diff options
Diffstat (limited to 'security/nss/cmd/lib')
| -rw-r--r-- | security/nss/cmd/lib/Makefile | 49 | ||||
| -rw-r--r-- | security/nss/cmd/lib/basicutil.c | 718 | ||||
| -rw-r--r-- | security/nss/cmd/lib/basicutil.h | 128 | ||||
| -rw-r--r-- | security/nss/cmd/lib/berparse.c | 375 | ||||
| -rw-r--r-- | security/nss/cmd/lib/config.mk | 15 | ||||
| -rw-r--r-- | security/nss/cmd/lib/derprint.c | 590 | ||||
| -rw-r--r-- | security/nss/cmd/lib/ffs.c | 19 | ||||
| -rw-r--r-- | security/nss/cmd/lib/manifest.mn | 39 | ||||
| -rw-r--r-- | security/nss/cmd/lib/moreoids.c | 159 | ||||
| -rw-r--r-- | security/nss/cmd/lib/pk11table.c | 1416 | ||||
| -rw-r--r-- | security/nss/cmd/lib/pk11table.h | 180 | ||||
| -rw-r--r-- | security/nss/cmd/lib/pppolicy.c | 267 | ||||
| -rw-r--r-- | security/nss/cmd/lib/secpwd.c | 164 | ||||
| -rw-r--r-- | security/nss/cmd/lib/secutil.c | 3672 | ||||
| -rw-r--r-- | security/nss/cmd/lib/secutil.h | 425 |
15 files changed, 0 insertions, 8216 deletions
diff --git a/security/nss/cmd/lib/Makefile b/security/nss/cmd/lib/Makefile deleted file mode 100644 index 0fb6c9058..000000000 --- a/security/nss/cmd/lib/Makefile +++ /dev/null @@ -1,49 +0,0 @@ -#! gmake -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include config.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -export:: private_export - - diff --git a/security/nss/cmd/lib/basicutil.c b/security/nss/cmd/lib/basicutil.c deleted file mode 100644 index d2e36ed53..000000000 --- a/security/nss/cmd/lib/basicutil.c +++ /dev/null @@ -1,718 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* -** secutil.c - various functions used by security stuff -** -*/ - -#include "prtypes.h" -#include "prtime.h" -#include "prlong.h" -#include "prerror.h" -#include "prprf.h" -#include "plgetopt.h" -#include "prenv.h" -#include "prnetdb.h" - -#include "basicutil.h" -#include <stdarg.h> -#include <sys/stat.h> -#include <errno.h> - -#ifdef XP_UNIX -#include <unistd.h> -#endif - -#include "secoid.h" - -extern long DER_GetInteger(SECItem *src); - -static PRBool wrapEnabled = PR_TRUE; - -void -SECU_EnableWrap(PRBool enable) -{ - wrapEnabled = enable; -} - -PRBool -SECU_GetWrapEnabled(void) -{ - return wrapEnabled; -} - -void -SECU_PrintErrMsg(FILE *out, int level, char *progName, char *msg, ...) -{ - va_list args; - PRErrorCode err = PORT_GetError(); - const char * errString = PORT_ErrorToString(err); - - va_start(args, msg); - - SECU_Indent(out, level); - fprintf(out, "%s: ", progName); - vfprintf(out, msg, args); - if (errString != NULL && PORT_Strlen(errString) > 0) - fprintf(out, ": %s\n", errString); - else - fprintf(out, ": error %d\n", (int)err); - - va_end(args); -} - -void -SECU_PrintError(char *progName, char *msg, ...) -{ - va_list args; - PRErrorCode err = PORT_GetError(); - const char * errString = PORT_ErrorToString(err); - - va_start(args, msg); - - fprintf(stderr, "%s: ", progName); - vfprintf(stderr, msg, args); - if (errString != NULL && PORT_Strlen(errString) > 0) - fprintf(stderr, ": %s\n", errString); - else - fprintf(stderr, ": error %d\n", (int)err); - - va_end(args); -} - -void -SECU_PrintSystemError(char *progName, char *msg, ...) -{ - va_list args; - - va_start(args, msg); - fprintf(stderr, "%s: ", progName); - vfprintf(stderr, msg, args); - fprintf(stderr, ": %s\n", strerror(errno)); - va_end(args); -} - -SECStatus -secu_StdinToItem(SECItem *dst) -{ - unsigned char buf[1000]; - PRInt32 numBytes; - PRBool notDone = PR_TRUE; - - dst->len = 0; - dst->data = NULL; - - while (notDone) { - numBytes = PR_Read(PR_STDIN, buf, sizeof(buf)); - - if (numBytes < 0) { - return SECFailure; - } - - if (numBytes == 0) - break; - - if (dst->data) { - unsigned char * p = dst->data; - dst->data = (unsigned char*)PORT_Realloc(p, dst->len + numBytes); - if (!dst->data) { - PORT_Free(p); - } - } else { - dst->data = (unsigned char*)PORT_Alloc(numBytes); - } - if (!dst->data) { - return SECFailure; - } - PORT_Memcpy(dst->data + dst->len, buf, numBytes); - dst->len += numBytes; - } - - return SECSuccess; -} - -SECStatus -SECU_FileToItem(SECItem *dst, PRFileDesc *src) -{ - PRFileInfo info; - PRInt32 numBytes; - PRStatus prStatus; - - if (src == PR_STDIN) - return secu_StdinToItem(dst); - - prStatus = PR_GetOpenFileInfo(src, &info); - - if (prStatus != PR_SUCCESS) { - PORT_SetError(SEC_ERROR_IO); - return SECFailure; - } - - /* XXX workaround for 3.1, not all utils zero dst before sending */ - dst->data = 0; - if (!SECITEM_AllocItem(NULL, dst, info.size)) - goto loser; - - numBytes = PR_Read(src, dst->data, info.size); - if (numBytes != info.size) { - PORT_SetError(SEC_ERROR_IO); - goto loser; - } - - return SECSuccess; -loser: - SECITEM_FreeItem(dst, PR_FALSE); - dst->data = NULL; - return SECFailure; -} - -SECStatus -SECU_TextFileToItem(SECItem *dst, PRFileDesc *src) -{ - PRFileInfo info; - PRInt32 numBytes; - PRStatus prStatus; - unsigned char *buf; - - if (src == PR_STDIN) - return secu_StdinToItem(dst); - - prStatus = PR_GetOpenFileInfo(src, &info); - - if (prStatus != PR_SUCCESS) { - PORT_SetError(SEC_ERROR_IO); - return SECFailure; - } - - buf = (unsigned char*)PORT_Alloc(info.size); - if (!buf) - return SECFailure; - - numBytes = PR_Read(src, buf, info.size); - if (numBytes != info.size) { - PORT_SetError(SEC_ERROR_IO); - goto loser; - } - - if (buf[numBytes-1] == '\n') numBytes--; -#ifdef _WINDOWS - if (buf[numBytes-1] == '\r') numBytes--; -#endif - - /* XXX workaround for 3.1, not all utils zero dst before sending */ - dst->data = 0; - if (!SECITEM_AllocItem(NULL, dst, numBytes)) - goto loser; - - memcpy(dst->data, buf, numBytes); - - PORT_Free(buf); - return SECSuccess; -loser: - PORT_Free(buf); - return SECFailure; -} - -#define INDENT_MULT 4 -void -SECU_Indent(FILE *out, int level) -{ - int i; - - for (i = 0; i < level; i++) { - fprintf(out, " "); - } -} - -void SECU_Newline(FILE *out) -{ - fprintf(out, "\n"); -} - -void -SECU_PrintAsHex(FILE *out, SECItem *data, const char *m, int level) -{ - unsigned i; - int column; - PRBool isString = PR_TRUE; - PRBool isWhiteSpace = PR_TRUE; - PRBool printedHex = PR_FALSE; - unsigned int limit = 15; - - if ( m ) { - SECU_Indent(out, level); fprintf(out, "%s:", m); - level++; - if (wrapEnabled) - fprintf(out, "\n"); - } - - if (wrapEnabled) { - SECU_Indent(out, level); column = level*INDENT_MULT; - } - if (!data->len) { - fprintf(out, "(empty)\n"); - return; - } - /* take a pass to see if it's all printable. */ - for (i = 0; i < data->len; i++) { - unsigned char val = data->data[i]; - if (!val || !isprint(val)) { - isString = PR_FALSE; - break; - } - if (isWhiteSpace && !isspace(val)) { - isWhiteSpace = PR_FALSE; - } - } - - /* Short values, such as bit strings (which are printed with this - ** function) often look like strings, but we want to see the bits. - ** so this test assures that short values will be printed in hex, - ** perhaps in addition to being printed as strings. - ** The threshold size (4 bytes) is arbitrary. - */ - if (!isString || data->len <= 4) { - for (i = 0; i < data->len; i++) { - if (i != data->len - 1) { - fprintf(out, "%02x:", data->data[i]); - column += 3; - } else { - fprintf(out, "%02x", data->data[i]); - column += 2; - break; - } - if (wrapEnabled && - (column > 76 || (i % 16 == limit))) { - SECU_Newline(out); - SECU_Indent(out, level); - column = level*INDENT_MULT; - limit = i % 16; - } - } - printedHex = PR_TRUE; - } - if (isString && !isWhiteSpace) { - if (printedHex != PR_FALSE) { - SECU_Newline(out); - SECU_Indent(out, level); column = level*INDENT_MULT; - } - for (i = 0; i < data->len; i++) { - unsigned char val = data->data[i]; - - if (val) { - fprintf(out,"%c",val); - column++; - } else { - column = 77; - } - if (wrapEnabled && column > 76) { - SECU_Newline(out); - SECU_Indent(out, level); column = level*INDENT_MULT; - } - } - } - - if (column != level*INDENT_MULT) { - SECU_Newline(out); - } -} - -const char *hex = "0123456789abcdef"; - -const char printable[257] = { - "................" /* 0x */ - "................" /* 1x */ - " !\"#$%&'()*+,-./" /* 2x */ - "0123456789:;<=>?" /* 3x */ - "@ABCDEFGHIJKLMNO" /* 4x */ - "PQRSTUVWXYZ[\\]^_" /* 5x */ - "`abcdefghijklmno" /* 6x */ - "pqrstuvwxyz{|}~." /* 7x */ - "................" /* 8x */ - "................" /* 9x */ - "................" /* ax */ - "................" /* bx */ - "................" /* cx */ - "................" /* dx */ - "................" /* ex */ - "................" /* fx */ -}; - -void -SECU_PrintBuf(FILE *out, const char *msg, const void *vp, int len) -{ - const unsigned char *cp = (const unsigned char *)vp; - char buf[80]; - char *bp; - char *ap; - - fprintf(out, "%s [Len: %d]\n", msg, len); - memset(buf, ' ', sizeof buf); - bp = buf; - ap = buf + 50; - while (--len >= 0) { - unsigned char ch = *cp++; - *bp++ = hex[(ch >> 4) & 0xf]; - *bp++ = hex[ch & 0xf]; - *bp++ = ' '; - *ap++ = printable[ch]; - if (ap - buf >= 66) { - *ap = 0; - fprintf(out, " %s\n", buf); - memset(buf, ' ', sizeof buf); - bp = buf; - ap = buf + 50; - } - } - if (bp > buf) { - *ap = 0; - fprintf(out, " %s\n", buf); - } -} - - -/* This expents i->data[0] to be the MSB of the integer. -** if you want to print a DER-encoded integer (with the tag and length) -** call SECU_PrintEncodedInteger(); -*/ -void -SECU_PrintInteger(FILE *out, SECItem *i, char *m, int level) -{ - int iv; - - if (!i || !i->len || !i->data) { - SECU_Indent(out, level); - if (m) { - fprintf(out, "%s: (null)\n", m); - } else { - fprintf(out, "(null)\n"); - } - } else if (i->len > 4) { - SECU_PrintAsHex(out, i, m, level); - } else { - if (i->type == siUnsignedInteger && *i->data & 0x80) { - /* Make sure i->data has zero in the highest bite - * if i->data is an unsigned integer */ - SECItem tmpI; - char data[] = {0, 0, 0, 0, 0}; - - PORT_Memcpy(data + 1, i->data, i->len); - tmpI.len = i->len + 1; - tmpI.data = (void*)data; - - iv = DER_GetInteger(&tmpI); - } else { - iv = DER_GetInteger(i); - } - SECU_Indent(out, level); - if (m) { - fprintf(out, "%s: %d (0x%x)\n", m, iv, iv); - } else { - fprintf(out, "%d (0x%x)\n", iv, iv); - } - } -} - -#if defined(DEBUG) || defined(FORCE_PR_ASSERT) -/* Returns true iff a[i].flag has a duplicate in a[i+1 : count-1] */ -static PRBool HasShortDuplicate(int i, secuCommandFlag *a, int count) -{ - char target = a[i].flag; - int j; - - /* duplicate '\0' flags are okay, they are used with long forms */ - for (j = i+1; j < count; j++) { - if (a[j].flag && a[j].flag == target) { - return PR_TRUE; - } - } - return PR_FALSE; -} - -/* Returns true iff a[i].longform has a duplicate in a[i+1 : count-1] */ -static PRBool HasLongDuplicate(int i, secuCommandFlag *a, int count) -{ - int j; - char *target = a[i].longform; - - if (!target) - return PR_FALSE; - - for (j = i+1; j < count; j++) { - if (a[j].longform && strcmp(a[j].longform, target) == 0) { - return PR_TRUE; - } - } - return PR_FALSE; -} - -/* Returns true iff a has no short or long form duplicates - */ -PRBool HasNoDuplicates(secuCommandFlag *a, int count) -{ - int i; - - for (i = 0; i < count; i++) { - if (a[i].flag && HasShortDuplicate(i, a, count)) { - return PR_FALSE; - } - if (a[i].longform && HasLongDuplicate(i, a, count)) { - return PR_FALSE; - } - } - return PR_TRUE; -} -#endif - -SECStatus -SECU_ParseCommandLine(int argc, char **argv, char *progName, - const secuCommand *cmd) -{ - PRBool found; - PLOptState *optstate; - PLOptStatus status; - char *optstring; - PLLongOpt *longopts = NULL; - int i, j; - int lcmd = 0, lopt = 0; - - PR_ASSERT(HasNoDuplicates(cmd->commands, cmd->numCommands)); - PR_ASSERT(HasNoDuplicates(cmd->options, cmd->numOptions)); - - optstring = (char *)PORT_Alloc(cmd->numCommands + 2*cmd->numOptions+1); - if (optstring == NULL) - return SECFailure; - - j = 0; - for (i=0; i<cmd->numCommands; i++) { - if (cmd->commands[i].flag) /* single character option ? */ - optstring[j++] = cmd->commands[i].flag; - if (cmd->commands[i].longform) - lcmd++; - } - for (i=0; i<cmd->numOptions; i++) { - if (cmd->options[i].flag) { - optstring[j++] = cmd->options[i].flag; - if (cmd->options[i].needsArg) - optstring[j++] = ':'; - } - if (cmd->options[i].longform) - lopt++; - } - - optstring[j] = '\0'; - - if (lcmd + lopt > 0) { - longopts = PORT_NewArray(PLLongOpt, lcmd+lopt+1); - if (!longopts) { - PORT_Free(optstring); - return SECFailure; - } - - j = 0; - for (i=0; j<lcmd && i<cmd->numCommands; i++) { - if (cmd->commands[i].longform) { - longopts[j].longOptName = cmd->commands[i].longform; - longopts[j].longOption = 0; - longopts[j++].valueRequired = cmd->commands[i].needsArg; - } - } - lopt += lcmd; - for (i=0; j<lopt && i<cmd->numOptions; i++) { - if (cmd->options[i].longform) { - longopts[j].longOptName = cmd->options[i].longform; - longopts[j].longOption = 0; - longopts[j++].valueRequired = cmd->options[i].needsArg; - } - } - longopts[j].longOptName = NULL; - } - - optstate = PL_CreateLongOptState(argc, argv, optstring, longopts); - if (!optstate) { - PORT_Free(optstring); - PORT_Free(longopts); - return SECFailure; - } - /* Parse command line arguments */ - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - const char *optstatelong; - char option = optstate->option; - - /* positional parameter, single-char option or long opt? */ - if (optstate->longOptIndex == -1) { - /* not a long opt */ - if (option == '\0') - continue; /* it's a positional parameter */ - optstatelong = ""; - } else { - /* long opt */ - if (option == '\0') - option = '\377'; /* force unequal with all flags */ - optstatelong = longopts[optstate->longOptIndex].longOptName; - } - - found = PR_FALSE; - - for (i=0; i<cmd->numCommands; i++) { - if (cmd->commands[i].flag == option || - cmd->commands[i].longform == optstatelong) { - cmd->commands[i].activated = PR_TRUE; - if (optstate->value) { - cmd->commands[i].arg = (char *)optstate->value; - } - found = PR_TRUE; - break; - } - } - - if (found) - continue; - - for (i=0; i<cmd->numOptions; i++) { - if (cmd->options[i].flag == option || - cmd->options[i].longform == optstatelong) { - cmd->options[i].activated = PR_TRUE; - if (optstate->value) { - cmd->options[i].arg = (char *)optstate->value; - } else if (cmd->options[i].needsArg) { - status = PL_OPT_BAD; - goto loser; - } - found = PR_TRUE; - break; - } - } - - if (!found) { - status = PL_OPT_BAD; - break; - } - } - -loser: - PL_DestroyOptState(optstate); - PORT_Free(optstring); - if (longopts) - PORT_Free(longopts); - if (status == PL_OPT_BAD) - return SECFailure; - return SECSuccess; -} - -char * -SECU_GetOptionArg(const secuCommand *cmd, int optionNum) -{ - if (optionNum < 0 || optionNum >= cmd->numOptions) - return NULL; - if (cmd->options[optionNum].activated) - return PL_strdup(cmd->options[optionNum].arg); - else - return NULL; -} - - -void -SECU_PrintPRandOSError(char *progName) -{ - char buffer[513]; - PRInt32 errLen = PR_GetErrorTextLength(); - if (errLen > 0 && errLen < sizeof buffer) { - PR_GetErrorText(buffer); - } - SECU_PrintError(progName, "function failed"); - if (errLen > 0 && errLen < sizeof buffer) { - PR_fprintf(PR_STDERR, "\t%s\n", buffer); - } -} - -SECOidTag -SECU_StringToSignatureAlgTag(const char *alg) -{ - SECOidTag hashAlgTag = SEC_OID_UNKNOWN; - - if (alg) { - if (!PL_strcmp(alg, "MD2")) { - hashAlgTag = SEC_OID_MD2; - } else if (!PL_strcmp(alg, "MD4")) { - hashAlgTag = SEC_OID_MD4; - } else if (!PL_strcmp(alg, "MD5")) { - hashAlgTag = SEC_OID_MD5; - } else if (!PL_strcmp(alg, "SHA1")) { - hashAlgTag = SEC_OID_SHA1; - } else if (!PL_strcmp(alg, "SHA224")) { - hashAlgTag = SEC_OID_SHA224; - } else if (!PL_strcmp(alg, "SHA256")) { - hashAlgTag = SEC_OID_SHA256; - } else if (!PL_strcmp(alg, "SHA384")) { - hashAlgTag = SEC_OID_SHA384; - } else if (!PL_strcmp(alg, "SHA512")) { - hashAlgTag = SEC_OID_SHA512; - } - } - return hashAlgTag; -} - -/* Caller ensures that dst is at least item->len*2+1 bytes long */ -void -SECU_SECItemToHex(const SECItem * item, char * dst) -{ - if (dst && item && item->data) { - unsigned char * src = item->data; - unsigned int len = item->len; - for (; len > 0; --len, dst += 2) { - sprintf(dst, "%02x", *src++); - } - *dst = '\0'; - } -} - -static unsigned char nibble(char c) { - c = PORT_Tolower(c); - return ( c >= '0' && c <= '9') ? c - '0' : - ( c >= 'a' && c <= 'f') ? c - 'a' +10 : -1; -} - -SECStatus -SECU_SECItemHexStringToBinary(SECItem* srcdest) -{ - int i; - - if (!srcdest) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - if (srcdest->len < 4 || (srcdest->len % 2) ) { - /* too short to convert, or even number of characters */ - PORT_SetError(SEC_ERROR_BAD_DATA); - return SECFailure; - } - if (PORT_Strncasecmp((const char*)srcdest->data, "0x", 2)) { - /* wrong prefix */ - PORT_SetError(SEC_ERROR_BAD_DATA); - return SECFailure; - } - - /* 1st pass to check for hex characters */ - for (i=2; i<srcdest->len; i++) { - char c = PORT_Tolower(srcdest->data[i]); - if (! ( ( c >= '0' && c <= '9') || - ( c >= 'a' && c <= 'f') - ) ) { - PORT_SetError(SEC_ERROR_BAD_DATA); - return SECFailure; - } - } - - /* 2nd pass to convert */ - for (i=2; i<srcdest->len; i+=2) { - srcdest->data[(i-2)/2] = (nibble(srcdest->data[i]) << 4) + - nibble(srcdest->data[i+1]); - } - - /* adjust length */ - srcdest->len -= 2; - srcdest->len /= 2; - return SECSuccess; -} diff --git a/security/nss/cmd/lib/basicutil.h b/security/nss/cmd/lib/basicutil.h deleted file mode 100644 index 972086fd3..000000000 --- a/security/nss/cmd/lib/basicutil.h +++ /dev/null @@ -1,128 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -#ifndef _BASIC_UTILS_H_ -#define _BASIC_UTILS_H_ - -#include "seccomon.h" -#include "secitem.h" -#include "secoid.h" -#include "secoidt.h" -#include "secport.h" -#include "prerror.h" -#include "base64.h" -#include "secasn1.h" -#include "secder.h" -#include <stdio.h> - -#ifdef SECUTIL_NEW -typedef int (*SECU_PPFunc)(PRFileDesc *out, SECItem *item, - char *msg, int level); -#else -typedef int (*SECU_PPFunc)(FILE *out, SECItem *item, char *msg, int level); -#endif - -/* print out an error message */ -extern void SECU_PrintError(char *progName, char *msg, ...); - -/* print out a system error message */ -extern void SECU_PrintSystemError(char *progName, char *msg, ...); - -/* print a formatted error message */ -extern void SECU_PrintErrMsg(FILE *out, int level, char *progName, char *msg, ...); - -/* Read the contents of a file into a SECItem */ -extern SECStatus SECU_FileToItem(SECItem *dst, PRFileDesc *src); -extern SECStatus SECU_TextFileToItem(SECItem *dst, PRFileDesc *src); - -/* Indent based on "level" */ -extern void SECU_Indent(FILE *out, int level); - -/* Print a newline to out */ -extern void SECU_Newline(FILE *out); - -/* Print integer value and hex */ -extern void SECU_PrintInteger(FILE *out, SECItem *i, char *m, int level); - -/* Print SECItem as hex */ -extern void SECU_PrintAsHex(FILE *out, SECItem *i, const char *m, int level); - -/* dump a buffer in hex and ASCII */ -extern void SECU_PrintBuf(FILE *out, const char *msg, const void *vp, int len); - -#ifdef HAVE_EPV_TEMPLATE -/* Dump contents of private key */ -extern int SECU_PrintPrivateKey(FILE *out, SECItem *der, char *m, int level); -#endif - -/* Init PKCS11 stuff */ -extern SECStatus SECU_PKCS11Init(PRBool readOnly); - -/* Dump contents of signed data */ -extern int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m, - int level, SECU_PPFunc inner); - -extern void SECU_PrintString(FILE *out, SECItem *si, char *m, int level); -extern void SECU_PrintAny(FILE *out, SECItem *i, char *m, int level); - -extern void SECU_PrintPRandOSError(char *progName); - -/* Caller ensures that dst is at least item->len*2+1 bytes long */ -void -SECU_SECItemToHex(const SECItem * item, char * dst); - -/* Requires 0x prefix. Case-insensitive. Will do in-place replacement if - * successful */ -SECStatus -SECU_SECItemHexStringToBinary(SECItem* srcdest); - -/* - * - * Utilities for parsing security tools command lines - * - */ - -/* A single command flag */ -typedef struct { - char flag; - PRBool needsArg; - char *arg; - PRBool activated; - char *longform; -} secuCommandFlag; - -/* A full array of command/option flags */ -typedef struct -{ - int numCommands; - int numOptions; - - secuCommandFlag *commands; - secuCommandFlag *options; -} secuCommand; - -/* fill the "arg" and "activated" fields for each flag */ -SECStatus -SECU_ParseCommandLine(int argc, char **argv, char *progName, - const secuCommand *cmd); -char * -SECU_GetOptionArg(const secuCommand *cmd, int optionNum); - -/* - * - * Error messaging - * - */ - -void printflags(char *trusts, unsigned int flags); - -#if !defined(XP_UNIX) && !defined(XP_OS2) -extern int ffs(unsigned int i); -#endif - -#include "secerr.h" - -extern const char *hex; -extern const char printable[]; - -#endif /* _BASIC_UTILS_H_ */ diff --git a/security/nss/cmd/lib/berparse.c b/security/nss/cmd/lib/berparse.c deleted file mode 100644 index e93766382..000000000 --- a/security/nss/cmd/lib/berparse.c +++ /dev/null @@ -1,375 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -#include "secutil.h" - -typedef enum { - tagDone, lengthDone, leafDone, compositeDone, - notDone, - parseError, parseComplete -} ParseState; - -typedef unsigned char Byte; -typedef void (*ParseProc)(BERParse *h, unsigned char **buf, int *len); -typedef struct { - SECArb arb; - int pos; /* length from global start to item start */ - SECArb *parent; -} ParseStackElem; - -struct BERParseStr { - PRArenaPool *his; - PRArenaPool *mine; - ParseProc proc; - int stackDepth; - ParseStackElem *stackPtr; - ParseStackElem *stack; - int pending; /* bytes remaining to complete this part */ - int pos; /* running length of consumed characters */ - ParseState state; - PRBool keepLeaves; - PRBool derOnly; - BERFilterProc filter; - void *filterArg; - BERNotifyProc before; - void *beforeArg; - BERNotifyProc after; - void *afterArg; -}; - -#define UNKNOWN -1 - -static unsigned char NextChar(BERParse *h, unsigned char **buf, int *len) -{ - unsigned char c = *(*buf)++; - (*len)--; - h->pos++; - if (h->filter) - (*h->filter)(h->filterArg, &c, 1); - return c; -} - -static void ParseTag(BERParse *h, unsigned char **buf, int *len) -{ - SECArb* arb = &(h->stackPtr->arb); - arb->tag = NextChar(h, buf, len); - - PORT_Assert(h->state == notDone); - - /* - * NOTE: This does not handle the high-tag-number form - */ - if ((arb->tag & DER_HIGH_TAG_NUMBER) == DER_HIGH_TAG_NUMBER) { - PORT_SetError(SEC_ERROR_BAD_DER); - h->state = parseError; - return; - } - - h->pending = UNKNOWN; - arb->length = UNKNOWN; - if (arb->tag & DER_CONSTRUCTED) { - arb->body.cons.numSubs = 0; - arb->body.cons.subs = NULL; - } else { - arb->body.item.len = UNKNOWN; - arb->body.item.data = NULL; - } - - h->state = tagDone; -} - -static void ParseLength(BERParse *h, unsigned char **buf, int *len) -{ - Byte b; - SECArb *arb = &(h->stackPtr->arb); - - PORT_Assert(h->state == notDone); - - if (h->pending == UNKNOWN) { - b = NextChar(h, buf, len); - if ((b & 0x80) == 0) { /* short form */ - arb->length = b; - /* - * if the tag and the length are both zero bytes, then this - * should be the marker showing end of list for the - * indefinite length composite - */ - if (arb->length == 0 && arb->tag == 0) - h->state = compositeDone; - else - h->state = lengthDone; - return; - } - - h->pending = b & 0x7f; - /* 0 implies this is an indefinite length */ - if (h->pending > 4) { - PORT_SetError(SEC_ERROR_BAD_DER); - h->state = parseError; - return; - } - arb->length = 0; - } - - while ((*len > 0) && (h->pending > 0)) { - b = NextChar(h, buf, len); - arb->length = (arb->length << 8) + b; - h->pending--; - } - if (h->pending == 0) { - if (h->derOnly && (arb->length == 0)) - h->state = parseError; - else - h->state = lengthDone; - } - return; -} - -static void ParseLeaf(BERParse *h, unsigned char **buf, int *len) -{ - int count; - SECArb *arb = &(h->stackPtr->arb); - - PORT_Assert(h->state == notDone); - PORT_Assert(h->pending >= 0); - - if (*len < h->pending) - count = *len; - else - count = h->pending; - - if (h->keepLeaves) - memcpy(arb->body.item.data + arb->body.item.len, *buf, count); - if (h->filter) - (*h->filter)(h->filterArg, *buf, count); - *buf += count; - *len -= count; - arb->body.item.len += count; - h->pending -= count; - h->pos += count; - if (h->pending == 0) { - h->state = leafDone; - } - return; -} - -static void CreateArbNode(BERParse *h) -{ - SECArb *arb = PORT_ArenaAlloc(h->his, sizeof(SECArb)); - - *arb = h->stackPtr->arb; - - /* - * Special case closing the root - */ - if (h->stackPtr == h->stack) { - PORT_Assert(arb->tag & DER_CONSTRUCTED); - h->state = parseComplete; - } else { - SECArb *parent = h->stackPtr->parent; - parent->body.cons.subs = DS_ArenaGrow( - h->his, parent->body.cons.subs, - (parent->body.cons.numSubs) * sizeof(SECArb*), - (parent->body.cons.numSubs + 1) * sizeof(SECArb*)); - parent->body.cons.subs[parent->body.cons.numSubs] = arb; - parent->body.cons.numSubs++; - h->proc = ParseTag; - h->state = notDone; - h->pending = UNKNOWN; - } - if (h->after) - (*h->after)(h->afterArg, arb, h->stackPtr - h->stack, PR_FALSE); -} - -SECStatus BER_ParseSome(BERParse *h, unsigned char *buf, int len) -{ - if (h->state == parseError) return PR_TRUE; - - while (len) { - (*h->proc)(h, &buf, &len); - if (h->state == parseComplete) { - PORT_SetError(SEC_ERROR_BAD_DER); - h->state = parseError; - return PR_TRUE; - } - if (h->state == parseError) return PR_TRUE; - PORT_Assert(h->state != parseComplete); - - if (h->state <= compositeDone) { - if (h->proc == ParseTag) { - PORT_Assert(h->state == tagDone); - h->proc = ParseLength; - h->state = notDone; - } else if (h->proc == ParseLength) { - SECArb *arb = &(h->stackPtr->arb); - PORT_Assert(h->state == lengthDone || h->state == compositeDone); - - if (h->before) - (*h->before)(h->beforeArg, arb, - h->stackPtr - h->stack, PR_TRUE); - - /* - * Check to see if this is the end of an indefinite - * length composite - */ - if (h->state == compositeDone) { - SECArb *parent = h->stackPtr->parent; - PORT_Assert(parent); - PORT_Assert(parent->tag & DER_CONSTRUCTED); - if (parent->length != 0) { - PORT_SetError(SEC_ERROR_BAD_DER); - h->state = parseError; - return PR_TRUE; - } - /* - * NOTE: This does not check for an indefinite length - * composite being contained inside a definite length - * composite. It is not clear that is legal. - */ - h->stackPtr--; - CreateArbNode(h); - } else { - h->stackPtr->pos = h->pos; - - - if (arb->tag & DER_CONSTRUCTED) { - SECArb *parent; - /* - * Make sure there is room on the stack before we - * stick anything else there. - */ - PORT_Assert(h->stackPtr - h->stack < h->stackDepth); - if (h->stackPtr - h->stack == h->stackDepth - 1) { - int newDepth = h->stackDepth * 2; - h->stack = DS_ArenaGrow(h->mine, h->stack, - sizeof(ParseStackElem) * h->stackDepth, - sizeof(ParseStackElem) * newDepth); - h->stackPtr = h->stack + h->stackDepth + 1; - h->stackDepth = newDepth; - } - parent = &(h->stackPtr->arb); - h->stackPtr++; - h->stackPtr->parent = parent; - h->proc = ParseTag; - h->state = notDone; - h->pending = UNKNOWN; - } else { - if (arb->length < 0) { - PORT_SetError(SEC_ERROR_BAD_DER); - h->state = parseError; - return PR_TRUE; - } - arb->body.item.len = 0; - if (arb->length > 0 && h->keepLeaves) { - arb->body.item.data = - PORT_ArenaAlloc(h->his, arb->length); - } else { - arb->body.item.data = NULL; - } - h->proc = ParseLeaf; - h->state = notDone; - h->pending = arb->length; - } - } - } else { - ParseStackElem *parent; - PORT_Assert(h->state = leafDone); - PORT_Assert(h->proc == ParseLeaf); - - for (;;) { - CreateArbNode(h); - if (h->stackPtr == h->stack) - break; - parent = (h->stackPtr - 1); - PORT_Assert(parent->arb.tag & DER_CONSTRUCTED); - if (parent->arb.length == 0) /* need explicit end */ - break; - if (parent->pos + parent->arb.length > h->pos) - break; - if (parent->pos + parent->arb.length < h->pos) { - PORT_SetError(SEC_ERROR_BAD_DER); - h->state = parseError; - return PR_TRUE; - } - h->stackPtr = parent; - } - } - - } - } - return PR_FALSE; -} -BERParse *BER_ParseInit(PRArenaPool *arena, PRBool derOnly) -{ - BERParse *h; - PRArenaPool *temp = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (temp == NULL) { - PORT_SetError(SEC_ERROR_NO_MEMORY); - return NULL; - } - h = PORT_ArenaAlloc(temp, sizeof(BERParse)); - if (h == NULL) { - PORT_FreeArena(temp, PR_FALSE); - PORT_SetError(SEC_ERROR_NO_MEMORY); - return NULL; - } - h->his = arena; - h->mine = temp; - h->proc = ParseTag; - h->stackDepth = 20; - h->stack = PORT_ArenaZAlloc(h->mine, - sizeof(ParseStackElem) * h->stackDepth); - h->stackPtr = h->stack; - h->state = notDone; - h->pos = 0; - h->keepLeaves = PR_TRUE; - h->before = NULL; - h->after = NULL; - h->filter = NULL; - h->derOnly = derOnly; - return h; -} - -SECArb *BER_ParseFini(BERParse *h) -{ - PRArenaPool *myArena = h->mine; - SECArb *arb; - - if (h->state != parseComplete) { - arb = NULL; - } else { - arb = PORT_ArenaAlloc(h->his, sizeof(SECArb)); - *arb = h->stackPtr->arb; - } - - PORT_FreeArena(myArena, PR_FALSE); - - return arb; -} - - -void BER_SetFilter(BERParse *h, BERFilterProc proc, void *instance) -{ - h->filter = proc; - h->filterArg = instance; -} - -void BER_SetLeafStorage(BERParse *h, PRBool keep) -{ - h->keepLeaves = keep; -} - -void BER_SetNotifyProc(BERParse *h, BERNotifyProc proc, void *instance, - PRBool beforeData) -{ - if (beforeData) { - h->before = proc; - h->beforeArg = instance; - } else { - h->after = proc; - h->afterArg = instance; - } -} - - - diff --git a/security/nss/cmd/lib/config.mk b/security/nss/cmd/lib/config.mk deleted file mode 100644 index b8c03de79..000000000 --- a/security/nss/cmd/lib/config.mk +++ /dev/null @@ -1,15 +0,0 @@ -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -# -# Override TARGETS variable so that only static libraries -# are specifed as dependencies within rules.mk. -# - -TARGETS = $(LIBRARY) -SHARED_LIBRARY = -IMPORT_LIBRARY = -PROGRAM = - diff --git a/security/nss/cmd/lib/derprint.c b/security/nss/cmd/lib/derprint.c deleted file mode 100644 index cee4600b5..000000000 --- a/security/nss/cmd/lib/derprint.c +++ /dev/null @@ -1,590 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -#include "secutil.h" -#include "secoid.h" - -#ifdef __sun -extern int fprintf(FILE *strm, const char *format, .../* args */); -extern int fflush(FILE *stream); -#endif - -#define RIGHT_MARGIN 24 -/*#define RAW_BYTES 1 */ - -static int prettyColumn = 0; - -static int -getInteger256(unsigned char *data, unsigned int nb) -{ - int val; - - switch (nb) { - case 1: - val = data[0]; - break; - case 2: - val = (data[0] << 8) | data[1]; - break; - case 3: - val = (data[0] << 16) | (data[1] << 8) | data[2]; - break; - case 4: - val = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3]; - break; - default: - PORT_SetError(SEC_ERROR_BAD_DER); - return -1; - } - - return val; -} - -static int -prettyNewline(FILE *out) -{ - int rv; - - if (prettyColumn != -1) { - rv = fprintf(out, "\n"); - prettyColumn = -1; - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - } - return 0; -} - -static int -prettyIndent(FILE *out, unsigned level) -{ - unsigned int i; - int rv; - - if (prettyColumn == -1) { - prettyColumn = level; - for (i = 0; i < level; i++) { - rv = fprintf(out, " "); - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - } - } - - return 0; -} - -static int -prettyPrintByte(FILE *out, unsigned char item, unsigned int level) -{ - int rv; - - rv = prettyIndent(out, level); - if (rv < 0) - return rv; - - rv = fprintf(out, "%02x ", item); - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - - prettyColumn++; - if (prettyColumn >= RIGHT_MARGIN) { - return prettyNewline(out); - } - - return 0; -} - -static int -prettyPrintLeaf(FILE *out, unsigned char *data, - unsigned int len, unsigned int lv) -{ - unsigned int i; - int rv; - - for (i = 0; i < len; i++) { - rv = prettyPrintByte(out, *data++, lv); - if (rv < 0) - return rv; - } - return prettyNewline(out); -} - -static int -prettyPrintStringStart(FILE *out, unsigned char *str, - unsigned int len, unsigned int level) -{ -#define BUF_SIZE 100 - unsigned char buf[BUF_SIZE]; - int rv; - - if (len >= BUF_SIZE) - len = BUF_SIZE - 1; - - rv = prettyNewline(out); - if (rv < 0) - return rv; - - rv = prettyIndent(out, level); - if (rv < 0) - return rv; - - memcpy(buf, str, len); - buf[len] = '\000'; - - rv = fprintf(out, "\"%s\"", buf); - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - - return 0; -#undef BUF_SIZE -} - -static int -prettyPrintString(FILE *out, unsigned char *str, - unsigned int len, unsigned int level, PRBool raw) -{ - int rv; - - rv = prettyPrintStringStart(out, str, len, level); - if (rv < 0) - return rv; - - rv = prettyNewline(out); - if (rv < 0) - return rv; - - if (raw) { - rv = prettyPrintLeaf(out, str, len, level); - if (rv < 0) - return rv; - } - - return 0; -} - -static int -prettyPrintTime(FILE *out, unsigned char *str, - unsigned int len, unsigned int level, PRBool raw, PRBool utc) -{ - SECItem time_item; - int rv; - - rv = prettyPrintStringStart(out, str, len, level); - if (rv < 0) - return rv; - - time_item.data = str; - time_item.len = len; - - rv = fprintf(out, " ("); - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - - if (utc) - SECU_PrintUTCTime(out, &time_item, NULL, 0); - else - SECU_PrintGeneralizedTime(out, &time_item, NULL, 0); - - rv = fprintf(out, ")"); - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - - rv = prettyNewline(out); - if (rv < 0) - return rv; - - if (raw) { - rv = prettyPrintLeaf(out, str, len, level); - if (rv < 0) - return rv; - } - - return 0; -} - -static int -prettyPrintObjectID(FILE *out, unsigned char *data, - unsigned int len, unsigned int level, PRBool raw) -{ - SECOidData *oiddata; - SECItem oiditem; - unsigned int i; - unsigned long val; - int rv; - - - /* - * First print the Object Id in numeric format - */ - - rv = prettyIndent(out, level); - if (rv < 0) - return rv; - - val = data[0]; - i = val % 40; - val = val / 40; - rv = fprintf(out, "%lu %u ", val, i); - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - - val = 0; - for (i = 1; i < len; ++i) { - unsigned long j; - - j = data[i]; - val = (val << 7) | (j & 0x7f); - if (j & 0x80) - continue; - rv = fprintf(out, "%lu ", val); - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - val = 0; - } - - /* - * Now try to look it up and print a symbolic version. - */ - oiditem.data = data; - oiditem.len = len; - oiddata = SECOID_FindOID(&oiditem); - if (oiddata != NULL) { - i = PORT_Strlen(oiddata->desc); - if ((prettyColumn + 1 + (i / 3)) > RIGHT_MARGIN) { - rv = prettyNewline(out); - if (rv < 0) - return rv; - } - - rv = prettyIndent(out, level); - if (rv < 0) - return rv; - - rv = fprintf(out, "(%s)", oiddata->desc); - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - } - - /* - * Finally, on a new line, print the raw bytes (if requested). - */ - if (raw) { - rv = prettyNewline(out); - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - - for (i = 0; i < len; i++) { - rv = prettyPrintByte(out, *data++, level); - if (rv < 0) - return rv; - } - } - - return prettyNewline(out); -} - -static char *prettyTagType [32] = { - "End of Contents", - "Boolean", - "Integer", - "Bit String", - "Octet String", - "NULL", - "Object Identifier", - "0x07", - "0x08", - "0x09", - "Enumerated", - "0x0B", - "UTF8 String", - "0x0D", - "0x0E", - "0x0F", - "Sequence", - "Set", - "0x12", - "Printable String", - "T61 String", - "0x15", - "IA5 String", - "UTC Time", - "Generalized Time", - "0x19", - "Visible String", - "0x1B", - "Universal String", - "0x1D", - "BMP String", - "High-Tag-Number" -}; - -static int -prettyPrintTag(FILE *out, unsigned char *src, unsigned char *end, - unsigned char *codep, unsigned int level, PRBool raw) -{ - int rv; - unsigned char code, tagnum; - - if (src >= end) { - PORT_SetError(SEC_ERROR_BAD_DER); - return -1; - } - - code = *src; - tagnum = code & SEC_ASN1_TAGNUM_MASK; - - /* - * NOTE: This code does not (yet) handle the high-tag-number form! - */ - if (tagnum == SEC_ASN1_HIGH_TAG_NUMBER) { - PORT_SetError(SEC_ERROR_BAD_DER); - return -1; - } - - if (raw) - rv = prettyPrintByte(out, code, level); - else - rv = prettyIndent(out, level); - - if (rv < 0) - return rv; - - if (code & SEC_ASN1_CONSTRUCTED) { - rv = fprintf(out, "C-"); - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - } - - switch (code & SEC_ASN1_CLASS_MASK) { - case SEC_ASN1_UNIVERSAL: - rv = fprintf(out, "%s ", prettyTagType[tagnum]); - break; - case SEC_ASN1_APPLICATION: - rv = fprintf(out, "Application: %d ", tagnum); - break; - case SEC_ASN1_CONTEXT_SPECIFIC: - rv = fprintf(out, "[%d] ", tagnum); - break; - case SEC_ASN1_PRIVATE: - rv = fprintf(out, "Private: %d ", tagnum); - break; - } - - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - - *codep = code; - - return 1; -} - -static int -prettyPrintLength(FILE *out, unsigned char *data, unsigned char *end, - int *lenp, PRBool *indefinitep, unsigned int lv, PRBool raw) -{ - unsigned char lbyte; - int lenLen; - int rv; - - if (data >= end) { - PORT_SetError(SEC_ERROR_BAD_DER); - return -1; - } - - rv = fprintf(out, " "); - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - - *indefinitep = PR_FALSE; - - lbyte = *data++; - if (lbyte >= 0x80) { - /* Multibyte length */ - unsigned nb = (unsigned) (lbyte & 0x7f); - if (nb > 4) { - PORT_SetError(SEC_ERROR_BAD_DER); - return -1; - } - if (nb > 0) { - int il; - - if ((data + nb) > end) { - PORT_SetError(SEC_ERROR_BAD_DER); - return -1; - } - il = getInteger256(data, nb); - if (il < 0) return -1; - *lenp = (unsigned) il; - } else { - *lenp = 0; - *indefinitep = PR_TRUE; - } - lenLen = nb + 1; - if (raw) { - int i; - - rv = prettyPrintByte(out, lbyte, lv); - if (rv < 0) - return rv; - for (i = 0; i < nb; i++) { - rv = prettyPrintByte(out, data[i], lv); - if (rv < 0) - return rv; - } - } - } else { - *lenp = lbyte; - lenLen = 1; - if (raw) { - rv = prettyPrintByte(out, lbyte, lv); - if (rv < 0) - return rv; - } - } - if (*indefinitep) - rv = fprintf(out, "(indefinite)\n"); - else - rv = fprintf(out, "(%d)\n", *lenp); - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - - prettyColumn = -1; - return lenLen; -} - -static int -prettyPrintItem(FILE *out, unsigned char *data, unsigned char *end, - unsigned int lv, PRBool raw) -{ - int slen; - int lenLen; - unsigned char *orig = data; - int rv; - - while (data < end) { - unsigned char code; - PRBool indefinite; - - slen = prettyPrintTag(out, data, end, &code, lv, raw); - if (slen < 0) - return slen; - data += slen; - - lenLen = prettyPrintLength(out, data, end, &slen, &indefinite, lv, raw); - if (lenLen < 0) - return lenLen; - data += lenLen; - - /* - * Just quit now if slen more bytes puts us off the end. - */ - if ((data + slen) > end) { - PORT_SetError(SEC_ERROR_BAD_DER); - return -1; - } - - if (code & SEC_ASN1_CONSTRUCTED) { - if (slen > 0 || indefinite) { - slen = prettyPrintItem(out, data, - slen == 0 ? end : data + slen, - lv+1, raw); - if (slen < 0) - return slen; - data += slen; - } - } else if (code == 0) { - if (slen != 0 || lenLen != 1) { - PORT_SetError(SEC_ERROR_BAD_DER); - return -1; - } - break; - } else { - switch (code) { - case SEC_ASN1_PRINTABLE_STRING: - case SEC_ASN1_IA5_STRING: - case SEC_ASN1_VISIBLE_STRING: - rv = prettyPrintString(out, data, slen, lv+1, raw); - if (rv < 0) - return rv; - break; - case SEC_ASN1_UTC_TIME: - rv = prettyPrintTime(out, data, slen, lv+1, raw, PR_TRUE); - if (rv < 0) - return rv; - break; - case SEC_ASN1_GENERALIZED_TIME: - rv = prettyPrintTime(out, data, slen, lv+1, raw, PR_FALSE); - if (rv < 0) - return rv; - break; - case SEC_ASN1_OBJECT_ID: - rv = prettyPrintObjectID(out, data, slen, lv+1, raw); - if (rv < 0) - return rv; - break; - case SEC_ASN1_BOOLEAN: /* could do nicer job */ - case SEC_ASN1_INTEGER: /* could do nicer job */ - case SEC_ASN1_BIT_STRING: /* could do nicer job */ - case SEC_ASN1_OCTET_STRING: - case SEC_ASN1_NULL: - case SEC_ASN1_ENUMERATED: /* could do nicer job, as INTEGER */ - case SEC_ASN1_UTF8_STRING: - case SEC_ASN1_T61_STRING: /* print as printable string? */ - case SEC_ASN1_UNIVERSAL_STRING: - case SEC_ASN1_BMP_STRING: - default: - rv = prettyPrintLeaf(out, data, slen, lv+1); - if (rv < 0) - return rv; - break; - } - data += slen; - } - } - - rv = prettyNewline(out); - if (rv < 0) - return rv; - - return data - orig; -} - -SECStatus -DER_PrettyPrint(FILE *out, SECItem *it, PRBool raw) -{ - int rv; - - prettyColumn = -1; - - rv = prettyPrintItem(out, it->data, it->data + it->len, 0, raw); - if (rv < 0) - return SECFailure; - return SECSuccess; -} diff --git a/security/nss/cmd/lib/ffs.c b/security/nss/cmd/lib/ffs.c deleted file mode 100644 index 5b62123db..000000000 --- a/security/nss/cmd/lib/ffs.c +++ /dev/null @@ -1,19 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -#if !defined(XP_UNIX) && !defined(XP_OS2)
- -int ffs( unsigned int i) -{ - int rv = 1; - - if (!i) return 0; - - while (!(i & 1)) { - i >>= 1; - ++rv; - } - - return rv; -} -#endif diff --git a/security/nss/cmd/lib/manifest.mn b/security/nss/cmd/lib/manifest.mn deleted file mode 100644 index 1cd18a79d..000000000 --- a/security/nss/cmd/lib/manifest.mn +++ /dev/null @@ -1,39 +0,0 @@ -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -CORE_DEPTH = ../../.. - -LIBRARY_NAME = sectool - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -DEFINES = -DNSPR20 - -ifdef NSS_BUILD_SOFTOKEN_ONLY -PRIVATE_EXPORTS = basicutil.h \ - pk11table.h \ - $(NULL) - -CSRCS = basicutil.c \ - pk11table.c \ - $(NULL) -else -PRIVATE_EXPORTS = basicutil.h \ - secutil.h \ - pk11table.h \ - $(NULL) - -CSRCS = basicutil.c \ - secutil.c \ - secpwd.c \ - derprint.c \ - moreoids.c \ - pppolicy.c \ - ffs.c \ - pk11table.c \ - $(NULL) -endif - -NO_MD_RELEASE = 1 diff --git a/security/nss/cmd/lib/moreoids.c b/security/nss/cmd/lib/moreoids.c deleted file mode 100644 index 6c184764c..000000000 --- a/security/nss/cmd/lib/moreoids.c +++ /dev/null @@ -1,159 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#include "secoid.h" -#include "secmodt.h" /* for CKM_INVALID_MECHANISM */ - -#define OI(x) { siDEROID, (unsigned char *)x, sizeof x } -#define OD(oid,tag,desc,mech,ext) { OI(oid), tag, desc, mech, ext } -#define ODN(oid,desc) \ - { OI(oid), 0, desc, CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION } - -#define OIDT static const unsigned char - -/* OIW Security Special Interest Group defined algorithms. */ -#define OIWSSIG 0x2B, 13, 3, 2 - -OIDT oiwMD5RSA[] = { OIWSSIG, 3 }; -OIDT oiwDESCBC[] = { OIWSSIG, 7 }; -OIDT oiwRSAsig[] = { OIWSSIG, 11 }; -OIDT oiwDSA [] = { OIWSSIG, 12 }; -OIDT oiwMD5RSAsig[] = { OIWSSIG, 25 }; -OIDT oiwSHA1 [] = { OIWSSIG, 26 }; -OIDT oiwDSASHA1[] = { OIWSSIG, 27 }; -OIDT oiwDSASHA1param[] = { OIWSSIG, 28 }; -OIDT oiwSHA1RSA[] = { OIWSSIG, 29 }; - - -/* Microsoft OIDs. (1 3 6 1 4 1 311 ... ) */ -#define MICROSOFT 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37 - -OIDT mCTL[] = { MICROSOFT, 10, 3, 1 }; /* Cert Trust List signing */ -OIDT mTSS[] = { MICROSOFT, 10, 3, 2 }; /* Time Stamp Signing */ -OIDT mSGC[] = { MICROSOFT, 10, 3, 3 }; /* Server gated cryptography */ -OIDT mEFS[] = { MICROSOFT, 10, 3, 4 }; /* Encrypted File System */ -OIDT mSMIME[] = { MICROSOFT, 16, 4 }; /* SMIME encryption key prefs */ - -OIDT mECRTT[] = { MICROSOFT, 20, 2 }; /* Enrollment cert type xtn */ -OIDT mEAGNT[] = { MICROSOFT, 20, 2, 1 }; /* Enrollment Agent */ -OIDT mKPSCL[] = { MICROSOFT, 20, 2, 2 }; /* KP SmartCard Logon */ -OIDT mNTPN [] = { MICROSOFT, 20, 2, 3 }; /* NT Principal Name */ -OIDT mCASRV[] = { MICROSOFT, 21, 1 }; /* CertServ CA version */ - -/* AOL OIDs (1 3 6 1 4 1 1066 ... ) */ -#define AOL 0x2B, 0x06, 0x01, 0x04, 0x01, 0x88, 0x2A - -/* PKIX IDs (1 3 6 1 5 5 7 ...) */ -#define ID_PKIX 0x2B, 6, 1, 5, 5, 7 -/* PKIX Access Descriptors (methods for Authority Info Access Extns) */ -#define ID_AD ID_PKIX, 48 - -OIDT padOCSP[] = { ID_AD, 1 }; /* OCSP method */ -OIDT padCAissuer[] = { ID_AD, 2 }; /* URI (for CRL ?) */ -OIDT padTimeStamp[] = { ID_AD, 3 }; /* time stamping */ - -/* ISO Cert Extension type OIDs (id-ce) (2 5 29 ...) */ -#define X500 0x55 -#define X520_ATTRIBUTE_TYPE X500, 0x04 -#define X500_ALG X500, 0x08 -#define X500_ALG_ENCRYPTION X500_ALG, 0x01 -#define ID_CE X500, 29 - -OIDT cePlcyObs[] = { ID_CE, 3 }; /* Cert policies, obsolete. */ -OIDT cePlcyCns[] = { ID_CE, 36 }; /* Cert policy constraints. */ - -/* US Company arc (2 16 840 1 ...) */ -#define USCOM 0x60, 0x86, 0x48, 0x01 -#define USGOV USCOM, 0x65 -#define USDOD USGOV, 2 -#define ID_INFOSEC USDOD, 1 - -/* Verisign PKI OIDs (2 16 840 1 113733 1 ...) */ -#define VERISIGN_PKI USCOM, 0x86, 0xf8, 0x45, 1 -#define VERISIGN_XTN VERISIGN_PKI, 6 -#define VERISIGN_POL VERISIGN_PKI, 7 /* Cert policies */ -#define VERISIGN_TNET VERISIGN_POL, 23 /* Verisign Trust Network */ - -OIDT vcx7[] = { VERISIGN_XTN, 7 }; /* Cert Extension 7 (?) */ -OIDT vcp1[] = { VERISIGN_TNET, 1 }; /* class 1 cert policy */ -OIDT vcp2[] = { VERISIGN_TNET, 2 }; /* class 2 cert policy */ -OIDT vcp3[] = { VERISIGN_TNET, 3 }; /* class 3 cert policy */ -OIDT vcp4[] = { VERISIGN_TNET, 4 }; /* class 4 cert policy */ - - -/* ------------------------------------------------------------------- */ -static const SECOidData oids[] = { -/* OIW Security Special Interest Group OIDs */ - ODN( oiwMD5RSA, "OIWSecSIG MD5 with RSA"), - ODN( oiwDESCBC, "OIWSecSIG DES CBC"), - ODN( oiwRSAsig, "OIWSecSIG RSA signature"), - ODN( oiwDSA , "OIWSecSIG DSA"), - ODN( oiwMD5RSAsig, "OIWSecSIG MD5 with RSA signature"), - ODN( oiwSHA1 , "OIWSecSIG SHA1"), - ODN( oiwDSASHA1, "OIWSecSIG DSA with SHA1"), - ODN( oiwDSASHA1param, "OIWSecSIG DSA with SHA1 with params"), - ODN( oiwSHA1RSA, "OIWSecSIG MD5 with RSA"), - -/* Microsoft OIDs */ - ODN( mCTL, "Microsoft Cert Trust List signing"), - ODN( mTSS, "Microsoft Time Stamp signing"), - ODN( mSGC, "Microsoft SGC SSL server"), - ODN( mEFS, "Microsoft Encrypted File System"), - ODN( mSMIME, "Microsoft SMIME preferences"), - ODN( mECRTT, "Microsoft Enrollment Cert Type Extension"), - ODN( mEAGNT, "Microsoft Enrollment Agent"), - ODN( mKPSCL, "Microsoft KP SmartCard Logon"), - ODN( mNTPN, "Microsoft NT Principal Name"), - ODN( mCASRV, "Microsoft CertServ CA version"), - -/* PKIX OIDs */ - ODN( padOCSP, "PKIX OCSP method"), - ODN( padCAissuer, "PKIX CA Issuer method"), - ODN( padTimeStamp, "PKIX Time Stamping method"), - -/* ID_CE OIDs. */ - ODN( cePlcyObs, "Certificate Policies (Obsolete)"), - ODN( cePlcyCns, "Certificate Policy Constraints"), - -/* Verisign OIDs. */ - ODN( vcx7, "Verisign Cert Extension 7 (?)"), - ODN( vcp1, "Verisign Class 1 Certificate Policy"), - ODN( vcp2, "Verisign Class 2 Certificate Policy"), - ODN( vcp3, "Verisign Class 3 Certificate Policy"), - ODN( vcp4, "Verisign Class 4 Certificate Policy"), - -}; - -static const unsigned int numOids = (sizeof oids) / (sizeof oids[0]); - -/* Fetch and register an oid if it hasn't been done already */ -void -SECU_cert_fetchOID(SECOidTag *data, const SECOidData *src) -{ - if (*data == SEC_OID_UNKNOWN) { - /* AddEntry does the right thing if someone else has already - * added the oid. (that is return that oid tag) */ - *data = SECOID_AddEntry(src); - } -} - -SECStatus -SECU_RegisterDynamicOids(void) -{ - unsigned int i; - SECStatus rv = SECSuccess; - - for (i = 0; i < numOids; ++i) { - SECOidTag tag = SECOID_AddEntry(&oids[i]); - if (tag == SEC_OID_UNKNOWN) { - rv = SECFailure; -#ifdef DEBUG_DYN_OIDS - fprintf(stderr, "Add OID[%d] failed\n", i); - } else { - fprintf(stderr, "Add OID[%d] returned tag %d\n", i, tag); -#endif - } - } - return rv; -} diff --git a/security/nss/cmd/lib/pk11table.c b/security/nss/cmd/lib/pk11table.c deleted file mode 100644 index 4c21aee23..000000000 --- a/security/nss/cmd/lib/pk11table.c +++ /dev/null @@ -1,1416 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#include "pk11table.h" - -const char *_valueString[] = { - "None", - "Variable", - "CK_ULONG", - "Data", - "UTF8", - "CK_INFO", - "CK_SLOT_INFO", - "CK_TOKEN_INFO", - "CK_SESSION_INFO", - "CK_ATTRIBUTE", - "CK_MECHANISM", - "CK_MECHANISM_INFO", - "CK_C_INITIALIZE_ARGS", - "CK_FUNCTION_LIST" -}; - -const char **valueString = &_valueString[0]; -const int valueCount = sizeof(_valueString)/sizeof(_valueString[0]); - -const char *_constTypeString[] = { - "None", - "Bool", - "InfoFlags", - "SlotFlags", - "TokenFlags", - "SessionFlags", - "MechanismFlags", - "InitializeFlags", - "Users", - "SessionState", - "Object", - "Hardware", - "KeyType", - "CertificateType", - "Attribute", - "Mechanism", - "Result", - "Trust", - "AvailableSizes", - "CurrentSize" -}; - -const char **constTypeString = &_constTypeString[0]; -const int constTypeCount = sizeof(_constTypeString)/sizeof(_constTypeString[0]); - -#define mkEntry(x,t) { #x, x, Const##t, ConstNone } -#define mkEntry2(x,t,t2) { #x, x, Const##t, Const##t2 } - -const Constant _consts[] = { - mkEntry(CK_FALSE, Bool), - mkEntry(CK_TRUE, Bool), - - mkEntry(CKF_TOKEN_PRESENT, SlotFlags), - mkEntry(CKF_REMOVABLE_DEVICE, SlotFlags), - mkEntry(CKF_HW_SLOT, SlotFlags), - - mkEntry(CKF_RNG, TokenFlags), - mkEntry(CKF_WRITE_PROTECTED, TokenFlags), - mkEntry(CKF_LOGIN_REQUIRED, TokenFlags), - mkEntry(CKF_USER_PIN_INITIALIZED, TokenFlags), - mkEntry(CKF_RESTORE_KEY_NOT_NEEDED, TokenFlags), - mkEntry(CKF_CLOCK_ON_TOKEN, TokenFlags), - mkEntry(CKF_PROTECTED_AUTHENTICATION_PATH, TokenFlags), - mkEntry(CKF_DUAL_CRYPTO_OPERATIONS, TokenFlags), - mkEntry(CKF_TOKEN_INITIALIZED, TokenFlags), - mkEntry(CKF_SECONDARY_AUTHENTICATION, TokenFlags), - mkEntry(CKF_USER_PIN_COUNT_LOW, TokenFlags), - mkEntry(CKF_USER_PIN_FINAL_TRY, TokenFlags), - mkEntry(CKF_USER_PIN_LOCKED, TokenFlags), - mkEntry(CKF_USER_PIN_TO_BE_CHANGED, TokenFlags), - mkEntry(CKF_SO_PIN_COUNT_LOW, TokenFlags), - mkEntry(CKF_SO_PIN_FINAL_TRY, TokenFlags), - mkEntry(CKF_SO_PIN_LOCKED, TokenFlags), - mkEntry(CKF_SO_PIN_TO_BE_CHANGED, TokenFlags), - - mkEntry(CKF_RW_SESSION, SessionFlags), - mkEntry(CKF_SERIAL_SESSION, SessionFlags), - - mkEntry(CKF_HW, MechanismFlags), - mkEntry(CKF_ENCRYPT, MechanismFlags), - mkEntry(CKF_DECRYPT, MechanismFlags), - mkEntry(CKF_DIGEST, MechanismFlags), - mkEntry(CKF_SIGN, MechanismFlags), - mkEntry(CKF_SIGN_RECOVER, MechanismFlags), - mkEntry(CKF_VERIFY, MechanismFlags), - mkEntry(CKF_VERIFY_RECOVER, MechanismFlags), - mkEntry(CKF_GENERATE, MechanismFlags), - mkEntry(CKF_GENERATE_KEY_PAIR, MechanismFlags), - mkEntry(CKF_WRAP, MechanismFlags), - mkEntry(CKF_UNWRAP, MechanismFlags), - mkEntry(CKF_DERIVE, MechanismFlags), - mkEntry(CKF_EC_FP, MechanismFlags), - mkEntry(CKF_EC_F_2M, MechanismFlags), - mkEntry(CKF_EC_ECPARAMETERS, MechanismFlags), - mkEntry(CKF_EC_NAMEDCURVE, MechanismFlags), - mkEntry(CKF_EC_UNCOMPRESS, MechanismFlags), - mkEntry(CKF_EC_COMPRESS, MechanismFlags), - - mkEntry(CKF_LIBRARY_CANT_CREATE_OS_THREADS, InitializeFlags), - mkEntry(CKF_OS_LOCKING_OK, InitializeFlags), - - mkEntry(CKU_SO, Users), - mkEntry(CKU_USER, Users), - - mkEntry(CKS_RO_PUBLIC_SESSION, SessionState), - mkEntry(CKS_RO_USER_FUNCTIONS, SessionState), - mkEntry(CKS_RW_PUBLIC_SESSION, SessionState), - mkEntry(CKS_RW_USER_FUNCTIONS, SessionState), - mkEntry(CKS_RW_SO_FUNCTIONS, SessionState), - - mkEntry(CKO_DATA, Object), - mkEntry(CKO_CERTIFICATE, Object), - mkEntry(CKO_PUBLIC_KEY, Object), - mkEntry(CKO_PRIVATE_KEY, Object), - mkEntry(CKO_SECRET_KEY, Object), - mkEntry(CKO_HW_FEATURE, Object), - mkEntry(CKO_DOMAIN_PARAMETERS, Object), - mkEntry(CKO_KG_PARAMETERS, Object), - mkEntry(CKO_NSS_CRL, Object), - mkEntry(CKO_NSS_SMIME, Object), - mkEntry(CKO_NSS_TRUST, Object), - mkEntry(CKO_NSS_BUILTIN_ROOT_LIST, Object), - - mkEntry(CKH_MONOTONIC_COUNTER, Hardware), - mkEntry(CKH_CLOCK, Hardware), - - mkEntry(CKK_RSA, KeyType), - mkEntry(CKK_DSA, KeyType), - mkEntry(CKK_DH, KeyType), - mkEntry(CKK_ECDSA, KeyType), - mkEntry(CKK_EC, KeyType), - mkEntry(CKK_X9_42_DH, KeyType), - mkEntry(CKK_KEA, KeyType), - mkEntry(CKK_GENERIC_SECRET, KeyType), - mkEntry(CKK_RC2, KeyType), - mkEntry(CKK_RC4, KeyType), - mkEntry(CKK_DES, KeyType), - mkEntry(CKK_DES2, KeyType), - mkEntry(CKK_DES3, KeyType), - mkEntry(CKK_CAST, KeyType), - mkEntry(CKK_CAST3, KeyType), - mkEntry(CKK_CAST5, KeyType), - mkEntry(CKK_CAST128, KeyType), - mkEntry(CKK_RC5, KeyType), - mkEntry(CKK_IDEA, KeyType), - mkEntry(CKK_SKIPJACK, KeyType), - mkEntry(CKK_BATON, KeyType), - mkEntry(CKK_JUNIPER, KeyType), - mkEntry(CKK_CDMF, KeyType), - mkEntry(CKK_AES, KeyType), - mkEntry(CKK_CAMELLIA, KeyType), - mkEntry(CKK_NSS_PKCS8, KeyType), - - mkEntry(CKC_X_509, CertType), - mkEntry(CKC_X_509_ATTR_CERT, CertType), - - mkEntry2(CKA_CLASS, Attribute, Object), - mkEntry2(CKA_TOKEN, Attribute, Bool), - mkEntry2(CKA_PRIVATE, Attribute, Bool), - mkEntry2(CKA_LABEL, Attribute, None), - mkEntry2(CKA_APPLICATION, Attribute, None), - mkEntry2(CKA_VALUE, Attribute, None), - mkEntry2(CKA_OBJECT_ID, Attribute, None), - mkEntry2(CKA_CERTIFICATE_TYPE, Attribute, CertType), - mkEntry2(CKA_ISSUER, Attribute, None), - mkEntry2(CKA_SERIAL_NUMBER, Attribute, None), - mkEntry2(CKA_AC_ISSUER, Attribute, None), - mkEntry2(CKA_OWNER, Attribute, None), - mkEntry2(CKA_ATTR_TYPES, Attribute, None), - mkEntry2(CKA_TRUSTED, Attribute, Bool), - mkEntry2(CKA_KEY_TYPE, Attribute, KeyType), - mkEntry2(CKA_SUBJECT, Attribute, None), - mkEntry2(CKA_ID, Attribute, None), - mkEntry2(CKA_SENSITIVE, Attribute, Bool), - mkEntry2(CKA_ENCRYPT, Attribute, Bool), - mkEntry2(CKA_DECRYPT, Attribute, Bool), - mkEntry2(CKA_WRAP, Attribute, Bool), - mkEntry2(CKA_UNWRAP, Attribute, Bool), - mkEntry2(CKA_SIGN, Attribute, Bool), - mkEntry2(CKA_SIGN_RECOVER, Attribute, Bool), - mkEntry2(CKA_VERIFY, Attribute, Bool), - mkEntry2(CKA_VERIFY_RECOVER, Attribute, Bool), - mkEntry2(CKA_DERIVE, Attribute, Bool), - mkEntry2(CKA_START_DATE, Attribute, None), - mkEntry2(CKA_END_DATE, Attribute, None), - mkEntry2(CKA_MODULUS, Attribute, None), - mkEntry2(CKA_MODULUS_BITS, Attribute, None), - mkEntry2(CKA_PUBLIC_EXPONENT, Attribute, None), - mkEntry2(CKA_PRIVATE_EXPONENT, Attribute, None), - mkEntry2(CKA_PRIME_1, Attribute, None), - mkEntry2(CKA_PRIME_2, Attribute, None), - mkEntry2(CKA_EXPONENT_1, Attribute, None), - mkEntry2(CKA_EXPONENT_2, Attribute, None), - mkEntry2(CKA_COEFFICIENT, Attribute, None), - mkEntry2(CKA_PRIME, Attribute, None), - mkEntry2(CKA_SUBPRIME, Attribute, None), - mkEntry2(CKA_BASE, Attribute, None), - mkEntry2(CKA_PRIME_BITS, Attribute, None), - mkEntry2(CKA_SUB_PRIME_BITS, Attribute, None), - mkEntry2(CKA_VALUE_BITS, Attribute, None), - mkEntry2(CKA_VALUE_LEN, Attribute, None), - mkEntry2(CKA_EXTRACTABLE, Attribute, Bool), - mkEntry2(CKA_LOCAL, Attribute, Bool), - mkEntry2(CKA_NEVER_EXTRACTABLE, Attribute, Bool), - mkEntry2(CKA_ALWAYS_SENSITIVE, Attribute, Bool), - mkEntry2(CKA_KEY_GEN_MECHANISM, Attribute, Mechanism), - mkEntry2(CKA_MODIFIABLE, Attribute, Bool), - mkEntry2(CKA_ECDSA_PARAMS, Attribute, None), - mkEntry2(CKA_EC_PARAMS, Attribute, None), - mkEntry2(CKA_EC_POINT, Attribute, None), - mkEntry2(CKA_SECONDARY_AUTH, Attribute, None), - mkEntry2(CKA_AUTH_PIN_FLAGS, Attribute, None), - mkEntry2(CKA_HW_FEATURE_TYPE, Attribute, Hardware), - mkEntry2(CKA_RESET_ON_INIT, Attribute, Bool), - mkEntry2(CKA_HAS_RESET, Attribute, Bool), - mkEntry2(CKA_NSS_URL, Attribute, None), - mkEntry2(CKA_NSS_EMAIL, Attribute, None), - mkEntry2(CKA_NSS_SMIME_INFO, Attribute, None), - mkEntry2(CKA_NSS_SMIME_TIMESTAMP, Attribute, None), - mkEntry2(CKA_NSS_PKCS8_SALT, Attribute, None), - mkEntry2(CKA_NSS_PASSWORD_CHECK, Attribute, None), - mkEntry2(CKA_NSS_EXPIRES, Attribute, None), - mkEntry2(CKA_NSS_KRL, Attribute, None), - mkEntry2(CKA_NSS_PQG_COUNTER, Attribute, None), - mkEntry2(CKA_NSS_PQG_SEED, Attribute, None), - mkEntry2(CKA_NSS_PQG_H, Attribute, None), - mkEntry2(CKA_NSS_PQG_SEED_BITS, Attribute, None), - mkEntry2(CKA_TRUST_DIGITAL_SIGNATURE, Attribute, Trust), - mkEntry2(CKA_TRUST_NON_REPUDIATION, Attribute, Trust), - mkEntry2(CKA_TRUST_KEY_ENCIPHERMENT, Attribute, Trust), - mkEntry2(CKA_TRUST_DATA_ENCIPHERMENT, Attribute, Trust), - mkEntry2(CKA_TRUST_KEY_AGREEMENT, Attribute, Trust), - mkEntry2(CKA_TRUST_KEY_CERT_SIGN, Attribute, Trust), - mkEntry2(CKA_TRUST_CRL_SIGN, Attribute, Trust), - mkEntry2(CKA_TRUST_SERVER_AUTH, Attribute, Trust), - mkEntry2(CKA_TRUST_CLIENT_AUTH, Attribute, Trust), - mkEntry2(CKA_TRUST_CODE_SIGNING, Attribute, Trust), - mkEntry2(CKA_TRUST_EMAIL_PROTECTION, Attribute, Trust), - mkEntry2(CKA_TRUST_IPSEC_END_SYSTEM, Attribute, Trust), - mkEntry2(CKA_TRUST_IPSEC_TUNNEL, Attribute, Trust), - mkEntry2(CKA_TRUST_IPSEC_USER, Attribute, Trust), - mkEntry2(CKA_TRUST_TIME_STAMPING, Attribute, Trust), - mkEntry2(CKA_CERT_SHA1_HASH, Attribute, None), - mkEntry2(CKA_CERT_MD5_HASH, Attribute, None), - mkEntry2(CKA_NETSCAPE_DB, Attribute, None), - mkEntry2(CKA_NETSCAPE_TRUST, Attribute, Trust), - - mkEntry(CKM_RSA_PKCS, Mechanism), - mkEntry(CKM_RSA_9796, Mechanism), - mkEntry(CKM_RSA_X_509, Mechanism), - mkEntry(CKM_RSA_PKCS_KEY_PAIR_GEN, Mechanism), - mkEntry(CKM_MD2_RSA_PKCS, Mechanism), - mkEntry(CKM_MD5_RSA_PKCS, Mechanism), - mkEntry(CKM_SHA1_RSA_PKCS, Mechanism), - mkEntry(CKM_RIPEMD128_RSA_PKCS, Mechanism), - mkEntry(CKM_RIPEMD160_RSA_PKCS, Mechanism), - mkEntry(CKM_RSA_PKCS_OAEP, Mechanism), - mkEntry(CKM_RSA_X9_31_KEY_PAIR_GEN, Mechanism), - mkEntry(CKM_RSA_X9_31, Mechanism), - mkEntry(CKM_SHA1_RSA_X9_31, Mechanism), - mkEntry(CKM_DSA_KEY_PAIR_GEN, Mechanism), - mkEntry(CKM_DSA, Mechanism), - mkEntry(CKM_DSA_SHA1, Mechanism), - mkEntry(CKM_DH_PKCS_KEY_PAIR_GEN, Mechanism), - mkEntry(CKM_DH_PKCS_DERIVE, Mechanism), - mkEntry(CKM_X9_42_DH_DERIVE, Mechanism), - mkEntry(CKM_X9_42_DH_HYBRID_DERIVE, Mechanism), - mkEntry(CKM_X9_42_MQV_DERIVE, Mechanism), - mkEntry(CKM_SHA256_RSA_PKCS, Mechanism), - mkEntry(CKM_SHA384_RSA_PKCS, Mechanism), - mkEntry(CKM_SHA512_RSA_PKCS, Mechanism), - mkEntry(CKM_RC2_KEY_GEN, Mechanism), - mkEntry(CKM_RC2_ECB, Mechanism), - mkEntry(CKM_RC2_CBC, Mechanism), - mkEntry(CKM_RC2_MAC, Mechanism), - mkEntry(CKM_RC2_MAC_GENERAL, Mechanism), - mkEntry(CKM_RC2_CBC_PAD, Mechanism), - mkEntry(CKM_RC4_KEY_GEN, Mechanism), - mkEntry(CKM_RC4, Mechanism), - mkEntry(CKM_DES_KEY_GEN, Mechanism), - mkEntry(CKM_DES_ECB, Mechanism), - mkEntry(CKM_DES_CBC, Mechanism), - mkEntry(CKM_DES_MAC, Mechanism), - mkEntry(CKM_DES_MAC_GENERAL, Mechanism), - mkEntry(CKM_DES_CBC_PAD, Mechanism), - mkEntry(CKM_DES2_KEY_GEN, Mechanism), - mkEntry(CKM_DES3_KEY_GEN, Mechanism), - mkEntry(CKM_DES3_ECB, Mechanism), - mkEntry(CKM_DES3_CBC, Mechanism), - mkEntry(CKM_DES3_MAC, Mechanism), - mkEntry(CKM_DES3_MAC_GENERAL, Mechanism), - mkEntry(CKM_DES3_CBC_PAD, Mechanism), - mkEntry(CKM_CDMF_KEY_GEN, Mechanism), - mkEntry(CKM_CDMF_ECB, Mechanism), - mkEntry(CKM_CDMF_CBC, Mechanism), - mkEntry(CKM_CDMF_MAC, Mechanism), - mkEntry(CKM_CDMF_MAC_GENERAL, Mechanism), - mkEntry(CKM_CDMF_CBC_PAD, Mechanism), - mkEntry(CKM_MD2, Mechanism), - mkEntry(CKM_MD2_HMAC, Mechanism), - mkEntry(CKM_MD2_HMAC_GENERAL, Mechanism), - mkEntry(CKM_MD5, Mechanism), - mkEntry(CKM_MD5_HMAC, Mechanism), - mkEntry(CKM_MD5_HMAC_GENERAL, Mechanism), - mkEntry(CKM_SHA_1, Mechanism), - mkEntry(CKM_SHA_1_HMAC, Mechanism), - mkEntry(CKM_SHA_1_HMAC_GENERAL, Mechanism), - mkEntry(CKM_RIPEMD128, Mechanism), - mkEntry(CKM_RIPEMD128_HMAC, Mechanism), - mkEntry(CKM_RIPEMD128_HMAC_GENERAL, Mechanism), - mkEntry(CKM_RIPEMD160, Mechanism), - mkEntry(CKM_RIPEMD160_HMAC, Mechanism), - mkEntry(CKM_RIPEMD160_HMAC_GENERAL, Mechanism), - mkEntry(CKM_SHA256, Mechanism), - mkEntry(CKM_SHA256_HMAC_GENERAL, Mechanism), - mkEntry(CKM_SHA256_HMAC, Mechanism), - mkEntry(CKM_SHA384, Mechanism), - mkEntry(CKM_SHA384_HMAC_GENERAL, Mechanism), - mkEntry(CKM_SHA384_HMAC, Mechanism), - mkEntry(CKM_SHA512, Mechanism), - mkEntry(CKM_SHA512_HMAC_GENERAL, Mechanism), - mkEntry(CKM_SHA512_HMAC, Mechanism), - mkEntry(CKM_CAST_KEY_GEN, Mechanism), - mkEntry(CKM_CAST_ECB, Mechanism), - mkEntry(CKM_CAST_CBC, Mechanism), - mkEntry(CKM_CAST_MAC, Mechanism), - mkEntry(CKM_CAST_MAC_GENERAL, Mechanism), - mkEntry(CKM_CAST_CBC_PAD, Mechanism), - mkEntry(CKM_CAST3_KEY_GEN, Mechanism), - mkEntry(CKM_CAST3_ECB, Mechanism), - mkEntry(CKM_CAST3_CBC, Mechanism), - mkEntry(CKM_CAST3_MAC, Mechanism), - mkEntry(CKM_CAST3_MAC_GENERAL, Mechanism), - mkEntry(CKM_CAST3_CBC_PAD, Mechanism), - mkEntry(CKM_CAST5_KEY_GEN, Mechanism), - mkEntry(CKM_CAST128_KEY_GEN, Mechanism), - mkEntry(CKM_CAST5_ECB, Mechanism), - mkEntry(CKM_CAST128_ECB, Mechanism), - mkEntry(CKM_CAST5_CBC, Mechanism), - mkEntry(CKM_CAST128_CBC, Mechanism), - mkEntry(CKM_CAST5_MAC, Mechanism), - mkEntry(CKM_CAST128_MAC, Mechanism), - mkEntry(CKM_CAST5_MAC_GENERAL, Mechanism), - mkEntry(CKM_CAST128_MAC_GENERAL, Mechanism), - mkEntry(CKM_CAST5_CBC_PAD, Mechanism), - mkEntry(CKM_CAST128_CBC_PAD, Mechanism), - mkEntry(CKM_RC5_KEY_GEN, Mechanism), - mkEntry(CKM_RC5_ECB, Mechanism), - mkEntry(CKM_RC5_CBC, Mechanism), - mkEntry(CKM_RC5_MAC, Mechanism), - mkEntry(CKM_RC5_MAC_GENERAL, Mechanism), - mkEntry(CKM_RC5_CBC_PAD, Mechanism), - mkEntry(CKM_IDEA_KEY_GEN, Mechanism), - mkEntry(CKM_IDEA_ECB, Mechanism), - mkEntry(CKM_IDEA_CBC, Mechanism), - mkEntry(CKM_IDEA_MAC, Mechanism), - mkEntry(CKM_IDEA_MAC_GENERAL, Mechanism), - mkEntry(CKM_IDEA_CBC_PAD, Mechanism), - mkEntry(CKM_GENERIC_SECRET_KEY_GEN, Mechanism), - mkEntry(CKM_CONCATENATE_BASE_AND_KEY, Mechanism), - mkEntry(CKM_CONCATENATE_BASE_AND_DATA, Mechanism), - mkEntry(CKM_CONCATENATE_DATA_AND_BASE, Mechanism), - mkEntry(CKM_XOR_BASE_AND_DATA, Mechanism), - mkEntry(CKM_EXTRACT_KEY_FROM_KEY, Mechanism), - mkEntry(CKM_SSL3_PRE_MASTER_KEY_GEN, Mechanism), - mkEntry(CKM_SSL3_MASTER_KEY_DERIVE, Mechanism), - mkEntry(CKM_SSL3_KEY_AND_MAC_DERIVE, Mechanism), - mkEntry(CKM_SSL3_MASTER_KEY_DERIVE_DH, Mechanism), - mkEntry(CKM_TLS_PRE_MASTER_KEY_GEN, Mechanism), - mkEntry(CKM_TLS_MASTER_KEY_DERIVE, Mechanism), - mkEntry(CKM_TLS_KEY_AND_MAC_DERIVE, Mechanism), - mkEntry(CKM_TLS_MASTER_KEY_DERIVE_DH, Mechanism), - mkEntry(CKM_SSL3_MD5_MAC, Mechanism), - mkEntry(CKM_SSL3_SHA1_MAC, Mechanism), - mkEntry(CKM_MD5_KEY_DERIVATION, Mechanism), - mkEntry(CKM_MD2_KEY_DERIVATION, Mechanism), - mkEntry(CKM_SHA1_KEY_DERIVATION, Mechanism), - mkEntry(CKM_SHA256_KEY_DERIVATION, Mechanism), - mkEntry(CKM_SHA384_KEY_DERIVATION, Mechanism), - mkEntry(CKM_SHA512_KEY_DERIVATION, Mechanism), - mkEntry(CKM_PBE_MD2_DES_CBC, Mechanism), - mkEntry(CKM_PBE_MD5_DES_CBC, Mechanism), - mkEntry(CKM_PBE_MD5_CAST_CBC, Mechanism), - mkEntry(CKM_PBE_MD5_CAST3_CBC, Mechanism), - mkEntry(CKM_PBE_MD5_CAST5_CBC, Mechanism), - mkEntry(CKM_PBE_MD5_CAST128_CBC, Mechanism), - mkEntry(CKM_PBE_SHA1_CAST5_CBC, Mechanism), - mkEntry(CKM_PBE_SHA1_CAST128_CBC, Mechanism), - mkEntry(CKM_PBE_SHA1_RC4_128, Mechanism), - mkEntry(CKM_PBE_SHA1_RC4_40, Mechanism), - mkEntry(CKM_PBE_SHA1_DES3_EDE_CBC, Mechanism), - mkEntry(CKM_PBE_SHA1_DES2_EDE_CBC, Mechanism), - mkEntry(CKM_PBE_SHA1_RC2_128_CBC, Mechanism), - mkEntry(CKM_PBE_SHA1_RC2_40_CBC, Mechanism), - mkEntry(CKM_PKCS5_PBKD2, Mechanism), - mkEntry(CKM_PBA_SHA1_WITH_SHA1_HMAC, Mechanism), - mkEntry(CKM_KEY_WRAP_LYNKS, Mechanism), - mkEntry(CKM_KEY_WRAP_SET_OAEP, Mechanism), - mkEntry(CKM_SKIPJACK_KEY_GEN, Mechanism), - mkEntry(CKM_SKIPJACK_ECB64, Mechanism), - mkEntry(CKM_SKIPJACK_CBC64, Mechanism), - mkEntry(CKM_SKIPJACK_OFB64, Mechanism), - mkEntry(CKM_SKIPJACK_CFB64, Mechanism), - mkEntry(CKM_SKIPJACK_CFB32, Mechanism), - mkEntry(CKM_SKIPJACK_CFB16, Mechanism), - mkEntry(CKM_SKIPJACK_CFB8, Mechanism), - mkEntry(CKM_SKIPJACK_WRAP, Mechanism), - mkEntry(CKM_SKIPJACK_PRIVATE_WRAP, Mechanism), - mkEntry(CKM_SKIPJACK_RELAYX, Mechanism), - mkEntry(CKM_KEA_KEY_PAIR_GEN, Mechanism), - mkEntry(CKM_KEA_KEY_DERIVE, Mechanism), - mkEntry(CKM_FORTEZZA_TIMESTAMP, Mechanism), - mkEntry(CKM_BATON_KEY_GEN, Mechanism), - mkEntry(CKM_BATON_ECB128, Mechanism), - mkEntry(CKM_BATON_ECB96, Mechanism), - mkEntry(CKM_BATON_CBC128, Mechanism), - mkEntry(CKM_BATON_COUNTER, Mechanism), - mkEntry(CKM_BATON_SHUFFLE, Mechanism), - mkEntry(CKM_BATON_WRAP, Mechanism), - mkEntry(CKM_ECDSA_KEY_PAIR_GEN, Mechanism), - mkEntry(CKM_EC_KEY_PAIR_GEN, Mechanism), - mkEntry(CKM_ECDSA, Mechanism), - mkEntry(CKM_ECDSA_SHA1, Mechanism), - mkEntry(CKM_ECDH1_DERIVE, Mechanism), - mkEntry(CKM_ECDH1_COFACTOR_DERIVE, Mechanism), - mkEntry(CKM_ECMQV_DERIVE, Mechanism), - mkEntry(CKM_JUNIPER_KEY_GEN, Mechanism), - mkEntry(CKM_JUNIPER_ECB128, Mechanism), - mkEntry(CKM_JUNIPER_CBC128, Mechanism), - mkEntry(CKM_JUNIPER_COUNTER, Mechanism), - mkEntry(CKM_JUNIPER_SHUFFLE, Mechanism), - mkEntry(CKM_JUNIPER_WRAP, Mechanism), - mkEntry(CKM_FASTHASH, Mechanism), - mkEntry(CKM_AES_KEY_GEN, Mechanism), - mkEntry(CKM_AES_ECB, Mechanism), - mkEntry(CKM_AES_CBC, Mechanism), - mkEntry(CKM_AES_MAC, Mechanism), - mkEntry(CKM_AES_MAC_GENERAL, Mechanism), - mkEntry(CKM_AES_CBC_PAD, Mechanism), - mkEntry(CKM_CAMELLIA_KEY_GEN, Mechanism), - mkEntry(CKM_CAMELLIA_ECB, Mechanism), - mkEntry(CKM_CAMELLIA_CBC, Mechanism), - mkEntry(CKM_CAMELLIA_MAC, Mechanism), - mkEntry(CKM_CAMELLIA_MAC_GENERAL, Mechanism), - mkEntry(CKM_CAMELLIA_CBC_PAD, Mechanism), - mkEntry(CKM_SEED_KEY_GEN, Mechanism), - mkEntry(CKM_SEED_ECB, Mechanism), - mkEntry(CKM_SEED_CBC, Mechanism), - mkEntry(CKM_SEED_MAC, Mechanism), - mkEntry(CKM_SEED_MAC_GENERAL, Mechanism), - mkEntry(CKM_SEED_CBC_PAD, Mechanism), - mkEntry(CKM_SEED_ECB_ENCRYPT_DATA, Mechanism), - mkEntry(CKM_SEED_CBC_ENCRYPT_DATA, Mechanism), - mkEntry(CKM_DSA_PARAMETER_GEN, Mechanism), - mkEntry(CKM_DH_PKCS_PARAMETER_GEN, Mechanism), - mkEntry(CKM_NSS_AES_KEY_WRAP, Mechanism), - mkEntry(CKM_NSS_AES_KEY_WRAP_PAD, Mechanism), - mkEntry(CKM_NETSCAPE_PBE_SHA1_DES_CBC, Mechanism), - mkEntry(CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC, Mechanism), - mkEntry(CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC, Mechanism), - mkEntry(CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC, Mechanism), - mkEntry(CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4, Mechanism), - mkEntry(CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4, Mechanism), - mkEntry(CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC, Mechanism), - mkEntry(CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN, Mechanism), - mkEntry(CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN, Mechanism), - mkEntry(CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN, Mechanism), - mkEntry(CKM_TLS_PRF_GENERAL, Mechanism), - - mkEntry(CKR_OK, Result), - mkEntry(CKR_CANCEL, Result), - mkEntry(CKR_HOST_MEMORY, Result), - mkEntry(CKR_SLOT_ID_INVALID, Result), - mkEntry(CKR_GENERAL_ERROR, Result), - mkEntry(CKR_FUNCTION_FAILED, Result), - mkEntry(CKR_ARGUMENTS_BAD, Result), - mkEntry(CKR_NO_EVENT, Result), - mkEntry(CKR_NEED_TO_CREATE_THREADS, Result), - mkEntry(CKR_CANT_LOCK, Result), - mkEntry(CKR_ATTRIBUTE_READ_ONLY, Result), - mkEntry(CKR_ATTRIBUTE_SENSITIVE, Result), - mkEntry(CKR_ATTRIBUTE_TYPE_INVALID, Result), - mkEntry(CKR_ATTRIBUTE_VALUE_INVALID, Result), - mkEntry(CKR_DATA_INVALID, Result), - mkEntry(CKR_DATA_LEN_RANGE, Result), - mkEntry(CKR_DEVICE_ERROR, Result), - mkEntry(CKR_DEVICE_MEMORY, Result), - mkEntry(CKR_DEVICE_REMOVED, Result), - mkEntry(CKR_ENCRYPTED_DATA_INVALID, Result), - mkEntry(CKR_ENCRYPTED_DATA_LEN_RANGE, Result), - mkEntry(CKR_FUNCTION_CANCELED, Result), - mkEntry(CKR_FUNCTION_NOT_PARALLEL, Result), - mkEntry(CKR_FUNCTION_NOT_SUPPORTED, Result), - mkEntry(CKR_KEY_HANDLE_INVALID, Result), - mkEntry(CKR_KEY_SIZE_RANGE, Result), - mkEntry(CKR_KEY_TYPE_INCONSISTENT, Result), - mkEntry(CKR_KEY_NOT_NEEDED, Result), - mkEntry(CKR_KEY_CHANGED, Result), - mkEntry(CKR_KEY_NEEDED, Result), - mkEntry(CKR_KEY_INDIGESTIBLE, Result), - mkEntry(CKR_KEY_FUNCTION_NOT_PERMITTED, Result), - mkEntry(CKR_KEY_NOT_WRAPPABLE, Result), - mkEntry(CKR_KEY_UNEXTRACTABLE, Result), - mkEntry(CKR_KEY_PARAMS_INVALID, Result), - mkEntry(CKR_MECHANISM_INVALID, Result), - mkEntry(CKR_MECHANISM_PARAM_INVALID, Result), - mkEntry(CKR_OBJECT_HANDLE_INVALID, Result), - mkEntry(CKR_OPERATION_ACTIVE, Result), - mkEntry(CKR_OPERATION_NOT_INITIALIZED, Result), - mkEntry(CKR_PIN_INCORRECT, Result), - mkEntry(CKR_PIN_INVALID, Result), - mkEntry(CKR_PIN_LEN_RANGE, Result), - mkEntry(CKR_PIN_EXPIRED, Result), - mkEntry(CKR_PIN_LOCKED, Result), - mkEntry(CKR_SESSION_CLOSED, Result), - mkEntry(CKR_SESSION_COUNT, Result), - mkEntry(CKR_SESSION_HANDLE_INVALID, Result), - mkEntry(CKR_SESSION_PARALLEL_NOT_SUPPORTED, Result), - mkEntry(CKR_SESSION_READ_ONLY, Result), - mkEntry(CKR_SESSION_EXISTS, Result), - mkEntry(CKR_SESSION_READ_ONLY_EXISTS, Result), - mkEntry(CKR_SESSION_READ_WRITE_SO_EXISTS, Result), - mkEntry(CKR_SIGNATURE_INVALID, Result), - mkEntry(CKR_SIGNATURE_LEN_RANGE, Result), - mkEntry(CKR_TEMPLATE_INCOMPLETE, Result), - mkEntry(CKR_TEMPLATE_INCONSISTENT, Result), - mkEntry(CKR_TOKEN_NOT_PRESENT, Result), - mkEntry(CKR_TOKEN_NOT_RECOGNIZED, Result), - mkEntry(CKR_TOKEN_WRITE_PROTECTED, Result), - mkEntry(CKR_UNWRAPPING_KEY_HANDLE_INVALID, Result), - mkEntry(CKR_UNWRAPPING_KEY_SIZE_RANGE, Result), - mkEntry(CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, Result), - mkEntry(CKR_USER_ALREADY_LOGGED_IN, Result), - mkEntry(CKR_USER_NOT_LOGGED_IN, Result), - mkEntry(CKR_USER_PIN_NOT_INITIALIZED, Result), - mkEntry(CKR_USER_TYPE_INVALID, Result), - mkEntry(CKR_USER_ANOTHER_ALREADY_LOGGED_IN, Result), - mkEntry(CKR_USER_TOO_MANY_TYPES, Result), - mkEntry(CKR_WRAPPED_KEY_INVALID, Result), - mkEntry(CKR_WRAPPED_KEY_LEN_RANGE, Result), - mkEntry(CKR_WRAPPING_KEY_HANDLE_INVALID, Result), - mkEntry(CKR_WRAPPING_KEY_SIZE_RANGE, Result), - mkEntry(CKR_WRAPPING_KEY_TYPE_INCONSISTENT, Result), - mkEntry(CKR_RANDOM_SEED_NOT_SUPPORTED, Result), - mkEntry(CKR_RANDOM_NO_RNG, Result), - mkEntry(CKR_DOMAIN_PARAMS_INVALID, Result), - mkEntry(CKR_BUFFER_TOO_SMALL, Result), - mkEntry(CKR_SAVED_STATE_INVALID, Result), - mkEntry(CKR_INFORMATION_SENSITIVE, Result), - mkEntry(CKR_STATE_UNSAVEABLE, Result), - mkEntry(CKR_CRYPTOKI_NOT_INITIALIZED, Result), - mkEntry(CKR_CRYPTOKI_ALREADY_INITIALIZED, Result), - mkEntry(CKR_MUTEX_BAD, Result), - mkEntry(CKR_MUTEX_NOT_LOCKED, Result), - mkEntry(CKR_VENDOR_DEFINED, Result), - - mkEntry(CKT_NSS_TRUSTED, Trust), - mkEntry(CKT_NSS_TRUSTED_DELEGATOR, Trust), - mkEntry(CKT_NSS_NOT_TRUSTED, Trust), - mkEntry(CKT_NSS_MUST_VERIFY_TRUST, Trust), - mkEntry(CKT_NSS_TRUST_UNKNOWN, Trust), - mkEntry(CKT_NSS_VALID_DELEGATOR, Trust), - - mkEntry(CK_EFFECTIVELY_INFINITE, AvailableSizes), - mkEntry(CK_UNAVAILABLE_INFORMATION, CurrentSize), -}; - -const Constant *consts = &_consts[0]; -const int constCount = sizeof(_consts)/sizeof(_consts[0]); - -const Commands _commands[] = { - {"C_Initialize", F_C_Initialize, -"C_Initialize pInitArgs\n\n" -"C_Initialize initializes the PKCS #11 library.\n" -" pInitArgs if this is not NULL_PTR it gets cast to and dereferenced\n", - {ArgInitializeArgs, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_Finalize", F_C_Finalize, -"C_Finalize pReserved\n\n" -"C_Finalize indicates that an application is done with the PKCS #11 library.\n" -" pReserved reserved. Should be NULL_PTR\n", - {ArgInitializeArgs, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_GetInfo", F_C_GetInfo, -"C_GetInfo pInfo\n\n" -"C_GetInfo returns general information about PKCS #11.\n" -" pInfo location that receives information\n", - {ArgInfo|ArgOut, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_GetFunctionList", F_C_GetFunctionList, -"C_GetFunctionList ppFunctionList\n\n" -"C_GetFunctionList returns the function list.\n" -" ppFunctionList receives pointer to function list\n", - {ArgFunctionList|ArgOut, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_GetSlotList", F_C_GetSlotList, -"C_GetSlotList tokenPresent pSlotList pulCount\n\n" -"C_GetSlotList obtains a list of slots in the system.\n" -" tokenPresent only slots with tokens?\n" -" pSlotList receives array of slot IDs\n" -" pulCount receives number of slots\n", - {ArgULong, ArgULong|ArgArray|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_GetSlotInfo", F_C_GetSlotInfo, -"C_GetSlotInfo slotID pInfo\n\n" -"C_GetSlotInfo obtains information about a particular slot in the system.\n" -" slotID the ID of the slot\n" -" pInfo receives the slot information\n", - {ArgULong, ArgSlotInfo|ArgOut, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_GetTokenInfo", F_C_GetTokenInfo, -"C_GetTokenInfo slotID pInfo\n\n" -"C_GetTokenInfo obtains information about a particular token in the system.\n" -" slotID ID of the token's slot\n" -" pInfo receives the token information\n", - {ArgULong, ArgTokenInfo|ArgOut, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_GetMechanismList", F_C_GetMechanismList, -"C_GetMechanismList slotID pMechanismList pulCount\n\n" -"C_GetMechanismList obtains a list of mechanism types supported by a token.\n" -" slotID ID of token's slot\n" -" pMechanismList gets mech. array\n" -" pulCount gets # of mechs.\n", - {ArgULong, ArgULong|ArgArray|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_GetMechanismInfo", F_C_GetMechanismInfo, -"C_GetMechanismInfo slotID type pInfo\n\n" -"C_GetMechanismInfo obtains information about a particular mechanism possibly\n" -"supported by a token.\n" -" slotID ID of the token's slot\n" -" type type of mechanism\n" -" pInfo receives mechanism info\n", - {ArgULong, ArgULong, ArgMechanismInfo|ArgOut, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_InitToken", F_C_InitToken, -"C_InitToken slotID pPin ulPinLen pLabel\n\n" -"C_InitToken initializes a token.\n" -" slotID ID of the token's slot\n" -" pPin the SO's initial PIN\n" -" ulPinLen length in bytes of the PIN\n" -" pLabel 32-byte token label (blank padded)\n", - {ArgULong, ArgUTF8, ArgULong, ArgUTF8, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_InitPIN", F_C_InitPIN, -"C_InitPIN hSession pPin ulPinLen\n\n" -"C_InitPIN initializes the normal user's PIN.\n" -" hSession the session's handle\n" -" pPin the normal user's PIN\n" -" ulPinLen length in bytes of the PIN\n", - {ArgULong, ArgUTF8, ArgULong, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_SetPIN", F_C_SetPIN, -"C_SetPIN hSession pOldPin ulOldLen pNewPin ulNewLen\n\n" -"C_SetPIN modifies the PIN of the user who is logged in.\n" -" hSession the session's handle\n" -" pOldPin the old PIN\n" -" ulOldLen length of the old PIN\n" -" pNewPin the new PIN\n" -" ulNewLen length of the new PIN\n", - {ArgULong, ArgUTF8, ArgULong, ArgUTF8, ArgULong, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_OpenSession", F_C_OpenSession, -"C_OpenSession slotID flags phSession\n\n" -"C_OpenSession opens a session between an application and a token.\n" -" slotID the slot's ID\n" -" flags from\n" -" phSession gets session handle\n", - {ArgULong, ArgULong, ArgULong|ArgOut, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_CloseSession", F_C_CloseSession, -"C_CloseSession hSession\n\n" -"C_CloseSession closes a session between an application and a token.\n" -" hSession the session's handle\n", - {ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_CloseAllSessions", F_C_CloseAllSessions, -"C_CloseAllSessions slotID\n\n" -"C_CloseAllSessions closes all sessions with a token.\n" -" slotID the token's slot\n", - {ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_GetSessionInfo", F_C_GetSessionInfo, -"C_GetSessionInfo hSession pInfo\n\n" -"C_GetSessionInfo obtains information about the session.\n" -" hSession the session's handle\n" -" pInfo receives session info\n", - {ArgULong, ArgSessionInfo|ArgOut, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_GetOperationState", F_C_GetOperationState, -"C_GetOperationState hSession pOpState pulOpStateLen\n\n" -"C_GetOperationState obtains the state of the cryptographic operation in a\n" -"session.\n" -" hSession session's handle\n" -" pOpState gets state\n" -" pulOpStateLen gets state length\n", - {ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_SetOperationState", F_C_SetOperationState, -"C_SetOperationState hSession pOpState ulOpStateLen hEncKey hAuthKey\n\n" -"C_SetOperationState restores the state of the cryptographic operation in a\n" -"session.\n" -" hSession session's handle\n" -" pOpState holds state\n" -" ulOpStateLen holds state length\n" -" hEncKey en/decryption key\n" -" hAuthnKey sign/verify key\n", - {ArgULong, ArgChar|ArgOut, ArgULong, ArgULong, ArgULong, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_Login", F_C_Login, -"C_Login hSession userType pPin ulPinLen\n\n" -"C_Login logs a user into a token.\n" -" hSession the session's handle\n" -" userType the user type\n" -" pPin the user's PIN\n" -" ulPinLen the length of the PIN\n", - {ArgULong, ArgULong, ArgVar, ArgULong, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_Logout", F_C_Logout, -"C_Logout hSession\n\n" -"C_Logout logs a user out from a token.\n" -" hSession the session's handle\n", - {ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_CreateObject", F_C_CreateObject, -"C_CreateObject hSession pTemplate ulCount phObject\n\n" -"C_CreateObject creates a new object.\n" -" hSession the session's handle\n" -" pTemplate the object's template\n" -" ulCount attributes in template\n" -" phObject gets new object's handle.\n", - {ArgULong, ArgAttribute|ArgArray, ArgULong, ArgULong|ArgOut, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_CopyObject", F_C_CopyObject, -"C_CopyObject hSession hObject pTemplate ulCount phNewObject\n\n" -"C_CopyObject copies an object creating a new object for the copy.\n" -" hSession the session's handle\n" -" hObject the object's handle\n" -" pTemplate template for new object\n" -" ulCount attributes in template\n" -" phNewObject receives handle of copy\n", - {ArgULong, ArgULong, ArgAttribute|ArgArray, ArgULong, ArgULong|ArgOut, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_DestroyObject", F_C_DestroyObject, -"C_DestroyObject hSession hObject\n\n" -"C_DestroyObject destroys an object.\n" -" hSession the session's handle\n" -" hObject the object's handle\n", - {ArgULong, ArgULong, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_GetObjectSize", F_C_GetObjectSize, -"C_GetObjectSize hSession hObject pulSize\n\n" -"C_GetObjectSize gets the size of an object in bytes.\n" -" hSession the session's handle\n" -" hObject the object's handle\n" -" pulSize receives size of object\n", - {ArgULong, ArgULong, ArgULong|ArgOut, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_GetAttributeValue", F_C_GetAttributeValue, -"C_GetAttributeValue hSession hObject pTemplate ulCount\n\n" -"C_GetAttributeValue obtains the value of one or more object attributes.\n" -" hSession the session's handle\n" -" hObject the object's handle\n" -" pTemplate specifies attrs; gets vals\n" -" ulCount attributes in template\n", - {ArgULong, ArgULong, ArgAttribute|ArgArray, ArgULong, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_SetAttributeValue", F_C_SetAttributeValue, -"C_SetAttributeValue hSession hObject pTemplate ulCount\n\n" -"C_SetAttributeValue modifies the value of one or more object attributes\n" -" hSession the session's handle\n" -" hObject the object's handle\n" -" pTemplate specifies attrs and values\n" -" ulCount attributes in template\n", - {ArgULong, ArgULong, ArgAttribute|ArgArray, ArgULong, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_FindObjectsInit", F_C_FindObjectsInit, -"C_FindObjectsInit hSession pTemplate ulCount\n\n" -"C_FindObjectsInit initializes a search for token and session objects that\n" -"match a template.\n" -" hSession the session's handle\n" -" pTemplate attribute values to match\n" -" ulCount attrs in search template\n", - {ArgULong, ArgAttribute|ArgArray, ArgULong, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_FindObjectsFinal", F_C_FindObjectsFinal, -"C_FindObjectsFinal hSession\n\n" -"C_FindObjectsFinal finishes a search for token and session objects.\n" -" hSession the session's handle\n", - {ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_FindObjects", F_C_FindObjects, -"C_FindObjects hSession phObject ulMaxObjectCount pulObjectCount\n\n" -"C_FindObjects continues a search for token and session objects that match\n" -"a template obtaining additional object handles.\n" -" hSession session's handle\n" -" phObject gets obj. handles\n" -" ulMaxObjectCount max handles to get\n" -" pulObjectCount actual # returned\n", - {ArgULong, ArgULong|ArgOut, ArgULong, ArgULong|ArgOut, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_EncryptInit", F_C_EncryptInit, -"C_EncryptInit hSession pMechanism hKey\n\n" -"C_EncryptInit initializes an encryption operation.\n" -" hSession the session's handle\n" -" pMechanism the encryption mechanism\n" -" hKey handle of encryption key\n", - {ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_EncryptUpdate", F_C_EncryptUpdate, -"C_EncryptUpdate hSession pPart ulPartLen pEncryptedPart pulEncryptedPartLen\n" -"\n" -"C_EncryptUpdate continues a multiple-part encryption operation.\n" -" hSession session's handle\n" -" pPart the plaintext data\n" -" ulPartLen plaintext data len\n" -" pEncryptedPart gets ciphertext\n" -" pulEncryptedPartLen gets c-text size\n", - {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_EncryptFinal", F_C_EncryptFinal, -"C_EncryptFinal hSession pLastEncryptedPart pulLastEncryptedPartLen\n\n" -"C_EncryptFinal finishes a multiple-part encryption operation.\n" -" hSession session handle\n" -" pLastEncryptedPart last c-text\n" -" pulLastEncryptedPartLen gets last size\n", - {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_Encrypt", F_C_Encrypt, -"C_Encrypt hSession pData ulDataLen pEncryptedData pulEncryptedDataLen\n\n" -"C_Encrypt encrypts single-part data.\n" -" hSession session's handle\n" -" pData the plaintext data\n" -" ulDataLen bytes of plaintext\n" -" pEncryptedData gets ciphertext\n" -" pulEncryptedDataLen gets c-text size\n", - {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_DecryptInit", F_C_DecryptInit, -"C_DecryptInit hSession pMechanism hKey\n\n" -"C_DecryptInit initializes a decryption operation.\n" -" hSession the session's handle\n" -" pMechanism the decryption mechanism\n" -" hKey handle of decryption key\n", - {ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_DecryptUpdate", F_C_DecryptUpdate, -"C_DecryptUpdate hSession pEncryptedPart ulEncryptedPartLen pPart pulPartLen\n" -"\n" -"C_DecryptUpdate continues a multiple-part decryption operation.\n" -" hSession session's handle\n" -" pEncryptedPart encrypted data\n" -" ulEncryptedPartLen input length\n" -" pPart gets plaintext\n" -" pulPartLen p-text size\n", - {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_DecryptFinal", F_C_DecryptFinal, -"C_DecryptFinal hSession pLastPart pulLastPartLen\n\n" -"C_DecryptFinal finishes a multiple-part decryption operation.\n" -" hSession the session's handle\n" -" pLastPart gets plaintext\n" -" pulLastPartLen p-text size\n", - {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_Decrypt", F_C_Decrypt, -"C_Decrypt hSession pEncryptedData ulEncryptedDataLen pData pulDataLen\n\n" -"C_Decrypt decrypts encrypted data in a single part.\n" -" hSession session's handle\n" -" pEncryptedData ciphertext\n" -" ulEncryptedDataLen ciphertext length\n" -" pData gets plaintext\n" -" pulDataLen gets p-text size\n", - {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_DigestInit", F_C_DigestInit, -"C_DigestInit hSession pMechanism\n\n" -"C_DigestInit initializes a message-digesting operation.\n" -" hSession the session's handle\n" -" pMechanism the digesting mechanism\n", - {ArgULong, ArgMechanism, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_DigestUpdate", F_C_DigestUpdate, -"C_DigestUpdate hSession pPart ulPartLen\n\n" -"C_DigestUpdate continues a multiple-part message-digesting operation.\n" -" hSession the session's handle\n" -" pPart data to be digested\n" -" ulPartLen bytes of data to be digested\n", - {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_DigestKey", F_C_DigestKey, -"C_DigestKey hSession hKey\n\n" -"C_DigestKey continues a multi-part message-digesting operation by digesting\n" -"the value of a secret key as part of the data already digested.\n" -" hSession the session's handle\n" -" hKey secret key to digest\n", - {ArgULong, ArgULong, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_DigestFinal", F_C_DigestFinal, -"C_DigestFinal hSession pDigest pulDigestLen\n\n" -"C_DigestFinal finishes a multiple-part message-digesting operation.\n" -" hSession the session's handle\n" -" pDigest gets the message digest\n" -" pulDigestLen gets byte count of digest\n", - {ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_Digest", F_C_Digest, -"C_Digest hSession pData ulDataLen pDigest pulDigestLen\n\n" -"C_Digest digests data in a single part.\n" -" hSession the session's handle\n" -" pData data to be digested\n" -" ulDataLen bytes of data to digest\n" -" pDigest gets the message digest\n" -" pulDigestLen gets digest length\n", - {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_SignInit", F_C_SignInit, -"C_SignInit hSession pMechanism hKey\n\n" -"C_SignInit initializes a signature (private key encryption operation where\n" -"the signature is (will be) an appendix to the data and plaintext cannot be\n" -"recovered from the signature.