openssl x509 -in cacert3.der -inform DER -out $(TOOLS)/files/cacert3.pem
cat $(TOOLS)/files/cacert3.pem $(TOOLS)/files/cacert3.pem > $(TOOLS)/files/cacert3-twice.pem
openssl x509 -in cacert3.der -inform DER -out $(TRUST)/files/cacert3-trusted.pem \
- -addtrust clientAuth -addtrust serverAuth -addreject emailProtection \
+ -addtrust serverAuth -addreject emailProtection \
-setalias "Custom Label"
- cp $(TRUST)/files/cacert3-trusted.pem $(TOOLS)/files/cacert3-trusted-client-server-alias.pem
+ cp $(TRUST)/files/cacert3-trusted.pem $(TOOLS)/files/cacert3-trusted-server-alias.pem
openssl x509 -in cacert3.der -inform DER -out $(TOOLS)/files/cacert3-trusted-alias.pem \
-setalias "Custom Label"
openssl x509 -in cacert3.der -inform DER -out $(TOOLS)/files/cacert3-distrust-all.pem \
-addreject serverAuth -addreject clientAuth -addreject codeSigning \
-addreject emailProtection -addreject ipsecEndSystem -addreject ipsecTunnel \
-addreject ipsecUser -addreject timeStamping
- cat $(TOOLS)/files/cacert3-trusted-client-server-alias.pem \
+ cat $(TOOLS)/files/cacert3-trusted-server-alias.pem \
$(TOOLS)/files/cacert3-trusted-alias.pem > $(TOOLS)/files/cacert3-trusted-multiple.pem
cp -v cacert-ca.der $(TRUST)/input
cp -v cacert-ca.der $(TRUST)/files
#include "compat.h"
#include "constants.h"
#include "debug.h"
+#include "hash.h"
#include "pkcs11.h"
#include "pkcs11x.h"
#include <assert.h>
#include <stdarg.h>
#include <stdio.h>
+#include <stdint.h>
#include <stdlib.h>
#include <string.h>
p11_attr_hash (const void *data)
{
const CK_ATTRIBUTE *attr = data;
- unsigned int hash = (unsigned int)attr->type;
- const char *p, *end;
+ uint32_t hash;
- for (p = attr->pValue, end = p + attr->ulValueLen ; p != NULL && p != end; p++)
- hash = (hash << 5) - hash + *p;
+ p11_hash_murmur2 (&hash,
+ &attr->type, sizeof (attr->type),
+ attr->pValue, (size_t)attr->ulValueLen,
+ NULL);
return hash;
}
#include "debug.h"
#include "dict.h"
+#include "hash.h"
#include <sys/types.h>
#include <assert.h>
+#include <stdint.h>
#include <stdlib.h>
#include <string.h>
unsigned int
p11_dict_str_hash (const void *string)
{
- const char *p = string;
- unsigned int hash = *p;
-
- if (hash)
- for (p += 1; *p != '\0'; p++)
- hash = (hash << 5) - hash + *p;
-
+ uint32_t hash;
+ p11_hash_murmur2 (&hash, string, strlen (string), NULL);
return hash;
}
md5_final (&md5, hash);
md5_invalidate (&md5);
}
+
+/*
+ * MurmurHash.c
+ * MYUtilities
+ *
+ * This file created by Jens Alfke on 3/17/08.
+ * Algorithm & source code by Austin Appleby, released to public domain.
+ * <http://murmurhash.googlepages.com/>
+ * Downloaded 3/16/2008.
+ * Modified slightly by Jens Alfke (use standard uint32_t and size_t types;
+ * change 'm' and 'r' to #defines for better C compatibility.)
+ *
+ */
+
+/*-----------------------------------------------------------------------------
+ * MurmurHash2, by Austin Appleby
+ *
+ * Note - This code makes a few assumptions about how your machine behaves -
+ *
+ * 1. We can read a 4-byte value from any address without crashing
+ * 2. sizeof(int) == 4 **Jens: I fixed this by changing 'unsigned int' to 'uint32_t'**
+ *
+ * And it has a few limitations -
+ *
+ * 1. It will not work incrementally.
+ * 2. It will not produce the same results on little-endian and big-endian
+ * machines.
+ */
+
+void
+p11_hash_murmur2 (void *hash,
+ const void *input,
+ size_t len,
+ ...)
+{
+ /*
+ * 'm' and 'r' are mixing constants generated offline.
+ * They're not really 'magic', they just happen to work well.
