* [gentoo-commits] proj/gnome:master commit in: gnome-base/gnome-keyring/, gnome-base/libgnome-keyring/, ...
@ 2011-03-10 15:41 Nirbheek Chauhan
0 siblings, 0 replies; only message in thread
From: Nirbheek Chauhan @ 2011-03-10 15:41 UTC (permalink / raw
To: gentoo-commits
commit: be2e0a6746bab78a704b2689587aa3544f623481
Author: Nirbheek Chauhan <nirbheek <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 10 15:35:53 2011 +0000
Commit: Nirbheek Chauhan <nirbheek <AT> gentoo <DOT> org>
CommitDate: Thu Mar 10 15:35:55 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/gnome.git;a=commit;h=be2e0a67
gnome-base/{lib,}gnome-keyring: bump to 2.91.92
---
.../files/gnome-keyring-trunk-1.patch | 169 ---
.../files/gnome-keyring-trunk-2.patch | 80 -
.../files/gnome-keyring-trunk-3.patch | 892 ------------
.../files/gnome-keyring-trunk-4.patch | 21 -
.../files/gnome-keyring-trunk-5.patch | 1538 --------------------
.../files/gnome-keyring-trunk-6.patch | 42 -
...00.ebuild => gnome-keyring-2.91.92-r300.ebuild} | 8 +-
...2.91.91.ebuild => gnome-keyring-2.91.92.ebuild} | 6 -
.../libgnome-keyring-2.91.92.ebuild | 50 +
9 files changed, 51 insertions(+), 2755 deletions(-)
diff --git a/gnome-base/gnome-keyring/files/gnome-keyring-trunk-1.patch b/gnome-base/gnome-keyring/files/gnome-keyring-trunk-1.patch
deleted file mode 100644
index 518cf29..0000000
--- a/gnome-base/gnome-keyring/files/gnome-keyring-trunk-1.patch
+++ /dev/null
@@ -1,169 +0,0 @@
-From a78de9fffce4ef2ac669e389b2283e0efbb6feb2 Mon Sep 17 00:00:00 2001
-From: Stef Walter <stefw@collabora.co.uk>
-Date: Tue, 08 Mar 2011 17:10:19 +0000
-Subject: [egg] Complete implementation of openssl sytle PEM writing
-
-The openssl PEM parser is particularly fragile, so write some
-stringent tests to check.
----
-diff --git a/egg/egg-openssl.c b/egg/egg-openssl.c
-index ef715dd..2e83e63 100644
---- a/egg/egg-openssl.c
-+++ b/egg/egg-openssl.c
-@@ -284,13 +284,11 @@ egg_openssl_pem_parse (const guchar *data, gsize n_data,
- return nfound;
- }
-
--#ifdef UNTESTED_CODE
--
- static void
- append_each_header (gpointer key, gpointer value, gpointer user_data)
- {
- GString *string = (GString*)user_data;
--
-+
- g_string_append (string, (gchar*)key);
- g_string_append (string, ": ");
- g_string_append (string, (gchar*)value);
-@@ -303,14 +301,15 @@ egg_openssl_pem_write (const guchar *data, gsize n_data, GQuark type,
- {
- GString *string;
- gint state, save;
-- gsize length, n_prefix;
--
-+ gsize i, length;
-+ gsize n_prefix, estimate;
-+
- g_return_val_if_fail (data || !n_data, NULL);
- g_return_val_if_fail (type, NULL);
- g_return_val_if_fail (n_result, NULL);
-
- string = g_string_sized_new (4096);
--
-+
- /* The prefix */
- g_string_append_len (string, PEM_PREF_BEGIN, PEM_PREF_BEGIN_L);
- g_string_append (string, g_quark_to_string (type));
-@@ -324,29 +323,42 @@ egg_openssl_pem_write (const guchar *data, gsize n_data, GQuark type,
- }
-
- /* Resize string to fit the base64 data. Algorithm from Glib reference */
-- length = n_data * 4 / 3 + n_data * 4 / (3 * 72) + 7;
-+ estimate = n_data * 4 / 3 + n_data * 4 / (3 * 65) + 7;
- n_prefix = string->len;
-- g_string_set_size (string, n_prefix + length);
--
-- /* The actual base64 data */
-+ g_string_set_size (string, n_prefix + estimate);
-+
-+ /* The actual base64 data, without line breaks */
- state = save = 0;
-- length = g_base64_encode_step (data, n_data, TRUE,
-- string->str + string->len, &state, &save);
-+ length = g_base64_encode_step (data, n_data, FALSE,
-+ string->str + n_prefix, &state, &save);
-+ length += g_base64_encode_close (TRUE, string->str + n_prefix + length,
-+ &state, &save);
-+
-+ g_assert (length <= estimate);
- g_string_set_size (string, n_prefix + length);
--
-+
-+ /*
-+ * OpenSSL is absolutely certain that it wants its PEM base64
-+ * lines to be 64 characters in length. So go through and break
-+ * those lines up.
-+ */
-+
-+ for (i = 64; i < length; i += 64) {
-+ g_string_insert_c (string, n_prefix + i, '\n');
-+ ++length;
-+ ++i;
-+ }
-+
- /* The suffix */
-- g_string_append_c (string, '\n');
- g_string_append_len (string, PEM_PREF_END, PEM_PREF_END_L);
- g_string_append (string, g_quark_to_string (type));
- g_string_append_len (string, PEM_SUFF, PEM_SUFF_L);
- g_string_append_c (string, '\n');
--
-+
- *n_result = string->len;
- return (guchar*)g_string_free (string, FALSE);
- }
-
--#endif /* UNTESTED_CODE */
--
- /* ----------------------------------------------------------------------------
- * DEFINITIONS
- */
-diff --git a/egg/tests/test-openssl.c b/egg/tests/test-openssl.c
-index bf8134a..18f9fd9 100644
---- a/egg/tests/test-openssl.c
-+++ b/egg/tests/test-openssl.c
-@@ -33,12 +33,14 @@
- #include <stdlib.h>
- #include <stdio.h>
- #include <string.h>
-+#include <unistd.h>
-
- EGG_SECURE_GLIB_DEFINITIONS ();
-
- typedef struct {
- guchar *input;
- gsize n_input;
-+ GQuark reftype;
- guchar *refenc;
- guchar *refdata;
- gsize n_refenc;
-@@ -76,6 +78,9 @@ parse_reference (GQuark type, const guchar *data, gsize n_data,
- gboolean res;
- const gchar *dekinfo;
-
-+ g_assert (type);
-+ test->reftype = type;
-+
- g_assert ("no data in PEM callback" && data != NULL);
- g_assert ("no data in PEM callback" && n_data > 0);
- test->refenc = g_memdup (data, n_data);
-@@ -129,6 +134,29 @@ test_write_reference (Test *test, gconstpointer unused)
- g_assert ("data doesn't match input" && memcmp (encrypted, test->refenc, n_encrypted) == 0);
- }
-
-+static void
-+test_write_exactly_same (Test *test, gconstpointer unused)
-+{
-+ guchar *result;
-+ gsize n_result;
-+ guint num;
-+
-+ num = egg_openssl_pem_parse (test->input, test->n_input, parse_reference, test);
-+ g_assert ("couldn't PEM block in reference data" && num == 1);
-+
-+ result = egg_openssl_pem_write (test->refenc, test->n_refenc, test->reftype,
-+ test->refheaders, &n_result);
-+
-+ /*
-+ * Yes sirrr. Openssl's parser is so fragile, that we have to make it
-+ * character for character identical. This includes line breaks, whitespace
-+ * and line endings.
-+ */
-+
-+ egg_assert_cmpmem (test->input, test->n_input, ==, result, n_result);
-+ g_free (result);
-+}
-+
- /* 29 bytes (prime number, so block length has bad chance of matching */
- static const guchar *TEST_DATA = (guchar*)"ABCDEFGHIJKLMNOPQRSTUVWXYZ123";
- const gsize TEST_DATA_L = 29;
-@@ -175,6 +203,7 @@ main (int argc, char **argv)
-
- g_test_add ("/openssl/parse_reference", Test, NULL, setup, test_parse_reference, teardown);
- g_test_add ("/openssl/write_reference", Test, NULL, setup, test_write_reference, teardown);
-+ g_test_add ("/openssl/write_exactly_same", Test, NULL, setup, test_write_exactly_same, teardown);
- g_test_add ("/openssl/openssl_roundtrip", Test, NULL, setup, test_openssl_roundtrip, teardown);
-
- return g_test_run ();
---
-cgit v0.8.3.4
diff --git a/gnome-base/gnome-keyring/files/gnome-keyring-trunk-2.patch b/gnome-base/gnome-keyring/files/gnome-keyring-trunk-2.patch
deleted file mode 100644
index ebbad47..0000000
--- a/gnome-base/gnome-keyring/files/gnome-keyring-trunk-2.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From e4df658ea0751ce78598b8783664899b0ad54a52 Mon Sep 17 00:00:00 2001
-From: Matthias Clasen <mclasen@redhat.com>
-Date: Sat, 26 Feb 2011 05:38:48 +0000
-Subject: Add a desktop file for gnome-keyring-prompt
-
-This is necessary for gnome-shell to pick up a meaningful
-name and icon to display in the application menu while the
-dialog is shown.
-https://bugzilla.gnome.org/show_bug.cgi?id=643229
----
-diff --git a/configure.in b/configure.in
-index 3249666..8e03c7d 100644
---- a/configure.in
-+++ b/configure.in
-@@ -730,6 +730,7 @@ schema/Makefile
- testing/Makefile
- tool/Makefile
- ui/Makefile
-+ui/gnome-keyring-prompt.desktop.in
- ui/tests/Makefile
- ])
-
-diff --git a/po/POTFILES.in b/po/POTFILES.in
-index a21a4f9..7485677 100644
---- a/po/POTFILES.in
-+++ b/po/POTFILES.in
-@@ -30,4 +30,5 @@ pkcs11/wrap-layer/gkm-wrap-login.c
- pkcs11/wrap-layer/gkm-wrap-prompt.c
- tool/gkr-tool.c
- ui/gku-prompt-tool.c
-+ui/gnome-keyring-prompt.desktop.in.in
- [type: gettext/glade]ui/gku-prompt.ui
-diff --git a/po/POTFILES.skip b/po/POTFILES.skip
-index 4230965..4a6ef38 100644
---- a/po/POTFILES.skip
-+++ b/po/POTFILES.skip
-@@ -6,3 +6,4 @@ daemon/org.freedesktop.secrets.service.in
- daemon/org.gnome.keyring.service.in
- gcr/gcr-import-dialog.ui
- gcr/gcr-certificate-basics-widget.ui
-+ui/gnome-keyring-prompt.desktop.in
-diff --git a/ui/Makefile.am b/ui/Makefile.am
-index 5073e46..ded3d50 100644
---- a/ui/Makefile.am
-+++ b/ui/Makefile.am
-@@ -84,3 +84,18 @@ if WITH_GTK3
- install-exec-hook:
- @test -e "$(DESTDIR)$(libexecdir)/gnome-keyring-prompt" || (cd $(DESTDIR)$(libexecdir) && $(LN_S) gnome-keyring-prompt@GCR_VERSION_SUFFIX@ gnome-keyring-prompt)
- endif
-+
-+@INTLTOOL_DESKTOP_RULE@
-+desktopdir= $(datadir)/applications
-+desktop_in_in_files = gnome-keyring-prompt.desktop.in.in
-+desktop_in_files = gnome-keyring-prompt.desktop.in
-+desktop_DATA = $(desktop_in_files:.desktop.in=.desktop)
-+
-+EXTRA_DIST += \
-+ $(desktop_in_in_files)
-+
-+CLEANFILES = \
-+ $(desktop_DATA)
-+
-+DISTCLEANFILES = \
-+ $(desktop_in_files)
-diff --git a/ui/gnome-keyring-prompt.desktop.in.in b/ui/gnome-keyring-prompt.desktop.in.in
-new file mode 100644
-index 0000000..917b5a0
---- a/dev/null
-+++ b/ui/gnome-keyring-prompt.desktop.in.in
-@@ -0,0 +1,8 @@
-+[Desktop Entry]
-+_Name=Keyring Access
-+_Comment=Unlock access to passwords and other secrets
-+Icon=security-medium
-+Exec=@LIBEXECDIR@/gnome-keyring-prompt
-+Terminal=false
-+Type=Application
-+NoDisplay=true
---
-cgit v0.8.3.4
diff --git a/gnome-base/gnome-keyring/files/gnome-keyring-trunk-3.patch b/gnome-base/gnome-keyring/files/gnome-keyring-trunk-3.patch
deleted file mode 100644
index 28d9f30..0000000
--- a/gnome-base/gnome-keyring/files/gnome-keyring-trunk-3.patch
+++ /dev/null
@@ -1,892 +0,0 @@
-From c8b3144f36edb54f3af4d08bd0cb65acca5bf4e9 Mon Sep 17 00:00:00 2001
-From: Stef Walter <stefw@collabora.co.uk>
-Date: Wed, 09 Mar 2011 09:27:51 +0000
-Subject: [dbus] Pass an alias argument along to a CreateCollection dbus method.
-
-This is new in the specification and prevents problems with race
-conditions and multiple applications all trying to create the
-default keyring.
----
-diff --git a/daemon/dbus/gkd-secret-create.c b/daemon/dbus/gkd-secret-create.c
-index a21a206..bdca3e2 100644
---- a/daemon/dbus/gkd-secret-create.c
-+++ b/daemon/dbus/gkd-secret-create.c
-@@ -22,12 +22,15 @@
- #include "config.h"
-
- #include "gkd-secret-create.h"
-+#include "gkd-secret-dispatch.h"
- #include "gkd-secret-error.h"
-+#include "gkd-secret-objects.h"
- #include "gkd-secret-prompt.h"
- #include "gkd-secret-secret.h"
- #include "gkd-secret-service.h"
- #include "gkd-secret-session.h"
- #include "gkd-secret-types.h"
-+#include "gkd-secret-unlock.h"
- #include "gkd-secret-util.h"
-
- #include "egg/egg-error.h"
-@@ -43,12 +46,14 @@
-
- enum {
- PROP_0,
-- PROP_PKCS11_ATTRIBUTES
-+ PROP_PKCS11_ATTRIBUTES,
-+ PROP_ALIAS
- };
-
- struct _GkdSecretCreate {
- GkdSecretPrompt parent;
- GckAttributes *pkcs11_attrs;
-+ gchar *alias;
- gchar *result_path;
- };
-
-@@ -93,6 +98,8 @@ static gboolean
- create_collection_with_secret (GkdSecretCreate *self, GkdSecretSecret *master)
- {
- DBusError derr = DBUS_ERROR_INIT;
-+ GkdSecretService *service;
-+ gchar *identifier;
-
- g_assert (GKD_SECRET_IS_CREATE (self));
- g_assert (master);
-@@ -106,9 +113,84 @@ create_collection_with_secret (GkdSecretCreate *self, GkdSecretSecret *master)
- return FALSE;
- }
-
-+ if (self->alias) {
-+ if (!gkd_secret_util_parse_path (self->result_path, &identifier, NULL))
-+ g_assert_not_reached ();
-+ service = gkd_secret_prompt_get_service (GKD_SECRET_PROMPT (self));
-+ gkd_secret_service_set_alias (service, self->alias, identifier);
-+ g_free (identifier);
-+ }
-+
- return TRUE;
- }
-
-+static gboolean
-+locate_alias_collection_if_exists (GkdSecretCreate *self)
-+{
-+ GkdSecretService *service;
-+ GkdSecretObjects *objects;
-+ GckObject *collection;
-+ const gchar *identifier;
-+ const gchar *caller;
-+ gchar *path;
-+
-+ if (!self->alias)
-+ return FALSE;
-+
-+ g_assert (!self->result_path);
-+
-+ service = gkd_secret_prompt_get_service (GKD_SECRET_PROMPT (self));
-+ caller = gkd_secret_prompt_get_caller (GKD_SECRET_PROMPT (self));
-+ objects = gkd_secret_prompt_get_objects (GKD_SECRET_PROMPT (self));
-+
-+ identifier = gkd_secret_service_get_alias (service, self->alias);
-+ if (!identifier)
-+ return FALSE;
-+
-+ /* Make sure it actually exists */
-+ path = gkd_secret_util_build_path (SECRET_COLLECTION_PREFIX, identifier, -1);
-+ collection = gkd_secret_objects_lookup_collection (objects, caller, path);
-+
-+ if (collection) {
-+ self->result_path = path;
-+ g_object_unref (collection);
-+ return TRUE;
-+ } else {
-+ g_free (path);
-+ return FALSE;
-+ }
-+}
-+
-+static void
-+unlock_or_complete_this_prompt (GkdSecretCreate *self)
-+{
-+ GkdSecretUnlock *unlock;
-+ GkdSecretPrompt *prompt;
-+
-+ g_object_ref (self);
-+ prompt = GKD_SECRET_PROMPT (self);
-+
-+ unlock = gkd_secret_unlock_new (gkd_secret_prompt_get_service (prompt),
-+ gkd_secret_prompt_get_caller (prompt),
-+ gkd_secret_dispatch_get_object_path (GKD_SECRET_DISPATCH (self)));
-+ gkd_secret_unlock_queue (unlock, self->result_path);
-+
-+ /*
-+ * If any need to be unlocked, then replace this prompt
-+ * object with an unlock prompt object, and call the prompt
-+ * method.
