf; + CK_ULONG ulOtherInfoLen; + CK_BYTE * OtherInfo; + CK_ULONG ulPublicDataLen; + CK_BYTE * PublicData; + CK_ULONG ulPrivateDataLen; + CK_OBJECT_HANDLE hPrivateData; + CK_ULONG ulPublicDataLen2; + CK_BYTE * PublicData2; + CK_OBJECT_HANDLE publicKey; +}; + +/* TLS related structure definitions */ +STRUCTDEF(CK_SSL3_KEY_MAT_OUT); +STRUCTDEF(CK_SSL3_KEY_MAT_PARAMS); +STRUCTDEF(CK_SSL3_MASTER_KEY_DERIVE_PARAMS); +STRUCTDEF(CK_SSL3_RANDOM_DATA); +STRUCTDEF(CK_TLS_KDF_PARAMS); +STRUCTDEF(CK_TLS_MAC_PARAMS); +STRUCTDEF(CK_TLS_PRF_PARAMS); +STRUCTDEF(CK_TLS12_KEY_MAT_PARAMS); +STRUCTDEF(CK_TLS12_MASTER_KEY_DERIVE_PARAMS); +STRUCTDEF(CK_WTLS_KEY_MAT_OUT); +STRUCTDEF(CK_WTLS_KEY_MAT_PARAMS); +STRUCTDEF(CK_WTLS_MASTER_KEY_DERIVE_PARAMS); +STRUCTDEF(CK_WTLS_PRF_PARAMS); +STRUCTDEF(CK_WTLS_RANDOM_DATA); + +struct CK_SSL3_KEY_MAT_OUT { + CK_OBJECT_HANDLE hClientMacSecret; + CK_OBJECT_HANDLE hServerMacSecret; + CK_OBJECT_HANDLE hClientKey; + CK_OBJECT_HANDLE hServerKey; + CK_BYTE * pIVClient; + CK_BYTE * pIVServer; +}; + +struct CK_SSL3_RANDOM_DATA { + CK_BYTE * pClientRandom; + CK_ULONG ulClientRandomLen; + CK_BYTE * pServerRandom; + CK_ULONG ulServerRandomLen; +}; + +struct CK_SSL3_KEY_MAT_PARAMS { + CK_ULONG ulMacSizeInBits; + CK_ULONG ulKeySizeInBits; + CK_ULONG ulIVSizeInBits; + CK_BBOOL bIsExport; + CK_SSL3_RANDOM_DATA RandomInfo; + CK_SSL3_KEY_MAT_OUT * pReturnedKeyMaterial; +}; + +struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS { + CK_SSL3_RANDOM_DATA RandomInfo; + CK_VERSION * pVersion; +}; + +struct CK_TLS_KDF_PARAMS { + CK_MECHANISM_TYPE prfMechanism; + CK_BYTE * pLabel; + CK_ULONG ulLabelLength; + CK_SSL3_RANDOM_DATA RandomInfo; + CK_BYTE * pContextData; + CK_ULONG ulContextDataLength; +}; + +struct CK_TLS_MAC_PARAMS { + CK_MECHANISM_TYPE prfHashMechanism; + CK_ULONG ulMacLength; + CK_ULONG ulServerOrClient; +}; + +struct CK_TLS_PRF_PARAMS { + CK_BYTE * pSeed; + CK_ULONG ulSeedLen; + CK_BYTE * pLabel; + CK_ULONG ulLabelLen; + CK_BYTE * pOutput; + CK_ULONG * pulOutputLen; +}; + +struct CK_TLS12_KEY_MAT_PARAMS { + CK_ULONG ulMacSizeInBits; + CK_ULONG ulKeySizeInBits; + CK_ULONG ulIVSizeInBits; + CK_BBOOL bIsExport; + CK_SSL3_RANDOM_DATA RandomInfo; + CK_SSL3_KEY_MAT_OUT * pReturnedKeyMaterial; + CK_MECHANISM_TYPE prfHashMechanism; +}; + +struct CK_TLS12_MASTER_KEY_DERIVE_PARAMS { + CK_SSL3_RANDOM_DATA RandomInfo; + CK_VERSION * pVersion; + CK_MECHANISM_TYPE prfHashMechanism; +}; + +struct CK_WTLS_KEY_MAT_OUT { + CK_OBJECT_HANDLE hMacSecret; + CK_OBJECT_HANDLE hKey; + CK_BYTE * pIV; +}; + +struct CK_WTLS_RANDOM_DATA { + CK_BYTE * pClientRandom; + CK_ULONG ulClientRandomLen; + CK_BYTE * pServerRandom; + CK_ULONG ulServerRandomLen; +}; + +struct CK_WTLS_KEY_MAT_PARAMS { + CK_MECHANISM_TYPE DigestMechanism; + CK_ULONG ulMacSizeInBits; + CK_ULONG ulKeySizeInBits; + CK_ULONG ulIVSizeInBits; + CK_ULONG ulSequenceNumber; + CK_BBOOL bIsExport; + CK_WTLS_RANDOM_DATA RandomInfo; + CK_WTLS_KEY_MAT_OUT * pReturnedKeyMaterial; +}; + +struct CK_WTLS_MASTER_KEY_DERIVE_PARAMS { + CK_MECHANISM_TYPE DigestMechanism; + CK_WTLS_RANDOM_DATA RandomInfo; + CK_BYTE * pVersion; +}; + +struct CK_WTLS_PRF_PARAMS { + CK_MECHANISM_TYPE DigestMechanism; + CK_BYTE * pSeed; + CK_ULONG ulSeedLen; + CK_BYTE * pLabel; + CK_ULONG ulLabelLen; + CK_BYTE * pOutput; + CK_ULONG * pulOutputLen; +}; + +/* PKCS11 Functions */ +extern CK_RV C_Initialize(void *); +extern CK_RV C_Finalize(void *); +extern CK_RV C_GetInfo(CK_INFO *); +extern CK_RV C_GetFunctionList(CK_FUNCTION_LIST **); +extern CK_RV C_GetSlotList(CK_BBOOL, CK_SLOT_ID *, CK_ULONG *); +extern CK_RV C_GetSlotInfo(CK_SLOT_ID, CK_SLOT_INFO *); +extern CK_RV C_GetTokenInfo(CK_SLOT_ID, CK_TOKEN_INFO *); +extern CK_RV C_GetMechanismList(CK_SLOT_ID, CK_MECHANISM_TYPE *, CK_ULONG *); +extern CK_RV C_GetMechanismInfo(CK_SLOT_ID, CK_MECHANISM_TYPE, + CK_MECHANISM_INFO *); +extern CK_RV C_InitToken(CK_SLOT_ID, CK_UTF8CHAR *, CK_ULONG, CK_UTF8CHAR *); +extern CK_RV C_InitPIN(CK_SESSION_HANDLE, CK_UTF8CHAR *, CK_ULONG); +extern CK_RV C_SetPIN(CK_SESSION_HANDLE, CK_UTF8CHAR *, CK_ULONG, CK_UTF8CHAR *, + CK_ULONG); +extern CK_RV C_OpenSession(CK_SLOT_ID, CK_FLAGS, void *, CK_NOTIFY, + CK_SESSION_HANDLE *); +extern CK_RV C_CloseSession(CK_SESSION_HANDLE); +extern CK_RV C_CloseAllSessions(CK_SLOT_ID); +extern CK_RV C_GetSessionInfo(CK_SESSION_HANDLE, CK_SESSION_INFO *); +extern CK_RV C_GetOperationState(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG *); +extern CK_RV C_SetOperationState(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG, + CK_OBJECT_HANDLE, CK_OBJECT_HANDLE); +extern CK_RV C_Login(CK_SESSION_HANDLE, CK_USER_TYPE, CK_UTF8CHAR *, CK_ULONG); +extern CK_RV C_Logout(CK_SESSION_HANDLE); +extern CK_RV C_CreateObject(CK_SESSION_HANDLE, CK_ATTRIBUTE *, CK_ULONG, + CK_OBJECT_HANDLE *); +extern CK_RV C_CopyObject(CK_SESSION_HANDLE, CK_OBJECT_HANDLE, CK_ATTRIBUTE *, + CK_ULONG, CK_OBJECT_HANDLE *); +extern CK_RV C_DestroyObject(CK_SESSION_HANDLE, CK_OBJECT_HANDLE); +extern CK_RV C_GetObjectSize(CK_SESSION_HANDLE, CK_OBJECT_HANDLE, CK_ULONG *); +extern CK_RV C_GetAttributeValue(CK_SESSION_HANDLE, CK_OBJECT_HANDLE, + CK_ATTRIBUTE *, CK_ULONG); +extern CK_RV C_SetAttributeValue(CK_SESSION_HANDLE, CK_OBJECT_HANDLE, + CK_ATTRIBUTE *, CK_ULONG); +extern CK_RV C_FindObjectsInit(CK_SESSION_HANDLE, CK_ATTRIBUTE *, CK_ULONG); +extern CK_RV C_FindObjects(CK_SESSION_HANDLE, CK_OBJECT_HANDLE *, CK_ULONG, + CK_ULONG *); +extern CK_RV C_FindObjectsFinal(CK_SESSION_HANDLE); +extern CK_RV C_EncryptInit(CK_SESSION_HANDLE, CK_MECHANISM *, + CK_OBJECT_HANDLE); +extern CK_RV C_Encrypt(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG, CK_BYTE *, + CK_ULONG *); +extern CK_RV C_EncryptUpdate(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG, + CK_BYTE *, CK_ULONG *); +extern CK_RV C_EncryptFinal(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG *); +extern CK_RV C_DecryptInit(CK_SESSION_HANDLE, CK_MECHANISM *, + CK_OBJECT_HANDLE); +extern CK_RV C_Decrypt(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG, CK_BYTE *, + CK_ULONG *); +extern CK_RV C_DecryptUpdate(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG, + CK_BYTE *, CK_ULONG *); +extern CK_RV C_DecryptFinal(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG *); +extern CK_RV C_DigestInit(CK_SESSION_HANDLE, CK_MECHANISM *); +extern CK_RV C_Digest(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG, CK_BYTE *, + CK_ULONG *); +extern CK_RV C_DigestUpdate(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG); +extern CK_RV C_DigestKey(CK_SESSION_HANDLE, CK_OBJECT_HANDLE); +extern CK_RV C_DigestFinal(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG *); +extern CK_RV C_SignInit(CK_SESSION_HANDLE, CK_MECHANISM *, CK_OBJECT_HANDLE); +extern CK_RV C_Sign(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG, CK_BYTE *, + CK_ULONG *); +extern CK_RV C_SignUpdate(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG); +extern CK_RV C_SignFinal(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG *); +extern CK_RV C_SignRecoverInit(CK_SESSION_HANDLE, CK_MECHANISM *, + CK_OBJECT_HANDLE); +extern CK_RV C_SignRecover(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG, CK_BYTE *, + CK_ULONG *); +extern CK_RV C_VerifyInit(CK_SESSION_HANDLE, CK_MECHANISM *, + CK_OBJECT_HANDLE); +extern CK_RV C_Verify(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG, CK_BYTE *, + CK_ULONG); +extern CK_RV C_VerifyUpdate(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG); +extern CK_RV C_VerifyFinal(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG); +extern CK_RV C_VerifyRecoverInit(CK_SESSION_HANDLE, CK_MECHANISM *, + CK_OBJECT_HANDLE); +extern CK_RV C_VerifyRecover(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG, + CK_BYTE *, CK_ULONG *); +extern CK_RV C_DigestEncryptUpdate(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG, + CK_BYTE *, CK_ULONG *); +extern CK_RV C_DecryptDigestUpdate(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG, + CK_BYTE *, CK_ULONG *); +extern CK_RV C_SignEncryptUpdate(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG, + CK_BYTE *, CK_ULONG *); +extern CK_RV C_DecryptVerifyUpdate(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG, + CK_BYTE *, CK_ULONG *); +extern CK_RV C_GenerateKey(CK_SESSION_HANDLE, CK_MECHANISM *, CK_ATTRIBUTE *, + CK_ULONG, CK_OBJECT_HANDLE *); +extern CK_RV C_GenerateKeyPair(CK_SESSION_HANDLE, CK_MECHANISM *, + CK_ATTRIBUTE *, CK_ULONG, CK_ATTRIBUTE *, + CK_ULONG, CK_OBJECT_HANDLE *, + CK_OBJECT_HANDLE *); +extern CK_RV C_WrapKey(CK_SESSION_HANDLE, CK_MECHANISM *, CK_OBJECT_HANDLE, + CK_OBJECT_HANDLE, CK_BYTE *, CK_ULONG *); +extern CK_RV C_UnwrapKey(CK_SESSION_HANDLE, CK_MECHANISM *, CK_OBJECT_HANDLE, + CK_BYTE *, CK_ULONG *, CK_ATTRIBUTE *, CK_ULONG, + CK_OBJECT_HANDLE *); +extern CK_RV C_DeriveKey(CK_SESSION_HANDLE, CK_MECHANISM *, CK_OBJECT_HANDLE, + CK_ATTRIBUTE *, CK_ULONG, CK_OBJECT_HANDLE *); +extern CK_RV C_SeedRandom(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG); +extern CK_RV C_GenerateRandom(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG); +extern CK_RV C_GetFunctionStatus(CK_SESSION_HANDLE); +extern CK_RV C_CancelFunction(CK_SESSION_HANDLE); +extern CK_RV C_WaitForSlotEvent(CK_FLAGS, CK_SLOT_ID *, void *); + +typedef CK_RV (* CK_C_Initialize)(void *); +typedef CK_RV (* CK_C_Finalize)(void *); +typedef CK_RV (* CK_C_GetInfo)(CK_INFO *); +typedef CK_RV (* CK_C_GetFunctionList)(CK_FUNCTION_LIST **); +typedef CK_RV (* CK_C_GetSlotList)(CK_BBOOL, CK_SLOT_ID *, CK_ULONG *); +typedef CK_RV (* CK_C_GetSlotInfo)(CK_SLOT_ID, CK_SLOT_INFO *); +typedef CK_RV (* CK_C_GetTokenInfo)(CK_SLOT_ID, CK_TOKEN_INFO *); +typedef CK_RV (* CK_C_GetMechanismList)(CK_SLOT_ID, CK_MECHANISM_TYPE *, + CK_ULONG *); +typedef CK_RV (* CK_C_GetMechanismInfo)(CK_SLOT_ID, CK_MECHANISM_TYPE, + CK_MECHANISM_INFO *); +typedef CK_RV (* CK_C_InitToken)(CK_SLOT_ID, CK_UTF8CHAR *, CK_ULONG, + CK_UTF8CHAR *); +typedef CK_RV (* CK_C_InitPIN)(CK_SESSION_HANDLE, CK_UTF8CHAR *, CK_ULONG); +typedef CK_RV (* CK_C_SetPIN)(CK_SESSION_HANDLE, CK_UTF8CHAR *, CK_ULONG, + CK_UTF8CHAR *, CK_ULONG); +typedef CK_RV (* CK_C_OpenSession)(CK_SLOT_ID, CK_FLAGS, void *, CK_NOTIFY, + CK_SESSION_HANDLE *); +typedef CK_RV (* CK_C_CloseSession)(CK_SESSION_HANDLE); +typedef CK_RV (* CK_C_CloseAllSessions)(CK_SLOT_ID); +typedef CK_RV (* CK_C_GetSessionInfo)(CK_SESSION_HANDLE, CK_SESSION_INFO *); +typedef CK_RV (* CK_C_GetOperationState)(CK_SESSION_HANDLE, CK_BYTE *, + CK_ULONG *); +typedef CK_RV (* CK_C_SetOperationState)(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG, + CK_OBJECT_HANDLE, CK_OBJECT_HANDLE); +typedef CK_RV (* CK_C_Login)(CK_SESSION_HANDLE, CK_USER_TYPE, CK_UTF8CHAR *, + CK_ULONG); +typedef CK_RV (* CK_C_Logout)(CK_SESSION_HANDLE); +typedef CK_RV (* CK_C_CreateObject)(CK_SESSION_HANDLE, CK_ATTRIBUTE *, CK_ULONG, + CK_OBJECT_HANDLE *); +typedef CK_RV (* CK_C_CopyObject)(CK_SESSION_HANDLE, CK_OBJECT_HANDLE, + CK_ATTRIBUTE *, CK_ULONG, CK_OBJECT_HANDLE *); +typedef CK_RV (* CK_C_DestroyObject)(CK_SESSION_HANDLE, CK_OBJECT_HANDLE); +typedef CK_RV (* CK_C_GetObjectSize)(CK_SESSION_HANDLE, CK_OBJECT_HANDLE, + CK_ULONG *); +typedef CK_RV (* CK_C_GetAttributeValue)(CK_SESSION_HANDLE, CK_OBJECT_HANDLE, + CK_ATTRIBUTE *, CK_ULONG); +typedef CK_RV (* CK_C_SetAttributeValue)(CK_SESSION_HANDLE, CK_OBJECT_HANDLE, + CK_ATTRIBUTE *, CK_ULONG); +typedef CK_RV (* CK_C_FindObjectsInit)(CK_SESSION_HANDLE, CK_ATTRIBUTE *, + CK_ULONG); +typedef CK_RV (* CK_C_FindObjects)(CK_SESSION_HANDLE, CK_OBJECT_HANDLE *, + CK_ULONG, CK_ULONG *); +typedef CK_RV (* CK_C_FindObjectsFinal)(CK_SESSION_HANDLE); +typedef CK_RV (* CK_C_EncryptInit)(CK_SESSION_HANDLE, CK_MECHANISM *, + CK_OBJECT_HANDLE); +typedef CK_RV (* CK_C_Encrypt)(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG, + CK_BYTE *, CK_ULONG *); +typedef CK_RV (* CK_C_EncryptUpdate)(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG, + CK_BYTE *, CK_ULONG *); +typedef CK_RV (* CK_C_EncryptFinal)(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG *); +typedef CK_RV (* CK_C_DecryptInit)(CK_SESSION_HANDLE, CK_MECHANISM *, + CK_OBJECT_HANDLE); +typedef CK_RV (* CK_C_Decrypt)(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG, + CK_BYTE *, CK_ULONG *); +typedef CK_RV (* CK_C_DecryptUpdate)(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG, + CK_BYTE *, CK_ULONG *); +typedef CK_RV (* CK_C_DecryptFinal)(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG *); +typedef CK_RV (* CK_C_DigestInit)(CK_SESSION_HANDLE, CK_MECHANISM *); +typedef CK_RV (* CK_C_Digest)(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG, CK_BYTE *, + CK_ULONG *); +typedef CK_RV (* CK_C_DigestUpdate)(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG); +typedef CK_RV (* CK_C_DigestKey)(CK_SESSION_HANDLE, CK_OBJECT_HANDLE); +typedef CK_RV (* CK_C_DigestFinal)(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG *); +typedef CK_RV (* CK_C_SignInit)(CK_SESSION_HANDLE, CK_MECHANISM *, + CK_OBJECT_HANDLE); +typedef CK_RV (* CK_C_Sign)(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG, CK_BYTE *, + CK_ULONG *); +typedef CK_RV (* CK_C_SignUpdate)(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG); +typedef CK_RV (* CK_C_SignFinal)(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG *); +typedef CK_RV (* CK_C_SignRecoverInit)(CK_SESSION_HANDLE, CK_MECHANISM *, + CK_OBJECT_HANDLE); +typedef CK_RV (* CK_C_SignRecover)(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG, + CK_BYTE *, CK_ULONG *); +typedef CK_RV (* CK_C_VerifyInit)(CK_SESSION_HANDLE, CK_MECHANISM *, + CK_OBJECT_HANDLE); +typedef CK_RV (* CK_C_Verify)(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG, CK_BYTE *, + CK_ULONG); +typedef CK_RV (* CK_C_VerifyUpdate)(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG); +typedef CK_RV (* CK_C_VerifyFinal)(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG); +typedef CK_RV (* CK_C_VerifyRecoverInit)(CK_SESSION_HANDLE, CK_MECHANISM *, + CK_OBJECT_HANDLE); +typedef CK_RV (* CK_C_VerifyRecover)(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG, + CK_BYTE *, CK_ULONG *); +typedef CK_RV (* CK_C_DigestEncryptUpdate)(CK_SESSION_HANDLE, CK_BYTE *, + CK_ULONG, CK_BYTE *, CK_ULONG *); +typedef CK_RV (* CK_C_DecryptDigestUpdate)(CK_SESSION_HANDLE, CK_BYTE *, + CK_ULONG, CK_BYTE *, CK_ULONG *); +typedef CK_RV (* CK_C_SignEncryptUpdate)(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG, + CK_BYTE *, CK_ULONG *); +typedef CK_RV (* CK_C_DecryptVerifyUpdate)(CK_SESSION_HANDLE, CK_BYTE *, + CK_ULONG, CK_BYTE *, CK_ULONG *); +typedef CK_RV (* CK_C_GenerateKey)(CK_SESSION_HANDLE, CK_MECHANISM *, + CK_ATTRIBUTE *, CK_ULONG, + CK_OBJECT_HANDLE *); +typedef CK_RV (* CK_C_GenerateKeyPair)(CK_SESSION_HANDLE, CK_MECHANISM *, + CK_ATTRIBUTE *, CK_ULONG, CK_ATTRIBUTE *, + CK_ULONG, CK_OBJECT_HANDLE *, + CK_OBJECT_HANDLE *); +typedef CK_RV (* CK_C_WrapKey)(CK_SESSION_HANDLE, CK_MECHANISM *, + CK_OBJECT_HANDLE, CK_OBJECT_HANDLE, CK_BYTE *, + CK_ULONG *); +typedef CK_RV (* CK_C_UnwrapKey)(CK_SESSION_HANDLE, CK_MECHANISM *, + CK_OBJECT_HANDLE, CK_BYTE *, CK_ULONG, + CK_ATTRIBUTE *, CK_ULONG, CK_OBJECT_HANDLE *); +typedef CK_RV (* CK_C_DeriveKey)(CK_SESSION_HANDLE, CK_MECHANISM *, + CK_OBJECT_HANDLE, CK_ATTRIBUTE *, CK_ULONG, + CK_OBJECT_HANDLE *); +typedef CK_RV (* CK_C_SeedRandom)(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG); +typedef CK_RV (* CK_C_GenerateRandom)(CK_SESSION_HANDLE, CK_BYTE *, CK_ULONG); +typedef CK_RV (* CK_C_GetFunctionStatus)(CK_SESSION_HANDLE); +typedef CK_RV (* CK_C_CancelFunction)(CK_SESSION_HANDLE); +typedef CK_RV (* CK_C_WaitForSlotEvent)(CK_FLAGS, CK_SLOT_ID *, void *); + +struct CK_FUNCTION_LIST { + CK_VERSION version; + CK_C_Initialize C_Initialize; + CK_C_Finalize C_Finalize; + CK_C_GetInfo C_GetInfo; + CK_C_GetFunctionList C_GetFunctionList; + CK_C_GetSlotList C_GetSlotList; + CK_C_GetSlotInfo C_GetSlotInfo; + CK_C_GetTokenInfo C_GetTokenInfo; + CK_C_GetMechanismList C_GetMechanismList; + CK_C_GetMechanismInfo C_GetMechanismInfo; + CK_C_InitToken C_InitToken; + CK_C_InitPIN C_InitPIN; + CK_C_SetPIN C_SetPIN; + CK_C_OpenSession C_OpenSession; + CK_C_CloseSession C_CloseSession; + CK_C_CloseAllSessions C_CloseAllSessions; + CK_C_GetSessionInfo C_GetSessionInfo; + CK_C_GetOperationState C_GetOperationState; + CK_C_SetOperationState C_SetOperationState; + CK_C_Login C_Login; + CK_C_Logout C_Logout; + CK_C_CreateObject C_CreateObject; + CK_C_CopyObject C_CopyObject; + CK_C_DestroyObject C_DestroyObject; + CK_C_GetObjectSize C_GetObjectSize; + CK_C_GetAttributeValue C_GetAttributeValue; + CK_C_SetAttributeValue C_SetAttributeValue; + CK_C_FindObjectsInit C_FindObjectsInit; + CK_C_FindObjects C_FindObjects; + CK_C_FindObjectsFinal C_FindObjectsFinal; + CK_C_EncryptInit C_EncryptInit; + CK_C_Encrypt C_Encrypt; + CK_C_EncryptUpdate C_EncryptUpdate; + CK_C_EncryptFinal C_EncryptFinal; + CK_C_DecryptInit C_DecryptInit; + CK_C_Decrypt C_Decrypt; + CK_C_DecryptUpdate C_DecryptUpdate; + CK_C_DecryptFinal C_DecryptFinal; + CK_C_DigestInit C_DigestInit; + CK_C_Digest C_Digest; + CK_C_DigestUpdate C_DigestUpdate; + CK_C_DigestKey C_DigestKey; + CK_C_DigestFinal C_DigestFinal; + CK_C_SignInit C_SignInit; + CK_C_Sign C_Sign; + CK_C_SignUpdate C_SignUpdate; + CK_C_SignFinal C_SignFinal; + CK_C_SignRecoverInit C_SignRecoverInit; + CK_C_SignRecover C_SignRecover; + CK_C_VerifyInit C_VerifyInit; + CK_C_Verify C_Verify; + CK_C_VerifyUpdate C_VerifyUpdate; + CK_C_VerifyFinal C_VerifyFinal; + CK_C_VerifyRecoverInit C_VerifyRecoverInit; + CK_C_VerifyRecover C_VerifyRecover; + CK_C_DigestEncryptUpdate C_DigestEncryptUpdate; + CK_C_DecryptDigestUpdate C_DecryptDigestUpdate; + CK_C_SignEncryptUpdate C_SignEncryptUpdate; + CK_C_DecryptVerifyUpdate C_DecryptVerifyUpdate; + CK_C_GenerateKey C_GenerateKey; + CK_C_GenerateKeyPair C_GenerateKeyPair; + CK_C_WrapKey C_WrapKey; + CK_C_UnwrapKey C_UnwrapKey; + CK_C_DeriveKey C_DeriveKey; + CK_C_SeedRandom C_SeedRandom; + CK_C_GenerateRandom C_GenerateRandom; + CK_C_GetFunctionStatus C_GetFunctionStatus; + CK_C_CancelFunction C_CancelFunction; + CK_C_WaitForSlotEvent C_WaitForSlotEvent; +}; + + +#endif diff --git a/source/pkcs11/v2.40/pkcs11f.h b/source/pkcs11/v2.40/pkcs11f.h deleted file mode 100644 index ed90affc5..000000000 --- a/source/pkcs11/v2.40/pkcs11f.h +++ /dev/null @@ -1,939 +0,0 @@ -/* Copyright (c) OASIS Open 2016. All Rights Reserved./ - * /Distributed under the terms of the OASIS IPR Policy, - * [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY - * IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS FOR A - * PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others. - */ - -/* Latest version of the specification: - * http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html - */ - -/* This header file contains pretty much everything about all the - * Cryptoki function prototypes. Because this information is - * used for more than just declaring function prototypes, the - * order of the functions appearing herein is important, and - * should not be altered. - */ - -/* General-purpose */ - -/* C_Initialize initializes the Cryptoki library. */ -CK_PKCS11_FUNCTION_INFO(C_Initialize) -#ifdef CK_NEED_ARG_LIST -( - CK_VOID_PTR pInitArgs /* if this is not NULL_PTR, it gets - * cast to CK_C_INITIALIZE_ARGS_PTR - * and dereferenced - */ -); -#endif - - -/* C_Finalize indicates that an application is done with the - * Cryptoki library. - */ -CK_PKCS11_FUNCTION_INFO(C_Finalize) -#ifdef CK_NEED_ARG_LIST -( - CK_VOID_PTR pReserved /* reserved. Should be NULL_PTR */ -); -#endif - - -/* C_GetInfo returns general information about Cryptoki. */ -CK_PKCS11_FUNCTION_INFO(C_GetInfo) -#ifdef CK_NEED_ARG_LIST -( - CK_INFO_PTR pInfo /* location that receives information */ -); -#endif - - -/* C_GetFunctionList returns the function list. */ -CK_PKCS11_FUNCTION_INFO(C_GetFunctionList) -#ifdef CK_NEED_ARG_LIST -( - CK_FUNCTION_LIST_PTR_PTR ppFunctionList /* receives pointer to - * function list - */ -); -#endif - - - -/* Slot and token management */ - -/* C_GetSlotList obtains a list of slots in the system. */ -CK_PKCS11_FUNCTION_INFO(C_GetSlotList) -#ifdef CK_NEED_ARG_LIST -( - CK_BBOOL tokenPresent, /* only slots with tokens */ - CK_SLOT_ID_PTR pSlotList, /* receives array of slot IDs */ - CK_ULONG_PTR pulCount /* receives number of slots */ -); -#endif - - -/* C_GetSlotInfo obtains information about a particular slot in - * the system. - */ -CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo) -#ifdef CK_NEED_ARG_LIST -( - CK_SLOT_ID slotID, /* the ID of the slot */ - CK_SLOT_INFO_PTR pInfo /* receives the slot information */ -); -#endif - - -/* C_GetTokenInfo obtains information about a particular token - * in the system. - */ -CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo) -#ifdef CK_NEED_ARG_LIST -( - CK_SLOT_ID slotID, /* ID of the token's slot */ - CK_TOKEN_INFO_PTR pInfo /* receives the token information */ -); -#endif - - -/* C_GetMechanismList obtains a list of mechanism types - * supported by a token. - */ -CK_PKCS11_FUNCTION_INFO(C_GetMechanismList) -#ifdef CK_NEED_ARG_LIST -( - CK_SLOT_ID slotID, /* ID of token's slot */ - CK_MECHANISM_TYPE_PTR pMechanismList, /* gets mech. array */ - CK_ULONG_PTR pulCount /* gets # of mechs. */ -); -#endif - - -/* C_GetMechanismInfo obtains information about a particular - * mechanism possibly supported by a token. - */ -CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo) -#ifdef CK_NEED_ARG_LIST -( - CK_SLOT_ID slotID, /* ID of the token's slot */ - CK_MECHANISM_TYPE type, /* type of mechanism */ - CK_MECHANISM_INFO_PTR pInfo /* receives mechanism info */ -); -#endif - - -/* C_InitToken initializes a token. */ -CK_PKCS11_FUNCTION_INFO(C_InitToken) -#ifdef CK_NEED_ARG_LIST -( - CK_SLOT_ID slotID, /* ID of the token's slot */ - CK_UTF8CHAR_PTR pPin, /* the SO's initial PIN */ - CK_ULONG ulPinLen, /* length in bytes of the PIN */ - CK_UTF8CHAR_PTR pLabel /* 32-byte token label (blank padded) */ -); -#endif - - -/* C_InitPIN initializes the normal user's PIN. */ -CK_PKCS11_FUNCTION_INFO(C_InitPIN) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_UTF8CHAR_PTR pPin, /* the normal user's PIN */ - CK_ULONG ulPinLen /* length in bytes of the PIN */ -); -#endif - - -/* C_SetPIN modifies the PIN of the user who is logged in. */ -CK_PKCS11_FUNCTION_INFO(C_SetPIN) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_UTF8CHAR_PTR pOldPin, /* the old PIN */ - CK_ULONG ulOldLen, /* length of the old PIN */ - CK_UTF8CHAR_PTR pNewPin, /* the new PIN */ - CK_ULONG ulNewLen /* length of the new PIN */ -); -#endif - - - -/* Session management */ - -/* C_OpenSession opens a session between an application and a - * token. - */ -CK_PKCS11_FUNCTION_INFO(C_OpenSession) -#ifdef CK_NEED_ARG_LIST -( - CK_SLOT_ID slotID, /* the slot's ID */ - CK_FLAGS flags, /* from CK_SESSION_INFO */ - CK_VOID_PTR pApplication, /* passed to callback */ - CK_NOTIFY Notify, /* callback function */ - CK_SESSION_HANDLE_PTR phSession /* gets session handle */ -); -#endif - - -/* C_CloseSession closes a session between an application and a - * token. - */ -CK_PKCS11_FUNCTION_INFO(C_CloseSession) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession /* the session's handle */ -); -#endif - - -/* C_CloseAllSessions closes all sessions with a token. */ -CK_PKCS11_FUNCTION_INFO(C_CloseAllSessions) -#ifdef CK_NEED_ARG_LIST -( - CK_SLOT_ID slotID /* the token's slot */ -); -#endif - - -/* C_GetSessionInfo obtains information about the session. */ -CK_PKCS11_FUNCTION_INFO(C_GetSessionInfo) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_SESSION_INFO_PTR pInfo /* receives session info */ -); -#endif - - -/* C_GetOperationState obtains the state of the cryptographic operation - * in a session. - */ -CK_PKCS11_FUNCTION_INFO(C_GetOperationState) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* session's handle */ - CK_BYTE_PTR pOperationState, /* gets state */ - CK_ULONG_PTR pulOperationStateLen /* gets state length */ -); -#endif - - -/* C_SetOperationState restores the state of the cryptographic - * operation in a session. - */ -CK_PKCS11_FUNCTION_INFO(C_SetOperationState) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* session's handle */ - CK_BYTE_PTR pOperationState, /* holds state */ - CK_ULONG ulOperationStateLen, /* holds state length */ - CK_OBJECT_HANDLE hEncryptionKey, /* en/decryption key */ - CK_OBJECT_HANDLE hAuthenticationKey /* sign/verify key */ -); -#endif - - -/* C_Login logs a user into a token. */ -CK_PKCS11_FUNCTION_INFO(C_Login) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_USER_TYPE userType, /* the user type */ - CK_UTF8CHAR_PTR pPin, /* the user's PIN */ - CK_ULONG ulPinLen /* the length of the PIN */ -); -#endif - - -/* C_Logout logs a user out from a token. */ -CK_PKCS11_FUNCTION_INFO(C_Logout) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession /* the session's handle */ -); -#endif - - - -/* Object management */ - -/* C_CreateObject creates a new object. */ -CK_PKCS11_FUNCTION_INFO(C_CreateObject) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_ATTRIBUTE_PTR pTemplate, /* the object's template */ - CK_ULONG ulCount, /* attributes in template */ - CK_OBJECT_HANDLE_PTR phObject /* gets new object's handle. */ -); -#endif - - -/* C_CopyObject copies an object, creating a new object for the - * copy. - */ -CK_PKCS11_FUNCTION_INFO(C_CopyObject) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_OBJECT_HANDLE hObject, /* the object's handle */ - CK_ATTRIBUTE_PTR pTemplate, /* template for new object */ - CK_ULONG ulCount, /* attributes in template */ - CK_OBJECT_HANDLE_PTR phNewObject /* receives handle of copy */ -); -#endif - - -/* C_DestroyObject destroys an object. */ -CK_PKCS11_FUNCTION_INFO(C_DestroyObject) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_OBJECT_HANDLE hObject /* the object's handle */ -); -#endif - - -/* C_GetObjectSize gets the size of an object in bytes. */ -CK_PKCS11_FUNCTION_INFO(C_GetObjectSize) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_OBJECT_HANDLE hObject, /* the object's handle */ - CK_ULONG_PTR pulSize /* receives size of object */ -); -#endif - - -/* C_GetAttributeValue obtains the value of one or more object - * attributes. - */ -CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_OBJECT_HANDLE hObject, /* the object's handle */ - CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs; gets vals */ - CK_ULONG ulCount /* attributes in template */ -); -#endif - - -/* C_SetAttributeValue modifies the value of one or more object - * attributes. - */ -CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_OBJECT_HANDLE hObject, /* the object's handle */ - CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs and values */ - CK_ULONG ulCount /* attributes in template */ -); -#endif - - -/* C_FindObjectsInit initializes a search for token and session - * objects that match a template. - */ -CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_ATTRIBUTE_PTR pTemplate, /* attribute values to match */ - CK_ULONG ulCount /* attrs in search template */ -); -#endif - - -/* C_FindObjects continues a search for token and session - * objects that match a template, obtaining additional object - * handles. - */ -CK_PKCS11_FUNCTION_INFO(C_FindObjects) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* session's handle */ - CK_OBJECT_HANDLE_PTR phObject, /* gets obj. handles */ - CK_ULONG ulMaxObjectCount, /* max handles to get */ - CK_ULONG_PTR pulObjectCount /* actual # returned */ -); -#endif - - -/* C_FindObjectsFinal finishes a search for token and session - * objects. - */ -CK_PKCS11_FUNCTION_INFO(C_FindObjectsFinal) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession /* the session's handle */ -); -#endif - - - -/* Encryption and decryption */ - -/* C_EncryptInit initializes an encryption operation. */ -CK_PKCS11_FUNCTION_INFO(C_EncryptInit) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_MECHANISM_PTR pMechanism, /* the encryption mechanism */ - CK_OBJECT_HANDLE hKey /* handle of encryption key */ -); -#endif - - -/* C_Encrypt encrypts single-part data. */ -CK_PKCS11_FUNCTION_INFO(C_Encrypt) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* session's handle */ - CK_BYTE_PTR pData, /* the plaintext data */ - CK_ULONG ulDataLen, /* bytes of plaintext */ - CK_BYTE_PTR pEncryptedData, /* gets ciphertext */ - CK_ULONG_PTR pulEncryptedDataLen /* gets c-text size */ -); -#endif - - -/* C_EncryptUpdate continues a multiple-part encryption - * operation. - */ -CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* session's handle */ - CK_BYTE_PTR pPart, /* the plaintext data */ - CK_ULONG ulPartLen, /* plaintext data len */ - CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */ - CK_ULONG_PTR pulEncryptedPartLen /* gets c-text size */ -); -#endif - - -/* C_EncryptFinal finishes a multiple-part encryption - * operation. - */ -CK_PKCS11_FUNCTION_INFO(C_EncryptFinal) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* session handle */ - CK_BYTE_PTR pLastEncryptedPart, /* last c-text */ - CK_ULONG_PTR pulLastEncryptedPartLen /* gets last size */ -); -#endif - - -/* C_DecryptInit initializes a decryption operation. */ -CK_PKCS11_FUNCTION_INFO(C_DecryptInit) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_MECHANISM_PTR pMechanism, /* the decryption mechanism */ - CK_OBJECT_HANDLE hKey /* handle of decryption key */ -); -#endif - - -/* C_Decrypt decrypts encrypted data in a single part. */ -CK_PKCS11_FUNCTION_INFO(C_Decrypt) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* session's handle */ - CK_BYTE_PTR pEncryptedData, /* ciphertext */ - CK_ULONG ulEncryptedDataLen, /* ciphertext length */ - CK_BYTE_PTR pData, /* gets plaintext */ - CK_ULONG_PTR pulDataLen /* gets p-text size */ -); -#endif - - -/* C_DecryptUpdate continues a multiple-part decryption - * operation. - */ -CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* session's handle */ - CK_BYTE_PTR pEncryptedPart, /* encrypted data */ - CK_ULONG ulEncryptedPartLen, /* input length */ - CK_BYTE_PTR pPart, /* gets plaintext */ - CK_ULONG_PTR pulPartLen /* p-text size */ -); -#endif - - -/* C_DecryptFinal finishes a multiple-part decryption - * operation. - */ -CK_PKCS11_FUNCTION_INFO(C_DecryptFinal) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pLastPart, /* gets plaintext */ - CK_ULONG_PTR pulLastPartLen /* p-text size */ -); -#endif - - - -/* Message digesting */ - -/* C_DigestInit initializes a message-digesting operation. */ -CK_PKCS11_FUNCTION_INFO(C_DigestInit) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_MECHANISM_PTR pMechanism /* the digesting mechanism */ -); -#endif - - -/* C_Digest digests data in a single part. */ -CK_PKCS11_FUNCTION_INFO(C_Digest) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pData, /* data to be digested */ - CK_ULONG ulDataLen, /* bytes of data to digest */ - CK_BYTE_PTR pDigest, /* gets the message digest */ - CK_ULONG_PTR pulDigestLen /* gets digest length */ -); -#endif - - -/* C_DigestUpdate continues a multiple-part message-digesting - * operation. - */ -CK_PKCS11_FUNCTION_INFO(C_DigestUpdate) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pPart, /* data to be digested */ - CK_ULONG ulPartLen /* bytes of data to be digested */ -); -#endif - - -/* C_DigestKey continues a multi-part message-digesting - * operation, by digesting the value of a secret key as part of - * the data already digested. - */ -CK_PKCS11_FUNCTION_INFO(C_DigestKey) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_OBJECT_HANDLE hKey /* secret key to digest */ -); -#endif - - -/* C_DigestFinal finishes a multiple-part message-digesting - * operation. - */ -CK_PKCS11_FUNCTION_INFO(C_DigestFinal) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pDigest, /* gets the message digest */ - CK_ULONG_PTR pulDigestLen /* gets byte count of digest */ -); -#endif - - - -/* Signing and MACing */ - -/* C_SignInit initializes a signature (private key encryption) - * operation, where the signature is (will be) an appendix to - * the data, and plaintext cannot be recovered from the - * signature. - */ -CK_PKCS11_FUNCTION_INFO(C_SignInit) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_MECHANISM_PTR pMechanism, /* the signature mechanism */ - CK_OBJECT_HANDLE hKey /* handle of signature key */ -); -#endif - - -/* C_Sign signs (encrypts with private key) data in a single - * part, where the signature is (will be) an appendix to the - * data, and plaintext cannot be recovered from the signature. - */ -CK_PKCS11_FUNCTION_INFO(C_Sign) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pData, /* the data to sign */ - CK_ULONG ulDataLen, /* count of bytes to sign */ - CK_BYTE_PTR pSignature, /* gets the signature */ - CK_ULONG_PTR pulSignatureLen /* gets signature length */ -); -#endif - - -/* C_SignUpdate continues a multiple-part signature operation, - * where the signature is (will be) an appendix to the data, - * and plaintext cannot be recovered from the signature. - */ -CK_PKCS11_FUNCTION_INFO(C_SignUpdate) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pPart, /* the data to sign */ - CK_ULONG ulPartLen /* count of bytes to sign */ -); -#endif - - -/* C_SignFinal finishes a multiple-part signature operation, - * returning the signature. - */ -CK_PKCS11_FUNCTION_INFO(C_SignFinal) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pSignature, /* gets the signature */ - CK_ULONG_PTR pulSignatureLen /* gets signature length */ -); -#endif - - -/* C_SignRecoverInit initializes a signature operation, where - * the data can be recovered from the signature. - */ -CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_MECHANISM_PTR pMechanism, /* the signature mechanism */ - CK_OBJECT_HANDLE hKey /* handle of the signature key */ -); -#endif - - -/* C_SignRecover signs data in a single operation, where the - * data can be recovered from the signature. - */ -CK_PKCS11_FUNCTION_INFO(C_SignRecover) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pData, /* the data to sign */ - CK_ULONG ulDataLen, /* count of bytes to sign */ - CK_BYTE_PTR pSignature, /* gets the signature */ - CK_ULONG_PTR pulSignatureLen /* gets signature length */ -); -#endif - - - -/* Verifying signatures and MACs */ - -/* C_VerifyInit initializes a verification operation, where the - * signature is an appendix to the data, and plaintext cannot - * cannot be recovered from the signature (e.g. DSA). - */ -CK_PKCS11_FUNCTION_INFO(C_VerifyInit) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_MECHANISM_PTR pMechanism, /* the verification mechanism */ - CK_OBJECT_HANDLE hKey /* verification key */ -); -#endif - - -/* C_Verify verifies a signature in a single-part operation, - * where the signature is an appendix to the data, and plaintext - * cannot be recovered from the signature. - */ -CK_PKCS11_FUNCTION_INFO(C_Verify) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pData, /* signed data */ - CK_ULONG ulDataLen, /* length of signed data */ - CK_BYTE_PTR pSignature, /* signature */ - CK_ULONG ulSignatureLen /* signature length*/ -); -#endif - - -/* C_VerifyUpdate continues a multiple-part verification - * operation, where the signature is an appendix to the data, - * and plaintext cannot be recovered from the signature. - */ -CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pPart, /* signed data */ - CK_ULONG ulPartLen /* length of signed data */ -); -#endif - - -/* C_VerifyFinal finishes a multiple-part verification - * operation, checking the signature. - */ -CK_PKCS11_FUNCTION_INFO(C_VerifyFinal) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pSignature, /* signature to verify */ - CK_ULONG ulSignatureLen /* signature length */ -); -#endif - - -/* C_VerifyRecoverInit initializes a signature verification - * operation, where the data is recovered from the signature. - */ -CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_MECHANISM_PTR pMechanism, /* the verification mechanism */ - CK_OBJECT_HANDLE hKey /* verification key */ -); -#endif - - -/* C_VerifyRecover verifies a signature in a single-part - * operation, where the data is recovered from the signature. - */ -CK_PKCS11_FUNCTION_INFO(C_VerifyRecover) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pSignature, /* signature to verify */ - CK_ULONG ulSignatureLen, /* signature length */ - CK_BYTE_PTR pData, /* gets signed data */ - CK_ULONG_PTR pulDataLen /* gets signed data len */ -); -#endif - - - -/* Dual-function cryptographic operations */ - -/* C_DigestEncryptUpdate continues a multiple-part digesting - * and encryption operation. - */ -CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* session's handle */ - CK_BYTE_PTR pPart, /* the plaintext data */ - CK_ULONG ulPartLen, /* plaintext length */ - CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */ - CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */ -); -#endif - - -/* C_DecryptDigestUpdate continues a multiple-part decryption and - * digesting operation. - */ -CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* session's handle */ - CK_BYTE_PTR pEncryptedPart, /* ciphertext */ - CK_ULONG ulEncryptedPartLen, /* ciphertext length */ - CK_BYTE_PTR pPart, /* gets plaintext */ - CK_ULONG_PTR pulPartLen /* gets plaintext len */ -); -#endif - - -/* C_SignEncryptUpdate continues a multiple-part signing and - * encryption operation. - */ -CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* session's handle */ - CK_BYTE_PTR pPart, /* the plaintext data */ - CK_ULONG ulPartLen, /* plaintext length */ - CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */ - CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */ -); -#endif - - -/* C_DecryptVerifyUpdate continues a multiple-part decryption and - * verify operation. - */ -CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* session's handle */ - CK_BYTE_PTR pEncryptedPart, /* ciphertext */ - CK_ULONG ulEncryptedPartLen, /* ciphertext length */ - CK_BYTE_PTR pPart, /* gets plaintext */ - CK_ULONG_PTR pulPartLen /* gets p-text length */ -); -#endif - - - -/* Key management */ - -/* C_GenerateKey generates a secret key, creating a new key - * object. - */ -CK_PKCS11_FUNCTION_INFO(C_GenerateKey) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_MECHANISM_PTR pMechanism, /* key generation mech. */ - CK_ATTRIBUTE_PTR pTemplate, /* template for new key */ - CK_ULONG ulCount, /* # of attrs in template */ - CK_OBJECT_HANDLE_PTR phKey /* gets handle of new key */ -); -#endif - - -/* C_GenerateKeyPair generates a public-key/private-key pair, - * creating new key objects. - */ -CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* session handle */ - CK_MECHANISM_PTR pMechanism, /* key-gen mech. */ - CK_ATTRIBUTE_PTR pPublicKeyTemplate, /* template for pub. key */ - CK_ULONG ulPublicKeyAttributeCount, /* # pub. attrs. */ - CK_ATTRIBUTE_PTR pPrivateKeyTemplate, /* template for priv. key */ - CK_ULONG ulPrivateKeyAttributeCount, /* # priv. attrs. */ - CK_OBJECT_HANDLE_PTR phPublicKey, /* gets pub. key handle */ - CK_OBJECT_HANDLE_PTR phPrivateKey /* gets priv. key handle */ -); -#endif - - -/* C_WrapKey wraps (i.e., encrypts) a key. */ -CK_PKCS11_FUNCTION_INFO(C_WrapKey) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_MECHANISM_PTR pMechanism, /* the wrapping mechanism */ - CK_OBJECT_HANDLE hWrappingKey, /* wrapping key */ - CK_OBJECT_HANDLE hKey, /* key to be wrapped */ - CK_BYTE_PTR pWrappedKey, /* gets wrapped key */ - CK_ULONG_PTR pulWrappedKeyLen /* gets wrapped key size */ -); -#endif - - -/* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new - * key object. - */ -CK_PKCS11_FUNCTION_INFO(C_UnwrapKey) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* session's handle */ - CK_MECHANISM_PTR pMechanism, /* unwrapping mech. */ - CK_OBJECT_HANDLE hUnwrappingKey, /* unwrapping key */ - CK_BYTE_PTR pWrappedKey, /* the wrapped key */ - CK_ULONG ulWrappedKeyLen, /* wrapped key len */ - CK_ATTRIBUTE_PTR pTemplate, /* new key template */ - CK_ULONG ulAttributeCount, /* template length */ - CK_OBJECT_HANDLE_PTR phKey /* gets new handle */ -); -#endif - - -/* C_DeriveKey derives a key from a base key, creating a new key - * object. - */ -CK_PKCS11_FUNCTION_INFO(C_DeriveKey) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* session's handle */ - CK_MECHANISM_PTR pMechanism, /* key deriv. mech. */ - CK_OBJECT_HANDLE hBaseKey, /* base key */ - CK_ATTRIBUTE_PTR pTemplate, /* new key template */ - CK_ULONG ulAttributeCount, /* template length */ - CK_OBJECT_HANDLE_PTR phKey /* gets new handle */ -); -#endif - - - -/* Random number generation */ - -/* C_SeedRandom mixes additional seed material into the token's - * random number generator. - */ -CK_PKCS11_FUNCTION_INFO(C_SeedRandom) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pSeed, /* the seed material */ - CK_ULONG ulSeedLen /* length of seed material */ -); -#endif - - -/* C_GenerateRandom generates random data. */ -CK_PKCS11_FUNCTION_INFO(C_GenerateRandom) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR RandomData, /* receives the random data */ - CK_ULONG ulRandomLen /* # of bytes to generate */ -); -#endif - - - -/* Parallel function management */ - -/* C_GetFunctionStatus is a legacy function; it obtains an - * updated status of a function running in parallel with an - * application. - */ -CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession /* the session's handle */ -); -#endif - - -/* C_CancelFunction is a legacy function; it cancels a function - * running in parallel. - */ -CK_PKCS11_FUNCTION_INFO(C_CancelFunction) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession /* the session's handle */ -); -#endif - - -/* C_WaitForSlotEvent waits for a slot event (token insertion, - * removal, etc.) to occur. - */ -CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent) -#ifdef CK_NEED_ARG_LIST -( - CK_FLAGS flags, /* blocking/nonblocking flag */ - CK_SLOT_ID_PTR pSlot, /* location that receives the slot ID */ - CK_VOID_PTR pRserved /* reserved. Should be NULL_PTR */ -); -#endif - diff --git a/source/pkcs11/v2.40/pkcs11t.h b/source/pkcs11/v2.40/pkcs11t.h deleted file mode 100644 index c13e67cf5..000000000 --- a/source/pkcs11/v2.40/pkcs11t.h +++ /dev/null @@ -1,2003 +0,0 @@ -/* Copyright (c) OASIS Open 2016. All Rights Reserved./ - * /Distributed under the terms of the OASIS IPR Policy, - * [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY - * IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS FOR A - * PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others. - */ - -/* Latest version of the specification: - * http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html - */ - -/* See top of pkcs11.h for information about the macros that - * must be defined and the structure-packing conventions that - * must be set before including this file. - */ - -#ifndef _PKCS11T_H_ -#define _PKCS11T_H_ 1 - -#define CRYPTOKI_VERSION_MAJOR 2 -#define CRYPTOKI_VERSION_MINOR 40 -#define CRYPTOKI_VERSION_AMENDMENT 0 - -#define CK_TRUE 1 -#define CK_FALSE 0 - -#ifndef CK_DISABLE_TRUE_FALSE -#ifndef FALSE -#define FALSE CK_FALSE -#endif -#ifndef TRUE -#define TRUE CK_TRUE -#endif -#endif - -/* an unsigned 8-bit value */ -typedef unsigned char CK_BYTE; - -/* an unsigned 8-bit character */ -typedef CK_BYTE CK_CHAR; - -/* an 8-bit UTF-8 character */ -typedef CK_BYTE CK_UTF8CHAR; - -/* a BYTE-sized Boolean flag */ -typedef CK_BYTE CK_BBOOL; - -/* an unsigned value, at least 32 bits long */ -typedef unsigned long int CK_ULONG; - -/* a signed value, the same size as a CK_ULONG */ -typedef long int CK_LONG; - -/* at least 32 bits; each bit is a Boolean flag */ -typedef CK_ULONG CK_FLAGS; - - -/* some special values for certain CK_ULONG variables */ -#define CK_UNAVAILABLE_INFORMATION (~0UL) -#define CK_EFFECTIVELY_INFINITE 0UL - - -typedef CK_BYTE CK_PTR CK_BYTE_PTR; -typedef CK_CHAR CK_PTR CK_CHAR_PTR; -typedef CK_UTF8CHAR CK_PTR CK_UTF8CHAR_PTR; -typedef CK_ULONG CK_PTR CK_ULONG_PTR; -typedef void CK_PTR CK_VOID_PTR; - -/* Pointer to a CK_VOID_PTR-- i.e., pointer to pointer to void */ -typedef CK_VOID_PTR CK_PTR CK_VOID_PTR_PTR; - - -/* The following value is always invalid if used as a session - * handle or object handle - */ -#define CK_INVALID_HANDLE 0UL - - -typedef struct CK_VERSION { - CK_BYTE major; /* integer portion of version number */ - CK_BYTE minor; /* 1/100ths portion of version number */ -} CK_VERSION; - -typedef CK_VERSION CK_PTR CK_VERSION_PTR; - - -typedef struct CK_INFO { - CK_VERSION cryptokiVersion; /* Cryptoki interface ver */ - CK_UTF8CHAR manufacturerID[32]; /* blank padded */ - CK_FLAGS flags; /* must be zero */ - CK_UTF8CHAR libraryDescription[32]; /* blank padded */ - CK_VERSION libraryVersion; /* version of library */ -} CK_INFO; - -typedef CK_INFO CK_PTR