summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorrelyea%netscape.com <devnull@localhost>2003-11-14 03:25:52 +0000
committerrelyea%netscape.com <devnull@localhost>2003-11-14 03:25:52 +0000
commite3bfcbc786d360dd4ce0ca60382b5bfeb681755c (patch)
treec66ec66a2f20f3d98021238ae42d57d8669cb410
parent7f1c8b7d125091743c166255e61e3e68eeb28fb3 (diff)
downloadnss-hg-e3bfcbc786d360dd4ce0ca60382b5bfeb681755c.tar.gz
Changes for symkey support.
Diffstat
-rw-r--r--security/nss/lib/nss/nss.def1
-rw-r--r--security/nss/lib/pk11wrap/pk11func.h5
-rw-r--r--security/nss/lib/pk11wrap/pk11kea.c4
-rw-r--r--security/nss/lib/pk11wrap/pk11skey.c51
-rw-r--r--security/nss/lib/pk11wrap/pk11slot.c59
-rw-r--r--security/nss/lib/softoken/pkcs11.c21
-rw-r--r--security/nss/lib/softoken/pkcs11i.h2
-rw-r--r--security/nss/lib/softoken/pkcs11u.c50
8 files changed, 164 insertions, 29 deletions
diff --git a/security/nss/lib/nss/nss.def b/security/nss/lib/nss/nss.def
index 15289bbcb..9b002400c 100644
--- a/security/nss/lib/nss/nss.def
+++ b/security/nss/lib/nss/nss.def
@@ -769,6 +769,7 @@ NSS_Get_CERT_TimeChoiceTemplate;
PK11_DeriveWithFlagsPerm;
PK11_ExportEncryptedPrivKeyInfo;
PK11_FindSlotsByAliases;
+PK11_GetSymKeyType;
PK11_MoveKey;
PK11_PubDeriveExtended;
PK11_PubUnwrapSymKeyWithFlagsPerm;
diff --git a/security/nss/lib/pk11wrap/pk11func.h b/security/nss/lib/pk11wrap/pk11func.h
index 8eedbd254..06c5fe13d 100644
--- a/security/nss/lib/pk11wrap/pk11func.h
+++ b/security/nss/lib/pk11wrap/pk11func.h
@@ -233,7 +233,9 @@ int PK11_GetBestKeyLength(PK11SlotInfo *slot, CK_MECHANISM_TYPE type);
void PK11_AddMechanismEntry(CK_MECHANISM_TYPE type, CK_KEY_TYPE key,
CK_MECHANISM_TYPE keygen, int ivLen, int blocksize);
CK_MECHANISM_TYPE PK11_GetKeyType(CK_MECHANISM_TYPE type,unsigned long len);
+CK_MECHANISM_TYPE PK11_GetKeyMechanism(CK_KEY_TYPE type);
CK_MECHANISM_TYPE PK11_GetKeyGen(CK_MECHANISM_TYPE type);
+CK_MECHANISM_TYPE PK11_GetKeyGenWithSize(CK_MECHANISM_TYPE type, int size);
int PK11_GetBlockSize(CK_MECHANISM_TYPE type,SECItem *params);
int PK11_GetIVLength(CK_MECHANISM_TYPE type);
SECItem *PK11_ParamFromIV(CK_MECHANISM_TYPE type,SECItem *iv);
@@ -260,7 +262,7 @@ CK_MECHANISM_TYPE PK11_GetPadMechanism(CK_MECHANISM_TYPE);
* Symetric, Public, and Private Keys
**********************************************************************/
PK11SymKey *PK11_CreateSymKey(PK11SlotInfo *slot,
- CK_MECHANISM_TYPE type, void *wincx);
+ CK_MECHANISM_TYPE type, PRBool owner, void *wincx);
void PK11_FreeSymKey(PK11SymKey *key);
PK11SymKey *PK11_ReferenceSymKey(PK11SymKey *symKey);
PK11SymKey *PK11_ImportSymKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
@@ -289,6 +291,7 @@ PK11SymKey *PK11_TokenKeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
PK11SymKey * PK11_ListFixedKeysInSlot(PK11SlotInfo *slot, char *nickname,
void *wincx);
PK11SymKey *PK11_GetNextSymKey(PK11SymKey *symKey);
+CK_KEY_TYPE PK11_GetSymKeyType(PK11SymKey *key);
/* Key Generation specialized for SDR (fixed DES3 key) */
PK11SymKey *PK11_GenDES3TokenKey(PK11SlotInfo *slot, SECItem *keyid, void *cx);