-+ */
-+ if (gkd_secret_unlock_have_queued (unlock)) {
-+ gkd_secret_service_publish_dispatch (gkd_secret_prompt_get_service (prompt),
-+ gkd_secret_prompt_get_caller (prompt),
-+ GKD_SECRET_DISPATCH (unlock));
-+ gkd_secret_unlock_call_prompt (unlock, gkd_secret_prompt_get_window_id (prompt));
-+ }
-+
-+ g_object_unref (unlock);
-+ g_object_unref (self);
-+}
-+
- /* -----------------------------------------------------------------------------
- * OBJECT
- */
-@@ -120,7 +202,15 @@ gkd_secret_create_prompt_ready (GkdSecretPrompt *prompt)
- GkdSecretSecret *master;
-
- if (!gku_prompt_has_response (GKU_PROMPT (prompt))) {
-- prepare_create_prompt (self);
-+
-+ /* Does the alias exist? */
-+ if (locate_alias_collection_if_exists (self))
-+ unlock_or_complete_this_prompt (self);
-+
-+ /* Otherwise we're going to prompt */
-+ else
-+ prepare_create_prompt (self);
-+
- return;
- }
-
-@@ -161,10 +251,8 @@ gkd_secret_create_finalize (GObject *obj)
- GkdSecretCreate *self = GKD_SECRET_CREATE (obj);
-
- gck_attributes_unref (self->pkcs11_attrs);
-- self->pkcs11_attrs = NULL;
--
- g_free (self->result_path);
-- self->result_path = NULL;
-+ g_free (self->alias);
-
- G_OBJECT_CLASS (gkd_secret_create_parent_class)->finalize (obj);
- }
-@@ -181,6 +269,10 @@ gkd_secret_create_set_property (GObject *obj, guint prop_id, const GValue *value
- self->pkcs11_attrs = g_value_dup_boxed (value);
- g_return_if_fail (self->pkcs11_attrs);
- break;
-+ case PROP_ALIAS:
-+ g_return_if_fail (!self->alias);
-+ self->alias = g_value_dup_string (value);
-+ break;
- default:
- G_OBJECT_WARN_INVALID_PROPERTY_ID (obj, prop_id, pspec);
- break;
-@@ -197,6 +289,9 @@ gkd_secret_create_get_property (GObject *obj, guint prop_id, GValue *value,
- case PROP_PKCS11_ATTRIBUTES:
- g_value_set_boxed (value, self->pkcs11_attrs);
- break;
-+ case PROP_ALIAS:
-+ g_value_set_string (value, self->alias);
-+ break;
- default:
- G_OBJECT_WARN_INVALID_PROPERTY_ID (obj, prop_id, pspec);
- break;
-@@ -219,6 +314,10 @@ gkd_secret_create_class_init (GkdSecretCreateClass *klass)
- g_object_class_install_property (gobject_class, PROP_PKCS11_ATTRIBUTES,
- g_param_spec_boxed ("pkcs11-attributes", "PKCS11 Attributes", "PKCS11 Attributes",
- GCK_TYPE_ATTRIBUTES, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
-+
-+ g_object_class_install_property (gobject_class, PROP_ALIAS,
-+ g_param_spec_string ("alias", "Alias", "Collection Alias",
-+ NULL, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
- }
-
- /* -----------------------------------------------------------------------------
-@@ -227,12 +326,13 @@ gkd_secret_create_class_init (GkdSecretCreateClass *klass)
-
- GkdSecretCreate*
- gkd_secret_create_new (GkdSecretService *service, const gchar *caller,
-- GckAttributes *attrs)
-+ GckAttributes *attrs, const gchar *alias)
- {
- return g_object_new (GKD_SECRET_TYPE_CREATE,
- "service", service,
- "caller", caller,
- "pkcs11-attributes", attrs,
-+ "alias", alias,
- NULL);
- }
-
-diff --git a/daemon/dbus/gkd-secret-create.h b/daemon/dbus/gkd-secret-create.h
-index ad37a58..d24afe9 100644
---- a/daemon/dbus/gkd-secret-create.h
-+++ b/daemon/dbus/gkd-secret-create.h
-@@ -46,7 +46,8 @@ GType gkd_secret_create_get_type (void);
-
- GkdSecretCreate* gkd_secret_create_new (GkdSecretService *service,
- const gchar *caller,
-- GckAttributes *attrs);
-+ GckAttributes *attrs,
-+ const gchar *alias);
-
- GckObject* gkd_secret_create_with_credential (GckSession *session,
- GckAttributes *attrs,
-diff --git a/daemon/dbus/gkd-secret-introspect.c b/daemon/dbus/gkd-secret-introspect.c
-index 8fee835..b6f9813 100644
---- a/daemon/dbus/gkd-secret-introspect.c
-+++ b/daemon/dbus/gkd-secret-introspect.c
-@@ -200,7 +200,8 @@ const gchar *gkd_secret_introspect_service =
- " </method>\n"
- "\n"
- " <method name='CreateCollection'>\n"
-- " <arg name='props' type='a{sv}' direction='in'/>\n"
-+ " <arg name='properties' type='a{sv}' direction='in'/>\n"
-+ " <arg name='alias' type='s' direction='in'/>\n"
- " <arg name='collection' type='o' direction='out'/>\n"
- " <arg name='prompt' type='o' direction='out'/>\n"
- " </method>\n"
-diff --git a/daemon/dbus/gkd-secret-objects.c b/daemon/dbus/gkd-secret-objects.c
-index 1766907..4cfd4e7 100644
---- a/daemon/dbus/gkd-secret-objects.c
-+++ b/daemon/dbus/gkd-secret-objects.c
-@@ -49,7 +49,6 @@ struct _GkdSecretObjects {
- GObject parent;
- GkdSecretService *service;
- GckSlot *pkcs11_slot;
-- GHashTable *aliases;
- };
-
- G_DEFINE_TYPE (GkdSecretObjects, gkd_secret_objects, G_TYPE_OBJECT);
-@@ -71,7 +70,7 @@ parse_object_path (GkdSecretObjects *self, const gchar *path, gchar **collection
- return FALSE;
-
- if (g_str_has_prefix (path, SECRET_ALIAS_PREFIX)) {
-- replace = g_hash_table_lookup (self->aliases, *collection);
-+ replace = gkd_secret_service_get_alias (self->service, *collection);
- if (!replace) {
-
- /*
-@@ -831,7 +830,7 @@ gkd_secret_objects_constructor (GType type, guint n_props, GObjectConstructParam
- static void
- gkd_secret_objects_init (GkdSecretObjects *self)
- {
-- self->aliases = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, g_free);
-+
- }
-
- static void
-@@ -858,7 +857,6 @@ gkd_secret_objects_finalize (GObject *obj)
- {
- GkdSecretObjects *self = GKD_SECRET_OBJECTS (obj);
-
-- g_hash_table_destroy (self->aliases);
- g_assert (!self->pkcs11_slot);
- g_assert (!self->service);
-
-@@ -1333,20 +1331,3 @@ gkd_secret_objects_handle_get_secrets (GkdSecretObjects *self, DBusMessage *mess
-
- return reply;
- }
--
--const gchar*
--gkd_secret_objects_get_alias (GkdSecretObjects *self, const gchar *alias)
--{
-- g_return_val_if_fail (GKD_SECRET_IS_OBJECTS (self), NULL);
-- g_return_val_if_fail (alias, NULL);
-- return g_hash_table_lookup (self->aliases, alias);
--}
--
--void
--gkd_secret_objects_set_alias (GkdSecretObjects *self, const gchar *alias,
-- const gchar *identifier)
--{
-- g_return_if_fail (GKD_SECRET_IS_OBJECTS (self));
-- g_return_if_fail (alias);
-- g_hash_table_replace (self->aliases, g_strdup (alias), g_strdup (identifier));
--}
-diff --git a/daemon/dbus/gkd-secret-objects.h b/daemon/dbus/gkd-secret-objects.h
-index 2f2ffb2..2d54509 100644
---- a/daemon/dbus/gkd-secret-objects.h
-+++ b/daemon/dbus/gkd-secret-objects.h
-@@ -74,11 +74,4 @@ GckObject* gkd_secret_objects_lookup_item (GkdSecretObjec
- const gchar *caller,
- const gchar *path);
-
--const gchar* gkd_secret_objects_get_alias (GkdSecretObjects *self,
-- const gchar *alias);
--
--void gkd_secret_objects_set_alias (GkdSecretObjects *self,
-- const gchar *alias,
-- const gchar *identifier);
--
- #endif /* __GKD_SECRET_OBJECTS_H__ */
-diff --git a/daemon/dbus/gkd-secret-prompt.c b/daemon/dbus/gkd-secret-prompt.c
-index 1f67599..7ff6c79 100644
---- a/daemon/dbus/gkd-secret-prompt.c
-+++ b/daemon/dbus/gkd-secret-prompt.c
-@@ -48,7 +48,6 @@ enum {
- #define PROMPT_IKE_GROUP "ietf-ike-grp-modp-1536"
-
- struct _GkdSecretPromptPrivate {
-- GkuPrompt parent;
- gchar *object_path;
- GkdSecretService *service;
- GkdSecretSession *session;
-@@ -443,6 +442,13 @@ gkd_secret_prompt_get_caller (GkdSecretPrompt *self)
- return self->pv->caller;
- }
-
-+const gchar*
-+gkd_secret_prompt_get_window_id (GkdSecretPrompt *self)
-+{
-+ g_return_val_if_fail (GKD_SECRET_IS_PROMPT (self), NULL);
-+ return self->pv->window_id;
-+}
-+
- GckSession*
- gkd_secret_prompt_get_pkcs11_session (GkdSecretPrompt *self)
- {
-@@ -451,6 +457,14 @@ gkd_secret_prompt_get_pkcs11_session (GkdSecretPrompt *self)
- return gkd_secret_service_get_pkcs11_session (self->pv->service, self->pv->caller);
- }
-
-+GkdSecretService*
-+gkd_secret_prompt_get_service (GkdSecretPrompt *self)
-+{
-+ g_return_val_if_fail (GKD_SECRET_IS_PROMPT (self), NULL);
-+ g_return_val_if_fail (self->pv->service, NULL);
-+ return self->pv->service;
-+}
-+
- GkdSecretObjects*
- gkd_secret_prompt_get_objects (GkdSecretPrompt *self)
- {
-diff --git a/daemon/dbus/gkd-secret-prompt.h b/daemon/dbus/gkd-secret-prompt.h
-index 1766a5d..4423be2 100644
---- a/daemon/dbus/gkd-secret-prompt.h
-+++ b/daemon/dbus/gkd-secret-prompt.h
-@@ -59,6 +59,8 @@ GType gkd_secret_prompt_get_type (void);
-
- const gchar* gkd_secret_prompt_get_caller (GkdSecretPrompt *self);
-
-+const gchar* gkd_secret_prompt_get_window_id (GkdSecretPrompt *self);
-+
- GckSession* gkd_secret_prompt_get_pkcs11_session (GkdSecretPrompt *self);
-
- GkdSecretService* gkd_secret_prompt_get_service (GkdSecretPrompt *self);
-diff --git a/daemon/dbus/gkd-secret-service.c b/daemon/dbus/gkd-secret-service.c
-index 9c0071c..198ad65 100644
---- a/daemon/dbus/gkd-secret-service.c
-+++ b/daemon/dbus/gkd-secret-service.c
-@@ -59,6 +59,7 @@ struct _GkdSecretService {
- GHashTable *clients;
- gchar *match_rule;
- GkdSecretObjects *objects;
-+ GHashTable *aliases;
- };
-
- typedef struct _ServiceClient {
-@@ -67,8 +68,7 @@ typedef struct _ServiceClient {
- pid_t caller_pid;
- CK_G_APPLICATION app;
- GckSession *pkcs11_session;
-- GHashTable *sessions;
-- GHashTable *prompts;
-+ GHashTable *dispatch;
- } ServiceClient;
-
- /* Forward declaration */
-@@ -93,9 +93,11 @@ update_default (GkdSecretService *self, gboolean force)
- const gchar *identifier;
- gchar *path;
-
-- identifier = gkd_secret_objects_get_alias (self->objects, "default");
-- if (!force && identifier)
-- return;
-+ if (!force) {
-+ identifier = g_hash_table_lookup (self->aliases, "default");
-+ if (identifier)
-+ return;
-+ }
-
- path = default_path ();
- if (g_file_get_contents (path, &contents, NULL, NULL)) {
-@@ -107,8 +109,7 @@ update_default (GkdSecretService *self, gboolean force)
- }
- g_free (path);
-
-- gkd_secret_objects_set_alias (self->objects, "default", contents);
-- g_free (contents);
-+ g_hash_table_replace (self->aliases, g_strdup ("default"), contents);
- }
-
- static void
-@@ -118,7 +119,7 @@ store_default (GkdSecretService *self)
- const gchar *identifier;
- gchar *path;
-
-- identifier = gkd_secret_objects_get_alias (self->objects, "default");
-+ identifier = g_hash_table_lookup (self->aliases, "default");
- if (!identifier)
- return;
-
-@@ -172,8 +173,7 @@ free_client (gpointer data)
- }
-
- /* The sessions and prompts the client has open */
-- g_hash_table_destroy (client->sessions);
-- g_hash_table_destroy (client->prompts);
-+ g_hash_table_destroy (client->dispatch);
-
- g_free (client);
- }
-@@ -237,8 +237,7 @@ on_get_connection_unix_process_id (DBusPendingCall *pending, gpointer user_data)
- if (caller_pid != 0)
- client->caller_exec = egg_unix_credentials_executable (caller_pid);
- client->app.applicationData = client;
-- client->sessions = g_hash_table_new_full (g_str_hash, g_str_equal, NULL, dispose_and_unref);
-- client->prompts = g_hash_table_new_full (g_str_hash, g_str_equal, NULL, dispose_and_unref);
-+ client->dispatch = g_hash_table_new_full (g_str_hash, g_str_equal, NULL, dispose_and_unref);
-
- g_hash_table_replace (self->clients, client->caller_peer, client);
-
-@@ -371,10 +370,8 @@ static DBusMessage*
- service_method_open_session (GkdSecretService *self, DBusMessage *message)
- {
- GkdSecretSession *session;
-- ServiceClient *client;
- DBusMessage *reply = NULL;
- const gchar *caller;
-- const gchar *path;
-
- if (!dbus_message_has_signature (message, "sv"))
- return NULL;
-@@ -385,18 +382,11 @@ service_method_open_session (GkdSecretService *self, DBusMessage *message)
- session = gkd_secret_session_new (self, caller);
- reply = gkd_secret_session_handle_open (session, message);
-