CK_INFO_PTR; - - -/* CK_NOTIFICATION enumerates the types of notifications that - * Cryptoki provides to an application - */ -typedef CK_ULONG CK_NOTIFICATION; -#define CKN_SURRENDER 0UL -#define CKN_OTP_CHANGED 1UL - -typedef CK_ULONG CK_SLOT_ID; - -typedef CK_SLOT_ID CK_PTR CK_SLOT_ID_PTR; - - -/* CK_SLOT_INFO provides information about a slot */ -typedef struct CK_SLOT_INFO { - CK_UTF8CHAR slotDescription[64]; /* blank padded */ - CK_UTF8CHAR manufacturerID[32]; /* blank padded */ - CK_FLAGS flags; - - CK_VERSION hardwareVersion; /* version of hardware */ - CK_VERSION firmwareVersion; /* version of firmware */ -} CK_SLOT_INFO; - -/* flags: bit flags that provide capabilities of the slot - * Bit Flag Mask Meaning - */ -#define CKF_TOKEN_PRESENT 0x00000001UL /* a token is there */ -#define CKF_REMOVABLE_DEVICE 0x00000002UL /* removable devices*/ -#define CKF_HW_SLOT 0x00000004UL /* hardware slot */ - -typedef CK_SLOT_INFO CK_PTR CK_SLOT_INFO_PTR; - - -/* CK_TOKEN_INFO provides information about a token */ -typedef struct CK_TOKEN_INFO { - CK_UTF8CHAR label[32]; /* blank padded */ - CK_UTF8CHAR manufacturerID[32]; /* blank padded */ - CK_UTF8CHAR model[16]; /* blank padded */ - CK_CHAR serialNumber[16]; /* blank padded */ - CK_FLAGS flags; /* see below */ - - CK_ULONG ulMaxSessionCount; /* max open sessions */ - CK_ULONG ulSessionCount; /* sess. now open */ - CK_ULONG ulMaxRwSessionCount; /* max R/W sessions */ - CK_ULONG ulRwSessionCount; /* R/W sess. now open */ - CK_ULONG ulMaxPinLen; /* in bytes */ - CK_ULONG ulMinPinLen; /* in bytes */ - CK_ULONG ulTotalPublicMemory; /* in bytes */ - CK_ULONG ulFreePublicMemory; /* in bytes */ - CK_ULONG ulTotalPrivateMemory; /* in bytes */ - CK_ULONG ulFreePrivateMemory; /* in bytes */ - CK_VERSION hardwareVersion; /* version of hardware */ - CK_VERSION firmwareVersion; /* version of firmware */ - CK_CHAR utcTime[16]; /* time */ -} CK_TOKEN_INFO; - -/* The flags parameter is defined as follows: - * Bit Flag Mask Meaning - */ -#define CKF_RNG 0x00000001UL /* has random # generator */ -#define CKF_WRITE_PROTECTED 0x00000002UL /* token is write-protected */ -#define CKF_LOGIN_REQUIRED 0x00000004UL /* user must login */ -#define CKF_USER_PIN_INITIALIZED 0x00000008UL /* normal user's PIN is set */ - -/* CKF_RESTORE_KEY_NOT_NEEDED. If it is set, - * that means that *every* time the state of cryptographic - * operations of a session is successfully saved, all keys - * needed to continue those operations are stored in the state - */ -#define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020UL - -/* CKF_CLOCK_ON_TOKEN. If it is set, that means - * that the token has some sort of clock. The time on that - * clock is returned in the token info structure - */ -#define CKF_CLOCK_ON_TOKEN 0x00000040UL - -/* CKF_PROTECTED_AUTHENTICATION_PATH. If it is - * set, that means that there is some way for the user to login - * without sending a PIN through the Cryptoki library itself - */ -#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100UL - -/* CKF_DUAL_CRYPTO_OPERATIONS. If it is true, - * that means that a single session with the token can perform - * dual simultaneous cryptographic operations (digest and - * encrypt; decrypt and digest; sign and encrypt; and decrypt - * and sign) - */ -#define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200UL - -/* CKF_TOKEN_INITIALIZED. If it is true, the - * token has been initialized using C_InitializeToken or an - * equivalent mechanism outside the scope of PKCS #11. - * Calling C_InitializeToken when this flag is set will cause - * the token to be reinitialized. - */ -#define CKF_TOKEN_INITIALIZED 0x00000400UL - -/* CKF_SECONDARY_AUTHENTICATION. If it is - * true, the token supports secondary authentication for - * private key objects. - */ -#define CKF_SECONDARY_AUTHENTICATION 0x00000800UL - -/* CKF_USER_PIN_COUNT_LOW. If it is true, an - * incorrect user login PIN has been entered at least once - * since the last successful authentication. - */ -#define CKF_USER_PIN_COUNT_LOW 0x00010000UL - -/* CKF_USER_PIN_FINAL_TRY. If it is true, - * supplying an incorrect user PIN will it to become locked. - */ -#define CKF_USER_PIN_FINAL_TRY 0x00020000UL - -/* CKF_USER_PIN_LOCKED. If it is true, the - * user PIN has been locked. User login to the token is not - * possible. - */ -#define CKF_USER_PIN_LOCKED 0x00040000UL - -/* CKF_USER_PIN_TO_BE_CHANGED. If it is true, - * the user PIN value is the default value set by token - * initialization or manufacturing, or the PIN has been - * expired by the card. - */ -#define CKF_USER_PIN_TO_BE_CHANGED 0x00080000UL - -/* CKF_SO_PIN_COUNT_LOW. If it is true, an - * incorrect SO login PIN has been entered at least once since - * the last successful authentication. - */ -#define CKF_SO_PIN_COUNT_LOW 0x00100000UL - -/* CKF_SO_PIN_FINAL_TRY. If it is true, - * supplying an incorrect SO PIN will it to become locked. - */ -#define CKF_SO_PIN_FINAL_TRY 0x00200000UL - -/* CKF_SO_PIN_LOCKED. If it is true, the SO - * PIN has been locked. SO login to the token is not possible. - */ -#define CKF_SO_PIN_LOCKED 0x00400000UL - -/* CKF_SO_PIN_TO_BE_CHANGED. If it is true, - * the SO PIN value is the default value set by token - * initialization or manufacturing, or the PIN has been - * expired by the card. - */ -#define CKF_SO_PIN_TO_BE_CHANGED 0x00800000UL - -#define CKF_ERROR_STATE 0x01000000UL - -typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR; - - -/* CK_SESSION_HANDLE is a Cryptoki-assigned value that - * identifies a session - */ -typedef CK_ULONG CK_SESSION_HANDLE; - -typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR; - - -/* CK_USER_TYPE enumerates the types of Cryptoki users */ -typedef CK_ULONG CK_USER_TYPE; -/* Security Officer */ -#define CKU_SO 0UL -/* Normal user */ -#define CKU_USER 1UL -/* Context specific */ -#define CKU_CONTEXT_SPECIFIC 2UL - -/* CK_STATE enumerates the session states */ -typedef CK_ULONG CK_STATE; -#define CKS_RO_PUBLIC_SESSION 0UL -#define CKS_RO_USER_FUNCTIONS 1UL -#define CKS_RW_PUBLIC_SESSION 2UL -#define CKS_RW_USER_FUNCTIONS 3UL -#define CKS_RW_SO_FUNCTIONS 4UL - -/* CK_SESSION_INFO provides information about a session */ -typedef struct CK_SESSION_INFO { - CK_SLOT_ID slotID; - CK_STATE state; - CK_FLAGS flags; /* see below */ - CK_ULONG ulDeviceError; /* device-dependent error code */ -} CK_SESSION_INFO; - -/* The flags are defined in the following table: - * Bit Flag Mask Meaning - */ -#define CKF_RW_SESSION 0x00000002UL /* session is r/w */ -#define CKF_SERIAL_SESSION 0x00000004UL /* no parallel */ - -typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR; - - -/* CK_OBJECT_HANDLE is a token-specific identifier for an - * object - */ -typedef CK_ULONG CK_OBJECT_HANDLE; - -typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR; - - -/* CK_OBJECT_CLASS is a value that identifies the classes (or - * types) of objects that Cryptoki recognizes. It is defined - * as follows: - */ -typedef CK_ULONG CK_OBJECT_CLASS; - -/* The following classes of objects are defined: */ -#define CKO_DATA 0x00000000UL -#define CKO_CERTIFICATE 0x00000001UL -#define CKO_PUBLIC_KEY 0x00000002UL -#define CKO_PRIVATE_KEY 0x00000003UL -#define CKO_SECRET_KEY 0x00000004UL -#define CKO_HW_FEATURE 0x00000005UL -#define CKO_DOMAIN_PARAMETERS 0x00000006UL -#define CKO_MECHANISM 0x00000007UL -#define CKO_OTP_KEY 0x00000008UL - -#define CKO_VENDOR_DEFINED 0x80000000UL - -typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR; - -/* CK_HW_FEATURE_TYPE is a value that identifies the hardware feature type - * of an object with CK_OBJECT_CLASS equal to CKO_HW_FEATURE. - */ -typedef CK_ULONG CK_HW_FEATURE_TYPE; - -/* The following hardware feature types are defined */ -#define CKH_MONOTONIC_COUNTER 0x00000001UL -#define CKH_CLOCK 0x00000002UL -#define CKH_USER_INTERFACE 0x00000003UL -#define CKH_VENDOR_DEFINED 0x80000000UL - -/* CK_KEY_TYPE is a value that identifies a key type */ -typedef CK_ULONG CK_KEY_TYPE; - -/* the following key types are defined: */ -#define CKK_RSA 0x00000000UL -#define CKK_DSA 0x00000001UL -#define CKK_DH 0x00000002UL -#define CKK_ECDSA 0x00000003UL /* Deprecated */ -#define CKK_EC 0x00000003UL -#define CKK_X9_42_DH 0x00000004UL -#define CKK_KEA 0x00000005UL -#define CKK_GENERIC_SECRET 0x00000010UL -#define CKK_RC2 0x00000011UL -#define CKK_RC4 0x00000012UL -#define CKK_DES 0x00000013UL -#define CKK_DES2 0x00000014UL -#define CKK_DES3 0x00000015UL -#define CKK_CAST 0x00000016UL -#define CKK_CAST3 0x00000017UL -#define CKK_CAST5 0x00000018UL /* Deprecated */ -#define CKK_CAST128 0x00000018UL -#define CKK_RC5 0x00000019UL -#define CKK_IDEA 0x0000001AUL -#define CKK_SKIPJACK 0x0000001BUL -#define CKK_BATON 0x0000001CUL -#define CKK_JUNIPER 0x0000001DUL -#define CKK_CDMF 0x0000001EUL -#define CKK_AES 0x0000001FUL -#define CKK_BLOWFISH 0x00000020UL -#define CKK_TWOFISH 0x00000021UL -#define CKK_SECURID 0x00000022UL -#define CKK_HOTP 0x00000023UL -#define CKK_ACTI 0x00000024UL -#define CKK_CAMELLIA 0x00000025UL -#define CKK_ARIA 0x00000026UL - -#define CKK_MD5_HMAC 0x00000027UL -#define CKK_SHA_1_HMAC 0x00000028UL -#define CKK_RIPEMD128_HMAC 0x00000029UL -#define CKK_RIPEMD160_HMAC 0x0000002AUL -#define CKK_SHA256_HMAC 0x0000002BUL -#define CKK_SHA384_HMAC 0x0000002CUL -#define CKK_SHA512_HMAC 0x0000002DUL -#define CKK_SHA224_HMAC 0x0000002EUL - -#define CKK_SEED 0x0000002FUL -#define CKK_GOSTR3410 0x00000030UL -#define CKK_GOSTR3411 0x00000031UL -#define CKK_GOST28147 0x00000032UL - - - -#define CKK_VENDOR_DEFINED 0x80000000UL - - -/* CK_CERTIFICATE_TYPE is a value that identifies a certificate - * type - */ -typedef CK_ULONG CK_CERTIFICATE_TYPE; - -#define CK_CERTIFICATE_CATEGORY_UNSPECIFIED 0UL -#define CK_CERTIFICATE_CATEGORY_TOKEN_USER 1UL -#define CK_CERTIFICATE_CATEGORY_AUTHORITY 2UL -#define CK_CERTIFICATE_CATEGORY_OTHER_ENTITY 3UL - -#define CK_SECURITY_DOMAIN_UNSPECIFIED 0UL -#define CK_SECURITY_DOMAIN_MANUFACTURER 1UL -#define CK_SECURITY_DOMAIN_OPERATOR 2UL -#define CK_SECURITY_DOMAIN_THIRD_PARTY 3UL - - -/* The following certificate types are defined: */ -#define CKC_X_509 0x00000000UL -#define CKC_X_509_ATTR_CERT 0x00000001UL -#define CKC_WTLS 0x00000002UL -#define CKC_VENDOR_DEFINED 0x80000000UL - - -/* CK_ATTRIBUTE_TYPE is a value that identifies an attribute - * type - */ -typedef CK_ULONG CK_ATTRIBUTE_TYPE; - -/* The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which - * consists of an array of values. - */ -#define CKF_ARRAY_ATTRIBUTE 0x40000000UL - -/* The following OTP-related defines relate to the CKA_OTP_FORMAT attribute */ -#define CK_OTP_FORMAT_DECIMAL 0UL -#define CK_OTP_FORMAT_HEXADECIMAL 1UL -#define CK_OTP_FORMAT_ALPHANUMERIC 2UL -#define CK_OTP_FORMAT_BINARY 3UL - -/* The following OTP-related defines relate to the CKA_OTP_..._REQUIREMENT - * attributes - */ -#define CK_OTP_PARAM_IGNORED 0UL -#define CK_OTP_PARAM_OPTIONAL 1UL -#define CK_OTP_PARAM_MANDATORY 2UL - -/* The following attribute types are defined: */ -#define CKA_CLASS 0x00000000UL -#define CKA_TOKEN 0x00000001UL -#define CKA_PRIVATE 0x00000002UL -#define CKA_LABEL 0x00000003UL -#define CKA_APPLICATION 0x00000010UL -#define CKA_VALUE 0x00000011UL -#define CKA_OBJECT_ID 0x00000012UL -#define CKA_CERTIFICATE_TYPE 0x00000080UL -#define CKA_ISSUER 0x00000081UL -#define CKA_SERIAL_NUMBER 0x00000082UL -#define CKA_AC_ISSUER 0x00000083UL -#define CKA_OWNER 0x00000084UL -#define CKA_ATTR_TYPES 0x00000085UL -#define CKA_TRUSTED 0x00000086UL -#define CKA_CERTIFICATE_CATEGORY 0x00000087UL -#define CKA_JAVA_MIDP_SECURITY_DOMAIN 0x00000088UL -#define CKA_URL 0x00000089UL -#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY 0x0000008AUL -#define CKA_HASH_OF_ISSUER_PUBLIC_KEY 0x0000008BUL -#define CKA_NAME_HASH_ALGORITHM 0x0000008CUL -#define CKA_CHECK_VALUE 0x00000090UL - -#define CKA_KEY_TYPE 0x00000100UL -#define CKA_SUBJECT 0x00000101UL -#define CKA_ID 0x00000102UL -#define CKA_SENSITIVE 0x00000103UL -#define CKA_ENCRYPT 0x00000104UL -#define CKA_DECRYPT 0x00000105UL -#define CKA_WRAP 0x00000106UL -#define CKA_UNWRAP 0x00000107UL -#define CKA_SIGN 0x00000108UL -#define CKA_SIGN_RECOVER 0x00000109UL -#define CKA_VERIFY 0x0000010AUL -#define CKA_VERIFY_RECOVER 0x0000010BUL -#define CKA_DERIVE 0x0000010CUL -#define CKA_START_DATE 0x00000110UL -#define CKA_END_DATE 0x00000111UL -#define CKA_MODULUS 0x00000120UL -#define CKA_MODULUS_BITS 0x00000121UL -#define CKA_PUBLIC_EXPONENT 0x00000122UL -#define CKA_PRIVATE_EXPONENT 0x00000123UL -#define CKA_PRIME_1 0x00000124UL -#define CKA_PRIME_2 0x00000125UL -#define CKA_EXPONENT_1 0x00000126UL -#define CKA_EXPONENT_2 0x00000127UL -#define CKA_COEFFICIENT 0x00000128UL -#define CKA_PUBLIC_KEY_INFO 0x00000129UL -#define CKA_PRIME 0x00000130UL -#define CKA_SUBPRIME 0x00000131UL -#define CKA_BASE 0x00000132UL - -#define CKA_PRIME_BITS 0x00000133UL -#define CKA_SUBPRIME_BITS 0x00000134UL -#define CKA_SUB_PRIME_BITS CKA_SUBPRIME_BITS - -#define CKA_VALUE_BITS 0x00000160UL -#define CKA_VALUE_LEN 0x00000161UL -#define CKA_EXTRACTABLE 0x00000162UL -#define CKA_LOCAL 0x00000163UL -#define CKA_NEVER_EXTRACTABLE 0x00000164UL -#define CKA_ALWAYS_SENSITIVE 0x00000165UL -#define CKA_KEY_GEN_MECHANISM 0x00000166UL - -#define CKA_MODIFIABLE 0x00000170UL -#define CKA_COPYABLE 0x00000171UL - -#define CKA_DESTROYABLE 0x00000172UL - -#define CKA_ECDSA_PARAMS 0x00000180UL /* Deprecated */ -#define CKA_EC_PARAMS 0x00000180UL - -#define CKA_EC_POINT 0x00000181UL - -#define CKA_SECONDARY_AUTH 0x00000200UL /* Deprecated */ -#define CKA_AUTH_PIN_FLAGS 0x00000201UL /* Deprecated */ - -#define CKA_ALWAYS_AUTHENTICATE 0x00000202UL - -#define CKA_WRAP_WITH_TRUSTED 0x00000210UL -#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000211UL) -#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000212UL) -#define CKA_DERIVE_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000213UL) - -#define CKA_OTP_FORMAT 0x00000220UL -#define CKA_OTP_LENGTH 0x00000221UL -#define CKA_OTP_TIME_INTERVAL 0x00000222UL -#define CKA_OTP_USER_FRIENDLY_MODE 0x00000223UL -#define CKA_OTP_CHALLENGE_REQUIREMENT 0x00000224UL -#define CKA_OTP_TIME_REQUIREMENT 0x00000225UL -#define CKA_OTP_COUNTER_REQUIREMENT 0x00000226UL -#define CKA_OTP_PIN_REQUIREMENT 0x00000227UL -#define CKA_OTP_COUNTER 0x0000022EUL -#define CKA_OTP_TIME 0x0000022FUL -#define CKA_OTP_USER_IDENTIFIER 0x0000022AUL -#define CKA_OTP_SERVICE_IDENTIFIER 0x0000022BUL -#define CKA_OTP_SERVICE_LOGO 0x0000022CUL -#define CKA_OTP_SERVICE_LOGO_TYPE 0x0000022DUL - -#define CKA_GOSTR3410_PARAMS 0x00000250UL -#define CKA_GOSTR3411_PARAMS 0x00000251UL -#define CKA_GOST28147_PARAMS 0x00000252UL - -#define CKA_HW_FEATURE_TYPE 0x00000300UL -#define CKA_RESET_ON_INIT 0x00000301UL -#define CKA_HAS_RESET 0x00000302UL - -#define CKA_PIXEL_X 0x00000400UL -#define CKA_PIXEL_Y 0x00000401UL -#define CKA_RESOLUTION 0x00000402UL -#define CKA_CHAR_ROWS 0x00000403UL -#define CKA_CHAR_COLUMNS 0x00000404UL -#define CKA_COLOR 0x00000405UL -#define CKA_BITS_PER_PIXEL 0x00000406UL -#define CKA_CHAR_SETS 0x00000480UL -#define CKA_ENCODING_METHODS 0x00000481UL -#define CKA_MIME_TYPES 0x00000482UL -#define CKA_MECHANISM_TYPE 0x00000500UL -#define CKA_REQUIRED_CMS_ATTRIBUTES 0x00000501UL -#define CKA_DEFAULT_CMS_ATTRIBUTES 0x00000502UL -#define CKA_SUPPORTED_CMS_ATTRIBUTES 0x00000503UL -#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE|0x00000600UL) - -#define CKA_VENDOR_DEFINED 0x80000000UL - -/* CK_ATTRIBUTE is a structure that includes the type, length - * and value of an attribute - */ -typedef struct CK_ATTRIBUTE { - CK_ATTRIBUTE_TYPE type; - CK_VOID_PTR pValue; - CK_ULONG ulValueLen; /* in bytes */ -} CK_ATTRIBUTE; - -typedef CK_ATTRIBUTE CK_PTR CK_ATTRIBUTE_PTR; - -/* CK_DATE is a structure that defines a date */ -typedef struct CK_DATE{ - CK_CHAR year[4]; /* the year ("1900" - "9999") */ - CK_CHAR month[2]; /* the month ("01" - "12") */ - CK_CHAR day[2]; /* the day ("01" - "31") */ -} CK_DATE; - - -/* CK_MECHANISM_TYPE is a value that identifies a mechanism - * type - */ -typedef CK_ULONG CK_MECHANISM_TYPE; - -/* the following mechanism types are defined: */ -#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000UL -#define CKM_RSA_PKCS 0x00000001UL -#define CKM_RSA_9796 0x00000002UL -#define CKM_RSA_X_509 0x00000003UL - -#define CKM_MD2_RSA_PKCS 0x00000004UL -#define CKM_MD5_RSA_PKCS 0x00000005UL -#define CKM_SHA1_RSA_PKCS 0x00000006UL - -#define CKM_RIPEMD128_RSA_PKCS 0x00000007UL -#define CKM_RIPEMD160_RSA_PKCS 0x00000008UL -#define CKM_RSA_PKCS_OAEP 0x00000009UL - -#define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000AUL -#define CKM_RSA_X9_31 0x0000000BUL -#define CKM_SHA1_RSA_X9_31 0x0000000CUL -#define CKM_RSA_PKCS_PSS 0x0000000DUL -#define CKM_SHA1_RSA_PKCS_PSS 0x0000000EUL - -#define CKM_DSA_KEY_PAIR_GEN 0x00000010UL -#define CKM_DSA 0x00000011UL -#define CKM_DSA_SHA1 0x00000012UL -#define CKM_DSA_SHA224 0x00000013UL -#define CKM_DSA_SHA256 0x00000014UL -#define CKM_DSA_SHA384 0x00000015UL -#define CKM_DSA_SHA512 0x00000016UL - -#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020UL -#define CKM_DH_PKCS_DERIVE 0x00000021UL - -#define CKM_X9_42_DH_KEY_PAIR_GEN 0x00000030UL -#define CKM_X9_42_DH_DERIVE 0x00000031UL -#define CKM_X9_42_DH_HYBRID_DERIVE 0x00000032UL -#define CKM_X9_42_MQV_DERIVE 0x00000033UL - -#define CKM_SHA256_RSA_PKCS 0x00000040UL -#define CKM_SHA384_RSA_PKCS 0x00000041UL -#define CKM_SHA512_RSA_PKCS 0x00000042UL -#define CKM_SHA256_RSA_PKCS_PSS 0x00000043UL -#define CKM_SHA384_RSA_PKCS_PSS 0x00000044UL -#define CKM_SHA512_RSA_PKCS_PSS 0x00000045UL - -#define CKM_SHA224_RSA_PKCS 0x00000046UL -#define CKM_SHA224_RSA_PKCS_PSS 0x00000047UL - -#define CKM_SHA512_224 0x00000048UL -#define CKM_SHA512_224_HMAC 0x00000049UL -#define CKM_SHA512_224_HMAC_GENERAL 0x0000004AUL -#define CKM_SHA512_224_KEY_DERIVATION 0x0000004BUL -#define CKM_SHA512_256 0x0000004CUL -#define CKM_SHA512_256_HMAC 0x0000004DUL -#define CKM_SHA512_256_HMAC_GENERAL 0x0000004EUL -#define CKM_SHA512_256_KEY_DERIVATION 0x0000004FUL - -#define CKM_SHA512_T 0x00000050UL -#define CKM_SHA512_T_HMAC 0x00000051UL -#define CKM_SHA512_T_HMAC_GENERAL 0x00000052UL -#define CKM_SHA512_T_KEY_DERIVATION 0x00000053UL - -#define CKM_RC2_KEY_GEN 0x00000100UL -#define CKM_RC2_ECB 0x00000101UL -#define CKM_RC2_CBC 0x00000102UL -#define CKM_RC2_MAC 0x00000103UL - -#define CKM_RC2_MAC_GENERAL 0x00000104UL -#define CKM_RC2_CBC_PAD 0x00000105UL - -#define CKM_RC4_KEY_GEN 0x00000110UL -#define CKM_RC4 0x00000111UL -#define CKM_DES_KEY_GEN 0x00000120UL -#define CKM_DES_ECB 0x00000121UL -#define CKM_DES_CBC 0x00000122UL -#define CKM_DES_MAC 0x00000123UL - -#define CKM_DES_MAC_GENERAL 0x00000124UL -#define CKM_DES_CBC_PAD 0x00000125UL - -#define CKM_DES2_KEY_GEN 0x00000130UL -#define CKM_DES3_KEY_GEN 0x00000131UL -#define CKM_DES3_ECB 0x00000132UL -#define CKM_DES3_CBC 0x00000133UL -#define CKM_DES3_MAC 0x00000134UL - -#define CKM_DES3_MAC_GENERAL 0x00000135UL -#define CKM_DES3_CBC_PAD 0x00000136UL -#define CKM_DES3_CMAC_GENERAL 0x00000137UL -#define CKM_DES3_CMAC 0x00000138UL -#define CKM_CDMF_KEY_GEN 0x00000140UL -#define CKM_CDMF_ECB 0x00000141UL -#define CKM_CDMF_CBC 0x00000142UL -#define CKM_CDMF_MAC 0x00000143UL -#define CKM_CDMF_MAC_GENERAL 0x00000144UL -#define CKM_CDMF_CBC_PAD 0x00000145UL - -#define CKM_DES_OFB64 0x00000150UL -#define CKM_DES_OFB8 0x00000151UL -#define CKM_DES_CFB64 0x00000152UL -#define CKM_DES_CFB8 0x00000153UL - -#define CKM_MD2 0x00000200UL - -#define CKM_MD2_HMAC 0x00000201UL -#define CKM_MD2_HMAC_GENERAL 0x00000202UL - -#define CKM_MD5 0x00000210UL - -#define CKM_MD5_HMAC 0x00000211UL -#define CKM_MD5_HMAC_GENERAL 0x00000212UL - -#define CKM_SHA_1 0x00000220UL - -#define CKM_SHA_1_HMAC 0x00000221UL -#define CKM_SHA_1_HMAC_GENERAL 0x00000222UL - -#define CKM_RIPEMD128 0x00000230UL -#define CKM_RIPEMD128_HMAC 0x00000231UL -#define CKM_RIPEMD128_HMAC_GENERAL 0x00000232UL -#define CKM_RIPEMD160 0x00000240UL -#define CKM_RIPEMD160_HMAC 0x00000241UL -#define CKM_RIPEMD160_HMAC_GENERAL 0x00000242UL - -#define CKM_SHA256 0x00000250UL -#define CKM_SHA256_HMAC 0x00000251UL -#define CKM_SHA256_HMAC_GENERAL 0x00000252UL -#define CKM_SHA224 0x00000255UL -#define CKM_SHA224_HMAC 0x00000256UL -#define CKM_SHA224_HMAC_GENERAL 0x00000257UL -#define CKM_SHA384 0x00000260UL -#define CKM_SHA384_HMAC 0x00000261UL -#define CKM_SHA384_HMAC_GENERAL 0x00000262UL -#define CKM_SHA512 0x00000270UL -#define CKM_SHA512_HMAC 0x00000271UL -#define CKM_SHA512_HMAC_GENERAL 0x00000272UL -#define CKM_SECURID_KEY_GEN 0x00000280UL -#define CKM_SECURID 0x00000282UL -#define CKM_HOTP_KEY_GEN 0x00000290UL -#define CKM_HOTP 0x00000291UL -#define CKM_ACTI 0x000002A0UL -#define CKM_ACTI_KEY_GEN 0x000002A1UL - -#define CKM_CAST_KEY_GEN 0x00000300UL -#define CKM_CAST_ECB 0x00000301UL -#define CKM_CAST_CBC 0x00000302UL -#define CKM_CAST_MAC 0x00000303UL -#define CKM_CAST_MAC_GENERAL 0x00000304UL -#define CKM_CAST_CBC_PAD 0x00000305UL -#define CKM_CAST3_KEY_GEN 0x00000310UL -#define CKM_CAST3_ECB 0x00000311UL -#define CKM_CAST3_CBC 0x00000312UL -#define CKM_CAST3_MAC 0x00000313UL -#define CKM_CAST3_MAC_GENERAL 0x00000314UL -#define CKM_CAST3_CBC_PAD 0x00000315UL -/* Note that CAST128 and CAST5 are the same algorithm */ -#define CKM_CAST5_KEY_GEN 0x00000320UL -#define CKM_CAST128_KEY_GEN 0x00000320UL -#define CKM_CAST5_ECB 0x00000321UL -#define CKM_CAST128_ECB 0x00000321UL -#define CKM_CAST5_CBC 0x00000322UL /* Deprecated */ -#define CKM_CAST128_CBC 0x00000322UL -#define CKM_CAST5_MAC 0x00000323UL /* Deprecated */ -#define CKM_CAST128_MAC 0x00000323UL -#define CKM_CAST5_MAC_GENERAL 0x00000324UL /* Deprecated */ -#define CKM_CAST128_MAC_GENERAL 0x00000324UL -#define CKM_CAST5_CBC_PAD 0x00000325UL /* Deprecated */ -#define CKM_CAST128_CBC_PAD 0x00000325UL -#define CKM_RC5_KEY_GEN 0x00000330UL -#define CKM_RC5_ECB 0x00000331UL -#define CKM_RC5_CBC 0x00000332UL -#define CKM_RC5_MAC 0x00000333UL -#define CKM_RC5_MAC_GENERAL 0x00000334UL -#define CKM_RC5_CBC_PAD 0x00000335UL -#define CKM_IDEA_KEY_GEN 0x00000340UL -#define CKM_IDEA_ECB 0x00000341UL -#define CKM_IDEA_CBC 0x00000342UL -#define CKM_IDEA_MAC 0x00000343UL -#define CKM_IDEA_MAC_GENERAL 0x00000344UL -#define CKM_IDEA_CBC_PAD 0x00000345UL -#define CKM_GENERIC_SECRET_KEY_GEN 0x00000350UL -#define CKM_CONCATENATE_BASE_AND_KEY 0x00000360UL -#define CKM_CONCATENATE_BASE_AND_DATA 0x00000362UL -#define CKM_CONCATENATE_DATA_AND_BASE 0x00000363UL -#define CKM_XOR_BASE_AND_DATA 0x00000364UL -#define CKM_EXTRACT_KEY_FROM_KEY 0x00000365UL -#define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370UL -#define CKM_SSL3_MASTER_KEY_DERIVE 0x00000371UL -#define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372UL - -#define CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373UL -#define CKM_TLS_PRE_MASTER_KEY_GEN 0x00000374UL -#define CKM_TLS_MASTER_KEY_DERIVE 0x00000375UL -#define CKM_TLS_KEY_AND_MAC_DERIVE 0x00000376UL -#define CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377UL - -#define CKM_TLS_PRF 0x00000378UL - -#define CKM_SSL3_MD5_MAC 0x00000380UL -#define CKM_SSL3_SHA1_MAC 0x00000381UL -#define CKM_MD5_KEY_DERIVATION 0x00000390UL -#define CKM_MD2_KEY_DERIVATION 0x00000391UL -#define CKM_SHA1_KEY_DERIVATION 0x00000392UL - -#define CKM_SHA256_KEY_DERIVATION 0x00000393UL -#define CKM_SHA384_KEY_DERIVATION 0x00000394UL -#define CKM_SHA512_KEY_DERIVATION 0x00000395UL -#define CKM_SHA224_KEY_DERIVATION 0x00000396UL - -#define CKM_PBE_MD2_DES_CBC 0x000003A0UL -#define CKM_PBE_MD5_DES_CBC 0x000003A1UL -#define CKM_PBE_MD5_CAST_CBC 0x000003A2UL -#define CKM_PBE_MD5_CAST3_CBC 0x000003A3UL -#define CKM_PBE_MD5_CAST5_CBC 0x000003A4UL /* Deprecated */ -#define CKM_PBE_MD5_CAST128_CBC 0x000003A4UL -#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5UL /* Deprecated */ -#define CKM_PBE_SHA1_CAST128_CBC 0x000003A5UL -#define CKM_PBE_SHA1_RC4_128 0x000003A6UL -#define CKM_PBE_SHA1_RC4_40 0x000003A7UL -#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8UL -#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9UL -#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AAUL -#define CKM_PBE_SHA1_RC2_40_CBC 0x000003ABUL - -#define CKM_PKCS5_PBKD2 0x000003B0UL - -#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0UL - -#define CKM_WTLS_PRE_MASTER_KEY_GEN 0x000003D0UL -#define CKM_WTLS_MASTER_KEY_DERIVE 0x000003D1UL -#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC 0x000003D2UL -#define CKM_WTLS_PRF 0x000003D3UL -#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4UL -#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5UL - -#define CKM_TLS10_MAC_SERVER 0x000003D6UL -#define CKM_TLS10_MAC_CLIENT 0x000003D7UL -#define CKM_TLS12_MAC 0x000003D8UL -#define CKM_TLS12_KDF 0x000003D9UL -#define CKM_TLS12_MASTER_KEY_DERIVE 0x000003E0UL -#define CKM_TLS12_KEY_AND_MAC_DERIVE 0x000003E1UL -#define CKM_TLS12_MASTER_KEY_DERIVE_DH 0x000003E2UL -#define CKM_TLS12_KEY_SAFE_DERIVE 0x000003E3UL -#define CKM_TLS_MAC 0x000003E4UL -#define CKM_TLS_KDF 0x000003E5UL - -#define CKM_KEY_WRAP_LYNKS 0x00000400UL -#define CKM_KEY_WRAP_SET_OAEP 0x00000401UL - -#define CKM_CMS_SIG 0x00000500UL -#define CKM_KIP_DERIVE 0x00000510UL -#define CKM_KIP_WRAP 0x00000511UL -#define CKM_KIP_MAC 0x00000512UL - -#define CKM_CAMELLIA_KEY_GEN 0x00000550UL -#define CKM_CAMELLIA_ECB 0x00000551UL -#define CKM_CAMELLIA_CBC 0x00000552UL -#define CKM_CAMELLIA_MAC 0x00000553UL -#define CKM_CAMELLIA_MAC_GENERAL 0x00000554UL -#define CKM_CAMELLIA_CBC_PAD 0x00000555UL -#define CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556UL -#define CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557UL -#define CKM_CAMELLIA_CTR 0x00000558UL - -#define CKM_ARIA_KEY_GEN 0x00000560UL -#define CKM_ARIA_ECB 0x00000561UL -#define CKM_ARIA_CBC 0x00000562UL -#define CKM_ARIA_MAC 0x00000563UL -#define CKM_ARIA_MAC_GENERAL 0x00000564UL -#define CKM_ARIA_CBC_PAD 0x00000565UL -#define CKM_ARIA_ECB_ENCRYPT_DATA 0x00000566UL -#define CKM_ARIA_CBC_ENCRYPT_DATA 0x00000567UL - -#define CKM_SEED_KEY_GEN 0x00000650UL -#define CKM_SEED_ECB 0x00000651UL -#define CKM_SEED_CBC 0x00000652UL -#define CKM_SEED_MAC 0x00000653UL -#define CKM_SEED_MAC_GENERAL 0x00000654UL -#define CKM_SEED_CBC_PAD 0x00000655UL -#define CKM_SEED_ECB_ENCRYPT_DATA 0x00000656UL -#define CKM_SEED_CBC_ENCRYPT_DATA 0x00000657UL - -#define CKM_SKIPJACK_KEY_GEN 0x00001000UL -#define CKM_SKIPJACK_ECB64 0x00001001UL -#define CKM_SKIPJACK_CBC64 0x00001002UL -#define CKM_SKIPJACK_OFB64 0x00001003UL -#define CKM_SKIPJACK_CFB64 0x00001004UL -#define CKM_SKIPJACK_CFB32 0x00001005UL -#define CKM_SKIPJACK_CFB16 0x00001006UL -#define CKM_SKIPJACK_CFB8 0x00001007UL -#define CKM_SKIPJACK_WRAP 0x00001008UL -#define CKM_SKIPJACK_PRIVATE_WRAP 0x00001009UL -#define CKM_SKIPJACK_RELAYX 0x0000100aUL -#define CKM_KEA_KEY_PAIR_GEN 0x00001010UL -#define CKM_KEA_KEY_DERIVE 0x00001011UL -#define CKM_KEA_DERIVE 0x00001012UL -#define CKM_FORTEZZA_TIMESTAMP 0x00001020UL -#define CKM_BATON_KEY_GEN 0x00001030UL -#define CKM_BATON_ECB128 0x00001031UL -#define CKM_BATON_ECB96 0x00001032UL -#define CKM_BATON_CBC128 0x00001033UL -#define CKM_BATON_COUNTER 0x00001034UL -#define CKM_BATON_SHUFFLE 0x00001035UL -#define CKM_BATON_WRAP 0x00001036UL - -#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040UL /* Deprecated */ -#define CKM_EC_KEY_PAIR_GEN 0x00001040UL - -#define CKM_ECDSA 0x00001041UL -#define CKM_ECDSA_SHA1 0x00001042UL -#define CKM_ECDSA_SHA224 0x00001043UL -#define CKM_ECDSA_SHA256 0x00001044UL -#define CKM_ECDSA_SHA384 0x00001045UL -#define CKM_ECDSA_SHA512 0x00001046UL - -#define CKM_ECDH1_DERIVE 0x00001050UL -#define CKM_ECDH1_COFACTOR_DERIVE 0x00001051UL -#define CKM_ECMQV_DERIVE 0x00001052UL - -#define CKM_ECDH_AES_KEY_WRAP 0x00001053UL -#define CKM_RSA_AES_KEY_WRAP 0x00001054UL - -#define CKM_JUNIPER_KEY_GEN 0x00001060UL -#define CKM_JUNIPER_ECB128 0x00001061UL -#define CKM_JUNIPER_CBC128 0x00001062UL -#define CKM_JUNIPER_COUNTER 0x00001063UL -#define CKM_JUNIPER_SHUFFLE 0x00001064UL -#define CKM_JUNIPER_WRAP 0x00001065UL -#define CKM_FASTHASH 0x00001070UL - -#define CKM_AES_KEY_GEN 0x00001080UL -#define CKM_AES_ECB 0x00001081UL -#define CKM_AES_CBC 0x00001082UL -#define CKM_AES_MAC 0x00001083UL -#define CKM_AES_MAC_GENERAL 0x00001084UL -#define CKM_AES_CBC_PAD 0x00001085UL -#define CKM_AES_CTR 0x00001086UL -#define CKM_AES_GCM 0x00001087UL -#define CKM_AES_CCM 0x00001088UL -#define CKM_AES_CTS 0x00001089UL -#define CKM_AES_CMAC 0x0000108AUL -#define CKM_AES_CMAC_GENERAL 0x0000108BUL - -#define CKM_AES_XCBC_MAC 0x0000108CUL -#define CKM_AES_XCBC_MAC_96 0x0000108DUL -#define CKM_AES_GMAC 0x0000108EUL - -#define CKM_BLOWFISH_KEY_GEN 0x00001090UL -#define CKM_BLOWFISH_CBC 0x00001091UL -#define CKM_TWOFISH_KEY_GEN 0x00001092UL -#define CKM_TWOFISH_CBC 0x00001093UL -#define CKM_BLOWFISH_CBC_PAD 0x00001094UL -#define CKM_TWOFISH_CBC_PAD 0x00001095UL - -#define CKM_DES_ECB_ENCRYPT_DATA 0x00001100UL -#define CKM_DES_CBC_ENCRYPT_DATA 0x00001101UL -#define CKM_DES3_ECB_ENCRYPT_DATA 0x00001102UL -#define CKM_DES3_CBC_ENCRYPT_DATA 0x00001103UL -#define CKM_AES_ECB_ENCRYPT_DATA 0x00001104UL -#define CKM_AES_CBC_ENCRYPT_DATA 0x00001105UL - -#define CKM_GOSTR3410_KEY_PAIR_GEN 0x00001200UL -#define CKM_GOSTR3410 0x00001201UL -#define CKM_GOSTR3410_WITH_GOSTR3411 0x00001202UL -#define CKM_GOSTR3410_KEY_WRAP 0x00001203UL -#define CKM_GOSTR3410_DERIVE 0x00001204UL -#define CKM_GOSTR3411 0x00001210UL -#define CKM_GOSTR3411_HMAC 0x00001211UL -#define CKM_GOST28147_KEY_GEN 0x00001220UL -#define CKM_GOST28147_ECB 0x00001221UL -#define CKM_GOST28147 0x00001222UL -#define CKM_GOST28147_MAC 0x00001223UL -#define CKM_GOST28147_KEY_WRAP 0x00001224UL - -#define CKM_DSA_PARAMETER_GEN 0x00002000UL -#define CKM_DH_PKCS_PARAMETER_GEN 0x00002001UL -#define CKM_X9_42_DH_PARAMETER_GEN 0x00002002UL -#define CKM_DSA_PROBABLISTIC_PARAMETER_GEN 0x00002003UL -#define CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN 0x00002004UL - -#define CKM_AES_OFB 0x00002104UL -#define CKM_AES_CFB64 0x00002105UL -#define CKM_AES_CFB8 0x00002106UL -#define CKM_AES_CFB128 0x00002107UL - -#define CKM_AES_CFB1 0x00002108UL -#define CKM_AES_KEY_WRAP 0x00002109UL /* WAS: 0x00001090 */ -#define CKM_AES_KEY_WRAP_PAD 0x0000210AUL /* WAS: 0x00001091 */ - -#define CKM_RSA_PKCS_TPM_1_1 0x00004001UL -#define CKM_RSA_PKCS_OAEP_TPM_1_1 0x00004002UL - -#define CKM_VENDOR_DEFINED 0x80000000UL - -typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR; - - -/* CK_MECHANISM is a structure that specifies a particular - * mechanism - */ -typedef struct CK_MECHANISM { - CK_MECHANISM_TYPE mechanism; - CK_VOID_PTR pParameter; - CK_ULONG ulParameterLen; /* in bytes */ -} CK_MECHANISM; - -typedef CK_MECHANISM CK_PTR CK_MECHANISM_PTR; - - -/* CK_MECHANISM_INFO provides information about a particular - * mechanism - */ -typedef struct CK_MECHANISM_INFO { - CK_ULONG ulMinKeySize; - CK_ULONG ulMaxKeySize; - CK_FLAGS flags; -} CK_MECHANISM_INFO; - -/* The flags are defined as follows: - * Bit Flag Mask Meaning */ -#define CKF_HW 0x00000001UL /* performed by HW */ - -/* Specify whether or not a mechanism can be used for a particular task */ -#define CKF_ENCRYPT 0x00000100UL -#define CKF_DECRYPT 0x00000200UL -#define CKF_DIGEST 0x00000400UL -#define CKF_SIGN 0x00000800UL -#define CKF_SIGN_RECOVER 0x00001000UL -#define CKF_VERIFY 0x00002000UL -#define CKF_VERIFY_RECOVER 0x00004000UL -#define CKF_GENERATE 0x00008000UL -#define CKF_GENERATE_KEY_PAIR 0x00010000UL -#define CKF_WRAP 0x00020000UL -#define CKF_UNWRAP 0x00040000UL -#define CKF_DERIVE 0x00080000UL - -/* Describe a token's EC capabilities not available in mechanism - * information. - */ -#define CKF_EC_F_P 0x00100000UL -#define CKF_EC_F_2M 0x00200000UL -#define CKF_EC_ECPARAMETERS 0x00400000UL -#define CKF_EC_NAMEDCURVE 0x00800000UL -#define CKF_EC_UNCOMPRESS 0x01000000UL -#define CKF_EC_COMPRESS 0x02000000UL - -#define CKF_EXTENSION 0x80000000UL - -typedef CK_MECHANISM_INFO CK_PTR CK_MECHANISM_INFO_PTR; - -/* CK_RV is a value that identifies the return value of a - * Cryptoki function - */ -typedef CK_ULONG CK_RV; - -#define CKR_OK 0x00000000UL -#define CKR_CANCEL 0x00000001UL -#define CKR_HOST_MEMORY 0x00000002UL -#define CKR_SLOT_ID_INVALID 0x00000003UL - -#define CKR_GENERAL_ERROR 0x00000005UL -#define CKR_FUNCTION_FAILED 0x00000006UL - -#define CKR_ARGUMENTS_BAD 0x00000007UL -#define CKR_NO_EVENT 0x00000008UL -#define CKR_NEED_TO_CREATE_THREADS 0x00000009UL -#define CKR_CANT_LOCK 0x0000000AUL - -#define CKR_ATTRIBUTE_READ_ONLY 0x00000010UL -#define CKR_ATTRIBUTE_SENSITIVE 0x00000011UL -#define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012UL -#define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013UL - -#define CKR_ACTION_PROHIBITED 0x0000001BUL - -#define CKR_DATA_INVALID 0x00000020UL -#define CKR_DATA_LEN_RANGE 0x00000021UL -#define CKR_DEVICE_ERROR 0x00000030UL -#define CKR_DEVICE_MEMORY 0x00000031UL -#define CKR_DEVICE_REMOVED 0x00000032UL -#define CKR_ENCRYPTED_DATA_INVALID 0x00000040UL -#define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041UL -#define CKR_FUNCTION_CANCELED 0x00000050UL -#define CKR_FUNCTION_NOT_PARALLEL 0x00000051UL - -#define CKR_FUNCTION_NOT_SUPPORTED 0x00000054UL - -#define CKR_KEY_HANDLE_INVALID 0x00000060UL - -#define CKR_KEY_SIZE_RANGE 0x00000062UL -#define CKR_KEY_TYPE_INCONSISTENT 0x00000063UL - -#define CKR_KEY_NOT_NEEDED 0x00000064UL -#define CKR_KEY_CHANGED 0x00000065UL -#define CKR_KEY_NEEDED 0x00000066UL -#define CKR_KEY_INDIGESTIBLE 0x00000067UL -#define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068UL -#define CKR_KEY_NOT_WRAPPABLE 0x00000069UL -#define CKR_KEY_UNEXTRACTABLE 0x0000006AUL - -#define CKR_MECHANISM_INVALID 0x00000070UL -#define CKR_MECHANISM_PARAM_INVALID 0x00000071UL - -#define CKR_OBJECT_HANDLE_INVALID 0x00000082UL -#define CKR_OPERATION_ACTIVE 0x00000090UL -#define CKR_OPERATION_NOT_INITIALIZED 0x00000091UL -#define CKR_PIN_INCORRECT 0x000000A0UL -#define CKR_PIN_INVALID 0x000000A1UL -#define CKR_PIN_LEN_RANGE 0x000000A2UL - -#define CKR_PIN_EXPIRED 0x000000A3UL -#define CKR_PIN_LOCKED 0x000000A4UL - -#define CKR_SESSION_CLOSED 0x000000B0UL -#define CKR_SESSION_COUNT 0x000000B1UL -#define CKR_SESSION_HANDLE_INVALID 0x000000B3UL -#define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4UL -#define CKR_SESSION_READ_ONLY 0x000000B5UL -#define CKR_SESSION_EXISTS 0x000000B6UL - -#define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7UL -#define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8UL - -#define CKR_SIGNATURE_INVALID 0x000000C0UL -#define CKR_SIGNATURE_LEN_RANGE 0x000000C1UL -#define CKR_TEMPLATE_INCOMPLETE 0x000000D0UL -#define CKR_TEMPLATE_INCONSISTENT 0x000000D1UL -#define CKR_TOKEN_NOT_PRESENT 0x000000E0UL -#define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1UL -#define CKR_TOKEN_WRITE_PROTECTED 0x000000E2UL -#define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0UL -#define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1UL -#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2UL -#define CKR_USER_ALREADY_LOGGED_IN 0x00000100UL -#define CKR_USER_NOT_LOGGED_IN 0x00000101UL -#define CKR_USER_PIN_NOT_INITIALIZED 0x00000102UL -#define CKR_USER_TYPE_INVALID 0x00000103UL - -#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104UL -#define CKR_USER_TOO_MANY_TYPES 0x00000105UL - -#define CKR_WRAPPED_KEY_INVALID 0x00000110UL -#define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112UL -#define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113UL -#define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114UL -#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115UL -#define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120UL - -#define CKR_RANDOM_NO_RNG 0x00000121UL - -#define CKR_DOMAIN_PARAMS_INVALID 0x00000130UL - -#define CKR_CURVE_NOT_SUPPORTED 0x00000140UL - -#define CKR_BUFFER_TOO_SMALL 0x00000150UL -#define CKR_SAVED_STATE_INVALID 0x00000160UL -#define CKR_INFORMATION_SENSITIVE 0x00000170UL -#define CKR_STATE_UNSAVEABLE 0x00000180UL - -#define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190UL -#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191UL -#define CKR_MUTEX_BAD 0x000001A0UL -#define CKR_MUTEX_NOT_LOCKED 0x000001A1UL - -#define CKR_NEW_PIN_MODE 0x000001B0UL -#define CKR_NEXT_OTP 0x000001B1UL - -#define CKR_EXCEEDED_MAX_ITERATIONS 0x000001B5UL -#define CKR_FIPS_SELF_TEST_FAILED 0x000001B6UL -#define CKR_LIBRARY_LOAD_FAILED 0x000001B7UL -#define CKR_PIN_TOO_WEAK 0x000001B8UL -#define CKR_PUBLIC_KEY_INVALID 0x000001B9UL - -#define CKR_FUNCTION_REJECTED 0x00000200UL - -#define CKR_VENDOR_DEFINED 0x80000000UL - - -/* CK_NOTIFY is an application callback that processes events */ -typedef CK_CALLBACK_FUNCTION(CK_RV, CK_NOTIFY)( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_NOTIFICATION event, - CK_VOID_PTR pApplication /* passed to C_OpenSession */ -); - - -/* CK_FUNCTION_LIST is a structure holding a Cryptoki spec - * version and pointers of appropriate types to all the - * Cryptoki functions - */ -typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST; - -typedef CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR; - -typedef CK_FUNCTION_LIST_PTR CK_PTR CK_FUNCTION_LIST_PTR_PTR; - - -/* CK_CREATEMUTEX is an application callback for creating a - * mutex object - */ -typedef CK_CALLBACK_FUNCTION(CK_RV, CK_CREATEMUTEX)( - CK_VOID_PTR_PTR ppMutex /* location to receive ptr to mutex */ -); - - -/* CK_DESTROYMUTEX is an application callback for destroying a - * mutex object - */ -typedef CK_CALLBACK_FUNCTION(CK_RV, CK_DESTROYMUTEX)( - CK_VOID_PTR pMutex /* pointer to mutex */ -); - - -/* CK_LOCKMUTEX is an application callback for locking a mutex */ -typedef CK_CALLBACK_FUNCTION(CK_RV, CK_LOCKMUTEX)( - CK_VOID_PTR pMutex /* pointer to mutex */ -); - - -/* CK_UNLOCKMUTEX is an application callback for unlocking a - * mutex - */ -typedef CK_CALLBACK_FUNCTION(CK_RV, CK_UNLOCKMUTEX)( - CK_VOID_PTR pMutex /* pointer to mutex */ -); - - -/* CK_C_INITIALIZE_ARGS provides the optional arguments to - * C_Initialize - */ -typedef struct CK_C_INITIALIZE_ARGS { - CK_CREATEMUTEX CreateMutex; - CK_DESTROYMUTEX DestroyMutex; - CK_LOCKMUTEX LockMutex; - CK_UNLOCKMUTEX UnlockMutex; - CK_FLAGS flags; - CK_VOID_PTR pReserved; -} CK_C_INITIALIZE_ARGS; - -/* flags: bit flags that provide capabilities of the slot - * Bit Flag Mask Meaning - */ -#define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001UL -#define CKF_OS_LOCKING_OK 0x00000002UL - -typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR; - - -/* additional flags for parameters to functions */ - -/* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */ -#define CKF_DONT_BLOCK 1 - -/* CK_RSA_PKCS_MGF_TYPE is used to indicate the Message - * Generation Function (MGF) applied to a message block when - * formatting a message block for the PKCS #1 OAEP encryption - * scheme. - */ -typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE; - -typedef CK_RSA_PKCS_MGF_TYPE CK_PTR CK_RSA_PKCS_MGF_TYPE_PTR; - -/* The following MGFs are defined */ -#define CKG_MGF1_SHA1 0x00000001UL -#define CKG_MGF1_SHA256 0x00000002UL -#define CKG_MGF1_SHA384 0x00000003UL -#define CKG_MGF1_SHA512 0x00000004UL -#define CKG_MGF1_SHA224 0x00000005UL - -/* CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source - * of the encoding parameter when formatting a message block - * for the PKCS #1 OAEP encryption scheme. - */ -typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE; - -typedef CK_RSA_PKCS_OAEP_SOURCE_TYPE CK_PTR CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR; - -/* The following encoding parameter sources are defined */ -#define CKZ_DATA_SPECIFIED 0x00000001UL - -/* CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the - * CKM_RSA_PKCS_OAEP mechanism. - */ -typedef struct CK_RSA_PKCS_OAEP_PARAMS { - CK_MECHANISM_TYPE hashAlg; - CK_RSA_PKCS_MGF_TYPE mgf; - CK_RSA_PKCS_OAEP_SOURCE_TYPE source; - CK_VOID_PTR pSourceData; - CK_ULONG ulSourceDataLen; -} CK_RSA_PKCS_OAEP_PARAMS; - -typedef CK_RSA_PKCS_OAEP_PARAMS CK_PTR CK_RSA_PKCS_OAEP_PARAMS_PTR; - -/* CK_RSA_PKCS_PSS_PARAMS provides the parameters to the - * CKM_RSA_PKCS_PSS mechanism(s). - */ -typedef struct CK_RSA_PKCS_PSS_PARAMS { - CK_MECHANISM_TYPE hashAlg; - CK_RSA_PKCS_MGF_TYPE mgf; - CK_ULONG sLen; -} CK_RSA_PKCS_PSS_PARAMS; - -typedef CK_RSA_PKCS_PSS_PARAMS CK_PTR CK_RSA_PKCS_PSS_PARAMS_PTR; - -typedef CK_ULONG CK_EC_KDF_TYPE; - -/* The following EC Key Derivation Functions are defined */ -#define CKD_NULL 0x00000001UL -#define CKD_SHA1_KDF 0x00000002UL - -/* The following X9.42 DH key derivation functions are defined */ -#define CKD_SHA1_KDF_ASN1 0x00000003UL -#define CKD_SHA1_KDF_CONCATENATE 0x00000004UL -#define CKD_SHA224_KDF 0x00000005UL -#define CKD_SHA256_KDF 0x00000006UL -#define CKD_SHA384_KDF 0x00000007UL -#define CKD_SHA512_KDF 0x00000008UL -#define CKD_CPDIVERSIFY_KDF 0x00000009UL - - -/* CK_ECDH1_DERIVE_PARAMS provides the parameters to the - * CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms, - * where each party contributes one key pair. - */ -typedef struct CK_ECDH1_DERIVE_PARAMS { - CK_EC_KDF_TYPE kdf; - CK_ULONG ulSharedDataLen; - CK_BYTE_PTR pSharedData; - CK_ULONG ulPublicDataLen; - CK_BYTE_PTR pPublicData; -} CK_ECDH1_DERIVE_PARAMS; - -typedef CK_ECDH1_DERIVE_PARAMS CK_PTR CK_ECDH1_DERIVE_PARAMS_PTR; - -/* - * CK_ECDH2_DERIVE_PARAMS provides the parameters to the - * CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs. - */ -typedef struct CK_ECDH2_DERIVE_PARAMS { - CK_EC_KDF_TYPE kdf; - CK_ULONG ulSharedDataLen; - CK_BYTE_PTR pSharedData; - CK_ULONG ulPublicDataLen; - CK_BYTE_PTR pPublicData; - CK_ULONG ulPrivateDataLen; - CK_OBJECT_HANDLE hPrivateData; - CK_ULONG ulPublicDataLen2; - CK_BYTE_PTR pPublicData2; -} CK_ECDH2_DERIVE_PARAMS; - -typedef CK_ECDH2_DERIVE_PARAMS CK_PTR CK_ECDH2_DERIVE_PARAMS_PTR; - -typedef struct CK_ECMQV_DERIVE_PARAMS { - CK_EC_KDF_TYPE kdf; - CK_ULONG ulSharedDataLen; - CK_BYTE_PTR pSharedData; - CK_ULONG ulPublicDataLen; - CK_BYTE_PTR pPublicData; - CK_ULONG ulPrivateDataLen; - CK_OBJECT_HANDLE hPrivateData; - CK_ULONG ulPublicDataLen2; - CK_BYTE_PTR pPublicData2; - CK_OBJECT_HANDLE publicKey; -} CK_ECMQV_DERIVE_PARAMS; - -typedef CK_ECMQV_DERIVE_PARAMS CK_PTR CK_ECMQV_DERIVE_PARAMS_PTR; - -/* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the - * CKM_X9_42_DH_PARAMETER_GEN mechanisms - */ -typedef CK_ULONG CK_X9_42_DH_KDF_TYPE; -typedef CK_X9_42_DH_KDF_TYPE CK_PTR CK_X9_42_DH_KDF_TYPE_PTR; - -/* CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the - * CKM_X9_42_DH_DERIVE key derivation mechanism, where each party - * contributes one key pair - */ -typedef struct CK_X9_42_DH1_DERIVE_PARAMS { - CK_X9_42_DH_KDF_TYPE kdf; - CK_ULONG ulOtherInfoLen; - CK_BYTE_PTR pOtherInfo; - CK_ULONG ulPublicDataLen; - CK_BYTE_PTR pPublicData; -} CK_X9_42_DH1_DERIVE_PARAMS; - -typedef struct CK_X9_42_DH1_DERIVE_PARAMS CK_PTR CK_X9_42_DH1_DERIVE_PARAMS_PTR; - -/* CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the - * CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation - * mechanisms, where each party contributes two key pairs - */ -typedef struct CK_X9_42_DH2_DERIVE_PARAMS { - CK_X9_42_DH_KDF_TYPE kdf; - CK_ULONG ulOtherInfoLen; - CK_BYTE_PTR pOtherInfo; - CK_ULONG ulPublicDataLen; - CK_BYTE_PTR pPublicData; - CK_ULONG ulPrivateDataLen; - CK_OBJECT_HANDLE hPrivateData; - CK_ULONG ulPublicDataLen2; - CK_BYTE_PTR pPublicData2; -} CK_X9_42_DH2_DERIVE_PARAMS; - -typedef CK_X9_42_DH2_DERIVE_PARAMS CK_PTR CK_X9_42_DH2_DERIVE_PARAMS_PTR; - -typedef struct CK_X9_42_MQV_DERIVE_PARAMS { - CK_X9_42_DH_KDF_TYPE kdf; - CK_ULONG ulOtherInfoLen; - CK_BYTE_PTR pOtherInfo; - CK_ULONG ulPublicDataLen; - CK_BYTE_PTR pPublicData; - CK_ULONG ulPrivateDataLen; - CK_OBJECT_HANDLE hPrivateData; - CK_ULONG ulPublicDataLen2; - CK_BYTE_PTR pPublicData2; - CK_OBJECT_HANDLE publicKey; -} CK_X9_42_MQV_DERIVE_PARAMS; - -typedef CK_X9_42_MQV_DERIVE_PARAMS CK_PTR CK_X9_42_MQV_DERIVE_PARAMS_PTR; - -/* CK_KEA_DERIVE_PARAMS provides the parameters to the - * CKM_KEA_DERIVE mechanism - */ -typedef struct CK_KEA_DERIVE_PARAMS { - CK_BBOOL isSender; - CK_ULONG ulRandomLen; - CK_BYTE_PTR pRandomA; - CK_BYTE_PTR pRandomB; - CK_ULONG ulPublicDataLen; - CK_BYTE_PTR pPublicData; -} CK_KEA_DERIVE_PARAMS; - -typedef CK_KEA_DERIVE_PARAMS CK_PTR CK_KEA_DERIVE_PARAMS_PTR; - - -/* CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and - * CKM_RC2_MAC mechanisms. An instance of CK_RC2_PARAMS just - * holds the effective keysize - */ -typedef CK_ULONG CK_RC2_PARAMS; - -typedef CK_RC2_PARAMS CK_PTR CK_RC2_PARAMS_PTR; - - -/* CK_RC2_CBC_PARAMS provides the parameters to the CKM_RC2_CBC - * mechanism - */ -typedef struct CK_RC2_CBC_PARAMS { - CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */ - CK_BYTE iv[8]; /* IV