\n" -" hSession the session's handle\n" -" pMechanism the signature mechanism\n" -" hKey handle of signature key\n", - {ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_SignUpdate", F_C_SignUpdate, -"C_SignUpdate hSession pPart ulPartLen\n\n" -"C_SignUpdate continues a multiple-part signature operation where the\n" -"signature is (will be) an appendix to the data and plaintext cannot be\n" -"recovered from the signature.\n" -" hSession the session's handle\n" -" pPart the data to sign\n" -" ulPartLen count of bytes to sign\n", - {ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_SignFinal", F_C_SignFinal, -"C_SignFinal hSession pSignature pulSignatureLen\n\n" -"C_SignFinal finishes a multiple-part signature operation returning the\n" -"signature.\n" -" hSession the session's handle\n" -" pSignature gets the signature\n" -" pulSignatureLen gets signature length\n", - {ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_SignRecoverInit", F_C_SignRecoverInit, -"C_SignRecoverInit hSession pMechanism hKey\n\n" -"C_SignRecoverInit initializes a signature operation where the data can be\n" -"recovered from the signature.\n" -" hSession the session's handle\n" -" pMechanism the signature mechanism\n" -" hKey handle of the signature key\n", - {ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_SignRecover", F_C_SignRecover, -"C_SignRecover hSession pData ulDataLen pSignature pulSignatureLen\n\n" -"C_SignRecover signs data in a single operation where the data can be\n" -"recovered from the signature.\n" -" hSession the session's handle\n" -" pData the data to sign\n" -" ulDataLen count of bytes to sign\n" -" pSignature gets the signature\n" -" pulSignatureLen gets signature length\n", - {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_Sign", F_C_Sign, -"C_Sign hSession pData ulDataLen pSignature pulSignatureLen\n\n" -"C_Sign signs (encrypts with private key) data in a single part where the\n" -"signature is (will be) an appendix to the data and plaintext cannot be\n" -"recovered from the signature.\n" -" hSession the session's handle\n" -" pData the data to sign\n" -" ulDataLen count of bytes to sign\n" -" pSignature gets the signature\n" -" pulSignatureLen gets signature length\n", - {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_VerifyInit", F_C_VerifyInit, -"C_VerifyInit hSession pMechanism hKey\n\n" -"C_VerifyInit initializes a verification operation where the signature is an\n" -"appendix to the data and plaintext cannot cannot be recovered from the\n" -"signature (e.g. DSA).\n" -" hSession the session's handle\n" -" pMechanism the verification mechanism\n" -" hKey verification key\n", - {ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_VerifyUpdate", F_C_VerifyUpdate, -"C_VerifyUpdate hSession pPart ulPartLen\n\n" -"C_VerifyUpdate continues a multiple-part verification operation where the\n" -"signature is an appendix to the data and plaintext cannot be recovered from\n" -"the signature.\n" -" hSession the session's handle\n" -" pPart signed data\n" -" ulPartLen length of signed data\n", - {ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_VerifyFinal", F_C_VerifyFinal, -"C_VerifyFinal hSession pSignature ulSignatureLen\n\n" -"C_VerifyFinal finishes a multiple-part verification operation checking the\n" -"signature.\n" -" hSession the session's handle\n" -" pSignature signature to verify\n" -" ulSignatureLen signature length\n", - {ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_VerifyRecoverInit", F_C_VerifyRecoverInit, -"C_VerifyRecoverInit hSession pMechanism hKey\n\n" -"C_VerifyRecoverInit initializes a signature verification operation where the\n" -"data is recovered from the signature.\n" -" hSession the session's handle\n" -" pMechanism the verification mechanism\n" -" hKey verification key\n", - {ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_VerifyRecover", F_C_VerifyRecover, -"C_VerifyRecover hSession pSignature ulSignatureLen pData pulDataLen\n\n" -"C_VerifyRecover verifies a signature in a single-part operation where the\n" -"data is recovered from the signature.\n" -" hSession the session's handle\n" -" pSignature signature to verify\n" -" ulSignatureLen signature length\n" -" pData gets signed data\n" -" pulDataLen gets signed data len\n", - {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_Verify", F_C_Verify, -"C_Verify hSession pData ulDataLen pSignature ulSignatureLen\n\n" -"C_Verify verifies a signature in a single-part operation where the signature\n" -"is an appendix to the data and plaintext cannot be recovered from the\n" -"signature.\n" -" hSession the session's handle\n" -" pData signed data\n" -" ulDataLen length of signed data\n" -" pSignature signature\n" -" ulSignatureLen signature length*/\n", - {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_DigestEncryptUpdate", F_C_DigestEncryptUpdate, -"C_DigestEncryptUpdate hSession pPart ulPartLen pEncryptedPart \\\n" -" pulEncryptedPartLen\n\n" -"C_DigestEncryptUpdate continues a multiple-part digesting and encryption\n" -"operation.\n" -" hSession session's handle\n" -" pPart the plaintext data\n" -" ulPartLen plaintext length\n" -" pEncryptedPart gets ciphertext\n" -" pulEncryptedPartLen gets c-text length\n", - {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_DecryptDigestUpdate", F_C_DecryptDigestUpdate, -"C_DecryptDigestUpdate hSession pEncryptedPart ulEncryptedPartLen pPart \\\n" -" pulPartLen\n\n" -"C_DecryptDigestUpdate continues a multiple-part decryption and digesting\n" -"operation.\n" -" hSession session's handle\n" -" pEncryptedPart ciphertext\n" -" ulEncryptedPartLen ciphertext length\n" -" pPart gets plaintext\n" -" pulPartLen gets plaintext len\n", - {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_SignEncryptUpdate", F_C_SignEncryptUpdate, -"C_SignEncryptUpdate hSession pPart ulPartLen pEncryptedPart \\\n" -" pulEncryptedPartLen\n\n" -"C_SignEncryptUpdate continues a multiple-part signing and encryption\n" -"operation.\n" -" hSession session's handle\n" -" pPart the plaintext data\n" -" ulPartLen plaintext length\n" -" pEncryptedPart gets ciphertext\n" -" pulEncryptedPartLen gets c-text length\n", - {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_DecryptVerifyUpdate", F_C_DecryptVerifyUpdate, -"C_DecryptVerifyUpdate hSession pEncryptedPart ulEncryptedPartLen pPart \\\n" -" pulPartLen\n\n" -"C_DecryptVerifyUpdate continues a multiple-part decryption and verify\n" -"operation.\n" -" hSession session's handle\n" -" pEncryptedPart ciphertext\n" -" ulEncryptedPartLen ciphertext length\n" -" pPart gets plaintext\n" -" pulPartLen gets p-text length\n", - {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_GenerateKeyPair", F_C_GenerateKeyPair, -"C_GenerateKeyPair hSession pMechanism pPublicKeyTemplate \\\n" -" ulPublicKeyAttributeCount pPrivateKeyTemplate ulPrivateKeyAttributeCount \\\n" -" phPublicKey phPrivateKey\n\n" -"C_GenerateKeyPair generates a public-key/private-key pair creating new key\n" -"objects.\n" -" hSession sessionhandle\n" -" pMechanism key-genmech.\n" -" pPublicKeyTemplate templatefor pub. key\n" -" ulPublicKeyAttributeCount # pub. attrs.\n" -" pPrivateKeyTemplate templatefor priv. key\n" -" ulPrivateKeyAttributeCount # priv. attrs.\n" -" phPublicKey gets pub. keyhandle\n" -" phPrivateKey getspriv. keyhandle\n", - {ArgULong, ArgMechanism, ArgAttribute|ArgArray, ArgULong, - ArgAttribute|ArgArray, - ArgULong, ArgULong|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone }}, - {"C_GenerateKey", F_C_GenerateKey, -"C_GenerateKey hSession pMechanism pTemplate ulCount phKey\n\n" -"C_GenerateKey generates a secret key creating a new key object.\n" -" hSession the session's handle\n" -" pMechanism key generation mech.\n" -" pTemplate template for new key\n" -" ulCount # of attrs in template\n" -" phKey gets handle of new key\n", - {ArgULong, ArgMechanism, ArgAttribute|ArgArray, ArgULong, - ArgULong|ArgOut, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_WrapKey", F_C_WrapKey, -"C_WrapKey hSession pMechanism hWrappingKey hKey pWrappedKey pulWrappedKeyLen\n\n" -"C_WrapKey wraps (i.e. encrypts) a key.\n" -" hSession the session's handle\n" -" pMechanism the wrapping mechanism\n" -" hWrappingKey wrapping key\n" -" hKey key to be wrapped\n" -" pWrappedKey gets wrapped key\n" -" pulWrappedKeyLen gets wrapped key size\n", - {ArgULong, ArgMechanism, ArgULong, ArgULong, ArgULong, - ArgChar|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone, ArgNone }}, - {"C_UnwrapKey", F_C_UnwrapKey, -"C_UnwrapKey hSession pMechanism hUnwrappingKey pWrappedKey ulWrappedKeyLen \\\n" -" pTemplate ulAttributeCount phKey\n\n" -"C_UnwrapKey unwraps (decrypts) a wrapped key creating a new key object.\n" -" hSession session's handle\n" -" pMechanism unwrapping mech.\n" -" hUnwrappingKey unwrapping key\n" -" pWrappedKey the wrapped key\n" -" ulWrappedKeyLen wrapped key len\n" -" pTemplate new key template\n" -" ulAttributeCount template length\n" -" phKey gets new handle\n", - {ArgULong, ArgMechanism, ArgULong, ArgChar, ArgULong, - ArgAttribute|ArgArray, ArgULong, ArgULong|ArgOut, ArgNone, ArgNone }}, - {"C_DeriveKey", F_C_DeriveKey, -"C_DeriveKey hSession pMechanism hBaseKey pTemplate ulAttributeCount phKey\n\n" -"C_DeriveKey derives a key from a base key creating a new key object.\n" -" hSession session's handle\n" -" pMechanism key deriv. mech.\n" -" hBaseKey base key\n" -" pTemplate new key template\n" -" ulAttributeCount template length\n" -" phKey gets new handle\n", - {ArgULong, ArgMechanism, ArgULong, ArgAttribute|ArgArray, ArgULong, - ArgULong|ArgOut, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_SeedRandom", F_C_SeedRandom, -"C_SeedRandom hSession pSeed ulSeedLen\n\n" -"C_SeedRandom mixes additional seed material into the token's random number\n" -"generator.\n" -" hSession the session's handle\n" -" pSeed the seed material\n" -" ulSeedLen length of seed material\n", - {ArgULong, ArgChar, ArgULong, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_GenerateRandom", F_C_GenerateRandom, -"C_GenerateRandom hSession RandomData ulRandomLen\n\n" -"C_GenerateRandom generates random data.\n" -" hSession the session's handle\n" -" RandomData receives the random data\n" -" ulRandomLen # of bytes to generate\n", - {ArgULong, ArgChar, ArgULong, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_GetFunctionStatus", F_C_GetFunctionStatus, -"C_GetFunctionStatus hSession\n\n" -"C_GetFunctionStatus is a legacy function; it obtains an updated status of\n" -"a function running in parallel with an application.\n" -" hSession the session's handle\n", - {ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_CancelFunction", F_C_CancelFunction, -"C_CancelFunction hSession\n\n" -"C_CancelFunction is a legacy function; it cancels a function running in\n" -"parallel.\n" -" hSession the session's handle\n", - {ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_WaitForSlotEvent", F_C_WaitForSlotEvent, -"C_WaitForSlotEvent flags pSlot pRserved\n\n" -"C_WaitForSlotEvent waits for a slot event (token insertion removal etc.)\n" -"to occur.\n" -" flags blocking/nonblocking flag\n" -" pSlot location that receives the slot ID\n" -" pRserved reserved. Should be NULL_PTR\n", - {ArgULong, ArgULong|ArgArray, ArgVar, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"NewArray", F_NewArray, -"NewArray varName varType array size\n\n" -"Creates a new array variable.\n" -" varName variable name of the new array\n" -" varType data type of the new array\n" -" size number of elements in the array\n", - {ArgVar|ArgNew, ArgVar, ArgULong, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"NewInitArg", F_NewInitializeArgs, -"NewInitArg varName flags string\n\n" -"Creates a new init variable.\n" -" varName variable name of the new initArg\n" -" flags value to set the flags field\n" -" string string parameter for init arg\n", - {ArgVar|ArgNew, ArgULong, ArgVar|ArgNew, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"NewTemplate", F_NewTemplate, -"NewTemplate varName attributeList\n\n" -"Create a new empty template and populate the attribute list\n" -" varName variable name of the new template\n" -" attributeList comma separated list of CKA_ATTRIBUTE types\n", - {ArgVar|ArgNew, ArgVar, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"NewMechanism", F_NewMechanism, -"NewMechanism varName mechanismType\n\n" -"Create a new CK_MECHANISM object with type NULL parameters and specified type\n" -" varName variable name of the new mechansim\n" -" mechanismType CKM_ mechanism type value to set int the type field\n", - {ArgVar|ArgNew, ArgULong, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"BuildTemplate", F_BuildTemplate, -"BuildTemplate template\n\n" -"Allocates space for the value in a template which has the sizes filled in,\n" -"but no values allocated yet.\n" -" template variable name of the template\n", - {ArgAttribute, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"SetTemplate", F_SetTemplate, -"SetTemplate template index value\n\n" -"Sets a particular element of a template to a CK_ULONG\n" -" template variable name of the template\n" -" index index into the template to the element to change\n" -" value 32 bit value to set in the template\n", - {ArgAttribute, ArgULong, ArgULong, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"SetString", F_SetStringVar, -"SetString varName string\n\n" -"Sets a particular variable to a string value\n" -" variable variable name of new string\n" -" string String to set the variable to\n", - {ArgVar|ArgNew, ArgVar, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"Set", F_SetVar, -"Set varName value\n\n" -"Sets a particular variable to CK_ULONG\n" -" variable name of the new variable\n" -" value 32 bit value to set variable to\n", - {ArgVar|ArgNew, ArgULong, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"Print", F_Print, -"Print varName\n\n" -"prints a variable\n" -" variable name of the variable to print\n", - {ArgVar, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"Delete", F_Delete, -"Delete varName\n\n" -"delete a variable\n" -" variable name of the variable to delete\n", - {ArgVar|ArgNew, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"Load", F_Load, -"load libraryName\n\n" -"load a pkcs #11 module\n" -" libraryName Name of a shared library\n", - {ArgVar, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"Save", F_SaveVar, -"Save filename variable\n\n" -"Saves the binary value of 'variable' in file 'filename'\n" -" fileName target file to save the variable in\n" -" variable variable to save\n", - {ArgVar|ArgNew, ArgVar, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"Restore", F_RestoreVar, -"Restore filename variable\n\n" -"Restores a variable from a file\n" -" fileName target file to restore the variable from\n" -" variable variable to restore\n", - {ArgVar|ArgNew, ArgVar, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"Increment", F_Increment, -"Increment variable value\n\n" -"Increment a variable by value\n", - {ArgVar, ArgULong, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"Decrement", F_Decrement, -"Decrement variable value\n\n" -"Decrement a variable by value\n", - {ArgVar, ArgULong, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"List", F_List, -"List all the variables\n", - {ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"Unload", F_Unload, -"Unload the currrently loaded PKCS #11 library\n", - {ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"Run", F_Run, -"Run filename\n\n" -"reads filename as script of commands to execute\n", - {ArgVar|ArgNew, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"Time", F_Time, -"Time pkcs11 command\n\n" -"Execute a pkcs #11 command and time the results\n", - {ArgVar|ArgFull, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"System", F_System, - "Set System Flag", - {ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"LoopRun", F_Loop, -"LoopRun filename var start end step\n\n" -"Run in a loop. Loop exit if scrip does and explicit quit (Quit QuitIf etc.)", - {ArgVar|ArgNew, ArgVar|ArgNew, ArgULong, ArgULong, ArgULong, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"Help", F_Help, -"Help [command]\n\n" -"print general help, or help for a specific command\n", - {ArgVar|ArgOpt, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"QuitIf", F_QuitIf, -"QuitIf arg1 comparator arg2\n\n" -"Exit from this program if Condition is valid, valid comparators:\n" -" < > <= >= = !=\n", - {ArgULong, ArgVar|ArgNew, ArgULong, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"QuitIfString", F_QuitIfString, -"QuitIfString arg1 comparator arg2\n\n" -"Exit from this program if Condition is valid, valid comparators:\n" -" = !=\n", - {ArgVar|ArgNew, ArgVar|ArgNew, ArgVar|ArgNew, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"Quit", F_Quit, -"Exit from this program", - {ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, -}; - -const Commands *commands= &_commands[0]; -const int commandCount = sizeof(_commands) / sizeof(_commands[0]); - -const Topics _topics[] = { - { "variables", -"Variables are random strings of characters. These should begin with alpha\n" -" characters, and should not contain any spaces, nor should they match any\n" -" built-in constants. There is some checking in the code for these things,\n" -" but it's not 100% and using invalid variable names can cause problems.\n" -" Variables are created by any 'OUT' parameter. If the variable does not\n" -" exist, it will be created. For in parameters variables must already exist.\n" - }, - { "constants", -"pk11util recognizes *lots* of constants. All CKA_, CKF_, CKO_, CKU_, CKS_,\n" -" CKC_, CKK_, CKH_, CKM_, CKT_ values from the PKCS #11 spec are recognized.\n" -" Constants can be specified with their fully qualified CK?_ value, or the\n" -" prefix can be dropped. Constants are matched case insensitve.\n" - }, - { "arrays", -"Arrays are special variables which represent 'C' arrays. Each array \n" -" variable can be referenced as a group (using just the name), or as \n" -" individual elements (with the [int] operator). Example:\n" -" print myArray # prints the full array.\n" -" print myArray[3] # prints the 3rd elemement of the array \n" - }, - { "sizes", -"Size operaters returns the size in bytes of a variable, or the number of\n" -" elements in an array.\n" -" size(var) and sizeof(var) return the size of var in bytes.\n" -" sizea(var) and sizeofarray(var) return the number of elements in var.\n" -" If var is not an array, sizea(var) returns 1.\n" - }, -}; - -const Topics *topics= &_topics[0]; -const int topicCount = sizeof(_topics) / sizeof(_topics[0]); - -const char * -getName(CK_ULONG value, ConstType type) -{ - int i; - - for (i=0; i < constCount; i++) { - if (consts[i].type == type && consts[i].value == value) { - return consts[i].name; - } - if (type == ConstNone && consts[i].value == value) { - return consts[i].name; - } - } - - return NULL; -} - -const char * -getNameFromAttribute(CK_ATTRIBUTE_TYPE type) -{ - return getName(type, ConstAttribute); -} - -int totalKnownType(ConstType type) { - int count = 0; - int i; - - for (i=0; i < constCount; i++) { - if (consts[i].type == type) count++; - } - return count; -} diff --git a/security/nss/cmd/lib/pk11table.h b/security/nss/cmd/lib/pk11table.h deleted file mode 100644 index cdc4325fc..000000000 --- a/security/nss/cmd/lib/pk11table.h +++ /dev/null @@ -1,180 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -#ifndef _PK11_TABLE_H_ -#define _PK11_TABLE_H_ - -/* - * Supported functions.. - */ -#include <pkcs11.h> -#include "nspr.h" -#include "prtypes.h" - -typedef enum { - F_No_Function, -#undef CK_NEED_ARG_LIST -#define CK_PKCS11_FUNCTION_INFO(func) F_##func, -#include "pkcs11f.h" -#undef CK_NEED_ARG_LISt -#undef CK_PKCS11_FUNCTION_INFO - F_SetVar, - F_SetStringVar, - F_NewArray, - F_NewInitializeArgs, - F_NewTemplate, - F_NewMechanism, - F_BuildTemplate, - F_SetTemplate, - F_Print, - F_SaveVar, - F_RestoreVar, - F_Increment, - F_Decrement, - F_Delete, - F_List, - F_Run, - F_Load, - F_Unload, - F_System, - F_Loop, - F_Time, - F_Help, - F_Quit, - F_QuitIf, - F_QuitIfString -} FunctionType; - -/* - * Supported Argument Types - */ -typedef enum { - ArgNone, - ArgVar, - ArgULong, - ArgChar, - ArgUTF8, - ArgInfo, - ArgSlotInfo, - ArgTokenInfo, - ArgSessionInfo, - ArgAttribute, - ArgMechanism, - ArgMechanismInfo, - ArgInitializeArgs, - ArgFunctionList, -/* Modifier Flags */ - ArgMask = 0xff, - ArgOut = 0x100, - ArgArray = 0x200, - ArgNew = 0x400, - ArgFile = 0x800, - ArgStatic = 0x1000, - ArgOpt = 0x2000, - ArgFull = 0x4000 -} ArgType; - -typedef enum _constType -{ - ConstNone, - ConstBool, - ConstInfoFlags, - ConstSlotFlags, - ConstTokenFlags, - ConstSessionFlags, - ConstMechanismFlags, - ConstInitializeFlags, - ConstUsers, - ConstSessionState, - ConstObject, - ConstHardware, - ConstKeyType, - ConstCertType, - ConstAttribute, - ConstMechanism, - ConstResult, - ConstTrust, - ConstAvailableSizes, - ConstCurrentSize -} ConstType; - -typedef struct _constant { - const char *name; - CK_ULONG value; - ConstType type; - ConstType attrType; -} Constant ; - -/* - * Values structures. - */ -typedef struct _values { - ArgType type; - ConstType constType; - int size; - char *filename; - void *data; - int reference; - int arraySize; -} Value; - -/* - * Variables - */ -typedef struct _variable Variable; -struct _variable { - Variable *next; - char *vname; - Value *value; -}; - -/* NOTE: if you change MAX_ARGS, you need to change the commands array - * below as well. - */ - -#define MAX_ARGS 10 -/* - * structure for master command array - */ -typedef struct _commands { - char *fname; - FunctionType fType; - char *helpString; - ArgType args[MAX_ARGS]; -} Commands; - -typedef struct _module { - PRLibrary *library; - CK_FUNCTION_LIST *functionList; -} Module; - -typedef struct _topics { - char *name; - char *helpString; -} Topics; - -/* - * the command array itself. Make name to function and it's arguments - */ - -extern const char **valueString; -extern const int valueCount; -extern const char **constTypeString; -extern const int constTypeCount; -extern const Constant *consts; -extern const int constCount; -extern const Commands *commands; -extern const int commandCount; -extern const Topics *topics; -extern const int topicCount; - -extern const char * -getName(CK_ULONG value, ConstType type); - -extern const char * -getNameFromAttribute(CK_ATTRIBUTE_TYPE type); - -extern int totalKnownType(ConstType type); - -#endif /* _PK11_TABLE_H_ */ - diff --git a/security/nss/cmd/lib/pppolicy.c b/security/nss/cmd/lib/pppolicy.c deleted file mode 100644 index b4dd46837..000000000 --- a/security/nss/cmd/lib/pppolicy.c +++ /dev/null @@ -1,267 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -/* - * Support for various policy related extensions - * - * $Id$ - */ - -#include "seccomon.h" -#include "secport.h" -#include "secder.h" -#include "cert.h" -#include "secoid.h" -#include "secasn1.h" -#include "secerr.h" -#include "nspr.h" -#include "secutil.h" - -/* This implementation is derived from the one in nss/lib/certdb/policyxtn.c . -** The chief difference is the addition of the OPTIONAL flag to many -** parts. The idea is to be able to parse and print as much of the -** policy extension as possible, even if some parts are invalid. -** -** If this approach still is unable to decode policy extensions that -** contain invalid parts, then the next approach will be to parse -** the PolicyInfos as a SEQUENCE of ANYs, and then parse each of them -** as PolicyInfos, with the PolicyQualifiers being ANYs, and finally -** parse each of the PolicyQualifiers. -*/ - -static const SEC_ASN1Template secu_PolicyQualifierTemplate[] = { - { SEC_ASN1_SEQUENCE, - 0, NULL, sizeof(CERTPolicyQualifier) }, - { SEC_ASN1_OBJECT_ID, - offsetof(CERTPolicyQualifier, qualifierID) }, - { SEC_ASN1_ANY | SEC_ASN1_OPTIONAL, - offsetof(CERTPolicyQualifier, qualifierValue) }, - { 0 } -}; - -static const SEC_ASN1Template secu_PolicyInfoTemplate[] = { - { SEC_ASN1_SEQUENCE, - 0, NULL, sizeof(CERTPolicyInfo) }, - { SEC_ASN1_OBJECT_ID, - offsetof(CERTPolicyInfo, policyID) }, - { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_OPTIONAL, - offsetof(CERTPolicyInfo, policyQualifiers), - secu_PolicyQualifierTemplate }, - { 0 } -}; - -static const SEC_ASN1Template secu_CertificatePoliciesTemplate[] = { - { SEC_ASN1_SEQUENCE_OF, - offsetof(CERTCertificatePolicies, policyInfos), - secu_PolicyInfoTemplate, sizeof(CERTCertificatePolicies) } -}; - - -static CERTCertificatePolicies * -secu_DecodeCertificatePoliciesExtension(SECItem *extnValue) -{ - PRArenaPool *arena = NULL; - SECStatus rv; - CERTCertificatePolicies *policies; - CERTPolicyInfo **policyInfos, *policyInfo; - CERTPolicyQualifier **policyQualifiers, *policyQualifier; - SECItem newExtnValue; - - /* make a new arena */ - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - - if ( !arena ) { - goto loser; - } - - /* allocate the certifiate policies structure */ - policies = PORT_ArenaZNew(arena, CERTCertificatePolicies); - if ( policies == NULL ) { - goto loser; - } - - policies->arena = arena; - - /* copy the DER into the arena, since Quick DER returns data that points - into the DER input, which may get freed by the caller */ - rv = SECITEM_CopyItem(arena, &newExtnValue, extnValue); - if ( rv != SECSuccess ) { - goto loser; - } - - /* decode the policy info */ - rv = SEC_QuickDERDecodeItem(arena, policies, - secu_CertificatePoliciesTemplate, - &newExtnValue); - - if ( rv != SECSuccess ) { - goto loser; - } - - /* initialize the oid tags */ - policyInfos = policies->policyInfos; - while (policyInfos != NULL && *policyInfos != NULL ) { - policyInfo = *policyInfos; - policyInfo->oid = SECOID_FindOIDTag(&policyInfo->policyID); - policyQualifiers = policyInfo->policyQualifiers; - while ( policyQualifiers && *policyQualifiers != NULL ) { - policyQualifier = *policyQualifiers; - policyQualifier->oid = - SECOID_FindOIDTag(&policyQualifier->qualifierID); - policyQualifiers++; - } - policyInfos++; - } - - return(policies); - -loser: - if ( arena != NULL ) { - PORT_FreeArena(arena, PR_FALSE); - } - - return(NULL); -} - - -static char * -itemToString(SECItem *item) -{ - char *string; - - string = PORT_ZAlloc(item->len+1); - if (string == NULL) return NULL; - PORT_Memcpy(string,item->data,item->len); - string[item->len] = 0; - return string; -} - -static SECStatus -secu_PrintUserNoticeQualifier(FILE *out, SECItem * qualifierValue, - char *msg, int level) -{ - CERTUserNotice *userNotice = NULL; - if (qualifierValue) - userNotice = CERT_DecodeUserNotice(qualifierValue); - if (userNotice) { - if (userNotice->noticeReference.organization.len != 0) { - char *string = - itemToString(&userNotice->noticeReference.organization); - SECItem **itemList = userNotice->noticeReference.noticeNumbers; - - while (itemList && *itemList) { - SECU_PrintInteger(out,*itemList,string,level+1); - itemList++; - } - PORT_Free(string); - } - if (userNotice->displayText.len != 0) { - SECU_PrintString(out,&userNotice->displayText, - "Display Text", level+1); - } - CERT_DestroyUserNotice(userNotice); - return SECSuccess; - } - return SECFailure; /* caller will print this value */ -} - -static SECStatus -secu_PrintPolicyQualifier(FILE *out,CERTPolicyQualifier *policyQualifier, - char *msg,int level) -{ - SECStatus rv; - SECItem * qualifierValue = &policyQualifier->qualifierValue; - - SECU_PrintObjectID(out, &policyQualifier->qualifierID , - "Policy Qualifier Name", level); - if (!qualifierValue->data) { - SECU_Indent(out, level); - fprintf(out,"Error: missing qualifier\n"); - } else - switch (policyQualifier->oid) { - case SEC_OID_PKIX_USER_NOTICE_QUALIFIER: - rv = secu_PrintUserNoticeQualifier(out, qualifierValue, msg, level); - if (SECSuccess == rv) - break; - /* fall through on error */ - case SEC_OID_PKIX_CPS_POINTER_QUALIFIER: - default: - SECU_PrintAny(out, qualifierValue, "Policy Qualifier Data", level); - break; - } - return SECSuccess; -} - -static SECStatus -secu_PrintPolicyInfo(FILE *out,CERTPolicyInfo *policyInfo,char *msg,int level) -{ - CERTPolicyQualifier **policyQualifiers; - - policyQualifiers = policyInfo->policyQualifiers; - SECU_PrintObjectID(out, &policyInfo->policyID , "Policy Name", level); - - while (policyQualifiers && *policyQualifiers != NULL) { - secu_PrintPolicyQualifier(out,*policyQualifiers,"",level+1); - policyQualifiers++; - } - return SECSuccess; -} - -void -SECU_PrintPolicy(FILE *out, SECItem *value, char *msg, int level) -{ - CERTCertificatePolicies *policies = NULL; - CERTPolicyInfo **policyInfos; - - if (msg) { - SECU_Indent(out, level); - fprintf(out,"%s: \n",msg); - level++; - } - policies = secu_DecodeCertificatePoliciesExtension(value); - if (policies == NULL) { - SECU_PrintAny(out, value, "Invalid Policy Data", level); - return; - } - - policyInfos = policies->policyInfos; - while (policyInfos && *policyInfos != NULL) { - secu_PrintPolicyInfo(out,*policyInfos,"",level); - policyInfos++; - } - - CERT_DestroyCertificatePoliciesExtension(policies); -} - - -void -SECU_PrintPrivKeyUsagePeriodExtension(FILE *out, SECItem *value, - char *msg, int level) -{ - CERTPrivKeyUsagePeriod * prd; - PLArenaPool * arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - - if ( !arena ) { - goto loser; - } - prd = CERT_DecodePrivKeyUsagePeriodExtension(arena, value); - if (!prd) { - goto loser; - } - if (prd->notBefore.data) { - SECU_PrintGeneralizedTime(out, &prd->notBefore, "Not Before", level); - } - if (prd->notAfter.data) { - SECU_PrintGeneralizedTime(out, &prd->notAfter, "Not After ", level); - } - if (!prd->notBefore.data && !prd->notAfter.data) { - SECU_Indent(out, level); - fprintf(out, "Error: notBefore or notAfter MUST be present.