-- if (dbus_message_get_type (reply) == DBUS_MESSAGE_TYPE_METHOD_RETURN) {
-- /* Take ownership of the session */
-- client = g_hash_table_lookup (self->clients, caller);
-- g_return_val_if_fail (client, NULL);
-- path = gkd_secret_dispatch_get_object_path (GKD_SECRET_DISPATCH (session));
-- g_return_val_if_fail (!g_hash_table_lookup (client->sessions, path), NULL);
-- g_hash_table_replace (client->sessions, (gpointer)path, session);
--
-- } else {
-- g_object_unref (session);
-- }
-+ if (dbus_message_get_type (reply) == DBUS_MESSAGE_TYPE_METHOD_RETURN)
-+ gkd_secret_service_publish_dispatch (self, caller,
-+ GKD_SECRET_DISPATCH (session));
-
-+ g_object_unref (session);
- return reply;
- }
-
-@@ -406,14 +396,14 @@ service_method_create_collection (GkdSecretService *self, DBusMessage *message)
- DBusMessageIter iter, array;
- GckAttributes *attrs;
- GkdSecretCreate *create;
-- ServiceClient *client;
- DBusMessage *reply;
- const gchar *path;
-+ const gchar *alias;
- const char *caller;
- const gchar *coll;
-
- /* Parse the incoming message */
-- if (!dbus_message_has_signature (message, "a{sv}"))
-+ if (!dbus_message_has_signature (message, "a{sv}s"))
- return NULL;
- if (!dbus_message_iter_init (message, &iter))
- g_return_val_if_reached (NULL);
-@@ -424,18 +414,31 @@ service_method_create_collection (GkdSecretService *self, DBusMessage *message)
- return dbus_message_new_error_printf (message, DBUS_ERROR_INVALID_ARGS,
- "Invalid properties");
- }
-+ if (!dbus_message_iter_next (&iter))
-+ g_return_val_if_reached (NULL);
-+ dbus_message_iter_get_basic (&iter, &alias);
-+
-+ /* Empty alias is no alias */
-+ if (alias) {
-+ if (!alias[0]) {
-+ alias = NULL;
-+ } else if (!g_str_equal (alias, "default")) {
-+ gck_attributes_unref (attrs);
-+ return dbus_message_new_error (message, DBUS_ERROR_NOT_SUPPORTED,
-+ "Only the 'default' alias is supported");
-+ }
-+ }
-
- gck_attributes_add_boolean (attrs, CKA_TOKEN, TRUE);
-
- /* Create the prompt object, for the password */
- caller = dbus_message_get_sender (message);
-- create = gkd_secret_create_new (self, caller, attrs);
-+ create = gkd_secret_create_new (self, caller, attrs, alias);
- gck_attributes_unref (attrs);
-
- path = gkd_secret_dispatch_get_object_path (GKD_SECRET_DISPATCH (create));
-- client = g_hash_table_lookup (self->clients, caller);
-- g_return_val_if_fail (client, NULL);
-- g_hash_table_replace (client->prompts, (gpointer)path, create);
-+ gkd_secret_service_publish_dispatch (self, caller,
-+ GKD_SECRET_DISPATCH (create));
-
- coll = "/";
- reply = dbus_message_new_method_return (message);
-@@ -444,6 +447,7 @@ service_method_create_collection (GkdSecretService *self, DBusMessage *message)
- DBUS_TYPE_OBJECT_PATH, &path,
- DBUS_TYPE_INVALID);
-
-+ g_object_unref (create);
- return reply;
- }
-
-@@ -461,7 +465,6 @@ static DBusMessage*
- service_method_unlock (GkdSecretService *self, DBusMessage *message)
- {
- GkdSecretUnlock *unlock;
-- ServiceClient *client;
- DBusMessage *reply;
- const char *caller;
- const gchar *path;
-@@ -474,17 +477,16 @@ service_method_unlock (GkdSecretService *self, DBusMessage *message)
- return NULL;
-
- caller = dbus_message_get_sender (message);
-- unlock = gkd_secret_unlock_new (self, caller);
-+ unlock = gkd_secret_unlock_new (self, caller, NULL);
- for (i = 0; i < n_objpaths; ++i)
- gkd_secret_unlock_queue (unlock, objpaths[i]);
- dbus_free_string_array (objpaths);
-
- /* So do we need to prompt? */
- if (gkd_secret_unlock_have_queued (unlock)) {
-- client = g_hash_table_lookup (self->clients, caller);
-- g_return_val_if_fail (client, NULL);
-+ gkd_secret_service_publish_dispatch (self, caller,
-+ GKD_SECRET_DISPATCH (unlock));
- path = gkd_secret_dispatch_get_object_path (GKD_SECRET_DISPATCH (unlock));
-- g_hash_table_replace (client->prompts, (gpointer)path, g_object_ref (unlock));
-
- /* No need to prompt */
- } else {
-@@ -546,7 +548,6 @@ static DBusMessage*
- service_method_change_lock (GkdSecretService *self, DBusMessage *message)
- {
- GkdSecretChange *change;
-- ServiceClient *client;
- DBusMessage *reply;
- const char *caller;
- const gchar *path;
-@@ -564,10 +565,9 @@ service_method_change_lock (GkdSecretService *self, DBusMessage *message)
- g_object_unref (collection);
-
- change = gkd_secret_change_new (self, caller, path);
-- client = g_hash_table_lookup (self->clients, caller);
-- g_return_val_if_fail (client, NULL);
- path = gkd_secret_dispatch_get_object_path (GKD_SECRET_DISPATCH (change));
-- g_hash_table_replace (client->prompts, (gpointer)path, g_object_ref (change));
-+ gkd_secret_service_publish_dispatch (self, caller,
-+ GKD_SECRET_DISPATCH (change));
-
- reply = dbus_message_new_method_return (message);
- dbus_message_append_args (reply, DBUS_TYPE_OBJECT_PATH, &path, DBUS_TYPE_INVALID);
-@@ -588,9 +588,7 @@ service_method_read_alias (GkdSecretService *self, DBusMessage *message)
- if (!dbus_message_get_args (message, NULL, DBUS_TYPE_STRING, &alias, DBUS_TYPE_INVALID))
- return NULL;
-
-- update_default (self, FALSE);
--
-- identifier = gkd_secret_objects_get_alias (self->objects, alias);
-+ identifier = gkd_secret_service_get_alias (self, alias);
- if (identifier)
- path = gkd_secret_util_build_path (SECRET_COLLECTION_PREFIX, identifier, -1);
-
-@@ -647,11 +645,9 @@ service_method_set_alias (GkdSecretService *self, DBusMessage *message)
-
- g_object_unref (collection);
-
-- gkd_secret_objects_set_alias (self->objects, alias, identifier);
-+ gkd_secret_service_set_alias (self, alias, identifier);
- g_free (identifier);
-
-- store_default (self);
--
- return dbus_message_new_method_return (message);
- }
-
-@@ -907,17 +903,10 @@ service_dispatch_message (GkdSecretService *self, DBusMessage *message)
- path = dbus_message_get_path (message);
- g_return_if_fail (path);
-
-- /* Dispatched to a session, find a session in this client */
-- if (object_path_has_prefix (path, SECRET_SESSION_PREFIX)) {
-- object = g_hash_table_lookup (client->sessions, path);
-- if (object == NULL)
-- reply = gkd_secret_error_no_such_object (message);
-- else
-- reply = gkd_secret_dispatch_message (GKD_SECRET_DISPATCH (object), message);
--
-- /* Dispatched to a prompt, find a prompt in this client */
-- } else if (object_path_has_prefix (path, SECRET_PROMPT_PREFIX)) {
-- object = g_hash_table_lookup (client->prompts, path);
-+ /* Dispatched to a session or prompt */
-+ if (object_path_has_prefix (path, SECRET_SESSION_PREFIX) ||
-+ object_path_has_prefix (path, SECRET_PROMPT_PREFIX)) {
-+ object = g_hash_table_lookup (client->dispatch, path);
- if (object == NULL)
- reply = gkd_secret_error_no_such_object (message);
- else
-@@ -1064,6 +1053,7 @@ static void
- gkd_secret_service_init (GkdSecretService *self)
- {
- self->clients = g_hash_table_new_full (g_str_hash, g_str_equal, NULL, free_client);
-+ self->aliases = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, g_free);
- }
-
- static void
-@@ -1106,6 +1096,9 @@ gkd_secret_service_finalize (GObject *obj)
- g_hash_table_destroy (self->clients);
- self->clients = NULL;
-
-+ g_hash_table_destroy (self->aliases);
-+ self->aliases = NULL;
-+
- G_OBJECT_CLASS (gkd_secret_service_parent_class)->finalize (obj);
- }
-
-@@ -1251,6 +1244,7 @@ gkd_secret_service_lookup_session (GkdSecretService *self, const gchar *path,
- const gchar *caller)
- {
- ServiceClient *client;
-+ gpointer object;
-
- g_return_val_if_fail (GKD_SECRET_IS_SERVICE (self), NULL);
- g_return_val_if_fail (path, NULL);
-@@ -1259,7 +1253,11 @@ gkd_secret_service_lookup_session (GkdSecretService *self, const gchar *path,
- client = g_hash_table_lookup (self->clients, caller);
- g_return_val_if_fail (client, NULL);
-
-- return g_hash_table_lookup (client->sessions, path);
-+ object = g_hash_table_lookup (client->dispatch, path);
-+ if (object == NULL || !GKD_SECRET_IS_SESSION (object))
-+ return NULL;
-+
-+ return GKD_SECRET_SESSION (object);
- }
-
- void
-@@ -1277,5 +1275,53 @@ gkd_secret_service_close_session (GkdSecretService *self, GkdSecretSession *sess
- g_return_if_fail (client);
-
- path = gkd_secret_dispatch_get_object_path (GKD_SECRET_DISPATCH (session));
-- g_hash_table_remove (client->sessions, path);
-+ g_hash_table_remove (client->dispatch, path);
-+}
-+
-+const gchar*
-+gkd_secret_service_get_alias (GkdSecretService *self, const gchar *alias)
-+{
-+ const gchar *identifier;
-+
-+ g_return_val_if_fail (GKD_SECRET_IS_SERVICE (self), NULL);
-+ g_return_val_if_fail (alias, NULL);
-+
-+ identifier = g_hash_table_lookup (self->aliases, alias);
-+ if (!identifier && g_str_equal (alias, "default")) {
-+ update_default (self, TRUE);
-+ identifier = g_hash_table_lookup (self->aliases, alias);
-+ }
-+ return identifier;
-+}
-+
-+void
-+gkd_secret_service_set_alias (GkdSecretService *self, const gchar *alias,
-+ const gchar *identifier)
-+{
-+ g_return_if_fail (GKD_SECRET_IS_SERVICE (self));
-+ g_return_if_fail (alias);
-+
-+ g_hash_table_replace (self->aliases, g_strdup (alias), g_strdup (identifier));
-+
-+ if (g_str_equal (alias, "default"))
-+ store_default (self);
-+}
-+
-+void
-+gkd_secret_service_publish_dispatch (GkdSecretService *self, const gchar *caller,
-+ GkdSecretDispatch *object)
-+{
-+ ServiceClient *client;
-+ const gchar *path;
-+
-+ g_return_if_fail (GKD_SECRET_IS_SERVICE (self));
-+ g_return_if_fail (caller);
-+ g_return_if_fail (GKD_SECRET_IS_DISPATCH (object));
-+
-+ /* Take ownership of the session */
-+ client = g_hash_table_lookup (self->clients, caller);
-+ g_return_if_fail (client);
-+ path = gkd_secret_dispatch_get_object_path (object);
-+ g_return_if_fail (!g_hash_table_lookup (client->dispatch, path));
-+ g_hash_table_replace (client->dispatch, (gpointer)path, g_object_ref (object));
- }
-diff --git a/daemon/dbus/gkd-secret-service.h b/daemon/dbus/gkd-secret-service.h
-index 6eac4ed..84356c3 100644
---- a/daemon/dbus/gkd-secret-service.h
-+++ b/daemon/dbus/gkd-secret-service.h
-@@ -66,4 +66,15 @@ void gkd_secret_service_close_session (GkdSecretSer
- void gkd_secret_service_send (GkdSecretService *self,
- DBusMessage *message);
-
-+const gchar* gkd_secret_service_get_alias (GkdSecretService *self,
-+ const gchar *alias);
-+
-+void gkd_secret_service_set_alias (GkdSecretService *self,
-+ const gchar *alias,
-+ const gchar *identifier);
-+
-+void gkd_secret_service_publish_dispatch (GkdSecretService *self,
-+ const gchar *caller,
-+ GkdSecretDispatch *object);
-+
- #endif /* ___SECRET_SERVICE_H__ */
-diff --git a/daemon/dbus/gkd-secret-unlock.c b/daemon/dbus/gkd-secret-unlock.c
-index 57dad3d..35f672a 100644
---- a/daemon/dbus/gkd-secret-unlock.c
-+++ b/daemon/dbus/gkd-secret-unlock.c
-@@ -267,11 +267,7 @@ prompt_method_prompt (GkdSecretUnlock *self, DBusMessage *message)
- return dbus_message_new_error (message, SECRET_ERROR_ALREADY_EXISTS,
- "This prompt has already been shown.");
-
-- g_free (self->window_id);
-- self->window_id = g_strdup (window_id);
--
-- self->prompted = TRUE;
-- perform_next_unlock (self);
-+ gkd_secret_unlock_call_prompt (self, window_id);
-
- reply = dbus_message_new_method_return (message);
- dbus_message_append_args (reply, DBUS_TYPE_INVALID);
-@@ -350,7 +346,8 @@ gkd_secret_unlock_constructor (GType type, guint n_props, GObjectConstructParam
- g_return_val_if_fail (self->service, NULL);
-
- /* Setup the path for the object */
-- self->object_path = g_strdup_printf (SECRET_PROMPT_PREFIX "/u%d", ++unique_prompt_number);
-+ if (!self->object_path)