for CBC mode */ -} CK_RC2_CBC_PARAMS; - -typedef CK_RC2_CBC_PARAMS CK_PTR CK_RC2_CBC_PARAMS_PTR; - - -/* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the - * CKM_RC2_MAC_GENERAL mechanism - */ -typedef struct CK_RC2_MAC_GENERAL_PARAMS { - CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */ - CK_ULONG ulMacLength; /* Length of MAC in bytes */ -} CK_RC2_MAC_GENERAL_PARAMS; - -typedef CK_RC2_MAC_GENERAL_PARAMS CK_PTR \ - CK_RC2_MAC_GENERAL_PARAMS_PTR; - - -/* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and - * CKM_RC5_MAC mechanisms - */ -typedef struct CK_RC5_PARAMS { - CK_ULONG ulWordsize; /* wordsize in bits */ - CK_ULONG ulRounds; /* number of rounds */ -} CK_RC5_PARAMS; - -typedef CK_RC5_PARAMS CK_PTR CK_RC5_PARAMS_PTR; - - -/* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC - * mechanism - */ -typedef struct CK_RC5_CBC_PARAMS { - CK_ULONG ulWordsize; /* wordsize in bits */ - CK_ULONG ulRounds; /* number of rounds */ - CK_BYTE_PTR pIv; /* pointer to IV */ - CK_ULONG ulIvLen; /* length of IV in bytes */ -} CK_RC5_CBC_PARAMS; - -typedef CK_RC5_CBC_PARAMS CK_PTR CK_RC5_CBC_PARAMS_PTR; - - -/* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the - * CKM_RC5_MAC_GENERAL mechanism - */ -typedef struct CK_RC5_MAC_GENERAL_PARAMS { - CK_ULONG ulWordsize; /* wordsize in bits */ - CK_ULONG ulRounds; /* number of rounds */ - CK_ULONG ulMacLength; /* Length of MAC in bytes */ -} CK_RC5_MAC_GENERAL_PARAMS; - -typedef CK_RC5_MAC_GENERAL_PARAMS CK_PTR \ - CK_RC5_MAC_GENERAL_PARAMS_PTR; - -/* CK_MAC_GENERAL_PARAMS provides the parameters to most block - * ciphers' MAC_GENERAL mechanisms. Its value is the length of - * the MAC - */ -typedef CK_ULONG CK_MAC_GENERAL_PARAMS; - -typedef CK_MAC_GENERAL_PARAMS CK_PTR CK_MAC_GENERAL_PARAMS_PTR; - -typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS { - CK_BYTE iv[8]; - CK_BYTE_PTR pData; - CK_ULONG length; -} CK_DES_CBC_ENCRYPT_DATA_PARAMS; - -typedef CK_DES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR; - -typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS { - CK_BYTE iv[16]; - CK_BYTE_PTR pData; - CK_ULONG length; -} CK_AES_CBC_ENCRYPT_DATA_PARAMS; - -typedef CK_AES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR; - -/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the - * CKM_SKIPJACK_PRIVATE_WRAP mechanism - */ -typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS { - CK_ULONG ulPasswordLen; - CK_BYTE_PTR pPassword; - CK_ULONG ulPublicDataLen; - CK_BYTE_PTR pPublicData; - CK_ULONG ulPAndGLen; - CK_ULONG ulQLen; - CK_ULONG ulRandomLen; - CK_BYTE_PTR pRandomA; - CK_BYTE_PTR pPrimeP; - CK_BYTE_PTR pBaseG; - CK_BYTE_PTR pSubprimeQ; -} CK_SKIPJACK_PRIVATE_WRAP_PARAMS; - -typedef CK_SKIPJACK_PRIVATE_WRAP_PARAMS CK_PTR \ - CK_SKIPJACK_PRIVATE_WRAP_PARAMS_PTR; - - -/* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the - * CKM_SKIPJACK_RELAYX mechanism - */ -typedef struct CK_SKIPJACK_RELAYX_PARAMS { - CK_ULONG ulOldWrappedXLen; - CK_BYTE_PTR pOldWrappedX; - CK_ULONG ulOldPasswordLen; - CK_BYTE_PTR pOldPassword; - CK_ULONG ulOldPublicDataLen; - CK_BYTE_PTR pOldPublicData; - CK_ULONG ulOldRandomLen; - CK_BYTE_PTR pOldRandomA; - CK_ULONG ulNewPasswordLen; - CK_BYTE_PTR pNewPassword; - CK_ULONG ulNewPublicDataLen; - CK_BYTE_PTR pNewPublicData; - CK_ULONG ulNewRandomLen; - CK_BYTE_PTR pNewRandomA; -} CK_SKIPJACK_RELAYX_PARAMS; - -typedef CK_SKIPJACK_RELAYX_PARAMS CK_PTR \ - CK_SKIPJACK_RELAYX_PARAMS_PTR; - - -typedef struct CK_PBE_PARAMS { - CK_BYTE_PTR pInitVector; - CK_UTF8CHAR_PTR pPassword; - CK_ULONG ulPasswordLen; - CK_BYTE_PTR pSalt; - CK_ULONG ulSaltLen; - CK_ULONG ulIteration; -} CK_PBE_PARAMS; - -typedef CK_PBE_PARAMS CK_PTR CK_PBE_PARAMS_PTR; - - -/* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the - * CKM_KEY_WRAP_SET_OAEP mechanism - */ -typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS { - CK_BYTE bBC; /* block contents byte */ - CK_BYTE_PTR pX; /* extra data */ - CK_ULONG ulXLen; /* length of extra data in bytes */ -} CK_KEY_WRAP_SET_OAEP_PARAMS; - -typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR CK_KEY_WRAP_SET_OAEP_PARAMS_PTR; - -typedef struct CK_SSL3_RANDOM_DATA { - CK_BYTE_PTR pClientRandom; - CK_ULONG ulClientRandomLen; - CK_BYTE_PTR pServerRandom; - CK_ULONG ulServerRandomLen; -} CK_SSL3_RANDOM_DATA; - - -typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS { - CK_SSL3_RANDOM_DATA RandomInfo; - CK_VERSION_PTR pVersion; -} CK_SSL3_MASTER_KEY_DERIVE_PARAMS; - -typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR \ - CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR; - -typedef struct CK_SSL3_KEY_MAT_OUT { - CK_OBJECT_HANDLE hClientMacSecret; - CK_OBJECT_HANDLE hServerMacSecret; - CK_OBJECT_HANDLE hClientKey; - CK_OBJECT_HANDLE hServerKey; - CK_BYTE_PTR pIVClient; - CK_BYTE_PTR pIVServer; -} CK_SSL3_KEY_MAT_OUT; - -typedef CK_SSL3_KEY_MAT_OUT CK_PTR CK_SSL3_KEY_MAT_OUT_PTR; - - -typedef struct CK_SSL3_KEY_MAT_PARAMS { - CK_ULONG ulMacSizeInBits; - CK_ULONG ulKeySizeInBits; - CK_ULONG ulIVSizeInBits; - CK_BBOOL bIsExport; - CK_SSL3_RANDOM_DATA RandomInfo; - CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial; -} CK_SSL3_KEY_MAT_PARAMS; - -typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR; - -typedef struct CK_TLS_PRF_PARAMS { - CK_BYTE_PTR pSeed; - CK_ULONG ulSeedLen; - CK_BYTE_PTR pLabel; - CK_ULONG ulLabelLen; - CK_BYTE_PTR pOutput; - CK_ULONG_PTR pulOutputLen; -} CK_TLS_PRF_PARAMS; - -typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR; - -typedef struct CK_WTLS_RANDOM_DATA { - CK_BYTE_PTR pClientRandom; - CK_ULONG ulClientRandomLen; - CK_BYTE_PTR pServerRandom; - CK_ULONG ulServerRandomLen; -} CK_WTLS_RANDOM_DATA; - -typedef CK_WTLS_RANDOM_DATA CK_PTR CK_WTLS_RANDOM_DATA_PTR; - -typedef struct CK_WTLS_MASTER_KEY_DERIVE_PARAMS { - CK_MECHANISM_TYPE DigestMechanism; - CK_WTLS_RANDOM_DATA RandomInfo; - CK_BYTE_PTR pVersion; -} CK_WTLS_MASTER_KEY_DERIVE_PARAMS; - -typedef CK_WTLS_MASTER_KEY_DERIVE_PARAMS CK_PTR \ - CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR; - -typedef struct CK_WTLS_PRF_PARAMS { - CK_MECHANISM_TYPE DigestMechanism; - CK_BYTE_PTR pSeed; - CK_ULONG ulSeedLen; - CK_BYTE_PTR pLabel; - CK_ULONG ulLabelLen; - CK_BYTE_PTR pOutput; - CK_ULONG_PTR pulOutputLen; -} CK_WTLS_PRF_PARAMS; - -typedef CK_WTLS_PRF_PARAMS CK_PTR CK_WTLS_PRF_PARAMS_PTR; - -typedef struct CK_WTLS_KEY_MAT_OUT { - CK_OBJECT_HANDLE hMacSecret; - CK_OBJECT_HANDLE hKey; - CK_BYTE_PTR pIV; -} CK_WTLS_KEY_MAT_OUT; - -typedef CK_WTLS_KEY_MAT_OUT CK_PTR CK_WTLS_KEY_MAT_OUT_PTR; - -typedef struct CK_WTLS_KEY_MAT_PARAMS { - CK_MECHANISM_TYPE DigestMechanism; - CK_ULONG ulMacSizeInBits; - CK_ULONG ulKeySizeInBits; - CK_ULONG ulIVSizeInBits; - CK_ULONG ulSequenceNumber; - CK_BBOOL bIsExport; - CK_WTLS_RANDOM_DATA RandomInfo; - CK_WTLS_KEY_MAT_OUT_PTR pReturnedKeyMaterial; -} CK_WTLS_KEY_MAT_PARAMS; - -typedef CK_WTLS_KEY_MAT_PARAMS CK_PTR CK_WTLS_KEY_MAT_PARAMS_PTR; - -typedef struct CK_CMS_SIG_PARAMS { - CK_OBJECT_HANDLE certificateHandle; - CK_MECHANISM_PTR pSigningMechanism; - CK_MECHANISM_PTR pDigestMechanism; - CK_UTF8CHAR_PTR pContentType; - CK_BYTE_PTR pRequestedAttributes; - CK_ULONG ulRequestedAttributesLen; - CK_BYTE_PTR pRequiredAttributes; - CK_ULONG ulRequiredAttributesLen; -} CK_CMS_SIG_PARAMS; - -typedef CK_CMS_SIG_PARAMS CK_PTR CK_CMS_SIG_PARAMS_PTR; - -typedef struct CK_KEY_DERIVATION_STRING_DATA { - CK_BYTE_PTR pData; - CK_ULONG ulLen; -} CK_KEY_DERIVATION_STRING_DATA; - -typedef CK_KEY_DERIVATION_STRING_DATA CK_PTR \ - CK_KEY_DERIVATION_STRING_DATA_PTR; - - -/* The CK_EXTRACT_PARAMS is used for the - * CKM_EXTRACT_KEY_FROM_KEY mechanism. It specifies which bit - * of the base key should be used as the first bit of the - * derived key - */ -typedef CK_ULONG CK_EXTRACT_PARAMS; - -typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR; - -/* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to - * indicate the Pseudo-Random Function (PRF) used to generate - * key bits using PKCS #5 PBKDF2. - */ -typedef CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE; - -typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR \ - CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR; - -#define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001UL -#define CKP_PKCS5_PBKD2_HMAC_GOSTR3411 0x00000002UL -#define CKP_PKCS5_PBKD2_HMAC_SHA224 0x00000003UL -#define CKP_PKCS5_PBKD2_HMAC_SHA256 0x00000004UL -#define CKP_PKCS5_PBKD2_HMAC_SHA384 0x00000005UL -#define CKP_PKCS5_PBKD2_HMAC_SHA512 0x00000006UL -#define CKP_PKCS5_PBKD2_HMAC_SHA512_224 0x00000007UL -#define CKP_PKCS5_PBKD2_HMAC_SHA512_256 0x00000008UL - -/* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the - * source of the salt value when deriving a key using PKCS #5 - * PBKDF2. - */ -typedef CK_ULONG CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE; - -typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR \ - CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR; - -/* The following salt value sources are defined in PKCS #5 v2.0. */ -#define CKZ_SALT_SPECIFIED 0x00000001UL - -/* CK_PKCS5_PBKD2_PARAMS is a structure that provides the - * parameters to the CKM_PKCS5_PBKD2 mechanism. - */ -typedef struct CK_PKCS5_PBKD2_PARAMS { - CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource; - CK_VOID_PTR pSaltSourceData; - CK_ULONG ulSaltSourceDataLen; - CK_ULONG iterations; - CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf; - CK_VOID_PTR pPrfData; - CK_ULONG ulPrfDataLen; - CK_UTF8CHAR_PTR pPassword; - CK_ULONG_PTR ulPasswordLen; -} CK_PKCS5_PBKD2_PARAMS; - -typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR; - -/* CK_PKCS5_PBKD2_PARAMS2 is a corrected version of the CK_PKCS5_PBKD2_PARAMS - * structure that provides the parameters to the CKM_PKCS5_PBKD2 mechanism - * noting that the ulPasswordLen field is a CK_ULONG and not a CK_ULONG_PTR. - */ -typedef struct CK_PKCS5_PBKD2_PARAMS2 { - CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource; - CK_VOID_PTR pSaltSourceData; - CK_ULONG ulSaltSourceDataLen; - CK_ULONG iterations; - CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf; - CK_VOID_PTR pPrfData; - CK_ULONG ulPrfDataLen; - CK_UTF8CHAR_PTR pPassword; - CK_ULONG ulPasswordLen; -} CK_PKCS5_PBKD2_PARAMS2; - -typedef CK_PKCS5_PBKD2_PARAMS2 CK_PTR CK_PKCS5_PBKD2_PARAMS2_PTR; - -typedef CK_ULONG CK_OTP_PARAM_TYPE; -typedef CK_OTP_PARAM_TYPE CK_PARAM_TYPE; /* backward compatibility */ - -typedef struct CK_OTP_PARAM { - CK_OTP_PARAM_TYPE type; - CK_VOID_PTR pValue; - CK_ULONG ulValueLen; -} CK_OTP_PARAM; - -typedef CK_OTP_PARAM CK_PTR CK_OTP_PARAM_PTR; - -typedef struct CK_OTP_PARAMS { - CK_OTP_PARAM_PTR pParams; - CK_ULONG ulCount; -} CK_OTP_PARAMS; - -typedef CK_OTP_PARAMS CK_PTR CK_OTP_PARAMS_PTR; - -typedef struct CK_OTP_SIGNATURE_INFO { - CK_OTP_PARAM_PTR pParams; - CK_ULONG ulCount; -} CK_OTP_SIGNATURE_INFO; - -typedef CK_OTP_SIGNATURE_INFO CK_PTR CK_OTP_SIGNATURE_INFO_PTR; - -#define CK_OTP_VALUE 0UL -#define CK_OTP_PIN 1UL -#define CK_OTP_CHALLENGE 2UL -#define CK_OTP_TIME 3UL -#define CK_OTP_COUNTER 4UL -#define CK_OTP_FLAGS 5UL -#define CK_OTP_OUTPUT_LENGTH 6UL -#define CK_OTP_OUTPUT_FORMAT 7UL - -#define CKF_NEXT_OTP 0x00000001UL -#define CKF_EXCLUDE_TIME 0x00000002UL -#define CKF_EXCLUDE_COUNTER 0x00000004UL -#define CKF_EXCLUDE_CHALLENGE 0x00000008UL -#define CKF_EXCLUDE_PIN 0x00000010UL -#define CKF_USER_FRIENDLY_OTP 0x00000020UL - -typedef struct CK_KIP_PARAMS { - CK_MECHANISM_PTR pMechanism; - CK_OBJECT_HANDLE hKey; - CK_BYTE_PTR pSeed; - CK_ULONG ulSeedLen; -} CK_KIP_PARAMS; - -typedef CK_KIP_PARAMS CK_PTR CK_KIP_PARAMS_PTR; - -typedef struct CK_AES_CTR_PARAMS { - CK_ULONG ulCounterBits; - CK_BYTE cb[16]; -} CK_AES_CTR_PARAMS; - -typedef CK_AES_CTR_PARAMS CK_PTR CK_AES_CTR_PARAMS_PTR; - -typedef struct CK_GCM_PARAMS { - CK_BYTE_PTR pIv; - CK_ULONG ulIvLen; - CK_ULONG ulIvBits; - CK_BYTE_PTR pAAD; - CK_ULONG ulAADLen; - CK_ULONG ulTagBits; -} CK_GCM_PARAMS; - -typedef CK_GCM_PARAMS CK_PTR CK_GCM_PARAMS_PTR; - -typedef struct CK_CCM_PARAMS { - CK_ULONG ulDataLen; - CK_BYTE_PTR pNonce; - CK_ULONG ulNonceLen; - CK_BYTE_PTR pAAD; - CK_ULONG ulAADLen; - CK_ULONG ulMACLen; -} CK_CCM_PARAMS; - -typedef CK_CCM_PARAMS CK_PTR CK_CCM_PARAMS_PTR; - -/* Deprecated. Use CK_GCM_PARAMS */ -typedef struct CK_AES_GCM_PARAMS { - CK_BYTE_PTR pIv; - CK_ULONG ulIvLen; - CK_ULONG ulIvBits; - CK_BYTE_PTR pAAD; - CK_ULONG ulAADLen; - CK_ULONG ulTagBits; -} CK_AES_GCM_PARAMS; - -typedef CK_AES_GCM_PARAMS CK_PTR CK_AES_GCM_PARAMS_PTR; - -/* Deprecated. Use CK_CCM_PARAMS */ -typedef struct CK_AES_CCM_PARAMS { - CK_ULONG ulDataLen; - CK_BYTE_PTR pNonce; - CK_ULONG ulNonceLen; - CK_BYTE_PTR pAAD; - CK_ULONG ulAADLen; - CK_ULONG ulMACLen; -} CK_AES_CCM_PARAMS; - -typedef CK_AES_CCM_PARAMS CK_PTR CK_AES_CCM_PARAMS_PTR; - -typedef struct CK_CAMELLIA_CTR_PARAMS { - CK_ULONG ulCounterBits; - CK_BYTE cb[16]; -} CK_CAMELLIA_CTR_PARAMS; - -typedef CK_CAMELLIA_CTR_PARAMS CK_PTR CK_CAMELLIA_CTR_PARAMS_PTR; - -typedef struct CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS { - CK_BYTE iv[16]; - CK_BYTE_PTR pData; - CK_ULONG length; -} CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS; - -typedef CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR \ - CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR; - -typedef struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS { - CK_BYTE iv[16]; - CK_BYTE_PTR pData; - CK_ULONG length; -} CK_ARIA_CBC_ENCRYPT_DATA_PARAMS; - -typedef CK_ARIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR \ - CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR; - -typedef struct CK_DSA_PARAMETER_GEN_PARAM { - CK_MECHANISM_TYPE hash; - CK_BYTE_PTR pSeed; - CK_ULONG ulSeedLen; - CK_ULONG ulIndex; -} CK_DSA_PARAMETER_GEN_PARAM; - -typedef CK_DSA_PARAMETER_GEN_PARAM CK_PTR CK_DSA_PARAMETER_GEN_PARAM_PTR; - -typedef struct CK_ECDH_AES_KEY_WRAP_PARAMS { - CK_ULONG ulAESKeyBits; - CK_EC_KDF_TYPE kdf; - CK_ULONG ulSharedDataLen; - CK_BYTE_PTR pSharedData; -} CK_ECDH_AES_KEY_WRAP_PARAMS; - -typedef CK_ECDH_AES_KEY_WRAP_PARAMS CK_PTR CK_ECDH_AES_KEY_WRAP_PARAMS_PTR; - -typedef CK_ULONG CK_JAVA_MIDP_SECURITY_DOMAIN; - -typedef CK_ULONG CK_CERTIFICATE_CATEGORY; - -typedef struct CK_RSA_AES_KEY_WRAP_PARAMS { - CK_ULONG ulAESKeyBits; - CK_RSA_PKCS_OAEP_PARAMS_PTR pOAEPParams; -} CK_RSA_AES_KEY_WRAP_PARAMS; - -typedef CK_RSA_AES_KEY_WRAP_PARAMS CK_PTR CK_RSA_AES_KEY_WRAP_PARAMS_PTR; - -typedef struct CK_TLS12_MASTER_KEY_DERIVE_PARAMS { - CK_SSL3_RANDOM_DATA RandomInfo; - CK_VERSION_PTR pVersion; - CK_MECHANISM_TYPE prfHashMechanism; -} CK_TLS12_MASTER_KEY_DERIVE_PARAMS; - -typedef CK_TLS12_MASTER_KEY_DERIVE_PARAMS CK_PTR \ - CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR; - -typedef struct CK_TLS12_KEY_MAT_PARAMS { - CK_ULONG ulMacSizeInBits; - CK_ULONG ulKeySizeInBits; - CK_ULONG ulIVSizeInBits; - CK_BBOOL bIsExport; - CK_SSL3_RANDOM_DATA