\n"); -loser: - SECU_PrintAny(out, value, msg, level); - } - if (arena) { - PORT_FreeArena(arena, PR_FALSE); - } -} diff --git a/security/nss/cmd/lib/secpwd.c b/security/nss/cmd/lib/secpwd.c deleted file mode 100644 index 2c4579d78..000000000 --- a/security/nss/cmd/lib/secpwd.c +++ /dev/null @@ -1,164 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -#include "secutil.h" - -/* - * NOTE: The contents of this file are NOT used by the client. - * (They are part of the security library as a whole, but they are - * NOT USED BY THE CLIENT.) Do not change things on behalf of the - * client (like localizing strings), or add things that are only - * for the client (put them elsewhere). - */ - - -#ifdef XP_UNIX -#include <termios.h> -#endif - -#if defined(XP_UNIX) || defined(XP_BEOS) -#include <unistd.h> /* for isatty() */ -#endif - -#if defined(_WINDOWS) -#include <conio.h> -#include <io.h> -#define QUIET_FGETS quiet_fgets -static char * quiet_fgets (char *buf, int length, FILE *input); -#else -#define QUIET_FGETS fgets -#endif - -static void echoOff(int fd) -{ -#if defined(XP_UNIX) - if (isatty(fd)) { - struct termios tio; - tcgetattr(fd, &tio); - tio.c_lflag &= ~ECHO; - tcsetattr(fd, TCSAFLUSH, &tio); - } -#endif -} - -static void echoOn(int fd) -{ -#if defined(XP_UNIX) - if (isatty(fd)) { - struct termios tio; - tcgetattr(fd, &tio); - tio.c_lflag |= ECHO; - tcsetattr(fd, TCSAFLUSH, &tio); - } -#endif -} - -char *SEC_GetPassword(FILE *input, FILE *output, char *prompt, - PRBool (*ok)(char *)) -{ -#if defined(_WINDOWS) - int isTTY = (input == stdin); -#define echoOn(x) -#define echoOff(x) -#else - int infd = fileno(input); - int isTTY = isatty(infd); -#endif - char phrase[200] = {'\0'}; /* ensure EOF doesn't return junk */ - - for (;;) { - /* Prompt for password */ - if (isTTY) { - fprintf(output, "%s", prompt); - fflush (output); - echoOff(infd); - } - - QUIET_FGETS ( phrase, sizeof(phrase), input); - - if (isTTY) { - fprintf(output, "\n"); - echoOn(infd); - } - - /* stomp on newline */ - phrase[PORT_Strlen(phrase)-1] = 0; - - /* Validate password */ - if (!(*ok)(phrase)) { - /* Not weird enough */ - if (!isTTY) return 0; - fprintf(output, "Password must be at least 8 characters long with one or more\n"); - fprintf(output, "non-alphabetic characters\n"); - continue; - } - return (char*) PORT_Strdup(phrase); - } -} - - - -PRBool SEC_CheckPassword(char *cp) -{ - int len; - char *end; - - len = PORT_Strlen(cp); - if (len < 8) { - return PR_FALSE; - } - end = cp + len; - while (cp < end) { - unsigned char ch = *cp++; - if (!((ch >= 'A') && (ch <= 'Z')) && - !((ch >= 'a') && (ch <= 'z'))) { - /* pass phrase has at least one non alphabetic in it */ - return PR_TRUE; - } - } - return PR_FALSE; -} - -PRBool SEC_BlindCheckPassword(char *cp) -{ - if (cp != NULL) { - return PR_TRUE; - } - return PR_FALSE; -} - -/* Get a password from the input terminal, without echoing */ - -#if defined(_WINDOWS) -static char * quiet_fgets (char *buf, int length, FILE *input) - { - int c; - char *end = buf; - - /* fflush (input); */ - memset (buf, 0, length); - - if (!isatty(fileno(input))) { - return fgets(buf,length,input); - } - - while (1) - { - c = getch(); /* getch gets a character from the console */ - - if (c == '\b') - { - if (end > buf) - end--; - } - - else if (--length > 0) - *end++ = c; - - if (!c || c == '\n' || c == '\r') - break; - } - - return buf; - } -#endif diff --git a/security/nss/cmd/lib/secutil.c b/security/nss/cmd/lib/secutil.c deleted file mode 100644 index cc62456cf..000000000 --- a/security/nss/cmd/lib/secutil.c +++ /dev/null @@ -1,3672 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* -** secutil.c - various functions used by security stuff -** -*/ - -#include "prtypes.h" -#include "prtime.h" -#include "prlong.h" -#include "prerror.h" -#include "prprf.h" -#include "plgetopt.h" -#include "prenv.h" -#include "prnetdb.h" - -#include "cryptohi.h" -#include "secutil.h" -#include "secpkcs7.h" -#include "secpkcs5.h" -#include <stdarg.h> -#include <sys/stat.h> -#include <errno.h> - -#ifdef XP_UNIX -#include <unistd.h> -#endif - -/* for SEC_TraverseNames */ -#include "cert.h" -#include "certt.h" -#include "certdb.h" - -/* #include "secmod.h" */ -#include "pk11func.h" -#include "secoid.h" - -static char consoleName[] = { -#ifdef XP_UNIX - "/dev/tty" -#else -#ifdef XP_OS2 - "\\DEV\\CON" -#else - "CON:" -#endif -#endif -}; - -#include "nssutil.h" -#include "ssl.h" -#include "sslproto.h" - - -static void -secu_ClearPassword(char *p) -{ - if (p) { - PORT_Memset(p, 0, PORT_Strlen(p)); - PORT_Free(p); - } -} - -char * -SECU_GetPasswordString(void *arg, char *prompt) -{ -#ifndef _WINDOWS - char *p = NULL; - FILE *input, *output; - - /* open terminal */ - input = fopen(consoleName, "r"); - if (input == NULL) { - fprintf(stderr, "Error opening input terminal for read\n"); - return NULL; - } - - output = fopen(consoleName, "w"); - if (output == NULL) { - fprintf(stderr, "Error opening output terminal for write\n"); - return NULL; - } - - p = SEC_GetPassword (input, output, prompt, SEC_BlindCheckPassword); - - - fclose(input); - fclose(output); - - return p; - -#else - /* Win32 version of above. opening the console may fail - on windows95, and certainly isn't necessary.. */ - - char *p = NULL; - - p = SEC_GetPassword (stdin, stdout, prompt, SEC_BlindCheckPassword); - return p; - -#endif -} - - -/* - * p a s s w o r d _ h a r d c o d e - * - * A function to use the password passed in the -f(pwfile) argument - * of the command line. - * After use once, null it out otherwise PKCS11 calls us forever.? - * - */ -char * -SECU_FilePasswd(PK11SlotInfo *slot, PRBool retry, void *arg) -{ - char* phrases, *phrase; - PRFileDesc *fd; - PRInt32 nb; - char *pwFile = arg; - int i; - const long maxPwdFileSize = 4096; - char* tokenName = NULL; - int tokenLen = 0; - - if (!pwFile) - return 0; - - if (retry) { - return 0; /* no good retrying - the files contents will be the same */ - } - - phrases = PORT_ZAlloc(maxPwdFileSize); - - if (!phrases) { - return 0; /* out of memory */ - } - - fd = PR_Open(pwFile, PR_RDONLY, 0); - if (!fd) { - fprintf(stderr, "No password file \"%s\" exists.\n", pwFile); - PORT_Free(phrases); - return NULL; - } - - nb = PR_Read(fd, phrases, maxPwdFileSize); - - PR_Close(fd); - - if (nb == 0) { - fprintf(stderr,"password file contains no data\n"); - PORT_Free(phrases); - return NULL; - } - - if (slot) { - tokenName = PK11_GetTokenName(slot); - if (tokenName) { - tokenLen = PORT_Strlen(tokenName); - } - } - i = 0; - do - { - int startphrase = i; - int phraseLen; - - /* handle the Windows EOL case */ - while (phrases[i] != '\r' && phrases[i] != '\n' && i < nb) i++; - /* terminate passphrase */ - phrases[i++] = '\0'; - /* clean up any EOL before the start of the next passphrase */ - while ( (i<nb) && (phrases[i] == '\r' || phrases[i] == '\n')) { - phrases[i++] = '\0'; - } - /* now analyze the current passphrase */ - phrase = &phrases[startphrase]; - if (!tokenName) - break; - if (PORT_Strncmp(phrase, tokenName, tokenLen)) continue; - phraseLen = PORT_Strlen(phrase); - if (phraseLen < (tokenLen+1)) continue; - if (phrase[tokenLen] != ':') continue; - phrase = &phrase[tokenLen+1]; - break; - - } while (i<nb); - - phrase = PORT_Strdup((char*)phrase); - PORT_Free(phrases); - return phrase; -} - -char * -SECU_GetModulePassword(PK11SlotInfo *slot, PRBool retry, void *arg) -{ - char prompt[255]; - secuPWData *pwdata = (secuPWData *)arg; - secuPWData pwnull = { PW_NONE, 0 }; - secuPWData pwxtrn = { PW_EXTERNAL, "external" }; - char *pw; - - if (pwdata == NULL) - pwdata = &pwnull; - - if (PK11_ProtectedAuthenticationPath(slot)) { - pwdata = &pwxtrn; - } - if (retry && pwdata->source != PW_NONE) { - PR_fprintf(PR_STDERR, "Incorrect password/PIN entered.\n"); - return NULL; - } - - switch (pwdata->source) { - case PW_NONE: - sprintf(prompt, "Enter Password or Pin for \"%s\":", - PK11_GetTokenName(slot)); - return SECU_GetPasswordString(NULL, prompt); - case PW_FROMFILE: - /* Instead of opening and closing the file every time, get the pw - * once, then keep it in memory (duh). - */ - pw = SECU_FilePasswd(slot, retry, pwdata->data); - pwdata->source = PW_PLAINTEXT; - pwdata->data = PL_strdup(pw); - /* it's already been dup'ed */ - return pw; - case PW_EXTERNAL: - sprintf(prompt, - "Press Enter, then enter PIN for \"%s\" on external device.\n", - PK11_GetTokenName(slot)); - (void) SECU_GetPasswordString(NULL, prompt); - /* Fall Through */ - case PW_PLAINTEXT: - return PL_strdup(pwdata->data); - default: - break; - } - - PR_fprintf(PR_STDERR, "Password check failed: No password found.\n"); - return NULL; -} - -char * -secu_InitSlotPassword(PK11SlotInfo *slot, PRBool retry, void *arg) -{ - char *p0 = NULL; - char *p1 = NULL; - FILE *input, *output; - secuPWData *pwdata = arg; - - if (pwdata->source == PW_FROMFILE) { - return SECU_FilePasswd(slot, retry, pwdata->data); - } - if (pwdata->source == PW_PLAINTEXT) { - return PL_strdup(pwdata->data); - } - - /* PW_NONE - get it from tty */ - /* open terminal */ -#ifdef _WINDOWS - input = stdin; -#else - input = fopen(consoleName, "r"); -#endif - if (input == NULL) { - PR_fprintf(PR_STDERR, "Error opening input terminal for read\n"); - return NULL; - } - - /* we have no password, so initialize database with one */ - PR_fprintf(PR_STDERR, - "Enter a password which will be used to encrypt your keys.\n" - "The password should be at least 8 characters long,\n" - "and should contain at least one non-alphabetic character.\n\n"); - - output = fopen(consoleName, "w"); - if (output == NULL) { - PR_fprintf(PR_STDERR, "Error opening output terminal for write\n"); - return NULL; - } - - - for (;;) { - if (p0) - PORT_Free(p0); - p0 = SEC_GetPassword(input, output, "Enter new password: ", - SEC_BlindCheckPassword); - - if (p1) - PORT_Free(p1); - p1 = SEC_GetPassword(input, output, "Re-enter password: ", - SEC_BlindCheckPassword); - if (p0 && p1 && !PORT_Strcmp(p0, p1)) { - break; - } - PR_fprintf(PR_STDERR, "Passwords do not match. Try again.\n"); - } - - /* clear out the duplicate password string */ - secu_ClearPassword(p1); - - fclose(input); - fclose(output); - - return p0; -} - -SECStatus -SECU_ChangePW(PK11SlotInfo *slot, char *passwd, char *pwFile) -{ - return SECU_ChangePW2(slot, passwd, 0, pwFile, 0); -} - -SECStatus -SECU_ChangePW2(PK11SlotInfo *slot, char *oldPass, char *newPass, - char *oldPwFile, char *newPwFile) -{ - SECStatus rv; - secuPWData pwdata, newpwdata; - char *oldpw = NULL, *newpw = NULL; - - if (oldPass) { - pwdata.source = PW_PLAINTEXT; - pwdata.data = oldPass; - } else if (oldPwFile) { - pwdata.source = PW_FROMFILE; - pwdata.data = oldPwFile; - } else { - pwdata.source = PW_NONE; - pwdata.data = NULL; - } - - if (newPass) { - newpwdata.source = PW_PLAINTEXT; - newpwdata.data = newPass; - } else if (newPwFile) { - newpwdata.source = PW_FROMFILE; - newpwdata.data = newPwFile; - } else { - newpwdata.source = PW_NONE; - newpwdata.data = NULL; - } - - if (PK11_NeedUserInit(slot)) { - newpw = secu_InitSlotPassword(slot, PR_FALSE, &pwdata); - rv = PK11_InitPin(slot, (char*)NULL, newpw); - goto done; - } - - for (;;) { - oldpw = SECU_GetModulePassword(slot, PR_FALSE, &pwdata); - - if (PK11_CheckUserPassword(slot, oldpw) != SECSuccess) { - if (pwdata.source == PW_NONE) { - PR_fprintf(PR_STDERR, "Invalid password. Try again.\n"); - } else { - PR_fprintf(PR_STDERR, "Invalid password.\n"); - PORT_Memset(oldpw, 0, PL_strlen(oldpw)); - PORT_Free(oldpw); - return SECFailure; - } - } else - break; - - PORT_Free(oldpw); - } - - newpw = secu_InitSlotPassword(slot, PR_FALSE, &newpwdata); - - if (PK11_ChangePW(slot, oldpw, newpw) != SECSuccess) { - PR_fprintf(PR_STDERR, "Failed to change password.\n"); - return SECFailure; - } - - PORT_Memset(oldpw, 0, PL_strlen(oldpw)); - PORT_Free(oldpw); - - PR_fprintf(PR_STDOUT, "Password changed successfully.\n"); - -done: - PORT_Memset(newpw, 0, PL_strlen(newpw)); - PORT_Free(newpw); - return SECSuccess; -} - -struct matchobj { - SECItem index; - char *nname; - PRBool found; -}; - -char * -SECU_DefaultSSLDir(void) -{ - char *dir; - static char sslDir[1000]; - - dir = PR_GetEnv("SSL_DIR"); - if (!dir) - return NULL; - - sprintf(sslDir, "%s", dir); - - if (sslDir[strlen(sslDir)-1] == '/') - sslDir[strlen(sslDir)-1] = 0; - - return sslDir; -} - -char * -SECU_AppendFilenameToDir(char *dir, char *filename) -{ - static char path[1000]; - - if (dir[strlen(dir)-1] == '/') - sprintf(path, "%s%s", dir, filename); - else - sprintf(path, "%s/%s", dir, filename); - return path; -} - -char * -SECU_ConfigDirectory(const char* base) -{ - static PRBool initted = PR_FALSE; - const char *dir = ".netscape"; - char *home; - static char buf[1000]; - - if (initted) return buf; - - - if (base == NULL || *base == 0) { - home = PR_GetEnv("HOME"); - if (!home) home = ""; - - if (*home && home[strlen(home) - 1] == '/') - sprintf (buf, "%.900s%s", home, dir); - else - sprintf (buf, "%.900s/%s", home, dir); - } else { - sprintf(buf, "%.900s", base); - if (buf[strlen(buf) - 1] == '/') - buf[strlen(buf) - 1] = 0; - } - - - initted = PR_TRUE; - return buf; -} - -/*Turn off SSL for now */ -/* This gets called by SSL when server wants our cert & key */ -int -SECU_GetClientAuthData(void *arg, PRFileDesc *fd, - struct CERTDistNamesStr *caNames, - struct CERTCertificateStr **pRetCert, - struct SECKEYPrivateKeyStr **pRetKey) -{ - SECKEYPrivateKey *key; - CERTCertificate *cert; - int errsave; - - if (arg == NULL) { - fprintf(stderr, "no key/cert name specified for client auth\n"); - return -1; - } - cert = PK11_FindCertFromNickname(arg, NULL); - errsave = PORT_GetError(); - if (!cert) { - if (errsave == SEC_ERROR_BAD_PASSWORD) - fprintf(stderr, "Bad password\n"); - else if (errsave > 0) - fprintf(stderr, "Unable to read cert (error %d)\n", errsave); - else if (errsave == SEC_ERROR_BAD_DATABASE) - fprintf(stderr, "Unable to get cert from database (%d)\n", errsave); - else - fprintf(stderr, "SECKEY_FindKeyByName: internal error %d\n", errsave); - return -1; - } - - key = PK11_FindKeyByAnyCert(arg,NULL); - if (!key) { - fprintf(stderr, "Unable to get key (%d)\n", PORT_GetError()); - return -1; - } - - - *pRetCert = cert; - *pRetKey = key; - - return 0; -} - -SECStatus -SECU_ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii) -{ - SECStatus rv; - if (ascii) { - /* First convert ascii to binary */ - SECItem filedata; - char *asc, *body; - - /* Read in ascii data */ - rv = SECU_FileToItem(&filedata, inFile); - asc = (char *)filedata.data; - if (!asc) { - fprintf(stderr, "unable to read data from input file\n"); - return SECFailure; - } - - /* check for headers and trailers and remove them */ - if ((body = strstr(asc, "-----BEGIN")) != NULL) { - char *trailer = NULL; - asc = body; - body = PORT_Strchr(body, '\n'); - if (!body) - body = PORT_Strchr(asc, '\r'); /* maybe this is a MAC file */ - if (body) - trailer = strstr(++body, "-----END"); - if (trailer != NULL) { - *trailer = '\0'; - } else { - fprintf(stderr, "input has header but no trailer\n"); - PORT_Free(filedata.data); - return SECFailure; - } - } else { - body = asc; - } - - /* Convert to binary */ - rv = ATOB_ConvertAsciiToItem(der, body); - if (rv) { - fprintf(stderr, "error converting ascii to binary (%s)\n", - SECU_Strerror(PORT_GetError())); - PORT_Free(filedata.data); - return SECFailure; - } - - PORT_Free(filedata.data); - } else { - /* Read in binary der */ - rv = SECU_FileToItem(der, inFile); - if (rv) { - fprintf(stderr, "error converting der (%s)\n", - SECU_Strerror(PORT_GetError())); - return SECFailure; - } - } - return SECSuccess; -} - -#define INDENT_MULT 4 - -SECStatus -SECU_StripTagAndLength(SECItem *i) -{ - unsigned int start; - - if (!i || !i->data || i->len < 2) { /* must be at least tag and length */ - return SECFailure; - } - start = ((i->data[1] & 0x80) ? (i->data[1] & 0x7f) + 2 : 2); - if (i->len < start) { - return SECFailure; - } - i->data += start; - i->len -= start; - return SECSuccess; -} - - - -static void -secu_PrintRawStringQuotesOptional(FILE *out, SECItem *si, const char *m, - int level, PRBool quotes) -{ - int column; - unsigned int i; - - if ( m ) { - SECU_Indent(out, level); fprintf(out, "%s: ", m); - column = (level * INDENT_MULT) + strlen(m) + 2; - level++; - } else { - SECU_Indent(out, level); - column = level*INDENT_MULT; - } - if (quotes) { - fprintf(out, "\""); column++; - } - - for (i = 0; i < si->len; i++) { - unsigned char val = si->data[i]; - if (SECU_GetWrapEnabled() && column > 76) { - SECU_Newline(out); - SECU_Indent(out, level); column = level*INDENT_MULT; - } - - fprintf(out,"%c", printable[val]); column++; - } - - if (quotes) { - fprintf(out, "\""); column++; - } - if (SECU_GetWrapEnabled() && - (column != level*INDENT_MULT || column > 76)) { - SECU_Newline(out); - } -} - -static void -secu_PrintRawString(FILE *out, SECItem *si, const char *m, int level) -{ - secu_PrintRawStringQuotesOptional(out, si, m, level, PR_TRUE); -} - -void -SECU_PrintString(FILE *out, SECItem *si, char *m, int level) -{ - SECItem my = *si; - - if (SECSuccess != SECU_StripTagAndLength(&my) || !my.len) - return; - secu_PrintRawString(out, &my, m, level); -} - -/* print an unencoded boolean */ -static void -secu_PrintBoolean(FILE *out, SECItem *i, const char *m, int level) -{ - int val = 0; - - if ( i->data && i->len ) { - val = i->data[0]; - } - - if (!m) { - m = "Boolean"; - } - SECU_Indent(out, level); - fprintf(out, "%s: %s\n", m, (val ? "True" : "False")); -} - -/* - * Format and print "time". If the tag message "m" is not NULL, - * do indent formatting based on "level" and add a newline afterward; - * otherwise just print the formatted time string only. - */ -static void -secu_PrintTime(FILE *out, int64 time, char *m, int level) -{ - PRExplodedTime printableTime; - char *timeString; - - /* Convert to local time */ - PR_ExplodeTime(time, PR_GMTParameters, &printableTime); - - timeString = PORT_Alloc(256); - if (timeString == NULL) - return; - - if (m != NULL) { - SECU_Indent(out, level); - fprintf(out, "%s: ", m); - } - - if (PR_FormatTime(timeString, 256, "%a %b %d %H:%M:%S %Y", &printableTime)) { - fputs(timeString, out); - } - - if (m != NULL) - fprintf(out, "\n"); - - PORT_Free(timeString); -} - -/* - * Format and print the UTC Time "t". If the tag message "m" is not NULL, - * do indent formatting based on "level" and add a newline afterward; - * otherwise just print the formatted time string only. - */ -void -SECU_PrintUTCTime(FILE *out, SECItem *t, char *m, int level) -{ - int64 time; - SECStatus rv; - - rv = DER_UTCTimeToTime(&time, t); - if (rv != SECSuccess) - return; - - secu_PrintTime(out, time, m, level); -} - -/* - * Format and print the Generalized Time "t". If the tag message "m" - * is not NULL, * do indent formatting based on "level" and add a newline - * afterward; otherwise just print the formatted time string only. - */ -void -SECU_PrintGeneralizedTime(FILE *out, SECItem *t, char *m, int level) -{ - int64 time; - SECStatus rv; - - - rv = DER_GeneralizedTimeToTime(&time, t); - if (rv != SECSuccess) - return; - - secu_PrintTime(out, time, m, level); -} - -/* - * Format and print the UTC or Generalized Time "t". If the tag message - * "m" is not NULL, do indent formatting based on "level" and add a newline - * afterward; otherwise just print the formatted time string only. - */ -void -SECU_PrintTimeChoice(FILE *out, SECItem *t, char *m, int level) -{ - switch (t->type) { - case siUTCTime: - SECU_PrintUTCTime(out, t, m, level); - break; - - case siGeneralizedTime: - SECU_PrintGeneralizedTime(out, t, m, level); - break; - - default: - PORT_Assert(0); - break; - } -} - - -/* This prints a SET or SEQUENCE */ -void -SECU_PrintSet(FILE *out, SECItem *t, char *m, int level) -{ - int type = t->data[0] & SEC_ASN1_TAGNUM_MASK; - int constructed = t->data[0] & SEC_ASN1_CONSTRUCTED; - const char * label; - SECItem my = *t; - - if (!constructed) { - SECU_PrintAsHex(out, t, m, level); - return; - } - if (SECSuccess != SECU_StripTagAndLength(&my)) - return; - - SECU_Indent(out, level); - if (m) { - fprintf(out, "%s: ", m); - } - - if (type == SEC_ASN1_SET) - label = "Set "; - else if (type == SEC_ASN1_SEQUENCE) - label = "Sequence "; - else - label = ""; - fprintf(out,"%s{\n", label); /* } */ - - while (my.len >= 2) { - SECItem tmp = my; - - if (tmp.data[1] & 0x80) { - unsigned int i; - unsigned int lenlen = tmp.data[1] & 0x7f; - if (lenlen > sizeof tmp.len) - break; - tmp.len = 0; - for (i=0; i < lenlen; i++) { - tmp.len = (tmp.len << 8) | tmp.data[2+i]; - } - tmp.len += lenlen + 2; - } else { - tmp.len = tmp.data[1] + 2; - } - if (tmp.len > my.len) { - tmp.len = my.len; - } - my.data += tmp.len; - my.len -= tmp.len; - SECU_PrintAny(out, &tmp, NULL, level + 1); - } - SECU_Indent(out, level); fprintf(out, /* { */ "}\n"); -} - -static void -secu_PrintContextSpecific(FILE *out, SECItem *i, char *m, int level) -{ - int type = i->data[0] & SEC_ASN1_TAGNUM_MASK; - int constructed = i->data[0] & SEC_ASN1_CONSTRUCTED; - SECItem tmp; - - if (constructed) { - char * m2; - if (!m) - m2 = PR_smprintf("[%d]", type); - else - m2 = PR_smprintf("%s: [%d]", m, type); - if (m2) { - SECU_PrintSet(out, i, m2, level); - PR_smprintf_free(m2); - } - return; - } - - SECU_Indent(out, level); - if (m) { - fprintf(out, "%s: ", m); - } - fprintf(out,"[%d]\n", type); - - tmp = *i; - if (SECSuccess == SECU_StripTagAndLength(&tmp)) - SECU_PrintAsHex(out, &tmp, m, level+1); -} - -static void -secu_PrintOctetString(FILE *out, SECItem *i, char *m, int level) -{ - SECItem tmp = *i; - if (SECSuccess == SECU_StripTagAndLength(&tmp)) - SECU_PrintAsHex(out, &tmp, m, level); -} - -static void -secu_PrintBitString(FILE *out, SECItem *i, char *m, int level) -{ - int unused_bits; - SECItem tmp = *i; - - if (SECSuccess != SECU_StripTagAndLength(&tmp) || tmp.len < 2) - return; - - unused_bits = *tmp.data++; - tmp.len--; - - SECU_PrintAsHex(out, &tmp, m, level); - if (unused_bits) { - SECU_Indent(out, level + 1); - fprintf(out, "(%d least significant bits unused)\n", unused_bits); - } -} - -/* in a decoded bit string, the len member is a bit length. */ -static void -secu_PrintDecodedBitString(FILE *out, SECItem *i, char *m, int level) -{ - int unused_bits; - SECItem tmp = *i; - - - unused_bits = (tmp.len & 0x7) ? 8 - (tmp.len & 7) : 0; - DER_ConvertBitString(&tmp); /* convert length to byte length */ - - SECU_PrintAsHex(out, &tmp, m, level); - if (unused_bits) { - SECU_Indent(out, level + 1); - fprintf(out, "(%d least significant bits unused)\n", unused_bits); - } -} - - -/* Print a DER encoded Boolean */ -void -SECU_PrintEncodedBoolean(FILE *out, SECItem *i, char *m, int level) -{ - SECItem my = *i; - if (SECSuccess == SECU_StripTagAndLength(&my)) - secu_PrintBoolean(out, &my, m, level); -} - -/* Print a DER encoded integer */ -void -SECU_PrintEncodedInteger(FILE *out, SECItem *i, char *m, int level) -{ - SECItem my = *i; - if (SECSuccess == SECU_StripTagAndLength(&my)) - SECU_PrintInteger(out, &my, m, level); -} - -/* Print a DER encoded OID */ -void -SECU_PrintEncodedObjectID(FILE *out, SECItem *i, char *m, int level) -{ - SECItem my = *i; - if (SECSuccess == SECU_StripTagAndLength(&my)) - SECU_PrintObjectID(out, &my, m, level); -} - -static void -secu_PrintBMPString(FILE *out, SECItem *i, char *m, int level) -{ - unsigned char * s; - unsigned char * d; - int len; - SECItem tmp = {0, 0, 0}; - SECItem my = *i; - - if (SECSuccess != SECU_StripTagAndLength(&my)) - goto loser; - if (my.len % 2) - goto loser; - len = (int)(my.len / 2); - tmp.data = (unsigned char *)PORT_Alloc(len); - if (!tmp.data) - goto loser; - tmp.len = len; - for (s = my.data, d = tmp.data ; len > 0; len--) { - PRUint32 bmpChar = (s[0] << 8) | s[1]; s += 2; - if (!isprint(bmpChar)) - goto loser; - *d++ = (unsigned char)bmpChar; - } - secu_PrintRawString(out, &tmp, m, level); - PORT_Free(tmp.data); - return; - -loser: - SECU_PrintAsHex(out, i, m, level); - if (tmp.data) - PORT_Free(tmp.data); -} - -static void -secu_PrintUniversalString(FILE *out, SECItem *i, char *m, int level) -{ - unsigned char * s; - unsigned char * d; - int len; - SECItem tmp = {0, 0, 0}; - SECItem my = *i; - - if (SECSuccess != SECU_StripTagAndLength(&my)) - goto loser; - if (my.len % 4) - goto loser; - len = (int)(my.len / 4); - tmp.data = (unsigned char *)PORT_Alloc(len); - if (!tmp.data) - goto loser; - tmp.len = len; - for (s = my.data, d = tmp.data ; len > 0; len--) { - PRUint32 bmpChar = (s[0] << 24) | (s[1] << 16) | (s[2] << 8) | s[3]; - s += 4; - if (!isprint(bmpChar)) - goto loser; - *d++ = (unsigned char)bmpChar; - } - secu_PrintRawString(out, &tmp, m, level); - PORT_Free(tmp.data); - return; - -loser: - SECU_PrintAsHex(out, i, m, level); - if (tmp.data) - PORT_Free(tmp.data); -} - -static void -secu_PrintUniversal(FILE *out, SECItem *i, char *m, int level) -{ - switch (i->data[0] & SEC_ASN1_TAGNUM_MASK) { - case SEC_ASN1_ENUMERATED: - case SEC_ASN1_INTEGER: - SECU_PrintEncodedInteger(out, i, m, level); - break; - case SEC_ASN1_OBJECT_ID: - SECU_PrintEncodedObjectID(out, i, m, level); - break; - case SEC_ASN1_BOOLEAN: - SECU_PrintEncodedBoolean(out, i, m, level); - break; - case SEC_ASN1_UTF8_STRING: - case SEC_ASN1_PRINTABLE_STRING: - case SEC_ASN1_VISIBLE_STRING: - case SEC_ASN1_IA5_STRING: - case SEC_ASN1_T61_STRING: - SECU_PrintString(out, i, m, level); - break; - case SEC_ASN1_GENERALIZED_TIME: - SECU_PrintGeneralizedTime(out, i, m, level); - break; - case SEC_ASN1_UTC_TIME: - SECU_PrintUTCTime(out, i, m, level); - break; - case SEC_ASN1_NULL: - SECU_Indent(out, level); - if (m && m[0]) - fprintf(out, "%s: NULL\n", m); - else - fprintf(out, "NULL\n"); - break; - case SEC_ASN1_SET: - case SEC_ASN1_SEQUENCE: - SECU_PrintSet(out, i, m, level); - break; - case SEC_ASN1_OCTET_STRING: - secu_PrintOctetString(out, i, m, level); - break; - case SEC_ASN1_BIT_STRING: - secu_PrintBitString(out, i, m, level); - break; - case SEC_ASN1_BMP_STRING: - secu_PrintBMPString(out, i, m, level); - break; - case SEC_ASN1_UNIVERSAL_STRING: - secu_PrintUniversalString(out, i, m, level); - break; - default: - SECU_PrintAsHex(out, i, m, level); - break; - } -} - -void -SECU_PrintAny(FILE *out, SECItem *i, char *m, int level) -{ - if ( i && i->len && i->data ) { - switch (i->data[0] & SEC_ASN1_CLASS_MASK) { - case SEC_ASN1_CONTEXT_SPECIFIC: - secu_PrintContextSpecific(out, i, m, level); - break; - case SEC_ASN1_UNIVERSAL: - secu_PrintUniversal(out, i, m, level); - break; - default: - SECU_PrintAsHex(out, i, m, level); - break; - } - } -} - -static int -secu_PrintValidity(FILE *out, CERTValidity *v, char *m, int level) -{ - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintTimeChoice(out, &v->notBefore, "Not Before", level+1); - SECU_PrintTimeChoice(out, &v->notAfter, "Not After ", level+1); - return 0; -} - -/* This function does NOT expect a DER type and length. */ -SECOidTag -SECU_PrintObjectID(FILE *out, SECItem *oid, char *m, int level) -{ - SECOidData *oiddata; - char * oidString = NULL; - - oiddata = SECOID_FindOID(oid); - if (oiddata != NULL) { - const char *name = oiddata->desc; - SECU_Indent(out, level); - if (m != NULL) - fprintf(out, "%s: ", m); - fprintf(out, "%s\n", name); - return oiddata->offset; - } - oidString = CERT_GetOidString(oid); - if (oidString) { - SECU_Indent(out, level); - if (m != NULL) - fprintf(out, "%s: ", m); - fprintf(out, "%s\n", oidString); - PR_smprintf_free(oidString); - return SEC_OID_UNKNOWN; - } - SECU_PrintAsHex(out, oid, m, level); - return SEC_OID_UNKNOWN; -} - -typedef struct secuPBEParamsStr { - SECItem salt; - SECItem iterationCount; - SECItem keyLength; - SECAlgorithmID cipherAlg; - SECAlgorithmID kdfAlg; -} secuPBEParams; - -SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate) - -/* SECOID_PKCS5_PBKDF2 */ -const SEC_ASN1Template secuKDF2Params[] = -{ - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(secuPBEParams) }, - { SEC_ASN1_OCTET_STRING, offsetof(secuPBEParams, salt) }, - { SEC_ASN1_INTEGER, offsetof(secuPBEParams, iterationCount) }, - { SEC_ASN1_INTEGER, offsetof(secuPBEParams, keyLength) }, - { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(secuPBEParams, kdfAlg), - SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, - { 0 } -}; - -/* PKCS5v1 & PKCS12 */ -const SEC_ASN1Template secuPBEParamsTemp[] = -{ - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(secuPBEParams) }, - { SEC_ASN1_OCTET_STRING, offsetof(secuPBEParams, salt) }, - { SEC_ASN1_INTEGER, offsetof(secuPBEParams, iterationCount) }, - { 0 } -}; - -/* SEC_OID_PKCS5_PBES2, SEC_OID_PKCS5_PBMAC1 */ -const SEC_ASN1Template secuPBEV2Params[] = -{ - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(secuPBEParams)}, - { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(secuPBEParams, kdfAlg), - SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, - { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(secuPBEParams, cipherAlg), - SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, - { 0 } -}; - -void -secu_PrintRSAPSSParams(FILE *out, SECItem *value, char *m, int level) -{ - PRArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - SECStatus rv; - SECKEYRSAPSSParams param; - SECAlgorithmID maskHashAlg; - - if (m) { - SECU_Indent(out, level); - fprintf (out, "%s:\n", m); - } - - if (!pool) { - SECU_Indent(out, level); - fprintf(out, "Out of memory\n"); - return; - } - - PORT_Memset(¶m, 0, sizeof param); - - rv = SEC_QuickDERDecodeItem(pool, ¶m, - SEC_ASN1_GET(SECKEY_RSAPSSParamsTemplate), - value); - if (rv == SECSuccess) { - if (!param.hashAlg) { - SECU_Indent(out, level+1); - fprintf(out, "Hash algorithm: default, SHA-1\n"); - } else { - SECU_PrintObjectID(out, ¶m.hashAlg->algorithm, - "Hash algorithm", level+1); - } - if (!param.maskAlg) { - SECU_Indent(out, level+1); - fprintf(out, "Mask algorithm: default, MGF1\n"); - SECU_Indent(out, level+1); - fprintf(out, "Mask hash algorithm: default, SHA-1\n"); - } else { - SECU_PrintObjectID(out, ¶m.maskAlg->algorithm, - "Mask algorithm", level+1); - rv = SEC_QuickDERDecodeItem(pool, &maskHashAlg, - SEC_ASN1_GET(SECOID_AlgorithmIDTemplate), - ¶m.maskAlg->parameters); - if (rv == SECSuccess) { - SECU_PrintObjectID(out, &maskHashAlg.algorithm, - "Mask hash algorithm", level+1); - } else { - SECU_Indent(out, level+1); - fprintf(out, "Invalid mask generation algorithm parameters\n"); - } - } - if (!param.saltLength.data) { - SECU_Indent(out, level+1); - fprintf(out, "Salt length: default, %i (0x%2X)\n", 20, 20); - } else { - SECU_PrintInteger(out, ¶m.saltLength, "Salt Length", level+1); - } - } else { - SECU_Indent(out, level+1); - fprintf(out, "Invalid RSA-PSS parameters\n"); - } - PORT_FreeArena(pool, PR_FALSE); -} - -void -secu_PrintKDF2Params(FILE *out, SECItem *value, char *m, int level) -{ - PRArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - SECStatus rv; - secuPBEParams param; - - if (m) { - SECU_Indent(out, level); - fprintf (out, "%s:\n", m); - } - - if (!pool) { - SECU_Indent(out, level); - fprintf(out, "Out of memory\n"); - return; - } - - PORT_Memset(¶m, 0, sizeof param); - rv = SEC_QuickDERDecodeItem(pool, ¶m, secuKDF2Params, value); - if (rv == SECSuccess) { - SECU_PrintAsHex(out, ¶m.salt, "Salt", level+1); - SECU_PrintInteger(out, ¶m.iterationCount, "Iteration Count", - level+1); - SECU_PrintInteger(out, ¶m.keyLength, "Key Length", level+1); - SECU_PrintAlgorithmID(out, ¶m.kdfAlg, "KDF algorithm", level+1); - } - PORT_FreeArena(pool, PR_FALSE); -} - -void -secu_PrintPKCS5V2Params(FILE *out, SECItem *value, char *m, int level) -{ - PRArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - SECStatus rv; - secuPBEParams param; - - if (m) { - SECU_Indent(out, level); - fprintf (out, "%s:\n", m); - } - - if (!pool) { - SECU_Indent(out, level); - fprintf(out, "Out of memory\n"); - return; - } - - PORT_Memset(¶m, 0, sizeof param); - rv = SEC_QuickDERDecodeItem(pool, ¶m, secuPBEV2Params, value); - if (rv == SECSuccess) { - SECU_PrintAlgorithmID(out, ¶m.kdfAlg, "KDF", level+1); - SECU_PrintAlgorithmID(out, ¶m.cipherAlg, "Cipher", level+1); - } - PORT_FreeArena(pool, PR_FALSE); -} - -void -secu_PrintPBEParams(FILE *out, SECItem *value, char *m, int level) -{ - PRArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - SECStatus rv; - secuPBEParams param; - - if (m) { - SECU_Indent(out, level); - fprintf (out, "%s:\n", m); - } - - if (!pool) { - SECU_Indent(out, level); - fprintf(out, "Out of memory\n"); - return; - } - - PORT_Memset(¶m, 0, sizeof(secuPBEParams)); - rv = SEC_QuickDERDecodeItem(pool, ¶m, secuPBEParamsTemp, value); - if (rv == SECSuccess) { - SECU_PrintAsHex(out, ¶m.salt, "Salt", level+1); - SECU_PrintInteger(out, ¶m.iterationCount, "Iteration Count", - level+1); - } - PORT_FreeArena(pool, PR_FALSE); -} - -/* This function does NOT expect a DER type and length. */ -void -SECU_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m, int level) -{ - SECOidTag algtag; - SECU_PrintObjectID(out, &a->algorithm, m, level); - - algtag = SECOID_GetAlgorithmTag(a); - if (SEC_PKCS5IsAlgorithmPBEAlgTag(algtag)) { - switch (algtag) { - case SEC_OID_PKCS5_PBKDF2: - secu_PrintKDF2Params(out, &a->parameters, "Parameters", level+1); - break; - case SEC_OID_PKCS5_PBES2: - secu_PrintPKCS5V2Params(out, &a->parameters, "Encryption", level+1); - break; - case SEC_OID_PKCS5_PBMAC1: - secu_PrintPKCS5V2Params(out, &a->parameters, "MAC", level+1); - break; - default: - secu_PrintPBEParams(out, &a->parameters, "Parameters", level+1); - break; - } - return; - } - - if (algtag == SEC_OID_PKCS1_RSA_PSS_SIGNATURE) { - secu_PrintRSAPSSParams(out, &a->parameters, "Parameters", level+1); - return; - } - - if (a->parameters.len == 0 - || (a->parameters.len == 2 - && PORT_Memcmp(a->parameters.data, "\005\000", 2) == 0)) { - /* No arguments or NULL argument */ - } else { - /* Print args to algorithm */ - SECU_PrintAsHex(out, &a->parameters, "Args", level+1); - } -} - -static void -secu_PrintAttribute(FILE *out, SEC_PKCS7Attribute *attr, char *m, int level) -{ - SECItem *value; - int i; - char om[100]; - - if (m) { - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - } - - /* - * Should make this smarter; look at the type field and then decode - * and print the value(s) appropriately! - */ - SECU_PrintObjectID(out, &(attr->type), "Type", level+1); - if (attr->values != NULL) { - i = 0; - while ((value = attr->values[i++]) != NULL) { - sprintf(om, "Value (%d)%s", i, attr->encoded ? " (encoded)" : ""); - if (attr->encoded || attr->typeTag == NULL) { - SECU_PrintAny(out, value, om, level+1); - } else { - switch (attr->typeTag->offset) { - default: - SECU_PrintAsHex(out, value, om, level+1); - break; - case SEC_OID_PKCS9_CONTENT_TYPE: - SECU_PrintObjectID(out, value, om, level+1); - break; - case SEC_OID_PKCS9_SIGNING_TIME: - SECU_PrintTimeChoice(out, value, om, level+1); - break; - } - } - } - } -} - -#ifdef NSS_ENABLE_ECC -static void -secu_PrintECPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level) -{ - SECItem curveOID = { siBuffer, NULL, 0}; - - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintInteger(out, &pk->u.ec.publicValue, "PublicValue", level+1); - /* For named curves, the DEREncodedParams field contains an - * ASN Object ID (0x06 is SEC_ASN1_OBJECT_ID). - */ - if ((pk->u.ec.DEREncodedParams.len > 2) && - (pk->u.ec.DEREncodedParams.data[0] == 0x06)) { - curveOID.len = pk->u.ec.DEREncodedParams.data[1]; - curveOID.data = pk->u.ec.DEREncodedParams.data + 2; - SECU_PrintObjectID(out, &curveOID, "Curve", level +1); - } -} -#endif /* NSS_ENABLE_ECC */ - -void -SECU_PrintRSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level) -{ - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintInteger(out, &pk->u.rsa.modulus, "Modulus", level+1); - SECU_PrintInteger(out, &pk->u.rsa.publicExponent, "Exponent", level+1); - if (pk->u.rsa.publicExponent.len == 1 && - pk->u.rsa.publicExponent.data[0] == 1) { - SECU_Indent(out, level +1); fprintf(out, "Error: INVALID RSA KEY!\n"); - } -} - -void -SECU_PrintDSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level) -{ - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintInteger(out, &pk->u.dsa.params.prime, "Prime", level+1); - SECU_PrintInteger(out, &pk->u.dsa.params.subPrime, "Subprime", level+1); - SECU_PrintInteger(out, &pk->u.dsa.params.base, "Base", level+1); - SECU_PrintInteger(out, &pk->u.dsa.publicValue, "PublicValue", level+1); -} - -static void -secu_PrintSubjectPublicKeyInfo(FILE *out, PRArenaPool *arena, - CERTSubjectPublicKeyInfo *i, char *msg, int level) -{ - SECKEYPublicKey *pk; - - SECU_Indent(out, level); fprintf(out, "%s:\n", msg); - SECU_PrintAlgorithmID(out, &i->algorithm, "Public Key Algorithm", level+1); - - pk = SECKEY_ExtractPublicKey(i); - if (pk) { - switch (pk->keyType) { - case rsaKey: - SECU_PrintRSAPublicKey(out, pk, "RSA Public Key", level +1); - break; - - case dsaKey: - SECU_PrintDSAPublicKey(out, pk, "DSA Public Key", level +1); - break; - -#ifdef NSS_ENABLE_ECC - case ecKey: - secu_PrintECPublicKey(out, pk, "EC Public Key", level +1); - break; -#endif - - case dhKey: - case fortezzaKey: - case keaKey: - SECU_Indent(out, level); - fprintf(out, "unable to format this SPKI algorithm type\n"); - goto loser; - default: - SECU_Indent(out, level); - fprintf(out, "unknown SPKI algorithm type\n"); - goto loser; - } - PORT_FreeArena(pk->arena, PR_FALSE); - } else { - SECU_PrintErrMsg(out, level, "Error", "Parsing public key"); -loser: - if (i->subjectPublicKey.data) { - SECU_PrintAny(out, &i->subjectPublicKey, "Raw", level); - } - } -} - -int -SECU_PrintDumpDerIssuerAndSerial(FILE *out, SECItem *der, char *m, - int level) -{ - PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - CERTCertificate *c; - int rv = SEC_ERROR_NO_MEMORY; - char *derIssuerB64; - char *derSerialB64; - - if (!arena) - return rv; - - /* Decode certificate */ - c = PORT_ArenaZNew(arena, CERTCertificate); - if (!c) - goto loser; - c->arena = arena; - rv = SEC_ASN1DecodeItem(arena, c, - SEC_ASN1_GET(CERT_CertificateTemplate), der); - if (rv) { - SECU_PrintErrMsg(out, 0, "Error", "Parsing extension"); - goto loser; - } - - SECU_PrintName(out, &c->subject, "Subject", 0); - fprintf(out, "\n"); - SECU_PrintName(out, &c->issuer, "Issuer", 0); - fprintf(out, "\n"); - SECU_PrintInteger(out, &c->serialNumber, "Serial Number", 0); - - derIssuerB64 = BTOA_ConvertItemToAscii(&c->derIssuer); - derSerialB64 = BTOA_ConvertItemToAscii(&c->serialNumber); - fprintf(out, "Issuer DER Base64:\n%s\n", derIssuerB64); - fprintf(out, "Serial DER Base64:\n%s\n", derSerialB64); - PORT_Free(derIssuerB64); - PORT_Free(derSerialB64); - - fprintf(out, "Serial DER as C source: \n{ %d, \"", c->serialNumber.len); - - { - int i; - for (i=0; i < c->serialNumber.len; ++i) { - unsigned char *chardata = (unsigned char*)(c->serialNumber.data); - unsigned char c = *(chardata + i); - - fprintf(out, "\\x%02x", c); - } - fprintf(out, "\" }\n"); - } - -loser: - PORT_FreeArena(arena, PR_FALSE); - return rv; -} - -static SECStatus -secu_PrintX509InvalidDate(FILE *out, SECItem *value, char *msg, int level) -{ - SECItem decodedValue; - SECStatus rv; - int64 invalidTime; - char *formattedTime = NULL; - - decodedValue.data = NULL; - rv = SEC_ASN1DecodeItem (NULL, &decodedValue, - SEC_ASN1_GET(SEC_GeneralizedTimeTemplate), - value); - if (rv == SECSuccess) { - rv = DER_GeneralizedTimeToTime(&invalidTime, &decodedValue); - if (rv == SECSuccess) { - formattedTime = CERT_GenTime2FormattedAscii - (invalidTime, "%a %b %d %H:%M:%S %Y"); - SECU_Indent(out, level +1); - fprintf (out, "%s: %s\n", msg, formattedTime); - PORT_Free (formattedTime); - } - } - PORT_Free (decodedValue.data); - return (rv); -} - -static SECStatus -PrintExtKeyUsageExtension (FILE *out, SECItem *value, char *msg, int level) -{ - CERTOidSequence *os; - SECItem **op; - - os = CERT_DecodeOidSequence(value); - if( (CERTOidSequence *)NULL == os ) { - return SECFailure; - } - - for( op = os->oids; *op; op++ ) { - SECU_PrintObjectID(out, *op, msg, level + 1); - } - CERT_DestroyOidSequence(os); - return SECSuccess; -} - -static SECStatus -secu_PrintBasicConstraints(FILE *out, SECItem *value, char *msg, int level) { - CERTBasicConstraints constraints; - SECStatus rv; - - SECU_Indent(out, level); - if (msg) { - fprintf(out,"%s: ",msg); - } - rv = CERT_DecodeBasicConstraintValue(&constraints,value); - if (rv == SECSuccess && constraints.isCA) { - if (constraints.pathLenConstraint >= 0) { - fprintf(out,"Is a CA with a maximum path length of %d.\n", - constraints.pathLenConstraint); - } else { - fprintf(out,"Is a CA with no maximum path length.\n"); - } - } else { - fprintf(out,"Is not a CA.\n"); - } - return SECSuccess; -} - -static const char * const nsTypeBits[] = { - "SSL Client", - "SSL Server", - "S/MIME", - "Object Signing", - "Reserved", - "SSL CA", - "S/MIME CA", - "ObjectSigning CA" -}; - -/* NSCertType is merely a bit string whose bits are displayed symbolically */ -static SECStatus -secu_PrintNSCertType(FILE *out, SECItem *value, char *msg, int level) -{ - int unused; - int NS_Type; - int i; - int found = 0; - SECItem my = *value; - - if ((my.data[0] != SEC_ASN1_BIT_STRING) || - SECSuccess != SECU_StripTagAndLength(&my)) { - SECU_PrintAny(out, value, "Data", level); - return SECSuccess; - } - - unused = (my.len == 2) ? (my.data[0] & 0x0f) : 0; - NS_Type = my.data[1] & (0xff << unused); - - - SECU_Indent(out, level); - if (msg) { - fprintf(out,"%s: ",msg); - } else { - fprintf(out,"Netscape Certificate Type: "); - } - for (i=0; i < 8; i++) { - if ( (0x80 >> i) & NS_Type) { - fprintf(out, "%c%s", (found ? ',' : '<'), nsTypeBits[i]); - found = 1; - } - } - fprintf(out, (found ? ">\n" : "none\n")); - return SECSuccess; -} - -static const char * const usageBits[] = { - "Digital Signature", /* 0x80 */ - "Non-Repudiation", /* 0x40 */ - "Key Encipherment", /* 0x20 */ - "Data Encipherment", /* 0x10 */ - "Key Agreement", /* 0x08 */ - "Certificate Signing", /* 0x04 */ - "CRL Signing", /* 0x02 */ - "Encipher Only", /* 0x01 */ - "Decipher Only", /* 0x0080 */ - NULL -}; - -/* X509KeyUsage is merely a bit string whose bits are displayed symbolically */ -static void -secu_PrintX509KeyUsage(FILE *out, SECItem *value, char *msg, int level) -{ - int unused; - int usage; - int i; - int found = 0; - SECItem my = *value; - - if ((my.data[0] != SEC_ASN1_BIT_STRING) || - SECSuccess != SECU_StripTagAndLength(&my)) { - SECU_PrintAny(out, value, "Data", level); - return; - } - - unused = (my.len >= 2) ? (my.data[0] & 0x0f) : 0; - usage = (my.len == 2) ? (my.data[1] & (0xff << unused)) << 8 - : (my.data[1] << 8) | - (my.data[2] & (0xff << unused)); - - SECU_Indent(out, level); - fprintf(out, "Usages: "); - for (i=0; usageBits[i]; i++) { - if ( (0x8000 >> i) & usage) { - if (found) - SECU_Indent(out, level + 2); - fprintf(out, "%s\n", usageBits[i]); - found = 1; - } - } - if (!found) { - fprintf(out, "(none)\n"); - } -} - -static void -secu_PrintIPAddress(FILE *out, SECItem *value, char *msg, int level) -{ - PRStatus st; - PRNetAddr addr; - char addrBuf[80]; - - memset(&addr, 0, sizeof addr); - if (value->len == 4) { - addr.inet.family = PR_AF_INET; - memcpy(&addr.inet.ip, value->data, value->len); - } else if (value->len == 16) { - addr.ipv6.family = PR_AF_INET6; - memcpy(addr.ipv6.ip.pr_s6_addr, value->data, value->len); - if (PR_IsNetAddrType(&addr, PR_IpAddrV4Mapped)) { - /* convert to IPv4. */ - addr.inet.family = PR_AF_INET; - memcpy(&addr.inet.ip, &addr.ipv6.ip.pr_s6_addr[12], 4); - memset(&addr.inet.pad[0], 0, sizeof addr.inet.pad); - } - } else { - goto loser; - } - - st = PR_NetAddrToString(&addr, addrBuf, sizeof addrBuf); - if (st == PR_SUCCESS) { - SECU_Indent(out, level); - fprintf(out, "%s: %s\n", msg, addrBuf); - } else { -loser: - SECU_PrintAsHex(out, value, msg, level); - } -} - - -static void -secu_PrintGeneralName(FILE *out, CERTGeneralName *gname, char *msg, int level) -{ - char label[40]; - if (msg && msg[0]) { - SECU_Indent(out, level++); fprintf(out, "%s: \n", msg); - } - switch (gname->type) { - case certOtherName : - SECU_PrintAny( out, &gname->name.OthName.name, "Other Name", level); - SECU_PrintObjectID(out, &gname->name.OthName.oid, "OID", level+1); - break; - case certDirectoryName : - SECU_PrintName(out, &gname->name.directoryName, "Directory Name", level); - break; - case certRFC822Name : - secu_PrintRawString( out, &gname->name.other, "RFC822 Name", level); - break; - case certDNSName : - secu_PrintRawString( out, &gname->name.other, "DNS name", level); - break; - case certURI : - secu_PrintRawString( out, &gname->name.other, "URI", level); - break; - case certIPAddress : - secu_PrintIPAddress(out, &gname->name.other, "IP Address", level); - break; - case certRegisterID : - SECU_PrintObjectID( out, &gname->name.other, "Registered ID", level); - break; - case certX400Address : - SECU_PrintAny( out, &gname->name.other, "X400 Address", level); - break; - case certEDIPartyName : - SECU_PrintAny( out, &gname->name.other, "EDI Party", level); - break; - default: - PR_snprintf(label, sizeof label, "unknown type [%d]", - (int)gname->type - 1); - SECU_PrintAsHex(out, &gname->name.other, label, level); - break; - } -} - -static void -secu_PrintGeneralNames(FILE *out, CERTGeneralName *gname, char *msg, int level) -{ - CERTGeneralName *name = gname; - do { - secu_PrintGeneralName(out, name, msg, level); - name = CERT_GetNextGeneralName(name); - } while (name && name != gname); -} - - -static void -secu_PrintAuthKeyIDExtension(FILE *out, SECItem *value, char *msg, int level) -{ - CERTAuthKeyID *kid = NULL; - PLArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - - if (!pool) { - SECU_PrintError("Error", "Allocating new ArenaPool"); - return; - } - kid = CERT_DecodeAuthKeyID(pool, value); - if (!kid) { - SECU_PrintErrMsg(out, level, "Error", "Parsing extension"); - SECU_PrintAny(out, value, "Data", level); - } else { - int keyIDPresent = (kid->keyID.data && kid->keyID.len); - int issuerPresent = kid->authCertIssuer != NULL; - int snPresent = (kid->authCertSerialNumber.data && - kid->authCertSerialNumber.len); - - if (keyIDPresent) - SECU_PrintAsHex(out, &kid->keyID, "Key ID", level); - if (issuerPresent) - secu_PrintGeneralName(out, kid->authCertIssuer, "Issuer", level); - if (snPresent) - SECU_PrintInteger(out, &kid->authCertSerialNumber, - "Serial Number", level); - } - PORT_FreeArena(pool, PR_FALSE); -} - - -static void -secu_PrintAltNameExtension(FILE *out, SECItem *value, char *msg, int level) -{ - CERTGeneralName * nameList; - CERTGeneralName * current; - PLArenaPool * pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - - if (!pool) { - SECU_PrintError("Error", "Allocating new ArenaPool"); - return; - } - nameList = current = CERT_DecodeAltNameExtension(pool, value); - if (!current) { - if (PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND) { - /* Decoder found empty sequence, which is invalid. */ - PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID); - } - SECU_PrintErrMsg(out, level, "Error", "Parsing extension"); - SECU_PrintAny(out, value, "Data", level); - } else { - do { - secu_PrintGeneralName(out, current, msg, level); - current = CERT_GetNextGeneralName(current); - } while (current != nameList); - } - PORT_FreeArena(pool, PR_FALSE); -} - -static void -secu_PrintCRLDistPtsExtension(FILE *out, SECItem *value, char *msg, int level) -{ - CERTCrlDistributionPoints * dPoints; - PLArenaPool * pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - - if (!pool) { - SECU_PrintError("Error", "Allocating new ArenaPool"); - return; - } - dPoints = CERT_DecodeCRLDistributionPoints(pool, value); - if (dPoints && dPoints->distPoints && dPoints->distPoints[0]) { - CRLDistributionPoint ** pPoints = dPoints->distPoints; - CRLDistributionPoint * pPoint; - while (NULL != (pPoint = *pPoints++)) { - SECU_Indent(out, level); fputs("Distribution point:\n", out); - if (pPoint->distPointType == generalName && - pPoint->distPoint.fullName != NULL) { - secu_PrintGeneralNames(out, pPoint->distPoint.fullName, NULL, - level + 1); - } else if (pPoint->distPointType == relativeDistinguishedName && - pPoint->distPoint.relativeName.avas) { - SECU_PrintRDN(out, &pPoint->distPoint.relativeName, "RDN", - level + 1); - } else if (pPoint->derDistPoint.data) { - SECU_PrintAny(out, &pPoint->derDistPoint, "Point", level + 1); - } - if (pPoint->reasons.data) { - secu_PrintDecodedBitString(out, &pPoint->reasons, "Reasons", - level + 1); - } - if (pPoint->crlIssuer) { - secu_PrintGeneralName(out, pPoint->crlIssuer, "CRL issuer", - level + 1); - } - } - } else { - SECU_PrintErrMsg(out, level, "Error", "Parsing extension"); - SECU_PrintAny(out, value, "Data", level); - } - PORT_FreeArena(pool, PR_FALSE); -} - - -static void -secu_PrintNameConstraintSubtree(FILE *out, CERTNameConstraint *value, - char *msg, int level) -{ - CERTNameConstraint *head = value; - SECU_Indent(out, level); fprintf(out, "%s Subtree:\n", msg); - level++; - do { - secu_PrintGeneralName(out, &value->name, NULL, level); - if (value->min.data) - SECU_PrintInteger(out, &value->min, "Minimum", level+1); - if (value->max.data) - SECU_PrintInteger(out, &value->max, "Maximum", level+1); - value = CERT_GetNextNameConstraint(value); - } while (value != head); -} - -static void -secu_PrintNameConstraintsExtension(FILE *out, SECItem *value, char *msg, int level) -{ - CERTNameConstraints * cnstrnts; - PLArenaPool * pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - - if (!pool) { - SECU_PrintError("Error", "Allocating new ArenaPool"); - return; - } - cnstrnts = CERT_DecodeNameConstraintsExtension(pool, value); - if (!cnstrnts) { - SECU_PrintErrMsg(out, level, "Error", "Parsing extension"); - SECU_PrintAny(out, value, "Raw", level); - } else { - if (cnstrnts->permited) - secu_PrintNameConstraintSubtree(out, cnstrnts->permited, - "Permitted", level); - if (cnstrnts->excluded) - secu_PrintNameConstraintSubtree(out, cnstrnts->excluded, - "Excluded", level); - } - PORT_FreeArena(pool, PR_FALSE); -} - - -static void -secu_PrintAuthorityInfoAcess(FILE *out, SECItem *value, char *msg, int level) -{ - CERTAuthInfoAccess **infos = NULL; - PLArenaPool * pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - - if (!pool) { - SECU_PrintError("Error", "Allocating new ArenaPool"); - return; - } - infos = CERT_DecodeAuthInfoAccessExtension(pool, value); - if (!infos) { - SECU_PrintErrMsg(out, level, "Error", "Parsing extension"); - SECU_PrintAny(out, value, "Raw", level); - } else { - CERTAuthInfoAccess *info; - while (NULL != (info = *infos++)) { - if (info->method.data) { - SECU_PrintObjectID(out, &info->method, "Method", level); - } else { - SECU_Indent(out,level); - fprintf(out, "Error: missing method\n"); - } - if (info->location) { - secu_PrintGeneralName(out, info->location, "Location", level); - } else { - SECU_PrintAny(out, &info->derLocation, "Location", level); - } - } - } - PORT_FreeArena(pool, PR_FALSE); -} - - -void -SECU_PrintExtensions(FILE *out, CERTCertExtension **extensions, - char *msg, int level) -{ - SECOidTag oidTag; - - if ( extensions ) { - if (msg && *msg) { - SECU_Indent(out, level++); fprintf(out, "%s:\n", msg); - } - - while ( *extensions ) { - SECItem *tmpitem; - - tmpitem = &(*extensions)->id; - SECU_PrintObjectID(out, tmpitem, "Name", level); - - tmpitem = &(*extensions)->critical; - if ( tmpitem->len ) { - secu_PrintBoolean(out, tmpitem, "Critical", level); - } - - oidTag = SECOID_FindOIDTag (&((*extensions)->id)); - tmpitem = &((*extensions)->value); - - switch (oidTag) { - case SEC_OID_X509_INVALID_DATE: - case SEC_OID_NS_CERT_EXT_CERT_RENEWAL_TIME: - secu_PrintX509InvalidDate(out, tmpitem, "Date", level ); - break; - case SEC_OID_X509_CERTIFICATE_POLICIES: - SECU_PrintPolicy(out, tmpitem, "Data", level ); - break; - case SEC_OID_NS_CERT_EXT_BASE_URL: - case SEC_OID_NS_CERT_EXT_REVOCATION_URL: - case SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL: - case SEC_OID_NS_CERT_EXT_CA_CRL_URL: - case SEC_OID_NS_CERT_EXT_CA_CERT_URL: - case SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL: - case SEC_OID_NS_CERT_EXT_CA_POLICY_URL: - case SEC_OID_NS_CERT_EXT_HOMEPAGE_URL: - case SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL: - case SEC_OID_OCSP_RESPONDER: - SECU_PrintString(out,tmpitem, "URL", level); - break; - case SEC_OID_NS_CERT_EXT_COMMENT: - SECU_PrintString(out,tmpitem, "Comment", level); - break; - case SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME: - SECU_PrintString(out,tmpitem, "ServerName", level); - break; - case SEC_OID_NS_CERT_EXT_CERT_TYPE: - secu_PrintNSCertType(out,tmpitem,"Data",level); - break; - case SEC_OID_X509_BASIC_CONSTRAINTS: - secu_PrintBasicConstraints(out,tmpitem,"Data",level); - break; - case SEC_OID_X509_EXT_KEY_USAGE: - PrintExtKeyUsageExtension(out, tmpitem, NULL, level); - break; - case SEC_OID_X509_KEY_USAGE: - secu_PrintX509KeyUsage(out, tmpitem, NULL, level ); - break; - case SEC_OID_X509_AUTH_KEY_ID: - secu_PrintAuthKeyIDExtension(out, tmpitem, NULL, level ); - break; - case SEC_OID_X509_SUBJECT_ALT_NAME: - case SEC_OID_X509_ISSUER_ALT_NAME: - secu_PrintAltNameExtension(out, tmpitem, NULL, level ); - break; - case SEC_OID_X509_CRL_DIST_POINTS: - secu_PrintCRLDistPtsExtension(out, tmpitem, NULL, level ); - break; - case SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD: - SECU_PrintPrivKeyUsagePeriodExtension(out, tmpitem, NULL, - level ); - break; - case SEC_OID_X509_NAME_CONSTRAINTS: - secu_PrintNameConstraintsExtension(out, tmpitem, NULL, level); - break; - case SEC_OID_X509_AUTH_INFO_ACCESS: - secu_PrintAuthorityInfoAcess(out, tmpitem, NULL, level); - break; - - case SEC_OID_X509_CRL_NUMBER: - case SEC_OID_X509_REASON_CODE: - - /* PKIX OIDs */ - case SEC_OID_PKIX_OCSP: - case SEC_OID_PKIX_OCSP_BASIC_RESPONSE: - case SEC_OID_PKIX_OCSP_NONCE: - case SEC_OID_PKIX_OCSP_CRL: - case SEC_OID_PKIX_OCSP_RESPONSE: - case SEC_OID_PKIX_OCSP_NO_CHECK: - case SEC_OID_PKIX_OCSP_ARCHIVE_CUTOFF: - case SEC_OID_PKIX_OCSP_SERVICE_LOCATOR: - case SEC_OID_PKIX_REGCTRL_REGTOKEN: - case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR: - case SEC_OID_PKIX_REGCTRL_PKIPUBINFO: - case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS: - case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID: - case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY: - case SEC_OID_PKIX_REGINFO_UTF8_PAIRS: - case SEC_OID_PKIX_REGINFO_CERT_REQUEST: - - /* Netscape extension OIDs. */ - case SEC_OID_NS_CERT_EXT_NETSCAPE_OK: - case SEC_OID_NS_CERT_EXT_ISSUER_LOGO: - case SEC_OID_NS_CERT_EXT_SUBJECT_LOGO: - case SEC_OID_NS_CERT_EXT_ENTITY_LOGO: - case SEC_OID_NS_CERT_EXT_USER_PICTURE: - - /* x.509 v3 Extensions */ - case SEC_OID_X509_SUBJECT_DIRECTORY_ATTR: - case SEC_OID_X509_SUBJECT_KEY_ID: - case SEC_OID_X509_POLICY_MAPPINGS: - case SEC_OID_X509_POLICY_CONSTRAINTS: - - - default: - SECU_PrintAny(out, tmpitem, "Data", level); - break; - } - - SECU_Newline(out); - extensions++; - } - } -} - -/* An RDN is a subset of a DirectoryName, and we already know how to - * print those, so make a directory name out of the RDN, and print it. - */ -void -SECU_PrintRDN(FILE *out, CERTRDN *rdn, const char *msg, int level) -{ - CERTName name; - CERTRDN *rdns[2]; - - name.arena = NULL; - name.rdns = rdns; - rdns[0] = rdn; - rdns[1] = NULL; - SECU_PrintName(out, &name, msg, level); -} - -void -SECU_PrintNameQuotesOptional(FILE *out, CERTName *name, const char *msg, - int level, PRBool quotes) -{ - char *nameStr = NULL; - char *str; - SECItem my; - - if (!name) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return; - } - if (!name->rdns || !name->rdns[0]) { - str = "(empty)"; - } else { - str = nameStr = CERT_NameToAscii(name); - } - if (!str) { - str = "!Invalid AVA!"; - } - my.data = (unsigned char *)str; - my.len = PORT_Strlen(str); -#if 1 - secu_PrintRawStringQuotesOptional(out, &my, msg, level, quotes); -#else - SECU_Indent(out, level); fprintf(out, "%s: ", msg); - fprintf(out, str); - SECU_Newline(out); -#endif - PORT_Free(nameStr); -} - -void -SECU_PrintName(FILE *out, CERTName *name, const char *msg, int level) -{ - SECU_PrintNameQuotesOptional(out, name, msg, level, PR_TRUE); -} - -void -printflags(char *trusts, unsigned int flags) -{ - if (flags & CERTDB_VALID_CA) - if (!