diff --git a/security/nss/lib/pk11wrap/pk11kea.c b/security/nss/lib/pk11wrap/pk11kea.c
index a4cda1d27..4c88910e1 100644
--- a/security/nss/lib/pk11wrap/pk11kea.c
+++ b/security/nss/lib/pk11wrap/pk11kea.c
@@ -88,6 +88,7 @@ pk11_KeyExchange(PK11SlotInfo *slot,CK_MECHANISM_TYPE type,
SECKEYPublicKey *pubKey = NULL;
SECKEYPrivateKey *privKey = NULL;
SECItem wrapData;
+ unsigned int symKeyLength = PK11_GetKeyLength(symKey);
wrapData.data = NULL;
@@ -99,7 +100,6 @@ pk11_KeyExchange(PK11SlotInfo *slot,CK_MECHANISM_TYPE type,
/* if no key exists, generate a key pair */
if (privKeyHandle == CK_INVALID_HANDLE) {
- unsigned int symKeyLength = PK11_GetKeyLength(symKey);
PK11RSAGenParams rsaParams;
if (symKeyLength > 53) /* bytes */ {
@@ -139,7 +139,7 @@ pk11_KeyExchange(PK11SlotInfo *slot,CK_MECHANISM_TYPE type,
rv = PK11_PubWrapSymKey(CKM_RSA_PKCS, pubKey, symKey, &wrapData);
if (rv == SECSuccess) {
newSymKey = PK11_PubUnwrapSymKeyWithFlagsPerm(privKey,
- &wrapData,type,operation,0,flags,isPerm);
+ &wrapData,type,operation,symKeyLength,flags,isPerm);
}
rsa_failed:
if (wrapData.data != NULL) PORT_Free(wrapData.data);
diff --git a/security/nss/lib/pk11wrap/pk11skey.c b/security/nss/lib/pk11wrap/pk11skey.c
index 236db5e6c..f7a5a9f6b 100644
--- a/security/nss/lib/pk11wrap/pk11skey.c
+++ b/security/nss/lib/pk11wrap/pk11skey.c
@@ -213,7 +213,8 @@ PK11_CleanKeyList(PK11SlotInfo *slot)
* type is the mechanism type
*/
PK11SymKey *
-PK11_CreateSymKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, void *wincx)
+PK11_CreateSymKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, PRBool owner,
+ void *wincx)
{
PK11SymKey *symKey = pk11_getKeyFromList(slot);
@@ -226,7 +227,7 @@ PK11_CreateSymKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, void *wincx)
symKey->type = type;
symKey->data.data = NULL;
symKey->data.len = 0;
- symKey->owner = PR_TRUE;
+ symKey->owner = owner;
symKey->objectID = CK_INVALID_HANDLE;
symKey->slot = slot;
symKey->series = slot->series;
@@ -298,14 +299,13 @@ PK11_SymKeyFromHandle(PK11SlotInfo *slot, PK11SymKey *parent, PK11Origin origin,
return NULL;
}
- symKey = PK11_CreateSymKey(slot,type,wincx);
+ symKey = PK11_CreateSymKey(slot,type,owner,wincx);
if (symKey == NULL) {
return NULL;
}
symKey->objectID = keyID;
symKey->origin = origin;
- symKey->owner = owner;
/* adopt the parent's session */
/* This is only used by SSL. What we really want here is a session
@@ -414,7 +414,7 @@ pk11_ImportSymKeyWithTempl(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
PK11SymKey * symKey;
SECStatus rv;
- symKey = PK11_CreateSymKey(slot,type,wincx);
+ symKey = PK11_CreateSymKey(slot,type,!isToken,wincx);
if (symKey == NULL) {
return NULL;
}
@@ -651,6 +651,11 @@ PK11_GetSlotFromKey(PK11SymKey *symKey)
return PK11_ReferenceSlot(symKey->slot);
}
+CK_KEY_TYPE PK11_GetSymKeyType(PK11SymKey *symKey)
+{
+ return PK11_GetKeyType(symKey->type,symKey->size);
+}
+
PK11SymKey *
PK11_FindFixedKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *keyID,
void *wincx)