-+ self->object_path = g_strdup_printf (SECRET_PROMPT_PREFIX "/u%d", ++unique_prompt_number);
-
- return G_OBJECT (self);
- }
-@@ -426,6 +423,10 @@ gkd_secret_unlock_set_property (GObject *obj, guint prop_id, const GValue *value
- g_object_add_weak_pointer (G_OBJECT (self->service),
- (gpointer*)&(self->service));
- break;
-+ case PROP_OBJECT_PATH:
-+ g_return_if_fail (!self->object_path);
-+ self->object_path = g_strdup (g_value_get_pointer (value));
-+ break;
- default:
- G_OBJECT_WARN_INVALID_PROPERTY_ID (obj, prop_id, pspec);
- break;
-@@ -472,7 +473,7 @@ gkd_secret_unlock_class_init (GkdSecretUnlockClass *klass)
-
- g_object_class_install_property (gobject_class, PROP_OBJECT_PATH,
- g_param_spec_pointer ("object-path", "Object Path", "DBus Object Path",
-- G_PARAM_READABLE));
-+ G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
-
- g_object_class_install_property (gobject_class, PROP_SERVICE,
- g_param_spec_object ("service", "Service", "Service which owns this prompt",
-@@ -490,22 +491,27 @@ gkd_secret_dispatch_iface (GkdSecretDispatchIface *iface)
- */
-
- GkdSecretUnlock*
--gkd_secret_unlock_new (GkdSecretService *service, const gchar *caller)
-+gkd_secret_unlock_new (GkdSecretService *service, const gchar *caller,
-+ const gchar *object_path)
- {
-- return g_object_new (GKD_SECRET_TYPE_UNLOCK, "service", service, "caller", caller, NULL);
-+ return g_object_new (GKD_SECRET_TYPE_UNLOCK,
-+ "service", service,
-+ "caller", caller,
-+ "object-path", object_path,
-+ NULL);
- }
-
- void
--gkd_secret_unlock_queue (GkdSecretUnlock *self, const gchar *objpath)
-+gkd_secret_unlock_queue (GkdSecretUnlock *self, const gchar *unlock_path)
- {
- gboolean locked = TRUE;
- GckObject *coll;
- gchar *path;
-
- g_return_if_fail (GKD_SECRET_IS_UNLOCK (self));
-- g_return_if_fail (objpath);
-+ g_return_if_fail (unlock_path);
-
-- coll = lookup_collection (self, objpath);
-+ coll = lookup_collection (self, unlock_path);
- if (coll == NULL)
- return;
-
-@@ -515,7 +521,7 @@ gkd_secret_unlock_queue (GkdSecretUnlock *self, const gchar *objpath)
-
- }
-
-- path = g_strdup (objpath);
-+ path = g_strdup (unlock_path);
- if (locked)
- g_queue_push_tail (self->queued, path);
- else
-@@ -552,6 +558,19 @@ gkd_secret_unlock_reset_results (GkdSecretUnlock *self)
- g_array_set_size (self->results, 0);
- }
-
-+void
-+gkd_secret_unlock_call_prompt (GkdSecretUnlock *self, const gchar *window_id)
-+{
-+ g_return_if_fail (GKD_SECRET_IS_UNLOCK (self));
-+ g_return_if_fail (!self->prompted);
-+
-+ g_assert (!self->window_id);
-+ self->window_id = g_strdup (window_id);
-+
-+ self->prompted = TRUE;
-+ perform_next_unlock (self);
-+}
-+
- gboolean
- gkd_secret_unlock_with_secret (GckObject *collection, GkdSecretSecret *master,
- DBusError *derr)
-diff --git a/daemon/dbus/gkd-secret-unlock.h b/daemon/dbus/gkd-secret-unlock.h
-index 3fde30f..c5e3e50 100644
---- a/daemon/dbus/gkd-secret-unlock.h
-+++ b/daemon/dbus/gkd-secret-unlock.h
-@@ -42,10 +42,11 @@ struct _GkdSecretUnlockClass {
- GType gkd_secret_unlock_get_type (void);
-
- GkdSecretUnlock* gkd_secret_unlock_new (GkdSecretService *service,
-- const gchar *caller);
-+ const gchar *caller,
-+ const gchar *object_path);
-
- void gkd_secret_unlock_queue (GkdSecretUnlock *self,
-- const gchar *objpath);
-+ const gchar *unlock_path);
-
- gboolean gkd_secret_unlock_have_queued (GkdSecretUnlock *self);
-
-@@ -54,6 +55,9 @@ gchar** gkd_secret_unlock_get_results (GkdSecretUnlock *
-
- void gkd_secret_unlock_reset_results (GkdSecretUnlock *self);
-
-+void gkd_secret_unlock_call_prompt (GkdSecretUnlock *self,
-+ const gchar *window_id);
-+
- gboolean gkd_secret_unlock_with_secret (GckObject *collection,
- GkdSecretSecret *master,
- DBusError *derr);
---
-cgit v0.8.3.4
diff --git a/gnome-base/gnome-keyring/files/gnome-keyring-trunk-4.patch b/gnome-base/gnome-keyring/files/gnome-keyring-trunk-4.patch
deleted file mode 100644
index 5a785d9..0000000
--- a/gnome-base/gnome-keyring/files/gnome-keyring-trunk-4.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-From ced422b8770ba321ae0c3271b8344ee031d55748 Mon Sep 17 00:00:00 2001
-From: Stef Walter <stefw@collabora.co.uk>
-Date: Wed, 09 Mar 2011 09:29:55 +0000
-Subject: Change warning on bad certificate data to a simple message.
-
----
-diff --git a/pkcs11/gkm/gkm-certificate.c b/pkcs11/gkm/gkm-certificate.c
-index 866e703..256c747 100644
---- a/pkcs11/gkm/gkm-certificate.c
-+++ b/pkcs11/gkm/gkm-certificate.c
-@@ -380,7 +380,7 @@ gkm_certificate_real_load (GkmSerializable *base, GkmSecret *login, gconstpointe
- /* Parse the ASN1 data */
- res = gkm_data_der_read_certificate (copy, n_data, &asn1);
- if (res != GKM_DATA_SUCCESS) {
-- g_warning ("couldn't parse certificate data");
-+ g_message ("couldn't parse certificate data");
- g_free (copy);
- return FALSE;
- }
---
-cgit v0.8.3.4
diff --git a/gnome-base/gnome-keyring/files/gnome-keyring-trunk-5.patch b/gnome-base/gnome-keyring/files/gnome-keyring-trunk-5.patch
deleted file mode 100644
index 9f18aca..0000000
--- a/gnome-base/gnome-keyring/files/gnome-keyring-trunk-5.patch
+++ /dev/null
@@ -1,1538 +0,0 @@
-From 655e0e90a4f96de76348f84cab0c64014078fdbb Mon Sep 17 00:00:00 2001
-From: Stef Walter <stefw@collabora.co.uk>
-Date: Wed, 09 Mar 2011 09:41:42 +0000
-Subject: Merge branch 'with-hkdf'
-
----
-diff --git a/daemon/dbus/gkd-secret-session.c b/daemon/dbus/gkd-secret-session.c
-index 8c99373..81648b9 100644
---- a/daemon/dbus/gkd-secret-session.c
-+++ b/daemon/dbus/gkd-secret-session.c
-@@ -119,20 +119,52 @@ aes_derive_key (GckSession *session, GckObject *priv_key,
- gconstpointer input, gsize n_input, GckObject **aes_key)
- {
- GError *error = NULL;
-- GckMechanism mech = { CKM_DH_PKCS_DERIVE, input, n_input };
-+ GckMechanism mech;
- GckAttributes *attrs;
-+ GckObject *dh_key;
-+
-+ /*
-+ * First we have to generate a secret key from the DH key. The
-+ * length of this key depends on the size of our DH prime
-+ */
-+
-+ mech.type = CKM_DH_PKCS_DERIVE;
-+ mech.parameter = input;
-+ mech.n_parameter = n_input;
-+
-+ attrs = gck_attributes_new ();
-+ gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_SECRET_KEY);
-+ gck_attributes_add_ulong (attrs, CKA_KEY_TYPE, CKK_GENERIC_SECRET);
-+
-+ dh_key = gck_session_derive_key_full (session, priv_key, &mech, attrs, NULL, &error);
-+
-+ gck_attributes_unref (attrs);
-+
-+ if (!dh_key) {
-+ g_warning ("couldn't derive key from dh key pair: %s", egg_error_message (error));
-+ g_clear_error (&error);
-+ return FALSE;
-+ }
-+
-+ /*
-+ * Now use HKDF to generate our AES key.
-+ */
-+
-+ mech.type = CKM_G_HKDF_SHA256_DERIVE;
-+ mech.parameter = NULL;
-+ mech.n_parameter = 0;
-
- attrs = gck_attributes_new ();
- gck_attributes_add_ulong (attrs, CKA_VALUE_LEN, 16UL);
- gck_attributes_add_ulong (attrs, CKA_CLASS, CKO_SECRET_KEY);
- gck_attributes_add_ulong (attrs, CKA_KEY_TYPE, CKK_AES);
-
-- *aes_key = gck_session_derive_key_full (session, priv_key, &mech, attrs, NULL, &error);
--
-+ *aes_key = gck_session_derive_key_full (session, dh_key, &mech, attrs, NULL, &error);
- gck_attributes_unref (attrs);
-+ g_object_unref (dh_key);
-
- if (!*aes_key) {
-- g_warning ("couldn't derive aes key from dh key pair: %s", egg_error_message (error));
-+ g_warning ("couldn't derive aes key from dh key: %s", egg_error_message (error));
- g_clear_error (&error);
- return FALSE;
- }
-@@ -529,7 +561,7 @@ gkd_secret_session_handle_open (GkdSecretSession *self, DBusMessage *message)
- "The session algorithm input argument was invalid");
- reply = plain_negotiate (self, message);
-
-- } else if (g_str_equal (algorithm, "dh-ietf1024-aes128-cbc-pkcs7")) {
-+ } else if (g_str_equal (algorithm, "dh-ietf1024-sha256-aes128-cbc-pkcs7")) {
- if (!g_str_equal ("ay", dbus_message_iter_get_signature (&variant)))
- return dbus_message_new_error (message, DBUS_ERROR_INVALID_ARGS,
- "The session algorithm input argument was invalid");
-@@ -538,7 +570,7 @@ gkd_secret_session_handle_open (GkdSecretSession *self, DBusMessage *message)
- reply = aes_negotiate (self, message, input, n_input);
-
- } else {
-- reply = dbus_message_new_error_printf (message, SECRET_ERROR_NOT_SUPPORTED,
-+ reply = dbus_message_new_error_printf (message, DBUS_ERROR_NOT_SUPPORTED,
- "The algorithm '%s' is not supported", algorithm);
- }
-
-diff --git a/daemon/dbus/gkd-secret-types.h b/daemon/dbus/gkd-secret-types.h
-index 3b6aed1..176c92f 100644
---- a/daemon/dbus/gkd-secret-types.h
-+++ b/daemon/dbus/gkd-secret-types.h
-@@ -42,7 +42,6 @@
-
- #define SECRET_ERROR_ALREADY_EXISTS "org.freedesktop.Secret.Error.AlreadyExists"
- #define SECRET_ERROR_IS_LOCKED "org.freedesktop.Secret.Error.IsLocked"
--#define SECRET_ERROR_NOT_SUPPORTED "org.freedesktop.Secret.Error.NotSupported"
- #define SECRET_ERROR_NO_SESSION "org.freedesktop.Secret.Error.NoSession"
- #define SECRET_ERROR_NO_SUCH_OBJECT "org.freedesktop.Secret.Error.NoSuchObject"
-
-diff --git a/egg/Makefile.am b/egg/Makefile.am
-index 8b3bd24..3d8e149 100644
---- a/egg/Makefile.am
-+++ b/egg/Makefile.am
-@@ -30,6 +30,7 @@ libegg_la_SOURCES = \
- egg-dn.c egg-dn.h \
- egg-error.h \
- egg-hex.c egg-hex.h \
-+ egg-hkdf.c egg-hkdf.h \
- egg-libgcrypt.c egg-libgcrypt.h \
- egg-mkdtemp.c egg-mkdtemp.h \
- egg-oid.c egg-oid.h \
-@@ -98,6 +99,7 @@ libegg_dbus_la_LIBADD = \
- libegg_prompt_la_SOURCES = \
- egg-dh.c egg-dh.h \
- egg-hex.c egg-hex.h \
-+ egg-hkdf.c egg-hkdf.h \
- egg-libgcrypt.c egg-libgcrypt.h \
- egg-padding.c egg-padding.h \
- egg-secure-memory.c egg-secure-memory.h
-diff --git a/egg/egg-dh.c b/egg/egg-dh.c
-index d192aeb..bed524e 100644
---- a/egg/egg-dh.c
-+++ b/egg/egg-dh.c
-@@ -306,12 +306,11 @@ egg_dh_gen_pair (gcry_mpi_t prime, gcry_mpi_t base, guint bits,
-
- gpointer
- egg_dh_gen_secret (gcry_mpi_t peer, gcry_mpi_t priv,
-- gcry_mpi_t prime, gsize bytes)
-+ gcry_mpi_t prime, gsize *bytes)
- {
- gcry_error_t gcry;
- guchar *value;
- gsize n_value;
-- gsize offset = 0;
- gcry_mpi_t k;
- gint bits;
-
-@@ -329,11 +328,8 @@ egg_dh_gen_secret (gcry_mpi_t peer, gcry_mpi_t priv,
- /* Write out the secret */
- gcry = gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n_value, k);
- g_return_val_if_fail (gcry == 0, NULL);
-- if (n_value < bytes)
-- offset = bytes - n_value;
-- value = egg_secure_alloc (n_value + offset);
-- memset (value, 0, n_value + offset);
-- gcry = gcry_mpi_print (GCRYMPI_FMT_USG, value + offset, n_value, &n_value, k);
-+ value = egg_secure_alloc (n_value);
-+ gcry = gcry_mpi_print (GCRYMPI_FMT_USG, value, n_value, &n_value, k);
- g_return_val_if_fail (gcry == 0, NULL);
-
- #if DEBUG_DH_SECRET
-@@ -342,11 +338,7 @@ egg_dh_gen_secret (gcry_mpi_t peer, gcry_mpi_t priv,
- gcry_mpi_release (k);
- #endif
-
-- if (bytes != 0 && bytes < n_value) {
-- offset = n_value - bytes;
-- memmove (value, value + offset, bytes);
-- egg_secure_clear (value + bytes, offset);
-- }
-+ *bytes = n_value;
-
- #if DEBUG_DH_SECRET
- gcry_mpi_scan (&k, GCRYMPI_FMT_USG, value, bytes, NULL);
-diff --git a/egg/egg-dh.h b/egg/egg-dh.h
-index cfdb3d0..ee315e2 100644
---- a/egg/egg-dh.h
-+++ b/egg/egg-dh.h
-@@ -45,6 +45,6 @@ gboolean egg_dh_gen_pair (gcry_mpi_t prime,
- gpointer egg_dh_gen_secret (gcry_mpi_t peer,
- gcry_mpi_t priv,
- gcry_mpi_t prime,
-- gsize bytes);
-+ gsize *bytes);
-
- #endif /* EGG_DH_H_ */
-diff --git a/egg/egg-hkdf.c b/egg/egg-hkdf.c
-new file mode 100644
-index 0000000..eaa90fc
---- a/dev/null
-+++ b/egg/egg-hkdf.c
-@@ -0,0 +1,109 @@
-+/*
-+ * gnome-keyring
-+ *
-+ * Copyright (C) 2011 Collabora Ltd.