RandomInfo; - CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial; - CK_MECHANISM_TYPE prfHashMechanism; -} CK_TLS12_KEY_MAT_PARAMS; - -typedef CK_TLS12_KEY_MAT_PARAMS CK_PTR CK_TLS12_KEY_MAT_PARAMS_PTR; - -typedef struct CK_TLS_KDF_PARAMS { - CK_MECHANISM_TYPE prfMechanism; - CK_BYTE_PTR pLabel; - CK_ULONG ulLabelLength; - CK_SSL3_RANDOM_DATA RandomInfo; - CK_BYTE_PTR pContextData; - CK_ULONG ulContextDataLength; -} CK_TLS_KDF_PARAMS; - -typedef CK_TLS_KDF_PARAMS CK_PTR CK_TLS_KDF_PARAMS_PTR; - -typedef struct CK_TLS_MAC_PARAMS { - CK_MECHANISM_TYPE prfHashMechanism; - CK_ULONG ulMacLength; - CK_ULONG ulServerOrClient; -} CK_TLS_MAC_PARAMS; - -typedef CK_TLS_MAC_PARAMS CK_PTR CK_TLS_MAC_PARAMS_PTR; - -typedef struct CK_GOSTR3410_DERIVE_PARAMS { - CK_EC_KDF_TYPE kdf; - CK_BYTE_PTR pPublicData; - CK_ULONG ulPublicDataLen; - CK_BYTE_PTR pUKM; - CK_ULONG ulUKMLen; -} CK_GOSTR3410_DERIVE_PARAMS; - -typedef CK_GOSTR3410_DERIVE_PARAMS CK_PTR CK_GOSTR3410_DERIVE_PARAMS_PTR; - -typedef struct CK_GOSTR3410_KEY_WRAP_PARAMS { - CK_BYTE_PTR pWrapOID; - CK_ULONG ulWrapOIDLen; - CK_BYTE_PTR pUKM; - CK_ULONG ulUKMLen; - CK_OBJECT_HANDLE hKey; -} CK_GOSTR3410_KEY_WRAP_PARAMS; - -typedef CK_GOSTR3410_KEY_WRAP_PARAMS CK_PTR CK_GOSTR3410_KEY_WRAP_PARAMS_PTR; - -typedef struct CK_SEED_CBC_ENCRYPT_DATA_PARAMS { - CK_BYTE iv[16]; - CK_BYTE_PTR pData; - CK_ULONG length; -} CK_SEED_CBC_ENCRYPT_DATA_PARAMS; - -typedef CK_SEED_CBC_ENCRYPT_DATA_PARAMS CK_PTR \ - CK_SEED_CBC_ENCRYPT_DATA_PARAMS_PTR; - -#endif /* _PKCS11T_H_ */ - diff --git a/source/pkcs11_lib.c b/source/pkcs11_lib.c index 8047d118c..41c74b741 100644 --- a/source/pkcs11_lib.c +++ b/source/pkcs11_lib.c @@ -1332,7 +1332,7 @@ int aws_pkcs11_lib_sign( digest_alg, signature_alg, out_signature); - case CKK_ECDSA: + case CKK_EC: return s_pkcs11_sign_ecdsa( pkcs11_lib, session_handle, diff --git a/source/pkcs11_private.h b/source/pkcs11_private.h index 314c73919..370beba7d 100644 --- a/source/pkcs11_private.h +++ b/source/pkcs11_private.h @@ -7,13 +7,6 @@ */ #include -/* These defines must exist before the official PKCS#11 headers are included */ -#define CK_PTR * -#define NULL_PTR 0 -#define CK_DEFINE_FUNCTION(returnType, name) returnType name -#define CK_DECLARE_FUNCTION(returnType, name) returnType name -#define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType(CK_PTR name) -#define CK_CALLBACK_FUNCTION(returnType, name) returnType(CK_PTR name) #include "pkcs11/v2.40/pkcs11.h" /** diff --git a/tests/pkcs11_test.c b/tests/pkcs11_test.c index 352b1d245..792ed5fa4 100644 --- a/tests/pkcs11_test.c +++ b/tests/pkcs11_test.c @@ -60,12 +60,6 @@ struct pkcs11_key_creation_params { const CK_ULONG key_length; }; -/* - * Helper functions to interact with softhsm begin - * */ - -static int s_run_cmd(const char *fmt, ...); - /* Wipe out all existing tokens by deleting and recreating the SoftHSM token dir */ static int s_pkcs11_clear_softhsm(void) { ASSERT_SUCCESS(aws_directory_delete(s_pkcs11_tester.token_dir, true /*recursive*/)); @@ -171,8 +165,8 @@ static int s_pkcs11_create_rsa_key( /* We only support RSA keys today. */ CK_MECHANISM smech = {CKM_RSA_PKCS_KEY_PAIR_GEN, NULL, 0}; /* Define key template */ - static CK_BBOOL truevalue = TRUE; - static CK_BBOOL falsevalue = FALSE; + static CK_BBOOL truevalue = CK_TRUE; + static CK_BBOOL falsevalue = CK_FALSE; /* Set public key. Not sure if setting modulus_bits actually generates key as per that. */ CK_ATTRIBUTE publickey_template[] = { @@ -217,8 +211,8 @@ static int s_pkcs11_create_ec_key( CK_MECHANISM smech = {CKM_EC_KEY_PAIR_GEN, NULL, 0}; /* Define key template */ - static CK_BBOOL truevalue = TRUE; - static CK_BBOOL falsevalue = FALSE; + static CK_BBOOL truevalue = CK_TRUE; + static CK_BBOOL falsevalue = CK_FALSE; /* DER encoded params for curve P-256 */ static CK_BYTE ec_params[] = {0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07}; @@ -1493,6 +1487,9 @@ AWS_TEST_CASE(pkcs11_sign_ec_256, s_test_pkcs11_sign_ec_256) #ifndef BYO_CRYPTO +/* + * Helper function to interact with softhsm begin + */ static int s_run_cmd(const char *fmt, ...) { char cmd[1024]; va_list args; From 58ab50fc4c49fac8308427eecb9f359b5c2ea3f7 Mon Sep 17 00:00:00 2001 From: Joel Knight Date: Wed, 21 Feb 2024 12:26:40 -0700 Subject: [PATCH 38/44] chore(CI): CI job for OpenBSD (#625) --- .github/workflows/ci.yml | 19 +++++++++++++++++++ builder.json | 2 +- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 99ca48dec..0dc0b8b6a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -147,3 +147,22 @@ jobs: python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')" chmod a+x builder ./builder build -p ${{ env.PACKAGE_NAME }} + + openbsd: + runs-on: ubuntu-22.04 # latest + steps: + - uses: actions/checkout@v4 + - name: Build ${{ env.PACKAGE_NAME }} + consumers + id: test + uses: cross-platform-actions/action@v0.23.0 + with: + operating_system: openbsd + architecture: x86-64 + version: '7.4' + cpu_count: 4 + shell: bash + run: | + sudo pkg_add py3-urllib3 + python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')" + chmod a+x builder + ./builder build -p ${{ env.PACKAGE_NAME }} diff --git a/builder.json b/builder.json index c44ce1dba..434ebcfb4 100644 --- a/builder.json +++ b/builder.json @@ -5,7 +5,7 @@ { "name": "aws-c-cal" }, { "name": "s2n", - "targets": ["linux", "android"] + "targets": ["linux", "android", "openbsd"] } ], "downstream": [ From 105c3d4fb0e213f9ad5330e15fd484d1f5d16433 Mon Sep 17 00:00:00 2001 From: Vera Xia Date: Wed, 21 Feb 2024 12:28:31 -0800 Subject: [PATCH 39/44] Fix Memory leak caused by redefinition (#626) --- source/darwin/darwin_pki_utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/darwin/darwin_pki_utils.c b/source/darwin/darwin_pki_utils.c index 479932d11..20fcb82e0 100644 --- a/source/darwin/darwin_pki_utils.c +++ b/source/darwin/darwin_pki_utils.c @@ -223,7 +223,7 @@ int aws_import_public_and_private_keys_to_identity( struct aws_pem_object *root_cert_ptr = NULL; aws_array_list_get_at_ptr(&cert_chain_list, (void **)&root_cert_ptr, 0); AWS_ASSERT(root_cert_ptr); - CFDataRef root_cert_data = CFDataCreate(cf_alloc, root_cert_ptr->data.buffer, root_cert_ptr->data.len); + root_cert_data = CFDataCreate(cf_alloc, root_cert_ptr->data.buffer, root_cert_ptr->data.len); if (!root_cert_data) { AWS_LOGF_ERROR(AWS_LS_IO_PKI, "static: failed creating root cert data."); result = aws_raise_error(AWS_ERROR_SYS_CALL_FAILURE); From 5b89f50a813271d68b8efe58f0515b480b1356c7 Mon Sep 17 00:00:00 2001 From: Dengke Tang Date: Wed, 21 Feb 2024 16:28:34 -0800 Subject: [PATCH 40/44] Test for duplicate key import (#627) --- tests/CMakeLists.txt | 1 + tests/tls_handler_test.c | 46 ++++++++++++++++++++++++++++++++++------ 2 files changed, 41 insertions(+), 6 deletions(-) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index a1da0c5d9..5fbdb96aa 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -208,6 +208,7 @@ if(NOT BYO_CRYPTO) # Misc non-badssl tls tests add_net_test_case(test_concurrent_cert_import) + add_net_test_case(test_duplicate_cert_import) add_test_case(tls_channel_echo_and_backpressure_test) add_net_test_case(tls_client_channel_negotiation_error_socket_closed) add_net_test_case(tls_client_channel_negotiation_success) diff --git a/tests/tls_handler_test.c b/tests/tls_handler_test.c index fb1b6a4d5..1a7f94ddf 100644 --- a/tests/tls_handler_test.c +++ b/tests/tls_handler_test.c @@ -2124,14 +2124,9 @@ static void s_import_cert(void *ctx) { # endif /* !AWS_OS_IOS */ } -# define NUM_PAIRS 1 +# define NUM_PAIRS 2 static int s_test_concurrent_cert_import(struct aws_allocator *allocator, void *ctx) { (void)ctx; - /* temporarily disable this on apple until we can fix importing to be more robust */ - /* temporarily disable this on linux until we can make CRYPTO_zalloc behave and stop angering ASan */ -# if defined(__APPLE__) || defined(__linux__) - return AWS_OP_SUCCESS; -# endif aws_io_library_init(allocator); @@ -2178,6 +2173,45 @@ static int s_test_concurrent_cert_import(struct aws_allocator *allocator, void * AWS_TEST_CASE(test_concurrent_cert_import, s_test_concurrent_cert_import) +static int s_test_duplicate_cert_import(struct aws_allocator *allocator, void *ctx) { + (void)ctx; + + aws_io_library_init(allocator); + struct aws_byte_buf cert_buf = {0}; + struct aws_byte_buf key_buf = {0}; + +# if !defined(AWS_OS_IOS) + + ASSERT_SUCCESS(aws_byte_buf_init_from_file(&cert_buf, allocator, "testcert0.pem")); + ASSERT_SUCCESS(aws_byte_buf_init_from_file(&key_buf, allocator, "testkey.pem")); + struct aws_byte_cursor cert_cur = aws_byte_cursor_from_buf(&cert_buf); + struct aws_byte_cursor key_cur = aws_byte_cursor_from_buf(&key_buf); + struct aws_tls_ctx_options tls_options = {0}; + AWS_FATAL_ASSERT( + AWS_OP_SUCCESS == aws_tls_ctx_options_init_client_mtls(&tls_options, allocator, &cert_cur, &key_cur)); + + /* import happens in here */ + struct aws_tls_ctx *tls = aws_tls_client_ctx_new(allocator, &tls_options); + AWS_FATAL_ASSERT(tls); + aws_tls_ctx_release(tls); + /* import the same certs twice */ + tls = aws_tls_client_ctx_new(allocator, &tls_options); + AWS_FATAL_ASSERT(tls); + aws_tls_ctx_release(tls); + + aws_tls_ctx_options_clean_up(&tls_options); +# endif /* !AWS_OS_IOS */ + + /* clean up */ + aws_byte_buf_clean_up(&cert_buf); + aws_byte_buf_clean_up(&key_buf); + aws_io_library_clean_up(); + + return AWS_OP_SUCCESS; +} + +AWS_TEST_CASE(test_duplicate_cert_import, s_test_duplicate_cert_import) + static int s_tls_destroy_null_context(struct aws_allocator *allocator, void *ctx) { (void)allocator; (void)ctx; From 241e58e3e8e5a20c5f2fc6a14f0dfaf93e595fb0 Mon Sep 17 00:00:00 2001 From: Joseph Klix Date: Thu, 22 Feb 2024 16:58:49 -0600 Subject: [PATCH 41/44] remove aws_tls_handler_write (#628) --- include/aws/io/tls_channel_handler.h | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/include/aws/io/tls_channel_handler.h b/include/aws/io/tls_channel_handler.h index 5c630de83..9c35864a1 100644 --- a/include/aws/io/tls_channel_handler.h +++ b/include/aws/io/tls_channel_handler.h @@ -803,18 +803,6 @@ AWS_IO_API struct aws_tls_ctx *aws_tls_ctx_acquire(struct aws_tls_ctx *ctx); */ AWS_IO_API void aws_tls_ctx_release(struct aws_tls_ctx *ctx); -/** - * Not necessary if you are installing more handlers into the channel, but if you just want to have TLS for arbitrary - * data and use the channel handler directly, this function allows you to write data to the channel and have it - * encrypted. - */ -AWS_IO_API int aws_tls_handler_write( - struct aws_channel_handler *handler, - struct aws_channel_slot *slot, - struct aws_byte_buf *buf, - aws_channel_on_message_write_completed_fn *on_write_completed, - void *completion_user_data); - /** * Returns a byte buffer by copy of the negotiated protocols. If there is no agreed upon protocol, len will be 0 and * buffer will be NULL. From 66bf906a5beaf2de9d158b8bb5be56cf95f35ca7 Mon Sep 17 00:00:00 2001 From: Joel Knight Date: Fri, 23 Feb 2024 11:57:59 -0700 Subject: [PATCH 42/44] CI job for FreeBSD (#630) --- .github/workflows/ci.yml | 21 ++++++++++++++++++++- builder.json | 2 +- 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0dc0b8b6a..aeac60f99 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,7 +6,7 @@ on: - 'main' env: - BUILDER_VERSION: v0.9.55 + BUILDER_VERSION: v0.9.57 BUILDER_SOURCE: releases BUILDER_HOST: https://d19elf31gohf1l.cloudfront.net PACKAGE_NAME: aws-c-io @@ -148,6 +148,25 @@ jobs: chmod a+x builder ./builder build -p ${{ env.PACKAGE_NAME }} + freebsd: + runs-on: ubuntu-22.04 # latest + steps: + - uses: actions/checkout@v4 + - name: Build ${{ env.PACKAGE_NAME }} + consumers + id: test + uses: cross-platform-actions/action@v0.23.0 + with: + operating_system: freebsd + architecture: x86-64 + version: '14.0' + cpu_count: 4 + shell: bash + run: | + sudo pkg install -y python3 py39-urllib3 + python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')" + chmod a+x builder + ./builder build -p ${{ env.PACKAGE_NAME }} + openbsd: runs-on: ubuntu-22.04 # latest steps: diff --git a/builder.json b/builder.json index 434ebcfb4..d6ec01c9e 100644 --- a/builder.json +++ b/builder.json @@ -5,7 +5,7 @@ { "name": "aws-c-cal" }, { "name": "s2n", - "targets": ["linux", "android", "openbsd"] + "targets": ["linux", "android", "freebsd", "openbsd"] } ], "downstream": [ From 2de5e86aff554c333f51173dfb8f87b3ed20ad51 Mon Sep 17 00:00:00 2001 From: Waqar Ahmed Khan Date: Mon, 11 Mar 2024 15:28:35 -0700 Subject: [PATCH 43/44] Update docs to clarify `aws_io_message` Cleanup Rules (#633) --- include/aws/io/channel.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/aws/io/channel.h b/include/aws/io/channel.h index aca73d7c6..1f8401f9a 100644 --- a/include/aws/io/channel.h +++ b/include/aws/io/channel.h @@ -54,6 +54,8 @@ struct aws_channel_handler_vtable { /** * Called by the channel when a message is available for processing in the read direction. It is your * responsibility to call aws_mem_release(message->allocator, message); on message when you are finished with it. + * You must only call `aws_mem_release(message->allocator, message);` if the `process_read_message` + * returns AWS_OP_SUCCESS. In case of an error, you must not clean up the message and should just raise the error. * * Also keep in mind that your slot's internal window has been decremented. You'll want to call * aws_channel_slot_increment_read_window() at some point in the future if you want to keep receiving data. @@ -65,6 +67,8 @@ struct aws_channel_handler_vtable { /** * Called by the channel when a message is available for processing in the write direction. It is your * responsibility to call aws_mem_release(message->allocator, message); on message when you are finished with it. + * You must only call `aws_mem_release(message->allocator, message);` if the `process_read_message` + * returns AWS_OP_SUCCESS. In case of an error, you must not clean up the message and should just raise the error. */ int (*process_write_message)( struct aws_channel_handler *handler, From 5afc94435cc0c0b3dc33279dd62552ea15bbea0c Mon Sep 17 00:00:00 2001 From: Jacob Quinn Date: Mon, 11 Mar 2024 17:45:01 -0600 Subject: [PATCH 44/44] Fix sizeof channel negotiation task (#631) Co-authored-by: Waqar Ahmed Khan --- source/darwin/secure_transport_tls_channel_handler.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/darwin/secure_transport_tls_channel_handler.c b/source/darwin/secure_transport_tls_channel_handler.c index fe647dd24..924399201 100644 --- a/source/darwin/secure_transport_tls_channel_handler.c +++ b/source/darwin/secure_transport_tls_channel_handler.c @@ -504,7 +504,7 @@ int aws_tls_client_handler_start_negotiation(struct aws_channel_handler *handler return s_drive_negotiation(handler); } - struct aws_channel_task *negotiation_task = aws_mem_acquire(handler->alloc, sizeof(struct aws_task)); + struct aws_channel_task *negotiation_task = aws_mem_acquire(handler->alloc, sizeof(struct aws_channel_task)); if (!negotiation_task) { return AWS_OP_ERR;