@@ -697,7 +702,7 @@ PK11_ListFixedKeysInSlot(PK11SlotInfo *slot, char *nickname, void *wincx)
PK11_SETATTRS(attrs, CKA_CLASS, &keyclass, sizeof(keyclass)); attrs++;
PK11_SETATTRS(attrs, CKA_TOKEN, &ckTrue, sizeof(ckTrue)); attrs++;
if (nickname) {
- len = PORT_Strlen(nickname)-1;
+ len = PORT_Strlen(nickname);
PK11_SETATTRS(attrs, CKA_LABEL, nickname, len); attrs++;
}
tsize = attrs - findTemp;
@@ -709,8 +714,18 @@ PK11_ListFixedKeysInSlot(PK11SlotInfo *slot, char *nickname, void *wincx)
}
for (i=0; i < objCount ; i++) {
+ SECItem typeData;
+ CK_KEY_TYPE type = CKK_GENERIC_SECRET;
+ SECStatus rv = PK11_ReadAttribute(slot, key_ids[i],
+ CKA_KEY_TYPE, NULL, &typeData);
+ if (rv == SECSuccess) {
+ if (typeData.len == sizeof(CK_KEY_TYPE)) {
+ type = *(CK_KEY_TYPE *)typeData.data;
+ }
+ PORT_Free(typeData.data);
+ }
nextKey = PK11_SymKeyFromHandle(slot, NULL, PK11_OriginDerive,
- CKM_INVALID_MECHANISM, key_ids[i], PR_FALSE, wincx);
+ PK11_GetKeyMechanism(type), key_ids[i], PR_FALSE, wincx);
if (nextKey) {
nextKey->next = topKey;
topKey = nextKey;
@@ -1491,11 +1506,11 @@ PK11_TokenKeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *param,
return NULL;
}
- symKey = PK11_CreateSymKey(bestSlot,type,wincx);
+ symKey = PK11_CreateSymKey(bestSlot, type, !isToken, wincx);
PK11_FreeSlot(bestSlot);
} else {
- symKey = PK11_CreateSymKey(slot, type, wincx);
+ symKey = PK11_CreateSymKey(slot, type, !isToken, wincx);
}
if (symKey == NULL) return NULL;
@@ -1503,7 +1518,7 @@ PK11_TokenKeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *param,
symKey->origin = (!weird) ? PK11_OriginGenerated : PK11_OriginFortezzaHack;
/* Initialize the Key Gen Mechanism */
- mechanism.mechanism = PK11_GetKeyGen(type);
+ mechanism.mechanism = PK11_GetKeyGenWithSize(type, keySize);
if (mechanism.mechanism == CKM_FAKE_RANDOM) {
PORT_SetError( SEC_ERROR_NO_MODULE );
return NULL;
@@ -2632,7 +2647,7 @@ PK11_DeriveWithFlagsPerm( PK11SymKey *baseKey, CK_MECHANISM_TYPE derive,
PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(CK_BBOOL)); attrs++;
}
templateCount = attrs - keyTemplate;
- templateCount += pk11_FlagsToAttributes(flags, keyTemplate, &cktrue);
+ templateCount += pk11_FlagsToAttributes(flags, attrs, &cktrue);
return pk11_DeriveWithTemplate(baseKey, derive, param, target, operation,
keySize, keyTemplate, templateCount, isPerm);
}
@@ -2721,7 +2736,7 @@ pk11_DeriveWithTemplate( PK11SymKey *baseKey, CK_MECHANISM_TYPE derive,
/* get our key Structure */
- symKey = PK11_CreateSymKey(slot,target,baseKey->cx);
+ symKey = PK11_CreateSymKey(slot,target,!isPerm,baseKey->cx);
if (symKey == NULL) {
return NULL;
}
@@ -2823,7 +2838,7 @@ PK11_PubDerive(SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey,
}
/* get our key Structure */
- symKey = PK11_CreateSymKey(slot,target,wincx);
+ symKey = PK11_CreateSymKey(slot,target,PR_TRUE,wincx);
if (symKey == NULL) {
return NULL;
}
@@ -2993,7 +3008,7 @@ PK11_PubDeriveExtended(SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey,
#endif
/* get our key Structure */
- symKey = PK11_CreateSymKey(slot,target,wincx);
+ symKey = PK11_CreateSymKey(slot,target,PR_TRUE,wincx);
if (symKey == NULL) {
return NULL;
}
@@ -3281,7 +3296,7 @@ pk11_AnyUnwrapKey(PK11SlotInfo *slot, CK_OBJECT_HANDLE wrappingKey,
}
/* get our key Structure */
- symKey = PK11_CreateSymKey(slot,target,wincx);
+ symKey = PK11_CreateSymKey(slot,target,!isPerm,wincx);
if (symKey == NULL) {
if (param_free) SECITEM_FreeItem(param_free,PR_TRUE);
return NULL;
@@ -3362,11 +3377,11 @@ PK11_UnwrapSymKeyWithFlagsPerm(PK11SymKey *wrappingKey,
PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(CK_BBOOL)); attrs++;
}
templateCount = attrs-keyTemplate;
- templateCount += pk11_FlagsToAttributes(flags, keyTemplate, &cktrue);
+ templateCount += pk11_FlagsToAttributes(flags, attrs, &cktrue);
return pk11_AnyUnwrapKey(wrappingKey->slot, wrappingKey->objectID,
wrapType, param, wrappedKey, target, operation, keySize,
- wrappingKey->cx, keyTemplate, templateCount, PR_TRUE);
+ wrappingKey->cx, keyTemplate, templateCount, isPerm);
}
@@ -3422,7 +3437,7 @@ PK11_PubUnwrapSymKeyWithFlagsPerm(SECKEYPrivateKey *wrappingKey,
}
templateCount = attrs-keyTemplate;
- templateCount += pk11_FlagsToAttributes(flags, keyTemplate, &cktrue);
+ templateCount += pk11_FlagsToAttributes(flags, attrs, &cktrue);
PK11_HandlePasswordCheck(wrappingKey->pkcs11Slot,wrappingKey->wincx);
diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c
index 374b32ae8..74dfe89ad 100644
--- a/security/nss/lib/pk11wrap/pk11slot.c
+++ b/security/nss/lib/pk11wrap/pk11slot.c
@@ -2876,6 +2876,58 @@ PK11_AddMechanismEntry(CK_MECHANISM_TYPE type, CK_KEY_TYPE key,
* Get the key type needed for the given mechanism
*/
CK_MECHANISM_TYPE
+PK11_GetKeyMechanism(CK_KEY_TYPE type)
+{
+ switch (type) {
+ case CKK_AES:
+ return CKM_AES_CBC;
+ case CKK_DES:
+ return CKM_DES_CBC;
+ case CKK_DES3:
+ return CKM_DES3_KEY_GEN;
+ case CKK_DES2:
+ return CKM_DES2_KEY_GEN;
+ case CKK_CDMF:
+ return CKM_CDMF_CBC;
+ case CKK_RC2:
+ return CKM_RC2_CBC;
+ case CKK_RC4:
+ return CKM_RC4;
+ case CKK_RC5:
+ return CKM_RC5_CBC;
+ case CKK_SKIPJACK:
+ return CKM_SKIPJACK_CBC64;
+ case CKK_BATON:
+ return CKM_BATON_CBC128;
+ case CKK_JUNIPER:
+ return CKM_JUNIPER_CBC128;
+ case CKK_IDEA:
+ return CKM_IDEA_CBC;
+ case CKK_CAST:
+ return CKM_CAST_CBC;
+ case CKK_CAST3:
+ return CKM_CAST3_CBC;
+ case CKK_CAST5:
+ return CKM_CAST5_CBC;
+ case CKK_RSA:
+ return CKM_RSA_PKCS;
+ case CKK_DSA:
+ return CKM_DSA;
+ case CKK_DH:
+ return CKM_DH_PKCS_DERIVE;
+ case CKK_KEA:
+ return CKM_KEA_KEY_DERIVE;
+ case CKK_EC: /* CKK_ECDSA is deprecated */
+ return CKM_ECDSA;
+ case CKK_GENERIC_SECRET:
+ default:
+ return CKM_SHA_1_HMAC;
+ }
+}
+/*
+ * Get the key type needed for the given mechanism
+ */
+CK_MECHANISM_TYPE
PK11_GetKeyType(CK_MECHANISM_TYPE type,unsigned long len)
{
switch (type) {
@@ -3054,6 +3106,12 @@ PK11_GetKeyType(CK_MECHANISM_TYPE type,unsigned long len)
CK_MECHANISM_TYPE
PK11_GetKeyGen(CK_MECHANISM_TYPE type)
{
+ return PK11_GetKeyGenWithSize(type, 0);
+}
+
+CK_MECHANISM_TYPE
+PK11_GetKeyGenWithSize(CK_MECHANISM_TYPE type, int size)
+{