-+ *
-+ * This program is free software; you can redistribute it and/or modify
-+ * it under the terms of the GNU Lesser General License as
-+ * published by the Free Software Foundation; either version 2.1 of
-+ * the License, or (at your option) any later version.
-+ *
-+ * This program is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ * Lesser General License for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General
-+ * License along with this program; if not, write to the Free Software
-+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
-+ * 02111-1307, USA.
-+ *
-+ * Author: Stef Walter <stefw@collabora.co.uk>
-+ */
-+
-+#include "config.h"
-+
-+#include "egg-hkdf.h"
-+#include "egg-secure-memory.h"
-+
-+#include <gcrypt.h>
-+
-+#include <string.h>
-+
-+gboolean
-+egg_hkdf_perform (const gchar *hash_algo, gconstpointer input, gsize n_input,
-+ gconstpointer salt, gsize n_salt, gconstpointer info,
-+ gsize n_info, gpointer output, gsize n_output)
-+{
-+ gpointer alloc = NULL;
-+ gpointer buffer = NULL;
-+ gcry_md_hd_t md1, md2;
-+ guint hash_len;
-+ guchar i;
-+ gint flags, algo;
-+ gsize step, n_buffer;
-+ guchar *at;
-+ gcry_error_t gcry;
-+
-+ algo = gcry_md_map_name (hash_algo);
-+ g_return_val_if_fail (algo != 0, FALSE);
-+
-+ hash_len = gcry_md_get_algo_dlen (algo);
-+ g_return_val_if_fail (hash_len != 0, FALSE);
-+ g_return_val_if_fail (n_output <= 255 * hash_len, FALSE);
-+
-+ /* Buffer we need to for intermediate stuff */
-+ if (gcry_is_secure (input)) {
-+ flags = GCRY_MD_FLAG_SECURE;
-+ buffer = gcry_malloc_secure (hash_len);
-+ } else {
-+ flags = 0;
-+ buffer = gcry_malloc (hash_len);
-+ }
-+
-+ g_return_val_if_fail (buffer, FALSE);
-+ n_buffer = 0;
-+
-+ /* Salt defaults to hash_len zeros */
-+ if (!salt) {
-+ salt = alloc = g_malloc0 (hash_len);
-+ n_salt = hash_len;
-+ }
-+
-+ /* Step 1: Extract */
-+ gcry = gcry_md_open (&md1, algo, GCRY_MD_FLAG_HMAC);
-+ g_return_val_if_fail (gcry == 0, FALSE);
-+ gcry = gcry_md_setkey (md1, salt, n_salt);
-+ g_return_val_if_fail (gcry == 0, FALSE);
-+ gcry_md_write (md1, input, n_input);
-+
-+ /* Step 2: Expand */
-+ gcry = gcry_md_open (&md2, algo, GCRY_MD_FLAG_HMAC);
-+ g_return_val_if_fail (gcry == 0, FALSE);
-+ gcry = gcry_md_setkey (md2, gcry_md_read (md1, algo), hash_len);
-+ g_return_val_if_fail (gcry == 0, FALSE);
-+ gcry_md_close (md1);
-+
-+ at = output;
-+ for (i = 1; i < 256; ++i) {
-+ gcry_md_reset (md2);
-+ gcry_md_write (md2, buffer, n_buffer);
-+ gcry_md_write (md2, info, n_info);
-+ gcry_md_write (md2, &i, 1);
-+
-+ n_buffer = hash_len;
-+ memcpy (buffer, gcry_md_read (md2, algo), n_buffer);
-+
-+ step = MIN (n_buffer, n_output);
-+ memcpy (at, buffer, step);
-+ n_output -= step;
-+ at += step;
-+
-+ if (!n_output)
-+ break;
-+ }
-+
-+ g_free (alloc);
-+ gcry_free (buffer);
-+ return TRUE;
-+}
-diff --git a/egg/tests/test-dh.c b/egg/tests/test-dh.c
-index 6a2b37f..13e9c70 100644
---- a/egg/tests/test-dh.c
-+++ b/egg/tests/test-dh.c
-@@ -31,6 +31,7 @@
- #include <stdio.h>
- #include <string.h>
-
-+#include <glib.h>
- #include <gcrypt.h>
-
- EGG_SECURE_GLIB_DEFINITIONS ();
-@@ -43,6 +44,7 @@ test_perform (void)
- gcry_mpi_t x2, X2;
- gpointer k1, k2;
- gboolean ret;
-+ gsize n1, n2;
-
- /* Load up the parameters */
- if (!egg_dh_default_params ("ietf-ike-grp-modp-768", &p, &g))
-@@ -55,13 +57,14 @@ test_perform (void)
- g_assert (ret);
-
- /* Calculate keys */
-- k1 = egg_dh_gen_secret (X2, x1, p, 96);
-+ k1 = egg_dh_gen_secret (X2, x1, p, &n1);
- g_assert (k1);
-- k2 = egg_dh_gen_secret (X1, x2, p, 96);
-+ k2 = egg_dh_gen_secret (X1, x2, p, &n2);
- g_assert (k2);
-
- /* Keys must be the same */
-- g_assert (memcmp (k1, k2, 96) == 0);
-+ egg_assert_cmpsize (n1, ==, n2);
-+ g_assert (memcmp (k1, k2, n1) == 0);
-
- gcry_mpi_release (p);
- gcry_mpi_release (g);
-@@ -97,7 +100,7 @@ test_short_pair (void)
- }
-
- static void
--test_dh_default (const gchar *name, guint bits)
-+check_dh_default (const gchar *name, guint bits)
- {
- gboolean ret;
- gcry_mpi_t p, g, check;
-@@ -134,44 +137,43 @@ test_dh_default (const gchar *name, guint bits)
- static void
- test_default_768 (void)
- {
-- test_dh_default ("ietf-ike-grp-modp-768", 768);
-+ check_dh_default ("ietf-ike-grp-modp-768", 768);
- }
-
- static void
- test_default_1024 (void)
- {
-- test_dh_default ("ietf-ike-grp-modp-1024", 1024);
-+ check_dh_default ("ietf-ike-grp-modp-1024", 1024);
- }
-
- static void
- test_default_1536 (void)
- {
-- test_dh_default ("ietf-ike-grp-modp-1536", 1536);
-+ check_dh_default ("ietf-ike-grp-modp-1536", 1536);
- }
-
--
- static void
- test_default_2048 (void)
- {
-- test_dh_default ("ietf-ike-grp-modp-2048", 2048);
-+ check_dh_default ("ietf-ike-grp-modp-2048", 2048);
- }
-
- static void
- test_default_3072 (void)
- {
-- test_dh_default ("ietf-ike-grp-modp-3072", 3072);
-+ check_dh_default ("ietf-ike-grp-modp-3072", 3072);
- }
-
- static void
- test_default_4096 (void)
- {
-- test_dh_default ("ietf-ike-grp-modp-4096", 4096);
-+ check_dh_default ("ietf-ike-grp-modp-4096", 4096);
- }
-
- static void
- test_default_8192 (void)
- {
-- test_dh_default ("ietf-ike-grp-modp-8192", 8192);
-+ check_dh_default ("ietf-ike-grp-modp-8192", 8192);
- }
-
- static void
-diff --git a/egg/tests/test-hkdf.c b/egg/tests/test-hkdf.c
-new file mode 100644
-index 0000000..44c463d
---- a/dev/null
-+++ b/egg/tests/test-hkdf.c
-@@ -0,0 +1,345 @@
-+/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */
-+/* test-hkdf.c: Test egg-hkdf.c
-+
-+ Copyright (C) 2011 Collabora Ltd.
-+
-+ The Gnome Keyring Library is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU Library General Public License as
-+ published by the Free Software Foundation; either version 2 of the
-+ License, or (at your option) any later version.
-+
-+ The Gnome Keyring Library is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ Library General Public License for more details.
-+
-+ You should have received a copy of the GNU Library General Public
-+ License along with the Gnome Library; see the file COPYING.LIB. If not,
-+ write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
-+ Boston, MA 02111-1307, USA.
-+
-+ Author: Stef Walter <stef@collabora.co.uk>
-+*/
-+
-+#include "config.h"
-+
-+#include <stdlib.h>
-+#include <stdio.h>
-+#include <string.h>
-+
-+#include "egg-hkdf.h"
-+#include "egg-secure-memory.h"
-+#include "egg-testing.h"
-+
-+#include <gcrypt.h>
-+
-+EGG_SECURE_GLIB_DEFINITIONS ();
-+
-+static void
-+test_hkdf_test_case_1 (void)
-+{
-+ /* RFC 5869: A.1 Test Case 1 */
-+ const guchar ikm[] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
-+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
-+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b };
-+ const guchar salt[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-+ 0x08, 0x09, 0x0a, 0x0b, 0x0c };
-+ const guchar info[] = { 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
-+ 0xf8, 0xf9 };
-+ const guchar okm[] = { 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,
-+ 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,
-+ 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
-+ 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,
-+ 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
-+ 0x58, 0x65 };
-+ guchar buffer[sizeof (okm)];
-+ gboolean ret;
-+
-+ egg_assert_cmpsize (sizeof (ikm), ==, 22);
-+ egg_assert_cmpsize (sizeof (salt), ==, 13);
-+ egg_assert_cmpsize (sizeof (info), ==, 10);
-+ egg_assert_cmpsize (sizeof (okm), ==, 42);
-+
-+ memset (buffer, 0, sizeof (buffer));
-+ ret = egg_hkdf_perform ("sha256",
-+ ikm, sizeof (ikm),
-+ salt, sizeof (salt),
-+ info, sizeof (info),
-+ buffer, sizeof (buffer));
-+ g_assert (ret);
-+ egg_assert_cmpmem (buffer, sizeof (buffer), ==, okm, sizeof (okm));
-+}
-+
-+static void
-+test_hkdf_test_case_2 (void)
-+{
-+ /* RFC 5869: A.2 Test Case 2 */
-+ const guchar ikm[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
-+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
-+ 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-+ 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
-+ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-+ 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
-+ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
-+ 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f };
-+ const guchar salt[] = { 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
-+ 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
-+ 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
-+ 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
-+ 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
-+ 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
-+ 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
-+ 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
-+ 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
-+ 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf };
-+ const guchar info[] = { 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
-+ 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
-+ 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
-+ 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
-+ 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
-+ 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
-+ 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
-+ 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
-+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
-+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff };
-+ const guchar okm[] = { 0xb1, 0x1e, 0x39, 0x8d, 0xc8, 0x03, 0x27, 0xa1,
-+ 0xc8, 0xe7, 0xf7, 0x8c, 0x59, 0x6a, 0x49, 0x34,
-+ 0x4f, 0x01, 0x2e, 0xda, 0x2d, 0x4e, 0xfa, 0xd8,
-+ 0xa0, 0x50, 0xcc, 0x4c, 0x19, 0xaf, 0xa9, 0x7c,
-+ 0x59, 0x04, 0x5a, 0x99, 0xca, 0xc7, 0x82, 0x72,
-+ 0x71, 0xcb, 0x41, 0xc6, 0x5e, 0x59, 0x0e, 0x09,
-+ 0xda, 0x32, 0x75, 0x60, 0x0c, 0x2f, 0x09, 0xb8,
-+ 0x36, 0x77, 0x93, 0xa9, 0xac, 0xa3, 0xdb, 0x71,
-+ 0xcc, 0x30, 0xc5, 0x81, 0x79, 0xec, 0x3e, 0x87,
-+ 0xc1, 0x4c, 0x01, 0xd5, 0xc1, 0xf3, 0x43, 0x4f,
-+ 0x1d, 0x87 };
-+ guchar buffer[sizeof (okm)];
-+ gboolean ret;
-+
-+ egg_assert_cmpsize (sizeof (ikm), ==, 80);
-+ egg_assert_cmpsize (sizeof (salt), ==, 80);
-+ egg_assert_cmpsize (sizeof (info), ==, 80);
-+ egg_assert_cmpsize (sizeof (okm), ==, 82);
-+
-+ memset (buffer, 0, sizeof (buffer));
-+ ret = egg_hkdf_perform ("sha256",
-+ ikm, sizeof (ikm),
-+ salt, sizeof (salt),
-+ info, sizeof (info),
-+ buffer, sizeof (buffer));
-+ g_assert (ret);
-+ egg_assert_cmpmem (buffer, sizeof (buffer), ==, okm, sizeof (okm));
-+}
-+
-+static void
-+test_hkdf_test_case_3 (void)
-+{
-+ /* RFC 5869: A.3 Test Case 3 */
-+ const guchar ikm[] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
-+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
-+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,};
-+ const guchar salt[] = { };
-+ const guchar info[] = { };
-+ const guchar okm[] = { 0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f,
-+ 0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, 0x5a, 0x31,
-+ 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e,
-+ 0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d,
-+ 0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a,
-+ 0x96, 0xc8 };
-+ guchar buffer[sizeof (okm)];
-+ gboolean ret;
-+
-+ egg_assert_cmpsize (sizeof (ikm), ==, 22);
-+ egg_assert_cmpsize (sizeof (salt), ==, 0);
-+ egg_assert_cmpsize (sizeof (info), ==, 0);
-+ egg_assert_cmpsize (sizeof (okm), ==, 42);
-+
-+ memset (buffer, 0, sizeof (buffer));
-+ ret = egg_hkdf_perform ("sha256",
-+ ikm, sizeof (ikm),
-+ salt, sizeof (salt),
-+ info, sizeof (info),
-+ buffer, sizeof (buffer));
-+ g_assert (ret);
-+ egg_assert_cmpmem (buffer, sizeof (buffer), ==, okm, sizeof (okm));
-+}
-+
-+static void
-+test_hkdf_test_case_4 (void)
-+{
-+ /* RFC 5869: A.4 Test Case 4 */
-+ const guchar ikm[] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
-+ 0x0b, 0x0b, 0x0b };
-+ const guchar salt[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-+ 0x08, 0x09, 0x0a, 0x0b, 0x0c };
-+ const guchar info[] = { 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
-+ 0xf8, 0xf9 };
-+ const guchar okm[] = { 0x08, 0x5a, 0x01, 0xea, 0x1b, 0x10, 0xf3, 0x69,
-+ 0x33, 0x06, 0x8b, 0x56, 0xef, 0xa5, 0xad, 0x81,