(flags & CERTDB_TRUSTED_CA) && - !(flags & CERTDB_TRUSTED_CLIENT_CA)) - PORT_Strcat(trusts, "c"); - if (flags & CERTDB_TERMINAL_RECORD) - if (!(flags & CERTDB_TRUSTED)) - PORT_Strcat(trusts, "p"); - if (flags & CERTDB_TRUSTED_CA) - PORT_Strcat(trusts, "C"); - if (flags & CERTDB_TRUSTED_CLIENT_CA) - PORT_Strcat(trusts, "T"); - if (flags & CERTDB_TRUSTED) - PORT_Strcat(trusts, "P"); - if (flags & CERTDB_USER) - PORT_Strcat(trusts, "u"); - if (flags & CERTDB_SEND_WARN) - PORT_Strcat(trusts, "w"); - if (flags & CERTDB_INVISIBLE_CA) - PORT_Strcat(trusts, "I"); - if (flags & CERTDB_GOVT_APPROVED_CA) - PORT_Strcat(trusts, "G"); - return; -} - -/* callback for listing certs through pkcs11 */ -SECStatus -SECU_PrintCertNickname(CERTCertListNode *node, void *data) -{ - CERTCertTrust trust; - CERTCertificate* cert; - FILE *out; - char trusts[30]; - char *name; - - cert = node->cert; - - PORT_Memset (trusts, 0, sizeof (trusts)); - out = (FILE *)data; - - name = node->appData; - if (!name || !name[0]) { - name = cert->nickname; - } - if (!name || !name[0]) { - name = cert->emailAddr; - } - if (!name || !name[0]) { - name = "(NULL)"; - } - - if (CERT_GetCertTrust(cert, &trust) == SECSuccess) { - printflags(trusts, trust.sslFlags); - PORT_Strcat(trusts, ","); - printflags(trusts, trust.emailFlags); - PORT_Strcat(trusts, ","); - printflags(trusts, trust.objectSigningFlags); - } else { - PORT_Memcpy(trusts,",,",3); - } - fprintf(out, "%-60s %-5s\n", name, trusts); - - return (SECSuccess); -} - -int -SECU_DecodeAndPrintExtensions(FILE *out, SECItem *any, char *m, int level) -{ - CERTCertExtension **extensions = NULL; - PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - int rv = 0; - - if (!arena) - return SEC_ERROR_NO_MEMORY; - - rv = SEC_QuickDERDecodeItem(arena, &extensions, - SEC_ASN1_GET(CERT_SequenceOfCertExtensionTemplate), any); - if (!rv) - SECU_PrintExtensions(out, extensions, m, level); - else - SECU_PrintAny(out, any, m, level); - PORT_FreeArena(arena, PR_FALSE); - return rv; -} - -/* print a decoded SET OF or SEQUENCE OF Extensions */ -int -SECU_PrintSetOfExtensions(FILE *out, SECItem **any, char *m, int level) -{ - int rv = 0; - if (m && *m) { - SECU_Indent(out, level++); fprintf(out, "%s:\n", m); - } - while (any && any[0]) { - rv |= SECU_DecodeAndPrintExtensions(out, any[0], "", level); - any++; - } - return rv; -} - -/* print a decoded SET OF or SEQUENCE OF "ANY" */ -int -SECU_PrintSetOfAny(FILE *out, SECItem **any, char *m, int level) -{ - int rv = 0; - if (m && *m) { - SECU_Indent(out, level++); fprintf(out, "%s:\n", m); - } - while (any && any[0]) { - SECU_PrintAny(out, any[0], "", level); - any++; - } - return rv; -} - -int -SECU_PrintCertAttribute(FILE *out, CERTAttribute *attr, char *m, int level) -{ - int rv = 0; - SECOidTag tag; - tag = SECU_PrintObjectID(out, &attr->attrType, "Attribute Type", level); - if (tag == SEC_OID_PKCS9_EXTENSION_REQUEST) { - rv = SECU_PrintSetOfExtensions(out, attr->attrValue, "Extensions", level); - } else { - rv = SECU_PrintSetOfAny(out, attr->attrValue, "Attribute Values", level); - } - return rv; -} - -int -SECU_PrintCertAttributes(FILE *out, CERTAttribute **attrs, char *m, int level) -{ - int rv = 0; - while (attrs[0]) { - rv |= SECU_PrintCertAttribute(out, attrs[0], m, level+1); - attrs++; - } - return rv; -} - -int /* sometimes a PRErrorCode, other times a SECStatus. Sigh. */ -SECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m, int level) -{ - PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - CERTCertificateRequest *cr; - int rv = SEC_ERROR_NO_MEMORY; - - if (!arena) - return rv; - - /* Decode certificate request */ - cr = PORT_ArenaZNew(arena, CERTCertificateRequest); - if (!cr) - goto loser; - cr->arena = arena; - rv = SEC_QuickDERDecodeItem(arena, cr, - SEC_ASN1_GET(CERT_CertificateRequestTemplate), der); - if (rv) - goto loser; - - /* Pretty print it out */ - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintInteger(out, &cr->version, "Version", level+1); - SECU_PrintName(out, &cr->subject, "Subject", level+1); - secu_PrintSubjectPublicKeyInfo(out, arena, &cr->subjectPublicKeyInfo, - "Subject Public Key Info", level+1); - if (cr->attributes) - SECU_PrintCertAttributes(out, cr->attributes, "Attributes", level+1); - rv = 0; -loser: - PORT_FreeArena(arena, PR_FALSE); - return rv; -} - -int -SECU_PrintCertificate(FILE *out, SECItem *der, char *m, int level) -{ - PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - CERTCertificate *c; - int rv = SEC_ERROR_NO_MEMORY; - int iv; - - if (!arena) - return rv; - - /* Decode certificate */ - c = PORT_ArenaZNew(arena, CERTCertificate); - if (!c) - goto loser; - c->arena = arena; - rv = SEC_ASN1DecodeItem(arena, c, - SEC_ASN1_GET(CERT_CertificateTemplate), der); - if (rv) { - SECU_Indent(out, level); - SECU_PrintErrMsg(out, level, "Error", "Parsing extension"); - SECU_PrintAny(out, der, "Raw", level); - goto loser; - } - /* Pretty print it out */ - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - iv = c->version.len ? DER_GetInteger(&c->version) : 0; /* version is optional */ - SECU_Indent(out, level+1); fprintf(out, "%s: %d (0x%x)\n", "Version", iv + 1, iv); - - SECU_PrintInteger(out, &c->serialNumber, "Serial Number", level+1); - SECU_PrintAlgorithmID(out, &c->signature, "Signature Algorithm", level+1); - SECU_PrintName(out, &c->issuer, "Issuer", level+1); - secu_PrintValidity(out, &c->validity, "Validity", level+1); - SECU_PrintName(out, &c->subject, "Subject", level+1); - secu_PrintSubjectPublicKeyInfo(out, arena, &c->subjectPublicKeyInfo, - "Subject Public Key Info", level+1); - if (c->issuerID.data) - secu_PrintDecodedBitString(out, &c->issuerID, "Issuer Unique ID", level+1); - if (c->subjectID.data) - secu_PrintDecodedBitString(out, &c->subjectID, "Subject Unique ID", level+1); - SECU_PrintExtensions(out, c->extensions, "Signed Extensions", level+1); -loser: - PORT_FreeArena(arena, PR_FALSE); - return rv; -} - -int -SECU_PrintSubjectPublicKeyInfo(FILE *out, SECItem *der, char *m, int level) -{ - PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - int rv = SEC_ERROR_NO_MEMORY; - CERTSubjectPublicKeyInfo spki; - - if (!arena) - return rv; - - PORT_Memset(&spki, 0, sizeof spki); - rv = SEC_ASN1DecodeItem(arena, &spki, - SEC_ASN1_GET(CERT_SubjectPublicKeyInfoTemplate), - der); - if (!rv) { - if (m && *m) { - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - } - secu_PrintSubjectPublicKeyInfo(out, arena, &spki, - "Subject Public Key Info", level+1); - } - - PORT_FreeArena(arena, PR_FALSE); - return rv; -} - -#ifdef HAVE_EPV_TEMPLATE -int -SECU_PrintPrivateKey(FILE *out, SECItem *der, char *m, int level) -{ - PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - SECKEYEncryptedPrivateKeyInfo key; - int rv = SEC_ERROR_NO_MEMORY; - - if (!arena) - return rv; - - PORT_Memset(&key, 0, sizeof(key)); - rv = SEC_ASN1DecodeItem(arena, &key, - SEC_ASN1_GET(SECKEY_EncryptedPrivateKeyInfoTemplate), der); - if (rv) - goto loser; - - /* Pretty print it out */ - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintAlgorithmID(out, &key.algorithm, "Encryption Algorithm", - level+1); - SECU_PrintAsHex(out, &key.encryptedData, "Encrypted Data", level+1); -loser: - PORT_FreeArena(arena, PR_TRUE); - return rv; -} -#endif - -int -SECU_PrintFingerprints(FILE *out, SECItem *derCert, char *m, int level) -{ - unsigned char fingerprint[20]; - char *fpStr = NULL; - int err = PORT_GetError(); - SECStatus rv; - SECItem fpItem; - - /* print MD5 fingerprint */ - memset(fingerprint, 0, sizeof fingerprint); - rv = PK11_HashBuf(SEC_OID_MD5,fingerprint, derCert->data, derCert->len); - fpItem.data = fingerprint; - fpItem.len = MD5_LENGTH; - fpStr = CERT_Hexify(&fpItem, 1); - SECU_Indent(out, level); fprintf(out, "%s (MD5):", m); - if (SECU_GetWrapEnabled()) { - fprintf(out, "\n"); - SECU_Indent(out, level+1); - } - else { - fprintf(out, " "); - } - fprintf(out, "%s\n", fpStr); - PORT_Free(fpStr); - fpStr = NULL; - if (rv != SECSuccess && !err) - err = PORT_GetError(); - - /* print SHA1 fingerprint */ - memset(fingerprint, 0, sizeof fingerprint); - rv = PK11_HashBuf(SEC_OID_SHA1,fingerprint, derCert->data, derCert->len); - fpItem.data = fingerprint; - fpItem.len = SHA1_LENGTH; - fpStr = CERT_Hexify(&fpItem, 1); - SECU_Indent(out, level); fprintf(out, "%s (SHA1):", m); - if (SECU_GetWrapEnabled()) { - fprintf(out, "\n"); - SECU_Indent(out, level+1); - } - else { - fprintf(out, " "); - } - fprintf(out, "%s\n", fpStr); - PORT_Free(fpStr); - if (SECU_GetWrapEnabled()) - fprintf(out, "\n"); - - if (err) - PORT_SetError(err); - if (err || rv != SECSuccess) - return SECFailure; - - return 0; -} - -/* -** PKCS7 Support -*/ - -/* forward declaration */ -static int -secu_PrintPKCS7ContentInfo(FILE *, SEC_PKCS7ContentInfo *, char *, int); - -/* -** secu_PrintPKCS7EncContent -** Prints a SEC_PKCS7EncryptedContentInfo (without decrypting it) -*/ -static void -secu_PrintPKCS7EncContent(FILE *out, SEC_PKCS7EncryptedContentInfo *src, - char *m, int level) -{ - if (src->contentTypeTag == NULL) - src->contentTypeTag = SECOID_FindOID(&(src->contentType)); - - SECU_Indent(out, level); - fprintf(out, "%s:\n", m); - SECU_Indent(out, level + 1); - fprintf(out, "Content Type: %s\n", - (src->contentTypeTag != NULL) ? src->contentTypeTag->desc - : "Unknown"); - SECU_PrintAlgorithmID(out, &(src->contentEncAlg), - "Content Encryption Algorithm", level+1); - SECU_PrintAsHex(out, &(src->encContent), - "Encrypted Content", level+1); -} - -/* -** secu_PrintRecipientInfo -** Prints a PKCS7RecipientInfo type -*/ -static void -secu_PrintRecipientInfo(FILE *out, SEC_PKCS7RecipientInfo *info, char *m, - int level) -{ - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintInteger(out, &(info->version), "Version", level + 1); - - SECU_PrintName(out, &(info->issuerAndSN->issuer), "Issuer", - level + 1); - SECU_PrintInteger(out, &(info->issuerAndSN->serialNumber), - "Serial Number", level + 1); - - /* Parse and display encrypted key */ - SECU_PrintAlgorithmID(out, &(info->keyEncAlg), - "Key Encryption Algorithm", level + 1); - SECU_PrintAsHex(out, &(info->encKey), "Encrypted Key", level + 1); -} - -/* -** secu_PrintSignerInfo -** Prints a PKCS7SingerInfo type -*/ -static void -secu_PrintSignerInfo(FILE *out, SEC_PKCS7SignerInfo *info, char *m, int level) -{ - SEC_PKCS7Attribute *attr; - int iv; - char om[100]; - - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintInteger(out, &(info->version), "Version", level + 1); - - SECU_PrintName(out, &(info->issuerAndSN->issuer), "Issuer", - level + 1); - SECU_PrintInteger(out, &(info->issuerAndSN->serialNumber), - "Serial Number", level + 1); - - SECU_PrintAlgorithmID(out, &(info->digestAlg), "Digest Algorithm", - level + 1); - - if (info->authAttr != NULL) { - SECU_Indent(out, level + 1); - fprintf(out, "Authenticated Attributes:\n"); - iv = 0; - while ((attr = info->authAttr[iv++]) != NULL) { - sprintf(om, "Attribute (%d)", iv); - secu_PrintAttribute(out, attr, om, level + 2); - } - } - - /* Parse and display signature */ - SECU_PrintAlgorithmID(out, &(info->digestEncAlg), - "Digest Encryption Algorithm", level + 1); - SECU_PrintAsHex(out, &(info->encDigest), "Encrypted Digest", level + 1); - - if (info->unAuthAttr != NULL) { - SECU_Indent(out, level + 1); - fprintf(out, "Unauthenticated Attributes:\n"); - iv = 0; - while ((attr = info->unAuthAttr[iv++]) != NULL) { - sprintf(om, "Attribute (%x)", iv); - secu_PrintAttribute(out, attr, om, level + 2); - } - } -} - -/* callers of this function must make sure that the CERTSignedCrl - from which they are extracting the CERTCrl has been fully-decoded. - Otherwise it will not have the entries even though the CRL may have - some */ - -void -SECU_PrintCRLInfo(FILE *out, CERTCrl *crl, char *m, int level) -{ - CERTCrlEntry *entry; - int iv; - char om[100]; - - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - /* version is optional */ - iv = crl->version.len ? DER_GetInteger(&crl->version) : 0; - SECU_Indent(out, level+1); - fprintf(out, "%s: %d (0x%x)\n", "Version", iv + 1, iv); - SECU_PrintAlgorithmID(out, &(crl->signatureAlg), "Signature Algorithm", - level + 1); - SECU_PrintName(out, &(crl->name), "Issuer", level + 1); - SECU_PrintTimeChoice(out, &(crl->lastUpdate), "This Update", level + 1); - if (crl->nextUpdate.data && crl->nextUpdate.len) /* is optional */ - SECU_PrintTimeChoice(out, &(crl->nextUpdate), "Next Update", level + 1); - - if (crl->entries != NULL) { - iv = 0; - while ((entry = crl->entries[iv++]) != NULL) { - sprintf(om, "Entry %d (0x%x):\n", iv, iv); - SECU_Indent(out, level + 1); fputs(om, out); - SECU_PrintInteger(out, &(entry->serialNumber), "Serial Number", - level + 2); - SECU_PrintTimeChoice(out, &(entry->revocationDate), - "Revocation Date", level + 2); - SECU_PrintExtensions(out, entry->extensions, - "Entry Extensions", level + 2); - } - } - SECU_PrintExtensions(out, crl->extensions, "CRL Extensions", level + 1); -} - -/* -** secu_PrintPKCS7Signed -** Pretty print a PKCS7 signed data type (up to version 1). -*/ -static int -secu_PrintPKCS7Signed(FILE *out, SEC_PKCS7SignedData *src, - const char *m, int level) -{ - SECAlgorithmID *digAlg; /* digest algorithms */ - SECItem *aCert; /* certificate */ - CERTSignedCrl *aCrl; /* certificate revocation list */ - SEC_PKCS7SignerInfo *sigInfo; /* signer information */ - int rv, iv; - char om[100]; - - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintInteger(out, &(src->version), "Version", level + 1); - - /* Parse and list digest algorithms (if any) */ - if (src->digestAlgorithms != NULL) { - SECU_Indent(out, level + 1); fprintf(out, "Digest Algorithm List:\n"); - iv = 0; - while ((digAlg = src->digestAlgorithms[iv++]) != NULL) { - sprintf(om, "Digest Algorithm (%x)", iv); - SECU_PrintAlgorithmID(out, digAlg, om, level + 2); - } - } - - /* Now for the content */ - rv = secu_PrintPKCS7ContentInfo(out, &(src->contentInfo), - "Content Information", level + 1); - if (rv != 0) - return rv; - - /* Parse and list certificates (if any) */ - if (src->rawCerts != NULL) { - SECU_Indent(out, level + 1); fprintf(out, "Certificate List:\n"); - iv = 0; - while ((aCert = src->rawCerts[iv++]) != NULL) { - sprintf(om, "Certificate (%x)", iv); - rv = SECU_PrintSignedData(out, aCert, om, level + 2, - SECU_PrintCertificate); - if (rv) - return rv; - } - } - - /* Parse and list CRL's (if any) */ - if (src->crls != NULL) { - SECU_Indent(out, level + 1); - fprintf(out, "Signed Revocation Lists:\n"); - iv = 0; - while ((aCrl = src->crls[iv++]) != NULL) { - sprintf(om, "Signed Revocation List (%x)", iv); - SECU_Indent(out, level + 2); fprintf(out, "%s:\n", om); - SECU_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm, - "Signature Algorithm", level+3); - DER_ConvertBitString(&aCrl->signatureWrap.signature); - SECU_PrintAsHex(out, &aCrl->signatureWrap.signature, "Signature", - level+3); - SECU_PrintCRLInfo(out, &aCrl->crl, "Certificate Revocation List", - level + 3); - } - } - - /* Parse and list signatures (if any) */ - if (src->signerInfos != NULL) { - SECU_Indent(out, level + 1); - fprintf(out, "Signer Information List:\n"); - iv = 0; - while ((sigInfo = src->signerInfos[iv++]) != NULL) { - sprintf(om, "Signer Information (%x)", iv); - secu_PrintSignerInfo(out, sigInfo, om, level + 2); - } - } - - return 0; -} - -/* -** secu_PrintPKCS7Enveloped -** Pretty print a PKCS7 enveloped data type (up to version 1). -*/ -static void -secu_PrintPKCS7Enveloped(FILE *out, SEC_PKCS7EnvelopedData *src, - const char *m, int level) -{ - SEC_PKCS7RecipientInfo *recInfo; /* pointer for signer information */ - int iv; - char om[100]; - - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintInteger(out, &(src->version), "Version", level + 1); - - /* Parse and list recipients (this is not optional) */ - if (src->recipientInfos != NULL) { - SECU_Indent(out, level + 1); - fprintf(out, "Recipient Information List:\n"); - iv = 0; - while ((recInfo = src->recipientInfos[iv++]) != NULL) { - sprintf(om, "Recipient Information (%x)", iv); - secu_PrintRecipientInfo(out, recInfo, om, level + 2); - } - } - - secu_PrintPKCS7EncContent(out, &src->encContentInfo, - "Encrypted Content Information", level + 1); -} - -/* -** secu_PrintPKCS7SignedEnveloped -** Pretty print a PKCS7 singed and enveloped data type (up to version 1). -*/ -static int -secu_PrintPKCS7SignedAndEnveloped(FILE *out, - SEC_PKCS7SignedAndEnvelopedData *src, - const char *m, int level) -{ - SECAlgorithmID *digAlg; /* pointer for digest algorithms */ - SECItem *aCert; /* pointer for certificate */ - CERTSignedCrl *aCrl; /* pointer for certificate revocation list */ - SEC_PKCS7SignerInfo *sigInfo; /* pointer for signer information */ - SEC_PKCS7RecipientInfo *recInfo; /* pointer for recipient information */ - int rv, iv; - char om[100]; - - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintInteger(out, &(src->version), "Version", level + 1); - - /* Parse and list recipients (this is not optional) */ - if (src->recipientInfos != NULL) { - SECU_Indent(out, level + 1); - fprintf(out, "Recipient Information List:\n"); - iv = 0; - while ((recInfo = src->recipientInfos[iv++]) != NULL) { - sprintf(om, "Recipient Information (%x)", iv); - secu_PrintRecipientInfo(out, recInfo, om, level + 2); - } - } - - /* Parse and list digest algorithms (if any) */ - if (src->digestAlgorithms != NULL) { - SECU_Indent(out, level + 1); fprintf(out, "Digest Algorithm List:\n"); - iv = 0; - while ((digAlg = src->digestAlgorithms[iv++]) != NULL) { - sprintf(om, "Digest Algorithm (%x)", iv); - SECU_PrintAlgorithmID(out, digAlg, om, level + 2); - } - } - - secu_PrintPKCS7EncContent(out, &src->encContentInfo, - "Encrypted Content Information", level + 1); - - /* Parse and list certificates (if any) */ - if (src->rawCerts != NULL) { - SECU_Indent(out, level + 1); fprintf(out, "Certificate List:\n"); - iv = 0; - while ((aCert = src->rawCerts[iv++]) != NULL) { - sprintf(om, "Certificate (%x)", iv); - rv = SECU_PrintSignedData(out, aCert, om, level + 2, - SECU_PrintCertificate); - if (rv) - return rv; - } - } - - /* Parse and list CRL's (if any) */ - if (src->crls != NULL) { - SECU_Indent(out, level + 1); - fprintf(out, "Signed Revocation Lists:\n"); - iv = 0; - while ((aCrl = src->crls[iv++]) != NULL) { - sprintf(om, "Signed Revocation List (%x)", iv); - SECU_Indent(out, level + 2); fprintf(out, "%s:\n", om); - SECU_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm, - "Signature Algorithm", level+3); - DER_ConvertBitString(&aCrl->signatureWrap.signature); - SECU_PrintAsHex(out, &aCrl->signatureWrap.signature, "Signature", - level+3); - SECU_PrintCRLInfo(out, &aCrl->crl, "Certificate Revocation List", - level + 3); - } - } - - /* Parse and list signatures (if any) */ - if (src->signerInfos != NULL) { - SECU_Indent(out, level + 1); - fprintf(out, "Signer Information List:\n"); - iv = 0; - while ((sigInfo = src->signerInfos[iv++]) != NULL) { - sprintf(om, "Signer Information (%x)", iv); - secu_PrintSignerInfo(out, sigInfo, om, level + 2); - } - } - - return 0; -} - -int -SECU_PrintCrl (FILE *out, SECItem *der, char *m, int level) -{ - PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - CERTCrl *c = NULL; - int rv = SEC_ERROR_NO_MEMORY; - - if (!arena) - return rv; - do { - /* Decode CRL */ - c = PORT_ArenaZNew(arena, CERTCrl); - if (!c) - break; - - rv = SEC_QuickDERDecodeItem(arena, c, SEC_ASN1_GET(CERT_CrlTemplate), der); - if (rv != SECSuccess) - break; - SECU_PrintCRLInfo (out, c, m, level); - } while (0); - PORT_FreeArena (arena, PR_FALSE); - return rv; -} - - -/* -** secu_PrintPKCS7Encrypted -** Pretty print a PKCS7 encrypted data type (up to version 1). -*/ -static void -secu_PrintPKCS7Encrypted(FILE *out, SEC_PKCS7EncryptedData *src, - const char *m, int level) -{ - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintInteger(out, &(src->version), "Version", level + 1); - - secu_PrintPKCS7EncContent(out, &src->encContentInfo, - "Encrypted Content Information", level + 1); -} - -/* -** secu_PrintPKCS7Digested -** Pretty print a PKCS7 digested data type (up to version 1). -*/ -static void -secu_PrintPKCS7Digested(FILE *out, SEC_PKCS7DigestedData *src, - const char *m, int level) -{ - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintInteger(out, &(src->version), "Version", level + 1); - - SECU_PrintAlgorithmID(out, &src->digestAlg, "Digest Algorithm", - level + 1); - secu_PrintPKCS7ContentInfo(out, &src->contentInfo, "Content Information", - level + 1); - SECU_PrintAsHex(out, &src->digest, "Digest", level + 1); -} - -/* -** secu_PrintPKCS7ContentInfo -** Takes a SEC_PKCS7ContentInfo type and sends the contents to the -** appropriate function -*/ -static int -secu_PrintPKCS7ContentInfo(FILE *out, SEC_PKCS7ContentInfo *src, - char *m, int level) -{ - const char *desc; - SECOidTag kind; - int rv; - - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - level++; - - if (src->contentTypeTag == NULL) - src->contentTypeTag = SECOID_FindOID(&(src->contentType)); - - if (src->contentTypeTag == NULL) { - desc = "Unknown"; - kind = SEC_OID_PKCS7_DATA; - } else { - desc = src->contentTypeTag->desc; - kind = src->contentTypeTag->offset; - } - - if (src->content.data == NULL) { - SECU_Indent(out, level); fprintf(out, "%s:\n", desc); - level++; - SECU_Indent(out, level); fprintf(out, "<no content>\n"); - return 0; - } - - rv = 0; - switch (kind) { - case SEC_OID_PKCS7_SIGNED_DATA: /* Signed Data */ - rv = secu_PrintPKCS7Signed(out, src->content.signedData, desc, level); - break; - - case SEC_OID_PKCS7_ENVELOPED_DATA: /* Enveloped Data */ - secu_PrintPKCS7Enveloped(out, src->content.envelopedData, desc, level); - break; - - case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: /* Signed and Enveloped */ - rv = secu_PrintPKCS7SignedAndEnveloped(out, - src->content.signedAndEnvelopedData, - desc, level); - break; - - case SEC_OID_PKCS7_DIGESTED_DATA: /* Digested Data */ - secu_PrintPKCS7Digested(out, src->content.digestedData, desc, level); - break; - - case SEC_OID_PKCS7_ENCRYPTED_DATA: /* Encrypted Data */ - secu_PrintPKCS7Encrypted(out, src->content.encryptedData, desc, level); - break; - - default: - SECU_PrintAsHex(out, src->content.data, desc, level); - break; - } - - return rv; -} - -/* -** SECU_PrintPKCS7ContentInfo -** Decode and print any major PKCS7 data type (up to version 1). -*/ -int -SECU_PrintPKCS7ContentInfo(FILE *out, SECItem *der, char *m, int level) -{ - SEC_PKCS7ContentInfo *cinfo; - int rv; - - cinfo = SEC_PKCS7DecodeItem(der, NULL, NULL, NULL, NULL, NULL, NULL, NULL); - if (cinfo != NULL) { - /* Send it to recursive parsing and printing module */ - rv = secu_PrintPKCS7ContentInfo(out, cinfo, m, level); - SEC_PKCS7DestroyContentInfo(cinfo); - } else { - rv = -1; - } - - return rv; -} - -/* -** End of PKCS7 functions -*/ - -void -printFlags(FILE *out, unsigned int flags, int level) -{ - if ( flags & CERTDB_TERMINAL_RECORD ) { - SECU_Indent(out, level); fprintf(out, "Terminal Record\n"); - } - if ( flags & CERTDB_TRUSTED ) { - SECU_Indent(out, level); fprintf(out, "Trusted\n"); - } - if ( flags & CERTDB_SEND_WARN ) { - SECU_Indent(out, level); fprintf(out, "Warn When Sending\n"); - } - if ( flags & CERTDB_VALID_CA ) { - SECU_Indent(out, level); fprintf(out, "Valid CA\n"); - } - if ( flags & CERTDB_TRUSTED_CA ) { - SECU_Indent(out, level); fprintf(out, "Trusted CA\n"); - } - if ( flags & CERTDB_NS_TRUSTED_CA ) { - SECU_Indent(out, level); fprintf(out, "Netscape Trusted CA\n"); - } - if ( flags & CERTDB_USER ) { - SECU_Indent(out, level); fprintf(out, "User\n"); - } - if ( flags & CERTDB_TRUSTED_CLIENT_CA ) { - SECU_Indent(out, level); fprintf(out, "Trusted Client CA\n"); - } - if ( flags & CERTDB_GOVT_APPROVED_CA ) { - SECU_Indent(out, level); fprintf(out, "Step-up\n"); - } -} - -void -SECU_PrintTrustFlags(FILE *out, CERTCertTrust *trust, char *m, int level) -{ - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_Indent(out, level+1); fprintf(out, "SSL Flags:\n"); - printFlags(out, trust->sslFlags, level+2); - SECU_Indent(out, level+1); fprintf(out, "Email Flags:\n"); - printFlags(out, trust->emailFlags, level+2); - SECU_Indent(out, level+1); fprintf(out, "Object Signing Flags:\n"); - printFlags(out, trust->objectSigningFlags, level+2); -} - -int SECU_PrintDERName(FILE *out, SECItem *der, const char *m, int level) -{ - PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - CERTName *name; - int rv = SEC_ERROR_NO_MEMORY; - - if (!arena) - return rv; - - name = PORT_ArenaZNew(arena, CERTName); - if (!name) - goto loser; - - rv = SEC_ASN1DecodeItem(arena, name, SEC_ASN1_GET(CERT_NameTemplate), der); - if (rv) - goto loser; - - SECU_PrintName(out, name, m, level); -loser: - PORT_FreeArena(arena, PR_FALSE); - return rv; -} - -typedef enum { - noSignature = 0, - withSignature = 1 -} SignatureOptionType; - -static int -secu_PrintSignedDataSigOpt(FILE *out, SECItem *der, const char *m, - int level, SECU_PPFunc inner, - SignatureOptionType withSignature) -{ - PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - CERTSignedData *sd; - int rv = SEC_ERROR_NO_MEMORY; - - if (!arena) - return rv; - - /* Strip off the signature */ - sd = PORT_ArenaZNew(arena, CERTSignedData); - if (!sd) - goto loser; - - rv = SEC_ASN1DecodeItem(arena, sd, SEC_ASN1_GET(CERT_SignedDataTemplate), - der); - if (rv) - goto loser; - - if (m) { - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - } else { - level -= 1; - } - rv = (*inner)(out, &sd->data, "Data", level+1); - - if (withSignature) { - SECU_PrintAlgorithmID(out, &sd->signatureAlgorithm, "Signature Algorithm", - level+1); - DER_ConvertBitString(&sd->signature); - SECU_PrintAsHex(out, &sd->signature, "Signature", level+1); - } - SECU_PrintFingerprints(out, der, "Fingerprint", level+1); -loser: - PORT_FreeArena(arena, PR_FALSE); - return rv; -} - -int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m, - int level, SECU_PPFunc inner) -{ - return secu_PrintSignedDataSigOpt(out, der, m, level, inner, - withSignature); -} - -int SECU_PrintSignedContent(FILE *out, SECItem *der, char *m, - int level, SECU_PPFunc inner) -{ - return secu_PrintSignedDataSigOpt(out, der, m, level, inner, - noSignature); -} - -SECStatus -SEC_PrintCertificateAndTrust(CERTCertificate *cert, - const char *label, - CERTCertTrust *trust) -{ - SECStatus rv; - SECItem data; - CERTCertTrust certTrust; - - data.data = cert->derCert.data; - data.len = cert->derCert.len; - - rv = SECU_PrintSignedData(stdout, &data, label, 0, - SECU_PrintCertificate); - if (rv) { - return(SECFailure); - } - if (trust) { - SECU_PrintTrustFlags(stdout, trust, - "Certificate Trust Flags", 1); - } else if (CERT_GetCertTrust(cert, &certTrust) == SECSuccess) { - SECU_PrintTrustFlags(stdout, &certTrust, - "Certificate Trust Flags", 1); - } - - printf("\n"); - - return(SECSuccess); -} - - -static char * -bestCertName(CERTCertificate *cert) { - if (cert->nickname) { - return cert->nickname; - } - if (cert->emailAddr && cert->emailAddr[0]) { - return cert->emailAddr; - } - return cert->subjectName; -} - -void -SECU_printCertProblemsOnDate(FILE *outfile, CERTCertDBHandle *handle, - CERTCertificate *cert, PRBool checksig, - SECCertificateUsage certUsage, void *pinArg, PRBool verbose, - PRTime datetime) -{ - CERTVerifyLog log; - CERTVerifyLogNode *node; - - PRErrorCode err = PORT_GetError(); - - log.arena = PORT_NewArena(512); - log.head = log.tail = NULL; - log.count = 0; - CERT_VerifyCertificate(handle, cert, checksig, certUsage, datetime, pinArg, &log, NULL); - - SECU_displayVerifyLog(outfile, &log, verbose); - - for (node = log.head; node; node = node->next) { - if (node->cert) - CERT_DestroyCertificate(node->cert); - } - PORT_FreeArena(log.arena, PR_FALSE); - - PORT_SetError(err); /* restore original error code */ -} - -void -SECU_displayVerifyLog(FILE *outfile, CERTVerifyLog *log, - PRBool verbose) -{ - CERTVerifyLogNode *node = NULL; - unsigned int depth = (unsigned int)-1; - unsigned int flags = 0; - char * errstr = NULL; - - if (log->count > 0) { - fprintf(outfile,"PROBLEM WITH THE CERT CHAIN:\n"); - for (node = log->head; node; node = node->next) { - if (depth != node->depth) { - depth = node->depth; - fprintf(outfile,"CERT %d. %s %s:\n", depth, - bestCertName(node->cert), - depth ? "[Certificate Authority]": ""); - if (verbose) { - const char * emailAddr; - emailAddr = CERT_GetFirstEmailAddress(node->cert); - if (emailAddr) { - fprintf(outfile,"Email Address(es): "); - do { - fprintf(outfile, "%s\n", emailAddr); - emailAddr = CERT_GetNextEmailAddress(node->cert, - emailAddr); - } while (emailAddr); - } - } - } - fprintf(outfile, " ERROR %ld: %s\n", node->error, - SECU_Strerror(node->error)); - errstr = NULL; - switch (node->error) { - case SEC_ERROR_INADEQUATE_KEY_USAGE: - flags = (unsigned int)node->arg; - switch (flags) { - case KU_DIGITAL_SIGNATURE: - errstr = "Cert cannot sign."; - break; - case KU_KEY_ENCIPHERMENT: - errstr = "Cert cannot encrypt."; - break; - case KU_KEY_CERT_SIGN: - errstr = "Cert cannot sign other certs."; - break; - default: - errstr = "[unknown usage]."; - break; - } - case SEC_ERROR_INADEQUATE_CERT_TYPE: - flags = (unsigned int)node->arg; - switch (flags) { - case NS_CERT_TYPE_SSL_CLIENT: - case NS_CERT_TYPE_SSL_SERVER: - errstr = "Cert cannot be used for SSL."; - break; - case NS_CERT_TYPE_SSL_CA: - errstr = "Cert cannot be used as an SSL CA."; - break; - case NS_CERT_TYPE_EMAIL: - errstr = "Cert cannot be used for SMIME."; - break; - case NS_CERT_TYPE_EMAIL_CA: - errstr = "Cert cannot be used as an SMIME CA."; - break; - case NS_CERT_TYPE_OBJECT_SIGNING: - errstr = "Cert cannot be used for object signing."; - break; - case NS_CERT_TYPE_OBJECT_SIGNING_CA: - errstr = "Cert cannot be used as an object signing CA."; - break; - default: - errstr = "[unknown usage]."; - break; - } - case SEC_ERROR_UNKNOWN_ISSUER: - case SEC_ERROR_UNTRUSTED_ISSUER: - case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: - errstr = node->cert->issuerName; - break; - default: - break; - } - if (errstr) { - fprintf(stderr," %s\n",errstr); - } - } - } -} - -void -SECU_printCertProblems(FILE *outfile, CERTCertDBHandle *handle, - CERTCertificate *cert, PRBool checksig, - SECCertificateUsage certUsage, void *pinArg, PRBool verbose) -{ - SECU_printCertProblemsOnDate(outfile, handle, cert, checksig, - certUsage, pinArg, verbose, PR_Now()); -} - -SECStatus -SECU_StoreCRL(PK11SlotInfo *slot, SECItem *derCrl, PRFileDesc *outFile, - PRBool ascii, char *url) -{ - PORT_Assert(derCrl != NULL); - if (!derCrl) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - if (outFile != NULL) { - if (ascii) { - PR_fprintf(outFile, "%s\n%s\n%s\n", NS_CRL_HEADER, - BTOA_DataToAscii(derCrl->data, derCrl->len), - NS_CRL_TRAILER); - } else { - if (PR_Write(outFile, derCrl->data, derCrl->len) != derCrl->len) { - return SECFailure; - } - } - } - if (slot) { - CERTSignedCrl *newCrl = PK11_ImportCRL(slot, derCrl, url, - SEC_CRL_TYPE, NULL, 0, NULL, 0); - if (newCrl != NULL) { - SEC_DestroyCrl(newCrl); - return SECSuccess; - } - return SECFailure; - } - if (!outFile && !slot) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - return SECSuccess; -} - -SECStatus -SECU_SignAndEncodeCRL(CERTCertificate *issuer, CERTSignedCrl *signCrl, - SECOidTag hashAlgTag, SignAndEncodeFuncExitStat *resCode) -{ - SECItem der; - SECKEYPrivateKey *caPrivateKey = NULL; - SECStatus rv; - PRArenaPool *arena; - SECOidTag algID; - void *dummy; - - PORT_Assert(issuer != NULL && signCrl != NULL); - if (!issuer || !signCrl) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - arena = signCrl->arena; - - caPrivateKey = PK11_FindKeyByAnyCert(issuer, NULL); - if (caPrivateKey == NULL) { - *resCode = noKeyFound; - return SECFailure; - } - - algID = SEC_GetSignatureAlgorithmOidTag(caPrivateKey->keyType, hashAlgTag); - if (algID == SEC_OID_UNKNOWN) { - *resCode = noSignatureMatch; - rv = SECFailure; - goto done; - } - - if (!signCrl->crl.signatureAlg.parameters.data) { - rv = SECOID_SetAlgorithmID(arena, &signCrl->crl.signatureAlg, algID, 0); - if (rv != SECSuccess) { - *resCode = failToEncode; - goto done; - } - } - - der.len = 0; - der.data = NULL; - dummy = SEC_ASN1EncodeItem(arena, &der, &signCrl->crl, - SEC_ASN1_GET(CERT_CrlTemplate)); - if (!dummy) { - *resCode = failToEncode; - rv = SECFailure; - goto done; - } - - rv = SECU_DerSignDataCRL(arena, &signCrl->signatureWrap, - der.data, der.len, caPrivateKey, algID); - if (rv != SECSuccess) { - *resCode = failToSign; - goto done; - } - - signCrl->derCrl = PORT_ArenaZNew(arena, SECItem); - if (signCrl->derCrl == NULL) { - *resCode = noMem; - PORT_SetError(SEC_ERROR_NO_MEMORY); - rv = SECFailure; - goto done; - } - - signCrl->derCrl->len = 0; - signCrl->derCrl->data = NULL; - dummy = SEC_ASN1EncodeItem (arena, signCrl->derCrl, signCrl, - SEC_ASN1_GET(CERT_SignedCrlTemplate)); - if (!dummy) { - *resCode = failToEncode; - rv = SECFailure; - goto done; - } - -done: - if (caPrivateKey) { - SECKEY_DestroyPrivateKey(caPrivateKey); - } - return rv; -} - - - -SECStatus -SECU_CopyCRL(PRArenaPool *destArena, CERTCrl *destCrl, CERTCrl *srcCrl) -{ - void *dummy; - SECStatus rv = SECSuccess; - SECItem der; - - PORT_Assert(destArena && srcCrl && destCrl); - if (!destArena || !srcCrl || !destCrl) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - der.len = 0; - der.data = NULL; - dummy = SEC_ASN1EncodeItem (destArena, &der, srcCrl, - SEC_ASN1_GET(CERT_CrlTemplate)); - if (!dummy) { - return SECFailure; - } - - rv = SEC_QuickDERDecodeItem(destArena, destCrl, - SEC_ASN1_GET(CERT_CrlTemplate), &der); - if (rv != SECSuccess) { - return SECFailure; - } - - destCrl->arena = destArena; - - return rv; -} - -SECStatus -SECU_DerSignDataCRL(PRArenaPool *arena, CERTSignedData *sd, - unsigned char *buf, int len, SECKEYPrivateKey *pk, - SECOidTag algID) -{ - SECItem it; - SECStatus rv; - - it.data = 0; - - /* XXX We should probably have some asserts here to make sure the key type - * and algID match - */ - - /* Sign input buffer */ - rv = SEC_SignData(&it, buf, len, pk, algID); - if (rv) goto loser; - - /* Fill out SignedData object */ - PORT_Memset(sd, 0, sizeof(*sd)); - sd->data.data = buf; - sd->data.len = len; - sd->signature.data = it.data; - sd->signature.len = it.len << 3; /* convert to bit string */ - rv = SECOID_SetAlgorithmID(arena, &sd->signatureAlgorithm, algID, 0); - if (rv) goto loser; - - return rv; - - loser: - PORT_Free(it.data); - return rv; -} - -#if 0 - -/* we need access to the private function cert_FindExtension for this code to work */ - -CERTAuthKeyID * -SECU_FindCRLAuthKeyIDExten (PRArenaPool *arena, CERTSignedCrl *scrl) -{ - SECItem encodedExtenValue; - SECStatus rv; - CERTAuthKeyID *ret; - CERTCrl* crl; - - if (!scrl) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return NULL; - } - - crl = &scrl->crl; - - encodedExtenValue.data = NULL; - encodedExtenValue.len = 0; - - rv = cert_FindExtension(crl->extensions, SEC_OID_X509_AUTH_KEY_ID, - &encodedExtenValue); - if ( rv != SECSuccess ) { - return (NULL); - } - - ret = CERT_DecodeAuthKeyID (arena, &encodedExtenValue); - - PORT_Free(encodedExtenValue.data); - encodedExtenValue.data = NULL; - - return(ret); -} - -#endif - -/* - * Find the issuer of a Crl. Use the authorityKeyID if it exists. - */ -CERTCertificate * -SECU_FindCrlIssuer(CERTCertDBHandle *dbhandle, SECItem* subject, - CERTAuthKeyID* authorityKeyID, PRTime validTime) -{ - CERTCertificate *issuerCert = NULL; - CERTCertList *certList = NULL; - CERTCertTrust trust; - - if (!subject) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return NULL; - } - - certList = - CERT_CreateSubjectCertList(NULL, dbhandle, subject, - validTime, PR_TRUE); - if (certList) { - CERTCertListNode *node = CERT_LIST_HEAD(certList); - - /* XXX and authoritykeyid in the future */ - while ( ! CERT_LIST_END(node, certList) ) { - CERTCertificate *cert = node->cert; - /* check cert CERTCertTrust data is allocated, check cert - usage extension, check that cert has pkey in db. Select - the first (newest) user cert */ - if (CERT_GetCertTrust(cert, &trust) == SECSuccess && - CERT_CheckCertUsage(cert, KU_CRL_SIGN) == SECSuccess && - CERT_IsUserCert(cert)) { - - issuerCert = CERT_DupCertificate(cert); - break; - } - node = CERT_LIST_NEXT(node); - } - CERT_DestroyCertList(certList); - } - return(issuerCert); -} - - -/* Encodes and adds extensions to the CRL or CRL entries. */ -SECStatus -SECU_EncodeAndAddExtensionValue(PRArenaPool *arena, void *extHandle, - void *value, PRBool criticality, int extenType, - EXTEN_EXT_VALUE_ENCODER EncodeValueFn) -{ - SECItem encodedValue; - SECStatus rv; - - encodedValue.data = NULL; - encodedValue.len = 0; - do { - rv = (*EncodeValueFn)(arena, value, &encodedValue); - if (rv != SECSuccess) - break; - - rv = CERT_AddExtension(extHandle, extenType, &encodedValue, - criticality, PR_TRUE); - if (rv != SECSuccess) - break; - } while (0); - - return (rv); -} - -CERTCertificate* -SECU_FindCertByNicknameOrFilename(CERTCertDBHandle *handle, - char *name, PRBool ascii, - void *pwarg) -{ - CERTCertificate *the_cert; - the_cert = CERT_FindCertByNicknameOrEmailAddr(handle, name); - if (the_cert) { - return the_cert; - } - the_cert = PK11_FindCertFromNickname(name, pwarg); - if (!the_cert) { - /* Don't have a cert with name "name" in the DB. Try to - * open a file with such name and get the cert from there.*/ - SECStatus rv; - SECItem item = {0, NULL, 0}; - PRFileDesc* fd = PR_Open(name, PR_RDONLY, 0777); - if (!fd) { - return NULL; - } - rv = SECU_ReadDERFromFile(&item, fd, ascii); - PR_Close(fd); - if (rv != SECSuccess || !item.len) { - PORT_Free(item.data); - return NULL; - } - the_cert = CERT_NewTempCertificate(handle, &item, - NULL /* nickname */, - PR_FALSE /* isPerm */, - PR_TRUE /* copyDER */); - PORT_Free(item.data); - } - return the_cert; -} - -/* Convert a SSL/TLS protocol version string into the respective numeric value - * defined by the SSL_LIBRARY_VERSION_* constants, - * while accepting a flexible set of case-insensitive identifiers. - * - * Caller must specify bufLen, allowing the function to operate on substrings. - */ -static SECStatus -SECU_GetSSLVersionFromName(const char *buf, size_t bufLen, PRUint16 *version) -{ - if (!buf || !version) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - if (!PL_strncasecmp(buf, "ssl2", bufLen)) { - *version = SSL_LIBRARY_VERSION_2; - return SECSuccess; - } - if (!PL_strncasecmp(buf, "ssl3", bufLen)) { - *version = SSL_LIBRARY_VERSION_3_0; - return SECSuccess; - } - if (!PL_strncasecmp(buf, "tls1.0", bufLen)) { - *version = SSL_LIBRARY_VERSION_TLS_1_0; - return SECSuccess; - } - if (!PL_strncasecmp(buf, "tls1.1", bufLen)) { - *version = SSL_LIBRARY_VERSION_TLS_1_1; - return SECSuccess; - } - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; -} - -SECStatus -SECU_ParseSSLVersionRangeString(const char *input, - const SSLVersionRange defaultVersionRange, - const PRBool defaultEnableSSL2, - SSLVersionRange *vrange, PRBool *enableSSL2) -{ - const char *colonPos; - size_t colonIndex; - const char *maxStr; - - if (!input || !vrange || !enableSSL2) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - if (!strcmp(input, ":")) { - /* special value, use default */ - *enableSSL2 = defaultEnableSSL2; - *vrange = defaultVersionRange; - return SECSuccess; - } - - colonPos = strchr(input, ':'); - if (!colonPos) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - colonIndex = colonPos - input; - maxStr = colonPos + 1; - - if (!colonIndex) { - /* colon was first character, min version is empty */ - *enableSSL2 = defaultEnableSSL2; - vrange->min = defaultVersionRange.min; - } else { - PRUint16 version; - /* colonIndex is equivalent to the length of the min version substring */ - if (SECU_GetSSLVersionFromName(input, colonIndex, &version) != SECSuccess) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - if (version == SSL_LIBRARY_VERSION_2) { - *enableSSL2 = PR_TRUE; - vrange->min = defaultVersionRange.min; - } else { - *enableSSL2 = PR_FALSE; - vrange->min = version; - } - } - - if (!*maxStr) { - vrange->max = defaultVersionRange.max; - } else { - PRUint16 version; - /* if max version is empty, then maxStr points to the string terminator */ - if (SECU_GetSSLVersionFromName(maxStr, strlen(maxStr), &version) - != SECSuccess) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - if (version == SSL_LIBRARY_VERSION_2) { - /* consistency checking, require that min allows enableSSL2, too */ - if (!*enableSSL2) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - /* we use 0 because SSL_LIBRARY_VERSION_NONE is private: */ - vrange->min = 0; - vrange->max = 0; - } else { - vrange->max = version; - } - } - - return SECSuccess; -} diff --git a/security/nss/cmd/lib/secutil.h b/security/nss/cmd/lib/secutil.h deleted file mode 100644 index dc8c0324a..000000000 --- a/security/nss/cmd/lib/secutil.h +++ /dev/null @@ -1,425 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -#ifndef _SEC_UTIL_H_ -#define _SEC_UTIL_H_ - -#include "seccomon.h" -#include "secitem.h" -#include "secport.h" -#include "prerror.h" -#include "base64.h" -#include "key.h" -#include "secpkcs7.h" -#include "secasn1.h" -#include "secder.h" -#include <stdio.h> - -#include "basicutil.h" -#include "sslerr.h" -#include "sslt.h" - - -#define SEC_CT_PRIVATE_KEY "private-key" -#define SEC_CT_PUBLIC_KEY "public-key" -#define SEC_CT_CERTIFICATE "certificate" -#define SEC_CT_CERTIFICATE_REQUEST "certificate-request" -#define SEC_CT_CERTIFICATE_ID "certificate-identity" -#define SEC_CT_PKCS7 "pkcs7" -#define SEC_CT_CRL "crl" -#define SEC_CT_NAME "name" - -#define NS_CERTREQ_HEADER "-----BEGIN NEW CERTIFICATE REQUEST-----" -#define NS_CERTREQ_TRAILER "-----END NEW CERTIFICATE REQUEST-----" - -#define NS_CERT_HEADER "-----BEGIN CERTIFICATE-----" -#define NS_CERT_TRAILER "-----END CERTIFICATE-----" - -#define NS_CRL_HEADER "-----BEGIN CRL-----" -#define NS_CRL_TRAILER "-----END CRL-----" - -#define SECU_Strerror PORT_ErrorToString - - -typedef struct { - enum { - PW_NONE = 0, - PW_FROMFILE = 1, - PW_PLAINTEXT = 2, - PW_EXTERNAL = 3 - } source; - char *data; -} secuPWData; - -/* -** Change a password on a token, or initialize a token with a password -** if it does not already have one. -** Use passwd to send the password in plaintext, pwFile to specify a -** file containing the password, or NULL for both to prompt the user. -*/ -SECStatus SECU_ChangePW(PK11SlotInfo *slot, char *passwd, char *pwFile); - -/* -** Change a password on a token, or initialize a token with a password -** if it does not already have one. -** In this function, you can specify both the old and new passwords -** as either a string or file. NOTE: any you don't specify will -** be prompted for -*/ -SECStatus SECU_ChangePW2(PK11SlotInfo *slot, char *oldPass, char *newPass, - char *oldPwFile, char *newPwFile); - -/* These were stolen from the old sec.h... */ -/* -** Check a password for legitimacy. Passwords must be at least 8 -** characters long and contain one non-alphabetic. Return DSTrue if the -** password is ok, DSFalse otherwise. -*/ -extern PRBool SEC_CheckPassword(char *password); - -/* -** Blind check of a password. Complement to SEC_CheckPassword which -** ignores length and content type, just retuning DSTrue is the password -** exists, DSFalse if NULL -*/ -extern PRBool SEC_BlindCheckPassword(char *password); - -/* -** Get a password. -** First prompt with "msg" on "out", then read the password from "in". -** The password is then checked using "chkpw". -*/ -extern char *SEC_GetPassword(FILE *in, FILE *out, char *msg, - PRBool (*chkpw)(char *)); - -char *SECU_FilePasswd(PK11SlotInfo *slot, PRBool retry, void *arg); - -char *SECU_GetPasswordString(void *arg, char *prompt); - -/* -** Write a dongle password. -** Uses MD5 to hash constant system data (hostname, etc.), and then -** creates RC4 key to encrypt a password "pw" into a file "fd". -*/ -extern SECStatus SEC_WriteDongleFile(int fd, char *pw); - -/* -** Get a dongle password. -** Uses MD5 to hash constant system data (hostname, etc.), and then -** creates RC4 key to decrypt and return a password from file "fd". -*/ -extern char *SEC_ReadDongleFile(int fd); - - -/* End stolen headers */ - -/* Just sticks the two strings together with a / if needed */ -char *SECU_AppendFilenameToDir(char *dir, char *filename); - -/* Returns result of getenv("SSL_DIR") or NULL */ -extern char *SECU_DefaultSSLDir(void); - -/* -** Should be called once during initialization to set the default -** directory for looking for cert.db, key.db, and cert-nameidx.db files -** Removes trailing '/' in 'base' -** If 'base' is NULL, defaults to set to .netscape in home directory. -*/ -extern char *SECU_ConfigDirectory(const char* base); - -/* -** Basic callback function for SSL_GetClientAuthDataHook -*/ -extern int -SECU_GetClientAuthData(void *arg, PRFileDesc *fd, - struct CERTDistNamesStr *caNames, - struct CERTCertificateStr **pRetCert, - struct SECKEYPrivateKeyStr **pRetKey); - -extern PRBool SECU_GetWrapEnabled(void); -extern void SECU_EnableWrap(PRBool enable); - -/* revalidate the cert and print information about cert verification - * failure at time == now */ -extern void -SECU_printCertProblems(FILE *outfile, CERTCertDBHandle *handle, - CERTCertificate *cert, PRBool checksig, - SECCertificateUsage certUsage, void *pinArg, PRBool verbose); - -/* revalidate the cert and print information about cert verification - * failure at specified time */ -extern void -SECU_printCertProblemsOnDate(FILE *outfile, CERTCertDBHandle *handle, - CERTCertificate *cert, PRBool checksig, SECCertificateUsage certUsage, - void *pinArg, PRBool verbose, PRTime datetime); - -/* print out CERTVerifyLog info. */ -extern void -SECU_displayVerifyLog(FILE *outfile, CERTVerifyLog *log, - PRBool verbose); - -/* Read in a DER from a file, may be ascii */ -extern SECStatus -SECU_ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii); - -/* Print integer value and hex */ -extern void SECU_PrintInteger(FILE *out, SECItem *i, char *m, int level); - -/* Print ObjectIdentifier symbolically */ -extern SECOidTag SECU_PrintObjectID(FILE *out, SECItem *oid, char *m, int level); - -/* Print AlgorithmIdentifier symbolically */ -extern void SECU_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m, - int level); - -/* - * Format and print the UTC Time "t". If the tag message "m" is not NULL, - * do indent formatting based on "level" and add a newline afterward; - * otherwise just print the formatted time string only. - */ -extern void SECU_PrintUTCTime(FILE *out, SECItem *t, char *m, int level); - -/* - * Format and print the Generalized Time "t". If the tag message "m" - * is not NULL, * do indent formatting based on "level" and add a newline - * afterward; otherwise just print the formatted time string only. - */ -extern void SECU_PrintGeneralizedTime(FILE *out, SECItem *t, char *m, - int level); - -/* - * Format and print the UTC or Generalized Time "t". If the tag message - * "m" is not NULL, do indent formatting based on "level" and add a newline - * afterward; otherwise just print the formatted time string only. - */ -extern void SECU_PrintTimeChoice(FILE *out, SECItem *t, char *m, int level); - -/* callback for listing certs through pkcs11 */ -extern SECStatus SECU_PrintCertNickname(CERTCertListNode* cert, void *data); - -/* Dump all certificate nicknames in a database */ -extern SECStatus -SECU_PrintCertificateNames(CERTCertDBHandle *handle, PRFileDesc* out, - PRBool sortByName, PRBool sortByTrust); - -/* See if nickname already in database. Return 1 true, 0 false, -1 error */ -int SECU_CheckCertNameExists(CERTCertDBHandle *handle, char *nickname); - -/* Dump contents of cert req */ -extern int SECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m, - int level); - -/* Dump contents of certificate */ -extern int SECU_PrintCertificate(FILE *out, SECItem *der, char *m, int level); - -extern int SECU_PrintDumpDerIssuerAndSerial(FILE *out, SECItem *der, char *m, - int level); - -/* Dump contents of a DER certificate name (issuer or subject) */ -extern int SECU_PrintDERName(FILE *out, SECItem *der, const char *m, int level); - -/* print trust flags on a cert */ -extern void SECU_PrintTrustFlags(FILE *out, CERTCertTrust *trust, char *m, - int level); - -extern int SECU_PrintSubjectPublicKeyInfo(FILE *out, SECItem *der, char *m, - int level); - -#ifdef HAVE_EPV_TEMPLATE -/* Dump contents of private key */ -extern int SECU_PrintPrivateKey(FILE *out, SECItem *der, char *m, int level); -#endif - -/* Dump contents of an RSA public key */ -extern void SECU_PrintRSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level); - -/* Dump contents of a DSA public key */ -extern void SECU_PrintDSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level); - -/* Print the MD5 and SHA1 fingerprints of a cert */ -extern int SECU_PrintFingerprints(FILE *out, SECItem *derCert, char *m, - int level); - -/* Pretty-print any PKCS7 thing */ -extern int SECU_PrintPKCS7ContentInfo(FILE *out, SECItem *der, char *m, - int level); - -/* Init PKCS11 stuff */ -extern SECStatus SECU_PKCS11Init(PRBool readOnly); - -/* Dump contents of signed data */ -extern int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m, - int level, SECU_PPFunc inner); - -/* Dump contents of signed data, excluding the signature */ -extern int SECU_PrintSignedContent(FILE *out, SECItem *der, char *m, int level, - SECU_PPFunc inner); - -/* Print cert data and its trust flags */ -extern SECStatus SEC_PrintCertificateAndTrust(CERTCertificate *cert, - const char *label, - CERTCertTrust *trust); - -extern int SECU_PrintCrl(FILE *out, SECItem *der, char *m, int level); - -extern void -SECU_PrintCRLInfo(FILE *out, CERTCrl *crl, char *m, int level); - -extern void SECU_PrintString(FILE *out, SECItem *si, char *m, int level); -extern void SECU_PrintAny(FILE *out, SECItem *i, char *m, int level); - -extern void SECU_PrintPolicy(FILE *out, SECItem *value, char *msg, int level); -extern void SECU_PrintPrivKeyUsagePeriodExtension(FILE *out, SECItem *value, - char *msg, int level); - -extern void SECU_PrintExtensions(FILE *out, CERTCertExtension **extensions, - char *msg, int level); - -extern void SECU_PrintNameQuotesOptional(FILE *out, CERTName *name, - const char *msg, int level, - PRBool quotes); -extern void SECU_PrintName(FILE *out, CERTName *name, const char *msg, - int level); -extern void SECU_PrintRDN(FILE *out, CERTRDN *rdn, const char *msg, int level); - -#ifdef SECU_GetPassword -/* Convert a High public Key to a Low public Key */ -extern SECKEYLowPublicKey *SECU_ConvHighToLow(SECKEYPublicKey *pubHighKey); -#endif - -extern char *SECU_GetModulePassword(PK11SlotInfo *slot, PRBool retry, void *arg); - -extern SECStatus DER_PrettyPrint(FILE *out, SECItem *it, PRBool raw); - -extern char *SECU_SECModDBName(void); - -/* Fetch and register an oid if it hasn't been done already */ -extern void SECU_cert_fetchOID(SECOidTag *data, const SECOidData *src); - -extern SECStatus SECU_RegisterDynamicOids(void); - -/* Identifies hash algorithm tag by its string representation. */ -extern SECOidTag SECU_StringToSignatureAlgTag(const char *alg); - -/* Store CRL in output file or pk11 db. Also - * encodes with base64 and exports to file if ascii flag is set - * and file is not NULL. */ -extern SECStatus SECU_StoreCRL(PK11SlotInfo *slot, SECItem *derCrl, - PRFileDesc *outFile, PRBool ascii, char *url); - - -/* -** DER sign a single block of data using private key encryption and the -** MD5 hashing algorithm. This routine first computes a digital signature -** using SEC_SignData, then wraps it with an CERTSignedData and then der -** encodes the result. -** "arena" is the memory arena to use to allocate data from -** "sd" returned CERTSignedData -** "result" the final der encoded data (memory is allocated) -** "buf" the input data to sign -** "len" the amount of data to sign -** "pk" the private key to encrypt with -*/ -extern SECStatus SECU_DerSignDataCRL(PLArenaPool *arena, CERTSignedData *sd, - unsigned char *buf, int len, - SECKEYPrivateKey *pk, SECOidTag algID); - -typedef enum { - noKeyFound = 1, - noSignatureMatch = 2, - failToEncode = 3, - failToSign = 4, - noMem = 5 -} SignAndEncodeFuncExitStat; - -extern SECStatus -SECU_SignAndEncodeCRL(CERTCertificate *issuer, CERTSignedCrl *signCrl, - SECOidTag hashAlgTag, SignAndEncodeFuncExitStat *resCode); - -extern SECStatus -SECU_CopyCRL(PLArenaPool *destArena, CERTCrl *destCrl, CERTCrl *srcCrl); - -/* -** Finds the crl Authority Key Id extension. Returns NULL if no such extension -** was found. -*/ -CERTAuthKeyID * -SECU_FindCRLAuthKeyIDExten (PLArenaPool *arena, CERTSignedCrl *crl); - -/* - * Find the issuer of a crl. Cert usage should be checked before signing a crl. - */ -CERTCertificate * -SECU_FindCrlIssuer(CERTCertDBHandle *dbHandle, SECItem* subject, - CERTAuthKeyID* id, PRTime validTime); - - -/* call back function used in encoding of an extension. Called from - * SECU_EncodeAndAddExtensionValue */ -typedef SECStatus (* EXTEN_EXT_VALUE_ENCODER) (PLArenaPool *extHandleArena, - void *value, SECItem *encodedValue); - -/* Encodes and adds extensions to the CRL or CRL entries. */ -SECStatus -SECU_EncodeAndAddExtensionValue(PLArenaPool *arena, void *extHandle, - void *value, PRBool criticality, int extenType, - EXTEN_EXT_VALUE_ENCODER EncodeValueFn); - -/* Caller ensures that dst is at least item->len*2+1 bytes long */ -void -SECU_SECItemToHex(const SECItem * item, char * dst); - -/* Requires 0x prefix. Case-insensitive. Will do in-place replacement if - * successful */ -SECStatus -SECU_SECItemHexStringToBinary(SECItem* srcdest); - -/* Parse a version range string, with "min" and "max" version numbers, - * separated by colon (":"), and return the result in vr and v2. - * - * Both min and max values are optional. - * The following syntax is used to specify the enabled protocol versions: - * A string with only a max value is expected as ":{max}", - * and all implemented versions less than or equal to max will be enabled. - * A string with only a min value is expected as "{min}:", - * and all implemented versions greater than or equal to min will be enabled. - * A string consisting of a colon only means "all versions enabled". - * - * Because output parameter type SSLVersionRange doesn't allow to set - * version 2 values, we use a separate boolean output parameter - * to return whether SSL 2 is enabled. - * - * In order to avoid a link dependency from libsectool to libssl, - * the caller must provide the desired default values for the min/max values, - * by providing defaultEnableSSL2 and defaultVersionRange - * (which can be obtained from libssl by calling SSL_VersionRangeGetSupported). - */ -SECStatus -SECU_ParseSSLVersionRangeString(const char *input, - const SSLVersionRange defaultVersionRange, - const PRBool defaultEnableSSL2, - SSLVersionRange *vrange, - PRBool *enableSSL2); - -/* - * - * Error messaging - * - */ - -void printflags(char *trusts, unsigned int flags); - -#if !defined(XP_UNIX) && !defined(XP_OS2) -extern int ffs(unsigned int i); -#endif - -/* Finds certificate by searching it in the DB or by examinig file - * in the local directory. */ -CERTCertificate* -SECU_FindCertByNicknameOrFilename(CERTCertDBHandle *handle, - char *name, PRBool ascii, - void *pwarg); -#include "secerr.h" -#include "sslerr.h" - -#endif /* _SEC_UTIL_H_ */ |