switch (type) {
case CKM_AES_ECB:
case CKM_AES_CBC:
@@ -3075,6 +3133,7 @@ PK11_GetKeyGen(CK_MECHANISM_TYPE type)
case CKM_DES3_MAC:
case CKM_DES3_MAC_GENERAL:
case CKM_DES3_CBC_PAD:
+ return (size == 16) ? CKM_DES2_KEY_GEN : CKM_DES3_KEY_GEN;
case CKM_DES3_KEY_GEN:
return CKM_DES3_KEY_GEN;
case CKM_DES2_KEY_GEN:
diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c
index 1b524a62e..5c3e5ed52 100644
--- a/security/nss/lib/softoken/pkcs11.c
+++ b/security/nss/lib/softoken/pkcs11.c
@@ -2160,6 +2160,8 @@ pk11_mkSecretKeyRep(PK11Object *object)
{
NSSLOWKEYPrivateKey *privKey = 0;
PLArenaPool *arena = 0;
+ CK_KEY_TYPE keyType;
+ SECItem keyTypeItem;
CK_RV crv;
SECStatus rv;
static unsigned char derZero[1] = { 0 };
@@ -2210,9 +2212,17 @@ pk11_mkSecretKeyRep(PK11Object *object)
privKey->u.rsa.exponent2.data = derZero;
/* Coeficient set to KEY_TYPE */
- crv=pk11_Attribute2SecItem(arena,&privKey->u.rsa.coefficient,object,CKA_KEY_TYPE);
+ crv = pk11_GetULongAttribute(object, CKA_KEY_TYPE, &keyType);
if (crv != CKR_OK) goto loser;
-
+ keyType = PR_htonl(keyType);
+ keyTypeItem.data = (unsigned char *)&keyType;
+ keyTypeItem.len = sizeof (keyType);
+ rv = SECITEM_CopyItem(arena, &privKey->u.rsa.coefficient, &keyTypeItem);
+ if (rv != SECSuccess) {
+ crv = CKR_HOST_MEMORY;
+ goto loser;
+ }
+
/* Private key version field set normally for compatibility */
rv = DER_SetUInteger(privKey->arena,
&privKey->u.rsa.version, NSSLOWKEY_VERSION);
@@ -4108,7 +4118,7 @@ loser:
static void
pk11_searchKeys(PK11Slot *slot, SECItem *key_id, PRBool isLoggedIn,
- unsigned long classFlags, PK11SearchResults *search,
+ unsigned long classFlags, PK11SearchResults *search, PRBool mustStrict,
CK_ATTRIBUTE *pTemplate, CK_ULONG ulCount)
{
NSSLOWKEYDBHandle *keyHandle = NULL;
@@ -4162,7 +4172,7 @@ pk11_searchKeys(PK11Slot *slot, SECItem *key_id, PRBool isLoggedIn,
keyData.templ_count = ulCount;
keyData.isLoggedIn = isLoggedIn;
keyData.classFlags = classFlags;
- keyData.strict = NSC_STRICT;
+ keyData.strict = mustStrict ? mustStrict : NSC_STRICT;
nsslowkey_TraverseKeys(keyHandle, pk11_key_collect, &keyData);
}
@@ -4625,8 +4635,9 @@ pk11_searchTokenList(PK11Slot *slot, PK11SearchResults *search,
/* keys */
if (classFlags & (NSC_PRIVATE|NSC_PUBLIC|NSC_KEY)) {
+ PRBool mustStrict = ((classFlags & NSC_KEY) != 0) && (name.len != 0);
pk11_searchKeys(slot, &key_id, isLoggedIn, classFlags, search,
- pTemplate, ulCount);
+ mustStrict, pTemplate, ulCount);
}
/* crl's */
diff --git a/security/nss/lib/softoken/pkcs11i.h b/security/nss/lib/softoken/pkcs11i.h
index 27375b679..0f382f8ba 100644
--- a/security/nss/lib/softoken/pkcs11i.h
+++ b/security/nss/lib/softoken/pkcs11i.h
@@ -600,6 +600,8 @@ extern PK11ModifyType pk11_modifyType(CK_ATTRIBUTE_TYPE type,
extern PRBool pk11_isSensitive(CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass);
extern char *pk11_getString(PK11Object *object, CK_ATTRIBUTE_TYPE type);
extern void pk11_nullAttribute(PK11Object *object,CK_ATTRIBUTE_TYPE type);
+extern CK_RV pk11_GetULongAttribute(PK11Object *object, CK_ATTRIBUTE_TYPE type,