-+ 0xa4, 0xf1, 0x4b, 0x82, 0x2f, 0x5b, 0x09, 0x15,
-+ 0x68, 0xa9, 0xcd, 0xd4, 0xf1, 0x55, 0xfd, 0xa2,
-+ 0xc2, 0x2e, 0x42, 0x24, 0x78, 0xd3, 0x05, 0xf3,
-+ 0xf8, 0x96 };
-+ guchar buffer[sizeof (okm)];
-+ gboolean ret;
-+
-+ egg_assert_cmpsize (sizeof (ikm), ==, 11);
-+ egg_assert_cmpsize (sizeof (salt), ==, 13);
-+ egg_assert_cmpsize (sizeof (info), ==, 10);
-+ egg_assert_cmpsize (sizeof (okm), ==, 42);
-+
-+ memset (buffer, 0, sizeof (buffer));
-+ ret = egg_hkdf_perform ("sha1",
-+ ikm, sizeof (ikm),
-+ salt, sizeof (salt),
-+ info, sizeof (info),
-+ buffer, sizeof (buffer));
-+ g_assert (ret);
-+ egg_assert_cmpmem (buffer, sizeof (buffer), ==, okm, sizeof (okm));
-+}
-+
-+static void
-+test_hkdf_test_case_5 (void)
-+{
-+ /* RFC 5869: A.5 Test Case 5 */
-+ const guchar ikm[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
-+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
-+ 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-+ 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
-+ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-+ 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
-+ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
-+ 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f };
-+ const guchar salt[] = { 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
-+ 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
-+ 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
-+ 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
-+ 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
-+ 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
-+ 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
-+ 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
-+ 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
-+ 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf };
-+ const guchar info[] = { 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
-+ 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
-+ 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
-+ 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
-+ 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
-+ 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
-+ 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
-+ 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
-+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
-+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff };
-+ const guchar okm[] = { 0x0b, 0xd7, 0x70, 0xa7, 0x4d, 0x11, 0x60, 0xf7,
-+ 0xc9, 0xf1, 0x2c, 0xd5, 0x91, 0x2a, 0x06, 0xeb,
-+ 0xff, 0x6a, 0xdc, 0xae, 0x89, 0x9d, 0x92, 0x19,
-+ 0x1f, 0xe4, 0x30, 0x56, 0x73, 0xba, 0x2f, 0xfe,
-+ 0x8f, 0xa3, 0xf1, 0xa4, 0xe5, 0xad, 0x79, 0xf3,
-+ 0xf3, 0x34, 0xb3, 0xb2, 0x02, 0xb2, 0x17, 0x3c,
-+ 0x48, 0x6e, 0xa3, 0x7c, 0xe3, 0xd3, 0x97, 0xed,
-+ 0x03, 0x4c, 0x7f, 0x9d, 0xfe, 0xb1, 0x5c, 0x5e,
-+ 0x92, 0x73, 0x36, 0xd0, 0x44, 0x1f, 0x4c, 0x43,
-+ 0x00, 0xe2, 0xcf, 0xf0, 0xd0, 0x90, 0x0b, 0x52,
-+ 0xd3, 0xb4 };
-+ guchar buffer[sizeof (okm)];
-+ gboolean ret;
-+
-+ egg_assert_cmpsize (sizeof (ikm), ==, 80);
-+ egg_assert_cmpsize (sizeof (salt), ==, 80);
-+ egg_assert_cmpsize (sizeof (info), ==, 80);
-+ egg_assert_cmpsize (sizeof (okm), ==, 82);
-+
-+ memset (buffer, 0, sizeof (buffer));
-+ ret = egg_hkdf_perform ("sha1",
-+ ikm, sizeof (ikm),
-+ salt, sizeof (salt),
-+ info, sizeof (info),
-+ buffer, sizeof (buffer));
-+ g_assert (ret);
-+ egg_assert_cmpmem (buffer, sizeof (buffer), ==, okm, sizeof (okm));
-+}
-+
-+static void
-+test_hkdf_test_case_6 (void)
-+{
-+ /* RFC 5869: A.6 Test Case 6 */
-+ const guchar ikm[] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
-+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
-+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b };
-+ const guchar salt[] = { };
-+ const guchar info[] = { };
-+ const guchar okm[] = { 0x0a, 0xc1, 0xaf, 0x70, 0x02, 0xb3, 0xd7, 0x61,
-+ 0xd1, 0xe5, 0x52, 0x98, 0xda, 0x9d, 0x05, 0x06,
-+ 0xb9, 0xae, 0x52, 0x05, 0x72, 0x20, 0xa3, 0x06,
-+ 0xe0, 0x7b, 0x6b, 0x87, 0xe8, 0xdf, 0x21, 0xd0,
-+ 0xea, 0x00, 0x03, 0x3d, 0xe0, 0x39, 0x84, 0xd3,
-+ 0x49, 0x18 };
-+ guchar buffer[sizeof (okm)];
-+ gboolean ret;
-+
-+ egg_assert_cmpsize (sizeof (ikm), ==, 22);
-+ egg_assert_cmpsize (sizeof (salt), ==, 0);
-+ egg_assert_cmpsize (sizeof (info), ==, 0);
-+ egg_assert_cmpsize (sizeof (okm), ==, 42);
-+
-+ memset (buffer, 0, sizeof (buffer));
-+ ret = egg_hkdf_perform ("sha1",
-+ ikm, sizeof (ikm),
-+ salt, sizeof (salt),
-+ info, sizeof (info),
-+ buffer, sizeof (buffer));
-+ g_assert (ret);
-+ egg_assert_cmpmem (buffer, sizeof (buffer), ==, okm, sizeof (okm));
-+}
-+
-+static void
-+test_hkdf_test_case_7 (void)
-+{
-+ /* RFC 5869: A.7 Test Case 7 */
-+ const guchar ikm[] = { 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
-+ 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
-+ 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c };
-+ const guchar *salt = NULL;
-+ const guchar info[] = { };
-+ const guchar okm[] = { 0x2c, 0x91, 0x11, 0x72, 0x04, 0xd7, 0x45, 0xf3,
-+ 0x50, 0x0d, 0x63, 0x6a, 0x62, 0xf6, 0x4f, 0x0a,
-+ 0xb3, 0xba, 0xe5, 0x48, 0xaa, 0x53, 0xd4, 0x23,
-+ 0xb0, 0xd1, 0xf2, 0x7e, 0xbb, 0xa6, 0xf5, 0xe5,
-+ 0x67, 0x3a, 0x08, 0x1d, 0x70, 0xcc, 0xe7, 0xac,
-+ 0xfc, 0x48 };
-+ guchar buffer[sizeof (okm)];
-+ gboolean ret;
-+
-+ egg_assert_cmpsize (sizeof (ikm), ==, 22);
-+ egg_assert_cmpsize (sizeof (info), ==, 0);
-+ egg_assert_cmpsize (sizeof (okm), ==, 42);
-+
-+ memset (buffer, 0, sizeof (buffer));
-+ ret = egg_hkdf_perform ("sha1",
-+ ikm, sizeof (ikm),
-+ salt, sizeof (salt),
-+ info, sizeof (info),
-+ buffer, sizeof (buffer));
-+ g_assert (ret);
-+ egg_assert_cmpmem (buffer, sizeof (buffer), ==, okm, sizeof (okm));
-+}
-+
-+int
-+main (int argc, char **argv)
-+{
-+ g_test_init (&argc, &argv, NULL);
-+
-+ g_test_add_func ("/hkdf/test-case-1", test_hkdf_test_case_1);
-+ g_test_add_func ("/hkdf/test-case-2", test_hkdf_test_case_2);
-+ g_test_add_func ("/hkdf/test-case-3", test_hkdf_test_case_3);
-+ g_test_add_func ("/hkdf/test-case-4", test_hkdf_test_case_4);
-+ g_test_add_func ("/hkdf/test-case-5", test_hkdf_test_case_5);
-+ g_test_add_func ("/hkdf/test-case-6", test_hkdf_test_case_6);
-+ g_test_add_func ("/hkdf/test-case-7", test_hkdf_test_case_7);
-+
-+ return g_test_run ();
-+}
-diff --git a/pkcs11/gkm/Makefile.am b/pkcs11/gkm/Makefile.am
-index 1d4516c..bf6a1c8 100644
---- a/pkcs11/gkm/Makefile.am
-+++ b/pkcs11/gkm/Makefile.am
-@@ -35,6 +35,8 @@ libgkm_la_SOURCES = \
- gkm-dsa-mechanism.c gkm-dsa-mechanism.h \
- gkm-factory.c gkm-factory.h \
- gkm-file-tracker.c gkm-file-tracker.h \
-+ gkm-generic-key.c gkm-generic-key.h \
-+ gkm-hkdf-mechanism.c gkm-hkdf-mechanism.h \
- gkm-manager.c gkm-manager.h \
- gkm-memory-store.c gkm-memory-store.h \
- gkm-mock.c gkm-mock.h \
-diff --git a/pkcs11/gkm/gkm-aes-key.c b/pkcs11/gkm/gkm-aes-key.c
-index d53e911..71f9e08 100644
---- a/pkcs11/gkm/gkm-aes-key.c
-+++ b/pkcs11/gkm/gkm-aes-key.c
-@@ -22,6 +22,7 @@
- #include "config.h"
-
- #include "pkcs11/pkcs11.h"
-+#include "pkcs11/pkcs11i.h"
-
- #include "gkm-aes-mechanism.h"
- #include "gkm-attributes.h"
-@@ -41,6 +42,11 @@ struct _GkmAesKey {
-
- G_DEFINE_TYPE (GkmAesKey, gkm_aes_key, GKM_TYPE_SECRET_KEY);
-
-+static const CK_MECHANISM_TYPE GKM_AES_MECHANISMS[] = {
-+ CKM_AES_CBC_PAD,
-+ CKM_G_HKDF_SHA256_DERIVE
-+};
-+
- /* -----------------------------------------------------------------------------
- * INTERNAL
- */
-@@ -139,7 +145,7 @@ factory_create_aes_key (GkmSession *session, GkmTransaction *transaction,
- */
-
- static CK_RV
--gkm_aes_key_real_get_attribute (GkmObject *base, GkmSession *session, CK_ATTRIBUTE *attr)
-+gkm_aes_key_get_attribute (GkmObject *base, GkmSession *session, CK_ATTRIBUTE *attr)
- {
- GkmAesKey *self = GKM_AES_KEY (base);
-
-@@ -148,6 +154,9 @@ gkm_aes_key_real_get_attribute (GkmObject *base, GkmSession *session, CK_ATTRIBU
- case CKA_KEY_TYPE:
- return gkm_attribute_set_ulong (attr, CKK_AES);
-
-+ case CKA_DERIVE:
-+ return gkm_attribute_set_bool (attr, CK_TRUE);
-+
- case CKA_UNWRAP:
- case CKA_WRAP:
- return gkm_attribute_set_bool (attr, CK_TRUE);
-@@ -169,6 +178,14 @@ gkm_aes_key_real_get_attribute (GkmObject *base, GkmSession *session, CK_ATTRIBU
- return GKM_OBJECT_CLASS (gkm_aes_key_parent_class)->get_attribute (base, session, attr);
- }
-
-+static gconstpointer
-+gkm_aes_key_get_key_value (GkmSecretKey *key, gsize *n_value)
-+{
-+ GkmAesKey *self = GKM_AES_KEY (key);
-+ *n_value = self->n_value;
-+ return self->value;
-+}
-+
- static void
- gkm_aes_key_init (GkmAesKey *self)
- {
-@@ -195,12 +212,15 @@ gkm_aes_key_class_init (GkmAesKeyClass *klass)
- {
- GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
- GkmObjectClass *gkm_class = GKM_OBJECT_CLASS (klass);
-+ GkmSecretKeyClass *key_class = GKM_SECRET_KEY_CLASS (klass);
-
- gkm_aes_key_parent_class = g_type_class_peek_parent (klass);
-
- gobject_class->finalize = gkm_aes_key_finalize;
-
-- gkm_class->get_attribute = gkm_aes_key_real_get_attribute;
-+ gkm_class->get_attribute = gkm_aes_key_get_attribute;
-+
-+ key_class->get_key_value = gkm_aes_key_get_key_value;
- }
-
- /* -----------------------------------------------------------------------------
-diff --git a/pkcs11/gkm/gkm-aes-mechanism.h b/pkcs11/gkm/gkm-aes-mechanism.h
-index a473d4b..d62d7c0 100644
---- a/pkcs11/gkm/gkm-aes-mechanism.h
-+++ b/pkcs11/gkm/gkm-aes-mechanism.h
-@@ -31,10 +31,6 @@
- #define GKM_AES_MECHANISM_MIN_LENGTH 16
- #define GKM_AES_MECHANISM_MAX_LENGTH 32
-
--static const CK_MECHANISM_TYPE GKM_AES_MECHANISMS[] = {
-- CKM_AES_CBC_PAD
--};
--
- CK_RV gkm_aes_mechanism_wrap (GkmSession *session,
- CK_MECHANISM_PTR mech,
- GkmObject *wrapper,
-diff --git a/pkcs11/gkm/gkm-crypto.c b/pkcs11/gkm/gkm-crypto.c
-index 9662612..65336ff 100644
---- a/pkcs11/gkm/gkm-crypto.c
-+++ b/pkcs11/gkm/gkm-crypto.c
-@@ -25,6 +25,7 @@
- #include "gkm-aes-mechanism.h"
- #include "gkm-dh-mechanism.h"
- #include "gkm-dsa-mechanism.h"
-+#include "gkm-hkdf-mechanism.h"
- #include "gkm-null-mechanism.h"
- #include "gkm-rsa-mechanism.h"
- #include "gkm-session.h"
-@@ -430,6 +431,9 @@ gkm_crypto_derive_key (GkmSession *session, CK_MECHANISM_PTR mech, GkmObject *ba
- case CKM_DH_PKCS_DERIVE:
- return gkm_dh_mechanism_derive (session, mech, base, attrs,
- n_attrs, derived);
-+ case CKM_G_HKDF_SHA256_DERIVE:
-+ return gkm_hkdf_mechanism_derive (session, "sha256", mech, base,
-+ attrs, n_attrs, derived);
- default:
- return CKR_MECHANISM_INVALID;
- }
-diff --git a/pkcs11/gkm/gkm-dh-mechanism.c b/pkcs11/gkm/gkm-dh-mechanism.c
-index 5b29ac3..446defb 100644
---- a/pkcs11/gkm/gkm-dh-mechanism.c
-+++ b/pkcs11/gkm/gkm-dh-mechanism.c
-@@ -209,8 +209,9 @@ gkm_dh_mechanism_derive (GkmSession *session, CK_MECHANISM_PTR mech, GkmObject *
- gcry_error_t gcry;
- CK_ATTRIBUTE attr;
- GArray *array;
-+ gsize n_actual = 0;
- CK_ULONG n_value = 0;
-- gpointer value;
-+ guchar *value;
- GkmTransaction *transaction;
- CK_KEY_TYPE type;
-
-@@ -239,7 +240,7 @@ gkm_dh_mechanism_derive (GkmSession *session, CK_MECHANISM_PTR mech, GkmObject *
- if (n_value == 0)
- n_value = (gcry_mpi_get_nbits (prime) + 7) / 8;
-
-- value = egg_dh_gen_secret (peer, priv, prime, n_value);
-+ value = egg_dh_gen_secret (peer, priv, prime, &n_actual);
- gcry_mpi_release (peer);
-
- if (value == NULL)
-@@ -250,8 +251,24 @@ gkm_dh_mechanism_derive (GkmSession *session, CK_MECHANISM_PTR mech, GkmObject *
-
- /* Prepend the value */
- attr.type = CKA_VALUE;
-- attr.pValue = value;
- attr.ulValueLen = n_value;
-+
-+ /* Is it too long, move to the front and truncate */
-+ if (n_actual > n_value) {
-+ attr.pValue = value + (n_actual - n_value);
-+
-+ /* If it's too short, expand with zeros */
-+ } else if (n_actual < n_value) {
-+ value = egg_secure_realloc (value, n_value);
-+ memmove (value + (n_value - n_actual), value, n_actual);
-+ memset (value, 0, (n_value - n_actual));
-+ attr.pValue = value;
-+
-+ /* It's just right */
-+ } else {
-+ attr.pValue = value;
-+ }
-+
- g_array_append_val (array, attr);
-
- /* Add the remainder of the attributes */
-diff --git a/pkcs11/gkm/gkm-generic-key.c b/pkcs11/gkm/gkm-generic-key.c
-new file mode 100644
-index 0000000..834f152
---- a/dev/null
-+++ b/pkcs11/gkm/gkm-generic-key.c
-@@ -0,0 +1,215 @@
-+/*
-+ * gnome-keyring
-+ *
-+ * Copyright (C) 2011 Collabora Ltd.