+ * seed is arbitrarily chosen
+ */
+
+ #define m 0x5bd1e995
+ #define r 24
+ #define seed 42
+
+ const unsigned char * data = input;
+ unsigned char overflow[4];
+ va_list va;
+ uint32_t h;
+
+ /* Initialize the hash based on the length */
+ va_start (va, len);
+ h = len;
+ while (va_arg (va, const void *))
+ h += va_arg (va, size_t);
+ h ^= seed;
+ va_end (va);
+
+ /* Mix 4 bytes at a time into the hash */
+ va_start (va, len);
+ for (;;) {
+ uint32_t k;
+
+ if (len >= 4) {
+ k = *(uint32_t *)data;
+ data += 4;
+ len -= 4;
+
+ } else {
+ size_t num = len;
+ memcpy (overflow, data, len);
+
+ while (num < 4) {
+ size_t part;
+
+ data = va_arg (va, const void *);
+ if (!data)
+ break;
+
+ /* Combine uint32 from old and new */
+ len = va_arg (va, size_t);
+ part = 4 - num;
+ if (part > len)
+ part = len;
+ memcpy (overflow + num, data, part);
+ data += part;
+ len -= part;
+ num += part;
+ }
+
+ if (num < 4) {
+ len = num;
+ break;
+ }
+
+ k = *(uint32_t *)overflow;
+ }
+
+ k *= m;
+ k ^= k >> r;
+ k *= m;
+
+ h *= m;
+ h ^= k;
+ }
+ va_end (va);
+
+ /* Handle the last few bytes of the input array */
+ switch(len) {
+ case 3: h ^= overflow[2] << 16;
+ case 2: h ^= overflow[1] << 8;
+ case 1: h ^= overflow[0];
+ h *= m;
+ };
+
+ /*
+ * Do a few final mixes of the hash to ensure the last few
+ * bytes are well-incorporated.
+ */
+ h ^= h >> 13;
+ h *= m;
+ h ^= h >> 15;
+
+ assert (sizeof (h) == P11_HASH_MURMUR2_LEN);
+ memcpy (hash, &h, sizeof (h));
+}
size_t length,
...) GNUC_NULL_TERMINATED;
+#define P11_HASH_MURMUR2_LEN 4
+
+void p11_hash_murmur2 (void *hash,
+ const void *input,
+ size_t length,
+ ...) GNUC_NULL_TERMINATED;
+
#endif /* P11_HASH_H_ */
(size_t)oid[1] == len - 2); /* matches length */
}
-unsigned int
-p11_oid_hash (const void *oid)
-{
- const unsigned char *v = oid;
- unsigned int hash;
- int len;
- int i;
-
- len = p11_oid_length (v);
- hash = v[0];
-
- for (i = 1; i < len; i++)
- hash = (hash << 5) - hash + v[i];
-
- return hash;
-}
-
bool
p11_oid_equal (const void *oid_one,
const void *oid_two)
bool p11_oid_simple (const unsigned char *oid,
int len);
-unsigned int p11_oid_hash (const void *oid);
-
bool p11_oid_equal (const void *oid_one,
const void *oid_two);
#include "config.h"
#include "CuTest.h"
+#include <assert.h>
+#include <stdint.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
}
}
+static void
+test_murmur2 (CuTest *cu)
+{
+ struct {
+ const char *input;
+ const char *input2;
+ int hash;
+ } fixtures[] = {
+ { "one", NULL, 1910179066 },
+ { "two", NULL, 396151652 },
+ { "four", NULL, -2034170174 },
+ { "seven", NULL, -588341181 },
+ /* Note that these are identical output */
+ { "eleven", NULL, -37856894 },
+ { "ele", "ven", -37856894 },
+ { NULL },
+ };
+
+ uint32_t first;
+ uint32_t second;
+ int i;
+
+ assert (sizeof (first) == P11_HASH_MURMUR2_LEN);
+ for (i = 0; fixtures[i].input != NULL; i++) {
+ p11_hash_murmur2 ((unsigned char *)&first,
+ fixtures[i].input,
+ strlen (fixtures[i].input),
+ fixtures[i].input2,
+ fixtures[i].input2 ? strlen (fixtures[i].input2) : 0,
+ NULL);
+
+ p11_hash_murmur2 ((unsigned char *)&second,
+ fixtures[i].input,
+ strlen (fixtures[i].input),
+ fixtures[i].input2,
+ fixtures[i].input2 ? strlen (fixtures[i].input2) : 0,
+ NULL);
+
+ CuAssertIntEquals (cu, fixtures[i].hash, first);
+ CuAssertIntEquals (cu, fixtures[i].hash, second);
+ }
+}
+
+static void
+test_murmur2_incr (CuTest *cu)
+{
+ uint32_t first, second;
+
+ p11_hash_murmur2 ((unsigned char *)&first,
+ "this is the long input!", 23,
+ NULL);
+
+ p11_hash_murmur2 ((unsigned char *)&second,
+ "this", 4,
+ " ", 1,
+ "is ", 3,
+ "the long ", 9,
+ "in", 2,
+ "p", 1,
+ "u", 1,
+ "t", 1,