+ CK_ULONG *longData);
extern CK_RV pk11_forceAttribute(PK11Object *object, CK_ATTRIBUTE_TYPE type,
void *value, unsigned int len);
extern CK_RV pk11_defaultAttribute(PK11Object *object, CK_ATTRIBUTE_TYPE type,
diff --git a/security/nss/lib/softoken/pkcs11u.c b/security/nss/lib/softoken/pkcs11u.c
index 16f5c282a..b8d8db941 100644
--- a/security/nss/lib/softoken/pkcs11u.c
+++ b/security/nss/lib/softoken/pkcs11u.c
@@ -682,8 +682,11 @@ pk11_FindSecretKeyAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type)
{
NSSLOWKEYPrivateKey *key;
char *label;
+ unsigned char *keyString;
PK11Attribute *att;
+ int keyTypeLen;
CK_ULONG keyLen;
+ CK_KEY_TYPE keyType;
switch (type) {
case CKA_PRIVATE:
@@ -724,8 +727,30 @@ pk11_FindSecretKeyAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type)
}
switch (type) {
case CKA_KEY_TYPE:
- return pk11_NewTokenAttribute(type,key->u.rsa.coefficient.data,
- key->u.rsa.coefficient.len, PR_FALSE);
+ /* handle legacy databases. In legacy databases key_type was stored
+ * in host order, with any leading zeros stripped off. Only key types
+ * under 0x1f (AES) were stored. We assume that any values which are
+ * either 1 byte long (big endian), or have byte[0] between 0 and
+ * 0x1f and bytes[1]-bytes[3] equal to '0' (little endian). All other
+ * values are assumed to be from the new database, which is always 4
+ * bytes in host order */
+ keyType=0;
+ keyString = key->u.rsa.coefficient.data;
+ keyTypeLen = key->u.rsa.coefficient.len;
+ /* only length of 1 or 4 are valid */
+ if ((keyTypeLen != sizeof(keyType)) && (keyTypeLen != 1)) {
+ PORT_SetError(SEC_ERROR_BAD_DATABASE);
+ return NULL;
+ }
+ if ((keyTypeLen == 1) ||
+ ((keyString[0] <= 0x1f) && (keyString[1] == 0) &&
+ (keyString[2] == 0) && (keyString[3] == 0))) {
+ keyType = (CK_KEY_TYPE) keyString[0] ;
+ } else {
+ keyType = *(CK_KEY_TYPE *) keyString;
+ keyType = PR_ntohl(keyType);
+ }
+ return pk11_NewTokenAttribute(type,&keyType,sizeof(keyType),PR_TRUE);
case CKA_VALUE:
return pk11_NewTokenAttribute(type,key->u.rsa.privateExponent.data,
key->u.rsa.privateExponent.len, PR_FALSE);
@@ -1892,6 +1917,25 @@ pk11_Attribute2SecItem(PLArenaPool *arena,SECItem *item,PK11Object *object,
return CKR_OK;
}
+CK_RV
+pk11_GetULongAttribute(PK11Object *object, CK_ATTRIBUTE_TYPE type,
+ CK_ULONG *longData)
+{
+ int len;
+ PK11Attribute *attribute;
+
+ attribute = pk11_FindAttribute(object, type);
+ if (attribute == NULL) return CKR_TEMPLATE_INCOMPLETE;
+
+ if (attribute->attrib.ulValueLen != sizeof(CK_ULONG)) {
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+
+ *longData = *(CK_ULONG *)attribute->attrib.pValue;
+ pk11_FreeAttribute(attribute);
+ return CKR_OK;
+}
+
void
pk11_DeleteAttributeType(PK11Object *object,CK_ATTRIBUTE_TYPE type)
{
@@ -2133,7 +2177,7 @@ pk11_NewObject(PK11Slot *slot)
object->handle = 0;
object->next = object->prev = NULL;
object->slot = slot;
- object->objclass = 0xffff;
+
object->refCount = 1;
sessObject->sessionList.next = NULL;
sessObject->sessionList.prev = NULL;
View Lorry Controller Status