-+ *
-+ * This program is free software; you can redistribute it and/or modify
-+ * it under the terms of the GNU Lesser General Public License as
-+ * published by the Free Software Foundation; either version 2.1 of
-+ * the License, or (at your option) any later version.
-+ *
-+ * This program is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ * Lesser General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General Public
-+ * License along with this program; if not, write to the Free Software
-+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
-+ * 02111-1307, USA.
-+ *
-+ * Author: Stef Walter <stefw@collabora.co.uk>
-+ */
-+
-+#include "config.h"
-+
-+#include "pkcs11/pkcs11.h"
-+#include "pkcs11/pkcs11i.h"
-+
-+#include "gkm-attributes.h"
-+#include "gkm-generic-key.h"
-+#include "gkm-session.h"
-+#include "gkm-transaction.h"
-+#include "gkm-util.h"
-+
-+#include "egg/egg-secure-memory.h"
-+
-+struct _GkmGenericKey {
-+ GkmSecretKey parent;
-+ gpointer value;
-+ gsize n_value;
-+};
-+
-+G_DEFINE_TYPE (GkmGenericKey, gkm_generic_key, GKM_TYPE_SECRET_KEY);
-+
-+static const CK_MECHANISM_TYPE GKM_GENERIC_MECHANISMS[] = {
-+ CKM_G_HKDF_SHA256_DERIVE
-+};
-+
-+/* -----------------------------------------------------------------------------
-+ * INTERNAL
-+ */
-+
-+static CK_RV
-+attribute_set_check_value (GkmGenericKey *self, CK_ATTRIBUTE *attr)
-+{
-+ guchar buffer[20];
-+
-+ g_assert (GKM_IS_GENERIC_KEY (self));
-+ g_assert (attr);
-+
-+ /* Just asking for the length */
-+ if (!attr->pValue) {
-+ attr->ulValueLen = 3;
-+ return CKR_OK;
-+ }
-+
-+ /* Just the a sha1 of the value */
-+ gcry_md_hash_buffer (GCRY_MD_SHA1, buffer, self->value, self->n_value);
-+
-+ /* Use the first three bytes */
-+ return gkm_attribute_set_data (attr, buffer, 3);
-+}
-+
-+static GkmObject*
-+factory_create_generic_key (GkmSession *session, GkmTransaction *transaction,
-+ CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs)
-+{
-+ GkmGenericKey *key;
-+ GkmManager *manager;
-+ CK_ATTRIBUTE_PTR value;
-+
-+ value = gkm_attributes_find (attrs, n_attrs, CKA_VALUE);
-+ if (value == NULL) {
-+ gkm_transaction_fail (transaction, CKR_TEMPLATE_INCOMPLETE);
-+ return NULL;
-+ }
-+
-+ if (gkm_attributes_find (attrs, n_attrs, CKA_VALUE_LEN)) {
-+ gkm_transaction_fail (transaction, CKR_TEMPLATE_INCONSISTENT);
-+ return NULL;
-+ }
-+
-+ manager = gkm_manager_for_template (attrs, n_attrs, session);
-+ key = g_object_new (GKM_TYPE_GENERIC_KEY,
-+ "module", gkm_session_get_module (session),
-+ "manager", manager,
-+ NULL);
-+
-+ key->value = egg_secure_alloc (value->ulValueLen);
-+ key->n_value = value->ulValueLen;
-+ memcpy (key->value, value->pValue, key->n_value);
-+
-+ gkm_attribute_consume (value);
-+
-+ gkm_session_complete_object_creation (session, transaction, GKM_OBJECT (key),
-+ TRUE, attrs, n_attrs);
-+ return GKM_OBJECT (key);
-+}
-+
-+/* -----------------------------------------------------------------------------
-+ * OBJECT
-+ */
-+
-+static CK_RV
-+gkm_generic_key_get_attribute (GkmObject *base, GkmSession *session, CK_ATTRIBUTE *attr)
-+{
-+ GkmGenericKey *self = GKM_GENERIC_KEY (base);
-+
-+ switch (attr->type)
-+ {
-+ case CKA_KEY_TYPE:
-+ return gkm_attribute_set_ulong (attr, CKK_GENERIC_SECRET);
-+
-+ case CKA_DERIVE:
-+ return gkm_attribute_set_bool (attr, CK_TRUE);
-+
-+ case CKA_UNWRAP:
-+ case CKA_WRAP:
-+ return gkm_attribute_set_bool (attr, CK_FALSE);
-+
-+ case CKA_VALUE:
-+ return gkm_attribute_set_data (attr, self->value, self->n_value);
-+
-+ case CKA_VALUE_LEN:
-+ return gkm_attribute_set_ulong (attr, self->n_value);
-+
-+ case CKA_CHECK_VALUE:
-+ return attribute_set_check_value (self, attr);
-+
-+ case CKA_ALLOWED_MECHANISMS:
-+ return gkm_attribute_set_data (attr, (CK_VOID_PTR)GKM_GENERIC_MECHANISMS,
-+ sizeof (GKM_GENERIC_MECHANISMS));
-+ };
-+
-+ return GKM_OBJECT_CLASS (gkm_generic_key_parent_class)->get_attribute (base, session, attr);
-+}
-+
-+static gconstpointer
-+gkm_generic_key_get_key_value (GkmSecretKey *key, gsize *n_value)
-+{
-+ GkmGenericKey *self = GKM_GENERIC_KEY (key);
-+ *n_value = self->n_value;
-+ return self->value;
-+}
-+
-+static void
-+gkm_generic_key_init (GkmGenericKey *self)
-+{
-+
-+}
-+
-+static void
-+gkm_generic_key_finalize (GObject *obj)
-+{
-+ GkmGenericKey *self = GKM_GENERIC_KEY (obj);
-+
-+ if (self->value) {
-+ egg_secure_clear (self->value, self->n_value);
-+ egg_secure_free (self->value);
-+ self->value = NULL;
-+ self->n_value = 0;
-+ }
-+
-+ G_OBJECT_CLASS (gkm_generic_key_parent_class)->finalize (obj);
-+}
-+
-+static void
-+gkm_generic_key_class_init (GkmGenericKeyClass *klass)
-+{
-+ GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
-+ GkmObjectClass *gkm_class = GKM_OBJECT_CLASS (klass);
-+ GkmSecretKeyClass *key_class = GKM_SECRET_KEY_CLASS (klass);
-+
-+ gkm_generic_key_parent_class = g_type_class_peek_parent (klass);
-+
-+ gobject_class->finalize = gkm_generic_key_finalize;
-+
-+ gkm_class->get_attribute = gkm_generic_key_get_attribute;
-+
-+ key_class->get_key_value = gkm_generic_key_get_key_value;
-+}
-+
-+/* -----------------------------------------------------------------------------
-+ * PUBLIC
-+ */
-+
-+GkmFactory*
-+gkm_generic_key_get_factory (void)
-+{
-+ static CK_OBJECT_CLASS klass = CKO_SECRET_KEY;
-+ static CK_KEY_TYPE type = CKK_GENERIC_SECRET;
-+
-+ static CK_ATTRIBUTE attributes[] = {
-+ { CKA_CLASS, &klass, sizeof (klass) },
-+ { CKA_KEY_TYPE, &type, sizeof (type) }
-+ };
-+
-+ static GkmFactory factory = {
-+ attributes,
-+ G_N_ELEMENTS (attributes),
-+ factory_create_generic_key
-+ };
-+
-+ return &factory;
-+}
-diff --git a/pkcs11/gkm/gkm-generic-key.h b/pkcs11/gkm/gkm-generic-key.h
-new file mode 100644
-index 0000000..6b4ee0b
---- a/dev/null
-+++ b/pkcs11/gkm/gkm-generic-key.h
-@@ -0,0 +1,52 @@
-+/*
-+ * gnome-keyring
-+ *
-+ * Copyright (C) 2011 Collabora Ltd.
-+ *
-+ * This program is free software; you can redistribute it and/or modify
-+ * it under the terms of the GNU Lesser General Public License as
-+ * published by the Free Software Foundation; either version 2.1 of
-+ * the License, or (at your option) any later version.
-+ *
-+ * This program is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ * Lesser General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General Public
-+ * License along with this program; if not, write to the Free Software
-+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
-+ * 02111-1307, USA.
-+ *
-+ * Author: Stef Walter <stefw@collabora.co.uk>
-+ */
-+
-+#ifndef __GKM_GENERIC_KEY_H__
-+#define __GKM_GENERIC_KEY_H__
-+
-+#include <glib-object.h>
-+
-+#include "gkm-secret-key.h"
-+#include "gkm-types.h"
-+
-+#define GKM_FACTORY_GENERIC_KEY (gkm_generic_key_get_factory ())
-+
-+#define GKM_TYPE_GENERIC_KEY (gkm_generic_key_get_type ())
-+#define GKM_GENERIC_KEY(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), GKM_TYPE_GENERIC_KEY, GkmGenericKey))
-+#define GKM_GENERIC_KEY_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), GKM_TYPE_GENERIC_KEY, GkmGenericKeyClass))
-+#define GKM_IS_GENERIC_KEY(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), GKM_TYPE_GENERIC_KEY))
-+#define GKM_IS_GENERIC_KEY_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), GKM_TYPE_GENERIC_KEY))
-+#define GKM_GENERIC_KEY_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), GKM_TYPE_GENERIC_KEY, GkmGenericKeyClass))
-+
-+typedef struct _GkmGenericKeyClass GkmGenericKeyClass;
-+typedef struct _GkmGenericKeyPrivate GkmGenericKeyPrivate;
-+
-+struct _GkmGenericKeyClass {
-+ GkmSecretKeyClass parent_class;
-+};
-+
-+GType gkm_generic_key_get_type (void);
-+
-+GkmFactory* gkm_generic_key_get_factory (void);
-+
-+#endif /* __GKM_GENERIC_KEY_H__ */
-diff --git a/pkcs11/gkm/gkm-hkdf-mechanism.c b/pkcs11/gkm/gkm-hkdf-mechanism.c
-new file mode 100644
-index 0000000..bbca94f
---- a/dev/null
-+++ b/pkcs11/gkm/gkm-hkdf-mechanism.c
-@@ -0,0 +1,96 @@
-+/*
-+ * gnome-keyring
-+ *
-+ * Copyright (C) 2008 Stefan Walter
-+ *
-+ * This program is free software; you can redistribute it and/or modify
-+ * it under the terms of the GNU Lesser General License as
-+ * published by the Free Software Foundation; either version 2.1 of
-+ * the License, or (at your option) any later version.
-+ *
-+ * This program is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ * Lesser General License for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General
-+ * License along with this program; if not, write to the Free Software
-+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
-+ * 02111-1307, USA.
-+ */
-+
-+#include "config.h"
-+
-+#include "gkm-attributes.h"
-+#include "gkm-crypto.h"
-+#include "gkm-hkdf-mechanism.h"
-+#include "gkm-secret-key.h"
-+#include "gkm-session.h"
-+#include "gkm-transaction.h"
-+
-+#include "egg/egg-hkdf.h"
-+#include "egg/egg-libgcrypt.h"
-+#include "egg/egg-secure-memory.h"
-+
-+CK_RV
-+gkm_hkdf_mechanism_derive (GkmSession *session, const char *algo,
-+ CK_MECHANISM_PTR mech, GkmObject *base,
-+ CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs,
-+ GkmObject **derived)
-+{
-+ CK_ATTRIBUTE attr;
-+ GArray *array;
-+ gconstpointer value;
-+ gpointer output;
-+ gsize n_value;
-+ CK_ULONG n_output = 0;
-+ GkmTransaction *transaction;
-+ CK_KEY_TYPE type;
-+
-+ g_return_val_if_fail (GKM_IS_SECRET_KEY (base), CKR_GENERAL_ERROR);
-+
-+ /* Get the value of the original key */
-+ value = gkm_secret_key_get_key_value (GKM_SECRET_KEY (base), &n_value);
-+ g_return_val_if_fail (value, CKR_GENERAL_ERROR);
-+
-+ /* What length should we truncate to? */
-+ if (!gkm_attributes_find_ulong (attrs, n_attrs, CKA_VALUE_LEN, &n_output)) {
-+ if (gkm_attributes_find_ulong (attrs, n_attrs, CKA_KEY_TYPE, &type))
-+ n_output = gkm_crypto_secret_key_length (type);
-+ }
-+
-+ /* Default to input length */
-+ if (n_output == 0)
-+ n_output = n_value;
-+
-+ output = egg_secure_alloc (n_output);
-+ if (!egg_hkdf_perform ("sha256", value, n_value, mech->pParameter,
-+ mech->ulParameterLen, NULL, 0, output, n_output)) {
-+ egg_secure_free (output);
-+ return CKR_FUNCTION_FAILED;
-+ }
-+
-+ /* Now setup the attributes with our new value */
-+ array = g_array_new (FALSE, FALSE, sizeof (CK_ATTRIBUTE));
-+
-+ /* Prepend the value */
-+ attr.type = CKA_VALUE;
-+ attr.pValue = output;
-+ attr.ulValueLen = n_output;
-+
-+ g_array_append_val (array, attr);
-+
-+ /* Add the remainder of the attributes */
-+ g_array_append_vals (array, attrs, n_attrs);
-+
-+ transaction = gkm_transaction_new ();
-+
-+ /* Now create an object with these attributes */
-+ *derived = gkm_session_create_object_for_attributes (session, transaction,
-+ (CK_ATTRIBUTE_PTR)array->data, array->len);
-+
-+ egg_secure_free (output);
-+ g_array_free (array, TRUE);
-+
-+ return gkm_transaction_complete_and_unref (transaction);
-+}
-diff --git a/pkcs11/gkm/gkm-hkdf-mechanism.h b/pkcs11/gkm/gkm-hkdf-mechanism.h
-new file mode 100644
-index 0000000..fc7ffaa
---- a/dev/null
-+++ b/pkcs11/gkm/gkm-hkdf-mechanism.h
-@@ -0,0 +1,46 @@
-+/*
-+ * gnome-keyring
-+ *
-+ * Copyright (C) 2011 Collabora Ltd.
-+ *
-+ * This program is free software; you can redistribute it and/or modify
-+ * it under the terms of the GNU Lesser General License as
-+ * published by the Free Software Foundation; either version 2.1 of
-+ * the License, or (at your option) any later version.
-+ *
-+ * This program is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ * Lesser General License for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General
-+ * License along with this program; if not, write to the Free Software
-+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
-+ * 02111-1307, USA.