+ "!", 1,
+ NULL);
+
+ CuAssertIntEquals (cu, first, second);
+}
+
int
main (void)
{
SUITE_ADD_TEST (suite, test_sha1);
SUITE_ADD_TEST (suite, test_sha1_long);
SUITE_ADD_TEST (suite, test_md5);
+ SUITE_ADD_TEST (suite, test_murmur2);
+ SUITE_ADD_TEST (suite, test_murmur2_incr);
CuSuiteRun (suite);
CuSuiteSummary (suite, output);
0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn
ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT
d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60
-4GGSt/M3mMS+lqO3ijAwMBQGCCsGAQUFBwMCBggrBgEFBQcDAaAKBggrBgEFBQcD
-BAwMQ3VzdG9tIExhYmVs
+4GGSt/M3mMS+lqO3ijAmMAoGCCsGAQUFBwMBoAoGCCsGAQUFBwMEDAxDdXN0b20g
+TGFiZWw=
-----END TRUSTED CERTIFICATE-----
-----BEGIN TRUSTED CERTIFICATE-----
MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv
0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn
ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT
d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60
-4GGSt/M3mMS+lqO3ijAwMBQGCCsGAQUFBwMCBggrBgEFBQcDAaAKBggrBgEFBQcD
-BAwMQ3VzdG9tIExhYmVs
+4GGSt/M3mMS+lqO3ijAmMAoGCCsGAQUFBwMBoAoGCCsGAQUFBwMEDAxDdXN0b20g
+TGFiZWw=
-----END TRUSTED CERTIFICATE-----
{ CKA_INVALID },
};
-static CK_ATTRIBUTE extension_eku_client_server[] = {
+static CK_ATTRIBUTE extension_eku_server[] = {
{ CKA_CLASS, &extension_class, sizeof (extension_class) },
{ CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) },
- { CKA_VALUE, (void *)test_eku_client_and_server, sizeof (test_eku_client_and_server) },
+ { CKA_VALUE, (void *)test_eku_server, sizeof (test_eku_server) },
{ CKA_INVALID },
};
setup (tc);
setup_objects (cacert3_authority_attrs,
- extension_eku_client_server,
+ extension_eku_server,
extension_reject_email,
NULL);
CuAssertIntEquals (tc, true, ret);
test_check_file (tc, test.directory, "extract.pem",
- SRCDIR "/files/cacert3-trusted-client-server-alias.pem");
+ SRCDIR "/files/cacert3-trusted-server-alias.pem");
teardown (tc);
}
setup (tc);
setup_objects (cacert3_authority_attrs,
- extension_eku_client_server,
+ extension_eku_server,
extension_reject_email,
NULL);
setup (tc);
setup_objects (cacert3_authority_attrs,
- extension_eku_client_server,
+ extension_eku_server,
extension_reject_email,
NULL);
#endif
NULL));
test_check_file (tc, test.directory, "Custom_Label.pem",
- SRCDIR "/files/cacert3-trusted-client-server-alias.pem");
+ SRCDIR "/files/cacert3-trusted-server-alias.pem");
test_check_file (tc, test.directory, "Custom_Label.1.pem",
SRCDIR "/files/cacert3-trusted-alias.pem");
#ifdef OS_UNIX
0x01, 0x05, 0x05, 0x07, 0x03, 0x02,
};
-static const char test_eku_client_and_server[] = {
- 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, 0x08, 0x2b, 0x06,
- 0x01, 0x05, 0x05, 0x07, 0x03, 0x01,
+static const char test_eku_server[] = {
+ 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01,
};
static const char test_eku_email[] = {
0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn
ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT
d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60
-4GGSt/M3mMS+lqO3ijAwMBQGCCsGAQUFBwMCBggrBgEFBQcDAaAKBggrBgEFBQcD
-BAwMQ3VzdG9tIExhYmVs
+4GGSt/M3mMS+lqO3ijAmMAoGCCsGAQUFBwMBoAoGCCsGAQUFBwMEDAxDdXN0b20g
+TGFiZWw=
-----END TRUSTED CERTIFICATE-----
{ CKA_CLASS, &certificate_extension, sizeof (certificate_extension), },
{ CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) },
{ CKA_X_CRITICAL, &truev, sizeof (truev) },
- { CKA_VALUE, "\x30\x14\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x01\x06\x08\x2b\x06"
- "\x01\x05\x05\x07\x03\x02", 22 },
+ { CKA_VALUE, "\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x01", 12 },
{ CKA_INVALID },
};
projects / p11-kit / commitdiff