-+ *
-+ * Author: Stef Walter <stefw@collabora.co.uk>
-+ */
-+
-+#ifndef GKM_HKDF_MECHANISM_H_
-+#define GKM_HKDF_MECHANISM_H_
-+
-+#include "gkm-types.h"
-+
-+#include "pkcs11/pkcs11.h"
-+#include "pkcs11/pkcs11i.h"
-+
-+#include <glib.h>
-+
-+static const CK_MECHANISM_TYPE GKM_HKDF_MECHANISMS[] = {
-+ CKM_G_HKDF_SHA256_DERIVE
-+};
-+
-+CK_RV gkm_hkdf_mechanism_derive (GkmSession *session,
-+ const gchar *algo,
-+ CK_MECHANISM_PTR mech,
-+ GkmObject *base,
-+ CK_ATTRIBUTE_PTR attrs,
-+ CK_ULONG n_attrs,
-+ GkmObject **derived);
-+
-+#endif /* GKM_HKDF_MECHANISM_H_ */
-diff --git a/pkcs11/gkm/gkm-module.c b/pkcs11/gkm/gkm-module.c
-index bcc5ee6..eecda2f 100644
---- a/pkcs11/gkm/gkm-module.c
-+++ b/pkcs11/gkm/gkm-module.c
-@@ -30,6 +30,7 @@
- #include "gkm-certificate.h"
- #include "gkm-credential.h"
- #include "gkm-factory.h"
-+#include "gkm-generic-key.h"
- #include "gkm-manager.h"
- #include "gkm-memory-store.h"
- #include "gkm-module.h"
-@@ -160,9 +161,15 @@ static const MechanismAndInfo mechanism_list[] = {
-
- /*
- * CKM_DH_PKCS_DERIVE
-- * For DH derivation the min and max are sizes of prime in bits.
-+ * For DH derivation the min and max are sizes of output key in bytes.
-+ */
-+ { CKM_DH_PKCS_DERIVE, { 1, 255, CKF_DERIVE } },
-+
-+ /*
-+ * CKM_G_HKDF_DERIVE
-+ * For HKDF derivation the min and max are sizes of prime in bits.
- */
-- { CKM_DH_PKCS_DERIVE, { 768, 8192, CKF_DERIVE } },
-+ { CKM_G_HKDF_SHA256_DERIVE, { 768, 8192, CKF_DERIVE } },
-
- /*
- * CKM_AES_CBC_PAD
-@@ -598,6 +605,7 @@ gkm_module_init (GkmModule *self)
- gkm_module_register_factory (self, GKM_FACTORY_AES_KEY);
- gkm_module_register_factory (self, GKM_FACTORY_CERTIFICATE);
- gkm_module_register_factory (self, GKM_FACTORY_CREDENTIAL);
-+ gkm_module_register_factory (self, GKM_FACTORY_GENERIC_KEY);
- gkm_module_register_factory (self, GKM_FACTORY_NULL_KEY);
- gkm_module_register_factory (self, GKM_FACTORY_DH_PRIVATE_KEY);
- gkm_module_register_factory (self, GKM_FACTORY_PRIVATE_XSA_KEY);
-diff --git a/pkcs11/gkm/gkm-secret-key.c b/pkcs11/gkm/gkm-secret-key.c
-index dd46563..72493ff 100644
---- a/pkcs11/gkm/gkm-secret-key.c
-+++ b/pkcs11/gkm/gkm-secret-key.c
-@@ -157,3 +157,14 @@ gkm_secret_key_class_init (GkmSecretKeyClass *klass)
- /* -----------------------------------------------------------------------------
- * PUBLIC
- */
-+
-+gconstpointer
-+gkm_secret_key_get_key_value (GkmSecretKey *self, gsize *n_value)
-+{
-+ g_return_val_if_fail (GKM_IS_SECRET_KEY (self), NULL);
-+ g_return_val_if_fail (n_value, NULL);
-+
-+ /* Check with the derived class */
-+ g_return_val_if_fail (GKM_SECRET_KEY_GET_CLASS (self)->get_key_value, NULL);
-+ return GKM_SECRET_KEY_GET_CLASS (self)->get_key_value (self, n_value);
-+}
-diff --git a/pkcs11/gkm/gkm-secret-key.h b/pkcs11/gkm/gkm-secret-key.h
-index 4a1d325..865c3f2 100644
---- a/pkcs11/gkm/gkm-secret-key.h
-+++ b/pkcs11/gkm/gkm-secret-key.h
-@@ -44,8 +44,15 @@ struct _GkmSecretKey {
-
- struct _GkmSecretKeyClass {
- GkmObjectClass parent_class;
-+
-+ /* virtual methods --------------------------------------------------------- */
-+
-+ gconstpointer (*get_key_value) (GkmSecretKey *key, gsize *n_value);
- };
-
- GType gkm_secret_key_get_type (void);
-
-+gconstpointer gkm_secret_key_get_key_value (GkmSecretKey *self,
-+ gsize *n_value);
-+
- #endif /* __GKM_SECRET_KEY_H__ */
-diff --git a/pkcs11/gkm/gkm-types.h b/pkcs11/gkm/gkm-types.h
-index 4ed1c4c..d64b92e 100644
---- a/pkcs11/gkm/gkm-types.h
-+++ b/pkcs11/gkm/gkm-types.h
-@@ -31,6 +31,7 @@ typedef struct _GkmDhKey GkmDhKey;
- typedef struct _GkmDhPrivateKey GkmDhPrivateKey;
- typedef struct _GkmDhPublicKey GkmDhPublicKey;
- typedef struct _GkmFactory GkmFactory;
-+typedef struct _GkmGenericKey GkmGenericKey;
- typedef struct _GkmManager GkmManager;
- typedef struct _GkmModule GkmModule;
- typedef struct _GkmNullKey GkmNullKey;
-diff --git a/pkcs11/pkcs11i.h b/pkcs11/pkcs11i.h
-index e85e6cf..11a390c 100644
---- a/pkcs11/pkcs11i.h
-+++ b/pkcs11/pkcs11i.h
-@@ -112,6 +112,8 @@ typedef CK_G_APPLICATION* CK_G_APPLICATION_PTR;
- /* Used for wrapping and unwrapping as null */
- #define CKM_G_NULL (CKM_GNOME + 100)
-
-+#define CKM_G_HKDF_SHA256_DERIVE (CKM_GNOME + 101)
-+
- #define CKK_G_NULL (CKK_GNOME + 100)
-
- /* -------------------------------------------------------------------
-diff --git a/ui/gku-prompt-tool.c b/ui/gku-prompt-tool.c
-index 51dc42d..cc9e385 100644
---- a/ui/gku-prompt-tool.c
-+++ b/ui/gku-prompt-tool.c
-@@ -28,6 +28,7 @@
- #include "egg/egg-entry-buffer.h"
- #include "egg/egg-error.h"
- #include "egg/egg-hex.h"
-+#include "egg/egg-hkdf.h"
- #include "egg/egg-libgcrypt.h"
- #include "egg/egg-secure-memory.h"
-
-@@ -693,6 +694,8 @@ negotiate_transport_crypto (void)
- gcry_mpi_t base, prime, peer;
- gcry_mpi_t key, pub, priv;
- gboolean ret = FALSE;
-+ gpointer ikm;
-+ gsize n_ikm;
-
- g_assert (!the_key);
- base = prime = peer = NULL;
-@@ -709,9 +712,14 @@ negotiate_transport_crypto (void)
- gku_prompt_util_encode_mpi (output_data, "transport", "public", pub);
-
- /* Build up a key we can use */
-- n_the_key = 16;
-- the_key = egg_dh_gen_secret (peer, priv, prime, n_the_key);
-- ret = (the_key != NULL);
-+ ikm = egg_dh_gen_secret (peer, priv, prime, &n_ikm);
-+ if (ikm != NULL) {
-+ n_the_key = 16;
-+ the_key = egg_secure_alloc (n_the_key);
-+ if (!egg_hkdf_perform ("sha256", ikm, n_ikm, NULL, 0, NULL, 0, the_key, n_the_key))
-+ g_return_val_if_reached (FALSE);
-+ ret = TRUE;
-+ }
- }
- }
-
-diff --git a/ui/gku-prompt.c b/ui/gku-prompt.c
-index 167f219..02acdbf 100644
---- a/ui/gku-prompt.c
-+++ b/ui/gku-prompt.c
-@@ -29,6 +29,7 @@
- #include "egg/egg-dh.h"
- #include "egg/egg-error.h"
- #include "egg/egg-hex.h"
-+#include "egg/egg-hkdf.h"
- #include "egg/egg-libgcrypt.h"
- #include "egg/egg-secure-memory.h"
- #include "egg/egg-spawn.h"
-@@ -333,7 +334,8 @@ static gconstpointer
- calculate_transport_key (GkuPrompt *self, gsize *n_key)
- {
- gcry_mpi_t peer;
-- gpointer value;
-+ gpointer ikm, key;
-+ gsize n_ikm;
-
- g_assert (self->pv->output);
- g_assert (n_key);
-@@ -348,16 +350,21 @@ calculate_transport_key (GkuPrompt *self, gsize *n_key)
- if (!gku_prompt_util_decode_mpi (self->pv->output, "transport", "public", &peer))
- return NULL;
-
-- value = egg_dh_gen_secret (peer, self->pv->transport->private,
-- self->pv->transport->prime, 16);
-+ ikm = egg_dh_gen_secret (peer, self->pv->transport->private,
-+ self->pv->transport->prime, &n_ikm);
-
- gcry_mpi_release (peer);
-
-- if (!value)
-+ if (!ikm)
- return NULL;
-
-+ key = egg_secure_alloc (16);
-+ if (!egg_hkdf_perform ("sha256", ikm, n_ikm, NULL, 0, NULL, 0, key, 16))
-+ g_return_val_if_reached (NULL);
-+
-+ egg_secure_free (ikm);
- egg_secure_free (self->pv->transport->key);
-- self->pv->transport->key = value;
-+ self->pv->transport->key = key;
- self->pv->transport->n_key = 16;
- }
-
---
-cgit v0.8.3.4
diff --git a/gnome-base/gnome-keyring/files/gnome-keyring-trunk-6.patch b/gnome-base/gnome-keyring/files/gnome-keyring-trunk-6.patch
deleted file mode 100644
index bc12839..0000000
--- a/gnome-base/gnome-keyring/files/gnome-keyring-trunk-6.patch
+++ /dev/null
@@ -1,42 +0,0 @@
---- /dev/null
-+++ egg/egg-hkdf.h
-@@ -0,0 +1,39 @@
-+/*
-+ * gnome-keyring
-+ *
-+ * Copyright (C) 2011 Collabora Ltd.
-+ *
-+ * This program is free software; you can redistribute it and/or modify
-+ * it under the terms of the GNU Lesser General License as
-+ * published by the Free Software Foundation; either version 2.1 of
-+ * the License, or (at your option) any later version.
-+ *
-+ * This program is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ * Lesser General License for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General
-+ * License along with this program; if not, write to the Free Software
-+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
-+ * 02111-1307, USA.
-+ *
-+ * Author: Stef Walter <stefw@collabora.co.uk>
-+ */
-+
-+#ifndef EGG_HKDF_H_
-+#define EGG_HKDF_H_
-+
-+#include <glib.h>
-+
-+gboolean egg_hkdf_perform (const gchar *hash_algo,
-+ gconstpointer input,
-+ gsize n_input,
-+ gconstpointer salt,
-+ gsize n_salt,
-+ gconstpointer info,
-+ gsize n_info,
-+ gpointer output,
-+ gsize n_output);
-+
-+#endif /* EGG_HKDF_H_ */
diff --git a/gnome-base/gnome-keyring/gnome-keyring-2.91.91-r300.ebuild b/gnome-base/gnome-keyring/gnome-keyring-2.91.92-r300.ebuild
similarity index 94%
rename from gnome-base/gnome-keyring/gnome-keyring-2.91.91-r300.ebuild
rename to gnome-base/gnome-keyring/gnome-keyring-2.91.92-r300.ebuild
index 75fe44a..89455dd 100644
--- a/gnome-base/gnome-keyring/gnome-keyring-2.91.91-r300.ebuild
+++ b/gnome-base/gnome-keyring/gnome-keyring-2.91.92-r300.ebuild
@@ -6,7 +6,7 @@ EAPI="3"
GCONF_DEBUG="yes"
GNOME2_LA_PUNT="yes"
-inherit autotools gnome2 multilib pam virtualx
+inherit gnome2 multilib pam virtualx
DESCRIPTION="Password and keyring managing daemon"
HOMEPAGE="http://www.gnome.org/"
@@ -77,12 +77,6 @@ src_prepare() {
sed -e '/-D[A-Z_]*DISABLE_DEPRECATED/d' \
-i configure.in configure || die "sed 2 failed"
- for i in 1 2 3 4 5 6; do
- epatch "${FILESDIR}/${PN}-trunk-$i.patch"
- done
-
- eautoreconf
-
gnome2_src_prepare
}
diff --git a/gnome-base/gnome-keyring/gnome-keyring-2.91.91.ebuild b/gnome-base/gnome-keyring/gnome-keyring-2.91.92.ebuild
similarity index 95%
rename from gnome-base/gnome-keyring/gnome-keyring-2.91.91.ebuild
rename to gnome-base/gnome-keyring/gnome-keyring-2.91.92.ebuild
index e719061..1bf07c7 100644
--- a/gnome-base/gnome-keyring/gnome-keyring-2.91.91.ebuild
+++ b/gnome-base/gnome-keyring/gnome-keyring-2.91.92.ebuild
@@ -74,12 +74,6 @@ src_prepare() {
sed -e '/-D[A-Z_]*DISABLE_DEPRECATED/d' \
-i configure.in configure || die "sed 2 failed"
- for i in 1 2 3 4 5 6; do
- epatch "${FILESDIR}/${PN}-trunk-$i.patch"
- done
-
- eautoreconf
-
gnome2_src_prepare
}
diff --git a/gnome-base/libgnome-keyring/libgnome-keyring-2.91.92.ebuild b/gnome-base/libgnome-keyring/libgnome-keyring-2.91.92.ebuild
new file mode 100644
index 0000000..91b0075
--- /dev/null
+++ b/gnome-base/libgnome-keyring/libgnome-keyring-2.91.92.ebuild
@@ -0,0 +1,50 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/gnome-base/libgnome-keyring/libgnome-keyring-2.32.0.ebuild,v 1.5 2011/02/24 19:18:29 tomka Exp $
+
+EAPI="3"
+GCONF_DEBUG="yes"
+
+inherit gnome2
+
+DESCRIPTION="Compatibility library for accessing secrets"
+HOMEPAGE="http://live.gnome.org/GnomeKeyring"
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~sh ~sparc ~x86 ~amd64-linux"
+IUSE="debug doc test"
+
+RDEPEND=">=sys-apps/dbus-1.0
+ gnome-base/gconf
+ >=gnome-base/gnome-keyring-2.29[test?]
+ !<gnome-base/gnome-keyring-2.29"
+DEPEND="${RDEPEND}
+ sys-devel/gettext
+ >=dev-util/intltool-0.35
+ >=dev-util/pkgconfig-0.9
+ doc? ( >=dev-util/gtk-doc-1.9 )"
+
+pkg_setup() {
+ G2CONF="${G2CONF}
+ $(use_enable debug)
+ $(use_enable test tests)"
+ DOCS="AUTHORS ChangeLog NEWS README"
+}
+
+src_prepare() {
+ gnome2_src_prepare
+
+ # Remove silly CFLAGS
+ sed 's:CFLAGS="$CFLAGS -Werror:CFLAGS="$CFLAGS:' \
+ -i configure.in configure || die "sed failed"
+
+ # Remove DISABLE_DEPRECATED flags
+ sed -e '/-D[A-Z_]*DISABLE_DEPRECATED/d' \
+ -i configure.in configure || die "sed 2 failed"
+}
+
+src_test() {
+ unset DBUS_SESSION_BUS_ADDRESS
+ emake check || die "tests failed"
+}
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2011-03-10 15:41 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-03-10 15:41 [gentoo-commits] proj/gnome:master commit in: gnome-base/gnome-keyring/, gnome-base/libgnome-keyring/, Nirbheek Chauhan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox