diff options
Diffstat (limited to 'security/nss/lib/ckfw')
84 files changed, 41114 insertions, 1506 deletions
diff --git a/security/nss/lib/ckfw/Makefile b/security/nss/lib/ckfw/Makefile new file mode 100644 index 000000000..186498435 --- /dev/null +++ b/security/nss/lib/ckfw/Makefile @@ -0,0 +1,72 @@ +# +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is +# Netscape Communications Corporation. +# Portions created by the Initial Developer are Copyright (C) 1994-2000 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** +MAKEFILE_CVS_ID = "@(#) $RCSfile$ $Revision$ $Date$" + +include manifest.mn +include $(CORE_DEPTH)/coreconf/config.mk +include config.mk +include $(CORE_DEPTH)/coreconf/rules.mk + +ifdef NOTDEF # was ifdef MOZILLA_CLIENT +NSS_BUILD_CAPI = 1 +endif + +# This'll need some help from a build person. + +# The generated files are checked in, and differ from what ckapi.perl +# will produce. ckapi.perl is currently newer than the targets, so +# these rules are invoked, causing the wrong files to be generated. +# Turning off to fix builds. +# +# nssckepv.h: ck.api ckapi.perl +# nssckft.h: ck.api ckapi.perl +# nssckg.h: ck.api ckapi.perl +# nssck.api: ck.api ckapi.perl +# $(PERL) ckapi.perl ck.api + +export:: private_export + +# can't do this in manifest.mn because OS_TARGET isn't defined there. +ifeq (,$(filter-out WINNT WIN95,$(OS_TARGET))) # list omits WINCE +ifdef NSS_BUILD_CAPI +DIRS += capi +endif +endif + +#ifeq ($(OS_ARCH), Darwin) +#DIRS += nssmkey +#endif diff --git a/security/nss/lib/ckfw/builtins/certdata.c b/security/nss/lib/ckfw/builtins/certdata.c index 7d5d8324f..96aba3e78 100644 --- a/security/nss/lib/ckfw/builtins/certdata.c +++ b/security/nss/lib/ckfw/builtins/certdata.c @@ -1075,18 +1075,6 @@ static const CK_ATTRIBUTE_TYPE nss_builtins_types_338 [] = { static const CK_ATTRIBUTE_TYPE nss_builtins_types_339 [] = { CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED }; -static const CK_ATTRIBUTE_TYPE nss_builtins_types_340 [] = { - CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE -}; -static const CK_ATTRIBUTE_TYPE nss_builtins_types_341 [] = { - CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED -}; -static const CK_ATTRIBUTE_TYPE nss_builtins_types_342 [] = { - CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE -}; -static const CK_ATTRIBUTE_TYPE nss_builtins_types_343 [] = { - CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED -}; #ifdef DEBUG static const NSSItem nss_builtins_items_0 [] = { { (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) }, @@ -1750,191 +1738,6 @@ static const NSSItem nss_builtins_items_14 [] = { { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)"Verisign Class 1 Public Primary Certification Authority", (PRUint32)56 }, - { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) }, - { (void *)"\060\137\061\013\060\011\006\003\125\004\006\023\002\125\123\061" -"\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151" -"\147\156\054\040\111\156\143\056\061\067\060\065\006\003\125\004" -"\013\023\056\103\154\141\163\163\040\061\040\120\165\142\154\151" -"\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146" -"\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164" -"\171" -, (PRUint32)97 }, - { (void *)"0", (PRUint32)2 }, - { (void *)"\060\137\061\013\060\011\006\003\125\004\006\023\002\125\123\061" -"\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151" -"\147\156\054\040\111\156\143\056\061\067\060\065\006\003\125\004" -"\013\023\056\103\154\141\163\163\040\061\040\120\165\142\154\151" -"\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146" -"\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164" -"\171" -, (PRUint32)97 }, - { (void *)"\002\021\000\315\272\177\126\360\337\344\274\124\376\042\254\263" -"\162\252\125" -, (PRUint32)19 }, - { (void *)"\060\202\002\075\060\202\001\246\002\021\000\315\272\177\126\360" -"\337\344\274\124\376\042\254\263\162\252\125\060\015\006\011\052" -"\206\110\206\367\015\001\001\002\005\000\060\137\061\013\060\011" -"\006\003\125\004\006\023\002\125\123\061\027\060\025\006\003\125" -"\004\012\023\016\126\145\162\151\123\151\147\156\054\040\111\156" -"\143\056\061\067\060\065\006\003\125\004\013\023\056\103\154\141" -"\163\163\040\061\040\120\165\142\154\151\143\040\120\162\151\155" -"\141\162\171\040\103\145\162\164\151\146\151\143\141\164\151\157" -"\156\040\101\165\164\150\157\162\151\164\171\060\036\027\015\071" -"\066\060\061\062\071\060\060\060\060\060\060\132\027\015\062\070" -"\060\070\060\061\062\063\065\071\065\071\132\060\137\061\013\060" -"\011\006\003\125\004\006\023\002\125\123\061\027\060\025\006\003" -"\125\004\012\023\016\126\145\162\151\123\151\147\156\054\040\111" -"\156\143\056\061\067\060\065\006\003\125\004\013\023\056\103\154" -"\141\163\163\040\061\040\120\165\142\154\151\143\040\120\162\151" -"\155\141\162\171\040\103\145\162\164\151\146\151\143\141\164\151" -"\157\156\040\101\165\164\150\157\162\151\164\171\060\201\237\060" -"\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003\201" -"\215\000\060\201\211\002\201\201\000\345\031\277\155\243\126\141" -"\055\231\110\161\366\147\336\271\215\353\267\236\206\200\012\221" -"\016\372\070\045\257\106\210\202\345\163\250\240\233\044\135\015" -"\037\314\145\156\014\260\320\126\204\030\207\232\006\233\020\241" -"\163\337\264\130\071\153\156\301\366\025\325\250\250\077\252\022" -"\006\215\061\254\177\260\064\327\217\064\147\210\011\315\024\021" -"\342\116\105\126\151\037\170\002\200\332\334\107\221\051\273\066" -"\311\143\134\305\340\327\055\207\173\241\267\062\260\173\060\272" -"\052\057\061\252\356\243\147\332\333\002\003\001\000\001\060\015" -"\006\011\052\206\110\206\367\015\001\001\002\005\000\003\201\201" -"\000\114\077\270\213\306\150\337\356\103\063\016\135\351\246\313" -"\007\204\115\172\063\377\222\033\364\066\255\330\225\042\066\150" -"\021\154\174\102\314\363\234\056\304\007\077\024\260\017\117\377" -"\220\222\166\371\342\274\112\351\217\315\240\200\012\367\305\051" -"\361\202\042\135\270\261\335\201\043\243\173\045\025\106\060\171" -"\026\370\352\005\113\224\177\035\302\034\310\343\267\364\020\100" -"\074\023\303\137\037\123\350\110\344\206\264\173\241\065\260\173" -"\045\272\270\323\216\253\077\070\235\000\064\000\230\363\321\161" -"\224" -, (PRUint32)577 } -}; -static const NSSItem nss_builtins_items_15 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)"Verisign Class 1 Public Primary Certification Authority", (PRUint32)56 }, - { (void *)"\220\256\242\151\205\377\024\200\114\103\111\122\354\351\140\204" -"\167\257\125\157" -, (PRUint32)20 }, - { (void *)"\227\140\350\127\137\323\120\107\345\103\014\224\066\212\260\142" -, (PRUint32)16 }, - { (void *)"\060\137\061\013\060\011\006\003\125\004\006\023\002\125\123\061" -"\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151" -"\147\156\054\040\111\156\143\056\061\067\060\065\006\003\125\004" -"\013\023\056\103\154\141\163\163\040\061\040\120\165\142\154\151" -"\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146" -"\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164" -"\171" -, (PRUint32)97 }, - { (void *)"\002\021\000\315\272\177\126\360\337\344\274\124\376\042\254\263" -"\162\252\125" -, (PRUint32)19 }, - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } -}; -static const NSSItem nss_builtins_items_16 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)"Verisign Class 2 Public Primary Certification Authority", (PRUint32)56 }, - { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) }, - { (void *)"\060\137\061\013\060\011\006\003\125\004\006\023\002\125\123\061" -"\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151" -"\147\156\054\040\111\156\143\056\061\067\060\065\006\003\125\004" -"\013\023\056\103\154\141\163\163\040\062\040\120\165\142\154\151" -"\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146" -"\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164" -"\171" -, (PRUint32)97 }, - { (void *)"0", (PRUint32)2 }, - { (void *)"\060\137\061\013\060\011\006\003\125\004\006\023\002\125\123\061" -"\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151" -"\147\156\054\040\111\156\143\056\061\067\060\065\006\003\125\004" -"\013\023\056\103\154\141\163\163\040\062\040\120\165\142\154\151" -"\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146" -"\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164" -"\171" -, (PRUint32)97 }, - { (void *)"\002\020\055\033\374\112\027\215\243\221\353\347\377\365\213\105" -"\276\013" -, (PRUint32)18 }, - { (void *)"\060\202\002\074\060\202\001\245\002\020\055\033\374\112\027\215" -"\243\221\353\347\377\365\213\105\276\013\060\015\006\011\052\206" -"\110\206\367\015\001\001\002\005\000\060\137\061\013\060\011\006" -"\003\125\004\006\023\002\125\123\061\027\060\025\006\003\125\004" -"\012\023\016\126\145\162\151\123\151\147\156\054\040\111\156\143" -"\056\061\067\060\065\006\003\125\004\013\023\056\103\154\141\163" -"\163\040\062\040\120\165\142\154\151\143\040\120\162\151\155\141" -"\162\171\040\103\145\162\164\151\146\151\143\141\164\151\157\156" -"\040\101\165\164\150\157\162\151\164\171\060\036\027\015\071\066" -"\060\061\062\071\060\060\060\060\060\060\132\027\015\062\070\060" -"\070\060\061\062\063\065\071\065\071\132\060\137\061\013\060\011" -"\006\003\125\004\006\023\002\125\123\061\027\060\025\006\003\125" -"\004\012\023\016\126\145\162\151\123\151\147\156\054\040\111\156" -"\143\056\061\067\060\065\006\003\125\004\013\023\056\103\154\141" -"\163\163\040\062\040\120\165\142\154\151\143\040\120\162\151\155" -"\141\162\171\040\103\145\162\164\151\146\151\143\141\164\151\157" -"\156\040\101\165\164\150\157\162\151\164\171\060\201\237\060\015" -"\006\011\052\206\110\206\367\015\001\001\001\005\000\003\201\215" -"\000\060\201\211\002\201\201\000\266\132\213\243\015\152\043\203" -"\200\153\317\071\207\364\041\023\063\006\114\045\242\355\125\022" -"\227\305\247\200\271\372\203\301\040\240\372\057\025\015\174\241" -"\140\153\176\171\054\372\006\017\072\256\366\033\157\261\322\377" -"\057\050\122\137\203\175\113\304\172\267\370\146\037\200\124\374" -"\267\302\216\131\112\024\127\106\321\232\223\276\101\221\003\273" -"\025\200\223\134\353\347\314\010\154\077\076\263\112\374\377\113" -"\154\043\325\120\202\046\104\031\216\043\303\161\352\031\044\107" -"\004\236\165\277\310\246\000\037\002\003\001\000\001\060\015\006" -"\011\052\206\110\206\367\015\001\001\002\005\000\003\201\201\000" -"\212\033\053\372\071\301\164\327\136\330\031\144\242\130\112\055" -"\067\340\063\107\017\254\355\367\252\333\036\344\213\006\134\140" -"\047\312\105\122\316\026\357\077\006\144\347\224\150\174\140\063" -"\025\021\151\257\235\142\215\243\003\124\153\246\276\345\356\005" -"\030\140\004\277\102\200\375\320\250\250\036\001\073\367\243\134" -"\257\243\334\346\046\200\043\074\270\104\164\367\012\256\111\213" -"\141\170\314\044\277\210\212\247\016\352\163\031\101\375\115\003" -"\360\210\321\345\170\215\245\052\117\366\227\015\027\167\312\330" -, (PRUint32)576 } -}; -static const NSSItem nss_builtins_items_17 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)"Verisign Class 2 Public Primary Certification Authority", (PRUint32)56 }, - { (void *)"\147\202\252\340\355\356\342\032\130\071\323\300\315\024\150\012" -"\117\140\024\052" -, (PRUint32)20 }, - { (void *)"\263\234\045\261\303\056\062\123\200\025\060\235\115\002\167\076" -, (PRUint32)16 }, - { (void *)"\060\137\061\013\060\011\006\003\125\004\006\023\002\125\123\061" -"\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151" -"\147\156\054\040\111\156\143\056\061\067\060\065\006\003\125\004" -"\013\023\056\103\154\141\163\163\040\062\040\120\165\142\154\151" -"\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146" -"\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164" -"\171" -, (PRUint32)97 }, - { (void *)"\002\020\055\033\374\112\027\215\243\221\353\347\377\365\213\105" -"\276\013" -, (PRUint32)18 }, - { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } -}; -static const NSSItem nss_builtins_items_18 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, { (void *)"Verisign Class 3 Public Primary Certification Authority", (PRUint32)56 }, { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) }, { (void *)"\060\137\061\013\060\011\006\003\125\004\006\023\002\125\123\061" @@ -1995,7 +1798,7 @@ static const NSSItem nss_builtins_items_18 [] = { "\300\175\267\162\234\311\066\072\153\237\116\250\377\144\015\144" , (PRUint32)576 } }; -static const NSSItem nss_builtins_items_19 [] = { +static const NSSItem nss_builtins_items_15 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -2022,7 +1825,7 @@ static const NSSItem nss_builtins_items_19 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_20 [] = { +static const NSSItem nss_builtins_items_16 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -2112,7 +1915,7 @@ static const NSSItem nss_builtins_items_20 [] = { "\017\061\134\350\362\331" , (PRUint32)774 } }; -static const NSSItem nss_builtins_items_21 [] = { +static const NSSItem nss_builtins_items_17 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -2145,7 +1948,7 @@ static const NSSItem nss_builtins_items_21 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_22 [] = { +static const NSSItem nss_builtins_items_18 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -2235,7 +2038,7 @@ static const NSSItem nss_builtins_items_22 [] = { "\214\022\173\305\104\264\256" , (PRUint32)775 } }; -static const NSSItem nss_builtins_items_23 [] = { +static const NSSItem nss_builtins_items_19 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -2268,7 +2071,7 @@ static const NSSItem nss_builtins_items_23 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_24 [] = { +static const NSSItem nss_builtins_items_20 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -2358,7 +2161,7 @@ static const NSSItem nss_builtins_items_24 [] = { "\240\235\235\151\221\375" , (PRUint32)774 } }; -static const NSSItem nss_builtins_items_25 [] = { +static const NSSItem nss_builtins_items_21 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -2391,130 +2194,7 @@ static const NSSItem nss_builtins_items_25 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_26 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)"Verisign Class 4 Public Primary Certification Authority - G2", (PRUint32)61 }, - { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) }, - { (void *)"\060\201\301\061\013\060\011\006\003\125\004\006\023\002\125\123" -"\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123" -"\151\147\156\054\040\111\156\143\056\061\074\060\072\006\003\125" -"\004\013\023\063\103\154\141\163\163\040\064\040\120\165\142\154" -"\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151" -"\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151" -"\164\171\040\055\040\107\062\061\072\060\070\006\003\125\004\013" -"\023\061\050\143\051\040\061\071\071\070\040\126\145\162\151\123" -"\151\147\156\054\040\111\156\143\056\040\055\040\106\157\162\040" -"\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157" -"\156\154\171\061\037\060\035\006\003\125\004\013\023\026\126\145" -"\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145\164" -"\167\157\162\153" -, (PRUint32)196 }, - { (void *)"0", (PRUint32)2 }, - { (void *)"\060\201\301\061\013\060\011\006\003\125\004\006\023\002\125\123" -"\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123" -"\151\147\156\054\040\111\156\143\056\061\074\060\072\006\003\125" -"\004\013\023\063\103\154\141\163\163\040\064\040\120\165\142\154" -"\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151" -"\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151" -"\164\171\040\055\040\107\062\061\072\060\070\006\003\125\004\013" -"\023\061\050\143\051\040\061\071\071\070\040\126\145\162\151\123" -"\151\147\156\054\040\111\156\143\056\040\055\040\106\157\162\040" -"\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157" -"\156\154\171\061\037\060\035\006\003\125\004\013\023\026\126\145" -"\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145\164" -"\167\157\162\153" -, (PRUint32)196 }, - { (void *)"\002\020\062\210\216\232\322\365\353\023\107\370\177\304\040\067" -"\045\370" -, (PRUint32)18 }, - { (void *)"\060\202\003\002\060\202\002\153\002\020\062\210\216\232\322\365" -"\353\023\107\370\177\304\040\067\045\370\060\015\006\011\052\206" -"\110\206\367\015\001\001\005\005\000\060\201\301\061\013\060\011" -"\006\003\125\004\006\023\002\125\123\061\027\060\025\006\003\125" -"\004\012\023\016\126\145\162\151\123\151\147\156\054\040\111\156" -"\143\056\061\074\060\072\006\003\125\004\013\023\063\103\154\141" -"\163\163\040\064\040\120\165\142\154\151\143\040\120\162\151\155" -"\141\162\171\040\103\145\162\164\151\146\151\143\141\164\151\157" -"\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107\062" -"\061\072\060\070\006\003\125\004\013\023\061\050\143\051\040\061" -"\071\071\070\040\126\145\162\151\123\151\147\156\054\040\111\156" -"\143\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151" -"\172\145\144\040\165\163\145\040\157\156\154\171\061\037\060\035" -"\006\003\125\004\013\023\026\126\145\162\151\123\151\147\156\040" -"\124\162\165\163\164\040\116\145\164\167\157\162\153\060\036\027" -"\015\071\070\060\065\061\070\060\060\060\060\060\060\132\027\015" -"\062\070\060\070\060\061\062\063\065\071\065\071\132\060\201\301" -"\061\013\060\011\006\003\125\004\006\023\002\125\123\061\027\060" -"\025\006\003\125\004\012\023\016\126\145\162\151\123\151\147\156" -"\054\040\111\156\143\056\061\074\060\072\006\003\125\004\013\023" -"\063\103\154\141\163\163\040\064\040\120\165\142\154\151\143\040" -"\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151\143" -"\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040" -"\055\040\107\062\061\072\060\070\006\003\125\004\013\023\061\050" -"\143\051\040\061\071\071\070\040\126\145\162\151\123\151\147\156" -"\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165\164" -"\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154\171" -"\061\037\060\035\006\003\125\004\013\023\026\126\145\162\151\123" -"\151\147\156\040\124\162\165\163\164\040\116\145\164\167\157\162" -"\153\060\201\237\060\015\006\011\052\206\110\206\367\015\001\001" -"\001\005\000\003\201\215\000\060\201\211\002\201\201\000\272\360" -"\344\317\371\304\256\205\124\271\007\127\371\217\305\177\150\021" -"\370\304\027\260\104\334\343\060\163\325\052\142\052\270\320\314" -"\034\355\050\133\176\275\152\334\263\221\044\312\101\142\074\374" -"\002\001\277\034\026\061\224\005\227\166\156\242\255\275\141\027" -"\154\116\060\206\360\121\067\052\120\307\250\142\201\334\133\112" -"\252\301\240\264\156\353\057\345\127\305\261\053\100\160\333\132" -"\115\241\216\037\275\003\037\330\003\324\217\114\231\161\274\342" -"\202\314\130\350\230\072\206\323\206\070\363\000\051\037\002\003" -"\001\000\001\060\015\006\011\052\206\110\206\367\015\001\001\005" -"\005\000\003\201\201\000\205\214\022\301\247\271\120\025\172\313" -"\076\254\270\103\212\334\252\335\024\272\211\201\176\001\074\043" -"\161\041\210\057\202\334\143\372\002\105\254\105\131\327\052\130" -"\104\133\267\237\201\073\222\150\075\342\067\044\365\173\154\217" -"\166\065\226\011\250\131\235\271\316\043\253\164\326\203\375\062" -"\163\047\330\151\076\103\164\366\256\305\211\232\347\123\174\351" -"\173\366\113\363\301\145\203\336\215\212\234\074\210\215\071\131" -"\374\252\077\042\215\241\301\146\120\201\162\114\355\042\144\117" -"\117\312\200\221\266\051" -, (PRUint32)774 } -}; -static const NSSItem nss_builtins_items_27 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)"Verisign Class 4 Public Primary Certification Authority - G2", (PRUint32)61 }, - { (void *)"\013\167\276\273\313\172\242\107\005\336\314\017\275\152\002\374" -"\172\275\233\122" -, (PRUint32)20 }, - { (void *)"\046\155\054\031\230\266\160\150\070\120\124\031\354\220\064\140" -, (PRUint32)16 }, - { (void *)"\060\201\301\061\013\060\011\006\003\125\004\006\023\002\125\123" -"\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123" -"\151\147\156\054\040\111\156\143\056\061\074\060\072\006\003\125" -"\004\013\023\063\103\154\141\163\163\040\064\040\120\165\142\154" -"\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151" -"\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151" -"\164\171\040\055\040\107\062\061\072\060\070\006\003\125\004\013" -"\023\061\050\143\051\040\061\071\071\070\040\126\145\162\151\123" -"\151\147\156\054\040\111\156\143\056\040\055\040\106\157\162\040" -"\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157" -"\156\154\171\061\037\060\035\006\003\125\004\013\023\026\126\145" -"\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145\164" -"\167\157\162\153" -, (PRUint32)196 }, - { (void *)"\002\020\062\210\216\232\322\365\353\023\107\370\177\304\040\067" -"\045\370" -, (PRUint32)18 }, - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } -}; -static const NSSItem nss_builtins_items_28 [] = { +static const NSSItem nss_builtins_items_22 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -2596,7 +2276,7 @@ static const NSSItem nss_builtins_items_28 [] = { "\125\342\374\110\311\051\046\151\340" , (PRUint32)889 } }; -static const NSSItem nss_builtins_items_29 [] = { +static const NSSItem nss_builtins_items_23 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -2621,7 +2301,7 @@ static const NSSItem nss_builtins_items_29 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_30 [] = { +static const NSSItem nss_builtins_items_24 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -2705,7 +2385,7 @@ static const NSSItem nss_builtins_items_30 [] = { "\152\374\176\102\070\100\144\022\367\236\201\341\223\056" , (PRUint32)958 } }; -static const NSSItem nss_builtins_items_31 [] = { +static const NSSItem nss_builtins_items_25 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -2729,7 +2409,7 @@ static const NSSItem nss_builtins_items_31 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_32 [] = { +static const NSSItem nss_builtins_items_26 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -2814,7 +2494,7 @@ static const NSSItem nss_builtins_items_32 [] = { "\161\202\053\231\317\072\267\365\055\162\310" , (PRUint32)747 } }; -static const NSSItem nss_builtins_items_33 [] = { +static const NSSItem nss_builtins_items_27 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -2845,7 +2525,7 @@ static const NSSItem nss_builtins_items_33 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_34 [] = { +static const NSSItem nss_builtins_items_28 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -2930,7 +2610,7 @@ static const NSSItem nss_builtins_items_34 [] = { "\276\355\164\114\274\133\325\142\037\103\335" , (PRUint32)747 } }; -static const NSSItem nss_builtins_items_35 [] = { +static const NSSItem nss_builtins_items_29 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -2961,7 +2641,7 @@ static const NSSItem nss_builtins_items_35 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_36 [] = { +static const NSSItem nss_builtins_items_30 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -3046,7 +2726,7 @@ static const NSSItem nss_builtins_items_36 [] = { "\040\017\105\176\153\242\177\243\214\025\356" , (PRUint32)747 } }; -static const NSSItem nss_builtins_items_37 [] = { +static const NSSItem nss_builtins_items_31 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -3077,7 +2757,7 @@ static const NSSItem nss_builtins_items_37 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_38 [] = { +static const NSSItem nss_builtins_items_32 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -3184,7 +2864,7 @@ static const NSSItem nss_builtins_items_38 [] = { "\113\336\006\226\161\054\362\333\266\037\244\357\077\356" , (PRUint32)1054 } }; -static const NSSItem nss_builtins_items_39 [] = { +static const NSSItem nss_builtins_items_33 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -3217,7 +2897,7 @@ static const NSSItem nss_builtins_items_39 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_40 [] = { +static const NSSItem nss_builtins_items_34 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -3324,7 +3004,7 @@ static const NSSItem nss_builtins_items_40 [] = { "\311\130\020\371\252\357\132\266\317\113\113\337\052" , (PRUint32)1053 } }; -static const NSSItem nss_builtins_items_41 [] = { +static const NSSItem nss_builtins_items_35 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -3357,7 +3037,7 @@ static const NSSItem nss_builtins_items_41 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_42 [] = { +static const NSSItem nss_builtins_items_36 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -3464,7 +3144,7 @@ static const NSSItem nss_builtins_items_42 [] = { "\153\271\012\172\116\117\113\204\356\113\361\175\335\021" , (PRUint32)1054 } }; -static const NSSItem nss_builtins_items_43 [] = { +static const NSSItem nss_builtins_items_37 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -3497,7 +3177,7 @@ static const NSSItem nss_builtins_items_43 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_44 [] = { +static const NSSItem nss_builtins_items_38 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -3604,7 +3284,7 @@ static const NSSItem nss_builtins_items_44 [] = { "\367\146\103\363\236\203\076\040\252\303\065\140\221\316" , (PRUint32)1054 } }; -static const NSSItem nss_builtins_items_45 [] = { +static const NSSItem nss_builtins_items_39 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -3637,7 +3317,7 @@ static const NSSItem nss_builtins_items_45 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_46 [] = { +static const NSSItem nss_builtins_items_40 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -3755,7 +3435,7 @@ static const NSSItem nss_builtins_items_46 [] = { "\155\055\105\013\367\012\223\352\355\006\371\262" , (PRUint32)1244 } }; -static const NSSItem nss_builtins_items_47 [] = { +static const NSSItem nss_builtins_items_41 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -3787,7 +3467,7 @@ static const NSSItem nss_builtins_items_47 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_48 [] = { +static const NSSItem nss_builtins_items_42 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -3895,7 +3575,7 @@ static const NSSItem nss_builtins_items_48 [] = { "\275\114\105\236\141\272\277\204\201\222\003\321\322\151\174\305" , (PRUint32)1120 } }; -static const NSSItem nss_builtins_items_49 [] = { +static const NSSItem nss_builtins_items_43 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -3926,7 +3606,7 @@ static const NSSItem nss_builtins_items_49 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_50 [] = { +static const NSSItem nss_builtins_items_44 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -4008,7 +3688,7 @@ static const NSSItem nss_builtins_items_50 [] = { "\347\201\035\031\303\044\102\352\143\071\251" , (PRUint32)891 } }; -static const NSSItem nss_builtins_items_51 [] = { +static const NSSItem nss_builtins_items_45 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -4033,7 +3713,7 @@ static const NSSItem nss_builtins_items_51 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_52 [] = { +static const NSSItem nss_builtins_items_46 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -4101,7 +3781,7 @@ static const NSSItem nss_builtins_items_52 [] = { "\126\224\251\125" , (PRUint32)660 } }; -static const NSSItem nss_builtins_items_53 [] = { +static const NSSItem nss_builtins_items_47 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -4126,7 +3806,7 @@ static const NSSItem nss_builtins_items_53 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_54 [] = { +static const NSSItem nss_builtins_items_48 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -4193,7 +3873,7 @@ static const NSSItem nss_builtins_items_54 [] = { "\132\052\202\262\067\171" , (PRUint32)646 } }; -static const NSSItem nss_builtins_items_55 [] = { +static const NSSItem nss_builtins_items_49 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -4218,7 +3898,7 @@ static const NSSItem nss_builtins_items_55 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_56 [] = { +static const NSSItem nss_builtins_items_50 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -4293,7 +3973,7 @@ static const NSSItem nss_builtins_items_56 [] = { "\221\060\352\315" , (PRUint32)804 } }; -static const NSSItem nss_builtins_items_57 [] = { +static const NSSItem nss_builtins_items_51 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -4317,7 +3997,7 @@ static const NSSItem nss_builtins_items_57 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_58 [] = { +static const NSSItem nss_builtins_items_52 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -4411,7 +4091,7 @@ static const NSSItem nss_builtins_items_58 [] = { "\065\341\035\026\034\320\274\053\216\326\161\331" , (PRUint32)1052 } }; -static const NSSItem nss_builtins_items_59 [] = { +static const NSSItem nss_builtins_items_53 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -4437,7 +4117,7 @@ static const NSSItem nss_builtins_items_59 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_60 [] = { +static const NSSItem nss_builtins_items_54 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -4535,7 +4215,7 @@ static const NSSItem nss_builtins_items_60 [] = { "\027\132\173\320\274\307\217\116\206\004" , (PRUint32)1082 } }; -static const NSSItem nss_builtins_items_61 [] = { +static const NSSItem nss_builtins_items_55 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -4562,7 +4242,7 @@ static const NSSItem nss_builtins_items_61 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_62 [] = { +static const NSSItem nss_builtins_items_56 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -4656,7 +4336,7 @@ static const NSSItem nss_builtins_items_62 [] = { "\116\072\063\014\053\263\055\220\006" , (PRUint32)1049 } }; -static const NSSItem nss_builtins_items_63 [] = { +static const NSSItem nss_builtins_items_57 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -4682,7 +4362,7 @@ static const NSSItem nss_builtins_items_63 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_64 [] = { +static const NSSItem nss_builtins_items_58 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -4777,7 +4457,7 @@ static const NSSItem nss_builtins_items_64 [] = { "\306\241" , (PRUint32)1058 } }; -static const NSSItem nss_builtins_items_65 [] = { +static const NSSItem nss_builtins_items_59 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -4803,7 +4483,7 @@ static const NSSItem nss_builtins_items_65 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_66 [] = { +static const NSSItem nss_builtins_items_60 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -4915,7 +4595,7 @@ static const NSSItem nss_builtins_items_66 [] = { "\036\177\132\264\074" , (PRUint32)1173 } }; -static const NSSItem nss_builtins_items_67 [] = { +static const NSSItem nss_builtins_items_61 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -4946,7 +4626,7 @@ static const NSSItem nss_builtins_items_67 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_68 [] = { +static const NSSItem nss_builtins_items_62 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -5024,7 +4704,7 @@ static const NSSItem nss_builtins_items_68 [] = { "\354\040\005\141\336" , (PRUint32)869 } }; -static const NSSItem nss_builtins_items_69 [] = { +static const NSSItem nss_builtins_items_63 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -5048,7 +4728,7 @@ static const NSSItem nss_builtins_items_69 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_70 [] = { +static const NSSItem nss_builtins_items_64 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -5126,7 +4806,7 @@ static const NSSItem nss_builtins_items_70 [] = { "\302\005\146\200\241\313\346\063" , (PRUint32)856 } }; -static const NSSItem nss_builtins_items_71 [] = { +static const NSSItem nss_builtins_items_65 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -5150,7 +4830,7 @@ static const NSSItem nss_builtins_items_71 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_72 [] = { +static const NSSItem nss_builtins_items_66 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -5229,7 +4909,7 @@ static const NSSItem nss_builtins_items_72 [] = { "\342\042\051\256\175\203\100\250\272\154" , (PRUint32)874 } }; -static const NSSItem nss_builtins_items_73 [] = { +static const NSSItem nss_builtins_items_67 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -5253,7 +4933,7 @@ static const NSSItem nss_builtins_items_73 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_74 [] = { +static const NSSItem nss_builtins_items_68 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -5364,7 +5044,7 @@ static const NSSItem nss_builtins_items_74 [] = { "\244\346\216\330\371\051\110\212\316\163\376\054" , (PRUint32)1388 } }; -static const NSSItem nss_builtins_items_75 [] = { +static const NSSItem nss_builtins_items_69 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -5388,7 +5068,7 @@ static const NSSItem nss_builtins_items_75 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_76 [] = { +static const NSSItem nss_builtins_items_70 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -5499,7 +5179,7 @@ static const NSSItem nss_builtins_items_76 [] = { "\362\034\054\176\256\002\026\322\126\320\057\127\123\107\350\222" , (PRUint32)1392 } }; -static const NSSItem nss_builtins_items_77 [] = { +static const NSSItem nss_builtins_items_71 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -5523,7 +5203,7 @@ static const NSSItem nss_builtins_items_77 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_78 [] = { +static const NSSItem nss_builtins_items_72 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -5631,7 +5311,7 @@ static const NSSItem nss_builtins_items_78 [] = { "\152\372\246\070\254\037\304\204" , (PRUint32)1128 } }; -static const NSSItem nss_builtins_items_79 [] = { +static const NSSItem nss_builtins_items_73 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -5662,7 +5342,7 @@ static const NSSItem nss_builtins_items_79 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_80 [] = { +static const NSSItem nss_builtins_items_74 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -5749,7 +5429,7 @@ static const NSSItem nss_builtins_items_80 [] = { "\200\072\231\355\165\314\106\173" , (PRUint32)936 } }; -static const NSSItem nss_builtins_items_81 [] = { +static const NSSItem nss_builtins_items_75 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -5775,7 +5455,7 @@ static const NSSItem nss_builtins_items_81 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_82 [] = { +static const NSSItem nss_builtins_items_76 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -5894,7 +5574,7 @@ static const NSSItem nss_builtins_items_82 [] = { "\105\217\046\221\242\216\376\251" , (PRUint32)1448 } }; -static const NSSItem nss_builtins_items_83 [] = { +static const NSSItem nss_builtins_items_77 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -5920,7 +5600,7 @@ static const NSSItem nss_builtins_items_83 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_84 [] = { +static const NSSItem nss_builtins_items_78 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -6008,7 +5688,7 @@ static const NSSItem nss_builtins_items_84 [] = { "\222\340\134\366\007\017" , (PRUint32)934 } }; -static const NSSItem nss_builtins_items_85 [] = { +static const NSSItem nss_builtins_items_79 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -6035,253 +5715,7 @@ static const NSSItem nss_builtins_items_85 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_86 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)"TC TrustCenter, Germany, Class 2 CA", (PRUint32)36 }, - { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) }, - { (void *)"\060\201\274\061\013\060\011\006\003\125\004\006\023\002\104\105" -"\061\020\060\016\006\003\125\004\010\023\007\110\141\155\142\165" -"\162\147\061\020\060\016\006\003\125\004\007\023\007\110\141\155" -"\142\165\162\147\061\072\060\070\006\003\125\004\012\023\061\124" -"\103\040\124\162\165\163\164\103\145\156\164\145\162\040\146\157" -"\162\040\123\145\143\165\162\151\164\171\040\151\156\040\104\141" -"\164\141\040\116\145\164\167\157\162\153\163\040\107\155\142\110" -"\061\042\060\040\006\003\125\004\013\023\031\124\103\040\124\162" -"\165\163\164\103\145\156\164\145\162\040\103\154\141\163\163\040" -"\062\040\103\101\061\051\060\047\006\011\052\206\110\206\367\015" -"\001\011\001\026\032\143\145\162\164\151\146\151\143\141\164\145" -"\100\164\162\165\163\164\143\145\156\164\145\162\056\144\145" -, (PRUint32)191 }, - { (void *)"0", (PRUint32)2 }, - { (void *)"\060\201\274\061\013\060\011\006\003\125\004\006\023\002\104\105" -"\061\020\060\016\006\003\125\004\010\023\007\110\141\155\142\165" -"\162\147\061\020\060\016\006\003\125\004\007\023\007\110\141\155" -"\142\165\162\147\061\072\060\070\006\003\125\004\012\023\061\124" -"\103\040\124\162\165\163\164\103\145\156\164\145\162\040\146\157" -"\162\040\123\145\143\165\162\151\164\171\040\151\156\040\104\141" -"\164\141\040\116\145\164\167\157\162\153\163\040\107\155\142\110" -"\061\042\060\040\006\003\125\004\013\023\031\124\103\040\124\162" -"\165\163\164\103\145\156\164\145\162\040\103\154\141\163\163\040" -"\062\040\103\101\061\051\060\047\006\011\052\206\110\206\367\015" -"\001\011\001\026\032\143\145\162\164\151\146\151\143\141\164\145" -"\100\164\162\165\163\164\143\145\156\164\145\162\056\144\145" -, (PRUint32)191 }, - { (void *)"\002\002\003\352" -, (PRUint32)4 }, - { (void *)"\060\202\003\134\060\202\002\305\240\003\002\001\002\002\002\003" -"\352\060\015\006\011\052\206\110\206\367\015\001\001\004\005\000" -"\060\201\274\061\013\060\011\006\003\125\004\006\023\002\104\105" -"\061\020\060\016\006\003\125\004\010\023\007\110\141\155\142\165" -"\162\147\061\020\060\016\006\003\125\004\007\023\007\110\141\155" -"\142\165\162\147\061\072\060\070\006\003\125\004\012\023\061\124" -"\103\040\124\162\165\163\164\103\145\156\164\145\162\040\146\157" -"\162\040\123\145\143\165\162\151\164\171\040\151\156\040\104\141" -"\164\141\040\116\145\164\167\157\162\153\163\040\107\155\142\110" -"\061\042\060\040\006\003\125\004\013\023\031\124\103\040\124\162" -"\165\163\164\103\145\156\164\145\162\040\103\154\141\163\163\040" -"\062\040\103\101\061\051\060\047\006\011\052\206\110\206\367\015" -"\001\011\001\026\032\143\145\162\164\151\146\151\143\141\164\145" -"\100\164\162\165\163\164\143\145\156\164\145\162\056\144\145\060" -"\036\027\015\071\070\060\063\060\071\061\061\065\071\065\071\132" -"\027\015\061\061\060\061\060\061\061\061\065\071\065\071\132\060" -"\201\274\061\013\060\011\006\003\125\004\006\023\002\104\105\061" -"\020\060\016\006\003\125\004\010\023\007\110\141\155\142\165\162" -"\147\061\020\060\016\006\003\125\004\007\023\007\110\141\155\142" -"\165\162\147\061\072\060\070\006\003\125\004\012\023\061\124\103" -"\040\124\162\165\163\164\103\145\156\164\145\162\040\146\157\162" -"\040\123\145\143\165\162\151\164\171\040\151\156\040\104\141\164" -"\141\040\116\145\164\167\157\162\153\163\040\107\155\142\110\061" -"\042\060\040\006\003\125\004\013\023\031\124\103\040\124\162\165" -"\163\164\103\145\156\164\145\162\040\103\154\141\163\163\040\062" -"\040\103\101\061\051\060\047\006\011\052\206\110\206\367\015\001" -"\011\001\026\032\143\145\162\164\151\146\151\143\141\164\145\100" -"\164\162\165\163\164\143\145\156\164\145\162\056\144\145\060\201" -"\237\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000" -"\003\201\215\000\060\201\211\002\201\201\000\332\070\350\355\062" -"\000\051\161\203\001\015\277\214\001\334\332\306\255\071\244\251" -"\212\057\325\213\134\150\137\120\306\142\365\146\275\312\221\042" -"\354\252\035\121\327\075\263\121\262\203\116\135\313\111\260\360" -"\114\125\345\153\055\307\205\013\060\034\222\116\202\324\312\002" -"\355\367\157\276\334\340\343\024\270\005\123\362\232\364\126\213" -"\132\236\205\223\321\264\202\126\256\115\273\250\113\127\026\274" -"\376\370\130\236\370\051\215\260\173\315\170\311\117\254\213\147" -"\014\361\234\373\374\127\233\127\134\117\015\002\003\001\000\001" -"\243\153\060\151\060\017\006\003\125\035\023\001\001\377\004\005" -"\060\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004" -"\004\003\002\001\206\060\063\006\011\140\206\110\001\206\370\102" -"\001\010\004\046\026\044\150\164\164\160\072\057\057\167\167\167" -"\056\164\162\165\163\164\143\145\156\164\145\162\056\144\145\057" -"\147\165\151\144\145\154\151\156\145\163\060\021\006\011\140\206" -"\110\001\206\370\102\001\001\004\004\003\002\000\007\060\015\006" -"\011\052\206\110\206\367\015\001\001\004\005\000\003\201\201\000" -"\204\122\373\050\337\377\037\165\001\274\001\276\004\126\227\152" -"\164\102\044\061\203\371\106\261\006\212\211\317\226\054\063\277" -"\214\265\137\172\162\241\205\006\316\206\370\005\216\350\371\045" -"\312\332\203\214\006\254\353\066\155\205\221\064\004\066\364\102" -"\360\370\171\056\012\110\134\253\314\121\117\170\166\240\331\254" -"\031\275\052\321\151\004\050\221\312\066\020\047\200\127\133\322" -"\134\365\302\133\253\144\201\143\164\121\364\227\277\315\022\050" -"\367\115\146\177\247\360\034\001\046\170\262\146\107\160\121\144" -, (PRUint32)864 } -}; -static const NSSItem nss_builtins_items_87 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)"TC TrustCenter, Germany, Class 2 CA", (PRUint32)36 }, - { (void *)"\203\216\060\367\177\335\024\252\070\136\321\105\000\234\016\042" -"\066\111\117\252" -, (PRUint32)20 }, - { (void *)"\270\026\063\114\114\114\362\330\323\115\006\264\246\133\100\003" -, (PRUint32)16 }, - { (void *)"\060\201\274\061\013\060\011\006\003\125\004\006\023\002\104\105" -"\061\020\060\016\006\003\125\004\010\023\007\110\141\155\142\165" -"\162\147\061\020\060\016\006\003\125\004\007\023\007\110\141\155" -"\142\165\162\147\061\072\060\070\006\003\125\004\012\023\061\124" -"\103\040\124\162\165\163\164\103\145\156\164\145\162\040\146\157" -"\162\040\123\145\143\165\162\151\164\171\040\151\156\040\104\141" -"\164\141\040\116\145\164\167\157\162\153\163\040\107\155\142\110" -"\061\042\060\040\006\003\125\004\013\023\031\124\103\040\124\162" -"\165\163\164\103\145\156\164\145\162\040\103\154\141\163\163\040" -"\062\040\103\101\061\051\060\047\006\011\052\206\110\206\367\015" -"\001\011\001\026\032\143\145\162\164\151\146\151\143\141\164\145" -"\100\164\162\165\163\164\143\145\156\164\145\162\056\144\145" -, (PRUint32)191 }, - { (void *)"\002\002\003\352" -, (PRUint32)4 }, - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } -}; -static const NSSItem nss_builtins_items_88 [] = { - { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)"TC TrustCenter, Germany, Class 3 CA", (PRUint32)36 }, - { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) }, - { (void *)"\060\201\274\061\013\060\011\006\003\125\004\006\023\002\104\105" -"\061\020\060\016\006\003\125\004\010\023\007\110\141\155\142\165" -"\162\147\061\020\060\016\006\003\125\004\007\023\007\110\141\155" -"\142\165\162\147\061\072\060\070\006\003\125\004\012\023\061\124" -"\103\040\124\162\165\163\164\103\145\156\164\145\162\040\146\157" -"\162\040\123\145\143\165\162\151\164\171\040\151\156\040\104\141" -"\164\141\040\116\145\164\167\157\162\153\163\040\107\155\142\110" -"\061\042\060\040\006\003\125\004\013\023\031\124\103\040\124\162" -"\165\163\164\103\145\156\164\145\162\040\103\154\141\163\163\040" -"\063\040\103\101\061\051\060\047\006\011\052\206\110\206\367\015" -"\001\011\001\026\032\143\145\162\164\151\146\151\143\141\164\145" -"\100\164\162\165\163\164\143\145\156\164\145\162\056\144\145" -, (PRUint32)191 }, - { (void *)"0", (PRUint32)2 }, - { (void *)"\060\201\274\061\013\060\011\006\003\125\004\006\023\002\104\105" -"\061\020\060\016\006\003\125\004\010\023\007\110\141\155\142\165" -"\162\147\061\020\060\016\006\003\125\004\007\023\007\110\141\155" -"\142\165\162\147\061\072\060\070\006\003\125\004\012\023\061\124" -"\103\040\124\162\165\163\164\103\145\156\164\145\162\040\146\157" -"\162\040\123\145\143\165\162\151\164\171\040\151\156\040\104\141" -"\164\141\040\116\145\164\167\157\162\153\163\040\107\155\142\110" -"\061\042\060\040\006\003\125\004\013\023\031\124\103\040\124\162" -"\165\163\164\103\145\156\164\145\162\040\103\154\141\163\163\040" -"\063\040\103\101\061\051\060\047\006\011\052\206\110\206\367\015" -"\001\011\001\026\032\143\145\162\164\151\146\151\143\141\164\145" -"\100\164\162\165\163\164\143\145\156\164\145\162\056\144\145" -, (PRUint32)191 }, - { (void *)"\002\002\003\353" -, (PRUint32)4 }, - { (void *)"\060\202\003\134\060\202\002\305\240\003\002\001\002\002\002\003" -"\353\060\015\006\011\052\206\110\206\367\015\001\001\004\005\000" -"\060\201\274\061\013\060\011\006\003\125\004\006\023\002\104\105" -"\061\020\060\016\006\003\125\004\010\023\007\110\141\155\142\165" -"\162\147\061\020\060\016\006\003\125\004\007\023\007\110\141\155" -"\142\165\162\147\061\072\060\070\006\003\125\004\012\023\061\124" -"\103\040\124\162\165\163\164\103\145\156\164\145\162\040\146\157" -"\162\040\123\145\143\165\162\151\164\171\040\151\156\040\104\141" -"\164\141\040\116\145\164\167\157\162\153\163\040\107\155\142\110" -"\061\042\060\040\006\003\125\004\013\023\031\124\103\040\124\162" -"\165\163\164\103\145\156\164\145\162\040\103\154\141\163\163\040" -"\063\040\103\101\061\051\060\047\006\011\052\206\110\206\367\015" -"\001\011\001\026\032\143\145\162\164\151\146\151\143\141\164\145" -"\100\164\162\165\163\164\143\145\156\164\145\162\056\144\145\060" -"\036\027\015\071\070\060\063\060\071\061\061\065\071\065\071\132" -"\027\015\061\061\060\061\060\061\061\061\065\071\065\071\132\060" -"\201\274\061\013\060\011\006\003\125\004\006\023\002\104\105\061" -"\020\060\016\006\003\125\004\010\023\007\110\141\155\142\165\162" -"\147\061\020\060\016\006\003\125\004\007\023\007\110\141\155\142" -"\165\162\147\061\072\060\070\006\003\125\004\012\023\061\124\103" -"\040\124\162\165\163\164\103\145\156\164\145\162\040\146\157\162" -"\040\123\145\143\165\162\151\164\171\040\151\156\040\104\141\164" -"\141\040\116\145\164\167\157\162\153\163\040\107\155\142\110\061" -"\042\060\040\006\003\125\004\013\023\031\124\103\040\124\162\165" -"\163\164\103\145\156\164\145\162\040\103\154\141\163\163\040\063" -"\040\103\101\061\051\060\047\006\011\052\206\110\206\367\015\001" -"\011\001\026\032\143\145\162\164\151\146\151\143\141\164\145\100" -"\164\162\165\163\164\143\145\156\164\145\162\056\144\145\060\201" -"\237\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000" -"\003\201\215\000\060\201\211\002\201\201\000\266\264\301\065\005" -"\056\015\215\354\240\100\152\034\016\047\246\120\222\153\120\033" -"\007\336\056\347\166\314\340\332\374\204\250\136\214\143\152\053" -"\115\331\116\002\166\021\301\013\362\215\171\312\000\266\361\260" -"\016\327\373\244\027\075\257\253\151\172\226\047\277\257\063\241" -"\232\052\131\252\304\265\067\010\362\022\245\061\266\103\365\062" -"\226\161\050\050\253\215\050\206\337\273\356\343\014\175\060\326" -"\303\122\253\217\135\047\234\153\300\243\347\005\153\127\111\104" -"\263\156\352\144\317\322\216\172\120\167\167\002\003\001\000\001" -"\243\153\060\151\060\017\006\003\125\035\023\001\001\377\004\005" -"\060\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004" -"\004\003\002\001\206\060\063\006\011\140\206\110\001\206\370\102" -"\001\010\004\046\026\044\150\164\164\160\072\057\057\167\167\167" -"\056\164\162\165\163\164\143\145\156\164\145\162\056\144\145\057" -"\147\165\151\144\145\154\151\156\145\163\060\021\006\011\140\206" -"\110\001\206\370\102\001\001\004\004\003\002\000\007\060\015\006" -"\011\052\206\110\206\367\015\001\001\004\005\000\003\201\201\000" -"\026\075\306\315\301\273\205\161\205\106\237\076\040\217\121\050" -"\231\354\055\105\041\143\043\133\004\273\114\220\270\210\222\004" -"\115\275\175\001\243\077\366\354\316\361\336\376\175\345\341\076" -"\273\306\253\136\013\335\075\226\304\313\251\324\371\046\346\006" -"\116\236\014\245\172\272\156\303\174\202\031\321\307\261\261\303" -"\333\015\216\233\100\174\067\013\361\135\350\375\037\220\210\245" -"\016\116\067\144\041\250\116\215\264\237\361\336\110\255\325\126" -"\030\122\051\213\107\064\022\011\324\273\222\065\357\017\333\064" -, (PRUint32)864 } -}; -static const NSSItem nss_builtins_items_89 [] = { - { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, - { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, - { (void *)"TC TrustCenter, Germany, Class 3 CA", (PRUint32)36 }, - { (void *)"\237\307\226\350\370\122\117\206\072\341\111\155\070\022\102\020" -"\137\033\170\365" -, (PRUint32)20 }, - { (void *)"\137\224\112\163\042\270\367\321\061\354\131\071\367\216\376\156" -, (PRUint32)16 }, - { (void *)"\060\201\274\061\013\060\011\006\003\125\004\006\023\002\104\105" -"\061\020\060\016\006\003\125\004\010\023\007\110\141\155\142\165" -"\162\147\061\020\060\016\006\003\125\004\007\023\007\110\141\155" -"\142\165\162\147\061\072\060\070\006\003\125\004\012\023\061\124" -"\103\040\124\162\165\163\164\103\145\156\164\145\162\040\146\157" -"\162\040\123\145\143\165\162\151\164\171\040\151\156\040\104\141" -"\164\141\040\116\145\164\167\157\162\153\163\040\107\155\142\110" -"\061\042\060\040\006\003\125\004\013\023\031\124\103\040\124\162" -"\165\163\164\103\145\156\164\145\162\040\103\154\141\163\163\040" -"\063\040\103\101\061\051\060\047\006\011\052\206\110\206\367\015" -"\001\011\001\026\032\143\145\162\164\151\146\151\143\141\164\145" -"\100\164\162\165\163\164\143\145\156\164\145\162\056\144\145" -, (PRUint32)191 }, - { (void *)"\002\002\003\353" -, (PRUint32)4 }, - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } -}; -static const NSSItem nss_builtins_items_90 [] = { +static const NSSItem nss_builtins_items_80 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -6352,7 +5786,7 @@ static const NSSItem nss_builtins_items_90 [] = { "\350\140\052\233\205\112\100\363\153\212\044\354\006\026\054\163" , (PRUint32)784 } }; -static const NSSItem nss_builtins_items_91 [] = { +static const NSSItem nss_builtins_items_81 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -6375,7 +5809,7 @@ static const NSSItem nss_builtins_items_91 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_92 [] = { +static const NSSItem nss_builtins_items_82 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -6473,7 +5907,7 @@ static const NSSItem nss_builtins_items_92 [] = { "\225\351\066\226\230\156" , (PRUint32)1078 } }; -static const NSSItem nss_builtins_items_93 [] = { +static const NSSItem nss_builtins_items_83 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -6500,7 +5934,7 @@ static const NSSItem nss_builtins_items_93 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_94 [] = { +static const NSSItem nss_builtins_items_84 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -6599,7 +6033,7 @@ static const NSSItem nss_builtins_items_94 [] = { "\354\375\051" , (PRUint32)1091 } }; -static const NSSItem nss_builtins_items_95 [] = { +static const NSSItem nss_builtins_items_85 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -6626,7 +6060,7 @@ static const NSSItem nss_builtins_items_95 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_96 [] = { +static const NSSItem nss_builtins_items_86 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -6727,7 +6161,7 @@ static const NSSItem nss_builtins_items_96 [] = { "\160\136\310\304\170\260\142" , (PRUint32)1095 } }; -static const NSSItem nss_builtins_items_97 [] = { +static const NSSItem nss_builtins_items_87 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -6755,7 +6189,7 @@ static const NSSItem nss_builtins_items_97 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_98 [] = { +static const NSSItem nss_builtins_items_88 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -6881,7 +6315,7 @@ static const NSSItem nss_builtins_items_98 [] = { "\112\164\066\371" , (PRUint32)1492 } }; -static const NSSItem nss_builtins_items_99 [] = { +static const NSSItem nss_builtins_items_89 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -6909,7 +6343,7 @@ static const NSSItem nss_builtins_items_99 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_100 [] = { +static const NSSItem nss_builtins_items_90 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -7025,7 +6459,7 @@ static const NSSItem nss_builtins_items_100 [] = { "\020\005\145\325\202\020\352\302\061\315\056" , (PRUint32)1467 } }; -static const NSSItem nss_builtins_items_101 [] = { +static const NSSItem nss_builtins_items_91 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -7049,7 +6483,7 @@ static const NSSItem nss_builtins_items_101 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_102 [] = { +static const NSSItem nss_builtins_items_92 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -7180,7 +6614,7 @@ static const NSSItem nss_builtins_items_102 [] = { "\332" , (PRUint32)1697 } }; -static const NSSItem nss_builtins_items_103 [] = { +static const NSSItem nss_builtins_items_93 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -7204,7 +6638,7 @@ static const NSSItem nss_builtins_items_103 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_104 [] = { +static const NSSItem nss_builtins_items_94 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -7284,7 +6718,7 @@ static const NSSItem nss_builtins_items_104 [] = { "\057\317\246\356\311\160\042\024\275\375\276\154\013\003" , (PRUint32)862 } }; -static const NSSItem nss_builtins_items_105 [] = { +static const NSSItem nss_builtins_items_95 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -7309,7 +6743,7 @@ static const NSSItem nss_builtins_items_105 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_106 [] = { +static const NSSItem nss_builtins_items_96 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -7382,7 +6816,7 @@ static const NSSItem nss_builtins_items_106 [] = { "\127\275\125\232" , (PRUint32)804 } }; -static const NSSItem nss_builtins_items_107 [] = { +static const NSSItem nss_builtins_items_97 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -7405,7 +6839,7 @@ static const NSSItem nss_builtins_items_107 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_108 [] = { +static const NSSItem nss_builtins_items_98 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -7478,7 +6912,7 @@ static const NSSItem nss_builtins_items_108 [] = { "\160\254\337\114" , (PRUint32)804 } }; -static const NSSItem nss_builtins_items_109 [] = { +static const NSSItem nss_builtins_items_99 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -7501,7 +6935,7 @@ static const NSSItem nss_builtins_items_109 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_110 [] = { +static const NSSItem nss_builtins_items_100 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -7587,7 +7021,7 @@ static const NSSItem nss_builtins_items_110 [] = { "\025\301\044\174\062\174\003\035\073\241\130\105\062\223" , (PRUint32)958 } }; -static const NSSItem nss_builtins_items_111 [] = { +static const NSSItem nss_builtins_items_101 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -7612,7 +7046,7 @@ static const NSSItem nss_builtins_items_111 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_112 [] = { +static const NSSItem nss_builtins_items_102 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -7703,7 +7137,7 @@ static const NSSItem nss_builtins_items_112 [] = { "\151\003\142\270\231\005\005\075\153\170\022\275\260\157\145" , (PRUint32)1071 } }; -static const NSSItem nss_builtins_items_113 [] = { +static const NSSItem nss_builtins_items_103 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -7723,11 +7157,11 @@ static const NSSItem nss_builtins_items_113 [] = { { (void *)"\002\004\072\314\245\114" , (PRUint32)6 }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_114 [] = { +static const NSSItem nss_builtins_items_104 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -7831,7 +7265,7 @@ static const NSSItem nss_builtins_items_114 [] = { "\004\243\103\055\332\374\013\142\352\057\137\142\123" , (PRUint32)1309 } }; -static const NSSItem nss_builtins_items_115 [] = { +static const NSSItem nss_builtins_items_105 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -7849,12 +7283,12 @@ static const NSSItem nss_builtins_items_115 [] = { , (PRUint32)51 }, { (void *)"\002\004\076\110\275\304" , (PRUint32)6 }, + { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, - { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_116 [] = { +static const NSSItem nss_builtins_items_106 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -7960,7 +7394,7 @@ static const NSSItem nss_builtins_items_116 [] = { "\364\010" , (PRUint32)1122 } }; -static const NSSItem nss_builtins_items_117 [] = { +static const NSSItem nss_builtins_items_107 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -7990,7 +7424,7 @@ static const NSSItem nss_builtins_items_117 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_118 [] = { +static const NSSItem nss_builtins_items_108 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -8104,7 +7538,7 @@ static const NSSItem nss_builtins_items_118 [] = { "\005\323\312\003\112\124" , (PRUint32)1190 } }; -static const NSSItem nss_builtins_items_119 [] = { +static const NSSItem nss_builtins_items_109 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -8136,7 +7570,7 @@ static const NSSItem nss_builtins_items_119 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_120 [] = { +static const NSSItem nss_builtins_items_110 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -8243,7 +7677,7 @@ static const NSSItem nss_builtins_items_120 [] = { "\062\234\036\273\235\370\146\250" , (PRUint32)1144 } }; -static const NSSItem nss_builtins_items_121 [] = { +static const NSSItem nss_builtins_items_111 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -8273,7 +7707,7 @@ static const NSSItem nss_builtins_items_121 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_122 [] = { +static const NSSItem nss_builtins_items_112 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -8379,7 +7813,7 @@ static const NSSItem nss_builtins_items_122 [] = { "\275\023\122\035\250\076\315\000\037\310" , (PRUint32)1130 } }; -static const NSSItem nss_builtins_items_123 [] = { +static const NSSItem nss_builtins_items_113 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -8409,7 +7843,7 @@ static const NSSItem nss_builtins_items_123 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_124 [] = { +static const NSSItem nss_builtins_items_114 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -8518,7 +7952,7 @@ static const NSSItem nss_builtins_items_124 [] = { "\334" , (PRUint32)1217 } }; -static const NSSItem nss_builtins_items_125 [] = { +static const NSSItem nss_builtins_items_115 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -8546,7 +7980,7 @@ static const NSSItem nss_builtins_items_125 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_126 [] = { +static const NSSItem nss_builtins_items_116 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -8653,7 +8087,7 @@ static const NSSItem nss_builtins_items_126 [] = { "\166\135\165\220\032\365\046\217\360" , (PRUint32)1225 } }; -static const NSSItem nss_builtins_items_127 [] = { +static const NSSItem nss_builtins_items_117 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -8680,7 +8114,7 @@ static const NSSItem nss_builtins_items_127 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_128 [] = { +static const NSSItem nss_builtins_items_118 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -8830,7 +8264,7 @@ static const NSSItem nss_builtins_items_128 [] = { "\306\224\107\351\050" , (PRUint32)1749 } }; -static const NSSItem nss_builtins_items_129 [] = { +static const NSSItem nss_builtins_items_119 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -8862,7 +8296,7 @@ static const NSSItem nss_builtins_items_129 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_130 [] = { +static const NSSItem nss_builtins_items_120 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -9005,7 +8439,7 @@ static const NSSItem nss_builtins_items_130 [] = { "\210" , (PRUint32)1665 } }; -static const NSSItem nss_builtins_items_131 [] = { +static const NSSItem nss_builtins_items_121 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -9036,7 +8470,7 @@ static const NSSItem nss_builtins_items_131 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_132 [] = { +static const NSSItem nss_builtins_items_122 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -9155,7 +8589,7 @@ static const NSSItem nss_builtins_items_132 [] = { "\066\053\143\254\130\001\153\063\051\120\206\203\361\001\110" , (PRUint32)1359 } }; -static const NSSItem nss_builtins_items_133 [] = { +static const NSSItem nss_builtins_items_123 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -9184,7 +8618,7 @@ static const NSSItem nss_builtins_items_133 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_134 [] = { +static const NSSItem nss_builtins_items_124 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -9304,7 +8738,7 @@ static const NSSItem nss_builtins_items_134 [] = { "\063\004\324" , (PRUint32)1363 } }; -static const NSSItem nss_builtins_items_135 [] = { +static const NSSItem nss_builtins_items_125 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -9333,7 +8767,7 @@ static const NSSItem nss_builtins_items_135 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_136 [] = { +static const NSSItem nss_builtins_items_126 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -9434,7 +8868,7 @@ static const NSSItem nss_builtins_items_136 [] = { "\264\003\045\274" , (PRUint32)1076 } }; -static const NSSItem nss_builtins_items_137 [] = { +static const NSSItem nss_builtins_items_127 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -9463,7 +8897,7 @@ static const NSSItem nss_builtins_items_137 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_138 [] = { +static const NSSItem nss_builtins_items_128 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -9556,7 +8990,7 @@ static const NSSItem nss_builtins_items_138 [] = { "\177\333\275\237" , (PRUint32)1028 } }; -static const NSSItem nss_builtins_items_139 [] = { +static const NSSItem nss_builtins_items_129 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -9582,7 +9016,7 @@ static const NSSItem nss_builtins_items_139 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_140 [] = { +static const NSSItem nss_builtins_items_130 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -9676,7 +9110,7 @@ static const NSSItem nss_builtins_items_140 [] = { "\037\027\224" , (PRUint32)1043 } }; -static const NSSItem nss_builtins_items_141 [] = { +static const NSSItem nss_builtins_items_131 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -9702,7 +9136,7 @@ static const NSSItem nss_builtins_items_141 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_142 [] = { +static const NSSItem nss_builtins_items_132 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -9857,7 +9291,7 @@ static const NSSItem nss_builtins_items_142 [] = { "\152\263\364\210\034\200\015\374\162\212\350\203\136" , (PRUint32)1997 } }; -static const NSSItem nss_builtins_items_143 [] = { +static const NSSItem nss_builtins_items_133 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -9884,7 +9318,7 @@ static const NSSItem nss_builtins_items_143 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_144 [] = { +static const NSSItem nss_builtins_items_134 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -9997,7 +9431,7 @@ static const NSSItem nss_builtins_items_144 [] = { "\245\206\054\174\364\022" , (PRUint32)1398 } }; -static const NSSItem nss_builtins_items_145 [] = { +static const NSSItem nss_builtins_items_135 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -10022,7 +9456,7 @@ static const NSSItem nss_builtins_items_145 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_146 [] = { +static const NSSItem nss_builtins_items_136 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -10126,7 +9560,7 @@ static const NSSItem nss_builtins_items_146 [] = { "\252\341\247\063\366\375\112\037\366\331\140" , (PRUint32)1115 } }; -static const NSSItem nss_builtins_items_147 [] = { +static const NSSItem nss_builtins_items_137 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -10155,7 +9589,7 @@ static const NSSItem nss_builtins_items_147 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_148 [] = { +static const NSSItem nss_builtins_items_138 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -10250,7 +9684,7 @@ static const NSSItem nss_builtins_items_148 [] = { "\117\041\145\073\112\177\107\243\373" , (PRUint32)1001 } }; -static const NSSItem nss_builtins_items_149 [] = { +static const NSSItem nss_builtins_items_139 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -10278,7 +9712,7 @@ static const NSSItem nss_builtins_items_149 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_150 [] = { +static const NSSItem nss_builtins_items_140 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -10401,7 +9835,7 @@ static const NSSItem nss_builtins_items_150 [] = { "\060\032\365\232\154\364\016\123\371\072\133\321\034" , (PRUint32)1501 } }; -static const NSSItem nss_builtins_items_151 [] = { +static const NSSItem nss_builtins_items_141 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -10428,7 +9862,7 @@ static const NSSItem nss_builtins_items_151 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_152 [] = { +static const NSSItem nss_builtins_items_142 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -10517,7 +9951,7 @@ static const NSSItem nss_builtins_items_152 [] = { "\346\120\262\247\372\012\105\057\242\360\362" , (PRUint32)955 } }; -static const NSSItem nss_builtins_items_153 [] = { +static const NSSItem nss_builtins_items_143 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -10544,7 +9978,7 @@ static const NSSItem nss_builtins_items_153 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_154 [] = { +static const NSSItem nss_builtins_items_144 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -10633,7 +10067,7 @@ static const NSSItem nss_builtins_items_154 [] = { "\225\155\336" , (PRUint32)947 } }; -static const NSSItem nss_builtins_items_155 [] = { +static const NSSItem nss_builtins_items_145 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -10660,7 +10094,7 @@ static const NSSItem nss_builtins_items_155 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_156 [] = { +static const NSSItem nss_builtins_items_146 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -10750,7 +10184,7 @@ static const NSSItem nss_builtins_items_156 [] = { "\370\351\056\023\243\167\350\037\112" , (PRUint32)969 } }; -static const NSSItem nss_builtins_items_157 [] = { +static const NSSItem nss_builtins_items_147 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -10777,7 +10211,7 @@ static const NSSItem nss_builtins_items_157 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_158 [] = { +static const NSSItem nss_builtins_items_148 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -10858,7 +10292,7 @@ static const NSSItem nss_builtins_items_158 [] = { "\227\277\242\216\264\124" , (PRUint32)918 } }; -static const NSSItem nss_builtins_items_159 [] = { +static const NSSItem nss_builtins_items_149 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -10882,7 +10316,7 @@ static const NSSItem nss_builtins_items_159 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_160 [] = { +static const NSSItem nss_builtins_items_150 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -10960,7 +10394,7 @@ static const NSSItem nss_builtins_items_160 [] = { "\013\004\216\007\333\051\266\012\356\235\202\065\065\020" , (PRUint32)846 } }; -static const NSSItem nss_builtins_items_161 [] = { +static const NSSItem nss_builtins_items_151 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -10985,7 +10419,7 @@ static const NSSItem nss_builtins_items_161 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_162 [] = { +static const NSSItem nss_builtins_items_152 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -11077,7 +10511,7 @@ static const NSSItem nss_builtins_items_162 [] = { "\363\267\240\247\315\345\172\063\066\152\372\232\053" , (PRUint32)1037 } }; -static const NSSItem nss_builtins_items_163 [] = { +static const NSSItem nss_builtins_items_153 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -11103,7 +10537,7 @@ static const NSSItem nss_builtins_items_163 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_164 [] = { +static const NSSItem nss_builtins_items_154 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -11205,7 +10639,7 @@ static const NSSItem nss_builtins_items_164 [] = { "\104\144\003\045\352\336\133\156\237\311\362\116\254\335\307" , (PRUint32)1023 } }; -static const NSSItem nss_builtins_items_165 [] = { +static const NSSItem nss_builtins_items_155 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -11236,7 +10670,7 @@ static const NSSItem nss_builtins_items_165 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_166 [] = { +static const NSSItem nss_builtins_items_156 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -11344,7 +10778,7 @@ static const NSSItem nss_builtins_items_166 [] = { "\167\161\307\372\221\372\057\121\236\351\071\122\266\347\004\102" , (PRUint32)1088 } }; -static const NSSItem nss_builtins_items_167 [] = { +static const NSSItem nss_builtins_items_157 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -11376,7 +10810,7 @@ static const NSSItem nss_builtins_items_167 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_168 [] = { +static const NSSItem nss_builtins_items_158 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -11493,7 +10927,7 @@ static const NSSItem nss_builtins_items_168 [] = { "\205\206\171\145\322" , (PRUint32)1477 } }; -static const NSSItem nss_builtins_items_169 [] = { +static const NSSItem nss_builtins_items_159 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -11517,7 +10951,7 @@ static const NSSItem nss_builtins_items_169 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_170 [] = { +static const NSSItem nss_builtins_items_160 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -11633,7 +11067,7 @@ static const NSSItem nss_builtins_items_170 [] = { "\111\044\133\311\260\320\127\301\372\076\172\341\227\311" , (PRUint32)1470 } }; -static const NSSItem nss_builtins_items_171 [] = { +static const NSSItem nss_builtins_items_161 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -11657,7 +11091,7 @@ static const NSSItem nss_builtins_items_171 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_172 [] = { +static const NSSItem nss_builtins_items_162 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -11774,7 +11208,7 @@ static const NSSItem nss_builtins_items_172 [] = { "\156" , (PRUint32)1473 } }; -static const NSSItem nss_builtins_items_173 [] = { +static const NSSItem nss_builtins_items_163 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -11798,7 +11232,7 @@ static const NSSItem nss_builtins_items_173 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_174 [] = { +static const NSSItem nss_builtins_items_164 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -11881,7 +11315,7 @@ static const NSSItem nss_builtins_items_174 [] = { "\253\022\350\263\336\132\345\240\174\350\017\042\035\132\351\131" , (PRUint32)896 } }; -static const NSSItem nss_builtins_items_175 [] = { +static const NSSItem nss_builtins_items_165 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -11907,7 +11341,7 @@ static const NSSItem nss_builtins_items_175 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_176 [] = { +static const NSSItem nss_builtins_items_166 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -12011,7 +11445,7 @@ static const NSSItem nss_builtins_items_176 [] = { "\215\126\214\150" , (PRUint32)1060 } }; -static const NSSItem nss_builtins_items_177 [] = { +static const NSSItem nss_builtins_items_167 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -12042,7 +11476,7 @@ static const NSSItem nss_builtins_items_177 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_178 [] = { +static const NSSItem nss_builtins_items_168 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -12161,7 +11595,7 @@ static const NSSItem nss_builtins_items_178 [] = { "\254\021\326\250\355\143\152" , (PRUint32)1239 } }; -static const NSSItem nss_builtins_items_179 [] = { +static const NSSItem nss_builtins_items_169 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -12194,7 +11628,7 @@ static const NSSItem nss_builtins_items_179 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_180 [] = { +static const NSSItem nss_builtins_items_170 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -12279,7 +11713,7 @@ static const NSSItem nss_builtins_items_180 [] = { "\113\035\236\054\302\270\150\274\355\002\356\061" , (PRUint32)956 } }; -static const NSSItem nss_builtins_items_181 [] = { +static const NSSItem nss_builtins_items_171 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -12304,7 +11738,7 @@ static const NSSItem nss_builtins_items_181 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_182 [] = { +static const NSSItem nss_builtins_items_172 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -12389,7 +11823,7 @@ static const NSSItem nss_builtins_items_182 [] = { "\117\043\037\332\154\254\037\104\341\335\043\170\121\133\307\026" , (PRUint32)960 } }; -static const NSSItem nss_builtins_items_183 [] = { +static const NSSItem nss_builtins_items_173 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -12414,7 +11848,7 @@ static const NSSItem nss_builtins_items_183 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_184 [] = { +static const NSSItem nss_builtins_items_174 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -12514,7 +11948,7 @@ static const NSSItem nss_builtins_items_184 [] = { "\145" , (PRUint32)1057 } }; -static const NSSItem nss_builtins_items_185 [] = { +static const NSSItem nss_builtins_items_175 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -12543,7 +11977,7 @@ static const NSSItem nss_builtins_items_185 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_186 [] = { +static const NSSItem nss_builtins_items_176 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -12635,7 +12069,7 @@ static const NSSItem nss_builtins_items_186 [] = { "\244\140\114\260\125\240\240\173\127\262" , (PRUint32)1002 } }; -static const NSSItem nss_builtins_items_187 [] = { +static const NSSItem nss_builtins_items_177 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -12662,7 +12096,7 @@ static const NSSItem nss_builtins_items_187 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_188 [] = { +static const NSSItem nss_builtins_items_178 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -12771,7 +12205,7 @@ static const NSSItem nss_builtins_items_188 [] = { "\333" , (PRUint32)1217 } }; -static const NSSItem nss_builtins_items_189 [] = { +static const NSSItem nss_builtins_items_179 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -12799,7 +12233,7 @@ static const NSSItem nss_builtins_items_189 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_190 [] = { +static const NSSItem nss_builtins_items_180 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -12873,7 +12307,7 @@ static const NSSItem nss_builtins_items_190 [] = { "\334\335\363\377\035\054\072\026\127\331\222\071\326" , (PRUint32)653 } }; -static const NSSItem nss_builtins_items_191 [] = { +static const NSSItem nss_builtins_items_181 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -12902,7 +12336,7 @@ static const NSSItem nss_builtins_items_191 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_192 [] = { +static const NSSItem nss_builtins_items_182 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -12994,7 +12428,7 @@ static const NSSItem nss_builtins_items_192 [] = { "\321\236\164\310\166\147" , (PRUint32)1078 } }; -static const NSSItem nss_builtins_items_193 [] = { +static const NSSItem nss_builtins_items_183 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -13019,7 +12453,7 @@ static const NSSItem nss_builtins_items_193 [] = { { (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_194 [] = { +static const NSSItem nss_builtins_items_184 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -13116,7 +12550,7 @@ static const NSSItem nss_builtins_items_194 [] = { "\253\205\322\140\126\132" , (PRUint32)1030 } }; -static const NSSItem nss_builtins_items_195 [] = { +static const NSSItem nss_builtins_items_185 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -13144,7 +12578,7 @@ static const NSSItem nss_builtins_items_195 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_196 [] = { +static const NSSItem nss_builtins_items_186 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -13229,7 +12663,7 @@ static const NSSItem nss_builtins_items_196 [] = { "\164" , (PRUint32)897 } }; -static const NSSItem nss_builtins_items_197 [] = { +static const NSSItem nss_builtins_items_187 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -13255,7 +12689,7 @@ static const NSSItem nss_builtins_items_197 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_198 [] = { +static const NSSItem nss_builtins_items_188 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -13352,7 +12786,7 @@ static const NSSItem nss_builtins_items_198 [] = { "\374\276\337\012\015" , (PRUint32)1013 } }; -static const NSSItem nss_builtins_items_199 [] = { +static const NSSItem nss_builtins_items_189 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -13381,7 +12815,7 @@ static const NSSItem nss_builtins_items_199 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_200 [] = { +static const NSSItem nss_builtins_items_190 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -13492,7 +12926,7 @@ static const NSSItem nss_builtins_items_200 [] = { "\241\361\017\033\037\075\236\004\203\335\226\331\035\072\224" , (PRUint32)1151 } }; -static const NSSItem nss_builtins_items_201 [] = { +static const NSSItem nss_builtins_items_191 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -13524,7 +12958,7 @@ static const NSSItem nss_builtins_items_201 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_202 [] = { +static const NSSItem nss_builtins_items_192 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -13678,7 +13112,7 @@ static const NSSItem nss_builtins_items_202 [] = { "\103\307\003\340\067\116\135\012\334\131\040\045" , (PRUint32)1964 } }; -static const NSSItem nss_builtins_items_203 [] = { +static const NSSItem nss_builtins_items_193 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -13706,7 +13140,7 @@ static const NSSItem nss_builtins_items_203 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_204 [] = { +static const NSSItem nss_builtins_items_194 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -13787,7 +13221,7 @@ static const NSSItem nss_builtins_items_204 [] = { "\300\226\130\057\352\273\106\327\273\344\331\056" , (PRUint32)940 } }; -static const NSSItem nss_builtins_items_205 [] = { +static const NSSItem nss_builtins_items_195 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -13810,7 +13244,7 @@ static const NSSItem nss_builtins_items_205 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_206 [] = { +static const NSSItem nss_builtins_items_196 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -13944,7 +13378,7 @@ static const NSSItem nss_builtins_items_206 [] = { "\005\211\374\170\326\134\054\046\103\251" , (PRUint32)1642 } }; -static const NSSItem nss_builtins_items_207 [] = { +static const NSSItem nss_builtins_items_197 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -13972,7 +13406,7 @@ static const NSSItem nss_builtins_items_207 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_208 [] = { +static const NSSItem nss_builtins_items_198 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -14077,7 +13511,7 @@ static const NSSItem nss_builtins_items_208 [] = { "\334\144\047\027\214\132\267\332\164\050\315\227\344\275" , (PRUint32)1198 } }; -static const NSSItem nss_builtins_items_209 [] = { +static const NSSItem nss_builtins_items_199 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -14104,7 +13538,7 @@ static const NSSItem nss_builtins_items_209 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_210 [] = { +static const NSSItem nss_builtins_items_200 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -14209,7 +13643,7 @@ static const NSSItem nss_builtins_items_210 [] = { "\016\121\075\157\373\226\126\200\342\066\027\321\334\344" , (PRUint32)1198 } }; -static const NSSItem nss_builtins_items_211 [] = { +static const NSSItem nss_builtins_items_201 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -14236,7 +13670,7 @@ static const NSSItem nss_builtins_items_211 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_212 [] = { +static const NSSItem nss_builtins_items_202 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -14329,7 +13763,7 @@ static const NSSItem nss_builtins_items_212 [] = { "\230" , (PRUint32)993 } }; -static const NSSItem nss_builtins_items_213 [] = { +static const NSSItem nss_builtins_items_203 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -14356,7 +13790,7 @@ static const NSSItem nss_builtins_items_213 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_214 [] = { +static const NSSItem nss_builtins_items_204 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -14445,7 +13879,7 @@ static const NSSItem nss_builtins_items_214 [] = { "\126\144\127" , (PRUint32)931 } }; -static const NSSItem nss_builtins_items_215 [] = { +static const NSSItem nss_builtins_items_205 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -14472,7 +13906,7 @@ static const NSSItem nss_builtins_items_215 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_216 [] = { +static const NSSItem nss_builtins_items_206 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -14553,7 +13987,7 @@ static const NSSItem nss_builtins_items_216 [] = { "\000\147\240\161\000\202\110" , (PRUint32)919 } }; -static const NSSItem nss_builtins_items_217 [] = { +static const NSSItem nss_builtins_items_207 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -14577,7 +14011,7 @@ static const NSSItem nss_builtins_items_217 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_218 [] = { +static const NSSItem nss_builtins_items_208 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -14659,7 +14093,7 @@ static const NSSItem nss_builtins_items_218 [] = { "\316\145\006\056\135\322\052\123\164\136\323\156\047\236\217" , (PRUint32)943 } }; -static const NSSItem nss_builtins_items_219 [] = { +static const NSSItem nss_builtins_items_209 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -14683,7 +14117,7 @@ static const NSSItem nss_builtins_items_219 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_220 [] = { +static const NSSItem nss_builtins_items_210 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -14764,7 +14198,7 @@ static const NSSItem nss_builtins_items_220 [] = { "\246\210\070\316\125" , (PRUint32)933 } }; -static const NSSItem nss_builtins_items_221 [] = { +static const NSSItem nss_builtins_items_211 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -14787,7 +14221,7 @@ static const NSSItem nss_builtins_items_221 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_222 [] = { +static const NSSItem nss_builtins_items_212 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -14906,7 +14340,7 @@ static const NSSItem nss_builtins_items_222 [] = { "\201\370\021\234" , (PRUint32)1460 } }; -static const NSSItem nss_builtins_items_223 [] = { +static const NSSItem nss_builtins_items_213 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -14932,7 +14366,7 @@ static const NSSItem nss_builtins_items_223 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_224 [] = { +static const NSSItem nss_builtins_items_214 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -15066,7 +14500,7 @@ static const NSSItem nss_builtins_items_224 [] = { "\311\234\220\332\354\251\102\074\255\266\002" , (PRUint32)1307 } }; -static const NSSItem nss_builtins_items_225 [] = { +static const NSSItem nss_builtins_items_215 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -15104,7 +14538,7 @@ static const NSSItem nss_builtins_items_225 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_226 [] = { +static const NSSItem nss_builtins_items_216 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -15182,7 +14616,7 @@ static const NSSItem nss_builtins_items_226 [] = { "\366\324\357\277\114\210\150" , (PRUint32)855 } }; -static const NSSItem nss_builtins_items_227 [] = { +static const NSSItem nss_builtins_items_217 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -15206,7 +14640,7 @@ static const NSSItem nss_builtins_items_227 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_228 [] = { +static const NSSItem nss_builtins_items_218 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -15284,7 +14718,7 @@ static const NSSItem nss_builtins_items_228 [] = { "\246\347\313\100\003\335\171" , (PRUint32)855 } }; -static const NSSItem nss_builtins_items_229 [] = { +static const NSSItem nss_builtins_items_219 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -15308,7 +14742,7 @@ static const NSSItem nss_builtins_items_229 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_230 [] = { +static const NSSItem nss_builtins_items_220 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -15435,7 +14869,7 @@ static const NSSItem nss_builtins_items_230 [] = { "\320\352\111\242\034\215\122\024\246\012\223" , (PRUint32)1515 } }; -static const NSSItem nss_builtins_items_231 [] = { +static const NSSItem nss_builtins_items_221 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -15463,7 +14897,7 @@ static const NSSItem nss_builtins_items_231 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_232 [] = { +static const NSSItem nss_builtins_items_222 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -15537,7 +14971,7 @@ static const NSSItem nss_builtins_items_232 [] = { "\366\356\260\132\116\111\104\124\130\137\102\203" , (PRUint32)828 } }; -static const NSSItem nss_builtins_items_233 [] = { +static const NSSItem nss_builtins_items_223 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -15560,7 +14994,7 @@ static const NSSItem nss_builtins_items_233 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_234 [] = { +static const NSSItem nss_builtins_items_224 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -15636,7 +15070,7 @@ static const NSSItem nss_builtins_items_234 [] = { "\011\333\212\101\202\236\146\233\021" , (PRUint32)857 } }; -static const NSSItem nss_builtins_items_235 [] = { +static const NSSItem nss_builtins_items_225 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -15659,7 +15093,7 @@ static const NSSItem nss_builtins_items_235 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_236 [] = { +static const NSSItem nss_builtins_items_226 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -15742,7 +15176,7 @@ static const NSSItem nss_builtins_items_236 [] = { "\262\033\211\124" , (PRUint32)932 } }; -static const NSSItem nss_builtins_items_237 [] = { +static const NSSItem nss_builtins_items_227 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -15766,7 +15200,7 @@ static const NSSItem nss_builtins_items_237 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_238 [] = { +static const NSSItem nss_builtins_items_228 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -15866,7 +15300,7 @@ static const NSSItem nss_builtins_items_238 [] = { "\021\055" , (PRUint32)1026 } }; -static const NSSItem nss_builtins_items_239 [] = { +static const NSSItem nss_builtins_items_229 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -15896,7 +15330,7 @@ static const NSSItem nss_builtins_items_239 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_240 [] = { +static const NSSItem nss_builtins_items_230 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -15970,7 +15404,7 @@ static const NSSItem nss_builtins_items_240 [] = { "\367\130\077\056\162\002\127\243\217\241\024\056" , (PRUint32)652 } }; -static const NSSItem nss_builtins_items_241 [] = { +static const NSSItem nss_builtins_items_231 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -15999,7 +15433,7 @@ static const NSSItem nss_builtins_items_241 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_242 [] = { +static const NSSItem nss_builtins_items_232 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -16105,7 +15539,7 @@ static const NSSItem nss_builtins_items_242 [] = { "\061\324\100\032\142\064\066\077\065\001\256\254\143\240" , (PRUint32)1070 } }; -static const NSSItem nss_builtins_items_243 [] = { +static const NSSItem nss_builtins_items_233 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -16137,7 +15571,7 @@ static const NSSItem nss_builtins_items_243 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_244 [] = { +static const NSSItem nss_builtins_items_234 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -16216,7 +15650,7 @@ static const NSSItem nss_builtins_items_244 [] = { "\017\212" , (PRUint32)690 } }; -static const NSSItem nss_builtins_items_245 [] = { +static const NSSItem nss_builtins_items_235 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -16246,7 +15680,7 @@ static const NSSItem nss_builtins_items_245 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_246 [] = { +static const NSSItem nss_builtins_items_236 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -16361,7 +15795,7 @@ static const NSSItem nss_builtins_items_246 [] = { "\354\315\202\141\361\070\346\117\227\230\052\132\215" , (PRUint32)1213 } }; -static const NSSItem nss_builtins_items_247 [] = { +static const NSSItem nss_builtins_items_237 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -16393,7 +15827,7 @@ static const NSSItem nss_builtins_items_247 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_248 [] = { +static const NSSItem nss_builtins_items_238 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -16491,7 +15925,7 @@ static const NSSItem nss_builtins_items_248 [] = { "\055\247\330\206\052\335\056\020" , (PRUint32)904 } }; -static const NSSItem nss_builtins_items_249 [] = { +static const NSSItem nss_builtins_items_239 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -16524,7 +15958,7 @@ static const NSSItem nss_builtins_items_249 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_250 [] = { +static const NSSItem nss_builtins_items_240 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -16626,7 +16060,7 @@ static const NSSItem nss_builtins_items_250 [] = { "\330\316\304\143\165\077\131\107\261" , (PRUint32)1049 } }; -static const NSSItem nss_builtins_items_251 [] = { +static const NSSItem nss_builtins_items_241 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -16656,7 +16090,7 @@ static const NSSItem nss_builtins_items_251 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_252 [] = { +static const NSSItem nss_builtins_items_242 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -16775,7 +16209,7 @@ static const NSSItem nss_builtins_items_252 [] = { "\370\161\012\334\271\374\175\062\140\346\353\257\212\001" , (PRUint32)1486 } }; -static const NSSItem nss_builtins_items_253 [] = { +static const NSSItem nss_builtins_items_243 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -16800,7 +16234,7 @@ static const NSSItem nss_builtins_items_253 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_254 [] = { +static const NSSItem nss_builtins_items_244 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -16890,7 +16324,7 @@ static const NSSItem nss_builtins_items_254 [] = { "\315\345\250" , (PRUint32)1043 } }; -static const NSSItem nss_builtins_items_255 [] = { +static const NSSItem nss_builtins_items_245 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -16914,7 +16348,7 @@ static const NSSItem nss_builtins_items_255 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_256 [] = { +static const NSSItem nss_builtins_items_246 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -17019,7 +16453,7 @@ static const NSSItem nss_builtins_items_256 [] = { "\115\273\306\104\333\066\313\052\234\216" , (PRUint32)1258 } }; -static const NSSItem nss_builtins_items_257 [] = { +static const NSSItem nss_builtins_items_247 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -17044,7 +16478,7 @@ static const NSSItem nss_builtins_items_257 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_258 [] = { +static const NSSItem nss_builtins_items_248 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -17120,7 +16554,7 @@ static const NSSItem nss_builtins_items_258 [] = { "\002\153\331\132" , (PRUint32)820 } }; -static const NSSItem nss_builtins_items_259 [] = { +static const NSSItem nss_builtins_items_249 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -17144,7 +16578,7 @@ static const NSSItem nss_builtins_items_259 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_260 [] = { +static const NSSItem nss_builtins_items_250 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -17226,7 +16660,7 @@ static const NSSItem nss_builtins_items_260 [] = { "\362" , (PRUint32)881 } }; -static const NSSItem nss_builtins_items_261 [] = { +static const NSSItem nss_builtins_items_251 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -17251,7 +16685,7 @@ static const NSSItem nss_builtins_items_261 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_262 [] = { +static const NSSItem nss_builtins_items_252 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -17367,7 +16801,7 @@ static const NSSItem nss_builtins_items_262 [] = { "\113\076\053\070\007\125\230\136\244" , (PRUint32)1465 } }; -static const NSSItem nss_builtins_items_263 [] = { +static const NSSItem nss_builtins_items_253 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -17391,7 +16825,7 @@ static const NSSItem nss_builtins_items_263 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_264 [] = { +static const NSSItem nss_builtins_items_254 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -17456,7 +16890,7 @@ static const NSSItem nss_builtins_items_264 [] = { "\375\166\004\333\142\273\220\152\003\331\106\065\331\370\174\133" , (PRUint32)576 } }; -static const NSSItem nss_builtins_items_265 [] = { +static const NSSItem nss_builtins_items_255 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -17483,7 +16917,7 @@ static const NSSItem nss_builtins_items_265 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_266 [] = { +static const NSSItem nss_builtins_items_256 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -17548,7 +16982,7 @@ static const NSSItem nss_builtins_items_266 [] = { "\054\163\031\110\151\116\153\174\145\277\017\374\160\316\210\220" , (PRUint32)576 } }; -static const NSSItem nss_builtins_items_267 [] = { +static const NSSItem nss_builtins_items_257 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -17575,7 +17009,7 @@ static const NSSItem nss_builtins_items_267 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_268 [] = { +static const NSSItem nss_builtins_items_258 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -17672,7 +17106,7 @@ static const NSSItem nss_builtins_items_268 [] = { "\202\042\055\172\124\253\160\303\175\042\145\202\160\226" , (PRUint32)1038 } }; -static const NSSItem nss_builtins_items_269 [] = { +static const NSSItem nss_builtins_items_259 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -17700,7 +17134,7 @@ static const NSSItem nss_builtins_items_269 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_270 [] = { +static const NSSItem nss_builtins_items_260 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -17791,7 +17225,7 @@ static const NSSItem nss_builtins_items_270 [] = { "\336\102\343\055\202\361\017\345\372\227" , (PRUint32)954 } }; -static const NSSItem nss_builtins_items_271 [] = { +static const NSSItem nss_builtins_items_261 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -17819,7 +17253,7 @@ static const NSSItem nss_builtins_items_271 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_272 [] = { +static const NSSItem nss_builtins_items_262 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -17898,7 +17332,7 @@ static const NSSItem nss_builtins_items_272 [] = { "\130\077\137" , (PRUint32)867 } }; -static const NSSItem nss_builtins_items_273 [] = { +static const NSSItem nss_builtins_items_263 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -17922,7 +17356,7 @@ static const NSSItem nss_builtins_items_273 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_274 [] = { +static const NSSItem nss_builtins_items_264 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -18015,7 +17449,7 @@ static const NSSItem nss_builtins_items_274 [] = { "\045\361\224\264\146" , (PRUint32)997 } }; -static const NSSItem nss_builtins_items_275 [] = { +static const NSSItem nss_builtins_items_265 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -18042,7 +17476,7 @@ static const NSSItem nss_builtins_items_275 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_276 [] = { +static const NSSItem nss_builtins_items_266 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -18166,7 +17600,7 @@ static const NSSItem nss_builtins_items_276 [] = { "\156\117\022\176\012\074\235\225" , (PRUint32)1560 } }; -static const NSSItem nss_builtins_items_277 [] = { +static const NSSItem nss_builtins_items_267 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -18191,7 +17625,7 @@ static const NSSItem nss_builtins_items_277 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_278 [] = { +static const NSSItem nss_builtins_items_268 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -18310,7 +17744,7 @@ static const NSSItem nss_builtins_items_278 [] = { "\333\374\046\210\307" , (PRUint32)1525 } }; -static const NSSItem nss_builtins_items_279 [] = { +static const NSSItem nss_builtins_items_269 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -18334,7 +17768,7 @@ static const NSSItem nss_builtins_items_279 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_280 [] = { +static const NSSItem nss_builtins_items_270 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -18490,7 +17924,7 @@ static const NSSItem nss_builtins_items_280 [] = { "\167\110\320" , (PRUint32)1875 } }; -static const NSSItem nss_builtins_items_281 [] = { +static const NSSItem nss_builtins_items_271 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -18521,7 +17955,7 @@ static const NSSItem nss_builtins_items_281 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_282 [] = { +static const NSSItem nss_builtins_items_272 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -18674,7 +18108,7 @@ static const NSSItem nss_builtins_items_282 [] = { "\351\233\256\325\124\300\164\200\321\013\102\237\301" , (PRUint32)1869 } }; -static const NSSItem nss_builtins_items_283 [] = { +static const NSSItem nss_builtins_items_273 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -18704,7 +18138,7 @@ static const NSSItem nss_builtins_items_283 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_284 [] = { +static const NSSItem nss_builtins_items_274 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -18840,7 +18274,7 @@ static const NSSItem nss_builtins_items_284 [] = { "\242\355\264\324\265\145\103\267\223\106\212\323" , (PRUint32)1532 } }; -static const NSSItem nss_builtins_items_285 [] = { +static const NSSItem nss_builtins_items_275 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -18870,7 +18304,7 @@ static const NSSItem nss_builtins_items_285 [] = { { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_286 [] = { +static const NSSItem nss_builtins_items_276 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -19021,7 +18455,7 @@ static const NSSItem nss_builtins_items_286 [] = { "\264" , (PRUint32)1761 } }; -static const NSSItem nss_builtins_items_287 [] = { +static const NSSItem nss_builtins_items_277 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -19051,7 +18485,7 @@ static const NSSItem nss_builtins_items_287 [] = { { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_288 [] = { +static const NSSItem nss_builtins_items_278 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -19187,7 +18621,7 @@ static const NSSItem nss_builtins_items_288 [] = { "\111\043" , (PRUint32)1522 } }; -static const NSSItem nss_builtins_items_289 [] = { +static const NSSItem nss_builtins_items_279 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -19217,7 +18651,7 @@ static const NSSItem nss_builtins_items_289 [] = { { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_290 [] = { +static const NSSItem nss_builtins_items_280 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -19352,7 +18786,7 @@ static const NSSItem nss_builtins_items_290 [] = { "\172\244\047\023\326\117\364\151" , (PRUint32)1512 } }; -static const NSSItem nss_builtins_items_291 [] = { +static const NSSItem nss_builtins_items_281 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -19382,7 +18816,7 @@ static const NSSItem nss_builtins_items_291 [] = { { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_292 [] = { +static const NSSItem nss_builtins_items_282 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -19518,7 +18952,7 @@ static const NSSItem nss_builtins_items_292 [] = { "\302\021\254" , (PRUint32)1523 } }; -static const NSSItem nss_builtins_items_293 [] = { +static const NSSItem nss_builtins_items_283 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -19548,7 +18982,7 @@ static const NSSItem nss_builtins_items_293 [] = { { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_294 [] = { +static const NSSItem nss_builtins_items_284 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -19684,7 +19118,7 @@ static const NSSItem nss_builtins_items_294 [] = { "\147\024\060" , (PRUint32)1523 } }; -static const NSSItem nss_builtins_items_295 [] = { +static const NSSItem nss_builtins_items_285 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -19714,7 +19148,7 @@ static const NSSItem nss_builtins_items_295 [] = { { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_296 [] = { +static const NSSItem nss_builtins_items_286 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -19848,7 +19282,7 @@ static const NSSItem nss_builtins_items_296 [] = { "\217\116\235\306\066\347\134\246\253\022\017\326\317" , (PRUint32)1501 } }; -static const NSSItem nss_builtins_items_297 [] = { +static const NSSItem nss_builtins_items_287 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -19878,7 +19312,7 @@ static const NSSItem nss_builtins_items_297 [] = { { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_298 [] = { +static const NSSItem nss_builtins_items_288 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -20012,7 +19446,7 @@ static const NSSItem nss_builtins_items_298 [] = { "\130\113\161\203\237\146\346\254\171\110\376\376\107" , (PRUint32)1501 } }; -static const NSSItem nss_builtins_items_299 [] = { +static const NSSItem nss_builtins_items_289 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -20042,7 +19476,7 @@ static const NSSItem nss_builtins_items_299 [] = { { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_300 [] = { +static const NSSItem nss_builtins_items_290 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -20177,7 +19611,7 @@ static const NSSItem nss_builtins_items_300 [] = { "\200\246\202\254\344\154\201\106\273\122\205\040\044\370\200\352" , (PRUint32)1520 } }; -static const NSSItem nss_builtins_items_301 [] = { +static const NSSItem nss_builtins_items_291 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -20207,7 +19641,7 @@ static const NSSItem nss_builtins_items_301 [] = { { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_302 [] = { +static const NSSItem nss_builtins_items_292 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -20335,7 +19769,7 @@ static const NSSItem nss_builtins_items_302 [] = { "\154\174\107\306\327\224\021\041\354\326\132\322\335\217\177\221" , (PRUint32)1392 } }; -static const NSSItem nss_builtins_items_303 [] = { +static const NSSItem nss_builtins_items_293 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -20365,7 +19799,7 @@ static const NSSItem nss_builtins_items_303 [] = { { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_304 [] = { +static const NSSItem nss_builtins_items_294 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -20458,7 +19892,7 @@ static const NSSItem nss_builtins_items_304 [] = { "\342\342\104\276\134\367\352\034\365" , (PRUint32)969 } }; -static const NSSItem nss_builtins_items_305 [] = { +static const NSSItem nss_builtins_items_295 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -20486,7 +19920,7 @@ static const NSSItem nss_builtins_items_305 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_306 [] = { +static const NSSItem nss_builtins_items_296 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -20583,7 +20017,7 @@ static const NSSItem nss_builtins_items_306 [] = { "\364" , (PRUint32)993 } }; -static const NSSItem nss_builtins_items_307 [] = { +static const NSSItem nss_builtins_items_297 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -20612,7 +20046,7 @@ static const NSSItem nss_builtins_items_307 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_308 [] = { +static const NSSItem nss_builtins_items_298 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -20710,7 +20144,7 @@ static const NSSItem nss_builtins_items_308 [] = { "\261\050\272" , (PRUint32)1011 } }; -static const NSSItem nss_builtins_items_309 [] = { +static const NSSItem nss_builtins_items_299 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -20739,7 +20173,7 @@ static const NSSItem nss_builtins_items_309 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_310 [] = { +static const NSSItem nss_builtins_items_300 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -20816,7 +20250,7 @@ static const NSSItem nss_builtins_items_310 [] = { "\007\072\027\144\265\004\265\043\041\231\012\225\073\227\174\357" , (PRUint32)848 } }; -static const NSSItem nss_builtins_items_311 [] = { +static const NSSItem nss_builtins_items_301 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -20840,7 +20274,7 @@ static const NSSItem nss_builtins_items_311 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_312 [] = { +static const NSSItem nss_builtins_items_302 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -20917,7 +20351,7 @@ static const NSSItem nss_builtins_items_312 [] = { "\355\132\000\124\205\034\026\066\222\014\134\372\246\255\277\333" , (PRUint32)848 } }; -static const NSSItem nss_builtins_items_313 [] = { +static const NSSItem nss_builtins_items_303 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -20941,7 +20375,7 @@ static const NSSItem nss_builtins_items_313 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_314 [] = { +static const NSSItem nss_builtins_items_304 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -21050,7 +20484,7 @@ static const NSSItem nss_builtins_items_314 [] = { "\051\340\266\270\011\150\031\034\030\103" , (PRUint32)1354 } }; -static const NSSItem nss_builtins_items_315 [] = { +static const NSSItem nss_builtins_items_305 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -21074,7 +20508,7 @@ static const NSSItem nss_builtins_items_315 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_316 [] = { +static const NSSItem nss_builtins_items_306 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -21131,7 +20565,7 @@ static const NSSItem nss_builtins_items_316 [] = { "\214\171" , (PRUint32)514 } }; -static const NSSItem nss_builtins_items_317 [] = { +static const NSSItem nss_builtins_items_307 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -21155,7 +20589,7 @@ static const NSSItem nss_builtins_items_317 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_318 [] = { +static const NSSItem nss_builtins_items_308 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -21245,7 +20679,7 @@ static const NSSItem nss_builtins_items_318 [] = { "\326\267\064\365\176\316\071\232\331\070\361\121\367\117\054" , (PRUint32)959 } }; -static const NSSItem nss_builtins_items_319 [] = { +static const NSSItem nss_builtins_items_309 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -21272,7 +20706,7 @@ static const NSSItem nss_builtins_items_319 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_320 [] = { +static const NSSItem nss_builtins_items_310 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -21390,7 +20824,7 @@ static const NSSItem nss_builtins_items_320 [] = { "\377\276\013\166\026\136\067\067\346\330\164\227\242\231\105\171" , (PRUint32)1440 } }; -static const NSSItem nss_builtins_items_321 [] = { +static const NSSItem nss_builtins_items_311 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -21416,7 +20850,7 @@ static const NSSItem nss_builtins_items_321 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_322 [] = { +static const NSSItem nss_builtins_items_312 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -21549,7 +20983,7 @@ static const NSSItem nss_builtins_items_322 [] = { "\304\163\304\163\030\137\120\165\026\061\237\267\350\174\303" , (PRUint32)1679 } }; -static const NSSItem nss_builtins_items_323 [] = { +static const NSSItem nss_builtins_items_313 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -21575,7 +21009,7 @@ static const NSSItem nss_builtins_items_323 [] = { { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_324 [] = { +static const NSSItem nss_builtins_items_314 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -21669,7 +21103,7 @@ static const NSSItem nss_builtins_items_324 [] = { "\204\232\315" , (PRUint32)979 } }; -static const NSSItem nss_builtins_items_325 [] = { +static const NSSItem nss_builtins_items_315 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -21697,7 +21131,7 @@ static const NSSItem nss_builtins_items_325 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_326 [] = { +static const NSSItem nss_builtins_items_316 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -21781,7 +21215,7 @@ static const NSSItem nss_builtins_items_326 [] = { "\274\060\376\173\016\063\220\373\355\322\024\221\037\007\257" , (PRUint32)895 } }; -static const NSSItem nss_builtins_items_327 [] = { +static const NSSItem nss_builtins_items_317 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -21807,7 +21241,7 @@ static const NSSItem nss_builtins_items_327 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_328 [] = { +static const NSSItem nss_builtins_items_318 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -21925,7 +21359,7 @@ static const NSSItem nss_builtins_items_328 [] = { "\262\345\214\360\206\231\270\345\305\337\204\301\267\353" , (PRUint32)1422 } }; -static const NSSItem nss_builtins_items_329 [] = { +static const NSSItem nss_builtins_items_319 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -21952,7 +21386,7 @@ static const NSSItem nss_builtins_items_329 [] = { { (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_330 [] = { +static const NSSItem nss_builtins_items_320 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -22036,7 +21470,7 @@ static const NSSItem nss_builtins_items_330 [] = { "\136\121\026\053\076" , (PRUint32)885 } }; -static const NSSItem nss_builtins_items_331 [] = { +static const NSSItem nss_builtins_items_321 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -22062,7 +21496,7 @@ static const NSSItem nss_builtins_items_331 [] = { { (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_332 [] = { +static const NSSItem nss_builtins_items_322 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -22175,7 +21609,7 @@ static const NSSItem nss_builtins_items_332 [] = { "\214\360\340\050\006\042\267\046\101" , (PRUint32)1353 } }; -static const NSSItem nss_builtins_items_333 [] = { +static const NSSItem nss_builtins_items_323 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -22201,7 +21635,7 @@ static const NSSItem nss_builtins_items_333 [] = { { (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_334 [] = { +static const NSSItem nss_builtins_items_324 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -22304,7 +21738,7 @@ static const NSSItem nss_builtins_items_334 [] = { "\041\225\305\242\165" , (PRUint32)1285 } }; -static const NSSItem nss_builtins_items_335 [] = { +static const NSSItem nss_builtins_items_325 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -22327,7 +21761,7 @@ static const NSSItem nss_builtins_items_335 [] = { { (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_336 [] = { +static const NSSItem nss_builtins_items_326 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -22429,7 +21863,7 @@ static const NSSItem nss_builtins_items_336 [] = { "\132\145" , (PRUint32)1170 } }; -static const NSSItem nss_builtins_items_337 [] = { +static const NSSItem nss_builtins_items_327 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -22455,7 +21889,7 @@ static const NSSItem nss_builtins_items_337 [] = { { (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_338 [] = { +static const NSSItem nss_builtins_items_328 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -22587,7 +22021,7 @@ static const NSSItem nss_builtins_items_338 [] = { "\244\363\116\272\067\230\173\202\271" , (PRUint32)1689 } }; -static const NSSItem nss_builtins_items_339 [] = { +static const NSSItem nss_builtins_items_329 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -22612,7 +22046,7 @@ static const NSSItem nss_builtins_items_339 [] = { { (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_340 [] = { +static const NSSItem nss_builtins_items_330 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -22703,7 +22137,7 @@ static const NSSItem nss_builtins_items_340 [] = { "\131" , (PRUint32)977 } }; -static const NSSItem nss_builtins_items_341 [] = { +static const NSSItem nss_builtins_items_331 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -22730,7 +22164,7 @@ static const NSSItem nss_builtins_items_341 [] = { { (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; -static const NSSItem nss_builtins_items_342 [] = { +static const NSSItem nss_builtins_items_332 [] = { { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -22841,7 +22275,7 @@ static const NSSItem nss_builtins_items_342 [] = { "\355\020\342\305" , (PRUint32)1236 } }; -static const NSSItem nss_builtins_items_343 [] = { +static const NSSItem nss_builtins_items_333 [] = { { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, @@ -22872,6 +22306,413 @@ static const NSSItem nss_builtins_items_343 [] = { { (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; +static const NSSItem nss_builtins_items_334 [] = { + { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, + { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)"Security Communication RootCA2", (PRUint32)31 }, + { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) }, + { (void *)"\060\135\061\013\060\011\006\003\125\004\006\023\002\112\120\061" +"\045\060\043\006\003\125\004\012\023\034\123\105\103\117\115\040" +"\124\162\165\163\164\040\123\171\163\164\145\155\163\040\103\117" +"\056\054\114\124\104\056\061\047\060\045\006\003\125\004\013\023" +"\036\123\145\143\165\162\151\164\171\040\103\157\155\155\165\156" +"\151\143\141\164\151\157\156\040\122\157\157\164\103\101\062" +, (PRUint32)95 }, + { (void *)"0", (PRUint32)2 }, + { (void *)"\060\135\061\013\060\011\006\003\125\004\006\023\002\112\120\061" +"\045\060\043\006\003\125\004\012\023\034\123\105\103\117\115\040" +"\124\162\165\163\164\040\123\171\163\164\145\155\163\040\103\117" +"\056\054\114\124\104\056\061\047\060\045\006\003\125\004\013\023" +"\036\123\145\143\165\162\151\164\171\040\103\157\155\155\165\156" +"\151\143\141\164\151\157\156\040\122\157\157\164\103\101\062" +, (PRUint32)95 }, + { (void *)"\002\001\000" +, (PRUint32)3 }, + { (void *)"\060\202\003\167\060\202\002\137\240\003\002\001\002\002\001\000" +"\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060" +"\135\061\013\060\011\006\003\125\004\006\023\002\112\120\061\045" +"\060\043\006\003\125\004\012\023\034\123\105\103\117\115\040\124" +"\162\165\163\164\040\123\171\163\164\145\155\163\040\103\117\056" +"\054\114\124\104\056\061\047\060\045\006\003\125\004\013\023\036" +"\123\145\143\165\162\151\164\171\040\103\157\155\155\165\156\151" +"\143\141\164\151\157\156\040\122\157\157\164\103\101\062\060\036" +"\027\015\060\071\060\065\062\071\060\065\060\060\063\071\132\027" +"\015\062\071\060\065\062\071\060\065\060\060\063\071\132\060\135" +"\061\013\060\011\006\003\125\004\006\023\002\112\120\061\045\060" +"\043\006\003\125\004\012\023\034\123\105\103\117\115\040\124\162" +"\165\163\164\040\123\171\163\164\145\155\163\040\103\117\056\054" +"\114\124\104\056\061\047\060\045\006\003\125\004\013\023\036\123" +"\145\143\165\162\151\164\171\040\103\157\155\155\165\156\151\143" +"\141\164\151\157\156\040\122\157\157\164\103\101\062\060\202\001" +"\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000" +"\003\202\001\017\000\060\202\001\012\002\202\001\001\000\320\025" +"\071\122\261\122\263\272\305\131\202\304\135\122\256\072\103\145" +"\200\113\307\362\226\274\333\066\227\326\246\144\214\250\136\360" +"\343\012\034\367\337\227\075\113\256\366\135\354\041\265\101\253" +"\315\271\176\166\237\276\371\076\066\064\240\073\301\366\061\021" +"\105\164\223\075\127\200\305\371\211\231\312\345\253\152\324\265" +"\332\101\220\020\301\326\326\102\211\302\277\364\070\022\225\114" +"\124\005\367\066\344\105\203\173\024\145\326\334\014\115\321\336" +"\176\014\253\073\304\025\276\072\126\246\132\157\166\151\122\251" +"\172\271\310\353\152\232\135\122\320\055\012\153\065\026\011\020" +"\204\320\152\312\072\006\000\067\107\344\176\127\117\077\213\353" +"\147\270\210\252\305\276\123\125\262\221\304\175\271\260\205\031" +"\006\170\056\333\141\032\372\205\365\112\221\241\347\026\325\216" +"\242\071\337\224\270\160\037\050\077\213\374\100\136\143\203\074" +"\203\052\032\231\153\317\336\131\152\073\374\157\026\327\037\375" +"\112\020\353\116\202\026\072\254\047\014\123\361\255\325\044\260" +"\153\003\120\301\055\074\026\335\104\064\047\032\165\373\002\003" +"\001\000\001\243\102\060\100\060\035\006\003\125\035\016\004\026" +"\004\024\012\205\251\167\145\005\230\174\100\201\370\017\227\054" +"\070\361\012\354\074\317\060\016\006\003\125\035\017\001\001\377" +"\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377" +"\004\005\060\003\001\001\377\060\015\006\011\052\206\110\206\367" +"\015\001\001\013\005\000\003\202\001\001\000\114\072\243\104\254" +"\271\105\261\307\223\176\310\013\012\102\337\144\352\034\356\131" +"\154\010\272\211\137\152\312\112\225\236\172\217\007\305\332\105" +"\162\202\161\016\072\322\314\157\247\264\241\043\273\366\044\237" +"\313\027\376\214\246\316\302\322\333\314\215\374\161\374\003\051" +"\301\154\135\063\137\144\266\145\073\211\157\030\166\170\365\334" +"\242\110\037\031\077\216\223\353\361\372\027\356\315\116\343\004" +"\022\125\326\345\344\335\373\076\005\174\342\035\136\306\247\274" +"\227\117\150\072\365\351\056\012\103\266\257\127\134\142\150\174" +"\267\375\243\212\204\240\254\142\276\053\011\207\064\360\152\001" +"\273\233\051\126\074\376\000\067\317\043\154\361\116\252\266\164" +"\106\022\154\221\356\064\325\354\232\221\347\104\276\220\061\162" +"\325\111\002\366\002\345\364\037\353\174\331\226\125\251\377\354" +"\212\371\231\107\377\065\132\002\252\004\313\212\133\207\161\051" +"\221\275\244\264\172\015\275\232\365\127\043\000\007\041\027\077" +"\112\071\321\005\111\013\247\266\067\201\245\135\214\252\063\136" +"\201\050\174\247\175\047\353\000\256\215\067" +, (PRUint32)891 } +}; +static const NSSItem nss_builtins_items_335 [] = { + { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, + { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)"Security Communication RootCA2", (PRUint32)31 }, + { (void *)"\137\073\214\362\370\020\263\175\170\264\316\354\031\031\303\163" +"\064\271\307\164" +, (PRUint32)20 }, + { (void *)"\154\071\175\244\016\125\131\262\077\326\101\261\022\120\336\103" +, (PRUint32)16 }, + { (void *)"\060\135\061\013\060\011\006\003\125\004\006\023\002\112\120\061" +"\045\060\043\006\003\125\004\012\023\034\123\105\103\117\115\040" +"\124\162\165\163\164\040\123\171\163\164\145\155\163\040\103\117" +"\056\054\114\124\104\056\061\047\060\045\006\003\125\004\013\023" +"\036\123\145\143\165\162\151\164\171\040\103\157\155\155\165\156" +"\151\143\141\164\151\157\156\040\122\157\157\164\103\101\062" +, (PRUint32)95 }, + { (void *)"\002\001\000" +, (PRUint32)3 }, + { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } +}; +static const NSSItem nss_builtins_items_336 [] = { + { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, + { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)"EC-ACC", (PRUint32)7 }, + { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) }, + { (void *)"\060\201\363\061\013\060\011\006\003\125\004\006\023\002\105\123" +"\061\073\060\071\006\003\125\004\012\023\062\101\147\145\156\143" +"\151\141\040\103\141\164\141\154\141\156\141\040\144\145\040\103" +"\145\162\164\151\146\151\143\141\143\151\157\040\050\116\111\106" +"\040\121\055\060\070\060\061\061\067\066\055\111\051\061\050\060" +"\046\006\003\125\004\013\023\037\123\145\162\166\145\151\163\040" +"\120\165\142\154\151\143\163\040\144\145\040\103\145\162\164\151" +"\146\151\143\141\143\151\157\061\065\060\063\006\003\125\004\013" +"\023\054\126\145\147\145\165\040\150\164\164\160\163\072\057\057" +"\167\167\167\056\143\141\164\143\145\162\164\056\156\145\164\057" +"\166\145\162\141\162\162\145\154\040\050\143\051\060\063\061\065" +"\060\063\006\003\125\004\013\023\054\112\145\162\141\162\161\165" +"\151\141\040\105\156\164\151\164\141\164\163\040\144\145\040\103" +"\145\162\164\151\146\151\143\141\143\151\157\040\103\141\164\141" +"\154\141\156\145\163\061\017\060\015\006\003\125\004\003\023\006" +"\105\103\055\101\103\103" +, (PRUint32)246 }, + { (void *)"0", (PRUint32)2 }, + { (void *)"\060\201\363\061\013\060\011\006\003\125\004\006\023\002\105\123" +"\061\073\060\071\006\003\125\004\012\023\062\101\147\145\156\143" +"\151\141\040\103\141\164\141\154\141\156\141\040\144\145\040\103" +"\145\162\164\151\146\151\143\141\143\151\157\040\050\116\111\106" +"\040\121\055\060\070\060\061\061\067\066\055\111\051\061\050\060" +"\046\006\003\125\004\013\023\037\123\145\162\166\145\151\163\040" +"\120\165\142\154\151\143\163\040\144\145\040\103\145\162\164\151" +"\146\151\143\141\143\151\157\061\065\060\063\006\003\125\004\013" +"\023\054\126\145\147\145\165\040\150\164\164\160\163\072\057\057" +"\167\167\167\056\143\141\164\143\145\162\164\056\156\145\164\057" +"\166\145\162\141\162\162\145\154\040\050\143\051\060\063\061\065" +"\060\063\006\003\125\004\013\023\054\112\145\162\141\162\161\165" +"\151\141\040\105\156\164\151\164\141\164\163\040\144\145\040\103" +"\145\162\164\151\146\151\143\141\143\151\157\040\103\141\164\141" +"\154\141\156\145\163\061\017\060\015\006\003\125\004\003\023\006" +"\105\103\055\101\103\103" +, (PRUint32)246 }, + { (void *)"\002\020\356\053\075\353\324\041\336\024\250\142\254\004\363\335" +"\304\001" +, (PRUint32)18 }, + { (void *)"\060\202\005\126\060\202\004\076\240\003\002\001\002\002\020\356" +"\053\075\353\324\041\336\024\250\142\254\004\363\335\304\001\060" +"\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201" +"\363\061\013\060\011\006\003\125\004\006\023\002\105\123\061\073" +"\060\071\006\003\125\004\012\023\062\101\147\145\156\143\151\141" +"\040\103\141\164\141\154\141\156\141\040\144\145\040\103\145\162" +"\164\151\146\151\143\141\143\151\157\040\050\116\111\106\040\121" +"\055\060\070\060\061\061\067\066\055\111\051\061\050\060\046\006" +"\003\125\004\013\023\037\123\145\162\166\145\151\163\040\120\165" +"\142\154\151\143\163\040\144\145\040\103\145\162\164\151\146\151" +"\143\141\143\151\157\061\065\060\063\006\003\125\004\013\023\054" +"\126\145\147\145\165\040\150\164\164\160\163\072\057\057\167\167" +"\167\056\143\141\164\143\145\162\164\056\156\145\164\057\166\145" +"\162\141\162\162\145\154\040\050\143\051\060\063\061\065\060\063" +"\006\003\125\004\013\023\054\112\145\162\141\162\161\165\151\141" +"\040\105\156\164\151\164\141\164\163\040\144\145\040\103\145\162" +"\164\151\146\151\143\141\143\151\157\040\103\141\164\141\154\141" +"\156\145\163\061\017\060\015\006\003\125\004\003\023\006\105\103" +"\055\101\103\103\060\036\027\015\060\063\060\061\060\067\062\063" +"\060\060\060\060\132\027\015\063\061\060\061\060\067\062\062\065" +"\071\065\071\132\060\201\363\061\013\060\011\006\003\125\004\006" +"\023\002\105\123\061\073\060\071\006\003\125\004\012\023\062\101" +"\147\145\156\143\151\141\040\103\141\164\141\154\141\156\141\040" +"\144\145\040\103\145\162\164\151\146\151\143\141\143\151\157\040" +"\050\116\111\106\040\121\055\060\070\060\061\061\067\066\055\111" +"\051\061\050\060\046\006\003\125\004\013\023\037\123\145\162\166" +"\145\151\163\040\120\165\142\154\151\143\163\040\144\145\040\103" +"\145\162\164\151\146\151\143\141\143\151\157\061\065\060\063\006" +"\003\125\004\013\023\054\126\145\147\145\165\040\150\164\164\160" +"\163\072\057\057\167\167\167\056\143\141\164\143\145\162\164\056" +"\156\145\164\057\166\145\162\141\162\162\145\154\040\050\143\051" +"\060\063\061\065\060\063\006\003\125\004\013\023\054\112\145\162" +"\141\162\161\165\151\141\040\105\156\164\151\164\141\164\163\040" +"\144\145\040\103\145\162\164\151\146\151\143\141\143\151\157\040" +"\103\141\164\141\154\141\156\145\163\061\017\060\015\006\003\125" +"\004\003\023\006\105\103\055\101\103\103\060\202\001\042\060\015" +"\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001" +"\017\000\060\202\001\012\002\202\001\001\000\263\042\307\117\342" +"\227\102\225\210\107\203\100\366\035\027\363\203\163\044\036\121" +"\363\230\212\303\222\270\377\100\220\005\160\207\140\311\000\251" +"\265\224\145\031\042\025\027\302\103\154\146\104\232\015\004\076" +"\071\157\245\113\172\252\143\267\212\104\235\331\143\221\204\146" +"\340\050\017\272\102\343\156\216\367\024\047\223\151\356\221\016" +"\243\137\016\261\353\146\242\162\117\022\023\206\145\172\076\333" +"\117\007\364\247\011\140\332\072\102\231\307\262\177\263\026\225" +"\034\307\371\064\265\224\205\325\231\136\240\110\240\176\347\027" +"\145\270\242\165\270\036\363\345\102\175\257\355\363\212\110\144" +"\135\202\024\223\330\300\344\377\263\120\162\362\166\366\263\135" +"\102\120\171\320\224\076\153\014\000\276\330\153\016\116\052\354" +"\076\322\314\202\242\030\145\063\023\167\236\232\135\032\023\330" +"\303\333\075\310\227\172\356\160\355\247\346\174\333\161\317\055" +"\224\142\337\155\326\365\070\276\077\245\205\012\031\270\250\330" +"\011\165\102\160\304\352\357\313\016\310\064\250\022\042\230\014" +"\270\023\224\266\113\354\360\320\220\347\047\002\003\001\000\001" +"\243\201\343\060\201\340\060\035\006\003\125\035\021\004\026\060" +"\024\201\022\145\143\137\141\143\143\100\143\141\164\143\145\162" +"\164\056\156\145\164\060\017\006\003\125\035\023\001\001\377\004" +"\005\060\003\001\001\377\060\016\006\003\125\035\017\001\001\377" +"\004\004\003\002\001\006\060\035\006\003\125\035\016\004\026\004" +"\024\240\303\213\104\252\067\245\105\277\227\200\132\321\361\170" +"\242\233\351\135\215\060\177\006\003\125\035\040\004\170\060\166" +"\060\164\006\013\053\006\001\004\001\365\170\001\003\001\012\060" +"\145\060\054\006\010\053\006\001\005\005\007\002\001\026\040\150" +"\164\164\160\163\072\057\057\167\167\167\056\143\141\164\143\145" +"\162\164\056\156\145\164\057\166\145\162\141\162\162\145\154\060" +"\065\006\010\053\006\001\005\005\007\002\002\060\051\032\047\126" +"\145\147\145\165\040\150\164\164\160\163\072\057\057\167\167\167" +"\056\143\141\164\143\145\162\164\056\156\145\164\057\166\145\162" +"\141\162\162\145\154\040\060\015\006\011\052\206\110\206\367\015" +"\001\001\005\005\000\003\202\001\001\000\240\110\133\202\001\366" +"\115\110\270\071\125\065\234\200\172\123\231\325\132\377\261\161" +"\073\314\071\011\224\136\326\332\357\276\001\133\135\323\036\330" +"\375\175\117\315\240\101\340\064\223\277\313\342\206\234\067\222" +"\220\126\034\334\353\051\005\345\304\236\307\065\337\212\014\315" +"\305\041\103\351\252\210\345\065\300\031\102\143\132\002\136\244" +"\110\030\072\205\157\334\235\274\077\235\234\301\207\270\172\141" +"\010\351\167\013\177\160\253\172\335\331\227\054\144\036\205\277" +"\274\164\226\241\303\172\022\354\014\032\156\203\014\074\350\162" +"\106\237\373\110\325\136\227\346\261\241\370\344\357\106\045\224" +"\234\211\333\151\070\276\354\134\016\126\307\145\121\345\120\210" +"\210\277\102\325\053\075\345\371\272\236\056\263\312\364\163\222" +"\002\013\276\114\146\353\040\376\271\313\265\231\177\346\266\023" +"\372\312\113\115\331\356\123\106\006\073\306\116\255\223\132\201" +"\176\154\052\113\152\005\105\214\362\041\244\061\220\207\154\145" +"\234\235\245\140\225\072\122\177\365\321\253\010\156\363\356\133" +"\371\210\075\176\270\157\156\003\344\102" +, (PRUint32)1370 } +}; +static const NSSItem nss_builtins_items_337 [] = { + { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, + { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)"EC-ACC", (PRUint32)7 }, + { (void *)"\050\220\072\143\133\122\200\372\346\167\114\013\155\247\326\272" +"\246\112\362\350" +, (PRUint32)20 }, + { (void *)"\353\365\235\051\015\141\371\102\037\174\302\272\155\343\025\011" +, (PRUint32)16 }, + { (void *)"\060\201\363\061\013\060\011\006\003\125\004\006\023\002\105\123" +"\061\073\060\071\006\003\125\004\012\023\062\101\147\145\156\143" +"\151\141\040\103\141\164\141\154\141\156\141\040\144\145\040\103" +"\145\162\164\151\146\151\143\141\143\151\157\040\050\116\111\106" +"\040\121\055\060\070\060\061\061\067\066\055\111\051\061\050\060" +"\046\006\003\125\004\013\023\037\123\145\162\166\145\151\163\040" +"\120\165\142\154\151\143\163\040\144\145\040\103\145\162\164\151" +"\146\151\143\141\143\151\157\061\065\060\063\006\003\125\004\013" +"\023\054\126\145\147\145\165\040\150\164\164\160\163\072\057\057" +"\167\167\167\056\143\141\164\143\145\162\164\056\156\145\164\057" +"\166\145\162\141\162\162\145\154\040\050\143\051\060\063\061\065" +"\060\063\006\003\125\004\013\023\054\112\145\162\141\162\161\165" +"\151\141\040\105\156\164\151\164\141\164\163\040\144\145\040\103" +"\145\162\164\151\146\151\143\141\143\151\157\040\103\141\164\141" +"\154\141\156\145\163\061\017\060\015\006\003\125\004\003\023\006" +"\105\103\055\101\103\103" +, (PRUint32)246 }, + { (void *)"\002\020\356\053\075\353\324\041\336\024\250\142\254\004\363\335" +"\304\001" +, (PRUint32)18 }, + { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } +}; +static const NSSItem nss_builtins_items_338 [] = { + { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, + { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)"Hellenic Academic and Research Institutions RootCA 2011", (PRUint32)56 }, + { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) }, + { (void *)"\060\201\225\061\013\060\011\006\003\125\004\006\023\002\107\122" +"\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154\145" +"\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144" +"\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164" +"\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165\164" +"\150\157\162\151\164\171\061\100\060\076\006\003\125\004\003\023" +"\067\110\145\154\154\145\156\151\143\040\101\143\141\144\145\155" +"\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150\040" +"\111\156\163\164\151\164\165\164\151\157\156\163\040\122\157\157" +"\164\103\101\040\062\060\061\061" +, (PRUint32)152 }, + { (void *)"0", (PRUint32)2 }, + { (void *)"\060\201\225\061\013\060\011\006\003\125\004\006\023\002\107\122" +"\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154\145" +"\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144" +"\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164" +"\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165\164" +"\150\157\162\151\164\171\061\100\060\076\006\003\125\004\003\023" +"\067\110\145\154\154\145\156\151\143\040\101\143\141\144\145\155" +"\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150\040" +"\111\156\163\164\151\164\165\164\151\157\156\163\040\122\157\157" +"\164\103\101\040\062\060\061\061" +, (PRUint32)152 }, + { (void *)"\002\001\000" +, (PRUint32)3 }, + { (void *)"\060\202\004\061\060\202\003\031\240\003\002\001\002\002\001\000" +"\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060" +"\201\225\061\013\060\011\006\003\125\004\006\023\002\107\122\061" +"\104\060\102\006\003\125\004\012\023\073\110\145\154\154\145\156" +"\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144\040" +"\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164\165" +"\164\151\157\156\163\040\103\145\162\164\056\040\101\165\164\150" +"\157\162\151\164\171\061\100\060\076\006\003\125\004\003\023\067" +"\110\145\154\154\145\156\151\143\040\101\143\141\144\145\155\151" +"\143\040\141\156\144\040\122\145\163\145\141\162\143\150\040\111" +"\156\163\164\151\164\165\164\151\157\156\163\040\122\157\157\164" +"\103\101\040\062\060\061\061\060\036\027\015\061\061\061\062\060" +"\066\061\063\064\071\065\062\132\027\015\063\061\061\062\060\061" +"\061\063\064\071\065\062\132\060\201\225\061\013\060\011\006\003" +"\125\004\006\023\002\107\122\061\104\060\102\006\003\125\004\012" +"\023\073\110\145\154\154\145\156\151\143\040\101\143\141\144\145" +"\155\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150" +"\040\111\156\163\164\151\164\165\164\151\157\156\163\040\103\145" +"\162\164\056\040\101\165\164\150\157\162\151\164\171\061\100\060" +"\076\006\003\125\004\003\023\067\110\145\154\154\145\156\151\143" +"\040\101\143\141\144\145\155\151\143\040\141\156\144\040\122\145" +"\163\145\141\162\143\150\040\111\156\163\164\151\164\165\164\151" +"\157\156\163\040\122\157\157\164\103\101\040\062\060\061\061\060" +"\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001" +"\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000" +"\251\123\000\343\056\246\366\216\372\140\330\055\225\076\370\054" +"\052\124\116\315\271\204\141\224\130\117\217\075\213\344\103\363" +"\165\211\215\121\344\303\067\322\212\210\115\171\036\267\022\335" +"\103\170\112\212\222\346\327\110\325\017\244\072\051\104\065\270" +"\007\366\150\035\125\315\070\121\360\214\044\061\205\257\203\311" +"\175\351\167\257\355\032\173\235\027\371\263\235\070\120\017\246" +"\132\171\221\200\257\067\256\246\323\061\373\265\046\011\235\074" +"\132\357\121\305\053\337\226\135\353\062\036\002\332\160\111\354" +"\156\014\310\232\067\215\367\361\066\140\113\046\054\202\236\320" +"\170\363\015\017\143\244\121\060\341\371\053\047\022\007\330\352" +"\275\030\142\230\260\131\067\175\276\356\363\040\121\102\132\203" +"\357\223\272\151\025\361\142\235\237\231\071\202\241\267\164\056" +"\213\324\305\013\173\057\360\310\012\332\075\171\012\232\223\034" +"\245\050\162\163\221\103\232\247\321\115\205\204\271\251\164\217" +"\024\100\307\334\336\254\101\144\154\264\031\233\002\143\155\044" +"\144\217\104\262\045\352\316\135\164\014\143\062\134\215\207\345" +"\002\003\001\000\001\243\201\211\060\201\206\060\017\006\003\125" +"\035\023\001\001\377\004\005\060\003\001\001\377\060\013\006\003" +"\125\035\017\004\004\003\002\001\006\060\035\006\003\125\035\016" +"\004\026\004\024\246\221\102\375\023\141\112\043\236\010\244\051" +"\345\330\023\004\043\356\101\045\060\107\006\003\125\035\036\004" +"\100\060\076\240\074\060\005\202\003\056\147\162\060\005\202\003" +"\056\145\165\060\006\202\004\056\145\144\165\060\006\202\004\056" +"\157\162\147\060\005\201\003\056\147\162\060\005\201\003\056\145" +"\165\060\006\201\004\056\145\144\165\060\006\201\004\056\157\162" +"\147\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000" +"\003\202\001\001\000\037\357\171\101\341\173\156\077\262\214\206" +"\067\102\112\116\034\067\036\215\146\272\044\201\311\117\022\017" +"\041\300\003\227\206\045\155\135\323\042\051\250\154\242\015\251" +"\353\075\006\133\231\072\307\314\303\232\064\177\253\016\310\116" +"\034\341\372\344\334\315\015\276\277\044\376\154\347\153\302\015" +"\310\006\236\116\215\141\050\246\152\375\345\366\142\352\030\074" +"\116\240\123\235\262\072\234\353\245\234\221\026\266\115\202\340" +"\014\005\110\251\154\365\314\370\313\235\111\264\360\002\245\375" +"\160\003\355\212\041\245\256\023\206\111\303\063\163\276\207\073" +"\164\213\027\105\046\114\026\221\203\376\147\175\315\115\143\147" +"\372\363\003\022\226\170\006\215\261\147\355\216\077\276\237\117" +"\002\365\263\011\057\363\114\207\337\052\313\225\174\001\314\254" +"\066\172\277\242\163\172\367\217\301\265\232\241\024\262\217\063" +"\237\015\357\042\334\146\173\204\275\105\027\006\075\074\312\271" +"\167\064\217\312\352\317\077\061\076\343\210\343\200\111\045\310" +"\227\265\235\232\231\115\260\074\370\112\000\233\144\335\237\071" +"\113\321\047\327\270" +, (PRUint32)1077 } +}; +static const NSSItem nss_builtins_items_339 [] = { + { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, + { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)"Hellenic Academic and Research Institutions RootCA 2011", (PRUint32)56 }, + { (void *)"\376\105\145\233\171\003\133\230\241\141\265\121\056\254\332\130" +"\011\110\042\115" +, (PRUint32)20 }, + { (void *)"\163\237\114\113\163\133\171\351\372\272\034\357\156\313\325\311" +, (PRUint32)16 }, + { (void *)"\060\201\225\061\013\060\011\006\003\125\004\006\023\002\107\122" +"\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154\145" +"\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144" +"\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164" +"\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165\164" +"\150\157\162\151\164\171\061\100\060\076\006\003\125\004\003\023" +"\067\110\145\154\154\145\156\151\143\040\101\143\141\144\145\155" +"\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150\040" +"\111\156\163\164\151\164\165\164\151\157\156\163\040\122\157\157" +"\164\103\101\040\062\060\061\061" +, (PRUint32)152 }, + { (void *)"\002\001\000" +, (PRUint32)3 }, + { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } +}; builtinsInternalObject nss_builtins_data[] = { @@ -23216,15 +23057,11 @@ nss_builtins_data[] = { { 11, nss_builtins_types_336, nss_builtins_items_336, {NULL} }, { 13, nss_builtins_types_337, nss_builtins_items_337, {NULL} }, { 11, nss_builtins_types_338, nss_builtins_items_338, {NULL} }, - { 13, nss_builtins_types_339, nss_builtins_items_339, {NULL} }, - { 11, nss_builtins_types_340, nss_builtins_items_340, {NULL} }, - { 13, nss_builtins_types_341, nss_builtins_items_341, {NULL} }, - { 11, nss_builtins_types_342, nss_builtins_items_342, {NULL} }, - { 13, nss_builtins_types_343, nss_builtins_items_343, {NULL} } + { 13, nss_builtins_types_339, nss_builtins_items_339, {NULL} } }; const PRUint32 #ifdef DEBUG - nss_builtins_nObjects = 343+1; + nss_builtins_nObjects = 339+1; #else - nss_builtins_nObjects = 343; + nss_builtins_nObjects = 339; #endif /* DEBUG */ diff --git a/security/nss/lib/ckfw/builtins/certdata.txt b/security/nss/lib/ckfw/builtins/certdata.txt index 77686588d..e43276da2 100644 --- a/security/nss/lib/ckfw/builtins/certdata.txt +++ b/security/nss/lib/ckfw/builtins/certdata.txt @@ -803,211 +803,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "Verisign Class 1 Public Primary Certification Authority" -# -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Verisign Class 1 Public Primary Certification Authority" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\137\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151 -\147\156\054\040\111\156\143\056\061\067\060\065\006\003\125\004 -\013\023\056\103\154\141\163\163\040\061\040\120\165\142\154\151 -\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\137\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151 -\147\156\054\040\111\156\143\056\061\067\060\065\006\003\125\004 -\013\023\056\103\154\141\163\163\040\061\040\120\165\142\154\151 -\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\021\000\315\272\177\126\360\337\344\274\124\376\042\254\263 -\162\252\125 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\002\075\060\202\001\246\002\021\000\315\272\177\126\360 -\337\344\274\124\376\042\254\263\162\252\125\060\015\006\011\052 -\206\110\206\367\015\001\001\002\005\000\060\137\061\013\060\011 -\006\003\125\004\006\023\002\125\123\061\027\060\025\006\003\125 -\004\012\023\016\126\145\162\151\123\151\147\156\054\040\111\156 -\143\056\061\067\060\065\006\003\125\004\013\023\056\103\154\141 -\163\163\040\061\040\120\165\142\154\151\143\040\120\162\151\155 -\141\162\171\040\103\145\162\164\151\146\151\143\141\164\151\157 -\156\040\101\165\164\150\157\162\151\164\171\060\036\027\015\071 -\066\060\061\062\071\060\060\060\060\060\060\132\027\015\062\070 -\060\070\060\061\062\063\065\071\065\071\132\060\137\061\013\060 -\011\006\003\125\004\006\023\002\125\123\061\027\060\025\006\003 -\125\004\012\023\016\126\145\162\151\123\151\147\156\054\040\111 -\156\143\056\061\067\060\065\006\003\125\004\013\023\056\103\154 -\141\163\163\040\061\040\120\165\142\154\151\143\040\120\162\151 -\155\141\162\171\040\103\145\162\164\151\146\151\143\141\164\151 -\157\156\040\101\165\164\150\157\162\151\164\171\060\201\237\060 -\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003\201 -\215\000\060\201\211\002\201\201\000\345\031\277\155\243\126\141 -\055\231\110\161\366\147\336\271\215\353\267\236\206\200\012\221 -\016\372\070\045\257\106\210\202\345\163\250\240\233\044\135\015 -\037\314\145\156\014\260\320\126\204\030\207\232\006\233\020\241 -\163\337\264\130\071\153\156\301\366\025\325\250\250\077\252\022 -\006\215\061\254\177\260\064\327\217\064\147\210\011\315\024\021 -\342\116\105\126\151\037\170\002\200\332\334\107\221\051\273\066 -\311\143\134\305\340\327\055\207\173\241\267\062\260\173\060\272 -\052\057\061\252\356\243\147\332\333\002\003\001\000\001\060\015 -\006\011\052\206\110\206\367\015\001\001\002\005\000\003\201\201 -\000\114\077\270\213\306\150\337\356\103\063\016\135\351\246\313 -\007\204\115\172\063\377\222\033\364\066\255\330\225\042\066\150 -\021\154\174\102\314\363\234\056\304\007\077\024\260\017\117\377 -\220\222\166\371\342\274\112\351\217\315\240\200\012\367\305\051 -\361\202\042\135\270\261\335\201\043\243\173\045\025\106\060\171 -\026\370\352\005\113\224\177\035\302\034\310\343\267\364\020\100 -\074\023\303\137\037\123\350\110\344\206\264\173\241\065\260\173 -\045\272\270\323\216\253\077\070\235\000\064\000\230\363\321\161 -\224 -END - -# Trust for Certificate "Verisign Class 1 Public Primary Certification Authority" -CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Verisign Class 1 Public Primary Certification Authority" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\220\256\242\151\205\377\024\200\114\103\111\122\354\351\140\204 -\167\257\125\157 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\227\140\350\127\137\323\120\107\345\103\014\224\066\212\260\142 -END -CKA_ISSUER MULTILINE_OCTAL -\060\137\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151 -\147\156\054\040\111\156\143\056\061\067\060\065\006\003\125\004 -\013\023\056\103\154\141\163\163\040\061\040\120\165\142\154\151 -\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\021\000\315\272\177\126\360\337\344\274\124\376\042\254\263 -\162\252\125 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Verisign Class 2 Public Primary Certification Authority" -# -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Verisign Class 2 Public Primary Certification Authority" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\137\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151 -\147\156\054\040\111\156\143\056\061\067\060\065\006\003\125\004 -\013\023\056\103\154\141\163\163\040\062\040\120\165\142\154\151 -\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\137\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151 -\147\156\054\040\111\156\143\056\061\067\060\065\006\003\125\004 -\013\023\056\103\154\141\163\163\040\062\040\120\165\142\154\151 -\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\055\033\374\112\027\215\243\221\353\347\377\365\213\105 -\276\013 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\002\074\060\202\001\245\002\020\055\033\374\112\027\215 -\243\221\353\347\377\365\213\105\276\013\060\015\006\011\052\206 -\110\206\367\015\001\001\002\005\000\060\137\061\013\060\011\006 -\003\125\004\006\023\002\125\123\061\027\060\025\006\003\125\004 -\012\023\016\126\145\162\151\123\151\147\156\054\040\111\156\143 -\056\061\067\060\065\006\003\125\004\013\023\056\103\154\141\163 -\163\040\062\040\120\165\142\154\151\143\040\120\162\151\155\141 -\162\171\040\103\145\162\164\151\146\151\143\141\164\151\157\156 -\040\101\165\164\150\157\162\151\164\171\060\036\027\015\071\066 -\060\061\062\071\060\060\060\060\060\060\132\027\015\062\070\060 -\070\060\061\062\063\065\071\065\071\132\060\137\061\013\060\011 -\006\003\125\004\006\023\002\125\123\061\027\060\025\006\003\125 -\004\012\023\016\126\145\162\151\123\151\147\156\054\040\111\156 -\143\056\061\067\060\065\006\003\125\004\013\023\056\103\154\141 -\163\163\040\062\040\120\165\142\154\151\143\040\120\162\151\155 -\141\162\171\040\103\145\162\164\151\146\151\143\141\164\151\157 -\156\040\101\165\164\150\157\162\151\164\171\060\201\237\060\015 -\006\011\052\206\110\206\367\015\001\001\001\005\000\003\201\215 -\000\060\201\211\002\201\201\000\266\132\213\243\015\152\043\203 -\200\153\317\071\207\364\041\023\063\006\114\045\242\355\125\022 -\227\305\247\200\271\372\203\301\040\240\372\057\025\015\174\241 -\140\153\176\171\054\372\006\017\072\256\366\033\157\261\322\377 -\057\050\122\137\203\175\113\304\172\267\370\146\037\200\124\374 -\267\302\216\131\112\024\127\106\321\232\223\276\101\221\003\273 -\025\200\223\134\353\347\314\010\154\077\076\263\112\374\377\113 -\154\043\325\120\202\046\104\031\216\043\303\161\352\031\044\107 -\004\236\165\277\310\246\000\037\002\003\001\000\001\060\015\006 -\011\052\206\110\206\367\015\001\001\002\005\000\003\201\201\000 -\212\033\053\372\071\301\164\327\136\330\031\144\242\130\112\055 -\067\340\063\107\017\254\355\367\252\333\036\344\213\006\134\140 -\047\312\105\122\316\026\357\077\006\144\347\224\150\174\140\063 -\025\021\151\257\235\142\215\243\003\124\153\246\276\345\356\005 -\030\140\004\277\102\200\375\320\250\250\036\001\073\367\243\134 -\257\243\334\346\046\200\043\074\270\104\164\367\012\256\111\213 -\141\170\314\044\277\210\212\247\016\352\163\031\101\375\115\003 -\360\210\321\345\170\215\245\052\117\366\227\015\027\167\312\330 -END - -# Trust for Certificate "Verisign Class 2 Public Primary Certification Authority" -CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Verisign Class 2 Public Primary Certification Authority" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\147\202\252\340\355\356\342\032\130\071\323\300\315\024\150\012 -\117\140\024\052 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\263\234\045\261\303\056\062\123\200\025\060\235\115\002\167\076 -END -CKA_ISSUER MULTILINE_OCTAL -\060\137\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151 -\147\156\054\040\111\156\143\056\061\067\060\065\006\003\125\004 -\013\023\056\103\154\141\163\163\040\062\040\120\165\142\154\151 -\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\055\033\374\112\027\215\243\221\353\347\377\365\213\105 -\276\013 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# # Certificate "Verisign Class 3 Public Primary Certification Authority" # CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE @@ -1509,139 +1304,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "Verisign Class 4 Public Primary Certification Authority - G2" -# -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Verisign Class 4 Public Primary Certification Authority - G2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\301\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\074\060\072\006\003\125 -\004\013\023\063\103\154\141\163\163\040\064\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\062\061\072\060\070\006\003\125\004\013 -\023\061\050\143\051\040\061\071\071\070\040\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\040\055\040\106\157\162\040 -\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157 -\156\154\171\061\037\060\035\006\003\125\004\013\023\026\126\145 -\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145\164 -\167\157\162\153 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\301\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\074\060\072\006\003\125 -\004\013\023\063\103\154\141\163\163\040\064\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\062\061\072\060\070\006\003\125\004\013 -\023\061\050\143\051\040\061\071\071\070\040\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\040\055\040\106\157\162\040 -\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157 -\156\154\171\061\037\060\035\006\003\125\004\013\023\026\126\145 -\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145\164 -\167\157\162\153 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\062\210\216\232\322\365\353\023\107\370\177\304\040\067 -\045\370 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\002\060\202\002\153\002\020\062\210\216\232\322\365 -\353\023\107\370\177\304\040\067\045\370\060\015\006\011\052\206 -\110\206\367\015\001\001\005\005\000\060\201\301\061\013\060\011 -\006\003\125\004\006\023\002\125\123\061\027\060\025\006\003\125 -\004\012\023\016\126\145\162\151\123\151\147\156\054\040\111\156 -\143\056\061\074\060\072\006\003\125\004\013\023\063\103\154\141 -\163\163\040\064\040\120\165\142\154\151\143\040\120\162\151\155 -\141\162\171\040\103\145\162\164\151\146\151\143\141\164\151\157 -\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107\062 -\061\072\060\070\006\003\125\004\013\023\061\050\143\051\040\061 -\071\071\070\040\126\145\162\151\123\151\147\156\054\040\111\156 -\143\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151 -\172\145\144\040\165\163\145\040\157\156\154\171\061\037\060\035 -\006\003\125\004\013\023\026\126\145\162\151\123\151\147\156\040 -\124\162\165\163\164\040\116\145\164\167\157\162\153\060\036\027 -\015\071\070\060\065\061\070\060\060\060\060\060\060\132\027\015 -\062\070\060\070\060\061\062\063\065\071\065\071\132\060\201\301 -\061\013\060\011\006\003\125\004\006\023\002\125\123\061\027\060 -\025\006\003\125\004\012\023\016\126\145\162\151\123\151\147\156 -\054\040\111\156\143\056\061\074\060\072\006\003\125\004\013\023 -\063\103\154\141\163\163\040\064\040\120\165\142\154\151\143\040 -\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151\143 -\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040 -\055\040\107\062\061\072\060\070\006\003\125\004\013\023\061\050 -\143\051\040\061\071\071\070\040\126\145\162\151\123\151\147\156 -\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165\164 -\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154\171 -\061\037\060\035\006\003\125\004\013\023\026\126\145\162\151\123 -\151\147\156\040\124\162\165\163\164\040\116\145\164\167\157\162 -\153\060\201\237\060\015\006\011\052\206\110\206\367\015\001\001 -\001\005\000\003\201\215\000\060\201\211\002\201\201\000\272\360 -\344\317\371\304\256\205\124\271\007\127\371\217\305\177\150\021 -\370\304\027\260\104\334\343\060\163\325\052\142\052\270\320\314 -\034\355\050\133\176\275\152\334\263\221\044\312\101\142\074\374 -\002\001\277\034\026\061\224\005\227\166\156\242\255\275\141\027 -\154\116\060\206\360\121\067\052\120\307\250\142\201\334\133\112 -\252\301\240\264\156\353\057\345\127\305\261\053\100\160\333\132 -\115\241\216\037\275\003\037\330\003\324\217\114\231\161\274\342 -\202\314\130\350\230\072\206\323\206\070\363\000\051\037\002\003 -\001\000\001\060\015\006\011\052\206\110\206\367\015\001\001\005 -\005\000\003\201\201\000\205\214\022\301\247\271\120\025\172\313 -\076\254\270\103\212\334\252\335\024\272\211\201\176\001\074\043 -\161\041\210\057\202\334\143\372\002\105\254\105\131\327\052\130 -\104\133\267\237\201\073\222\150\075\342\067\044\365\173\154\217 -\166\065\226\011\250\131\235\271\316\043\253\164\326\203\375\062 -\163\047\330\151\076\103\164\366\256\305\211\232\347\123\174\351 -\173\366\113\363\301\145\203\336\215\212\234\074\210\215\071\131 -\374\252\077\042\215\241\301\146\120\201\162\114\355\042\144\117 -\117\312\200\221\266\051 -END - -# Trust for Certificate "Verisign Class 4 Public Primary Certification Authority - G2" -CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Verisign Class 4 Public Primary Certification Authority - G2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\013\167\276\273\313\172\242\107\005\336\314\017\275\152\002\374 -\172\275\233\122 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\046\155\054\031\230\266\160\150\070\120\124\031\354\220\064\140 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\301\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\074\060\072\006\003\125 -\004\013\023\063\103\154\141\163\163\040\064\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\062\061\072\060\070\006\003\125\004\013 -\023\061\050\143\051\040\061\071\071\070\040\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\040\055\040\106\157\162\040 -\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157 -\156\154\171\061\037\060\035\006\003\125\004\013\023\026\126\145 -\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145\164 -\167\157\162\153 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\062\210\216\232\322\365\353\023\107\370\177\304\040\067 -\045\370 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# # Certificate "GlobalSign Root CA" # CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE @@ -5453,272 +5115,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "TC TrustCenter, Germany, Class 2 CA" -# -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TC TrustCenter, Germany, Class 2 CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\274\061\013\060\011\006\003\125\004\006\023\002\104\105 -\061\020\060\016\006\003\125\004\010\023\007\110\141\155\142\165 -\162\147\061\020\060\016\006\003\125\004\007\023\007\110\141\155 -\142\165\162\147\061\072\060\070\006\003\125\004\012\023\061\124 -\103\040\124\162\165\163\164\103\145\156\164\145\162\040\146\157 -\162\040\123\145\143\165\162\151\164\171\040\151\156\040\104\141 -\164\141\040\116\145\164\167\157\162\153\163\040\107\155\142\110 -\061\042\060\040\006\003\125\004\013\023\031\124\103\040\124\162 -\165\163\164\103\145\156\164\145\162\040\103\154\141\163\163\040 -\062\040\103\101\061\051\060\047\006\011\052\206\110\206\367\015 -\001\011\001\026\032\143\145\162\164\151\146\151\143\141\164\145 -\100\164\162\165\163\164\143\145\156\164\145\162\056\144\145 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\274\061\013\060\011\006\003\125\004\006\023\002\104\105 -\061\020\060\016\006\003\125\004\010\023\007\110\141\155\142\165 -\162\147\061\020\060\016\006\003\125\004\007\023\007\110\141\155 -\142\165\162\147\061\072\060\070\006\003\125\004\012\023\061\124 -\103\040\124\162\165\163\164\103\145\156\164\145\162\040\146\157 -\162\040\123\145\143\165\162\151\164\171\040\151\156\040\104\141 -\164\141\040\116\145\164\167\157\162\153\163\040\107\155\142\110 -\061\042\060\040\006\003\125\004\013\023\031\124\103\040\124\162 -\165\163\164\103\145\156\164\145\162\040\103\154\141\163\163\040 -\062\040\103\101\061\051\060\047\006\011\052\206\110\206\367\015 -\001\011\001\026\032\143\145\162\164\151\146\151\143\141\164\145 -\100\164\162\165\163\164\143\145\156\164\145\162\056\144\145 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\002\003\352 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\134\060\202\002\305\240\003\002\001\002\002\002\003 -\352\060\015\006\011\052\206\110\206\367\015\001\001\004\005\000 -\060\201\274\061\013\060\011\006\003\125\004\006\023\002\104\105 -\061\020\060\016\006\003\125\004\010\023\007\110\141\155\142\165 -\162\147\061\020\060\016\006\003\125\004\007\023\007\110\141\155 -\142\165\162\147\061\072\060\070\006\003\125\004\012\023\061\124 -\103\040\124\162\165\163\164\103\145\156\164\145\162\040\146\157 -\162\040\123\145\143\165\162\151\164\171\040\151\156\040\104\141 -\164\141\040\116\145\164\167\157\162\153\163\040\107\155\142\110 -\061\042\060\040\006\003\125\004\013\023\031\124\103\040\124\162 -\165\163\164\103\145\156\164\145\162\040\103\154\141\163\163\040 -\062\040\103\101\061\051\060\047\006\011\052\206\110\206\367\015 -\001\011\001\026\032\143\145\162\164\151\146\151\143\141\164\145 -\100\164\162\165\163\164\143\145\156\164\145\162\056\144\145\060 -\036\027\015\071\070\060\063\060\071\061\061\065\071\065\071\132 -\027\015\061\061\060\061\060\061\061\061\065\071\065\071\132\060 -\201\274\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\020\060\016\006\003\125\004\010\023\007\110\141\155\142\165\162 -\147\061\020\060\016\006\003\125\004\007\023\007\110\141\155\142 -\165\162\147\061\072\060\070\006\003\125\004\012\023\061\124\103 -\040\124\162\165\163\164\103\145\156\164\145\162\040\146\157\162 -\040\123\145\143\165\162\151\164\171\040\151\156\040\104\141\164 -\141\040\116\145\164\167\157\162\153\163\040\107\155\142\110\061 -\042\060\040\006\003\125\004\013\023\031\124\103\040\124\162\165 -\163\164\103\145\156\164\145\162\040\103\154\141\163\163\040\062 -\040\103\101\061\051\060\047\006\011\052\206\110\206\367\015\001 -\011\001\026\032\143\145\162\164\151\146\151\143\141\164\145\100 -\164\162\165\163\164\143\145\156\164\145\162\056\144\145\060\201 -\237\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000 -\003\201\215\000\060\201\211\002\201\201\000\332\070\350\355\062 -\000\051\161\203\001\015\277\214\001\334\332\306\255\071\244\251 -\212\057\325\213\134\150\137\120\306\142\365\146\275\312\221\042 -\354\252\035\121\327\075\263\121\262\203\116\135\313\111\260\360 -\114\125\345\153\055\307\205\013\060\034\222\116\202\324\312\002 -\355\367\157\276\334\340\343\024\270\005\123\362\232\364\126\213 -\132\236\205\223\321\264\202\126\256\115\273\250\113\127\026\274 -\376\370\130\236\370\051\215\260\173\315\170\311\117\254\213\147 -\014\361\234\373\374\127\233\127\134\117\015\002\003\001\000\001 -\243\153\060\151\060\017\006\003\125\035\023\001\001\377\004\005 -\060\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004 -\004\003\002\001\206\060\063\006\011\140\206\110\001\206\370\102 -\001\010\004\046\026\044\150\164\164\160\072\057\057\167\167\167 -\056\164\162\165\163\164\143\145\156\164\145\162\056\144\145\057 -\147\165\151\144\145\154\151\156\145\163\060\021\006\011\140\206 -\110\001\206\370\102\001\001\004\004\003\002\000\007\060\015\006 -\011\052\206\110\206\367\015\001\001\004\005\000\003\201\201\000 -\204\122\373\050\337\377\037\165\001\274\001\276\004\126\227\152 -\164\102\044\061\203\371\106\261\006\212\211\317\226\054\063\277 -\214\265\137\172\162\241\205\006\316\206\370\005\216\350\371\045 -\312\332\203\214\006\254\353\066\155\205\221\064\004\066\364\102 -\360\370\171\056\012\110\134\253\314\121\117\170\166\240\331\254 -\031\275\052\321\151\004\050\221\312\066\020\047\200\127\133\322 -\134\365\302\133\253\144\201\143\164\121\364\227\277\315\022\050 -\367\115\146\177\247\360\034\001\046\170\262\146\107\160\121\144 -END - -# Trust for Certificate "TC TrustCenter, Germany, Class 2 CA" -CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TC TrustCenter, Germany, Class 2 CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\203\216\060\367\177\335\024\252\070\136\321\105\000\234\016\042 -\066\111\117\252 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\270\026\063\114\114\114\362\330\323\115\006\264\246\133\100\003 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\274\061\013\060\011\006\003\125\004\006\023\002\104\105 -\061\020\060\016\006\003\125\004\010\023\007\110\141\155\142\165 -\162\147\061\020\060\016\006\003\125\004\007\023\007\110\141\155 -\142\165\162\147\061\072\060\070\006\003\125\004\012\023\061\124 -\103\040\124\162\165\163\164\103\145\156\164\145\162\040\146\157 -\162\040\123\145\143\165\162\151\164\171\040\151\156\040\104\141 -\164\141\040\116\145\164\167\157\162\153\163\040\107\155\142\110 -\061\042\060\040\006\003\125\004\013\023\031\124\103\040\124\162 -\165\163\164\103\145\156\164\145\162\040\103\154\141\163\163\040 -\062\040\103\101\061\051\060\047\006\011\052\206\110\206\367\015 -\001\011\001\026\032\143\145\162\164\151\146\151\143\141\164\145 -\100\164\162\165\163\164\143\145\156\164\145\162\056\144\145 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\002\003\352 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "TC TrustCenter, Germany, Class 3 CA" -# -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TC TrustCenter, Germany, Class 3 CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\274\061\013\060\011\006\003\125\004\006\023\002\104\105 -\061\020\060\016\006\003\125\004\010\023\007\110\141\155\142\165 -\162\147\061\020\060\016\006\003\125\004\007\023\007\110\141\155 -\142\165\162\147\061\072\060\070\006\003\125\004\012\023\061\124 -\103\040\124\162\165\163\164\103\145\156\164\145\162\040\146\157 -\162\040\123\145\143\165\162\151\164\171\040\151\156\040\104\141 -\164\141\040\116\145\164\167\157\162\153\163\040\107\155\142\110 -\061\042\060\040\006\003\125\004\013\023\031\124\103\040\124\162 -\165\163\164\103\145\156\164\145\162\040\103\154\141\163\163\040 -\063\040\103\101\061\051\060\047\006\011\052\206\110\206\367\015 -\001\011\001\026\032\143\145\162\164\151\146\151\143\141\164\145 -\100\164\162\165\163\164\143\145\156\164\145\162\056\144\145 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\274\061\013\060\011\006\003\125\004\006\023\002\104\105 -\061\020\060\016\006\003\125\004\010\023\007\110\141\155\142\165 -\162\147\061\020\060\016\006\003\125\004\007\023\007\110\141\155 -\142\165\162\147\061\072\060\070\006\003\125\004\012\023\061\124 -\103\040\124\162\165\163\164\103\145\156\164\145\162\040\146\157 -\162\040\123\145\143\165\162\151\164\171\040\151\156\040\104\141 -\164\141\040\116\145\164\167\157\162\153\163\040\107\155\142\110 -\061\042\060\040\006\003\125\004\013\023\031\124\103\040\124\162 -\165\163\164\103\145\156\164\145\162\040\103\154\141\163\163\040 -\063\040\103\101\061\051\060\047\006\011\052\206\110\206\367\015 -\001\011\001\026\032\143\145\162\164\151\146\151\143\141\164\145 -\100\164\162\165\163\164\143\145\156\164\145\162\056\144\145 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\002\003\353 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\134\060\202\002\305\240\003\002\001\002\002\002\003 -\353\060\015\006\011\052\206\110\206\367\015\001\001\004\005\000 -\060\201\274\061\013\060\011\006\003\125\004\006\023\002\104\105 -\061\020\060\016\006\003\125\004\010\023\007\110\141\155\142\165 -\162\147\061\020\060\016\006\003\125\004\007\023\007\110\141\155 -\142\165\162\147\061\072\060\070\006\003\125\004\012\023\061\124 -\103\040\124\162\165\163\164\103\145\156\164\145\162\040\146\157 -\162\040\123\145\143\165\162\151\164\171\040\151\156\040\104\141 -\164\141\040\116\145\164\167\157\162\153\163\040\107\155\142\110 -\061\042\060\040\006\003\125\004\013\023\031\124\103\040\124\162 -\165\163\164\103\145\156\164\145\162\040\103\154\141\163\163\040 -\063\040\103\101\061\051\060\047\006\011\052\206\110\206\367\015 -\001\011\001\026\032\143\145\162\164\151\146\151\143\141\164\145 -\100\164\162\165\163\164\143\145\156\164\145\162\056\144\145\060 -\036\027\015\071\070\060\063\060\071\061\061\065\071\065\071\132 -\027\015\061\061\060\061\060\061\061\061\065\071\065\071\132\060 -\201\274\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\020\060\016\006\003\125\004\010\023\007\110\141\155\142\165\162 -\147\061\020\060\016\006\003\125\004\007\023\007\110\141\155\142 -\165\162\147\061\072\060\070\006\003\125\004\012\023\061\124\103 -\040\124\162\165\163\164\103\145\156\164\145\162\040\146\157\162 -\040\123\145\143\165\162\151\164\171\040\151\156\040\104\141\164 -\141\040\116\145\164\167\157\162\153\163\040\107\155\142\110\061 -\042\060\040\006\003\125\004\013\023\031\124\103\040\124\162\165 -\163\164\103\145\156\164\145\162\040\103\154\141\163\163\040\063 -\040\103\101\061\051\060\047\006\011\052\206\110\206\367\015\001 -\011\001\026\032\143\145\162\164\151\146\151\143\141\164\145\100 -\164\162\165\163\164\143\145\156\164\145\162\056\144\145\060\201 -\237\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000 -\003\201\215\000\060\201\211\002\201\201\000\266\264\301\065\005 -\056\015\215\354\240\100\152\034\016\047\246\120\222\153\120\033 -\007\336\056\347\166\314\340\332\374\204\250\136\214\143\152\053 -\115\331\116\002\166\021\301\013\362\215\171\312\000\266\361\260 -\016\327\373\244\027\075\257\253\151\172\226\047\277\257\063\241 -\232\052\131\252\304\265\067\010\362\022\245\061\266\103\365\062 -\226\161\050\050\253\215\050\206\337\273\356\343\014\175\060\326 -\303\122\253\217\135\047\234\153\300\243\347\005\153\127\111\104 -\263\156\352\144\317\322\216\172\120\167\167\002\003\001\000\001 -\243\153\060\151\060\017\006\003\125\035\023\001\001\377\004\005 -\060\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004 -\004\003\002\001\206\060\063\006\011\140\206\110\001\206\370\102 -\001\010\004\046\026\044\150\164\164\160\072\057\057\167\167\167 -\056\164\162\165\163\164\143\145\156\164\145\162\056\144\145\057 -\147\165\151\144\145\154\151\156\145\163\060\021\006\011\140\206 -\110\001\206\370\102\001\001\004\004\003\002\000\007\060\015\006 -\011\052\206\110\206\367\015\001\001\004\005\000\003\201\201\000 -\026\075\306\315\301\273\205\161\205\106\237\076\040\217\121\050 -\231\354\055\105\041\143\043\133\004\273\114\220\270\210\222\004 -\115\275\175\001\243\077\366\354\316\361\336\376\175\345\341\076 -\273\306\253\136\013\335\075\226\304\313\251\324\371\046\346\006 -\116\236\014\245\172\272\156\303\174\202\031\321\307\261\261\303 -\333\015\216\233\100\174\067\013\361\135\350\375\037\220\210\245 -\016\116\067\144\041\250\116\215\264\237\361\336\110\255\325\126 -\030\122\051\213\107\064\022\011\324\273\222\065\357\017\333\064 -END - -# Trust for Certificate "TC TrustCenter, Germany, Class 3 CA" -CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TC TrustCenter, Germany, Class 3 CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\237\307\226\350\370\122\117\206\072\341\111\155\070\022\102\020 -\137\033\170\365 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\137\224\112\163\042\270\367\321\061\354\131\071\367\216\376\156 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\274\061\013\060\011\006\003\125\004\006\023\002\104\105 -\061\020\060\016\006\003\125\004\010\023\007\110\141\155\142\165 -\162\147\061\020\060\016\006\003\125\004\007\023\007\110\141\155 -\142\165\162\147\061\072\060\070\006\003\125\004\012\023\061\124 -\103\040\124\162\165\163\164\103\145\156\164\145\162\040\146\157 -\162\040\123\145\143\165\162\151\164\171\040\151\156\040\104\141 -\164\141\040\116\145\164\167\157\162\153\163\040\107\155\142\110 -\061\042\060\040\006\003\125\004\013\023\031\124\103\040\124\162 -\165\163\164\103\145\156\164\145\162\040\103\154\141\163\163\040 -\063\040\103\101\061\051\060\047\006\011\052\206\110\206\367\015 -\001\011\001\026\032\143\145\162\164\151\146\151\143\141\164\145 -\100\164\162\165\163\164\143\145\156\164\145\162\056\144\145 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\002\003\353 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# # Certificate "Certum Root CA" # CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE @@ -7280,8 +6676,8 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL \002\004\072\314\245\114 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # @@ -7416,9 +6812,9 @@ END CKA_SERIAL_NUMBER MULTILINE_OCTAL \002\004\076\110\275\304 END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # @@ -23580,3 +22976,440 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_UNTRUSTED CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_UNTRUSTED CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Security Communication RootCA2" +# +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Security Communication RootCA2" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\135\061\013\060\011\006\003\125\004\006\023\002\112\120\061 +\045\060\043\006\003\125\004\012\023\034\123\105\103\117\115\040 +\124\162\165\163\164\040\123\171\163\164\145\155\163\040\103\117 +\056\054\114\124\104\056\061\047\060\045\006\003\125\004\013\023 +\036\123\145\143\165\162\151\164\171\040\103\157\155\155\165\156 +\151\143\141\164\151\157\156\040\122\157\157\164\103\101\062 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\135\061\013\060\011\006\003\125\004\006\023\002\112\120\061 +\045\060\043\006\003\125\004\012\023\034\123\105\103\117\115\040 +\124\162\165\163\164\040\123\171\163\164\145\155\163\040\103\117 +\056\054\114\124\104\056\061\047\060\045\006\003\125\004\013\023 +\036\123\145\143\165\162\151\164\171\040\103\157\155\155\165\156 +\151\143\141\164\151\157\156\040\122\157\157\164\103\101\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\001\000 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\003\167\060\202\002\137\240\003\002\001\002\002\001\000 +\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060 +\135\061\013\060\011\006\003\125\004\006\023\002\112\120\061\045 +\060\043\006\003\125\004\012\023\034\123\105\103\117\115\040\124 +\162\165\163\164\040\123\171\163\164\145\155\163\040\103\117\056 +\054\114\124\104\056\061\047\060\045\006\003\125\004\013\023\036 +\123\145\143\165\162\151\164\171\040\103\157\155\155\165\156\151 +\143\141\164\151\157\156\040\122\157\157\164\103\101\062\060\036 +\027\015\060\071\060\065\062\071\060\065\060\060\063\071\132\027 +\015\062\071\060\065\062\071\060\065\060\060\063\071\132\060\135 +\061\013\060\011\006\003\125\004\006\023\002\112\120\061\045\060 +\043\006\003\125\004\012\023\034\123\105\103\117\115\040\124\162 +\165\163\164\040\123\171\163\164\145\155\163\040\103\117\056\054 +\114\124\104\056\061\047\060\045\006\003\125\004\013\023\036\123 +\145\143\165\162\151\164\171\040\103\157\155\155\165\156\151\143 +\141\164\151\157\156\040\122\157\157\164\103\101\062\060\202\001 +\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000 +\003\202\001\017\000\060\202\001\012\002\202\001\001\000\320\025 +\071\122\261\122\263\272\305\131\202\304\135\122\256\072\103\145 +\200\113\307\362\226\274\333\066\227\326\246\144\214\250\136\360 +\343\012\034\367\337\227\075\113\256\366\135\354\041\265\101\253 +\315\271\176\166\237\276\371\076\066\064\240\073\301\366\061\021 +\105\164\223\075\127\200\305\371\211\231\312\345\253\152\324\265 +\332\101\220\020\301\326\326\102\211\302\277\364\070\022\225\114 +\124\005\367\066\344\105\203\173\024\145\326\334\014\115\321\336 +\176\014\253\073\304\025\276\072\126\246\132\157\166\151\122\251 +\172\271\310\353\152\232\135\122\320\055\012\153\065\026\011\020 +\204\320\152\312\072\006\000\067\107\344\176\127\117\077\213\353 +\147\270\210\252\305\276\123\125\262\221\304\175\271\260\205\031 +\006\170\056\333\141\032\372\205\365\112\221\241\347\026\325\216 +\242\071\337\224\270\160\037\050\077\213\374\100\136\143\203\074 +\203\052\032\231\153\317\336\131\152\073\374\157\026\327\037\375 +\112\020\353\116\202\026\072\254\047\014\123\361\255\325\044\260 +\153\003\120\301\055\074\026\335\104\064\047\032\165\373\002\003 +\001\000\001\243\102\060\100\060\035\006\003\125\035\016\004\026 +\004\024\012\205\251\167\145\005\230\174\100\201\370\017\227\054 +\070\361\012\354\074\317\060\016\006\003\125\035\017\001\001\377 +\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377 +\004\005\060\003\001\001\377\060\015\006\011\052\206\110\206\367 +\015\001\001\013\005\000\003\202\001\001\000\114\072\243\104\254 +\271\105\261\307\223\176\310\013\012\102\337\144\352\034\356\131 +\154\010\272\211\137\152\312\112\225\236\172\217\007\305\332\105 +\162\202\161\016\072\322\314\157\247\264\241\043\273\366\044\237 +\313\027\376\214\246\316\302\322\333\314\215\374\161\374\003\051 +\301\154\135\063\137\144\266\145\073\211\157\030\166\170\365\334 +\242\110\037\031\077\216\223\353\361\372\027\356\315\116\343\004 +\022\125\326\345\344\335\373\076\005\174\342\035\136\306\247\274 +\227\117\150\072\365\351\056\012\103\266\257\127\134\142\150\174 +\267\375\243\212\204\240\254\142\276\053\011\207\064\360\152\001 +\273\233\051\126\074\376\000\067\317\043\154\361\116\252\266\164 +\106\022\154\221\356\064\325\354\232\221\347\104\276\220\061\162 +\325\111\002\366\002\345\364\037\353\174\331\226\125\251\377\354 +\212\371\231\107\377\065\132\002\252\004\313\212\133\207\161\051 +\221\275\244\264\172\015\275\232\365\127\043\000\007\041\027\077 +\112\071\321\005\111\013\247\266\067\201\245\135\214\252\063\136 +\201\050\174\247\175\047\353\000\256\215\067 +END + +# Trust for Certificate "Security Communication RootCA2" +CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Security Communication RootCA2" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\137\073\214\362\370\020\263\175\170\264\316\354\031\031\303\163 +\064\271\307\164 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\154\071\175\244\016\125\131\262\077\326\101\261\022\120\336\103 +END +CKA_ISSUER MULTILINE_OCTAL +\060\135\061\013\060\011\006\003\125\004\006\023\002\112\120\061 +\045\060\043\006\003\125\004\012\023\034\123\105\103\117\115\040 +\124\162\165\163\164\040\123\171\163\164\145\155\163\040\103\117 +\056\054\114\124\104\056\061\047\060\045\006\003\125\004\013\023 +\036\123\145\143\165\162\151\164\171\040\103\157\155\155\165\156 +\151\143\141\164\151\157\156\040\122\157\157\164\103\101\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\001\000 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "EC-ACC" +# +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "EC-ACC" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\201\363\061\013\060\011\006\003\125\004\006\023\002\105\123 +\061\073\060\071\006\003\125\004\012\023\062\101\147\145\156\143 +\151\141\040\103\141\164\141\154\141\156\141\040\144\145\040\103 +\145\162\164\151\146\151\143\141\143\151\157\040\050\116\111\106 +\040\121\055\060\070\060\061\061\067\066\055\111\051\061\050\060 +\046\006\003\125\004\013\023\037\123\145\162\166\145\151\163\040 +\120\165\142\154\151\143\163\040\144\145\040\103\145\162\164\151 +\146\151\143\141\143\151\157\061\065\060\063\006\003\125\004\013 +\023\054\126\145\147\145\165\040\150\164\164\160\163\072\057\057 +\167\167\167\056\143\141\164\143\145\162\164\056\156\145\164\057 +\166\145\162\141\162\162\145\154\040\050\143\051\060\063\061\065 +\060\063\006\003\125\004\013\023\054\112\145\162\141\162\161\165 +\151\141\040\105\156\164\151\164\141\164\163\040\144\145\040\103 +\145\162\164\151\146\151\143\141\143\151\157\040\103\141\164\141 +\154\141\156\145\163\061\017\060\015\006\003\125\004\003\023\006 +\105\103\055\101\103\103 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\201\363\061\013\060\011\006\003\125\004\006\023\002\105\123 +\061\073\060\071\006\003\125\004\012\023\062\101\147\145\156\143 +\151\141\040\103\141\164\141\154\141\156\141\040\144\145\040\103 +\145\162\164\151\146\151\143\141\143\151\157\040\050\116\111\106 +\040\121\055\060\070\060\061\061\067\066\055\111\051\061\050\060 +\046\006\003\125\004\013\023\037\123\145\162\166\145\151\163\040 +\120\165\142\154\151\143\163\040\144\145\040\103\145\162\164\151 +\146\151\143\141\143\151\157\061\065\060\063\006\003\125\004\013 +\023\054\126\145\147\145\165\040\150\164\164\160\163\072\057\057 +\167\167\167\056\143\141\164\143\145\162\164\056\156\145\164\057 +\166\145\162\141\162\162\145\154\040\050\143\051\060\063\061\065 +\060\063\006\003\125\004\013\023\054\112\145\162\141\162\161\165 +\151\141\040\105\156\164\151\164\141\164\163\040\144\145\040\103 +\145\162\164\151\146\151\143\141\143\151\157\040\103\141\164\141 +\154\141\156\145\163\061\017\060\015\006\003\125\004\003\023\006 +\105\103\055\101\103\103 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\356\053\075\353\324\041\336\024\250\142\254\004\363\335 +\304\001 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\126\060\202\004\076\240\003\002\001\002\002\020\356 +\053\075\353\324\041\336\024\250\142\254\004\363\335\304\001\060 +\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201 +\363\061\013\060\011\006\003\125\004\006\023\002\105\123\061\073 +\060\071\006\003\125\004\012\023\062\101\147\145\156\143\151\141 +\040\103\141\164\141\154\141\156\141\040\144\145\040\103\145\162 +\164\151\146\151\143\141\143\151\157\040\050\116\111\106\040\121 +\055\060\070\060\061\061\067\066\055\111\051\061\050\060\046\006 +\003\125\004\013\023\037\123\145\162\166\145\151\163\040\120\165 +\142\154\151\143\163\040\144\145\040\103\145\162\164\151\146\151 +\143\141\143\151\157\061\065\060\063\006\003\125\004\013\023\054 +\126\145\147\145\165\040\150\164\164\160\163\072\057\057\167\167 +\167\056\143\141\164\143\145\162\164\056\156\145\164\057\166\145 +\162\141\162\162\145\154\040\050\143\051\060\063\061\065\060\063 +\006\003\125\004\013\023\054\112\145\162\141\162\161\165\151\141 +\040\105\156\164\151\164\141\164\163\040\144\145\040\103\145\162 +\164\151\146\151\143\141\143\151\157\040\103\141\164\141\154\141 +\156\145\163\061\017\060\015\006\003\125\004\003\023\006\105\103 +\055\101\103\103\060\036\027\015\060\063\060\061\060\067\062\063 +\060\060\060\060\132\027\015\063\061\060\061\060\067\062\062\065 +\071\065\071\132\060\201\363\061\013\060\011\006\003\125\004\006 +\023\002\105\123\061\073\060\071\006\003\125\004\012\023\062\101 +\147\145\156\143\151\141\040\103\141\164\141\154\141\156\141\040 +\144\145\040\103\145\162\164\151\146\151\143\141\143\151\157\040 +\050\116\111\106\040\121\055\060\070\060\061\061\067\066\055\111 +\051\061\050\060\046\006\003\125\004\013\023\037\123\145\162\166 +\145\151\163\040\120\165\142\154\151\143\163\040\144\145\040\103 +\145\162\164\151\146\151\143\141\143\151\157\061\065\060\063\006 +\003\125\004\013\023\054\126\145\147\145\165\040\150\164\164\160 +\163\072\057\057\167\167\167\056\143\141\164\143\145\162\164\056 +\156\145\164\057\166\145\162\141\162\162\145\154\040\050\143\051 +\060\063\061\065\060\063\006\003\125\004\013\023\054\112\145\162 +\141\162\161\165\151\141\040\105\156\164\151\164\141\164\163\040 +\144\145\040\103\145\162\164\151\146\151\143\141\143\151\157\040 +\103\141\164\141\154\141\156\145\163\061\017\060\015\006\003\125 +\004\003\023\006\105\103\055\101\103\103\060\202\001\042\060\015 +\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001 +\017\000\060\202\001\012\002\202\001\001\000\263\042\307\117\342 +\227\102\225\210\107\203\100\366\035\027\363\203\163\044\036\121 +\363\230\212\303\222\270\377\100\220\005\160\207\140\311\000\251 +\265\224\145\031\042\025\027\302\103\154\146\104\232\015\004\076 +\071\157\245\113\172\252\143\267\212\104\235\331\143\221\204\146 +\340\050\017\272\102\343\156\216\367\024\047\223\151\356\221\016 +\243\137\016\261\353\146\242\162\117\022\023\206\145\172\076\333 +\117\007\364\247\011\140\332\072\102\231\307\262\177\263\026\225 +\034\307\371\064\265\224\205\325\231\136\240\110\240\176\347\027 +\145\270\242\165\270\036\363\345\102\175\257\355\363\212\110\144 +\135\202\024\223\330\300\344\377\263\120\162\362\166\366\263\135 +\102\120\171\320\224\076\153\014\000\276\330\153\016\116\052\354 +\076\322\314\202\242\030\145\063\023\167\236\232\135\032\023\330 +\303\333\075\310\227\172\356\160\355\247\346\174\333\161\317\055 +\224\142\337\155\326\365\070\276\077\245\205\012\031\270\250\330 +\011\165\102\160\304\352\357\313\016\310\064\250\022\042\230\014 +\270\023\224\266\113\354\360\320\220\347\047\002\003\001\000\001 +\243\201\343\060\201\340\060\035\006\003\125\035\021\004\026\060 +\024\201\022\145\143\137\141\143\143\100\143\141\164\143\145\162 +\164\056\156\145\164\060\017\006\003\125\035\023\001\001\377\004 +\005\060\003\001\001\377\060\016\006\003\125\035\017\001\001\377 +\004\004\003\002\001\006\060\035\006\003\125\035\016\004\026\004 +\024\240\303\213\104\252\067\245\105\277\227\200\132\321\361\170 +\242\233\351\135\215\060\177\006\003\125\035\040\004\170\060\166 +\060\164\006\013\053\006\001\004\001\365\170\001\003\001\012\060 +\145\060\054\006\010\053\006\001\005\005\007\002\001\026\040\150 +\164\164\160\163\072\057\057\167\167\167\056\143\141\164\143\145 +\162\164\056\156\145\164\057\166\145\162\141\162\162\145\154\060 +\065\006\010\053\006\001\005\005\007\002\002\060\051\032\047\126 +\145\147\145\165\040\150\164\164\160\163\072\057\057\167\167\167 +\056\143\141\164\143\145\162\164\056\156\145\164\057\166\145\162 +\141\162\162\145\154\040\060\015\006\011\052\206\110\206\367\015 +\001\001\005\005\000\003\202\001\001\000\240\110\133\202\001\366 +\115\110\270\071\125\065\234\200\172\123\231\325\132\377\261\161 +\073\314\071\011\224\136\326\332\357\276\001\133\135\323\036\330 +\375\175\117\315\240\101\340\064\223\277\313\342\206\234\067\222 +\220\126\034\334\353\051\005\345\304\236\307\065\337\212\014\315 +\305\041\103\351\252\210\345\065\300\031\102\143\132\002\136\244 +\110\030\072\205\157\334\235\274\077\235\234\301\207\270\172\141 +\010\351\167\013\177\160\253\172\335\331\227\054\144\036\205\277 +\274\164\226\241\303\172\022\354\014\032\156\203\014\074\350\162 +\106\237\373\110\325\136\227\346\261\241\370\344\357\106\045\224 +\234\211\333\151\070\276\354\134\016\126\307\145\121\345\120\210 +\210\277\102\325\053\075\345\371\272\236\056\263\312\364\163\222 +\002\013\276\114\146\353\040\376\271\313\265\231\177\346\266\023 +\372\312\113\115\331\356\123\106\006\073\306\116\255\223\132\201 +\176\154\052\113\152\005\105\214\362\041\244\061\220\207\154\145 +\234\235\245\140\225\072\122\177\365\321\253\010\156\363\356\133 +\371\210\075\176\270\157\156\003\344\102 +END + +# Trust for Certificate "EC-ACC" +CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "EC-ACC" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\050\220\072\143\133\122\200\372\346\167\114\013\155\247\326\272 +\246\112\362\350 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\353\365\235\051\015\141\371\102\037\174\302\272\155\343\025\011 +END +CKA_ISSUER MULTILINE_OCTAL +\060\201\363\061\013\060\011\006\003\125\004\006\023\002\105\123 +\061\073\060\071\006\003\125\004\012\023\062\101\147\145\156\143 +\151\141\040\103\141\164\141\154\141\156\141\040\144\145\040\103 +\145\162\164\151\146\151\143\141\143\151\157\040\050\116\111\106 +\040\121\055\060\070\060\061\061\067\066\055\111\051\061\050\060 +\046\006\003\125\004\013\023\037\123\145\162\166\145\151\163\040 +\120\165\142\154\151\143\163\040\144\145\040\103\145\162\164\151 +\146\151\143\141\143\151\157\061\065\060\063\006\003\125\004\013 +\023\054\126\145\147\145\165\040\150\164\164\160\163\072\057\057 +\167\167\167\056\143\141\164\143\145\162\164\056\156\145\164\057 +\166\145\162\141\162\162\145\154\040\050\143\051\060\063\061\065 +\060\063\006\003\125\004\013\023\054\112\145\162\141\162\161\165 +\151\141\040\105\156\164\151\164\141\164\163\040\144\145\040\103 +\145\162\164\151\146\151\143\141\143\151\157\040\103\141\164\141 +\154\141\156\145\163\061\017\060\015\006\003\125\004\003\023\006 +\105\103\055\101\103\103 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\356\053\075\353\324\041\336\024\250\142\254\004\363\335 +\304\001 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Hellenic Academic and Research Institutions RootCA 2011" +# +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Hellenic Academic and Research Institutions RootCA 2011" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\201\225\061\013\060\011\006\003\125\004\006\023\002\107\122 +\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154\145 +\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144 +\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164 +\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165\164 +\150\157\162\151\164\171\061\100\060\076\006\003\125\004\003\023 +\067\110\145\154\154\145\156\151\143\040\101\143\141\144\145\155 +\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150\040 +\111\156\163\164\151\164\165\164\151\157\156\163\040\122\157\157 +\164\103\101\040\062\060\061\061 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\201\225\061\013\060\011\006\003\125\004\006\023\002\107\122 +\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154\145 +\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144 +\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164 +\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165\164 +\150\157\162\151\164\171\061\100\060\076\006\003\125\004\003\023 +\067\110\145\154\154\145\156\151\143\040\101\143\141\144\145\155 +\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150\040 +\111\156\163\164\151\164\165\164\151\157\156\163\040\122\157\157 +\164\103\101\040\062\060\061\061 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\001\000 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\004\061\060\202\003\031\240\003\002\001\002\002\001\000 +\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 +\201\225\061\013\060\011\006\003\125\004\006\023\002\107\122\061 +\104\060\102\006\003\125\004\012\023\073\110\145\154\154\145\156 +\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144\040 +\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164\165 +\164\151\157\156\163\040\103\145\162\164\056\040\101\165\164\150 +\157\162\151\164\171\061\100\060\076\006\003\125\004\003\023\067 +\110\145\154\154\145\156\151\143\040\101\143\141\144\145\155\151 +\143\040\141\156\144\040\122\145\163\145\141\162\143\150\040\111 +\156\163\164\151\164\165\164\151\157\156\163\040\122\157\157\164 +\103\101\040\062\060\061\061\060\036\027\015\061\061\061\062\060 +\066\061\063\064\071\065\062\132\027\015\063\061\061\062\060\061 +\061\063\064\071\065\062\132\060\201\225\061\013\060\011\006\003 +\125\004\006\023\002\107\122\061\104\060\102\006\003\125\004\012 +\023\073\110\145\154\154\145\156\151\143\040\101\143\141\144\145 +\155\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150 +\040\111\156\163\164\151\164\165\164\151\157\156\163\040\103\145 +\162\164\056\040\101\165\164\150\157\162\151\164\171\061\100\060 +\076\006\003\125\004\003\023\067\110\145\154\154\145\156\151\143 +\040\101\143\141\144\145\155\151\143\040\141\156\144\040\122\145 +\163\145\141\162\143\150\040\111\156\163\164\151\164\165\164\151 +\157\156\163\040\122\157\157\164\103\101\040\062\060\061\061\060 +\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001 +\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000 +\251\123\000\343\056\246\366\216\372\140\330\055\225\076\370\054 +\052\124\116\315\271\204\141\224\130\117\217\075\213\344\103\363 +\165\211\215\121\344\303\067\322\212\210\115\171\036\267\022\335 +\103\170\112\212\222\346\327\110\325\017\244\072\051\104\065\270 +\007\366\150\035\125\315\070\121\360\214\044\061\205\257\203\311 +\175\351\167\257\355\032\173\235\027\371\263\235\070\120\017\246 +\132\171\221\200\257\067\256\246\323\061\373\265\046\011\235\074 +\132\357\121\305\053\337\226\135\353\062\036\002\332\160\111\354 +\156\014\310\232\067\215\367\361\066\140\113\046\054\202\236\320 +\170\363\015\017\143\244\121\060\341\371\053\047\022\007\330\352 +\275\030\142\230\260\131\067\175\276\356\363\040\121\102\132\203 +\357\223\272\151\025\361\142\235\237\231\071\202\241\267\164\056 +\213\324\305\013\173\057\360\310\012\332\075\171\012\232\223\034 +\245\050\162\163\221\103\232\247\321\115\205\204\271\251\164\217 +\024\100\307\334\336\254\101\144\154\264\031\233\002\143\155\044 +\144\217\104\262\045\352\316\135\164\014\143\062\134\215\207\345 +\002\003\001\000\001\243\201\211\060\201\206\060\017\006\003\125 +\035\023\001\001\377\004\005\060\003\001\001\377\060\013\006\003 +\125\035\017\004\004\003\002\001\006\060\035\006\003\125\035\016 +\004\026\004\024\246\221\102\375\023\141\112\043\236\010\244\051 +\345\330\023\004\043\356\101\045\060\107\006\003\125\035\036\004 +\100\060\076\240\074\060\005\202\003\056\147\162\060\005\202\003 +\056\145\165\060\006\202\004\056\145\144\165\060\006\202\004\056 +\157\162\147\060\005\201\003\056\147\162\060\005\201\003\056\145 +\165\060\006\201\004\056\145\144\165\060\006\201\004\056\157\162 +\147\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000 +\003\202\001\001\000\037\357\171\101\341\173\156\077\262\214\206 +\067\102\112\116\034\067\036\215\146\272\044\201\311\117\022\017 +\041\300\003\227\206\045\155\135\323\042\051\250\154\242\015\251 +\353\075\006\133\231\072\307\314\303\232\064\177\253\016\310\116 +\034\341\372\344\334\315\015\276\277\044\376\154\347\153\302\015 +\310\006\236\116\215\141\050\246\152\375\345\366\142\352\030\074 +\116\240\123\235\262\072\234\353\245\234\221\026\266\115\202\340 +\014\005\110\251\154\365\314\370\313\235\111\264\360\002\245\375 +\160\003\355\212\041\245\256\023\206\111\303\063\163\276\207\073 +\164\213\027\105\046\114\026\221\203\376\147\175\315\115\143\147 +\372\363\003\022\226\170\006\215\261\147\355\216\077\276\237\117 +\002\365\263\011\057\363\114\207\337\052\313\225\174\001\314\254 +\066\172\277\242\163\172\367\217\301\265\232\241\024\262\217\063 +\237\015\357\042\334\146\173\204\275\105\027\006\075\074\312\271 +\167\064\217\312\352\317\077\061\076\343\210\343\200\111\045\310 +\227\265\235\232\231\115\260\074\370\112\000\233\144\335\237\071 +\113\321\047\327\270 +END + +# Trust for Certificate "Hellenic Academic and Research Institutions RootCA 2011" +CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Hellenic Academic and Research Institutions RootCA 2011" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\376\105\145\233\171\003\133\230\241\141\265\121\056\254\332\130 +\011\110\042\115 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\163\237\114\113\163\133\171\351\372\272\034\357\156\313\325\311 +END +CKA_ISSUER MULTILINE_OCTAL +\060\201\225\061\013\060\011\006\003\125\004\006\023\002\107\122 +\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154\145 +\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144 +\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164 +\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165\164 +\150\157\162\151\164\171\061\100\060\076\006\003\125\004\003\023 +\067\110\145\154\154\145\156\151\143\040\101\143\141\144\145\155 +\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150\040 +\111\156\163\164\151\164\165\164\151\157\156\163\040\122\157\157 +\164\103\101\040\062\060\061\061 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\001\000 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE diff --git a/security/nss/lib/ckfw/builtins/nssckbi.h b/security/nss/lib/ckfw/builtins/nssckbi.h index 3e4709058..997f8f32d 100644 --- a/security/nss/lib/ckfw/builtins/nssckbi.h +++ b/security/nss/lib/ckfw/builtins/nssckbi.h @@ -77,8 +77,8 @@ * of the comment in the CK_VERSION type definition. */ #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1 -#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 88 -#define NSS_BUILTINS_LIBRARY_VERSION "1.88" +#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 89 +#define NSS_BUILTINS_LIBRARY_VERSION "1.89" /* These version numbers detail the semantic changes to the ckfw engine. */ #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1 diff --git a/security/nss/lib/ckfw/capi/Makefile b/security/nss/lib/ckfw/capi/Makefile new file mode 100644 index 000000000..e7a81d82e --- /dev/null +++ b/security/nss/lib/ckfw/capi/Makefile @@ -0,0 +1,108 @@ +# +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is +# Netscape Communications Corporation. +# Portions created by the Initial Developer are Copyright (C) 1994-2000 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** +MAKEFILE_CVS_ID = "@(#) $RCSfile$ $Revision$ $Date$" + +include manifest.mn +include $(CORE_DEPTH)/coreconf/config.mk +include config.mk + +EXTRA_LIBS = \ + $(DIST)/lib/$(LIB_PREFIX)nssckfw.$(LIB_SUFFIX) \ + $(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \ + $(NULL) + +# can't do this in manifest.mn because OS_TARGET isn't defined there. +ifeq (,$(filter-out WIN%,$(OS_TARGET))) + +ifdef NS_USE_GCC +EXTRA_LIBS += \ + -L$(NSPR_LIB_DIR) \ + -lplc4 \ + -lplds4 \ + -lnspr4 \ + -lcrypt32 \ + -ladvapi32 \ + -lrpcrt4 \ + $(NULL) +else +EXTRA_SHARED_LIBS += \ + $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.lib \ + $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.lib \ + $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.lib \ + crypt32.lib \ + advapi32.lib \ + rpcrt4.lib \ + $(NULL) +endif # NS_USE_GCC +else + +EXTRA_LIBS += \ + -L$(NSPR_LIB_DIR) \ + -lplc4 \ + -lplds4 \ + -lnspr4 \ + $(NULL) +endif + + +include $(CORE_DEPTH)/coreconf/rules.mk + +# Generate certdata.c. +generate: + $(PERL) certdata.perl < certdata.txt + +# This'll need some help from a build person. + + +ifeq ($(OS_TARGET)$(OS_RELEASE), AIX4.1) +DSO_LDOPTS = -bM:SRE -bh:4 -bnoentry +EXTRA_DSO_LDOPTS = -lc +MKSHLIB = xlC $(DSO_LDOPTS) + +$(SHARED_LIBRARY): $(OBJS) + @$(MAKE_OBJDIR) + rm -f $@ + $(MKSHLIB) -o $@ $(OBJS) $(EXTRA_LIBS) $(EXTRA_DSO_LDOPTS) + chmod +x $@ + +endif + +ifeq ($(OS_TARGET)$(OS_RELEASE), AIX4.2) +LD += -G +endif + + diff --git a/security/nss/lib/ckfw/capi/README b/security/nss/lib/ckfw/capi/README new file mode 100644 index 000000000..9fc5720a9 --- /dev/null +++ b/security/nss/lib/ckfw/capi/README @@ -0,0 +1,7 @@ +This Cryptoki module provides acces to certs and keys stored in +Microsofts CAPI certificate store. + +It does not import or export CA Root trust from the CAPI. +It does not import or export CRLs from the CAPI. +It does not handle S/MIME objects (pkcs #7 in capi terms?). +It does not yet handle it's own PIN. (CAPI does all the pin prompting). diff --git a/security/nss/lib/ckfw/capi/anchor.c b/security/nss/lib/ckfw/capi/anchor.c new file mode 100644 index 000000000..e21006621 --- /dev/null +++ b/security/nss/lib/ckfw/capi/anchor.c @@ -0,0 +1,55 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * Portions created by Red Hat, Inc, are Copyright (C) 2005 + * + * Contributor(s): + * Bob Relyea (rrelyea@redhat.com) + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +/* + * capi/canchor.c + * + * This file "anchors" the actual cryptoki entry points in this module's + * shared library, which is required for dynamic loading. See the + * comments in nssck.api for more information. + */ + +#include "ckcapi.h" + +#define MODULE_NAME ckcapi +#define INSTANCE_NAME (NSSCKMDInstance *)&nss_ckcapi_mdInstance +#include "nssck.api" diff --git a/security/nss/lib/ckfw/capi/cfind.c b/security/nss/lib/ckfw/capi/cfind.c new file mode 100644 index 000000000..9673d5560 --- /dev/null +++ b/security/nss/lib/ckfw/capi/cfind.c @@ -0,0 +1,618 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * Portions created by Red Hat, Inc, are Copyright (C) 2005 + * + * Contributor(s): + * Bob Relyea (rrelyea@redhat.com) + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +#ifndef CKCAPI_H +#include "ckcapi.h" +#endif /* CKCAPI_H */ + +/* + * ckcapi/cfind.c + * + * This file implements the NSSCKMDFindObjects object for the + * "capi" cryptoki module. + */ + +struct ckcapiFOStr { + NSSArena *arena; + CK_ULONG n; + CK_ULONG i; + ckcapiInternalObject **objs; +}; + +static void +ckcapi_mdFindObjects_Final +( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + struct ckcapiFOStr *fo = (struct ckcapiFOStr *)mdFindObjects->etc; + NSSArena *arena = fo->arena; + PRUint32 i; + + /* walk down an free the unused 'objs' */ + for (i=fo->i; i < fo->n ; i++) { + nss_ckcapi_DestroyInternalObject(fo->objs[i]); + } + + nss_ZFreeIf(fo->objs); + nss_ZFreeIf(fo); + nss_ZFreeIf(mdFindObjects); + if ((NSSArena *)NULL != arena) { + NSSArena_Destroy(arena); + } + + return; +} + +static NSSCKMDObject * +ckcapi_mdFindObjects_Next +( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError +) +{ + struct ckcapiFOStr *fo = (struct ckcapiFOStr *)mdFindObjects->etc; + ckcapiInternalObject *io; + + if( fo->i == fo->n ) { + *pError = CKR_OK; + return (NSSCKMDObject *)NULL; + } + + io = fo->objs[ fo->i ]; + fo->i++; + + return nss_ckcapi_CreateMDObject(arena, io, pError); +} + +static CK_BBOOL +ckcapi_attrmatch +( + CK_ATTRIBUTE_PTR a, + ckcapiInternalObject *o +) +{ + PRBool prb; + const NSSItem *b; + + b = nss_ckcapi_FetchAttribute(o, a->type); + if (b == NULL) { + return CK_FALSE; + } + + if( a->ulValueLen != b->size ) { + /* match a decoded serial number */ + if ((a->type == CKA_SERIAL_NUMBER) && (a->ulValueLen < b->size)) { + int len; + unsigned char *data; + + data = nss_ckcapi_DERUnwrap(b->data, b->size, &len, NULL); + if ((len == a->ulValueLen) && + nsslibc_memequal(a->pValue, data, len, (PRStatus *)NULL)) { + return CK_TRUE; + } + } + return CK_FALSE; + } + + prb = nsslibc_memequal(a->pValue, b->data, b->size, (PRStatus *)NULL); + + if( PR_TRUE == prb ) { + return CK_TRUE; + } else { + return CK_FALSE; + } +} + + +static CK_BBOOL +ckcapi_match +( + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + ckcapiInternalObject *o +) +{ + CK_ULONG i; + + for( i = 0; i < ulAttributeCount; i++ ) { + if (CK_FALSE == ckcapi_attrmatch(&pTemplate[i], o)) { + return CK_FALSE; + } + } + + /* Every attribute passed */ + return CK_TRUE; +} + +#define CKAPI_ITEM_CHUNK 20 + +#define PUT_Object(obj,err) \ + { \ + if (count >= size) { \ + *listp = *listp ? \ + nss_ZREALLOCARRAY(*listp, ckcapiInternalObject *, \ + (size+CKAPI_ITEM_CHUNK) ) : \ + nss_ZNEWARRAY(NULL, ckcapiInternalObject *, \ + (size+CKAPI_ITEM_CHUNK) ) ; \ + if ((ckcapiInternalObject **)NULL == *listp) { \ + err = CKR_HOST_MEMORY; \ + goto loser; \ + } \ + size += CKAPI_ITEM_CHUNK; \ + } \ + (*listp)[ count ] = (obj); \ + count++; \ + } + + +/* + * pass parameters back through the callback. + */ +typedef struct BareCollectParamsStr { + CK_OBJECT_CLASS objClass; + CK_ATTRIBUTE_PTR pTemplate; + CK_ULONG ulAttributeCount; + ckcapiInternalObject ***listp; + PRUint32 size; + PRUint32 count; +} BareCollectParams; + +/* collect_bare's callback. Called for each object that + * supposedly has a PROVINDER_INFO property */ +static BOOL WINAPI +doBareCollect +( + const CRYPT_HASH_BLOB *msKeyID, + DWORD flags, + void *reserved, + void *args, + DWORD cProp, + DWORD *propID, + void **propData, + DWORD *propSize +) +{ + BareCollectParams *bcp = (BareCollectParams *) args; + PRUint32 size = bcp->size; + PRUint32 count = bcp->count; + ckcapiInternalObject ***listp = bcp->listp; + ckcapiInternalObject *io = NULL; + DWORD i; + CRYPT_KEY_PROV_INFO *keyProvInfo = NULL; + void *idData; + CK_RV error; + + /* make sure there is a Key Provider Info property */ + for (i=0; i < cProp; i++) { + if (CERT_KEY_PROV_INFO_PROP_ID == propID[i]) { + keyProvInfo = (CRYPT_KEY_PROV_INFO *)propData[i]; + break; + } + } + if ((CRYPT_KEY_PROV_INFO *)NULL == keyProvInfo) { + return 1; + } + + /* copy the key ID */ + idData = nss_ZNEWARRAY(NULL, char, msKeyID->cbData); + if ((void *)NULL == idData) { + goto loser; + } + nsslibc_memcpy(idData, msKeyID->pbData, msKeyID->cbData); + + /* build a bare internal object */ + io = nss_ZNEW(NULL, ckcapiInternalObject); + if ((ckcapiInternalObject *)NULL == io) { + goto loser; + } + io->type = ckcapiBareKey; + io->objClass = bcp->objClass; + io->u.key.provInfo = *keyProvInfo; + io->u.key.provInfo.pwszContainerName = + nss_ckcapi_WideDup(keyProvInfo->pwszContainerName); + io->u.key.provInfo.pwszProvName = + nss_ckcapi_WideDup(keyProvInfo->pwszProvName); + io->u.key.provName = nss_ckcapi_WideToUTF8(keyProvInfo->pwszProvName); + io->u.key.containerName = + nss_ckcapi_WideToUTF8(keyProvInfo->pwszContainerName); + io->u.key.hProv = 0; + io->idData = idData; + io->id.data = idData; + io->id.size = msKeyID->cbData; + idData = NULL; + + /* see if it matches */ + if( CK_FALSE == ckcapi_match(bcp->pTemplate, bcp->ulAttributeCount, io) ) { + goto loser; + } + PUT_Object(io, error); + bcp->size = size; + bcp->count = count; + return 1; + +loser: + if (io) { + nss_ckcapi_DestroyInternalObject(io); + } + nss_ZFreeIf(idData); + return 1; +} + +/* + * collect the bare keys running around + */ +static PRUint32 +collect_bare( + CK_OBJECT_CLASS objClass, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + ckcapiInternalObject ***listp, + PRUint32 *sizep, + PRUint32 count, + CK_RV *pError +) +{ + BOOL rc; + BareCollectParams bareCollectParams; + + bareCollectParams.objClass = objClass; + bareCollectParams.pTemplate = pTemplate; + bareCollectParams.ulAttributeCount = ulAttributeCount; + bareCollectParams.listp = listp; + bareCollectParams.size = *sizep; + bareCollectParams.count = count; + + rc = CryptEnumKeyIdentifierProperties(NULL, CERT_KEY_PROV_INFO_PROP_ID, 0, + NULL, NULL, &bareCollectParams, doBareCollect); + + *sizep = bareCollectParams.size; + return bareCollectParams.count; +} + +/* find all the certs that represent the appropriate object (cert, priv key, or + * pub key) in the cert store. + */ +static PRUint32 +collect_class( + CK_OBJECT_CLASS objClass, + LPCSTR storeStr, + PRBool hasID, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + ckcapiInternalObject ***listp, + PRUint32 *sizep, + PRUint32 count, + CK_RV *pError +) +{ + PRUint32 size = *sizep; + ckcapiInternalObject *next = NULL; + HCERTSTORE hStore; + PCCERT_CONTEXT certContext = NULL; + PRBool isKey = + (objClass == CKO_PUBLIC_KEY) | (objClass == CKO_PRIVATE_KEY); + + hStore = CertOpenSystemStore((HCRYPTPROV)NULL, storeStr); + if (NULL == hStore) { + return count; /* none found does not imply an error */ + } + + /* FUTURE: use CertFindCertificateInStore to filter better -- so we don't + * have to enumerate all the certificates */ + while ((PCERT_CONTEXT) NULL != + (certContext= CertEnumCertificatesInStore(hStore, certContext))) { + /* first filter out non user certs if we are looking for keys */ + if (isKey) { + /* make sure there is a Key Provider Info property */ + CRYPT_KEY_PROV_INFO *keyProvInfo; + DWORD size = 0; + BOOL rv; + rv =CertGetCertificateContextProperty(certContext, + CERT_KEY_PROV_INFO_PROP_ID, NULL, &size); + if (!rv) { + int reason = GetLastError(); + /* we only care if it exists, we don't really need to fetch it yet */ + if (reason == CRYPT_E_NOT_FOUND) { + continue; + } + } + /* filter out the non-microsoft providers */ + keyProvInfo = (CRYPT_KEY_PROV_INFO *)nss_ZAlloc(NULL, size); + if (keyProvInfo) { + rv =CertGetCertificateContextProperty(certContext, + CERT_KEY_PROV_INFO_PROP_ID, keyProvInfo, &size); + if (rv) { + char *provName = nss_ckcapi_WideToUTF8(keyProvInfo->pwszProvName); + nss_ZFreeIf(keyProvInfo); + + if (provName && + (strncmp(provName, "Microsoft", sizeof("Microsoft")-1) != 0)) { + continue; + } + } else { + int reason = GetLastError(); + /* we only care if it exists, we don't really need to fetch it yet */ + nss_ZFreeIf(keyProvInfo); + if (reason == CRYPT_E_NOT_FOUND) { + continue; + } + + } + } + } + + if ((ckcapiInternalObject *)NULL == next) { + next = nss_ZNEW(NULL, ckcapiInternalObject); + if ((ckcapiInternalObject *)NULL == next) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + } + next->type = ckcapiCert; + next->objClass = objClass; + next->u.cert.certContext = certContext; + next->u.cert.hasID = hasID; + next->u.cert.certStore = storeStr; + if( CK_TRUE == ckcapi_match(pTemplate, ulAttributeCount, next) ) { + /* clear cached values that may be dependent on our old certContext */ + memset(&next->u.cert, 0, sizeof(next->u.cert)); + /* get a 'permanent' context */ + next->u.cert.certContext = CertDuplicateCertificateContext(certContext); + next->objClass = objClass; + next->u.cert.certContext = certContext; + next->u.cert.hasID = hasID; + next->u.cert.certStore = storeStr; + PUT_Object(next, *pError); + next = NULL; /* need to allocate a new one now */ + } else { + /* don't cache the values we just loaded */ + memset(&next->u.cert, 0, sizeof(next->u.cert)); + } + } +loser: + CertCloseStore(hStore, 0); + nss_ZFreeIf(next); + *sizep = size; + return count; +} + +NSS_IMPLEMENT PRUint32 +nss_ckcapi_collect_all_certs( + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + ckcapiInternalObject ***listp, + PRUint32 *sizep, + PRUint32 count, + CK_RV *pError +) +{ + count = collect_class(CKO_CERTIFICATE, "My", PR_TRUE, pTemplate, + ulAttributeCount, listp, sizep, count, pError); + /*count = collect_class(CKO_CERTIFICATE, "AddressBook", PR_FALSE, pTemplate, + ulAttributeCount, listp, sizep, count, pError); */ + count = collect_class(CKO_CERTIFICATE, "CA", PR_FALSE, pTemplate, + ulAttributeCount, listp, sizep, count, pError); + count = collect_class(CKO_CERTIFICATE, "Root", PR_FALSE, pTemplate, + ulAttributeCount, listp, sizep, count, pError); + count = collect_class(CKO_CERTIFICATE, "Trust", PR_FALSE, pTemplate, + ulAttributeCount, listp, sizep, count, pError); + count = collect_class(CKO_CERTIFICATE, "TrustedPeople", PR_FALSE, pTemplate, + ulAttributeCount, listp, sizep, count, pError); + count = collect_class(CKO_CERTIFICATE, "AuthRoot", PR_FALSE, pTemplate, + ulAttributeCount, listp, sizep, count, pError); + return count; +} + +CK_OBJECT_CLASS +ckcapi_GetObjectClass(CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount) +{ + CK_ULONG i; + + for (i=0; i < ulAttributeCount; i++) + { + if (pTemplate[i].type == CKA_CLASS) { + return *(CK_OBJECT_CLASS *) pTemplate[i].pValue; + } + } + /* need to return a value that says 'fetch them all' */ + return CK_INVALID_HANDLE; +} + +static PRUint32 +collect_objects( + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + ckcapiInternalObject ***listp, + CK_RV *pError +) +{ + PRUint32 i; + PRUint32 count = 0; + PRUint32 size = 0; + CK_OBJECT_CLASS objClass; + + /* + * first handle the static build in objects (if any) + */ + for( i = 0; i < nss_ckcapi_nObjects; i++ ) { + ckcapiInternalObject *o = (ckcapiInternalObject *)&nss_ckcapi_data[i]; + + if( CK_TRUE == ckcapi_match(pTemplate, ulAttributeCount, o) ) { + PUT_Object(o, *pError); + } + } + + /* + * now handle the various object types + */ + objClass = ckcapi_GetObjectClass(pTemplate, ulAttributeCount); + *pError = CKR_OK; + switch (objClass) { + case CKO_CERTIFICATE: + count = nss_ckcapi_collect_all_certs(pTemplate, ulAttributeCount, listp, + &size, count, pError); + break; + case CKO_PUBLIC_KEY: + count = collect_class(objClass, "My", PR_TRUE, pTemplate, + ulAttributeCount, listp, &size, count, pError); + count = collect_bare(objClass, pTemplate, ulAttributeCount, listp, + &size, count, pError); + break; + case CKO_PRIVATE_KEY: + count = collect_class(objClass, "My", PR_TRUE, pTemplate, + ulAttributeCount, listp, &size, count, pError); + count = collect_bare(objClass, pTemplate, ulAttributeCount, listp, + &size, count, pError); + break; + /* all of them */ + case CK_INVALID_HANDLE: + count = nss_ckcapi_collect_all_certs(pTemplate, ulAttributeCount, listp, + &size, count, pError); + count = collect_class(CKO_PUBLIC_KEY, "My", PR_TRUE, pTemplate, + ulAttributeCount, listp, &size, count, pError); + count = collect_bare(CKO_PUBLIC_KEY, pTemplate, ulAttributeCount, listp, + &size, count, pError); + count = collect_class(CKO_PRIVATE_KEY, "My", PR_TRUE, pTemplate, + ulAttributeCount, listp, &size, count, pError); + count = collect_bare(CKO_PRIVATE_KEY, pTemplate, ulAttributeCount, listp, + &size, count, pError); + break; + default: + goto done; /* no other object types we understand in this module */ + } + if (CKR_OK != *pError) { + goto loser; + } + + +done: + return count; +loser: + nss_ZFreeIf(*listp); + return 0; +} + + + +NSS_IMPLEMENT NSSCKMDFindObjects * +nss_ckcapi_FindObjectsInit +( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError +) +{ + /* This could be made more efficient. I'm rather rushed. */ + NSSArena *arena; + NSSCKMDFindObjects *rv = (NSSCKMDFindObjects *)NULL; + struct ckcapiFOStr *fo = (struct ckcapiFOStr *)NULL; + ckcapiInternalObject **temp = (ckcapiInternalObject **)NULL; + + arena = NSSArena_Create(); + if( (NSSArena *)NULL == arena ) { + goto loser; + } + + rv = nss_ZNEW(arena, NSSCKMDFindObjects); + if( (NSSCKMDFindObjects *)NULL == rv ) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + fo = nss_ZNEW(arena, struct ckcapiFOStr); + if( (struct ckcapiFOStr *)NULL == fo ) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + fo->arena = arena; + /* fo->n and fo->i are already zero */ + + rv->etc = (void *)fo; + rv->Final = ckcapi_mdFindObjects_Final; + rv->Next = ckcapi_mdFindObjects_Next; + rv->null = (void *)NULL; + + fo->n = collect_objects(pTemplate, ulAttributeCount, &temp, pError); + if (*pError != CKR_OK) { + goto loser; + } + + fo->objs = nss_ZNEWARRAY(arena, ckcapiInternalObject *, fo->n); + if( (ckcapiInternalObject **)NULL == fo->objs ) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + (void)nsslibc_memcpy(fo->objs, temp, sizeof(ckcapiInternalObject *) * fo->n); + nss_ZFreeIf(temp); + temp = (ckcapiInternalObject **)NULL; + + return rv; + + loser: + nss_ZFreeIf(temp); + nss_ZFreeIf(fo); + nss_ZFreeIf(rv); + if ((NSSArena *)NULL != arena) { + NSSArena_Destroy(arena); + } + return (NSSCKMDFindObjects *)NULL; +} + diff --git a/security/nss/lib/ckfw/capi/cinst.c b/security/nss/lib/ckfw/capi/cinst.c new file mode 100644 index 000000000..fe5c3d25e --- /dev/null +++ b/security/nss/lib/ckfw/capi/cinst.c @@ -0,0 +1,148 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * Portions created by Red Hat, Inc, are Copyright (C) 2005 + * + * Contributor(s): + * Bob Relyea (rrelyea@redhat.com) + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +#include "ckcapi.h" + +/* + * ckcapi/cinstance.c + * + * This file implements the NSSCKMDInstance object for the + * "capi" cryptoki module. + */ + +/* + * NSSCKMDInstance methods + */ + +static CK_ULONG +ckcapi_mdInstance_GetNSlots +( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + return (CK_ULONG)1; +} + +static CK_VERSION +ckcapi_mdInstance_GetCryptokiVersion +( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + return nss_ckcapi_CryptokiVersion; +} + +static NSSUTF8 * +ckcapi_mdInstance_GetManufacturerID +( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + return (NSSUTF8 *)nss_ckcapi_ManufacturerID; +} + +static NSSUTF8 * +ckcapi_mdInstance_GetLibraryDescription +( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + return (NSSUTF8 *)nss_ckcapi_LibraryDescription; +} + +static CK_VERSION +ckcapi_mdInstance_GetLibraryVersion +( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + return nss_ckcapi_LibraryVersion; +} + +static CK_RV +ckcapi_mdInstance_GetSlots +( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDSlot *slots[] +) +{ + slots[0] = (NSSCKMDSlot *)&nss_ckcapi_mdSlot; + return CKR_OK; +} + +static CK_BBOOL +ckcapi_mdInstance_ModuleHandlesSessionObjects +( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + /* we don't want to allow any session object creation, at least + * until we can investigate whether or not we can use those objects + */ + return CK_TRUE; +} + +NSS_IMPLEMENT_DATA const NSSCKMDInstance +nss_ckcapi_mdInstance = { + (void *)NULL, /* etc */ + NULL, /* Initialize */ + NULL, /* Finalize */ + ckcapi_mdInstance_GetNSlots, + ckcapi_mdInstance_GetCryptokiVersion, + ckcapi_mdInstance_GetManufacturerID, + ckcapi_mdInstance_GetLibraryDescription, + ckcapi_mdInstance_GetLibraryVersion, + ckcapi_mdInstance_ModuleHandlesSessionObjects, + /*NULL, /* HandleSessionObjects */ + ckcapi_mdInstance_GetSlots, + NULL, /* WaitForSlotEvent */ + (void *)NULL /* null terminator */ +}; diff --git a/security/nss/lib/ckfw/capi/ckcapi.h b/security/nss/lib/ckfw/capi/ckcapi.h new file mode 100644 index 000000000..1e033ca90 --- /dev/null +++ b/security/nss/lib/ckfw/capi/ckcapi.h @@ -0,0 +1,309 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * Portions created by Red Hat, Inc, are Copyright (C) 2005 + * + * Contributor(s): + * Bob Relyea (rrelyea@redhat.com) + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifndef CKCAPI_H +#define CKCAPI_H 1 + +#ifdef DEBUG +static const char CKCAPI_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +#include "nssckmdt.h" +#include "nssckfw.h" + +/* + * I'm including this for access to the arena functions. + * Looks like we should publish that API. + */ +#ifndef BASE_H +#include "base.h" +#endif /* BASE_H */ + +/* + * This is where the Netscape extensions live, at least for now. + */ +#ifndef CKT_H +#include "ckt.h" +#endif /* CKT_H */ + +#include "wtypes.h" +#include "wincrypt.h" + +/* + * statically defined raw objects. Allows us to data description objects + * to this PKCS #11 module. + */ +struct ckcapiRawObjectStr { + CK_ULONG n; + const CK_ATTRIBUTE_TYPE *types; + const NSSItem *items; +}; +typedef struct ckcapiRawObjectStr ckcapiRawObject; + + +/* + * common values needed for both bare keys and cert referenced keys. + */ +struct ckcapiKeyParamsStr { + NSSItem modulus; + NSSItem exponent; + NSSItem privateExponent; + NSSItem prime1; + NSSItem prime2; + NSSItem exponent1; + NSSItem exponent2; + NSSItem coefficient; + unsigned char publicExponentData[sizeof(CK_ULONG)]; + void *privateKey; + void *pubKey; +}; +typedef struct ckcapiKeyParamsStr ckcapiKeyParams; + +/* + * Key objects. Handles bare keys which do not yet have certs associated + * with them. These are usually short lived, but may exist for several days + * while the CA is issuing the certificate. + */ +struct ckcapiKeyObjectStr { + CRYPT_KEY_PROV_INFO provInfo; + char *provName; + char *containerName; + HCRYPTPROV hProv; + ckcapiKeyParams key; +}; +typedef struct ckcapiKeyObjectStr ckcapiKeyObject; + +/* + * Certificate and certificate referenced keys. + */ +struct ckcapiCertObjectStr { + PCCERT_CONTEXT certContext; + PRBool hasID; + const char *certStore; + NSSItem label; + NSSItem subject; + NSSItem issuer; + NSSItem serial; + NSSItem derCert; + ckcapiKeyParams key; + unsigned char *labelData; + /* static data: to do, make this dynamic like labelData */ + unsigned char derSerial[128]; +}; +typedef struct ckcapiCertObjectStr ckcapiCertObject; + +typedef enum { + ckcapiRaw, + ckcapiCert, + ckcapiBareKey +} ckcapiObjectType; + +/* + * all the various types of objects are abstracted away in cobject and + * cfind as ckcapiInternalObjects. + */ +struct ckcapiInternalObjectStr { + ckcapiObjectType type; + union { + ckcapiRawObject raw; + ckcapiCertObject cert; + ckcapiKeyObject key; + } u; + CK_OBJECT_CLASS objClass; + NSSItem hashKey; + NSSItem id; + void *idData; + unsigned char hashKeyData[128]; + NSSCKMDObject mdObject; +}; +typedef struct ckcapiInternalObjectStr ckcapiInternalObject; + +/* our raw object data array */ +NSS_EXTERN_DATA ckcapiInternalObject nss_ckcapi_data[]; +NSS_EXTERN_DATA const PRUint32 nss_ckcapi_nObjects; + +NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_CryptokiVersion; +NSS_EXTERN_DATA const NSSUTF8 * nss_ckcapi_ManufacturerID; +NSS_EXTERN_DATA const NSSUTF8 * nss_ckcapi_LibraryDescription; +NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_LibraryVersion; +NSS_EXTERN_DATA const NSSUTF8 * nss_ckcapi_SlotDescription; +NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_HardwareVersion; +NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_FirmwareVersion; +NSS_EXTERN_DATA const NSSUTF8 * nss_ckcapi_TokenLabel; +NSS_EXTERN_DATA const NSSUTF8 * nss_ckcapi_TokenModel; +NSS_EXTERN_DATA const NSSUTF8 * nss_ckcapi_TokenSerialNumber; + +NSS_EXTERN_DATA const NSSCKMDInstance nss_ckcapi_mdInstance; +NSS_EXTERN_DATA const NSSCKMDSlot nss_ckcapi_mdSlot; +NSS_EXTERN_DATA const NSSCKMDToken nss_ckcapi_mdToken; +NSS_EXTERN_DATA const NSSCKMDMechanism nss_ckcapi_mdMechanismRSA; + +NSS_EXTERN NSSCKMDSession * +nss_ckcapi_CreateSession +( + NSSCKFWSession *fwSession, + CK_RV *pError +); + +NSS_EXTERN NSSCKMDFindObjects * +nss_ckcapi_FindObjectsInit +( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError +); + +/* + * Object Utilities + */ +NSS_EXTERN NSSCKMDObject * +nss_ckcapi_CreateMDObject +( + NSSArena *arena, + ckcapiInternalObject *io, + CK_RV *pError +); + +NSS_EXTERN NSSCKMDObject * +nss_ckcapi_CreateObject +( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError +); + +NSS_EXTERN const NSSItem * +nss_ckcapi_FetchAttribute +( + ckcapiInternalObject *io, + CK_ATTRIBUTE_TYPE type +); + +NSS_EXTERN void +nss_ckcapi_DestroyInternalObject +( + ckcapiInternalObject *io +); + +NSS_EXTERN CK_RV +nss_ckcapi_FetchKeyContainer +( + ckcapiInternalObject *iKey, + HCRYPTPROV *hProv, + DWORD *keySpec, + HCRYPTKEY *hKey +); + +/* + * generic utilities + */ + +/* + * So everyone else in the worlds stores their bignum data MSB first, but not + * Microsoft, we need to byte swap everything coming into and out of CAPI. + */ +void +ckcapi_ReverseData +( + NSSItem *item +); + +/* + * unwrap a single DER value + */ +char * +nss_ckcapi_DERUnwrap +( + char *src, + int size, + int *outSize, + char **next +); + +/* + * Return the size in bytes of a wide string + */ +int +nss_ckcapi_WideSize +( + LPCWSTR wide +); + +/* + * Covert a Unicode wide character string to a UTF8 string + */ +char * +nss_ckcapi_WideToUTF8 +( + LPCWSTR wide +); + +/* + * Return a Wide String duplicated with nss allocated memory. + */ +LPWSTR +nss_ckcapi_WideDup +( + LPCWSTR wide +); + +/* + * Covert a UTF8 string to Unicode wide character + */ +LPWSTR +nss_ckcapi_UTF8ToWide +( + char *buf +); + + +NSS_EXTERN PRUint32 +nss_ckcapi_collect_all_certs( + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + ckcapiInternalObject ***listp, + PRUint32 *sizep, + PRUint32 count, + CK_RV *pError +); + +#define NSS_CKCAPI_ARRAY_SIZE(x) ((sizeof (x))/(sizeof ((x)[0]))) + +#endif diff --git a/security/nss/lib/ckfw/capi/ckcapiver.c b/security/nss/lib/ckfw/capi/ckcapiver.c new file mode 100644 index 000000000..d69290575 --- /dev/null +++ b/security/nss/lib/ckfw/capi/ckcapiver.c @@ -0,0 +1,59 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * Portions created by Red Hat, Inc, are Copyright (C) 2005 + * + * Contributor(s): + * Bob Relyea (rrelyea@redhat.com) + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ +/* Library identity and versioning */ + +#include "nsscapi.h" + +#if defined(DEBUG) +#define _DEBUG_STRING " (debug)" +#else +#define _DEBUG_STRING "" +#endif + +/* + * Version information for the 'ident' and 'what commands + * + * NOTE: the first component of the concatenated rcsid string + * must not end in a '$' to prevent rcs keyword substitution. + */ +const char __nss_ckcapi_rcsid[] = "$Header: NSS Access to Microsoft Certificate Store " + NSS_CKCAPI_LIBRARY_VERSION _DEBUG_STRING + " " __DATE__ " " __TIME__ " $"; +const char __nss_ckcapi_sccsid[] = "@(#)NSS Access to Microsoft Certificate Store " + NSS_CKCAPI_LIBRARY_VERSION _DEBUG_STRING + " " __DATE__ " " __TIME__; diff --git a/security/nss/lib/ckfw/capi/cobject.c b/security/nss/lib/ckfw/capi/cobject.c new file mode 100644 index 000000000..a7e3fc14d --- /dev/null +++ b/security/nss/lib/ckfw/capi/cobject.c @@ -0,0 +1,2346 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * Portions created by Red Hat, Inc, are Copyright (C) 2005 + * + * Contributor(s): + * Bob Relyea (rrelyea@redhat.com) + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +#include "ckcapi.h" +#include "nssbase.h" + +/* + * ckcapi/cobject.c + * + * This file implements the NSSCKMDObject object for the + * "nss to capi objects" cryptoki module. + */ + +const CK_ATTRIBUTE_TYPE certAttrs[] = { + CKA_CLASS, + CKA_TOKEN, + CKA_PRIVATE, + CKA_MODIFIABLE, + CKA_LABEL, + CKA_CERTIFICATE_TYPE, + CKA_SUBJECT, + CKA_ISSUER, + CKA_SERIAL_NUMBER, + CKA_VALUE +}; +const PRUint32 certAttrsCount = NSS_CKCAPI_ARRAY_SIZE(certAttrs); + +/* private keys, for now only support RSA */ +const CK_ATTRIBUTE_TYPE privKeyAttrs[] = { + CKA_CLASS, + CKA_TOKEN, + CKA_PRIVATE, + CKA_MODIFIABLE, + CKA_LABEL, + CKA_KEY_TYPE, + CKA_DERIVE, + CKA_LOCAL, + CKA_SUBJECT, + CKA_SENSITIVE, + CKA_DECRYPT, + CKA_SIGN, + CKA_SIGN_RECOVER, + CKA_UNWRAP, + CKA_EXTRACTABLE, + CKA_ALWAYS_SENSITIVE, + CKA_NEVER_EXTRACTABLE, + CKA_MODULUS, + CKA_PUBLIC_EXPONENT, +}; +const PRUint32 privKeyAttrsCount = NSS_CKCAPI_ARRAY_SIZE(privKeyAttrs); + +/* public keys, for now only support RSA */ +const CK_ATTRIBUTE_TYPE pubKeyAttrs[] = { + CKA_CLASS, + CKA_TOKEN, + CKA_PRIVATE, + CKA_MODIFIABLE, + CKA_LABEL, + CKA_KEY_TYPE, + CKA_DERIVE, + CKA_LOCAL, + CKA_SUBJECT, + CKA_ENCRYPT, + CKA_VERIFY, + CKA_VERIFY_RECOVER, + CKA_WRAP, + CKA_MODULUS, + CKA_PUBLIC_EXPONENT, +}; +const PRUint32 pubKeyAttrsCount = NSS_CKCAPI_ARRAY_SIZE(pubKeyAttrs); +static const CK_BBOOL ck_true = CK_TRUE; +static const CK_BBOOL ck_false = CK_FALSE; +static const CK_CERTIFICATE_TYPE ckc_x509 = CKC_X_509; +static const CK_KEY_TYPE ckk_rsa = CKK_RSA; +static const CK_OBJECT_CLASS cko_certificate = CKO_CERTIFICATE; +static const CK_OBJECT_CLASS cko_private_key = CKO_PRIVATE_KEY; +static const CK_OBJECT_CLASS cko_public_key = CKO_PUBLIC_KEY; +static const NSSItem ckcapi_trueItem = { + (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }; +static const NSSItem ckcapi_falseItem = { + (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }; +static const NSSItem ckcapi_x509Item = { + (void *)&ckc_x509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) }; +static const NSSItem ckcapi_rsaItem = { + (void *)&ckk_rsa, (PRUint32)sizeof(CK_KEY_TYPE) }; +static const NSSItem ckcapi_certClassItem = { + (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }; +static const NSSItem ckcapi_privKeyClassItem = { + (void *)&cko_private_key, (PRUint32)sizeof(CK_OBJECT_CLASS) }; +static const NSSItem ckcapi_pubKeyClassItem = { + (void *)&cko_public_key, (PRUint32)sizeof(CK_OBJECT_CLASS) }; +static const NSSItem ckcapi_emptyItem = { + (void *)&ck_true, 0}; + +/* + * these are utilities. The chould be moved to a new utilities file. + */ + +/* + * unwrap a single DER value + */ +char * +nss_ckcapi_DERUnwrap +( + char *src, + int size, + int *outSize, + char **next +) +{ + unsigned char *start = src; + unsigned char *end = src+size; + unsigned int len = 0; + + /* initialize error condition return values */ + *outSize = 0; + if (next) { + *next = src; + } + + if (size < 2) { + return start; + } + src ++ ; /* skip the tag -- should check it against an expected value! */ + len = (unsigned) *src++; + if (len & 0x80) { + int count = len & 0x7f; + len =0; + + if (count+2 > size) { + return start; + } + while (count-- > 0) { + len = (len << 8) | (unsigned) *src++; + } + } + if (len + ((unsigned char *)src-start) > (unsigned int)size) { + return start; + } + if (next) { + *next = src+len; + } + *outSize = len; + + return src; +} + +/* + * convert a PKCS #11 bytestrin into a CK_ULONG, the byte stream must be + * less than sizeof (CK_ULONG). + */ +CK_ULONG +nss_ckcapi_DataToInt +( + NSSItem *data, + CK_RV *pError +) +{ + CK_ULONG value = 0; + unsigned long count = data->size; + unsigned char *dataPtr = data->data; + unsigned long size = 0; + + *pError = CKR_OK; + + while (count--) { + value = value << 8; + value = value + *dataPtr++; + if (size || value) { + size++; + } + } + if (size > sizeof(CK_ULONG)) { + *pError = CKR_ATTRIBUTE_VALUE_INVALID; + } + return value; +} + +/* + * convert a CK_ULONG to a bytestream. Data is stored in the buffer 'buf' + * and must be at least CK_ULONG. Caller must provide buf. + */ +CK_ULONG +nss_ckcapi_IntToData +( + CK_ULONG value, + NSSItem *data, + unsigned char *dataPtr, + CK_RV *pError +) +{ + unsigned long count = 0; + unsigned long i; +#define SHIFT ((sizeof(CK_ULONG)-1)*8) + PRBool first = 0; + + *pError = CKR_OK; + + data->data = dataPtr; + for (i=0; i < sizeof(CK_ULONG); i++) { + unsigned char digit = (unsigned char)((value >> SHIFT) & 0xff); + + value = value << 8; + + /* drop leading zero bytes */ + if (first && (0 == digit)) { + continue; + } + *dataPtr++ = digit; + count++; + } + data->size = count; + return count; +} + +/* + * get an attribute from a template. Value is returned in NSS item. + * data for the item is owned by the template. + */ +CK_RV +nss_ckcapi_GetAttribute +( + CK_ATTRIBUTE_TYPE type, + CK_ATTRIBUTE *template, + CK_ULONG templateSize, + NSSItem *item +) +{ + CK_ULONG i; + + for (i=0; i < templateSize; i++) { + if (template[i].type == type) { + item->data = template[i].pValue; + item->size = template[i].ulValueLen; + return CKR_OK; + } + } + return CKR_TEMPLATE_INCOMPLETE; +} + +/* + * get an attribute which is type CK_ULONG. + */ +CK_ULONG +nss_ckcapi_GetULongAttribute +( + CK_ATTRIBUTE_TYPE type, + CK_ATTRIBUTE *template, + CK_ULONG templateSize, + CK_RV *pError +) +{ + NSSItem item; + + *pError = nss_ckcapi_GetAttribute(type, template, templateSize, &item); + if (CKR_OK != *pError) { + return (CK_ULONG) 0; + } + if (item.size != sizeof(CK_ULONG)) { + *pError = CKR_ATTRIBUTE_VALUE_INVALID; + return (CK_ULONG) 0; + } + return *(CK_ULONG *)item.data; +} + +/* + * get an attribute which is type CK_BBOOL. + */ +CK_BBOOL +nss_ckcapi_GetBoolAttribute +( + CK_ATTRIBUTE_TYPE type, + CK_ATTRIBUTE *template, + CK_ULONG templateSize, + CK_RV *pError +) +{ + NSSItem item; + + *pError = nss_ckcapi_GetAttribute(type, template, templateSize, &item); + if (CKR_OK != *pError) { + return (CK_BBOOL) 0; + } + if (item.size != sizeof(CK_BBOOL)) { + *pError = CKR_ATTRIBUTE_VALUE_INVALID; + return (CK_BBOOL) 0; + } + return *(CK_BBOOL *)item.data; +} + +/* + * get an attribute which is type CK_BBOOL. + */ +char * +nss_ckcapi_GetStringAttribute +( + CK_ATTRIBUTE_TYPE type, + CK_ATTRIBUTE *template, + CK_ULONG templateSize, + CK_RV *pError +) +{ + NSSItem item; + char *str; + + /* get the attribute */ + *pError = nss_ckcapi_GetAttribute(type, template, templateSize, &item); + if (CKR_OK != *pError) { + return (char *)NULL; + } + /* make sure it is null terminated */ + str = nss_ZNEWARRAY(NULL, char, item.size+1); + if ((char *)NULL == str) { + *pError = CKR_HOST_MEMORY; + return (char *)NULL; + } + + nsslibc_memcpy(str, item.data, item.size); + str[item.size] = 0; + + return str; +} + +/* + * Return the size in bytes of a wide string + */ +int +nss_ckcapi_WideSize +( + LPCWSTR wide +) +{ + DWORD size; + + if ((LPWSTR)NULL == wide) { + return 0; + } + size = wcslen(wide)+1; + return size*2; +} + +/* + * Covert a Unicode wide character string to a UTF8 string + */ +char * +nss_ckcapi_WideToUTF8 +( + LPCWSTR wide +) +{ + DWORD len; + DWORD size; + char *buf; + + if ((LPWSTR)NULL == wide) { + return (char *)NULL; + } + + len = nss_ckcapi_WideSize(wide); + + size = WideCharToMultiByte(CP_UTF8, 0, wide, len, NULL, 0, NULL, 0); + if (size == 0) { + return (char *)NULL; + } + buf = nss_ZNEWARRAY(NULL, char, size); + size = WideCharToMultiByte(CP_UTF8, 0, wide, len, buf, size, NULL, 0); + if (size == 0) { + nss_ZFreeIf(buf); + return (char *)NULL; + } + return buf; +} + +/* + * Return a Wide String duplicated with nss allocated memory. + */ +LPWSTR +nss_ckcapi_WideDup +( + LPCWSTR wide +) +{ + DWORD len = nss_ckcapi_WideSize(wide); + LPWSTR buf; + + if ((LPWSTR)NULL == wide) { + return (LPWSTR)NULL; + } + + len = nss_ckcapi_WideSize(wide); + + buf = (LPWSTR) nss_ZNEWARRAY(NULL, char, len); + if ((LPWSTR) NULL == buf) { + return buf; + } + nsslibc_memcpy(buf, wide, len); + return buf; +} + +/* + * Covert a UTF8 string to Unicode wide character + */ +LPWSTR +nss_ckcapi_UTF8ToWide +( + char *buf +) +{ + DWORD size; + DWORD len = strlen(buf)+1; + LPWSTR wide; + + if ((char *)NULL == buf) { + return (LPWSTR) NULL; + } + + len = strlen(buf)+1; + + size = MultiByteToWideChar(CP_UTF8, 0, buf, len, NULL, 0); + if (size == 0) { + return (LPWSTR) NULL; + } + wide = nss_ZNEWARRAY(NULL, WCHAR, size); + size = MultiByteToWideChar(CP_UTF8, 0, buf, len, wide, size); + if (size == 0) { + nss_ZFreeIf(wide); + return (LPWSTR) NULL; + } + return wide; +} + + +/* + * keep all the knowlege of how the internalObject is laid out in this function + * + * nss_ckcapi_FetchKeyContainer + * + * fetches the Provider container and info as well as a key handle for a + * private key. If something other than a private key is passed in, + * this function fails with CKR_KEY_TYPE_INCONSISTENT + */ +NSS_EXTERN CK_RV +nss_ckcapi_FetchKeyContainer +( + ckcapiInternalObject *iKey, + HCRYPTPROV *hProv, + DWORD *keySpec, + HCRYPTKEY *hKey +) +{ + ckcapiCertObject *co; + ckcapiKeyObject *ko; + BOOL rc, dummy; + DWORD msError; + + + switch (iKey->type) { + default: + case ckcapiRaw: + /* can't have raw private keys */ + return CKR_KEY_TYPE_INCONSISTENT; + case ckcapiCert: + if (iKey->objClass != CKO_PRIVATE_KEY) { + /* Only private keys have private key provider handles */ + return CKR_KEY_TYPE_INCONSISTENT; + } + co = &iKey->u.cert; + + /* OK, get the Provider */ + rc = CryptAcquireCertificatePrivateKey(co->certContext, + CRYPT_ACQUIRE_CACHE_FLAG|CRYPT_ACQUIRE_COMPARE_KEY_FLAG, NULL, hProv, + keySpec, &dummy); + if (!rc) { + goto loser; + } + break; + case ckcapiBareKey: + if (iKey->objClass != CKO_PRIVATE_KEY) { + /* Only private keys have private key provider handles */ + return CKR_KEY_TYPE_INCONSISTENT; + } + ko = &iKey->u.key; + + /* OK, get the Provider */ + if (0 == ko->hProv) { + rc = CryptAcquireContext(hProv, + ko->containerName, + ko->provName, + ko->provInfo.dwProvType , 0); + if (!rc) { + goto loser; + } + } else { + *hProv = ko->hProv; + } + *keySpec = ko->provInfo.dwKeySpec; + break; + } + + /* and get the crypto handle */ + rc = CryptGetUserKey(*hProv, *keySpec, hKey); + if (!rc) { + goto loser; + } + return CKR_OK; +loser: + /* map the microsoft error before leaving */ + msError = GetLastError(); + switch (msError) { + case ERROR_INVALID_HANDLE: + case ERROR_INVALID_PARAMETER: + case NTE_BAD_KEY: + case NTE_NO_KEY: + case NTE_BAD_PUBLIC_KEY: + case NTE_BAD_KEYSET: + case NTE_KEYSET_NOT_DEF: + return CKR_KEY_TYPE_INCONSISTENT; + case NTE_BAD_UID: + case NTE_KEYSET_ENTRY_BAD: + return CKR_DEVICE_ERROR; + } + return CKR_GENERAL_ERROR; +} + + +/* + * take a DER PUBLIC Key block and return the modulus and exponent + */ +static void +ckcapi_CertPopulateModulusExponent +( + ckcapiInternalObject *io +) +{ + ckcapiKeyParams *kp = &io->u.cert.key; + PCCERT_CONTEXT certContext = io->u.cert.certContext; + char *pkData = certContext->pCertInfo->SubjectPublicKeyInfo.PublicKey.pbData; + CK_ULONG size= certContext->pCertInfo->SubjectPublicKeyInfo.PublicKey.cbData; + CK_ULONG newSize; + char *ptr, *newptr; + + /* find the start of the modulus -- this will not give good results if + * the key isn't an rsa key! */ + ptr = nss_ckcapi_DERUnwrap(pkData, size, &newSize, NULL); + kp->modulus.data = nss_ckcapi_DERUnwrap(ptr, newSize, + &kp->modulus.size, &newptr); + /* changed from signed to unsigned int */ + if (0 == *(char *)kp->modulus.data) { + kp->modulus.data = ((char *)kp->modulus.data)+1; + kp->modulus.size = kp->modulus.size - 1; + } + /* changed from signed to unsigned int */ + kp->exponent.data = nss_ckcapi_DERUnwrap(newptr, (newptr-ptr)+newSize, + &kp->exponent.size, NULL); + if (0 == *(char *)kp->exponent.data) { + kp->exponent.data = ((char *)kp->exponent.data)+1; + kp->exponent.size = kp->exponent.size - 1; + } + return; +} + +typedef struct _CAPI_RSA_KEY_BLOB { + PUBLICKEYSTRUC header; + RSAPUBKEY rsa; + char data[1]; +} CAPI_RSA_KEY_BLOB; + +#define CAPI_MODULUS_OFFSET(modSize) 0 +#define CAPI_PRIME_1_OFFSET(modSize) (modSize) +#define CAPI_PRIME_2_OFFSET(modSize) ((modSize)+(modSize)/2) +#define CAPI_EXPONENT_1_OFFSET(modSize) ((modSize)*2) +#define CAPI_EXPONENT_2_OFFSET(modSize) ((modSize)*2+(modSize)/2) +#define CAPI_COEFFICIENT_OFFSET(modSize) ((modSize)*3) +#define CAPI_PRIVATE_EXP_OFFSET(modSize) ((modSize)*3+(modSize)/2) + +void +ckcapi_FetchPublicKey +( + ckcapiInternalObject *io +) +{ + ckcapiKeyParams *kp; + HCRYPTPROV hProv; + DWORD keySpec; + HCRYPTKEY hKey = 0; + CK_RV error; + DWORD bufLen; + BOOL rc; + unsigned long modulus; + char *buf = NULL; + CAPI_RSA_KEY_BLOB *blob; + + error = nss_ckcapi_FetchKeyContainer(io, &hProv, &keySpec, &hKey); + if (CKR_OK != error) { + goto loser; + } + kp = (ckcapiCert == io->type) ? &io->u.cert.key : &io->u.key.key; + + rc = CryptExportKey(hKey, 0, PUBLICKEYBLOB, 0, buf, &bufLen); + if (!rc) { + goto loser; + } + buf = nss_ZNEWARRAY(NULL, char, bufLen); + rc = CryptExportKey(hKey, 0, PUBLICKEYBLOB, 0, buf, &bufLen); + if (!rc) { + goto loser; + } + /* validate the blob */ + blob = (CAPI_RSA_KEY_BLOB *)buf; + if ((PUBLICKEYBLOB != blob->header.bType) || + (0x02 != blob->header.bVersion) || + (0x31415352 != blob->rsa.magic)) { + goto loser; + } + modulus = blob->rsa.bitlen/8; + kp->pubKey = buf; + buf = NULL; + + kp->modulus.data = &blob->data[CAPI_MODULUS_OFFSET(modulus)]; + kp->modulus.size = modulus; + ckcapi_ReverseData(&kp->modulus); + nss_ckcapi_IntToData(blob->rsa.pubexp, &kp->exponent, + kp->publicExponentData, &error); + +loser: + nss_ZFreeIf(buf); + if (0 != hKey) { + CryptDestroyKey(hKey); + } + return; +} + +void +ckcapi_FetchPrivateKey +( + ckcapiInternalObject *io +) +{ + ckcapiKeyParams *kp; + HCRYPTPROV hProv; + DWORD keySpec; + HCRYPTKEY hKey = 0; + CK_RV error; + DWORD bufLen; + BOOL rc; + unsigned long modulus; + char *buf = NULL; + CAPI_RSA_KEY_BLOB *blob; + + error = nss_ckcapi_FetchKeyContainer(io, &hProv, &keySpec, &hKey); + if (CKR_OK != error) { + goto loser; + } + kp = (ckcapiCert == io->type) ? &io->u.cert.key : &io->u.key.key; + + rc = CryptExportKey(hKey, 0, PRIVATEKEYBLOB, 0, buf, &bufLen); + if (!rc) { + goto loser; + } + buf = nss_ZNEWARRAY(NULL, char, bufLen); + rc = CryptExportKey(hKey, 0, PRIVATEKEYBLOB, 0, buf, &bufLen); + if (!rc) { + goto loser; + } + /* validate the blob */ + blob = (CAPI_RSA_KEY_BLOB *)buf; + if ((PRIVATEKEYBLOB != blob->header.bType) || + (0x02 != blob->header.bVersion) || + (0x32415352 != blob->rsa.magic)) { + goto loser; + } + modulus = blob->rsa.bitlen/8; + kp->privateKey = buf; + buf = NULL; + + kp->privateExponent.data = &blob->data[CAPI_PRIVATE_EXP_OFFSET(modulus)]; + kp->privateExponent.size = modulus; + ckcapi_ReverseData(&kp->privateExponent); + kp->prime1.data = &blob->data[CAPI_PRIME_1_OFFSET(modulus)]; + kp->prime1.size = modulus/2; + ckcapi_ReverseData(&kp->prime1); + kp->prime2.data = &blob->data[CAPI_PRIME_2_OFFSET(modulus)]; + kp->prime2.size = modulus/2; + ckcapi_ReverseData(&kp->prime2); + kp->exponent1.data = &blob->data[CAPI_EXPONENT_1_OFFSET(modulus)]; + kp->exponent1.size = modulus/2; + ckcapi_ReverseData(&kp->exponent1); + kp->exponent2.data = &blob->data[CAPI_EXPONENT_2_OFFSET(modulus)]; + kp->exponent2.size = modulus/2; + ckcapi_ReverseData(&kp->exponent2); + kp->coefficient.data = &blob->data[CAPI_COEFFICIENT_OFFSET(modulus)]; + kp->coefficient.size = modulus/2; + ckcapi_ReverseData(&kp->coefficient); + +loser: + nss_ZFreeIf(buf); + if (0 != hKey) { + CryptDestroyKey(hKey); + } + return; +} + + +void +ckcapi_PopulateModulusExponent +( + ckcapiInternalObject *io +) +{ + if (ckcapiCert == io->type) { + ckcapi_CertPopulateModulusExponent(io); + } else { + ckcapi_FetchPublicKey(io); + } + return; +} + +/* + * fetch the friendly name attribute. + * can only be called with ckcapiCert type objects! + */ +void +ckcapi_FetchLabel +( + ckcapiInternalObject *io +) +{ + ckcapiCertObject *co = &io->u.cert; + char *label; + PCCERT_CONTEXT certContext = io->u.cert.certContext; + char labelDataUTF16[128]; + DWORD size = sizeof(labelDataUTF16); + DWORD size8 = sizeof(co->labelData); + BOOL rv; + + rv = CertGetCertificateContextProperty(certContext, + CERT_FRIENDLY_NAME_PROP_ID, labelDataUTF16, &size); + if (rv) { + co->labelData = nss_ckcapi_WideToUTF8((LPCWSTR)labelDataUTF16); + if ((CHAR *)NULL == co->labelData) { + rv = 0; + } else { + size = strlen(co->labelData); + } + } + label = co->labelData; + /* we are presuming a user cert, make sure it has a nickname, even if + * Microsoft never gave it one */ + if (!rv && co->hasID) { + DWORD mserror = GetLastError(); +#define DEFAULT_NICKNAME "no Microsoft nickname" + label = DEFAULT_NICKNAME; + size = sizeof(DEFAULT_NICKNAME); + rv = 1; + } + + if (rv) { + co->label.data = label; + co->label.size = size; + } + return; +} + +void +ckcapi_FetchSerial +( + ckcapiInternalObject *io +) +{ + ckcapiCertObject *co = &io->u.cert; + PCCERT_CONTEXT certContext = io->u.cert.certContext; + DWORD size = sizeof(co->derSerial); + + BOOL rc = CryptEncodeObject(X509_ASN_ENCODING, + X509_MULTI_BYTE_INTEGER, + &certContext->pCertInfo->SerialNumber, + co->derSerial, + &size); + if (rc) { + co->serial.data = co->derSerial; + co->serial.size = size; + } + return; +} + +/* + * fetch the key ID. + */ +void +ckcapi_FetchID +( + ckcapiInternalObject *io +) +{ + PCCERT_CONTEXT certContext = io->u.cert.certContext; + DWORD size = 0; + BOOL rc; + + rc = CertGetCertificateContextProperty(certContext, + CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size); + if (!rc) { + return; + } + io->idData = nss_ZNEWARRAY(NULL, char, size); + if (io->idData == NULL) { + return; + } + + rc = CertGetCertificateContextProperty(certContext, + CERT_KEY_IDENTIFIER_PROP_ID, io->idData, &size); + if (!rc) { + nss_ZFreeIf(io->idData); + io->idData = NULL; + return; + } + io->id.data = io->idData; + io->id.size = size; + return; +} + +/* + * fetch the hash key. + */ +void +ckcapi_CertFetchHashKey +( + ckcapiInternalObject *io +) +{ + ckcapiCertObject *co = &io->u.cert; + PCCERT_CONTEXT certContext = io->u.cert.certContext; + DWORD size = certContext->cbCertEncoded; + DWORD max = sizeof(io->hashKeyData)-1; + DWORD offset = 0; + + /* make sure we don't over flow. NOTE: cutting the top of a cert is + * not a big issue because the signature for will be unique for the cert */ + if (size > max) { + offset = size - max; + size = max; + } + + nsslibc_memcpy(io->hashKeyData,certContext->pbCertEncoded+offset, size); + io->hashKeyData[size] = (char)(io->objClass & 0xff); + + io->hashKey.data = io->hashKeyData; + io->hashKey.size = size+1; + return; +} + +/* + * fetch the hash key. + */ +void +ckcapi_KeyFetchHashKey +( + ckcapiInternalObject *io +) +{ + ckcapiKeyObject *ko = &io->u.key; + DWORD size; + DWORD max = sizeof(io->hashKeyData)-2; + DWORD offset = 0; + DWORD provLen = strlen(ko->provName); + DWORD containerLen = strlen(ko->containerName); + + + size = provLen + containerLen; + + /* make sure we don't overflow, try to keep things unique */ + if (size > max) { + DWORD diff = ((size - max)+1)/2; + provLen -= diff; + containerLen -= diff; + size = provLen+containerLen; + } + + nsslibc_memcpy(io->hashKeyData, ko->provName, provLen); + nsslibc_memcpy(&io->hashKeyData[provLen], + ko->containerName, + containerLen); + io->hashKeyData[size] = (char)(io->objClass & 0xff); + io->hashKeyData[size+1] = (char)(ko->provInfo.dwKeySpec & 0xff); + + io->hashKey.data = io->hashKeyData; + io->hashKey.size = size+2; + return; +} + +/* + * fetch the hash key. + */ +void +ckcapi_FetchHashKey +( + ckcapiInternalObject *io +) +{ + if (ckcapiCert == io->type) { + ckcapi_CertFetchHashKey(io); + } else { + ckcapi_KeyFetchHashKey(io); + } + return; +} + +const NSSItem * +ckcapi_FetchCertAttribute +( + ckcapiInternalObject *io, + CK_ATTRIBUTE_TYPE type +) +{ + PCCERT_CONTEXT certContext = io->u.cert.certContext; + switch(type) { + case CKA_CLASS: + return &ckcapi_certClassItem; + case CKA_TOKEN: + return &ckcapi_trueItem; + case CKA_MODIFIABLE: + case CKA_PRIVATE: + return &ckcapi_falseItem; + case CKA_CERTIFICATE_TYPE: + return &ckcapi_x509Item; + case CKA_LABEL: + if (0 == io->u.cert.label.size) { + ckcapi_FetchLabel(io); + } + return &io->u.cert.label; + case CKA_SUBJECT: + if (0 == io->u.cert.subject.size) { + io->u.cert.subject.data = certContext->pCertInfo->Subject.pbData; + io->u.cert.subject.size = certContext->pCertInfo->Subject.cbData; + } + return &io->u.cert.subject; + case CKA_ISSUER: + if (0 == io->u.cert.issuer.size) { + io->u.cert.issuer.data = certContext->pCertInfo->Issuer.pbData; + io->u.cert.issuer.size = certContext->pCertInfo->Issuer.cbData; + } + return &io->u.cert.issuer; + case CKA_SERIAL_NUMBER: + if (0 == io->u.cert.serial.size) { + /* not exactly right. This should be the encoded serial number, but + * it's the decoded serial number! */ + ckcapi_FetchSerial(io); + } + return &io->u.cert.serial; + case CKA_VALUE: + if (0 == io->u.cert.derCert.size) { + io->u.cert.derCert.data = io->u.cert.certContext->pbCertEncoded; + io->u.cert.derCert.size = io->u.cert.certContext->cbCertEncoded; + } + return &io->u.cert.derCert; + case CKA_ID: + if (!io->u.cert.hasID) { + return NULL; + } + if (0 == io->id.size) { + ckcapi_FetchID(io); + } + return &io->id; + default: + break; + } + return NULL; +} + +const NSSItem * +ckcapi_FetchPubKeyAttribute +( + ckcapiInternalObject *io, + CK_ATTRIBUTE_TYPE type +) +{ + PRBool isCertType = (ckcapiCert == io->type); + ckcapiKeyParams *kp = isCertType ? &io->u.cert.key : &io->u.key.key; + + switch(type) { + case CKA_CLASS: + return &ckcapi_pubKeyClassItem; + case CKA_TOKEN: + case CKA_LOCAL: + case CKA_ENCRYPT: + case CKA_VERIFY: + case CKA_VERIFY_RECOVER: + return &ckcapi_trueItem; + case CKA_PRIVATE: + case CKA_MODIFIABLE: + case CKA_DERIVE: + case CKA_WRAP: + return &ckcapi_falseItem; + case CKA_KEY_TYPE: + return &ckcapi_rsaItem; + case CKA_LABEL: + if (!isCertType) { + return &ckcapi_emptyItem; + } + if (0 == io->u.cert.label.size) { + ckcapi_FetchLabel(io); + } + return &io->u.cert.label; + case CKA_SUBJECT: + if (!isCertType) { + return &ckcapi_emptyItem; + } + if (0 == io->u.cert.subject.size) { + PCCERT_CONTEXT certContext= io->u.cert.certContext; + io->u.cert.subject.data = certContext->pCertInfo->Subject.pbData; + io->u.cert.subject.size = certContext->pCertInfo->Subject.cbData; + } + return &io->u.cert.subject; + case CKA_MODULUS: + if (0 == kp->modulus.size) { + ckcapi_PopulateModulusExponent(io); + } + return &kp->modulus; + case CKA_PUBLIC_EXPONENT: + if (0 == kp->modulus.size) { + ckcapi_PopulateModulusExponent(io); + } + return &kp->exponent; + case CKA_ID: + if (0 == io->id.size) { + ckcapi_FetchID(io); + } + return &io->id; + default: + break; + } + return NULL; +} + +const NSSItem * +ckcapi_FetchPrivKeyAttribute +( + ckcapiInternalObject *io, + CK_ATTRIBUTE_TYPE type +) +{ + PRBool isCertType = (ckcapiCert == io->type); + ckcapiKeyParams *kp = isCertType ? &io->u.cert.key : &io->u.key.key; + + switch(type) { + case CKA_CLASS: + return &ckcapi_privKeyClassItem; + case CKA_TOKEN: + case CKA_LOCAL: + case CKA_SIGN: + case CKA_DECRYPT: + case CKA_SIGN_RECOVER: + return &ckcapi_trueItem; + case CKA_SENSITIVE: + case CKA_PRIVATE: /* should move in the future */ + case CKA_MODIFIABLE: + case CKA_DERIVE: + case CKA_UNWRAP: + case CKA_EXTRACTABLE: /* will probably move in the future */ + case CKA_ALWAYS_SENSITIVE: + case CKA_NEVER_EXTRACTABLE: + return &ckcapi_falseItem; + case CKA_KEY_TYPE: + return &ckcapi_rsaItem; + case CKA_LABEL: + if (!isCertType) { + return &ckcapi_emptyItem; + } + if (0 == io->u.cert.label.size) { + ckcapi_FetchLabel(io); + } + return &io->u.cert.label; + case CKA_SUBJECT: + if (!isCertType) { + return &ckcapi_emptyItem; + } + if (0 == io->u.cert.subject.size) { + PCCERT_CONTEXT certContext= io->u.cert.certContext; + io->u.cert.subject.data = certContext->pCertInfo->Subject.pbData; + io->u.cert.subject.size = certContext->pCertInfo->Subject.cbData; + } + return &io->u.cert.subject; + case CKA_MODULUS: + if (0 == kp->modulus.size) { + ckcapi_PopulateModulusExponent(io); + } + return &kp->modulus; + case CKA_PUBLIC_EXPONENT: + if (0 == kp->modulus.size) { + ckcapi_PopulateModulusExponent(io); + } + return &kp->exponent; + case CKA_PRIVATE_EXPONENT: + if (0 == kp->privateExponent.size) { + ckcapi_FetchPrivateKey(io); + } + return &kp->privateExponent; + case CKA_PRIME_1: + if (0 == kp->privateExponent.size) { + ckcapi_FetchPrivateKey(io); + } + return &kp->prime1; + case CKA_PRIME_2: + if (0 == kp->privateExponent.size) { + ckcapi_FetchPrivateKey(io); + } + return &kp->prime2; + case CKA_EXPONENT_1: + if (0 == kp->privateExponent.size) { + ckcapi_FetchPrivateKey(io); + } + return &kp->exponent1; + case CKA_EXPONENT_2: + if (0 == kp->privateExponent.size) { + ckcapi_FetchPrivateKey(io); + } + return &kp->exponent2; + case CKA_COEFFICIENT: + if (0 == kp->privateExponent.size) { + ckcapi_FetchPrivateKey(io); + } + return &kp->coefficient; + case CKA_ID: + if (0 == io->id.size) { + ckcapi_FetchID(io); + } + return &io->id; + default: + return NULL; + } +} + +const NSSItem * +nss_ckcapi_FetchAttribute +( + ckcapiInternalObject *io, + CK_ATTRIBUTE_TYPE type +) +{ + CK_ULONG i; + + if (io->type == ckcapiRaw) { + for( i = 0; i < io->u.raw.n; i++ ) { + if( type == io->u.raw.types[i] ) { + return &io->u.raw.items[i]; + } + } + return NULL; + } + /* deal with the common attributes */ + switch (io->objClass) { + case CKO_CERTIFICATE: + return ckcapi_FetchCertAttribute(io, type); + case CKO_PRIVATE_KEY: + return ckcapi_FetchPrivKeyAttribute(io, type); + case CKO_PUBLIC_KEY: + return ckcapi_FetchPubKeyAttribute(io, type); + } + return NULL; +} + +/* + * check to see if the certificate already exists + */ +static PRBool +ckcapi_cert_exists( + NSSItem *value, + ckcapiInternalObject **io +) +{ + int count,i; + PRUint32 size = 0; + ckcapiInternalObject **listp = NULL; + CK_ATTRIBUTE myTemplate[2]; + CK_OBJECT_CLASS cert_class = CKO_CERTIFICATE; + CK_ULONG templateCount = 2; + CK_RV error; + PRBool found = PR_FALSE; + + myTemplate[0].type = CKA_CLASS; + myTemplate[0].pValue = &cert_class; + myTemplate[0].ulValueLen = sizeof(cert_class); + myTemplate[1].type = CKA_VALUE; + myTemplate[1].pValue = value->data; + myTemplate[1].ulValueLen = value->size; + + count = nss_ckcapi_collect_all_certs(myTemplate, templateCount, &listp, + &size, 0, &error); + + /* free them */ + if (count > 1) { + *io = listp[0]; + found = PR_TRUE; + } + + for (i=1; i < count; i++) { + nss_ckcapi_DestroyInternalObject(listp[i]); + } + nss_ZFreeIf(listp); + return found; +} + +static PRBool +ckcapi_cert_hasEmail +( + PCCERT_CONTEXT certContext +) +{ + int count; + + count = CertGetNameString(certContext, CERT_NAME_EMAIL_TYPE, + 0, NULL, NULL, 0); + + return count > 1 ? PR_TRUE : PR_FALSE; +} + +static PRBool +ckcapi_cert_isRoot +( + PCCERT_CONTEXT certContext +) +{ + return CertCompareCertificateName(certContext->dwCertEncodingType, + &certContext->pCertInfo->Issuer, &certContext->pCertInfo->Subject); +} + +static PRBool +ckcapi_cert_isCA +( + PCCERT_CONTEXT certContext +) +{ + PCERT_EXTENSION extension; + CERT_BASIC_CONSTRAINTS2_INFO basicInfo; + DWORD size = sizeof(basicInfo); + BOOL rc; + + extension = CertFindExtension (szOID_BASIC_CONSTRAINTS, + certContext->pCertInfo->cExtension, + certContext->pCertInfo->rgExtension); + if ((PCERT_EXTENSION) NULL == extension ) { + return PR_FALSE; + } + rc = CryptDecodeObject(X509_ASN_ENCODING, szOID_BASIC_CONSTRAINTS2, + extension->Value.pbData, extension->Value.cbData, + 0, &basicInfo, &size); + if (!rc) { + return PR_FALSE; + } + return (PRBool) basicInfo.fCA; +} + +static CRYPT_KEY_PROV_INFO * +ckcapi_cert_getPrivateKeyInfo +( + PCCERT_CONTEXT certContext, + NSSItem *keyID +) +{ + BOOL rc; + CRYPT_HASH_BLOB msKeyID; + DWORD size = 0; + CRYPT_KEY_PROV_INFO *prov = NULL; + + msKeyID.cbData = keyID->size; + msKeyID.pbData = keyID->data; + + rc = CryptGetKeyIdentifierProperty( + &msKeyID, + CERT_KEY_PROV_INFO_PROP_ID, + 0, NULL, NULL, NULL, &size); + if (!rc) { + return (CRYPT_KEY_PROV_INFO *)NULL; + } + prov = (CRYPT_KEY_PROV_INFO *)nss_ZAlloc(NULL, size); + if ((CRYPT_KEY_PROV_INFO *)prov == NULL) { + return (CRYPT_KEY_PROV_INFO *) NULL; + } + rc = CryptGetKeyIdentifierProperty( + &msKeyID, + CERT_KEY_PROV_INFO_PROP_ID, + 0, NULL, NULL, prov, &size); + if (!rc) { + nss_ZFreeIf(prov); + return (CRYPT_KEY_PROV_INFO *)NULL; + } + + return prov; +} + +static CRYPT_KEY_PROV_INFO * +ckcapi_cert_getProvInfo +( + ckcapiInternalObject *io +) +{ + BOOL rc; + DWORD size = 0; + CRYPT_KEY_PROV_INFO *prov = NULL; + + rc = CertGetCertificateContextProperty( + io->u.cert.certContext, + CERT_KEY_PROV_INFO_PROP_ID, + NULL, &size); + if (!rc) { + return (CRYPT_KEY_PROV_INFO *)NULL; + } + prov = (CRYPT_KEY_PROV_INFO *)nss_ZAlloc(NULL, size); + if ((CRYPT_KEY_PROV_INFO *)prov == NULL) { + return (CRYPT_KEY_PROV_INFO *) NULL; + } + rc = CertGetCertificateContextProperty( + io->u.cert.certContext, + CERT_KEY_PROV_INFO_PROP_ID, + prov, &size); + if (!rc) { + nss_ZFreeIf(prov); + return (CRYPT_KEY_PROV_INFO *)NULL; + } + + return prov; +} + +/* forward declaration */ +static void +ckcapi_removeObjectFromHash +( + ckcapiInternalObject *io +); + +/* + * Finalize - unneeded + * Destroy + * IsTokenObject - CK_TRUE + * GetAttributeCount + * GetAttributeTypes + * GetAttributeSize + * GetAttribute + * SetAttribute + * GetObjectSize + */ + +static CK_RV +ckcapi_mdObject_Destroy +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc; + CK_OBJECT_CLASS objClass; + BOOL rc; + DWORD provType; + DWORD msError; + PRBool isCertType = (PRBool)(ckcapiCert == io->type); + HCERTSTORE hStore = 0; + + if (ckcapiRaw == io->type) { + /* there is not 'object write protected' error, use the next best thing */ + return CKR_TOKEN_WRITE_PROTECTED; + } + + objClass = io->objClass; + if (CKO_CERTIFICATE == objClass) { + PCCERT_CONTEXT certContext; + + /* get the store */ + hStore = CertOpenSystemStore(0, io->u.cert.certStore); + if (0 == hStore) { + rc = 0; + goto loser; + } + certContext = CertFindCertificateInStore(hStore, X509_ASN_ENCODING, 0, + CERT_FIND_EXISTING, io->u.cert.certContext, NULL); + if ((PCCERT_CONTEXT)NULL == certContext) { + rc = 0; + goto loser; + } + rc = CertDeleteCertificateFromStore(certContext); + CertFreeCertificateContext(certContext); + } else { + char *provName = NULL; + char *containerName = NULL; + HCRYPTPROV hProv; + CRYPT_HASH_BLOB msKeyID; + + if (0 == io->id.size) { + ckcapi_FetchID(io); + } + + if (isCertType) { + CRYPT_KEY_PROV_INFO * provInfo = ckcapi_cert_getProvInfo(io); + provName = nss_ckcapi_WideToUTF8(provInfo->pwszProvName); + containerName = nss_ckcapi_WideToUTF8(provInfo->pwszContainerName); + provType = provInfo->dwProvType; + nss_ZFreeIf(provInfo); + } else { + provName = io->u.key.provName; + containerName = io->u.key.containerName; + provType = io->u.key.provInfo.dwProvType; + io->u.key.provName = NULL; + io->u.key.containerName = NULL; + } + /* first remove the key id pointer */ + msKeyID.cbData = io->id.size; + msKeyID.pbData = io->id.data; + rc = CryptSetKeyIdentifierProperty(&msKeyID, + CERT_KEY_PROV_INFO_PROP_ID, CRYPT_KEYID_DELETE_FLAG, NULL, NULL, NULL); + if (rc) { + rc = CryptAcquireContext(&hProv, containerName, provName, provType, + CRYPT_DELETEKEYSET); + } + nss_ZFreeIf(provName); + nss_ZFreeIf(containerName); + } +loser: + + if (hStore) { + CertCloseStore(hStore, 0); + } + if (!rc) { + msError = GetLastError(); + return CKR_GENERAL_ERROR; + } + + /* remove it from the hash */ + ckcapi_removeObjectFromHash(io); + + /* free the puppy.. */ + nss_ckcapi_DestroyInternalObject(io); + return CKR_OK; +} + +static CK_BBOOL +ckcapi_mdObject_IsTokenObject +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + return CK_TRUE; +} + +static CK_ULONG +ckcapi_mdObject_GetAttributeCount +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc; + + if (ckcapiRaw == io->type) { + return io->u.raw.n; + } + switch (io->objClass) { + case CKO_CERTIFICATE: + return certAttrsCount; + case CKO_PUBLIC_KEY: + return pubKeyAttrsCount; + case CKO_PRIVATE_KEY: + return privKeyAttrsCount; + default: + break; + } + return 0; +} + +static CK_RV +ckcapi_mdObject_GetAttributeTypes +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount +) +{ + ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc; + CK_ULONG i; + CK_RV error = CKR_OK; + const CK_ATTRIBUTE_TYPE *attrs = NULL; + CK_ULONG size = ckcapi_mdObject_GetAttributeCount( + mdObject, fwObject, mdSession, fwSession, + mdToken, fwToken, mdInstance, fwInstance, &error); + + if( size != ulCount ) { + return CKR_BUFFER_TOO_SMALL; + } + if (io->type == ckcapiRaw) { + attrs = io->u.raw.types; + } else switch(io->objClass) { + case CKO_CERTIFICATE: + attrs = certAttrs; + break; + case CKO_PUBLIC_KEY: + attrs = pubKeyAttrs; + break; + case CKO_PRIVATE_KEY: + attrs = privKeyAttrs; + break; + default: + return CKR_OK; + } + + for( i = 0; i < size; i++) { + typeArray[i] = attrs[i]; + } + + return CKR_OK; +} + +static CK_ULONG +ckcapi_mdObject_GetAttributeSize +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError +) +{ + ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc; + + const NSSItem *b; + + b = nss_ckcapi_FetchAttribute(io, attribute); + + if ((const NSSItem *)NULL == b) { + *pError = CKR_ATTRIBUTE_TYPE_INVALID; + return 0; + } + return b->size; +} + +static CK_RV +ckcapi_mdObject_SetAttribute +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + NSSItem *value +) +{ + return CKR_OK; +} + +static NSSCKFWItem +ckcapi_mdObject_GetAttribute +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError +) +{ + NSSCKFWItem mdItem; + ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc; + + mdItem.needsFreeing = PR_FALSE; + mdItem.item = (NSSItem*)nss_ckcapi_FetchAttribute(io, attribute); + + if ((NSSItem *)NULL == mdItem.item) { + *pError = CKR_ATTRIBUTE_TYPE_INVALID; + } + + return mdItem; +} + +static CK_ULONG +ckcapi_mdObject_GetObjectSize +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc; + CK_ULONG rv = 1; + + /* size is irrelevant to this token */ + return rv; +} + +static const NSSCKMDObject +ckcapi_prototype_mdObject = { + (void *)NULL, /* etc */ + NULL, /* Finalize */ + ckcapi_mdObject_Destroy, + ckcapi_mdObject_IsTokenObject, + ckcapi_mdObject_GetAttributeCount, + ckcapi_mdObject_GetAttributeTypes, + ckcapi_mdObject_GetAttributeSize, + ckcapi_mdObject_GetAttribute, + NULL, /* FreeAttribute */ + ckcapi_mdObject_SetAttribute, + ckcapi_mdObject_GetObjectSize, + (void *)NULL /* null terminator */ +}; + +static nssHash *ckcapiInternalObjectHash = NULL; + +NSS_IMPLEMENT NSSCKMDObject * +nss_ckcapi_CreateMDObject +( + NSSArena *arena, + ckcapiInternalObject *io, + CK_RV *pError +) +{ + if ((nssHash *)NULL == ckcapiInternalObjectHash) { + ckcapiInternalObjectHash = nssHash_CreateItem(NULL, 10); + } + if (ckcapiCert == io->type) { + /* the hash key, not a cryptographic key */ + NSSItem *key = &io->hashKey; + ckcapiInternalObject *old_o = NULL; + + if (key->size == 0) { + ckcapi_FetchHashKey(io); + } + old_o = (ckcapiInternalObject *) + nssHash_Lookup(ckcapiInternalObjectHash, key); + if (!old_o) { + nssHash_Add(ckcapiInternalObjectHash, key, io); + } else if (old_o != io) { + nss_ckcapi_DestroyInternalObject(io); + io = old_o; + } + } + + if ( (void*)NULL == io->mdObject.etc) { + (void) nsslibc_memcpy(&io->mdObject,&ckcapi_prototype_mdObject, + sizeof(ckcapi_prototype_mdObject)); + io->mdObject.etc = (void *)io; + } + return &io->mdObject; +} + +static void +ckcapi_removeObjectFromHash +( + ckcapiInternalObject *io +) +{ + NSSItem *key = &io->hashKey; + + if ((nssHash *)NULL == ckcapiInternalObjectHash) { + return; + } + if (key->size == 0) { + ckcapi_FetchHashKey(io); + } + nssHash_Remove(ckcapiInternalObjectHash, key); + return; +} + +void +nss_ckcapi_DestroyInternalObject +( + ckcapiInternalObject *io +) +{ + switch (io->type) { + case ckcapiRaw: + return; + case ckcapiCert: + CertFreeCertificateContext(io->u.cert.certContext); + nss_ZFreeIf(io->u.cert.labelData); + nss_ZFreeIf(io->u.cert.key.privateKey); + nss_ZFreeIf(io->u.cert.key.pubKey); + nss_ZFreeIf(io->idData); + break; + case ckcapiBareKey: + nss_ZFreeIf(io->u.key.provInfo.pwszContainerName); + nss_ZFreeIf(io->u.key.provInfo.pwszProvName); + nss_ZFreeIf(io->u.key.provName); + nss_ZFreeIf(io->u.key.containerName); + nss_ZFreeIf(io->u.key.key.privateKey); + nss_ZFreeIf(io->u.key.key.pubKey); + if (0 != io->u.key.hProv) { + CryptReleaseContext(io->u.key.hProv, 0); + } + nss_ZFreeIf(io->idData); + break; + } + nss_ZFreeIf(io); + return; +} + +static ckcapiInternalObject * +nss_ckcapi_CreateCertificate +( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError +) +{ + NSSItem value; + NSSItem keyID; + char *storeStr; + ckcapiInternalObject *io = NULL; + PCCERT_CONTEXT certContext = NULL; + PCCERT_CONTEXT storedCertContext = NULL; + CRYPT_KEY_PROV_INFO *prov_info = NULL; + char *nickname = NULL; + HCERTSTORE hStore = 0; + DWORD msError = 0; + PRBool hasID; + CK_RV dummy; + BOOL rc; + + *pError = nss_ckcapi_GetAttribute(CKA_VALUE, pTemplate, + ulAttributeCount, &value); + + if (CKR_OK != *pError) { + return (ckcapiInternalObject *)NULL; + } + + *pError = nss_ckcapi_GetAttribute(CKA_ID, pTemplate, + ulAttributeCount, &keyID); + + if (CKR_OK != *pError) { + return (ckcapiInternalObject *)NULL; + } + + if (ckcapi_cert_exists(&value, &io)) { + return io; + } + + /* OK, we are creating a new one, figure out what store it belongs to.. + * first get a certContext handle.. */ + certContext = CertCreateCertificateContext(X509_ASN_ENCODING, + value.data, value.size); + if ((PCCERT_CONTEXT) NULL == certContext) { + msError = GetLastError(); + *pError = CKR_ATTRIBUTE_VALUE_INVALID; + goto loser; + } + + /* do we have a private key laying around... */ + prov_info = ckcapi_cert_getPrivateKeyInfo(certContext, &keyID); + if (prov_info) { + CRYPT_DATA_BLOB msKeyID; + storeStr = "My"; + hasID = PR_TRUE; + rc = CertSetCertificateContextProperty(certContext, + CERT_KEY_PROV_INFO_PROP_ID, + 0, prov_info); + nss_ZFreeIf(prov_info); + if (!rc) { + msError = GetLastError(); + *pError = CKR_DEVICE_ERROR; + goto loser; + } + msKeyID.cbData = keyID.size; + msKeyID.pbData = keyID.data; + rc = CertSetCertificateContextProperty(certContext, + CERT_KEY_IDENTIFIER_PROP_ID, + 0, &msKeyID); + if (!rc) { + msError = GetLastError(); + *pError = CKR_DEVICE_ERROR; + goto loser; + } + + /* does it look like a CA */ + } else if (ckcapi_cert_isCA(certContext)) { + storeStr = ckcapi_cert_isRoot(certContext) ? "CA" : "Root"; + /* does it look like an S/MIME cert */ + } else if (ckcapi_cert_hasEmail(certContext)) { + storeStr = "AddressBook"; + } else { + /* just pick a store */ + storeStr = "CA"; + } + + /* get the nickname, not an error if we can't find it */ + nickname = nss_ckcapi_GetStringAttribute(CKA_LABEL, pTemplate, + ulAttributeCount, &dummy); + if (nickname) { + LPWSTR nicknameUTF16 = NULL; + CRYPT_DATA_BLOB nicknameBlob; + + nicknameUTF16 = nss_ckcapi_UTF8ToWide(nickname); + nss_ZFreeIf(nickname); + nickname = NULL; + if ((LPWSTR)NULL == nicknameUTF16) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + nicknameBlob.cbData = nss_ckcapi_WideSize(nicknameUTF16); + nicknameBlob.pbData = (BYTE *)nicknameUTF16; + rc = CertSetCertificateContextProperty(certContext, + CERT_FRIENDLY_NAME_PROP_ID, 0, &nicknameBlob); + nss_ZFreeIf(nicknameUTF16); + if (!rc) { + msError = GetLastError(); + *pError = CKR_DEVICE_ERROR; + goto loser; + } + } + + hStore = CertOpenSystemStore((HCRYPTPROV) NULL, storeStr); + if (0 == hStore) { + msError = GetLastError(); + *pError = CKR_DEVICE_ERROR; + goto loser; + } + + rc = CertAddCertificateContextToStore(hStore, certContext, + CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES, &storedCertContext); + CertFreeCertificateContext(certContext); + certContext = NULL; + CertCloseStore(hStore, 0); + hStore = 0; + if (!rc) { + msError = GetLastError(); + *pError = CKR_DEVICE_ERROR; + goto loser; + } + + io = nss_ZNEW(NULL, ckcapiInternalObject); + if ((ckcapiInternalObject *)NULL == io) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + io->type = ckcapiCert; + io->objClass = CKO_CERTIFICATE; + io->u.cert.certContext = storedCertContext; + io->u.cert.hasID = hasID; + return io; + +loser: + if (certContext) { + CertFreeCertificateContext(certContext); + certContext = NULL; + } + if (storedCertContext) { + CertFreeCertificateContext(storedCertContext); + storedCertContext = NULL; + } + if (0 != hStore) { + CertCloseStore(hStore, 0); + } + return (ckcapiInternalObject *)NULL; + +} + +static char * +ckcapi_getDefaultProvider +( + CK_RV *pError +) +{ + char *name = NULL; + BOOL rc; + DWORD nameLength = 0; + + rc = CryptGetDefaultProvider(PROV_RSA_FULL, NULL, CRYPT_USER_DEFAULT, NULL, + &nameLength); + if (!rc) { + return (char *)NULL; + } + + name = nss_ZNEWARRAY(NULL, char, nameLength); + if ((char *)NULL == name ) { + return (char *)NULL; + } + rc = CryptGetDefaultProvider(PROV_RSA_FULL, NULL, CRYPT_USER_DEFAULT, name, + &nameLength); + if (!rc) { + nss_ZFreeIf(name); + return (char *)NULL; + } + + return name; +} + +static char * +ckcapi_getContainer +( + CK_RV *pError, + NSSItem *id +) +{ + RPC_STATUS rstat; + UUID uuid; + char *uuidStr; + char *container; + + rstat = UuidCreate(&uuid); + rstat = UuidToString(&uuid, &uuidStr); + + /* convert it from rcp memory to our own */ + container = nssUTF8_Duplicate(uuidStr, NULL); + RpcStringFree(&uuidStr); + + return container; +} + +static CK_RV +ckcapi_buildPrivateKeyBlob +( + NSSItem *keyBlob, + NSSItem *modulus, + NSSItem *publicExponent, + NSSItem *privateExponent, + NSSItem *prime1, + NSSItem *prime2, + NSSItem *exponent1, + NSSItem *exponent2, + NSSItem *coefficient, + PRBool isKeyExchange +) +{ + CAPI_RSA_KEY_BLOB *keyBlobData = NULL; + unsigned char *target; + unsigned long modSize = modulus->size; + unsigned long dataSize; + CK_RV error = CKR_OK; + + /* validate extras */ + if (privateExponent->size != modSize) { + error = CKR_ATTRIBUTE_VALUE_INVALID; + goto loser; + } + if (prime1->size != modSize/2) { + error = CKR_ATTRIBUTE_VALUE_INVALID; + goto loser; + } + if (prime2->size != modSize/2) { + error = CKR_ATTRIBUTE_VALUE_INVALID; + goto loser; + } + if (exponent1->size != modSize/2) { + error = CKR_ATTRIBUTE_VALUE_INVALID; + goto loser; + } + if (exponent2->size != modSize/2) { + error = CKR_ATTRIBUTE_VALUE_INVALID; + goto loser; + } + if (coefficient->size != modSize/2) { + error = CKR_ATTRIBUTE_VALUE_INVALID; + goto loser; + } + dataSize = (modSize*4)+(modSize/2) + sizeof(CAPI_RSA_KEY_BLOB); + keyBlobData = (CAPI_RSA_KEY_BLOB *)nss_ZAlloc(NULL, dataSize); + if ((CAPI_RSA_KEY_BLOB *)NULL == keyBlobData) { + error = CKR_HOST_MEMORY; + goto loser; + } + + keyBlobData->header.bType = PRIVATEKEYBLOB; + keyBlobData->header.bVersion = 0x02; + keyBlobData->header.reserved = 0x00; + keyBlobData->header.aiKeyAlg = isKeyExchange ? CALG_RSA_KEYX:CALG_RSA_SIGN; + keyBlobData->rsa.magic = 0x32415352; + keyBlobData->rsa.bitlen = modSize * 8; + keyBlobData->rsa.pubexp = nss_ckcapi_DataToInt(publicExponent,&error); + if (CKR_OK != error) { + goto loser; + } + + target = &keyBlobData->data[CAPI_MODULUS_OFFSET(modSize)]; + nsslibc_memcpy(target, modulus->data, modulus->size); + modulus->data = target; + ckcapi_ReverseData(modulus); + + target = &keyBlobData->data[CAPI_PRIVATE_EXP_OFFSET(modSize)]; + nsslibc_memcpy(target, privateExponent->data, privateExponent->size); + privateExponent->data = target; + ckcapi_ReverseData(privateExponent); + + target = &keyBlobData->data[CAPI_PRIME_1_OFFSET(modSize)]; + nsslibc_memcpy(target, prime1->data, prime1->size); + prime1->data = target; + ckcapi_ReverseData(prime1); + + target = &keyBlobData->data[CAPI_PRIME_2_OFFSET(modSize)]; + nsslibc_memcpy(target, prime2->data, prime2->size); + prime2->data = target; + ckcapi_ReverseData(prime2); + + target = &keyBlobData->data[CAPI_EXPONENT_1_OFFSET(modSize)]; + nsslibc_memcpy(target, exponent1->data, exponent1->size); + exponent1->data = target; + ckcapi_ReverseData(exponent1); + + target = &keyBlobData->data[CAPI_EXPONENT_2_OFFSET(modSize)]; + nsslibc_memcpy(target, exponent2->data, exponent2->size); + exponent2->data = target; + ckcapi_ReverseData(exponent2); + + target = &keyBlobData->data[CAPI_COEFFICIENT_OFFSET(modSize)]; + nsslibc_memcpy(target, coefficient->data, coefficient->size); + coefficient->data = target; + ckcapi_ReverseData(coefficient); + + keyBlob->data = keyBlobData; + keyBlob->size = dataSize; + + return CKR_OK; + +loser: + nss_ZFreeIf(keyBlobData); + return error; +} + +static ckcapiInternalObject * +nss_ckcapi_CreatePrivateKey +( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError +) +{ + NSSItem modulus; + NSSItem publicExponent; + NSSItem privateExponent; + NSSItem exponent1; + NSSItem exponent2; + NSSItem prime1; + NSSItem prime2; + NSSItem coefficient; + NSSItem keyID; + NSSItem keyBlob; + ckcapiInternalObject *io = NULL; + char *providerName = NULL; + char *containerName = NULL; + char *idData = NULL; + CRYPT_KEY_PROV_INFO provInfo; + CRYPT_HASH_BLOB msKeyID; + CK_KEY_TYPE keyType; + HCRYPTPROV hProv = 0; + HCRYPTKEY hKey = 0; + PRBool decrypt; + DWORD keySpec; + DWORD msError; + BOOL rc; + + keyType = nss_ckcapi_GetULongAttribute + (CKA_KEY_TYPE, pTemplate, ulAttributeCount, pError); + if (CKR_OK != *pError) { + return (ckcapiInternalObject *)NULL; + } + if (CKK_RSA != keyType) { + *pError = CKR_ATTRIBUTE_VALUE_INVALID; + return (ckcapiInternalObject *)NULL; + } + + decrypt = nss_ckcapi_GetBoolAttribute(CKA_DECRYPT, + pTemplate, ulAttributeCount, pError); + if (CKR_TEMPLATE_INCOMPLETE == *pError) { + decrypt = PR_TRUE; /* default to true */ + } + decrypt = decrypt || nss_ckcapi_GetBoolAttribute(CKA_UNWRAP, + pTemplate, ulAttributeCount, pError); + if (CKR_TEMPLATE_INCOMPLETE == *pError) { + decrypt = PR_TRUE; /* default to true */ + } + keySpec = decrypt ? AT_KEYEXCHANGE : AT_SIGNATURE; + + *pError = nss_ckcapi_GetAttribute(CKA_MODULUS, pTemplate, + ulAttributeCount, &modulus); + if (CKR_OK != *pError) { + return (ckcapiInternalObject *)NULL; + } + *pError = nss_ckcapi_GetAttribute(CKA_PUBLIC_EXPONENT, pTemplate, + ulAttributeCount, &publicExponent); + if (CKR_OK != *pError) { + return (ckcapiInternalObject *)NULL; + } + *pError = nss_ckcapi_GetAttribute(CKA_PRIVATE_EXPONENT, pTemplate, + ulAttributeCount, &privateExponent); + if (CKR_OK != *pError) { + return (ckcapiInternalObject *)NULL; + } + *pError = nss_ckcapi_GetAttribute(CKA_PRIME_1, pTemplate, + ulAttributeCount, &prime1); + if (CKR_OK != *pError) { + return (ckcapiInternalObject *)NULL; + } + *pError = nss_ckcapi_GetAttribute(CKA_PRIME_2, pTemplate, + ulAttributeCount, &prime2); + if (CKR_OK != *pError) { + return (ckcapiInternalObject *)NULL; + } + *pError = nss_ckcapi_GetAttribute(CKA_EXPONENT_1, pTemplate, + ulAttributeCount, &exponent1); + if (CKR_OK != *pError) { + return (ckcapiInternalObject *)NULL; + } + *pError = nss_ckcapi_GetAttribute(CKA_EXPONENT_2, pTemplate, + ulAttributeCount, &exponent2); + if (CKR_OK != *pError) { + return (ckcapiInternalObject *)NULL; + } + *pError = nss_ckcapi_GetAttribute(CKA_COEFFICIENT, pTemplate, + ulAttributeCount, &coefficient); + if (CKR_OK != *pError) { + return (ckcapiInternalObject *)NULL; + } + *pError = nss_ckcapi_GetAttribute(CKA_ID, pTemplate, + ulAttributeCount, &keyID); + if (CKR_OK != *pError) { + return (ckcapiInternalObject *)NULL; + } + providerName = ckcapi_getDefaultProvider(pError); + if ((char *)NULL == providerName ) { + return (ckcapiInternalObject *)NULL; + } + containerName = ckcapi_getContainer(pError, &keyID); + if ((char *)NULL == providerName ) { + goto loser; + } + rc = CryptAcquireContext(&hProv, containerName, providerName, + PROV_RSA_FULL, CRYPT_NEWKEYSET); + if (!rc) { + msError = GetLastError(); + *pError = CKR_DEVICE_ERROR; + goto loser; + } + + *pError = ckcapi_buildPrivateKeyBlob( + &keyBlob, + &modulus, + &publicExponent, + &privateExponent, + &prime1, + &prime2, + &exponent1, + &exponent2, + &coefficient, + decrypt); + if (CKR_OK != *pError) { + goto loser; + } + + rc = CryptImportKey(hProv, keyBlob.data, keyBlob.size, + 0, CRYPT_EXPORTABLE, &hKey); + if (!rc) { + msError = GetLastError(); + *pError = CKR_DEVICE_ERROR; + goto loser; + } + + idData = nss_ZNEWARRAY(NULL, char, keyID.size); + if ((void *)NULL == idData) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + nsslibc_memcpy(idData, keyID.data, keyID.size); + + provInfo.pwszContainerName = nss_ckcapi_UTF8ToWide(containerName); + provInfo.pwszProvName = nss_ckcapi_UTF8ToWide(providerName); + provInfo.dwProvType = PROV_RSA_FULL; + provInfo.dwFlags = 0; + provInfo.cProvParam = 0; + provInfo.rgProvParam = NULL; + provInfo.dwKeySpec = keySpec; + + msKeyID.cbData = keyID.size; + msKeyID.pbData = keyID.data; + + rc = CryptSetKeyIdentifierProperty(&msKeyID, CERT_KEY_PROV_INFO_PROP_ID, + 0, NULL, NULL, &provInfo); + if (!rc) { + goto loser; + } + + /* handle error here */ + io = nss_ZNEW(NULL, ckcapiInternalObject); + if ((ckcapiInternalObject *)NULL == io) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + io->type = ckcapiBareKey; + io->objClass = CKO_PRIVATE_KEY; + io->u.key.provInfo = provInfo; + io->u.key.provName = providerName; + io->u.key.containerName = containerName; + io->u.key.hProv = hProv; /* save the handle */ + io->idData = idData; + io->id.data = idData; + io->id.size = keyID.size; + /* done with the key handle */ + CryptDestroyKey(hKey); + return io; + +loser: + nss_ZFreeIf(containerName); + nss_ZFreeIf(providerName); + nss_ZFreeIf(idData); + if (0 != hProv) { + CryptReleaseContext(hProv, 0); + } + if (0 != hKey) { + CryptDestroyKey(hKey); + } + return (ckcapiInternalObject *)NULL; +} + + +NSS_EXTERN NSSCKMDObject * +nss_ckcapi_CreateObject +( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError +) +{ + CK_OBJECT_CLASS objClass; + ckcapiInternalObject *io; + CK_BBOOL isToken; + + /* + * only create token objects + */ + isToken = nss_ckcapi_GetBoolAttribute(CKA_TOKEN, pTemplate, + ulAttributeCount, pError); + if (CKR_OK != *pError) { + return (NSSCKMDObject *) NULL; + } + if (!isToken) { + *pError = CKR_ATTRIBUTE_VALUE_INVALID; + return (NSSCKMDObject *) NULL; + } + + /* + * only create keys and certs. + */ + objClass = nss_ckcapi_GetULongAttribute(CKA_CLASS, pTemplate, + ulAttributeCount, pError); + if (CKR_OK != *pError) { + return (NSSCKMDObject *) NULL; + } +#ifdef notdef + if (objClass == CKO_PUBLIC_KEY) { + return CKR_OK; /* fake public key creation, happens as a side effect of + * private key creation */ + } +#endif + if (objClass == CKO_CERTIFICATE) { + io = nss_ckcapi_CreateCertificate(fwSession, pTemplate, + ulAttributeCount, pError); + } else if (objClass == CKO_PRIVATE_KEY) { + io = nss_ckcapi_CreatePrivateKey(fwSession, pTemplate, + ulAttributeCount, pError); + } else { + *pError = CKR_ATTRIBUTE_VALUE_INVALID; + } + + if ((ckcapiInternalObject *)NULL == io) { + return (NSSCKMDObject *) NULL; + } + return nss_ckcapi_CreateMDObject(NULL, io, pError); +} diff --git a/security/nss/lib/ckfw/capi/config.mk b/security/nss/lib/ckfw/capi/config.mk new file mode 100644 index 000000000..8650f7185 --- /dev/null +++ b/security/nss/lib/ckfw/capi/config.mk @@ -0,0 +1,67 @@ +# +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is +# Netscape Communications Corporation. +# Portions created by the Initial Developer are Copyright (C) 1994-2000 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** +CONFIG_CVS_ID = "@(#) $RCSfile$ $Revision$ $Date$" + +# +# Override TARGETS variable so that only shared libraries +# are specifed as dependencies within rules.mk. +# + +TARGETS = $(SHARED_LIBRARY) +LIBRARY = +IMPORT_LIBRARY = +PROGRAM = + +ifeq (,$(filter-out WIN%,$(OS_TARGET))) + SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX) + RES = $(OBJDIR)/$(LIBRARY_NAME).res + RESNAME = $(LIBRARY_NAME).rc +endif + +ifdef BUILD_IDG + DEFINES += -DNSSDEBUG +endif + +# +# To create a loadable module on Darwin, we must use -bundle. +# +ifeq ($(OS_TARGET),Darwin) +ifndef USE_64 +DSO_LDOPTS = -bundle +endif +endif + diff --git a/security/nss/lib/ckfw/capi/constants.c b/security/nss/lib/ckfw/capi/constants.c new file mode 100644 index 000000000..4e509da65 --- /dev/null +++ b/security/nss/lib/ckfw/capi/constants.c @@ -0,0 +1,98 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * Portions created by Red Hat, Inc, are Copyright (C) 2005 + * + * Contributor(s): + * Bob Relyea (rrelyea@redhat.com) + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +/* + * ckcapi/constants.c + * + * Identification and other constants, all collected here in one place. + */ + +#ifndef NSSBASET_H +#include "nssbaset.h" +#endif /* NSSBASET_H */ + +#ifndef NSSCKT_H +#include "nssckt.h" +#endif /* NSSCKT_H */ + +#ifndef NSSCAPI_H +#include "nsscapi.h" +#endif /* NSSCAPI_H */ + +NSS_IMPLEMENT_DATA const CK_VERSION +nss_ckcapi_CryptokiVersion = { + NSS_CKCAPI_CRYPTOKI_VERSION_MAJOR, + NSS_CKCAPI_CRYPTOKI_VERSION_MINOR }; + +NSS_IMPLEMENT_DATA const NSSUTF8 * +nss_ckcapi_ManufacturerID = (NSSUTF8 *) "Mozilla Foundation"; + +NSS_IMPLEMENT_DATA const NSSUTF8 * +nss_ckcapi_LibraryDescription = (NSSUTF8 *) "NSS Access to Microsoft Certificate Store"; + +NSS_IMPLEMENT_DATA const CK_VERSION +nss_ckcapi_LibraryVersion = { + NSS_CKCAPI_LIBRARY_VERSION_MAJOR, + NSS_CKCAPI_LIBRARY_VERSION_MINOR}; + +NSS_IMPLEMENT_DATA const NSSUTF8 * +nss_ckcapi_SlotDescription = (NSSUTF8 *) "Microsoft Certificate Store"; + +NSS_IMPLEMENT_DATA const CK_VERSION +nss_ckcapi_HardwareVersion = { + NSS_CKCAPI_HARDWARE_VERSION_MAJOR, + NSS_CKCAPI_HARDWARE_VERSION_MINOR }; + +NSS_IMPLEMENT_DATA const CK_VERSION +nss_ckcapi_FirmwareVersion = { + NSS_CKCAPI_FIRMWARE_VERSION_MAJOR, + NSS_CKCAPI_FIRMWARE_VERSION_MINOR }; + +NSS_IMPLEMENT_DATA const NSSUTF8 * +nss_ckcapi_TokenLabel = (NSSUTF8 *) "Microsoft Certificate Store"; + +NSS_IMPLEMENT_DATA const NSSUTF8 * +nss_ckcapi_TokenModel = (NSSUTF8 *) "1"; + +NSS_IMPLEMENT_DATA const NSSUTF8 * +nss_ckcapi_TokenSerialNumber = (NSSUTF8 *) "1"; + diff --git a/security/nss/lib/ckfw/capi/crsa.c b/security/nss/lib/ckfw/capi/crsa.c new file mode 100644 index 000000000..30fb9d04b --- /dev/null +++ b/security/nss/lib/ckfw/capi/crsa.c @@ -0,0 +1,748 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Red Hat, Inc. + * Portions created by the Initial Developer are Copyright (C) 2005 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * Bob Relyea (rrelyea@redhat.com) + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +#include "ckcapi.h" +#include "secdert.h" + +#define SSL3_SHAMD5_HASH_SIZE 36 /* LEN_MD5 (16) + LEN_SHA1 (20) */ + +/* + * ckcapi/crsa.c + * + * This file implements the NSSCKMDMechnaism and NSSCKMDCryptoOperation objects + * for the RSA operation on the CAPI cryptoki module. + */ + +/* + * write a Decimal value to a string + */ + +static char * +putDecimalString(char *cstr, unsigned long value) +{ + unsigned long tenpower; + int first = 1; + + for (tenpower=10000000; tenpower; tenpower /= 10) { + unsigned char digit = (unsigned char )(value/tenpower); + value = value % tenpower; + + /* drop leading zeros */ + if (first && (0 == digit)) { + continue; + } + first = 0; + *cstr++ = digit + '0'; + } + + /* if value was zero, put one of them out */ + if (first) { + *cstr++ = '0'; + } + return cstr; +} + + +/* + * Create a Capi OID string value from a DER OID + */ +static char * +nss_ckcapi_GetOidString +( + unsigned char *oidTag, + int oidTagSize, + CK_RV *pError +) +{ + unsigned char *oid; + char *oidStr; + char *cstr; + unsigned long value; + int oidSize; + + if (DER_OBJECT_ID != *oidTag) { + /* wasn't an oid */ + *pError = CKR_DATA_INVALID; + return NULL; + } + oid = nss_ckcapi_DERUnwrap(oidTag, oidTagSize, &oidSize, NULL); + + if (oidSize < 2) { + *pError = CKR_DATA_INVALID; + return NULL; + } + + oidStr = nss_ZNEWARRAY( NULL, char, oidSize*4 ); + if ((char *)NULL == oidStr) { + *pError = CKR_HOST_MEMORY; + return NULL; + } + cstr = oidStr; + cstr = putDecimalString(cstr, (*oid) / 40); + *cstr++ = '.'; + cstr = putDecimalString(cstr, (*oid) % 40); + oidSize--; + + value = 0; + while (oidSize--) { + oid++; + value = (value << 7) + (*oid & 0x7f); + if (0 == (*oid & 0x80)) { + *cstr++ = '.'; + cstr = putDecimalString(cstr, value); + value = 0; + } + } + + *cstr = 0; /* NULL terminate */ + + if (value != 0) { + nss_ZFreeIf(oidStr); + *pError = CKR_DATA_INVALID; + return NULL; + } + return oidStr; +} + + +/* + * PKCS #11 sign for RSA expects to take a fully DER-encoded hash value, + * which includes the hash OID. CAPI expects to take a Hash Context. While + * CAPI does have the capability of setting a raw hash value, it does not + * have the ability to sign an arbitrary value. This function tries to + * reduce the passed in data into something that CAPI could actually sign. + */ +static CK_RV +ckcapi_GetRawHash +( + const NSSItem *input, + NSSItem *hash, + ALG_ID *hashAlg +) +{ + unsigned char *current; + unsigned char *algid; + unsigned char *oid; + unsigned char *hashData; + char *oidStr; + CK_RV error; + int oidSize; + int size; + /* + * there are 2 types of hashes NSS typically tries to sign, regular + * RSA signature format (with encoded DER_OIDS), and SSL3 Signed hashes. + * CAPI knows not to add any oids to SSL3_Signed hashes, so if we have any + * random hash that is exactly the same size as an SSL3 hash, then we can + * just pass the data through. CAPI has know way of knowing if the value + * is really a combined hash or some other arbitrary data, so it's safe to + * handle this case first. + */ + if (SSL3_SHAMD5_HASH_SIZE == input->size) { + hash->data = input->data; + hash->size = input->size; + *hashAlg = CALG_SSL3_SHAMD5; + return CKR_OK; + } + + current = (unsigned char *)input->data; + + /* make sure we have a sequence tag */ + if ((DER_SEQUENCE|DER_CONSTRUCTED) != *current) { + return CKR_DATA_INVALID; + } + + /* parse the input block to get 1) the hash oid, and 2) the raw hash value. + * unfortunatly CAPI doesn't have a builtin function to do this work, so + * we go ahead and do it by hand here. + * + * format is: + * SEQUENCE { + * SECQUENCE { // algid + * OID {} // oid + * ANY {} // optional params + * } + * OCTECT {} // hash + */ + + /* unwrap */ + algid = nss_ckcapi_DERUnwrap(current,input->size, &size, NULL); + + if (algid+size != current+input->size) { + /* make sure there is not extra data at the end */ + return CKR_DATA_INVALID; + } + + if ((DER_SEQUENCE|DER_CONSTRUCTED) != *algid) { + /* wasn't an algid */ + return CKR_DATA_INVALID; + } + oid = nss_ckcapi_DERUnwrap(algid, size, &oidSize, &hashData); + + if (DER_OCTET_STRING != *hashData) { + /* wasn't a hash */ + return CKR_DATA_INVALID; + } + + /* get the real hash */ + current = hashData; + size = size - (hashData-algid); + hash->data = nss_ckcapi_DERUnwrap(current, size, &hash->size, NULL); + + /* get the real oid as a string. Again, Microsoft does not + * export anything that does this for us */ + oidStr = nss_ckcapi_GetOidString(oid, oidSize, &error); + if ((char *)NULL == oidStr ) { + return error; + } + + /* look up the hash alg from the oid (fortunately CAPI does to this) */ + *hashAlg = CertOIDToAlgId(oidStr); + nss_ZFreeIf(oidStr); + if (0 == *hashAlg) { + return CKR_HOST_MEMORY; + } + + /* hash looks reasonably consistent, we should be able to sign it now */ + return CKR_OK; +} + +/* + * So everyone else in the worlds stores their bignum data MSB first, but not + * Microsoft, we need to byte swap everything coming into and out of CAPI. + */ +void +ckcapi_ReverseData(NSSItem *item) +{ + int end = (item->size)-1; + int middle = (item->size)/2; + unsigned char *buf = item->data; + int i; + + for (i=0; i < middle; i++) { + unsigned char tmp = buf[i]; + buf[i] = buf[end-i]; + buf[end-i] = tmp; + } + return; +} + +typedef struct ckcapiInternalCryptoOperationRSAPrivStr + ckcapiInternalCryptoOperationRSAPriv; +struct ckcapiInternalCryptoOperationRSAPrivStr +{ + NSSCKMDCryptoOperation mdOperation; + NSSCKMDMechanism *mdMechanism; + ckcapiInternalObject *iKey; + HCRYPTPROV hProv; + DWORD keySpec; + HCRYPTKEY hKey; + NSSItem *buffer; +}; + +/* + * ckcapi_mdCryptoOperationRSAPriv_Create + */ +static NSSCKMDCryptoOperation * +ckcapi_mdCryptoOperationRSAPriv_Create +( + const NSSCKMDCryptoOperation *proto, + NSSCKMDMechanism *mdMechanism, + NSSCKMDObject *mdKey, + CK_RV *pError +) +{ + ckcapiInternalObject *iKey = (ckcapiInternalObject *)mdKey->etc; + const NSSItem *classItem = nss_ckcapi_FetchAttribute(iKey, CKA_CLASS); + const NSSItem *keyType = nss_ckcapi_FetchAttribute(iKey, CKA_KEY_TYPE); + ckcapiInternalCryptoOperationRSAPriv *iOperation; + CK_RV error; + HCRYPTPROV hProv; + DWORD keySpec; + HCRYPTKEY hKey; + + /* make sure we have the right objects */ + if (((const NSSItem *)NULL == classItem) || + (sizeof(CK_OBJECT_CLASS) != classItem->size) || + (CKO_PRIVATE_KEY != *(CK_OBJECT_CLASS *)classItem->data) || + ((const NSSItem *)NULL == keyType) || + (sizeof(CK_KEY_TYPE) != keyType->size) || + (CKK_RSA != *(CK_KEY_TYPE *)keyType->data)) { + *pError = CKR_KEY_TYPE_INCONSISTENT; + return (NSSCKMDCryptoOperation *)NULL; + } + + error = nss_ckcapi_FetchKeyContainer(iKey, &hProv, &keySpec, &hKey); + if (error != CKR_OK) { + *pError = error; + return (NSSCKMDCryptoOperation *)NULL; + } + + iOperation = nss_ZNEW(NULL, ckcapiInternalCryptoOperationRSAPriv); + if ((ckcapiInternalCryptoOperationRSAPriv *)NULL == iOperation) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDCryptoOperation *)NULL; + } + iOperation->mdMechanism = mdMechanism; + iOperation->iKey = iKey; + iOperation->hProv = hProv; + iOperation->keySpec = keySpec; + iOperation->hKey = hKey; + + nsslibc_memcpy(&iOperation->mdOperation, + proto, sizeof(NSSCKMDCryptoOperation)); + iOperation->mdOperation.etc = iOperation; + + return &iOperation->mdOperation; +} + +static CK_RV +ckcapi_mdCryptoOperationRSAPriv_Destroy +( + NSSCKMDCryptoOperation *mdOperation, + NSSCKFWCryptoOperation *fwOperation, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + ckcapiInternalCryptoOperationRSAPriv *iOperation = + (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc; + + if (iOperation->hKey) { + CryptDestroyKey(iOperation->hKey); + } + if (iOperation->buffer) { + nssItem_Destroy(iOperation->buffer); + } + nss_ZFreeIf(iOperation); + return CKR_OK; +} + +static CK_ULONG +ckcapi_mdCryptoOperationRSA_GetFinalLength +( + NSSCKMDCryptoOperation *mdOperation, + NSSCKFWCryptoOperation *fwOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + ckcapiInternalCryptoOperationRSAPriv *iOperation = + (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc; + const NSSItem *modulus = + nss_ckcapi_FetchAttribute(iOperation->iKey, CKA_MODULUS); + + return modulus->size; +} + + +/* + * ckcapi_mdCryptoOperationRSADecrypt_GetOperationLength + * we won't know the length until we actually decrypt the + * input block. Since we go to all the work to decrypt the + * the block, we'll save if for when the block is asked for + */ +static CK_ULONG +ckcapi_mdCryptoOperationRSADecrypt_GetOperationLength +( + NSSCKMDCryptoOperation *mdOperation, + NSSCKFWCryptoOperation *fwOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *input, + CK_RV *pError +) +{ + ckcapiInternalCryptoOperationRSAPriv *iOperation = + (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc; + BOOL rc; + + /* Microsoft's Decrypt operation works in place. Since we don't want + * to trash our input buffer, we make a copy of it */ + iOperation->buffer = nssItem_Duplicate((NSSItem *)input, NULL, NULL); + if ((NSSItem *) NULL == iOperation->buffer) { + *pError = CKR_HOST_MEMORY; + return 0; + } + /* Sigh, reverse it */ + ckcapi_ReverseData(iOperation->buffer); + + rc = CryptDecrypt(iOperation->hKey, 0, TRUE, 0, + iOperation->buffer->data, &iOperation->buffer->size); + if (!rc) { + DWORD msError = GetLastError(); + switch (msError) { + case NTE_BAD_DATA: + *pError = CKR_ENCRYPTED_DATA_INVALID; + break; + case NTE_FAIL: + case NTE_BAD_UID: + *pError = CKR_DEVICE_ERROR; + break; + default: + *pError = CKR_GENERAL_ERROR; + } + return 0; + } + + return iOperation->buffer->size; +} + +/* + * ckcapi_mdCryptoOperationRSADecrypt_UpdateFinal + * + * NOTE: ckcapi_mdCryptoOperationRSADecrypt_GetOperationLength is presumed to + * have been called previously. + */ +static CK_RV +ckcapi_mdCryptoOperationRSADecrypt_UpdateFinal +( + NSSCKMDCryptoOperation *mdOperation, + NSSCKFWCryptoOperation *fwOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *input, + NSSItem *output +) +{ + ckcapiInternalCryptoOperationRSAPriv *iOperation = + (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc; + NSSItem *buffer = iOperation->buffer; + + if ((NSSItem *)NULL == buffer) { + return CKR_GENERAL_ERROR; + } + nsslibc_memcpy(output->data, buffer->data, buffer->size); + output->size = buffer->size; + return CKR_OK; +} + +/* + * ckcapi_mdCryptoOperationRSASign_UpdateFinal + * + */ +static CK_RV +ckcapi_mdCryptoOperationRSASign_UpdateFinal +( + NSSCKMDCryptoOperation *mdOperation, + NSSCKFWCryptoOperation *fwOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *input, + NSSItem *output +) +{ + ckcapiInternalCryptoOperationRSAPriv *iOperation = + (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc; + CK_RV error = CKR_OK; + DWORD msError; + NSSItem hash; + HCRYPTHASH hHash = 0; + ALG_ID hashAlg; + DWORD hashSize; + DWORD len; /* temp length value we throw away */ + BOOL rc; + + /* + * PKCS #11 sign for RSA expects to take a fully DER-encoded hash value, + * which includes the hash OID. CAPI expects to take a Hash Context. While + * CAPI does have the capability of setting a raw hash value, it does not + * have the ability to sign an arbitrary value. This function tries to + * reduce the passed in data into something that CAPI could actually sign. + */ + error = ckcapi_GetRawHash(input, &hash, &hashAlg); + if (CKR_OK != error) { + goto loser; + } + + rc = CryptCreateHash(iOperation->hProv, hashAlg, 0, 0, &hHash); + if (!rc) { + goto loser; + } + + /* make sure the hash lens match before we set it */ + len = sizeof(DWORD); + rc = CryptGetHashParam(hHash, HP_HASHSIZE, (BYTE *)&hashSize, &len, 0); + if (!rc) { + goto loser; + } + + if (hash.size != hashSize) { + /* The input must have been bad for this to happen */ + error = CKR_DATA_INVALID; + goto loser; + } + + /* we have an explicit hash, set it, note that the length is + * implicit by the hashAlg used in create */ + rc = CryptSetHashParam(hHash, HP_HASHVAL, hash.data, 0); + if (!rc) { + goto loser; + } + + /* OK, we have the data in a hash structure, sign it! */ + rc = CryptSignHash(hHash, iOperation->keySpec, NULL, 0, + output->data, &output->size); + if (!rc) { + goto loser; + } + + /* Don't return a signature that might have been broken because of a cosmic + * ray, or a broken processor, verify that it is valid... */ + rc = CryptVerifySignature(hHash, output->data, output->size, + iOperation->hKey, NULL, 0); + if (!rc) { + goto loser; + } + + /* OK, Microsoft likes to do things completely differently than anyone + * else. We need to reverse the data we received here */ + ckcapi_ReverseData(output); + CryptDestroyHash(hHash); + return CKR_OK; + +loser: + /* map the microsoft error */ + if (CKR_OK == error) { + msError = GetLastError(); + switch (msError) { + case ERROR_NOT_ENOUGH_MEMORY: + error = CKR_HOST_MEMORY; + break; + case NTE_NO_MEMORY: + error = CKR_DEVICE_MEMORY; + break; + case ERROR_MORE_DATA: + return CKR_BUFFER_TOO_SMALL; + case ERROR_INVALID_PARAMETER: /* these params were derived from the */ + case ERROR_INVALID_HANDLE: /* inputs, so if they are bad, the input */ + case NTE_BAD_ALGID: /* data is bad */ + case NTE_BAD_HASH: + error = CKR_DATA_INVALID; + break; + case ERROR_BUSY: + case NTE_FAIL: + case NTE_BAD_UID: + error = CKR_DEVICE_ERROR; + break; + default: + error = CKR_GENERAL_ERROR; + break; + } + } + if (hHash) { + CryptDestroyHash(hHash); + } + return error; +} + + +NSS_IMPLEMENT_DATA const NSSCKMDCryptoOperation +ckcapi_mdCryptoOperationRSADecrypt_proto = { + NULL, /* etc */ + ckcapi_mdCryptoOperationRSAPriv_Destroy, + NULL, /* GetFinalLengh - not needed for one shot Decrypt/Encrypt */ + ckcapi_mdCryptoOperationRSADecrypt_GetOperationLength, + NULL, /* Final - not needed for one shot operation */ + NULL, /* Update - not needed for one shot operation */ + NULL, /* DigetUpdate - not needed for one shot operation */ + ckcapi_mdCryptoOperationRSADecrypt_UpdateFinal, + NULL, /* UpdateCombo - not needed for one shot operation */ + NULL, /* DigetKey - not needed for one shot operation */ + (void *)NULL /* null terminator */ +}; + +NSS_IMPLEMENT_DATA const NSSCKMDCryptoOperation +ckcapi_mdCryptoOperationRSASign_proto = { + NULL, /* etc */ + ckcapi_mdCryptoOperationRSAPriv_Destroy, + ckcapi_mdCryptoOperationRSA_GetFinalLength, + NULL, /* GetOperationLengh - not needed for one shot Sign/Verify */ + NULL, /* Final - not needed for one shot operation */ + NULL, /* Update - not needed for one shot operation */ + NULL, /* DigetUpdate - not needed for one shot operation */ + ckcapi_mdCryptoOperationRSASign_UpdateFinal, + NULL, /* UpdateCombo - not needed for one shot operation */ + NULL, /* DigetKey - not needed for one shot operation */ + (void *)NULL /* null terminator */ +}; + +/********** NSSCKMDMechansim functions ***********************/ +/* + * ckcapi_mdMechanismRSA_Destroy + */ +static void +ckcapi_mdMechanismRSA_Destroy +( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + nss_ZFreeIf(fwMechanism); +} + +/* + * ckcapi_mdMechanismRSA_GetMinKeySize + */ +static CK_ULONG +ckcapi_mdMechanismRSA_GetMinKeySize +( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + return 384; +} + +/* + * ckcapi_mdMechanismRSA_GetMaxKeySize + */ +static CK_ULONG +ckcapi_mdMechanismRSA_GetMaxKeySize +( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + return 16384; +} + +/* + * ckcapi_mdMechanismRSA_DecryptInit + */ +static NSSCKMDCryptoOperation * +ckcapi_mdMechanismRSA_DecryptInit +( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey, + CK_RV *pError +) +{ + return ckcapi_mdCryptoOperationRSAPriv_Create( + &ckcapi_mdCryptoOperationRSADecrypt_proto, + mdMechanism, mdKey, pError); +} + +/* + * ckcapi_mdMechanismRSA_SignInit + */ +static NSSCKMDCryptoOperation * +ckcapi_mdMechanismRSA_SignInit +( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey, + CK_RV *pError +) +{ + return ckcapi_mdCryptoOperationRSAPriv_Create( + &ckcapi_mdCryptoOperationRSASign_proto, + mdMechanism, mdKey, pError); +} + + +NSS_IMPLEMENT_DATA const NSSCKMDMechanism +nss_ckcapi_mdMechanismRSA = { + (void *)NULL, /* etc */ + ckcapi_mdMechanismRSA_Destroy, + ckcapi_mdMechanismRSA_GetMinKeySize, + ckcapi_mdMechanismRSA_GetMaxKeySize, + NULL, /* GetInHardware - default false */ + NULL, /* EncryptInit - default errs */ + ckcapi_mdMechanismRSA_DecryptInit, + NULL, /* DigestInit - default errs*/ + ckcapi_mdMechanismRSA_SignInit, + NULL, /* VerifyInit - default errs */ + ckcapi_mdMechanismRSA_SignInit, /* SignRecoverInit */ + NULL, /* VerifyRecoverInit - default errs */ + NULL, /* GenerateKey - default errs */ + NULL, /* GenerateKeyPair - default errs */ + NULL, /* GetWrapKeyLength - default errs */ + NULL, /* WrapKey - default errs */ + NULL, /* UnwrapKey - default errs */ + NULL, /* DeriveKey - default errs */ + (void *)NULL /* null terminator */ +}; diff --git a/security/nss/lib/ckfw/capi/csession.c b/security/nss/lib/ckfw/capi/csession.c new file mode 100644 index 000000000..f0abd6d0b --- /dev/null +++ b/security/nss/lib/ckfw/capi/csession.c @@ -0,0 +1,131 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * Portions created by Red Hat, Inc, are Copyright (C) 2005 + * + * Contributor(s): + * Bob Relyea (rrelyea@redhat.com) + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +#include "ckcapi.h" + +/* + * ckcapi/csession.c + * + * This file implements the NSSCKMDSession object for the + * "nss to capi" cryptoki module. + */ + +static NSSCKMDFindObjects * +ckcapi_mdSession_FindObjectsInit +( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError +) +{ + return nss_ckcapi_FindObjectsInit(fwSession, pTemplate, ulAttributeCount, pError); +} + +static NSSCKMDObject * +ckcapi_mdSession_CreateObject +( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError +) +{ + return nss_ckcapi_CreateObject(fwSession, pTemplate, ulAttributeCount, pError); +} + +NSS_IMPLEMENT NSSCKMDSession * +nss_ckcapi_CreateSession +( + NSSCKFWSession *fwSession, + CK_RV *pError +) +{ + NSSArena *arena; + NSSCKMDSession *rv; + + arena = NSSCKFWSession_GetArena(fwSession, pError); + if( (NSSArena *)NULL == arena ) { + return (NSSCKMDSession *)NULL; + } + + rv = nss_ZNEW(arena, NSSCKMDSession); + if( (NSSCKMDSession *)NULL == rv ) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDSession *)NULL; + } + + /* + * rv was zeroed when allocated, so we only + * need to set the non-zero members. + */ + + rv->etc = (void *)fwSession; + /* rv->Close */ + /* rv->GetDeviceError */ + /* rv->Login */ + /* rv->Logout */ + /* rv->InitPIN */ + /* rv->SetPIN */ + /* rv->GetOperationStateLen */ + /* rv->GetOperationState */ + /* rv->SetOperationState */ + rv->CreateObject = ckcapi_mdSession_CreateObject; + /* rv->CopyObject */ + rv->FindObjectsInit = ckcapi_mdSession_FindObjectsInit; + /* rv->SeedRandom */ + /* rv->GetRandom */ + /* rv->null */ + + return rv; +} diff --git a/security/nss/lib/ckfw/capi/cslot.c b/security/nss/lib/ckfw/capi/cslot.c new file mode 100644 index 000000000..1c42c107d --- /dev/null +++ b/security/nss/lib/ckfw/capi/cslot.c @@ -0,0 +1,129 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * Portions created by Red Hat, Inc, are Copyright (C) 2005 + * + * Contributor(s): + * Bob Relyea (rrelyea@redhat.com) + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +#include "ckcapi.h" + +/* + * ckcapi/cslot.c + * + * This file implements the NSSCKMDSlot object for the + * "nss to capi" cryptoki module. + */ + +static NSSUTF8 * +ckcapi_mdSlot_GetSlotDescription +( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + return (NSSUTF8 *)nss_ckcapi_SlotDescription; +} + +static NSSUTF8 * +ckcapi_mdSlot_GetManufacturerID +( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + return (NSSUTF8 *)nss_ckcapi_ManufacturerID; +} + +static CK_VERSION +ckcapi_mdSlot_GetHardwareVersion +( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + return nss_ckcapi_HardwareVersion; +} + +static CK_VERSION +ckcapi_mdSlot_GetFirmwareVersion +( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + return nss_ckcapi_FirmwareVersion; +} + +static NSSCKMDToken * +ckcapi_mdSlot_GetToken +( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + return (NSSCKMDToken *)&nss_ckcapi_mdToken; +} + +NSS_IMPLEMENT_DATA const NSSCKMDSlot +nss_ckcapi_mdSlot = { + (void *)NULL, /* etc */ + NULL, /* Initialize */ + NULL, /* Destroy */ + ckcapi_mdSlot_GetSlotDescription, + ckcapi_mdSlot_GetManufacturerID, + NULL, /* GetTokenPresent -- defaults to true */ + NULL, /* GetRemovableDevice -- defaults to false */ + NULL, /* GetHardwareSlot -- defaults to false */ + ckcapi_mdSlot_GetHardwareVersion, + ckcapi_mdSlot_GetFirmwareVersion, + ckcapi_mdSlot_GetToken, + (void *)NULL /* null terminator */ +}; diff --git a/security/nss/lib/ckfw/capi/ctoken.c b/security/nss/lib/ckfw/capi/ctoken.c new file mode 100644 index 000000000..bce2c17e2 --- /dev/null +++ b/security/nss/lib/ckfw/capi/ctoken.c @@ -0,0 +1,246 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * Portions created by Red Hat, Inc, are Copyright (C) 2005 + * + * Contributor(s): + * Bob Relyea (rrelyea@redhat.com) + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +#include "ckcapi.h" + +/* + * ckcapi/ctoken.c + * + * This file implements the NSSCKMDToken object for the + * "nss to capi" cryptoki module. + */ + +static NSSUTF8 * +ckcapi_mdToken_GetLabel +( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + return (NSSUTF8 *)nss_ckcapi_TokenLabel; +} + +static NSSUTF8 * +ckcapi_mdToken_GetManufacturerID +( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + return (NSSUTF8 *)nss_ckcapi_ManufacturerID; +} + +static NSSUTF8 * +ckcapi_mdToken_GetModel +( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + return (NSSUTF8 *)nss_ckcapi_TokenModel; +} + +static NSSUTF8 * +ckcapi_mdToken_GetSerialNumber +( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + return (NSSUTF8 *)nss_ckcapi_TokenSerialNumber; +} + +static CK_BBOOL +ckcapi_mdToken_GetIsWriteProtected +( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + return CK_FALSE; +} + +/* fake out Mozilla so we don't try to initialize the token */ +static CK_BBOOL +ckcapi_mdToken_GetUserPinInitialized +( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + return CK_TRUE; +} + +static CK_VERSION +ckcapi_mdToken_GetHardwareVersion +( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + return nss_ckcapi_HardwareVersion; +} + +static CK_VERSION +ckcapi_mdToken_GetFirmwareVersion +( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + return nss_ckcapi_FirmwareVersion; +} + +static NSSCKMDSession * +ckcapi_mdToken_OpenSession +( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKFWSession *fwSession, + CK_BBOOL rw, + CK_RV *pError +) +{ + return nss_ckcapi_CreateSession(fwSession, pError); +} + +static CK_ULONG +ckcapi_mdToken_GetMechanismCount +( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + return (CK_ULONG)1; +} + +static CK_RV +ckcapi_mdToken_GetMechanismTypes +( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_MECHANISM_TYPE types[] +) +{ + types[0] = CKM_RSA_PKCS; + return CKR_OK; +} + +static NSSCKMDMechanism * +ckcapi_mdToken_GetMechanism +( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_MECHANISM_TYPE which, + CK_RV *pError +) +{ + if (which != CKM_RSA_PKCS) { + *pError = CKR_MECHANISM_INVALID; + return (NSSCKMDMechanism *)NULL; + } + return (NSSCKMDMechanism *)&nss_ckcapi_mdMechanismRSA; +} + +NSS_IMPLEMENT_DATA const NSSCKMDToken +nss_ckcapi_mdToken = { + (void *)NULL, /* etc */ + NULL, /* Setup */ + NULL, /* Invalidate */ + NULL, /* InitToken -- default errs */ + ckcapi_mdToken_GetLabel, + ckcapi_mdToken_GetManufacturerID, + ckcapi_mdToken_GetModel, + ckcapi_mdToken_GetSerialNumber, + NULL, /* GetHasRNG -- default is false */ + ckcapi_mdToken_GetIsWriteProtected, + NULL, /* GetLoginRequired -- default is false */ + ckcapi_mdToken_GetUserPinInitialized, + NULL, /* GetRestoreKeyNotNeeded -- irrelevant */ + NULL, /* GetHasClockOnToken -- default is false */ + NULL, /* GetHasProtectedAuthenticationPath -- default is false */ + NULL, /* GetSupportsDualCryptoOperations -- default is false */ + NULL, /* GetMaxSessionCount -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetMaxRwSessionCount -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetMaxPinLen -- irrelevant */ + NULL, /* GetMinPinLen -- irrelevant */ + NULL, /* GetTotalPublicMemory -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetFreePublicMemory -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetTotalPrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetFreePrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */ + ckcapi_mdToken_GetHardwareVersion, + ckcapi_mdToken_GetFirmwareVersion, + NULL, /* GetUTCTime -- no clock */ + ckcapi_mdToken_OpenSession, + ckcapi_mdToken_GetMechanismCount, + ckcapi_mdToken_GetMechanismTypes, + ckcapi_mdToken_GetMechanism, + (void *)NULL /* null terminator */ +}; diff --git a/security/nss/lib/ckfw/capi/manifest.mn b/security/nss/lib/ckfw/capi/manifest.mn new file mode 100644 index 000000000..8959e5d2d --- /dev/null +++ b/security/nss/lib/ckfw/capi/manifest.mn @@ -0,0 +1,66 @@ +# +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is +# Netscape Communications Corporation. +# Portions created by the Initial Developer are Copyright (C) 1994-2000 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** +MANIFEST_CVS_ID = "@(#) $RCSfile$ $Revision$ $Date$" + +CORE_DEPTH = ../../../.. + +MODULE = nss +MAPFILE = $(OBJDIR)/nsscapi.def + +EXPORTS = \ + nsscapi.h \ + $(NULL) + +CSRCS = \ + anchor.c \ + constants.c \ + cfind.c \ + cinst.c \ + cobject.c \ + crsa.c \ + csession.c \ + cslot.c \ + ctoken.c \ + ckcapiver.c \ + staticobj.c \ + $(NULL) + +REQUIRES = nspr + +LIBRARY_NAME = nsscapi + +#EXTRA_SHARED_LIBS = -L$(DIST)/lib -lnssckfw -lnssb -lplc4 -lplds4 diff --git a/security/nss/lib/ckfw/capi/nsscapi.def b/security/nss/lib/ckfw/capi/nsscapi.def new file mode 100644 index 000000000..0e6106c62 --- /dev/null +++ b/security/nss/lib/ckfw/capi/nsscapi.def @@ -0,0 +1,58 @@ +;+# +;+# ***** BEGIN LICENSE BLOCK ***** +;+# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +;+# +;+# The contents of this file are subject to the Mozilla Public License Version +;+# 1.1 (the "License"); you may not use this file except in compliance with +;+# the License. You may obtain a copy of the License at +;+# http://www.mozilla.org/MPL/ +;+# +;+# Software distributed under the License is distributed on an "AS IS" basis, +;+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +;+# for the specific language governing rights and limitations under the +;+# License. +;+# +;+# The Original Code is the Netscape security libraries. +;+# +;+# The Initial Developer of the Original Code is +;+# Netscape Communications Corporation. +;+# Portions created by the Initial Developer are Copyright (C) 2003 +;+# the Initial Developer. All Rights Reserved. +;+# +;+# Contributor(s): +;+# +;+# Alternatively, the contents of this file may be used under the terms of +;+# either the GNU General Public License Version 2 or later (the "GPL"), or +;+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +;+# in which case the provisions of the GPL or the LGPL are applicable instead +;+# of those above. If you wish to allow use of your version of this file only +;+# under the terms of either the GPL or the LGPL, and not to allow others to +;+# use your version of this file under the terms of the MPL, indicate your +;+# decision by deleting the provisions above and replace them with the notice +;+# and other provisions required by the GPL or the LGPL. If you do not delete +;+# the provisions above, a recipient may use your version of this file under +;+# the terms of any one of the MPL, the GPL or the LGPL. +;+# +;+# ***** END LICENSE BLOCK ***** +;+# +;+# OK, this file is meant to support SUN, LINUX, AIX and WINDOWS +;+# 1. For all unix platforms, the string ";-" means "remove this line" +;+# 2. For all unix platforms, the string " DATA " will be removed from any +;+# line on which it occurs. +;+# 3. Lines containing ";+" will have ";+" removed on SUN and LINUX. +;+# On AIX, lines containing ";+" will be removed. +;+# 4. For all unix platforms, the string ";;" will thave the ";;" removed. +;+# 5. For all unix platforms, after the above processing has taken place, +;+# all characters after the first ";" on the line will be removed. +;+# And for AIX, the first ";" will also be removed. +;+# This file is passed directly to windows. Since ';' is a comment, all UNIX +;+# directives are hidden behind ";", ";+", and ";-" +;+ +;+NSS_3.1 { # NSS 3.1 release +;+ global: +LIBRARY nsscapi ;- +EXPORTS ;- +C_GetFunctionList; +;+ local: +;+*; +;+}; diff --git a/security/nss/lib/ckfw/capi/nsscapi.h b/security/nss/lib/ckfw/capi/nsscapi.h new file mode 100644 index 000000000..1d80487e9 --- /dev/null +++ b/security/nss/lib/ckfw/capi/nsscapi.h @@ -0,0 +1,75 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * Portions created by Red Hat, Inc, are Copyright (C) 2005 + * + * Contributor(s): + * Bob Relyea (rrelyea@redhat.com) + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifndef NSSCAPI_H +#define NSSCAPI_H + +/* + * NSS CKCAPI Version numbers. + * + * These are the version numbers for the capi module packaged with + * this release on NSS. To determine the version numbers of the builtin + * module you are using, use the appropriate PKCS #11 calls. + * + * These version numbers detail changes to the PKCS #11 interface. They map + * to the PKCS #11 spec versions. + */ +#define NSS_CKCAPI_CRYPTOKI_VERSION_MAJOR 2 +#define NSS_CKCAPI_CRYPTOKI_VERSION_MINOR 20 + +/* These version numbers detail the changes + * to the list of trusted certificates. + * + * NSS_CKCAPI_LIBRARY_VERSION_MINOR is a CK_BYTE. It's not clear + * whether we may use its full range (0-255) or only 0-99 because + * of the comment in the CK_VERSION type definition. + */ +#define NSS_CKCAPI_LIBRARY_VERSION_MAJOR 1 +#define NSS_CKCAPI_LIBRARY_VERSION_MINOR 1 +#define NSS_CKCAPI_LIBRARY_VERSION "1.1" + +/* These version numbers detail the semantic changes to the ckfw engine. */ +#define NSS_CKCAPI_HARDWARE_VERSION_MAJOR 1 +#define NSS_CKCAPI_HARDWARE_VERSION_MINOR 0 + +/* These version numbers detail the semantic changes to ckbi itself + * (new PKCS #11 objects), etc. */ +#define NSS_CKCAPI_FIRMWARE_VERSION_MAJOR 1 +#define NSS_CKCAPI_FIRMWARE_VERSION_MINOR 0 + +#endif /* NSSCKBI_H */ diff --git a/security/nss/lib/ckfw/capi/nsscapi.rc b/security/nss/lib/ckfw/capi/nsscapi.rc new file mode 100644 index 000000000..254599f75 --- /dev/null +++ b/security/nss/lib/ckfw/capi/nsscapi.rc @@ -0,0 +1,96 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 2004 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#include "nsscapi.h" +#include <winver.h> + +#define MY_LIBNAME "nsscapi" +#define MY_FILEDESCRIPTION "NSS Access to Microsoft CAPI" + +#ifdef _DEBUG +#define MY_DEBUG_STR " (debug)" +#define MY_FILEFLAGS_1 VS_FF_DEBUG +#else +#define MY_DEBUG_STR "" +#define MY_FILEFLAGS_1 0x0L +#endif +#if NSS_BETA +#define MY_FILEFLAGS_2 MY_FILEFLAGS_1|VS_FF_PRERELEASE +#else +#define MY_FILEFLAGS_2 MY_FILEFLAGS_1 +#endif + +#ifdef WINNT +#define MY_FILEOS VOS_NT_WINDOWS32 +#else +#define MY_FILEOS VOS__WINDOWS32 +#endif + +#define MY_INTERNAL_NAME MY_LIBNAME + +///////////////////////////////////////////////////////////////////////////// +// +// Version-information resource +// + +VS_VERSION_INFO VERSIONINFO + FILEVERSION NSS_CKCAPI_LIBRARY_VERSION_MAJOR,NSS_CKCAPI_LIBRARY_VERSION_MINOR,0,0 + PRODUCTVERSION NSS_CKCAPI_LIBRARY_VERSION_MAJOR,NSS_CKCAPI_LIBRARY_VERSION_MINOR,0,0 + FILEFLAGSMASK VS_FFI_FILEFLAGSMASK + FILEFLAGS MY_FILEFLAGS_2 + FILEOS MY_FILEOS + FILETYPE VFT_DLL + FILESUBTYPE 0x0L // not used + +BEGIN + BLOCK "StringFileInfo" + BEGIN + BLOCK "040904B0" // Lang=US English, CharSet=Unicode + BEGIN + VALUE "CompanyName", "Mozilla Foundation\0" + VALUE "FileDescription", MY_FILEDESCRIPTION MY_DEBUG_STR "\0" + VALUE "FileVersion", NSS_CKCAPI_LIBRARY_VERSION "\0" + VALUE "InternalName", MY_INTERNAL_NAME "\0" + VALUE "OriginalFilename", MY_INTERNAL_NAME ".dll\0" + VALUE "ProductName", "Network Security Services\0" + VALUE "ProductVersion", NSS_CKCAPI_LIBRARY_VERSION "\0" + END + END + BLOCK "VarFileInfo" + BEGIN + VALUE "Translation", 0x409, 1200 + END +END diff --git a/security/nss/lib/ckfw/capi/staticobj.c b/security/nss/lib/ckfw/capi/staticobj.c new file mode 100644 index 000000000..d04dc8135 --- /dev/null +++ b/security/nss/lib/ckfw/capi/staticobj.c @@ -0,0 +1,77 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * Portions created by Red Hat, Inc, are Copyright (C) 2005 + * + * Contributor(s): + * Bob Relyea (rrelyea@redhat.com) + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$""; @(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +#ifndef CKCAPI_H +#include "ckcapi.h" +#endif /* CKCAPI_H */ + +static const CK_TRUST ckt_netscape_valid = CKT_NETSCAPE_VALID; +static const CK_OBJECT_CLASS cko_certificate = CKO_CERTIFICATE; +static const CK_TRUST ckt_netscape_trusted_delegator = CKT_NETSCAPE_TRUSTED_DELEGATOR; +static const CK_OBJECT_CLASS cko_netscape_trust = CKO_NETSCAPE_TRUST; +static const CK_BBOOL ck_true = CK_TRUE; +static const CK_OBJECT_CLASS cko_data = CKO_DATA; +static const CK_CERTIFICATE_TYPE ckc_x_509 = CKC_X_509; +static const CK_BBOOL ck_false = CK_FALSE; +static const CK_OBJECT_CLASS cko_netscape_builtin_root_list = CKO_NETSCAPE_BUILTIN_ROOT_LIST; + +/* example of a static object */ +static const CK_ATTRIBUTE_TYPE nss_ckcapi_types_1 [] = { + CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL +}; + +static const NSSItem nss_ckcapi_items_1 [] = { + { (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) }, + { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)"Mozilla CAPI Access", (PRUint32)20 } +}; + +ckcapiInternalObject nss_ckcapi_data[] = { + { ckcapiRaw, + { 5, nss_ckcapi_types_1, nss_ckcapi_items_1} , + }, + +}; + +const PRUint32 nss_ckcapi_nObjects = 1; diff --git a/security/nss/lib/ckfw/ck.api b/security/nss/lib/ckfw/ck.api new file mode 100644 index 000000000..501cbb0c8 --- /dev/null +++ b/security/nss/lib/ckfw/ck.api @@ -0,0 +1,575 @@ +# +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is +# Netscape Communications Corporation. +# Portions created by the Initial Developer are Copyright (C) 1994-2000 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** + +# This file is in part derived from a file "pkcs11f.h" made available +# by RSA Security at ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/pkcs11f.h + +CVS_ID "@(#) $RCSfile$ $Revision$ $Date$" + +# Fields +# FUNCTION introduces a Cryptoki function +# CK_type specifies and introduces an argument +# + +# General-purpose + +# C_Initialize initializes the Cryptoki library. +FUNCTION C_Initialize +CK_VOID_PTR pInitArgs # if this is not NULL_PTR, it gets + # cast to CK_C_INITIALIZE_ARGS_PTR + # and dereferenced + +# C_Finalize indicates that an application is done with the +# Cryptoki library. +FUNCTION C_Finalize +CK_VOID_PTR pReserved # reserved. Should be NULL_PTR + +# C_GetInfo returns general information about Cryptoki. +FUNCTION C_GetInfo +CK_INFO_PTR pInfo # location that receives information + +# C_GetFunctionList returns the function list. +FUNCTION C_GetFunctionList +CK_FUNCTION_LIST_PTR_PTR ppFunctionList # receives pointer to function + # list + + +# Slot and token management + +# C_GetSlotList obtains a list of slots in the system. +FUNCTION C_GetSlotList +CK_BBOOL tokenPresent # only slots with tokens? +CK_SLOT_ID_PTR pSlotList # receives array of slot IDs +CK_ULONG_PTR pulCount # receives number of slots + +# C_GetSlotInfo obtains information about a particular slot in the +# system. +FUNCTION C_GetSlotInfo +CK_SLOT_ID slotID # the ID of the slot +CK_SLOT_INFO_PTR pInfo # receives the slot information + +# C_GetTokenInfo obtains information about a particular token in the +# system. +FUNCTION C_GetTokenInfo +CK_SLOT_ID slotID # ID of the token's slot +CK_TOKEN_INFO_PTR pInfo # receives the token information + +# C_GetMechanismList obtains a list of mechanism types supported by a +# token. +FUNCTION C_GetMechanismList +CK_SLOT_ID slotID # ID of token's slot +CK_MECHANISM_TYPE_PTR pMechanismList # gets mech. array +CK_ULONG_PTR pulCount # gets # of mechs. + +# C_GetMechanismInfo obtains information about a particular mechanism +# possibly supported by a token. +FUNCTION C_GetMechanismInfo +CK_SLOT_ID slotID # ID of the token's slot +CK_MECHANISM_TYPE type # type of mechanism +CK_MECHANISM_INFO_PTR pInfo # receives mechanism info + +# C_InitToken initializes a token. +FUNCTION C_InitToken +CK_SLOT_ID slotID # ID of the token's slot +CK_CHAR_PTR pPin # the SO's initial PIN +CK_ULONG ulPinLen # length in bytes of the PIN +CK_CHAR_PTR pLabel # 32-byte token label (blank padded) + +# C_InitPIN initializes the normal user's PIN. +FUNCTION C_InitPIN +CK_SESSION_HANDLE hSession # the session's handle +CK_CHAR_PTR pPin # the normal user's PIN +CK_ULONG ulPinLen # length in bytes of the PIN + +# C_SetPIN modifies the PIN of the user who is logged in. +FUNCTION C_SetPIN +CK_SESSION_HANDLE hSession # the session's handle +CK_CHAR_PTR pOldPin # the old PIN +CK_ULONG ulOldLen # length of the old PIN +CK_CHAR_PTR pNewPin # the new PIN +CK_ULONG ulNewLen # length of the new PIN + + +# Session management + +# C_OpenSession opens a session between an application and a token. +FUNCTION C_OpenSession +CK_SLOT_ID slotID # the slot's ID +CK_FLAGS flags # from CK_SESSION_INFO +CK_VOID_PTR pApplication # passed to callback +CK_NOTIFY Notify # callback function +CK_SESSION_HANDLE_PTR phSession # gets session handle + +# C_CloseSession closes a session between an application and a token. +FUNCTION C_CloseSession +CK_SESSION_HANDLE hSession # the session's handle + +# C_CloseAllSessions closes all sessions with a token. +FUNCTION C_CloseAllSessions +CK_SLOT_ID slotID # the token's slot + +# C_GetSessionInfo obtains information about the session. +FUNCTION C_GetSessionInfo +CK_SESSION_HANDLE hSession # the session's handle +CK_SESSION_INFO_PTR pInfo # receives session info + +# C_GetOperationState obtains the state of the cryptographic +# operation in a session. +FUNCTION C_GetOperationState +CK_SESSION_HANDLE hSession # session's handle +CK_BYTE_PTR pOperationState # gets state +CK_ULONG_PTR pulOperationStateLen # gets state length + +# C_SetOperationState restores the state of the cryptographic +# operation in a session. +FUNCTION C_SetOperationState +CK_SESSION_HANDLE hSession # session's handle +CK_BYTE_PTR pOperationState # holds state +CK_ULONG ulOperationStateLen # holds state length +CK_OBJECT_HANDLE hEncryptionKey # en/decryption key +CK_OBJECT_HANDLE hAuthenticationKey # sign/verify key + +# C_Login logs a user into a token. +FUNCTION C_Login +CK_SESSION_HANDLE hSession # the session's handle +CK_USER_TYPE userType # the user type +CK_CHAR_PTR pPin # the user's PIN +CK_ULONG ulPinLen # the length of the PIN + +# C_Logout logs a user out from a token. +FUNCTION C_Logout +CK_SESSION_HANDLE hSession # the session's handle + + +# Object management + +# C_CreateObject creates a new object. +FUNCTION C_CreateObject +CK_SESSION_HANDLE hSession # the session's handle +CK_ATTRIBUTE_PTR pTemplate # the object's template +CK_ULONG ulCount # attributes in template +CK_OBJECT_HANDLE_PTR phObject # gets new object's handle. + +# C_CopyObject copies an object, creating a new object for the copy. +FUNCTION C_CopyObject +CK_SESSION_HANDLE hSession # the session's handle +CK_OBJECT_HANDLE hObject # the object's handle +CK_ATTRIBUTE_PTR pTemplate # template for new object +CK_ULONG ulCount # attributes in template +CK_OBJECT_HANDLE_PTR phNewObject # receives handle of copy + +# C_DestroyObject destroys an object. +FUNCTION C_DestroyObject +CK_SESSION_HANDLE hSession # the session's handle +CK_OBJECT_HANDLE hObject # the object's handle + +# C_GetObjectSize gets the size of an object in bytes. +FUNCTION C_GetObjectSize +CK_SESSION_HANDLE hSession # the session's handle +CK_OBJECT_HANDLE hObject # the object's handle +CK_ULONG_PTR pulSize # receives size of object + +# C_GetAttributeValue obtains the value of one or more object +# attributes. +FUNCTION C_GetAttributeValue +CK_SESSION_HANDLE hSession # the session's handle +CK_OBJECT_HANDLE hObject # the object's handle +CK_ATTRIBUTE_PTR pTemplate # specifies attrs; gets vals +CK_ULONG ulCount # attributes in template + +# C_SetAttributeValue modifies the value of one or more object +# attributes +FUNCTION C_SetAttributeValue +CK_SESSION_HANDLE hSession # the session's handle +CK_OBJECT_HANDLE hObject # the object's handle +CK_ATTRIBUTE_PTR pTemplate # specifies attrs and values +CK_ULONG ulCount # attributes in template + +# C_FindObjectsInit initializes a search for token and session +# objects that match a template. +FUNCTION C_FindObjectsInit +CK_SESSION_HANDLE hSession # the session's handle +CK_ATTRIBUTE_PTR pTemplate # attribute values to match +CK_ULONG ulCount # attrs in search template + +# C_FindObjects continues a search for token and session objects that +# match a template, obtaining additional object handles. +FUNCTION C_FindObjects +CK_SESSION_HANDLE hSession # session's handle +CK_OBJECT_HANDLE_PTR phObject # gets obj. handles +CK_ULONG ulMaxObjectCount # max handles to get +CK_ULONG_PTR pulObjectCount # actual # returned + +# C_FindObjectsFinal finishes a search for token and session objects. +FUNCTION C_FindObjectsFinal +CK_SESSION_HANDLE hSession # the session's handle + + +# Encryption and decryption + +# C_EncryptInit initializes an encryption operation. +FUNCTION C_EncryptInit +CK_SESSION_HANDLE hSession # the session's handle +CK_MECHANISM_PTR pMechanism # the encryption mechanism +CK_OBJECT_HANDLE hKey # handle of encryption key + +# C_Encrypt encrypts single-part data. +FUNCTION C_Encrypt +CK_SESSION_HANDLE hSession # session's handle +CK_BYTE_PTR pData # the plaintext data +CK_ULONG ulDataLen # bytes of plaintext +CK_BYTE_PTR pEncryptedData # gets ciphertext +CK_ULONG_PTR pulEncryptedDataLen # gets c-text size + +# C_EncryptUpdate continues a multiple-part encryption operation. +FUNCTION C_EncryptUpdate +CK_SESSION_HANDLE hSession # session's handle +CK_BYTE_PTR pPart # the plaintext data +CK_ULONG ulPartLen # plaintext data len +CK_BYTE_PTR pEncryptedPart # gets ciphertext +CK_ULONG_PTR pulEncryptedPartLen # gets c-text size + +# C_EncryptFinal finishes a multiple-part encryption operation. +FUNCTION C_EncryptFinal +CK_SESSION_HANDLE hSession # session handle +CK_BYTE_PTR pLastEncryptedPart # last c-text +CK_ULONG_PTR pulLastEncryptedPartLen # gets last size + +# C_DecryptInit initializes a decryption operation. +FUNCTION C_DecryptInit +CK_SESSION_HANDLE hSession # the session's handle +CK_MECHANISM_PTR pMechanism # the decryption mechanism +CK_OBJECT_HANDLE hKey # handle of decryption key + +# C_Decrypt decrypts encrypted data in a single part. +FUNCTION C_Decrypt +CK_SESSION_HANDLE hSession # session's handle +CK_BYTE_PTR pEncryptedData # ciphertext +CK_ULONG ulEncryptedDataLen # ciphertext length +CK_BYTE_PTR pData # gets plaintext +CK_ULONG_PTR pulDataLen # gets p-text size + +# C_DecryptUpdate continues a multiple-part decryption operation. +FUNCTION C_DecryptUpdate +CK_SESSION_HANDLE hSession # session's handle +CK_BYTE_PTR pEncryptedPart # encrypted data +CK_ULONG ulEncryptedPartLen # input length +CK_BYTE_PTR pPart # gets plaintext +CK_ULONG_PTR pulPartLen # p-text size + +# C_DecryptFinal finishes a multiple-part decryption operation. +FUNCTION C_DecryptFinal +CK_SESSION_HANDLE hSession # the session's handle +CK_BYTE_PTR pLastPart # gets plaintext +CK_ULONG_PTR pulLastPartLen # p-text size + + +# Message digesting + +# C_DigestInit initializes a message-digesting operation. +FUNCTION C_DigestInit +CK_SESSION_HANDLE hSession # the session's handle +CK_MECHANISM_PTR pMechanism # the digesting mechanism + +# C_Digest digests data in a single part. +FUNCTION C_Digest +CK_SESSION_HANDLE hSession # the session's handle +CK_BYTE_PTR pData # data to be digested +CK_ULONG ulDataLen # bytes of data to digest +CK_BYTE_PTR pDigest # gets the message digest +CK_ULONG_PTR pulDigestLen # gets digest length + +# C_DigestUpdate continues a multiple-part message-digesting operation. +FUNCTION C_DigestUpdate +CK_SESSION_HANDLE hSession # the session's handle +CK_BYTE_PTR pPart # data to be digested +CK_ULONG ulPartLen # bytes of data to be digested + +# C_DigestKey continues a multi-part message-digesting operation, by +# digesting the value of a secret key as part of the data already +# digested. +FUNCTION C_DigestKey +CK_SESSION_HANDLE hSession # the session's handle +CK_OBJECT_HANDLE hKey # secret key to digest + +# C_DigestFinal finishes a multiple-part message-digesting operation. +FUNCTION C_DigestFinal +CK_SESSION_HANDLE hSession # the session's handle +CK_BYTE_PTR pDigest # gets the message digest +CK_ULONG_PTR pulDigestLen # gets byte count of digest + + +# Signing and MACing + +# C_SignInit initializes a signature (private key encryption) +# operation, where the signature is (will be) an appendix to the +# data, and plaintext cannot be recovered from the signature. +FUNCTION C_SignInit +CK_SESSION_HANDLE hSession # the session's handle +CK_MECHANISM_PTR pMechanism # the signature mechanism +CK_OBJECT_HANDLE hKey # handle of signature key + +# C_Sign signs (encrypts with private key) data in a single part, +# where the signature is (will be) an appendix to the data, and +# plaintext cannot be recovered from the signature. +FUNCTION C_Sign +CK_SESSION_HANDLE hSession # the session's handle +CK_BYTE_PTR pData # the data to sign +CK_ULONG ulDataLen # count of bytes to sign +CK_BYTE_PTR pSignature # gets the signature +CK_ULONG_PTR pulSignatureLen # gets signature length + +# C_SignUpdate continues a multiple-part signature operation, where +# the signature is (will be) an appendix to the data, and plaintext +# cannot be recovered from the signature. +FUNCTION C_SignUpdate +CK_SESSION_HANDLE hSession # the session's handle +CK_BYTE_PTR pPart # the data to sign +CK_ULONG ulPartLen # count of bytes to sign + +# C_SignFinal finishes a multiple-part signature operation, returning +# the signature. +FUNCTION C_SignFinal +CK_SESSION_HANDLE hSession # the session's handle +CK_BYTE_PTR pSignature # gets the signature +CK_ULONG_PTR pulSignatureLen # gets signature length + +# C_SignRecoverInit initializes a signature operation, where the data +# can be recovered from the signature. +FUNCTION C_SignRecoverInit +CK_SESSION_HANDLE hSession # the session's handle +CK_MECHANISM_PTR pMechanism # the signature mechanism +CK_OBJECT_HANDLE hKey # handle of the signature key + +# C_SignRecover signs data in a single operation, where the data can +# be recovered from the signature. +FUNCTION C_SignRecover +CK_SESSION_HANDLE hSession # the session's handle +CK_BYTE_PTR pData # the data to sign +CK_ULONG ulDataLen # count of bytes to sign +CK_BYTE_PTR pSignature # gets the signature +CK_ULONG_PTR pulSignatureLen # gets signature length + + +# Verifying signatures and MACs + +# C_VerifyInit initializes a verification operation, where the +# signature is an appendix to the data, and plaintext cannot cannot +# be recovered from the signature (e.g. DSA). +FUNCTION C_VerifyInit +CK_SESSION_HANDLE hSession # the session's handle +CK_MECHANISM_PTR pMechanism # the verification mechanism +CK_OBJECT_HANDLE hKey # verification key + +# C_Verify verifies a signature in a single-part operation, where the +# signature is an appendix to the data, and plaintext cannot be +# recovered from the signature. +FUNCTION C_Verify +CK_SESSION_HANDLE hSession # the session's handle +CK_BYTE_PTR pData # signed data +CK_ULONG ulDataLen # length of signed data +CK_BYTE_PTR pSignature # signature +CK_ULONG ulSignatureLen # signature length + +# C_VerifyUpdate continues a multiple-part verification operation, +# where the signature is an appendix to the data, and plaintext cannot be +# recovered from the signature. +FUNCTION C_VerifyUpdate +CK_SESSION_HANDLE hSession # the session's handle +CK_BYTE_PTR pPart # signed data +CK_ULONG ulPartLen # length of signed data + +# C_VerifyFinal finishes a multiple-part verification operation, +# checking the signature. +FUNCTION C_VerifyFinal +CK_SESSION_HANDLE hSession # the session's handle +CK_BYTE_PTR pSignature # signature to verify +CK_ULONG ulSignatureLen # signature length + +# C_VerifyRecoverInit initializes a signature verification operation, +# where the data is recovered from the signature. +FUNCTION C_VerifyRecoverInit +CK_SESSION_HANDLE hSession # the session's handle +CK_MECHANISM_PTR pMechanism # the verification mechanism +CK_OBJECT_HANDLE hKey # verification key + +# C_VerifyRecover verifies a signature in a single-part operation, +# where the data is recovered from the signature. +FUNCTION C_VerifyRecover +CK_SESSION_HANDLE hSession # the session's handle +CK_BYTE_PTR pSignature # signature to verify +CK_ULONG ulSignatureLen # signature length +CK_BYTE_PTR pData # gets signed data +CK_ULONG_PTR pulDataLen # gets signed data len + + +# Dual-function cryptographic operations + +# C_DigestEncryptUpdate continues a multiple-part digesting and +# encryption operation. +FUNCTION C_DigestEncryptUpdate +CK_SESSION_HANDLE hSession # session's handle +CK_BYTE_PTR pPart # the plaintext data +CK_ULONG ulPartLen # plaintext length +CK_BYTE_PTR pEncryptedPart # gets ciphertext +CK_ULONG_PTR pulEncryptedPartLen # gets c-text length + +# C_DecryptDigestUpdate continues a multiple-part decryption and +# digesting operation. +FUNCTION C_DecryptDigestUpdate +CK_SESSION_HANDLE hSession # session's handle +CK_BYTE_PTR pEncryptedPart # ciphertext +CK_ULONG ulEncryptedPartLen # ciphertext length +CK_BYTE_PTR pPart # gets plaintext +CK_ULONG_PTR pulPartLen # gets plaintext len + +# C_SignEncryptUpdate continues a multiple-part signing and +# encryption operation. +FUNCTION C_SignEncryptUpdate +CK_SESSION_HANDLE hSession # session's handle +CK_BYTE_PTR pPart # the plaintext data +CK_ULONG ulPartLen # plaintext length +CK_BYTE_PTR pEncryptedPart # gets ciphertext +CK_ULONG_PTR pulEncryptedPartLen # gets c-text length + +# C_DecryptVerifyUpdate continues a multiple-part decryption and +# verify operation. +FUNCTION C_DecryptVerifyUpdate +CK_SESSION_HANDLE hSession # session's handle +CK_BYTE_PTR pEncryptedPart # ciphertext +CK_ULONG ulEncryptedPartLen # ciphertext length +CK_BYTE_PTR pPart # gets plaintext +CK_ULONG_PTR pulPartLen # gets p-text length + + +# Key management + +# C_GenerateKey generates a secret key, creating a new key object. +FUNCTION C_GenerateKey +CK_SESSION_HANDLE hSession # the session's handle +CK_MECHANISM_PTR pMechanism # key generation mech. +CK_ATTRIBUTE_PTR pTemplate # template for new key +CK_ULONG ulCount # # of attrs in template +CK_OBJECT_HANDLE_PTR phKey # gets handle of new key + +# C_GenerateKeyPair generates a public-key/private-key pair, creating +# new key objects. +FUNCTION C_GenerateKeyPair +CK_SESSION_HANDLE hSession # session handle +CK_MECHANISM_PTR pMechanism # key-gen mech. +CK_ATTRIBUTE_PTR pPublicKeyTemplate # template for pub. key +CK_ULONG ulPublicKeyAttributeCount # # pub. attrs. +CK_ATTRIBUTE_PTR pPrivateKeyTemplate # template for priv. key +CK_ULONG ulPrivateKeyAttributeCount # # priv. attrs. +CK_OBJECT_HANDLE_PTR phPublicKey # gets pub. key handle +CK_OBJECT_HANDLE_PTR phPrivateKey # gets priv. key handle + +# C_WrapKey wraps (i.e., encrypts) a key. +FUNCTION C_WrapKey +CK_SESSION_HANDLE hSession # the session's handle +CK_MECHANISM_PTR pMechanism # the wrapping mechanism +CK_OBJECT_HANDLE hWrappingKey # wrapping key +CK_OBJECT_HANDLE hKey # key to be wrapped +CK_BYTE_PTR pWrappedKey # gets wrapped key +CK_ULONG_PTR pulWrappedKeyLen # gets wrapped key size + +# C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new key +# object. +FUNCTION C_UnwrapKey +CK_SESSION_HANDLE hSession # session's handle +CK_MECHANISM_PTR pMechanism # unwrapping mech. +CK_OBJECT_HANDLE hUnwrappingKey # unwrapping key +CK_BYTE_PTR pWrappedKey # the wrapped key +CK_ULONG ulWrappedKeyLen # wrapped key len +CK_ATTRIBUTE_PTR pTemplate # new key template +CK_ULONG ulAttributeCount # template length +CK_OBJECT_HANDLE_PTR phKey # gets new handle + +# C_DeriveKey derives a key from a base key, creating a new key object. +FUNCTION C_DeriveKey +CK_SESSION_HANDLE hSession # session's handle +CK_MECHANISM_PTR pMechanism # key deriv. mech. +CK_OBJECT_HANDLE hBaseKey # base key +CK_ATTRIBUTE_PTR pTemplate # new key template +CK_ULONG ulAttributeCount # template length +CK_OBJECT_HANDLE_PTR phKey # gets new handle + + +# Random number generation + +# C_SeedRandom mixes additional seed material into the token's random +# number generator. +FUNCTION C_SeedRandom +CK_SESSION_HANDLE hSession # the session's handle +CK_BYTE_PTR pSeed # the seed material +CK_ULONG ulSeedLen # length of seed material + +# C_GenerateRandom generates random data. +FUNCTION C_GenerateRandom +CK_SESSION_HANDLE hSession # the session's handle +CK_BYTE_PTR RandomData # receives the random data +CK_ULONG ulRandomLen # # of bytes to generate + + +# Parallel function management + +# C_GetFunctionStatus is a legacy function; it obtains an updated +# status of a function running in parallel with an application. +FUNCTION C_GetFunctionStatus +CK_SESSION_HANDLE hSession # the session's handle + +# C_CancelFunction is a legacy function; it cancels a function running +# in parallel. +FUNCTION C_CancelFunction +CK_SESSION_HANDLE hSession # the session's handle + + +# Functions added in for Cryptoki Version 2.01 or later + +# C_WaitForSlotEvent waits for a slot event (token insertion, removal, +# etc.) to occur. +FUNCTION C_WaitForSlotEvent +CK_FLAGS flags # blocking/nonblocking flag +CK_SLOT_ID_PTR pSlot # location that receives the slot ID +CK_VOID_PTR pRserved # reserved. Should be NULL_PTR + +## C_ConfigureSlot passes an installation-specified bytestring to a +## slot. +#FUNCTION C_ConfigureSlot +#CK_SLOT_ID slotID # the slot to configure +#CK_BYTE_PTR pConfig # the configuration string +#CK_ULONG ulConfigLen # length of the config string diff --git a/security/nss/lib/ckfw/ck.h b/security/nss/lib/ckfw/ck.h new file mode 100644 index 000000000..7314292cb --- /dev/null +++ b/security/nss/lib/ckfw/ck.h @@ -0,0 +1,124 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifndef CK_H +#define CK_H + +#ifdef DEBUG +static const char CK_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +/* + * ck.h + * + * This header file consolidates all header files needed by the source + * files implementing the NSS Cryptoki Framework. This makes managing + * the source files a bit easier. + */ + +/* Types */ + +#ifndef NSSBASET_H +#include "nssbaset.h" +#endif /* NSSBASET_H */ + +#ifndef NSSCKT_H +#include "nssckt.h" +#endif /* NSSCKT_H */ + +#ifndef NSSCKFT_H +#include "nssckft.h" +#endif /* NSSCKFT_H */ + +#ifndef NSSCKEPV_H +#include "nssckepv.h" +#endif /* NSSCKEPV_H */ + +#ifndef NSSCKFWT_H +#include "nssckfwt.h" +#endif /* NSSCKFWT_H */ + +#ifndef NSSCKMDT_H +#include "nssckmdt.h" +#endif /* NSSCKMDT_H */ + +#ifndef CKT_H +#include "ckt.h" +#endif /* CKT_H */ + +#ifndef CKFWTM_H +#include "ckfwtm.h" +#endif /* CKFWTM_H */ + +/* Prototypes */ + +#ifndef NSSBASE_H +#include "nssbase.h" +#endif /* NSSBASE_H */ + +#ifndef NSSCKG_H +#include "nssckg.h" +#endif /* NSSCKG_H */ + +#ifndef NSSCKFW_H +#include "nssckfw.h" +#endif /* NSSCKFW_H */ + +#ifndef NSSCKFWC_H +#include "nssckfwc.h" +#endif /* NSSCKFWC_H */ + +#ifndef CKFW_H +#include "ckfw.h" +#endif /* CKFW_H */ + +#ifndef CKFWM_H +#include "ckfwm.h" +#endif /* CKFWM_H */ + +#ifndef CKMD_H +#include "ckmd.h" +#endif /* CKMD_H */ + +/* NSS-private */ + +/* nss_ZNEW and the like. We might want to publish the memory APIs.. */ + +#ifndef BASE_H +#include "base.h" +#endif /* BASE_H */ + +#endif /* CK_H */ diff --git a/security/nss/lib/ckfw/ckapi.perl b/security/nss/lib/ckfw/ckapi.perl new file mode 100644 index 000000000..927737510 --- /dev/null +++ b/security/nss/lib/ckfw/ckapi.perl @@ -0,0 +1,515 @@ +#!perl +# +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is +# Netscape Communications Corporation. +# Portions created by the Initial Developer are Copyright (C) 1994-2000 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** +$cvs_id = '@(#) $RCSfile$ $Revision$ $Date$'; + +$copyright = '/* THIS IS A GENERATED FILE */ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ +'; + +$count = -1; +$i = 0; + +open(INPUT, "<$ARGV[0]") || die "Can't open $ARGV[0]: $!"; + +while(<INPUT>) { + s/^((?:[^"#]+|"[^"]*")*)(\s*#.*$)/$1/; + next if (/^\s*$/); + +# print; + + /^([\S]+)\s+([^"][\S]*|"[^"]*")/; + $name = $1; + $value = $2; + + if( ($name =~ "FUNCTION") && !($name =~ "CK_FUNCTION") ) { + $count++; + $x[$count]{name} = $value; + $i = 0; + } else { + if( $count < 0 ) { + $value =~ s/"//g; + $g{$name} = $value; + } else { + $x[$count]{args}[$i]{type} = $name; + $x[$count]{args}[$i]{name} = $value; + $i++; + $x[$count]{nargs} = $i; # rewritten each time, oh well + } + } +} + +close INPUT; + +# dodump(); +doprint(); + +sub dodump { + for( $j = 0; $j <= $count; $j++ ) { + print "CK_RV CK_ENTRY $x[$j]{name}\n"; + for( $i = 0; $i < $x[$j]{nargs}; $i++ ) { + print " $x[$j]{args}[$i]{type} $x[$j]{args}[$i]{name}"; + if( $i == ($x[$j]{nargs} - 1) ) { + print "\n"; + } else { + print ",\n"; + } + } + } +} + +sub doprint { +open(PROTOTYPE, ">nssckg.h") || die "Can't open nssckg.h: $!"; +open(TYPEDEF, ">nssckft.h") || die "Can't open nssckft.h: $!"; +open(EPV, ">nssckepv.h") || die "Can't open nssckepv.h: $!"; +open(API, ">nssck.api") || die "Can't open nssck.api: $!"; + +select PROTOTYPE; + +print $copyright; +print <<EOD +#ifndef NSSCKG_H +#define NSSCKG_H + +#ifdef DEBUG +static const char NSSCKG_CVS_ID[] = "$g{CVS_ID} ; $cvs_id"; +#endif /* DEBUG */ + +/* + * nssckg.h + * + * This automatically-generated header file prototypes the Cryptoki + * functions specified by PKCS#11. + */ + +#ifndef NSSCKT_H +#include "nssckt.h" +#endif /* NSSCKT_H */ + +EOD + ; + +for( $j = 0; $j <= $count; $j++ ) { + print "CK_RV CK_ENTRY $x[$j]{name}\n"; + print "(\n"; + for( $i = 0; $i < $x[$j]{nargs}; $i++ ) { + print " $x[$j]{args}[$i]{type} $x[$j]{args}[$i]{name}"; + if( $i == ($x[$j]{nargs} - 1) ) { + print "\n"; + } else { + print ",\n"; + } + } + print ");\n\n"; +} + +print <<EOD +#endif /* NSSCKG_H */ +EOD + ; + +select TYPEDEF; + +print $copyright; +print <<EOD +#ifndef NSSCKFT_H +#define NSSCKFT_H + +#ifdef DEBUG +static const char NSSCKFT_CVS_ID[] = "$g{CVS_ID} ; $cvs_id"; +#endif /* DEBUG */ + +/* + * nssckft.h + * + * The automatically-generated header file declares a typedef + * each of the Cryptoki functions specified by PKCS#11. + */ + +#ifndef NSSCKT_H +#include "nssckt.h" +#endif /* NSSCKT_H */ + +EOD + ; + +for( $j = 0; $j <= $count; $j++ ) { +# print "typedef CK_RV (CK_ENTRY *CK_$x[$j]{name})(\n"; + print "typedef CK_CALLBACK_FUNCTION(CK_RV, CK_$x[$j]{name})(\n"; + for( $i = 0; $i < $x[$j]{nargs}; $i++ ) { + print " $x[$j]{args}[$i]{type} $x[$j]{args}[$i]{name}"; + if( $i == ($x[$j]{nargs} - 1) ) { + print "\n"; + } else { + print ",\n"; + } + } + print ");\n\n"; +} + +print <<EOD +#endif /* NSSCKFT_H */ +EOD + ; + +select EPV; + +print $copyright; +print <<EOD +#ifndef NSSCKEPV_H +#define NSSCKEPV_H + +#ifdef DEBUG +static const char NSSCKEPV_CVS_ID[] = "$g{CVS_ID} ; $cvs_id"; +#endif /* DEBUG */ + +/* + * nssckepv.h + * + * This automatically-generated header file defines the type + * CK_FUNCTION_LIST specified by PKCS#11. + */ + +#ifndef NSSCKT_H +#include "nssckt.h" +#endif /* NSSCKT_H */ + +#ifndef NSSCKFT_H +#include "nssckft.h" +#endif /* NSSCKFT_H */ + +#include "nssckp.h" + +struct CK_FUNCTION_LIST { + CK_VERSION version; +EOD + ; + +for( $j = 0; $j <= $count; $j++ ) { + print " CK_$x[$j]{name} $x[$j]{name};\n"; +} + +print <<EOD +}; + +#include "nsscku.h" + +#endif /* NSSCKEPV_H */ +EOD + ; + +select API; + +print $copyright; +print <<EOD + +#ifdef DEBUG +static const char NSSCKAPI_CVS_ID[] = "$g{CVS_ID} ; $cvs_id"; +#endif /* DEBUG */ + +/* + * nssck.api + * + * This automatically-generated file is used to generate a set of + * Cryptoki entry points within the object space of a Module using + * the NSS Cryptoki Framework. + * + * The Module should have a .c file with the following: + * + * #define MODULE_NAME name + * #define INSTANCE_NAME instance + * #include "nssck.api" + * + * where "name" is some module-specific name that can be used to + * disambiguate various modules. This included file will then + * define the actual Cryptoki routines which pass through to the + * Framework calls. All routines, except C_GetFunctionList, will + * be prefixed with the name; C_GetFunctionList will be generated + * to return an entry-point vector with these routines. The + * instance specified should be the basic instance of NSSCKMDInstance. + * + * If, prior to including nssck.api, the .c file also specifies + * + * #define DECLARE_STRICT_CRYTPOKI_NAMES + * + * Then a set of "stub" routines not prefixed with the name will + * be included. This would allow the combined module and framework + * to be used in applications which are hard-coded to use the + * PKCS#11 names (instead of going through the EPV). Please note + * that such applications should be careful resolving symbols when + * more than one PKCS#11 module is loaded. + */ + +#ifndef MODULE_NAME +#error "Error: MODULE_NAME must be defined." +#endif /* MODULE_NAME */ + +#ifndef INSTANCE_NAME +#error "Error: INSTANCE_NAME must be defined." +#endif /* INSTANCE_NAME */ + +#ifndef NSSCKT_H +#include "nssckt.h" +#endif /* NSSCKT_H */ + +#ifndef NSSCKFWT_H +#include "nssckfwt.h" +#endif /* NSSCKFWT_H */ + +#ifndef NSSCKFWC_H +#include "nssckfwc.h" +#endif /* NSSCKFWC_H */ + +#ifndef NSSCKEPV_H +#include "nssckepv.h" +#endif /* NSSCKEPV_H */ + +#define ADJOIN(x,y) x##y + +#define __ADJOIN(x,y) ADJOIN(x,y) + +/* + * The anchor. This object is used to store an "anchor" pointer in + * the Module's object space, so the wrapper functions can relate + * back to this instance. + */ + +static NSSCKFWInstance *fwInstance = (NSSCKFWInstance *)0; + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_Initialize) +( + CK_VOID_PTR pInitArgs +) +{ + return NSSCKFWC_Initialize(&fwInstance, INSTANCE_NAME, pInitArgs); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_Initialize +( + CK_VOID_PTR pInitArgs +) +{ + return __ADJOIN(MODULE_NAME,C_Initialize)(pInitArgs); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_Finalize) +( + CK_VOID_PTR pReserved +) +{ + return NSSCKFWC_Finalize(&fwInstance); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_Finalize +( + CK_VOID_PTR pReserved +) +{ + return __ADJOIN(MODULE_NAME,C_Finalize)(pReserved); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_GetInfo) +( + CK_INFO_PTR pInfo +) +{ + return NSSCKFWC_GetInfo(fwInstance, pInfo); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_GetInfo +( + CK_INFO_PTR pInfo +) +{ + return __ADJOIN(MODULE_NAME,C_GetInfo)(pInfo); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +/* + * C_GetFunctionList is defined at the end. + */ + +EOD + ; + +for( $j = 4; $j <= $count; $j++ ) { + print "static CK_RV CK_ENTRY\n"; + print "__ADJOIN(MODULE_NAME,$x[$j]{name})\n"; + print "(\n"; + for( $i = 0; $i < $x[$j]{nargs}; $i++ ) { + print " $x[$j]{args}[$i]{type} $x[$j]{args}[$i]{name}"; + if( $i == ($x[$j]{nargs} - 1) ) { + print "\n"; + } else { + print ",\n"; + } + } + print ")\n"; + print "{\n"; + print " return NSSCKFW$x[$j]{name}(fwInstance, "; + for( $i = 0; $i < $x[$j]{nargs}; $i++ ) { + print "$x[$j]{args}[$i]{name}"; + if( $i == ($x[$j]{nargs} - 1) ) { + print ");\n"; + } else { + print ", "; + } + } + print "}\n\n"; + + print "#ifdef DECLARE_STRICT_CRYPTOKI_NAMES\n"; + print "CK_RV CK_ENTRY\n"; + print "$x[$j]{name}\n"; + print "(\n"; + for( $i = 0; $i < $x[$j]{nargs}; $i++ ) { + print " $x[$j]{args}[$i]{type} $x[$j]{args}[$i]{name}"; + if( $i == ($x[$j]{nargs} - 1) ) { + print "\n"; + } else { + print ",\n"; + } + } + print ")\n"; + print "{\n"; + print " return __ADJOIN(MODULE_NAME,$x[$j]{name})("; + for( $i = 0; $i < $x[$j]{nargs}; $i++ ) { + print "$x[$j]{args}[$i]{name}"; + if( $i == ($x[$j]{nargs} - 1) ) { + print ");\n"; + } else { + print ", "; + } + } + print "}\n"; + print "#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */\n\n"; +} + +print <<EOD +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_GetFunctionList) +( + CK_FUNCTION_LIST_PTR_PTR ppFunctionList +); + +static CK_FUNCTION_LIST FunctionList = { + { 2, 1 }, +EOD + ; + +for( $j = 0; $j <= $count; $j++ ) { + print "__ADJOIN(MODULE_NAME,$x[$j]{name})"; + if( $j < $count ) { + print ",\n"; + } else { + print "\n};\n\n"; + } +} + +print <<EOD +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_GetFunctionList) +( + CK_FUNCTION_LIST_PTR_PTR ppFunctionList +) +{ + *ppFunctionList = &FunctionList; + return CKR_OK; +} + +/* This one is always present */ +CK_RV CK_ENTRY +C_GetFunctionList +( + CK_FUNCTION_LIST_PTR_PTR ppFunctionList +) +{ + return __ADJOIN(MODULE_NAME,C_GetFunctionList)(ppFunctionList); +} + +#undef __ADJOIN + +EOD + ; + +select STDOUT; + +} diff --git a/security/nss/lib/ckfw/ckfw.h b/security/nss/lib/ckfw/ckfw.h new file mode 100644 index 000000000..a6dfcede3 --- /dev/null +++ b/security/nss/lib/ckfw/ckfw.h @@ -0,0 +1,2462 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifndef CKFW_H +#define CKFW_H + +#ifdef DEBUG +static const char CKFW_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +/* + * ckfw.h + * + * This file prototypes the private calls of the NSS Cryptoki Framework. + */ + +#ifndef NSSBASET_H +#include "nssbaset.h" +#endif /* NSSBASET_H */ + +#ifndef NSSCKT_H +#include "nssckt.h" +#endif /* NSSCKT_H */ + +#ifndef NSSCKFWT_H +#include "nssckfwt.h" +#endif /* NSSCKFWT_H */ + +#ifndef NSSCKMDT_H +#include "nssckmdt.h" +#endif /* NSSCKMDT_H */ + +/* + * NSSCKFWInstance + * + * -- create/destroy -- + * nssCKFWInstance_Create + * nssCKFWInstance_Destroy + * + * -- implement public accessors -- + * nssCKFWInstance_GetMDInstance + * nssCKFWInstance_GetArena + * nssCKFWInstance_MayCreatePthreads + * nssCKFWInstance_CreateMutex + * nssCKFWInstance_GetConfigurationData + * nssCKFWInstance_GetInitArgs + * + * -- private accessors -- + * nssCKFWInstance_CreateSessionHandle + * nssCKFWInstance_ResolveSessionHandle + * nssCKFWInstance_DestroySessionHandle + * nssCKFWInstance_FindSessionHandle + * nssCKFWInstance_CreateObjectHandle + * nssCKFWInstance_ResolveObjectHandle + * nssCKFWInstance_DestroyObjectHandle + * nssCKFWInstance_FindObjectHandle + * + * -- module fronts -- + * nssCKFWInstance_GetNSlots + * nssCKFWInstance_GetCryptokiVersion + * nssCKFWInstance_GetManufacturerID + * nssCKFWInstance_GetFlags + * nssCKFWInstance_GetLibraryDescription + * nssCKFWInstance_GetLibraryVersion + * nssCKFWInstance_GetModuleHandlesSessionObjects + * nssCKFWInstance_GetSlots + * nssCKFWInstance_WaitForSlotEvent + * + * -- debugging versions only -- + * nssCKFWInstance_verifyPointer + */ + +/* + * nssCKFWInstance_Create + * + */ +NSS_EXTERN NSSCKFWInstance * +nssCKFWInstance_Create +( + CK_C_INITIALIZE_ARGS_PTR pInitArgs, + CryptokiLockingState LockingState, + NSSCKMDInstance *mdInstance, + CK_RV *pError +); + +/* + * nssCKFWInstance_Destroy + * + */ +NSS_EXTERN CK_RV +nssCKFWInstance_Destroy +( + NSSCKFWInstance *fwInstance +); + +/* + * nssCKFWInstance_GetMDInstance + * + */ +NSS_EXTERN NSSCKMDInstance * +nssCKFWInstance_GetMDInstance +( + NSSCKFWInstance *fwInstance +); + +/* + * nssCKFWInstance_GetArena + * + */ +NSS_EXTERN NSSArena * +nssCKFWInstance_GetArena +( + NSSCKFWInstance *fwInstance, + CK_RV *pError +); + +/* + * nssCKFWInstance_MayCreatePthreads + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWInstance_MayCreatePthreads +( + NSSCKFWInstance *fwInstance +); + +/* + * nssCKFWInstance_CreateMutex + * + */ +NSS_EXTERN NSSCKFWMutex * +nssCKFWInstance_CreateMutex +( + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError +); + +/* + * nssCKFWInstance_GetConfigurationData + * + */ +NSS_EXTERN NSSUTF8 * +nssCKFWInstance_GetConfigurationData +( + NSSCKFWInstance *fwInstance +); + +/* + * nssCKFWInstance_GetInitArgs + * + */ +NSS_EXTERN CK_C_INITIALIZE_ARGS_PTR +nssCKFWInstance_GetInitArgs +( + NSSCKFWInstance *fwInstance +); + +/* + * nssCKFWInstance_CreateSessionHandle + * + */ +NSS_EXTERN CK_SESSION_HANDLE +nssCKFWInstance_CreateSessionHandle +( + NSSCKFWInstance *fwInstance, + NSSCKFWSession *fwSession, + CK_RV *pError +); + +/* + * nssCKFWInstance_ResolveSessionHandle + * + */ +NSS_EXTERN NSSCKFWSession * +nssCKFWInstance_ResolveSessionHandle +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession +); + +/* + * nssCKFWInstance_DestroySessionHandle + * + */ +NSS_EXTERN void +nssCKFWInstance_DestroySessionHandle +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession +); + +/* + * nssCKFWInstance_FindSessionHandle + * + */ +NSS_EXTERN CK_SESSION_HANDLE +nssCKFWInstance_FindSessionHandle +( + NSSCKFWInstance *fwInstance, + NSSCKFWSession *fwSession +); + +/* + * nssCKFWInstance_CreateObjectHandle + * + */ +NSS_EXTERN CK_OBJECT_HANDLE +nssCKFWInstance_CreateObjectHandle +( + NSSCKFWInstance *fwInstance, + NSSCKFWObject *fwObject, + CK_RV *pError +); + +/* + * nssCKFWInstance_ResolveObjectHandle + * + */ +NSS_EXTERN NSSCKFWObject * +nssCKFWInstance_ResolveObjectHandle +( + NSSCKFWInstance *fwInstance, + CK_OBJECT_HANDLE hObject +); + +/* + * nssCKFWInstance_ReassignObjectHandle + * + */ +NSS_EXTERN CK_RV +nssCKFWInstance_ReassignObjectHandle +( + NSSCKFWInstance *fwInstance, + CK_OBJECT_HANDLE hObject, + NSSCKFWObject *fwObject +); + +/* + * nssCKFWInstance_DestroyObjectHandle + * + */ +NSS_EXTERN void +nssCKFWInstance_DestroyObjectHandle +( + NSSCKFWInstance *fwInstance, + CK_OBJECT_HANDLE hObject +); + +/* + * nssCKFWInstance_FindObjectHandle + * + */ +NSS_EXTERN CK_OBJECT_HANDLE +nssCKFWInstance_FindObjectHandle +( + NSSCKFWInstance *fwInstance, + NSSCKFWObject *fwObject +); + +/* + * nssCKFWInstance_GetNSlots + * + */ +NSS_EXTERN CK_ULONG +nssCKFWInstance_GetNSlots +( + NSSCKFWInstance *fwInstance, + CK_RV *pError +); + +/* + * nssCKFWInstance_GetCryptokiVersion + * + */ +NSS_EXTERN CK_VERSION +nssCKFWInstance_GetCryptokiVersion +( + NSSCKFWInstance *fwInstance +); + +/* + * nssCKFWInstance_GetManufacturerID + * + */ +NSS_EXTERN CK_RV +nssCKFWInstance_GetManufacturerID +( + NSSCKFWInstance *fwInstance, + CK_CHAR manufacturerID[32] +); + +/* + * nssCKFWInstance_GetFlags + * + */ +NSS_EXTERN CK_ULONG +nssCKFWInstance_GetFlags +( + NSSCKFWInstance *fwInstance +); + +/* + * nssCKFWInstance_GetLibraryDescription + * + */ +NSS_EXTERN CK_RV +nssCKFWInstance_GetLibraryDescription +( + NSSCKFWInstance *fwInstance, + CK_CHAR libraryDescription[32] +); + +/* + * nssCKFWInstance_GetLibraryVersion + * + */ +NSS_EXTERN CK_VERSION +nssCKFWInstance_GetLibraryVersion +( + NSSCKFWInstance *fwInstance +); + +/* + * nssCKFWInstance_GetModuleHandlesSessionObjects + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWInstance_GetModuleHandlesSessionObjects +( + NSSCKFWInstance *fwInstance +); + +/* + * nssCKFWInstance_GetSlots + * + */ +NSS_EXTERN NSSCKFWSlot ** +nssCKFWInstance_GetSlots +( + NSSCKFWInstance *fwInstance, + CK_RV *pError +); + +/* + * nssCKFWInstance_WaitForSlotEvent + * + */ +NSS_EXTERN NSSCKFWSlot * +nssCKFWInstance_WaitForSlotEvent +( + NSSCKFWInstance *fwInstance, + CK_BBOOL block, + CK_RV *pError +); + +/* + * nssCKFWInstance_verifyPointer + * + */ +NSS_EXTERN CK_RV +nssCKFWInstance_verifyPointer +( + const NSSCKFWInstance *fwInstance +); + + +/* + * NSSCKFWSlot + * + * -- create/destroy -- + * nssCKFWSlot_Create + * nssCKFWSlot_Destroy + * + * -- implement public accessors -- + * nssCKFWSlot_GetMDSlot + * nssCKFWSlot_GetFWInstance + * nssCKFWSlot_GetMDInstance + * + * -- private accessors -- + * nssCKFWSlot_GetSlotID + * + * -- module fronts -- + * nssCKFWSlot_GetSlotDescription + * nssCKFWSlot_GetManufacturerID + * nssCKFWSlot_GetTokenPresent + * nssCKFWSlot_GetRemovableDevice + * nssCKFWSlot_GetHardwareSlot + * nssCKFWSlot_GetHardwareVersion + * nssCKFWSlot_GetFirmwareVersion + * nssCKFWSlot_GetToken + */ + +/* + * nssCKFWSlot_Create + * + */ +NSS_EXTERN NSSCKFWSlot * +nssCKFWSlot_Create +( + NSSCKFWInstance *fwInstance, + NSSCKMDSlot *mdSlot, + CK_SLOT_ID slotID, + CK_RV *pError +); + +/* + * nssCKFWSlot_Destroy + * + */ +NSS_EXTERN CK_RV +nssCKFWSlot_Destroy +( + NSSCKFWSlot *fwSlot +); + +/* + * nssCKFWSlot_GetMDSlot + * + */ +NSS_EXTERN NSSCKMDSlot * +nssCKFWSlot_GetMDSlot +( + NSSCKFWSlot *fwSlot +); + +/* + * nssCKFWSlot_GetFWInstance + * + */ + +NSS_EXTERN NSSCKFWInstance * +nssCKFWSlot_GetFWInstance +( + NSSCKFWSlot *fwSlot +); + +/* + * nssCKFWSlot_GetMDInstance + * + */ + +NSS_EXTERN NSSCKMDInstance * +nssCKFWSlot_GetMDInstance +( + NSSCKFWSlot *fwSlot +); + +/* + * nssCKFWSlot_GetSlotID + * + */ +NSS_EXTERN CK_SLOT_ID +nssCKFWSlot_GetSlotID +( + NSSCKFWSlot *fwSlot +); + +/* + * nssCKFWSlot_GetSlotDescription + * + */ +NSS_EXTERN CK_RV +nssCKFWSlot_GetSlotDescription +( + NSSCKFWSlot *fwSlot, + CK_CHAR slotDescription[64] +); + +/* + * nssCKFWSlot_GetManufacturerID + * + */ +NSS_EXTERN CK_RV +nssCKFWSlot_GetManufacturerID +( + NSSCKFWSlot *fwSlot, + CK_CHAR manufacturerID[32] +); + +/* + * nssCKFWSlot_GetTokenPresent + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWSlot_GetTokenPresent +( + NSSCKFWSlot *fwSlot +); + +/* + * nssCKFWSlot_GetRemovableDevice + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWSlot_GetRemovableDevice +( + NSSCKFWSlot *fwSlot +); + +/* + * nssCKFWSlot_GetHardwareSlot + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWSlot_GetHardwareSlot +( + NSSCKFWSlot *fwSlot +); + +/* + * nssCKFWSlot_GetHardwareVersion + * + */ +NSS_EXTERN CK_VERSION +nssCKFWSlot_GetHardwareVersion +( + NSSCKFWSlot *fwSlot +); + +/* + * nssCKFWSlot_GetFirmwareVersion + * + */ +NSS_EXTERN CK_VERSION +nssCKFWSlot_GetFirmwareVersion +( + NSSCKFWSlot *fwSlot +); + +/* + * nssCKFWSlot_GetToken + * + */ +NSS_EXTERN NSSCKFWToken * +nssCKFWSlot_GetToken +( + NSSCKFWSlot *fwSlot, + CK_RV *pError +); + +/* + * nssCKFWSlot_ClearToken + * + */ +NSS_EXTERN void +nssCKFWSlot_ClearToken +( + NSSCKFWSlot *fwSlot +); + +/* + * NSSCKFWToken + * + * -- create/destroy -- + * nssCKFWToken_Create + * nssCKFWToken_Destroy + * + * -- implement public accessors -- + * nssCKFWToken_GetMDToken + * nssCKFWToken_GetFWSlot + * nssCKFWToken_GetMDSlot + * nssCKFWToken_GetSessionState + * + * -- private accessors -- + * nssCKFWToken_SetSessionState + * nssCKFWToken_RemoveSession + * nssCKFWToken_CloseAllSessions + * nssCKFWToken_GetSessionCount + * nssCKFWToken_GetRwSessionCount + * nssCKFWToken_GetRoSessionCount + * nssCKFWToken_GetSessionObjectHash + * nssCKFWToken_GetMDObjectHash + * nssCKFWToken_GetObjectHandleHash + * + * -- module fronts -- + * nssCKFWToken_InitToken + * nssCKFWToken_GetLabel + * nssCKFWToken_GetManufacturerID + * nssCKFWToken_GetModel + * nssCKFWToken_GetSerialNumber + * nssCKFWToken_GetHasRNG + * nssCKFWToken_GetIsWriteProtected + * nssCKFWToken_GetLoginRequired + * nssCKFWToken_GetUserPinInitialized + * nssCKFWToken_GetRestoreKeyNotNeeded + * nssCKFWToken_GetHasClockOnToken + * nssCKFWToken_GetHasProtectedAuthenticationPath + * nssCKFWToken_GetSupportsDualCryptoOperations + * nssCKFWToken_GetMaxSessionCount + * nssCKFWToken_GetMaxRwSessionCount + * nssCKFWToken_GetMaxPinLen + * nssCKFWToken_GetMinPinLen + * nssCKFWToken_GetTotalPublicMemory + * nssCKFWToken_GetFreePublicMemory + * nssCKFWToken_GetTotalPrivateMemory + * nssCKFWToken_GetFreePrivateMemory + * nssCKFWToken_GetHardwareVersion + * nssCKFWToken_GetFirmwareVersion + * nssCKFWToken_GetUTCTime + * nssCKFWToken_OpenSession + * nssCKFWToken_GetMechanismCount + * nssCKFWToken_GetMechanismTypes + * nssCKFWToken_GetMechanism + */ + +/* + * nssCKFWToken_Create + * + */ +NSS_EXTERN NSSCKFWToken * +nssCKFWToken_Create +( + NSSCKFWSlot *fwSlot, + NSSCKMDToken *mdToken, + CK_RV *pError +); + +/* + * nssCKFWToken_Destroy + * + */ +NSS_EXTERN CK_RV +nssCKFWToken_Destroy +( + NSSCKFWToken *fwToken +); + +/* + * nssCKFWToken_GetMDToken + * + */ +NSS_EXTERN NSSCKMDToken * +nssCKFWToken_GetMDToken +( + NSSCKFWToken *fwToken +); + +/* + * nssCKFWToken_GetArena + * + */ +NSS_EXTERN NSSArena * +nssCKFWToken_GetArena +( + NSSCKFWToken *fwToken, + CK_RV *pError +); + +/* + * nssCKFWToken_GetFWSlot + * + */ +NSS_EXTERN NSSCKFWSlot * +nssCKFWToken_GetFWSlot +( + NSSCKFWToken *fwToken +); + +/* + * nssCKFWToken_GetMDSlot + * + */ +NSS_EXTERN NSSCKMDSlot * +nssCKFWToken_GetMDSlot +( + NSSCKFWToken *fwToken +); + +/* + * nssCKFWToken_GetSessionState + * + */ +NSS_EXTERN CK_STATE +nssCKFWToken_GetSessionState +( + NSSCKFWToken *fwToken +); + +/* + * nssCKFWToken_InitToken + * + */ +NSS_EXTERN CK_RV +nssCKFWToken_InitToken +( + NSSCKFWToken *fwToken, + NSSItem *pin, + NSSUTF8 *label +); + +/* + * nssCKFWToken_GetLabel + * + */ +NSS_EXTERN CK_RV +nssCKFWToken_GetLabel +( + NSSCKFWToken *fwToken, + CK_CHAR label[32] +); + +/* + * nssCKFWToken_GetManufacturerID + * + */ +NSS_EXTERN CK_RV +nssCKFWToken_GetManufacturerID +( + NSSCKFWToken *fwToken, + CK_CHAR manufacturerID[32] +); + +/* + * nssCKFWToken_GetModel + * + */ +NSS_EXTERN CK_RV +nssCKFWToken_GetModel +( + NSSCKFWToken *fwToken, + CK_CHAR model[16] +); + +/* + * nssCKFWToken_GetSerialNumber + * + */ +NSS_EXTERN CK_RV +nssCKFWToken_GetSerialNumber +( + NSSCKFWToken *fwToken, + CK_CHAR serialNumber[16] +); + +/* + * nssCKFWToken_GetHasRNG + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWToken_GetHasRNG +( + NSSCKFWToken *fwToken +); + +/* + * nssCKFWToken_GetIsWriteProtected + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWToken_GetIsWriteProtected +( + NSSCKFWToken *fwToken +); + +/* + * nssCKFWToken_GetLoginRequired + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWToken_GetLoginRequired +( + NSSCKFWToken *fwToken +); + +/* + * nssCKFWToken_GetUserPinInitialized + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWToken_GetUserPinInitialized +( + NSSCKFWToken *fwToken +); + +/* + * nssCKFWToken_GetRestoreKeyNotNeeded + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWToken_GetRestoreKeyNotNeeded +( + NSSCKFWToken *fwToken +); + +/* + * nssCKFWToken_GetHasClockOnToken + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWToken_GetHasClockOnToken +( + NSSCKFWToken *fwToken +); + +/* + * nssCKFWToken_GetHasProtectedAuthenticationPath + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWToken_GetHasProtectedAuthenticationPath +( + NSSCKFWToken *fwToken +); + +/* + * nssCKFWToken_GetSupportsDualCryptoOperations + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWToken_GetSupportsDualCryptoOperations +( + NSSCKFWToken *fwToken +); + +/* + * nssCKFWToken_GetMaxSessionCount + * + */ +NSS_EXTERN CK_ULONG +nssCKFWToken_GetMaxSessionCount +( + NSSCKFWToken *fwToken +); + +/* + * nssCKFWToken_GetMaxRwSessionCount + * + */ +NSS_EXTERN CK_ULONG +nssCKFWToken_GetMaxRwSessionCount +( + NSSCKFWToken *fwToken +); + +/* + * nssCKFWToken_GetMaxPinLen + * + */ +NSS_EXTERN CK_ULONG +nssCKFWToken_GetMaxPinLen +( + NSSCKFWToken *fwToken +); + +/* + * nssCKFWToken_GetMinPinLen + * + */ +NSS_EXTERN CK_ULONG +nssCKFWToken_GetMinPinLen +( + NSSCKFWToken *fwToken +); + +/* + * nssCKFWToken_GetTotalPublicMemory + * + */ +NSS_EXTERN CK_ULONG +nssCKFWToken_GetTotalPublicMemory +( + NSSCKFWToken *fwToken +); + +/* + * nssCKFWToken_GetFreePublicMemory + * + */ +NSS_EXTERN CK_ULONG +nssCKFWToken_GetFreePublicMemory +( + NSSCKFWToken *fwToken +); + +/* + * nssCKFWToken_GetTotalPrivateMemory + * + */ +NSS_EXTERN CK_ULONG +nssCKFWToken_GetTotalPrivateMemory +( + NSSCKFWToken *fwToken +); + +/* + * nssCKFWToken_GetFreePrivateMemory + * + */ +NSS_EXTERN CK_ULONG +nssCKFWToken_GetFreePrivateMemory +( + NSSCKFWToken *fwToken +); + +/* + * nssCKFWToken_GetHardwareVersion + * + */ +NSS_EXTERN CK_VERSION +nssCKFWToken_GetHardwareVersion +( + NSSCKFWToken *fwToken +); + +/* + * nssCKFWToken_GetFirmwareVersion + * + */ +NSS_EXTERN CK_VERSION +nssCKFWToken_GetFirmwareVersion +( + NSSCKFWToken *fwToken +); + +/* + * nssCKFWToken_GetUTCTime + * + */ +NSS_EXTERN CK_RV +nssCKFWToken_GetUTCTime +( + NSSCKFWToken *fwToken, + CK_CHAR utcTime[16] +); + +/* + * nssCKFWToken_OpenSession + * + */ +NSS_EXTERN NSSCKFWSession * +nssCKFWToken_OpenSession +( + NSSCKFWToken *fwToken, + CK_BBOOL rw, + CK_VOID_PTR pApplication, + CK_NOTIFY Notify, + CK_RV *pError +); + +/* + * nssCKFWToken_GetMechanismCount + * + */ +NSS_EXTERN CK_ULONG +nssCKFWToken_GetMechanismCount +( + NSSCKFWToken *fwToken +); + +/* + * nssCKFWToken_GetMechanismTypes + * + */ +NSS_EXTERN CK_RV +nssCKFWToken_GetMechanismTypes +( + NSSCKFWToken *fwToken, + CK_MECHANISM_TYPE types[] +); + +/* + * nssCKFWToken_GetMechanism + * + */ +NSS_EXTERN NSSCKFWMechanism * +nssCKFWToken_GetMechanism +( + NSSCKFWToken *fwToken, + CK_MECHANISM_TYPE which, + CK_RV *pError +); + +/* + * nssCKFWToken_SetSessionState + * + */ +NSS_EXTERN CK_RV +nssCKFWToken_SetSessionState +( + NSSCKFWToken *fwToken, + CK_STATE newState +); + +/* + * nssCKFWToken_RemoveSession + * + */ +NSS_EXTERN CK_RV +nssCKFWToken_RemoveSession +( + NSSCKFWToken *fwToken, + NSSCKFWSession *fwSession +); + +/* + * nssCKFWToken_CloseAllSessions + * + */ +NSS_EXTERN CK_RV +nssCKFWToken_CloseAllSessions +( + NSSCKFWToken *fwToken +); + +/* + * nssCKFWToken_GetSessionCount + * + */ +NSS_EXTERN CK_ULONG +nssCKFWToken_GetSessionCount +( + NSSCKFWToken *fwToken +); + +/* + * nssCKFWToken_GetRwSessionCount + * + */ +NSS_EXTERN CK_ULONG +nssCKFWToken_GetRwSessionCount +( + NSSCKFWToken *fwToken +); + +/* + * nssCKFWToken_GetRoSessionCount + * + */ +NSS_EXTERN CK_ULONG +nssCKFWToken_GetRoSessionCount +( + NSSCKFWToken *fwToken +); + +/* + * nssCKFWToken_GetSessionObjectHash + * + */ +NSS_EXTERN nssCKFWHash * +nssCKFWToken_GetSessionObjectHash +( + NSSCKFWToken *fwToken +); + +/* + * nssCKFWToken_GetMDObjectHash + * + */ +NSS_EXTERN nssCKFWHash * +nssCKFWToken_GetMDObjectHash +( + NSSCKFWToken *fwToken +); + +/* + * nssCKFWToken_GetObjectHandleHash + * + */ +NSS_EXTERN nssCKFWHash * +nssCKFWToken_GetObjectHandleHash +( + NSSCKFWToken *fwToken +); + +/* + * NSSCKFWMechanism + * + * -- create/destroy -- + * nssCKFWMechanism_Create + * nssCKFWMechanism_Destroy + * + * -- implement public accessors -- + * nssCKFWMechanism_GetMDMechanism + * + * -- private accessors -- + * + * -- module fronts -- + * nssCKFWMechanism_GetMinKeySize + * nssCKFWMechanism_GetMaxKeySize + * nssCKFWMechanism_GetInHardware + * nssCKFWMechanism_GetCanEncrypt + * nssCKFWMechanism_GetCanDecrypt + * nssCKFWMechanism_GetCanDigest + * nssCKFWMechanism_GetCanSignRecover + * nssCKFWMechanism_GetCanVerify + * nssCKFWMechanism_GetCanVerifyRecover + * nssCKFWMechanism_GetCanGenerate + * nssCKFWMechanism_GetCanGenerateKeyPair + * nssCKFWMechanism_GetCanWrap + * nssCKFWMechanism_GetCanUnwrap + * nssCKFWMechanism_GetCanDerive + * nssCKFWMechanism_EncryptInit + * nssCKFWMechanism_DecryptInit + * nssCKFWMechanism_DigestInit + * nssCKFWMechanism_SignInit + * nssCKFWMechanism_SignRecoverInit + * nssCKFWMechanism_VerifyInit + * nssCKFWMechanism_VerifyRecoverInit + * nssCKFWMechanism_GenerateKey + * nssCKFWMechanism_GenerateKeyPair + * nssCKFWMechanism_GetWrapKeyLength + * nssCKFWMechanism_WrapKey + * nssCKFWMechanism_UnwrapKey + * nssCKFWMechanism_DeriveKey + */ + +/* + * nssCKFWMechanism_Create + * + */ +NSS_EXTERN NSSCKFWMechanism * +nssCKFWMechanism_Create +( + NSSCKMDMechanism *mdMechanism, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +); + +/* + * nssCKFWMechanism_Destroy + * + */ +NSS_EXTERN void +nssCKFWMechanism_Destroy +( + NSSCKFWMechanism *fwMechanism +); + +/* + * nssCKFWMechanism_GetMDMechanism + * + */ + +NSS_EXTERN NSSCKMDMechanism * +nssCKFWMechanism_GetMDMechanism +( + NSSCKFWMechanism *fwMechanism +); + +/* + * nssCKFWMechanism_GetMinKeySize + * + */ +NSS_EXTERN CK_ULONG +nssCKFWMechanism_GetMinKeySize +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +); + +/* + * nssCKFWMechanism_GetMaxKeySize + * + */ +NSS_EXTERN CK_ULONG +nssCKFWMechanism_GetMaxKeySize +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +); + +/* + * nssCKFWMechanism_GetInHardware + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWMechanism_GetInHardware +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +); + +/* + * the following are determined automatically by which of the cryptographic + * functions are defined for this mechanism. + */ +/* + * nssCKFWMechanism_GetCanEncrypt + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWMechanism_GetCanEncrypt +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +); + +/* + * nssCKFWMechanism_GetCanDecrypt + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWMechanism_GetCanDecrypt +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +); + +/* + * nssCKFWMechanism_GetCanDigest + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWMechanism_GetCanDigest +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +); + +/* + * nssCKFWMechanism_GetCanSign + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWMechanism_GetCanSign +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +); + +/* + * nssCKFWMechanism_GetCanSignRecover + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWMechanism_GetCanSignRecover +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +); + +/* + * nssCKFWMechanism_GetCanVerify + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWMechanism_GetCanVerify +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +); + +/* + * nssCKFWMechanism_GetCanVerifyRecover + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWMechanism_GetCanVerifyRecover +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +); + +/* + * nssCKFWMechanism_GetCanGenerate + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWMechanism_GetCanGenerate +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +); + +/* + * nssCKFWMechanism_GetCanGenerateKeyPair + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWMechanism_GetCanGenerateKeyPair +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +); + +/* + * nssCKFWMechanism_GetCanWrap + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWMechanism_GetCanWrap +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +); + +/* + * nssCKFWMechanism_GetCanUnwrap + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWMechanism_GetCanUnwrap +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +); + +/* + * nssCKFWMechanism_GetCanDerive + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWMechanism_GetCanDerive +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +); + +/* + * nssCKFWMechanism_EncryptInit + */ +NSS_EXTERN CK_RV +nssCKFWMechanism_EncryptInit +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject +); + +/* + * nssCKFWMechanism_DecryptInit + */ +NSS_EXTERN CK_RV +nssCKFWMechanism_DecryptInit +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject +); + +/* + * nssCKFWMechanism_DigestInit + */ +NSS_EXTERN CK_RV +nssCKFWMechanism_DigestInit +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession +); + +/* + * nssCKFWMechanism_SignInit + */ +NSS_EXTERN CK_RV +nssCKFWMechanism_SignInit +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject +); + +/* + * nssCKFWMechanism_SignRecoverInit + */ +NSS_EXTERN CK_RV +nssCKFWMechanism_SignRecoverInit +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject +); + +/* + * nssCKFWMechanism_VerifyInit + */ +NSS_EXTERN CK_RV +nssCKFWMechanism_VerifyInit +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject +); + +/* + * nssCKFWMechanism_VerifyRecoverInit + */ +NSS_EXTERN CK_RV +nssCKFWMechanism_VerifyRecoverInit +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject +); + +/* + * nssCKFWMechanism_GenerateKey + */ +NSS_EXTERN NSSCKFWObject * +nssCKFWMechanism_GenerateKey +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError +); + +/* + * nssCKFWMechanism_GenerateKeyPair + */ +NSS_EXTERN CK_RV +nssCKFWMechanism_GenerateKeyPair +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pPublicKeyTemplate, + CK_ULONG ulPublicKeyAttributeCount, + CK_ATTRIBUTE_PTR pPrivateKeyTemplate, + CK_ULONG ulPrivateKeyAttributeCount, + NSSCKFWObject **fwPublicKeyObject, + NSSCKFWObject **fwPrivateKeyObject +); + +/* + * nssCKFWMechanism_GetWrapKeyLength + */ +NSS_EXTERN CK_ULONG +nssCKFWMechanism_GetWrapKeyLength +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwWrappingKeyObject, + NSSCKFWObject *fwObject, + CK_RV *pError +); + +/* + * nssCKFWMechanism_WrapKey + */ +NSS_EXTERN CK_RV +nssCKFWMechanism_WrapKey +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwWrappingKeyObject, + NSSCKFWObject *fwObject, + NSSItem *wrappedKey +); + +/* + * nssCKFWMechanism_UnwrapKey + */ +NSS_EXTERN NSSCKFWObject * +nssCKFWMechanism_UnwrapKey +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwWrappingKeyObject, + NSSItem *wrappedKey, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError +); + +/* + * nssCKFWMechanism_DeriveKey + */ +NSS_EXTERN NSSCKFWObject * +nssCKFWMechanism_DeriveKey +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwBaseKeyObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError +); + +/* + * NSSCKFWCryptoOperation + * + * -- create/destroy -- + * nssCKFWCryptoOperation_Create + * nssCKFWCryptoOperation_Destroy + * + * -- implement public accessors -- + * nssCKFWCryptoOperation_GetMDCryptoOperation + * nssCKFWCryptoOperation_GetType + * + * -- private accessors -- + * + * -- module fronts -- + * nssCKFWCryptoOperation_GetFinalLength + * nssCKFWCryptoOperation_GetOperationLength + * nssCKFWCryptoOperation_Final + * nssCKFWCryptoOperation_Update + * nssCKFWCryptoOperation_DigestUpdate + * nssCKFWCryptoOperation_DigestKey + * nssCKFWCryptoOperation_UpdateFinal + */ + +/* + * nssCKFWCrytoOperation_Create + */ +NSS_EXTERN NSSCKFWCryptoOperation * +nssCKFWCryptoOperation_Create +( + NSSCKMDCryptoOperation *mdOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKFWCryptoOperationType type, + CK_RV *pError +); + +/* + * nssCKFWCryptoOperation_Destroy + */ +NSS_EXTERN void +nssCKFWCryptoOperation_Destroy +( + NSSCKFWCryptoOperation *fwOperation +); + +/* + * nssCKFWCryptoOperation_GetMDCryptoOperation + */ +NSS_EXTERN NSSCKMDCryptoOperation * +nssCKFWCryptoOperation_GetMDCryptoOperation +( + NSSCKFWCryptoOperation *fwOperation +); + +/* + * nssCKFWCryptoOperation_GetType + */ +NSS_EXTERN NSSCKFWCryptoOperationType +nssCKFWCryptoOperation_GetType +( + NSSCKFWCryptoOperation *fwOperation +); + +/* + * nssCKFWCryptoOperation_GetFinalLength + */ +NSS_EXTERN CK_ULONG +nssCKFWCryptoOperation_GetFinalLength +( + NSSCKFWCryptoOperation *fwOperation, + CK_RV *pError +); + +/* + * nssCKFWCryptoOperation_GetOperationLength + */ +NSS_EXTERN CK_ULONG +nssCKFWCryptoOperation_GetOperationLength +( + NSSCKFWCryptoOperation *fwOperation, + NSSItem *inputBuffer, + CK_RV *pError +); + +/* + * nssCKFWCryptoOperation_Final + */ +NSS_EXTERN CK_RV +nssCKFWCryptoOperation_Final +( + NSSCKFWCryptoOperation *fwOperation, + NSSItem *outputBuffer +); + +/* + * nssCKFWCryptoOperation_Update + */ +NSS_EXTERN CK_RV +nssCKFWCryptoOperation_Update +( + NSSCKFWCryptoOperation *fwOperation, + NSSItem *inputBuffer, + NSSItem *outputBuffer +); + +/* + * nssCKFWCryptoOperation_DigestUpdate + */ +NSS_EXTERN CK_RV +nssCKFWCryptoOperation_DigestUpdate +( + NSSCKFWCryptoOperation *fwOperation, + NSSItem *inputBuffer +); + +/* + * nssCKFWCryptoOperation_DigestKey + */ +NSS_EXTERN CK_RV +nssCKFWCryptoOperation_DigestKey +( + NSSCKFWCryptoOperation *fwOperation, + NSSCKFWObject *fwKey +); + +/* + * nssCKFWCryptoOperation_UpdateFinal + */ +NSS_EXTERN CK_RV +nssCKFWCryptoOperation_UpdateFinal +( + NSSCKFWCryptoOperation *fwOperation, + NSSItem *inputBuffer, + NSSItem *outputBuffer +); + +/* + * nssCKFWCryptoOperation_UpdateCombo + */ +NSS_EXTERN CK_RV +nssCKFWCryptoOperation_UpdateCombo +( + NSSCKFWCryptoOperation *fwOperation, + NSSCKFWCryptoOperation *fwPeerOperation, + NSSItem *inputBuffer, + NSSItem *outputBuffer +); + +/* + * NSSCKFWSession + * + * -- create/destroy -- + * nssCKFWSession_Create + * nssCKFWSession_Destroy + * + * -- implement public accessors -- + * nssCKFWSession_GetMDSession + * nssCKFWSession_GetArena + * nssCKFWSession_CallNotification + * nssCKFWSession_IsRWSession + * nssCKFWSession_IsSO + * nssCKFWSession_GetCurrentCryptoOperation + * + * -- private accessors -- + * nssCKFWSession_GetFWSlot + * nssCKFWSession_GetSessionState + * nssCKFWSession_SetFWFindObjects + * nssCKFWSession_GetFWFindObjects + * nssCKFWSession_SetMDSession + * nssCKFWSession_SetHandle + * nssCKFWSession_GetHandle + * nssCKFWSession_RegisterSessionObject + * nssCKFWSession_DeregisterSessionObject + * nssCKFWSession_SetCurrentCryptoOperation + * + * -- module fronts -- + * nssCKFWSession_GetDeviceError + * nssCKFWSession_Login + * nssCKFWSession_Logout + * nssCKFWSession_InitPIN + * nssCKFWSession_SetPIN + * nssCKFWSession_GetOperationStateLen + * nssCKFWSession_GetOperationState + * nssCKFWSession_SetOperationState + * nssCKFWSession_CreateObject + * nssCKFWSession_CopyObject + * nssCKFWSession_FindObjectsInit + * nssCKFWSession_SeedRandom + * nssCKFWSession_GetRandom + * nssCKFWSession_Final + * nssCKFWSession_Update + * nssCKFWSession_DigestUpdate + * nssCKFWSession_DigestKey + * nssCKFWSession_UpdateFinal + * nssCKFWSession_UpdateCombo + */ + +/* + * nssCKFWSession_Create + * + */ +NSS_EXTERN NSSCKFWSession * +nssCKFWSession_Create +( + NSSCKFWToken *fwToken, + CK_BBOOL rw, + CK_VOID_PTR pApplication, + CK_NOTIFY Notify, + CK_RV *pError +); + +/* + * nssCKFWSession_Destroy + * + */ +NSS_EXTERN CK_RV +nssCKFWSession_Destroy +( + NSSCKFWSession *fwSession, + CK_BBOOL removeFromTokenHash +); + +/* + * nssCKFWSession_GetMDSession + * + */ +NSS_EXTERN NSSCKMDSession * +nssCKFWSession_GetMDSession +( + NSSCKFWSession *fwSession +); + +/* + * nssCKFWSession_GetArena + * + */ +NSS_EXTERN NSSArena * +nssCKFWSession_GetArena +( + NSSCKFWSession *fwSession, + CK_RV *pError +); + +/* + * nssCKFWSession_CallNotification + * + */ +NSS_EXTERN CK_RV +nssCKFWSession_CallNotification +( + NSSCKFWSession *fwSession, + CK_NOTIFICATION event +); + +/* + * nssCKFWSession_IsRWSession + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWSession_IsRWSession +( + NSSCKFWSession *fwSession +); + +/* + * nssCKFWSession_IsSO + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWSession_IsSO +( + NSSCKFWSession *fwSession +); + +/* + * nssCKFWSession_GetFWSlot + * + */ +NSS_EXTERN NSSCKFWSlot * +nssCKFWSession_GetFWSlot +( + NSSCKFWSession *fwSession +); + +/* + * nssCFKWSession_GetSessionState + * + */ +NSS_EXTERN CK_STATE +nssCKFWSession_GetSessionState +( + NSSCKFWSession *fwSession +); + +/* + * nssCKFWSession_SetFWFindObjects + * + */ +NSS_EXTERN CK_RV +nssCKFWSession_SetFWFindObjects +( + NSSCKFWSession *fwSession, + NSSCKFWFindObjects *fwFindObjects +); + +/* + * nssCKFWSession_GetFWFindObjects + * + */ +NSS_EXTERN NSSCKFWFindObjects * +nssCKFWSession_GetFWFindObjects +( + NSSCKFWSession *fwSesssion, + CK_RV *pError +); + +/* + * nssCKFWSession_SetMDSession + * + */ +NSS_EXTERN CK_RV +nssCKFWSession_SetMDSession +( + NSSCKFWSession *fwSession, + NSSCKMDSession *mdSession +); + +/* + * nssCKFWSession_SetHandle + * + */ +NSS_EXTERN CK_RV +nssCKFWSession_SetHandle +( + NSSCKFWSession *fwSession, + CK_SESSION_HANDLE hSession +); + +/* + * nssCKFWSession_GetHandle + * + */ +NSS_EXTERN CK_SESSION_HANDLE +nssCKFWSession_GetHandle +( + NSSCKFWSession *fwSession +); + +/* + * nssCKFWSession_RegisterSessionObject + * + */ +NSS_EXTERN CK_RV +nssCKFWSession_RegisterSessionObject +( + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject +); + +/* + * nssCKFWSession_DeregisterSessionObject + * + */ +NSS_EXTERN CK_RV +nssCKFWSession_DeregisterSessionObject +( + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject +); + +/* + * nssCKFWSession_GetDeviceError + * + */ +NSS_EXTERN CK_ULONG +nssCKFWSession_GetDeviceError +( + NSSCKFWSession *fwSession +); + +/* + * nssCKFWSession_Login + * + */ +NSS_EXTERN CK_RV +nssCKFWSession_Login +( + NSSCKFWSession *fwSession, + CK_USER_TYPE userType, + NSSItem *pin +); + +/* + * nssCKFWSession_Logout + * + */ +NSS_EXTERN CK_RV +nssCKFWSession_Logout +( + NSSCKFWSession *fwSession +); + +/* + * nssCKFWSession_InitPIN + * + */ +NSS_EXTERN CK_RV +nssCKFWSession_InitPIN +( + NSSCKFWSession *fwSession, + NSSItem *pin +); + +/* + * nssCKFWSession_SetPIN + * + */ +NSS_EXTERN CK_RV +nssCKFWSession_SetPIN +( + NSSCKFWSession *fwSession, + NSSItem *newPin, + NSSItem *oldPin +); + +/* + * nssCKFWSession_GetOperationStateLen + * + */ +NSS_EXTERN CK_ULONG +nssCKFWSession_GetOperationStateLen +( + NSSCKFWSession *fwSession, + CK_RV *pError +); + +/* + * nssCKFWSession_GetOperationState + * + */ +NSS_EXTERN CK_RV +nssCKFWSession_GetOperationState +( + NSSCKFWSession *fwSession, + NSSItem *buffer +); + +/* + * nssCKFWSession_SetOperationState + * + */ +NSS_EXTERN CK_RV +nssCKFWSession_SetOperationState +( + NSSCKFWSession *fwSession, + NSSItem *state, + NSSCKFWObject *encryptionKey, + NSSCKFWObject *authenticationKey +); + +/* + * nssCKFWSession_CreateObject + * + */ +NSS_EXTERN NSSCKFWObject * +nssCKFWSession_CreateObject +( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError +); + +/* + * nssCKFWSession_CopyObject + * + */ +NSS_EXTERN NSSCKFWObject * +nssCKFWSession_CopyObject +( + NSSCKFWSession *fwSession, + NSSCKFWObject *object, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError +); + +/* + * nssCKFWSession_FindObjectsInit + * + */ +NSS_EXTERN NSSCKFWFindObjects * +nssCKFWSession_FindObjectsInit +( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError +); + +/* + * nssCKFWSession_SetCurrentCryptoOperation + */ +NSS_IMPLEMENT void +nssCKFWSession_SetCurrentCryptoOperation +( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperation * fwOperation, + NSSCKFWCryptoOperationState state +); + +/* + * nssCKFWSession_GetCurrentCryptoOperation + */ +NSS_IMPLEMENT NSSCKFWCryptoOperation * +nssCKFWSession_GetCurrentCryptoOperation +( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationState state +); + +/* + * nssCKFWSession_Final + * (terminate a cryptographic operation and get the result) + */ +NSS_IMPLEMENT CK_RV +nssCKFWSession_Final +( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationType type, + NSSCKFWCryptoOperationState state, + CK_BYTE_PTR outBuf, + CK_ULONG_PTR outBufLen +); + +/* + * nssCKFWSession_Update + * (get the next step of an encrypt/decrypt operation) + */ +NSS_IMPLEMENT CK_RV +nssCKFWSession_Update +( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationType type, + NSSCKFWCryptoOperationState state, + CK_BYTE_PTR inBuf, + CK_ULONG inBufLen, + CK_BYTE_PTR outBuf, + CK_ULONG_PTR outBufLen +); + +/* + * nssCKFWSession_DigestUpdate + * (do the next step of an digest/sign/verify operation) + */ +NSS_IMPLEMENT CK_RV +nssCKFWSession_DigestUpdate +( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationType type, + NSSCKFWCryptoOperationState state, + CK_BYTE_PTR inBuf, + CK_ULONG inBufLen +); + +/* + * nssCKFWSession_DigestKey + * (do the next step of an digest/sign/verify operation) + */ +NSS_IMPLEMENT CK_RV +nssCKFWSession_DigestKey +( + NSSCKFWSession *fwSession, + NSSCKFWObject *fwKey +); + +/* + * nssCKFWSession_UpdateFinal + * (do a single-step of a cryptographic operation and get the result) + */ +NSS_IMPLEMENT CK_RV +nssCKFWSession_UpdateFinal +( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationType type, + NSSCKFWCryptoOperationState state, + CK_BYTE_PTR inBuf, + CK_ULONG inBufLen, + CK_BYTE_PTR outBuf, + CK_ULONG_PTR outBufLen +); + +/* + * nssCKFWSession_UpdateCombo + * (do a combination encrypt/decrypt and sign/digest/verify operation) + */ +NSS_IMPLEMENT CK_RV +nssCKFWSession_UpdateCombo +( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationType encryptType, + NSSCKFWCryptoOperationType digestType, + NSSCKFWCryptoOperationState digestState, + CK_BYTE_PTR inBuf, + CK_ULONG inBufLen, + CK_BYTE_PTR outBuf, + CK_ULONG_PTR outBufLen +); + +/* + * nssCKFWSession_SeedRandom + * + */ +NSS_EXTERN CK_RV +nssCKFWSession_SeedRandom +( + NSSCKFWSession *fwSession, + NSSItem *seed +); + +/* + * nssCKFWSession_GetRandom + * + */ +NSS_EXTERN CK_RV +nssCKFWSession_GetRandom +( + NSSCKFWSession *fwSession, + NSSItem *buffer +); + +/* + * NSSCKFWObject + * + * -- create/destroy -- + * nssCKFWObject_Create + * nssCKFWObject_Finalize + * nssCKFWObject_Destroy + * + * -- implement public accessors -- + * nssCKFWObject_GetMDObject + * nssCKFWObject_GetArena + * + * -- private accessors -- + * nssCKFWObject_SetHandle + * nssCKFWObject_GetHandle + * + * -- module fronts -- + * nssCKFWObject_IsTokenObject + * nssCKFWObject_GetAttributeCount + * nssCKFWObject_GetAttributeTypes + * nssCKFWObject_GetAttributeSize + * nssCKFWObject_GetAttribute + * nssCKFWObject_SetAttribute + * nssCKFWObject_GetObjectSize + */ + +/* + * nssCKFWObject_Create + * + */ +NSS_EXTERN NSSCKFWObject * +nssCKFWObject_Create +( + NSSArena *arena, + NSSCKMDObject *mdObject, + NSSCKFWSession *fwSession, + NSSCKFWToken *fwToken, + NSSCKFWInstance *fwInstance, + CK_RV *pError +); + +/* + * nssCKFWObject_Finalize + * + */ +NSS_EXTERN void +nssCKFWObject_Finalize +( + NSSCKFWObject *fwObject, + PRBool removeFromHash +); + +/* + * nssCKFWObject_Destroy + * + */ +NSS_EXTERN void +nssCKFWObject_Destroy +( + NSSCKFWObject *fwObject +); + +/* + * nssCKFWObject_GetMDObject + * + */ +NSS_EXTERN NSSCKMDObject * +nssCKFWObject_GetMDObject +( + NSSCKFWObject *fwObject +); + +/* + * nssCKFWObject_GetArena + * + */ +NSS_EXTERN NSSArena * +nssCKFWObject_GetArena +( + NSSCKFWObject *fwObject, + CK_RV *pError +); + +/* + * nssCKFWObject_SetHandle + * + */ +NSS_EXTERN CK_RV +nssCKFWObject_SetHandle +( + NSSCKFWObject *fwObject, + CK_OBJECT_HANDLE hObject +); + +/* + * nssCKFWObject_GetHandle + * + */ +NSS_EXTERN CK_OBJECT_HANDLE +nssCKFWObject_GetHandle +( + NSSCKFWObject *fwObject +); + +/* + * nssCKFWObject_IsTokenObject + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWObject_IsTokenObject +( + NSSCKFWObject *fwObject +); + +/* + * nssCKFWObject_GetAttributeCount + * + */ +NSS_EXTERN CK_ULONG +nssCKFWObject_GetAttributeCount +( + NSSCKFWObject *fwObject, + CK_RV *pError +); + +/* + * nssCKFWObject_GetAttributeTypes + * + */ +NSS_EXTERN CK_RV +nssCKFWObject_GetAttributeTypes +( + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount +); + +/* + * nssCKFWObject_GetAttributeSize + * + */ +NSS_EXTERN CK_ULONG +nssCKFWObject_GetAttributeSize +( + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError +); + +/* + * nssCKFWObject_GetAttribute + * + * Usual NSS allocation rules: + * If itemOpt is not NULL, it will be returned; otherwise an NSSItem + * will be allocated. If itemOpt is not NULL but itemOpt->data is, + * the buffer will be allocated; otherwise, the buffer will be used. + * Any allocations will come from the optional arena, if one is + * specified. + */ +NSS_EXTERN NSSItem * +nssCKFWObject_GetAttribute +( + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_TYPE attribute, + NSSItem *itemOpt, + NSSArena *arenaOpt, + CK_RV *pError +); + +/* + * nssCKFWObject_SetAttribute + * + */ +NSS_EXTERN CK_RV +nssCKFWObject_SetAttribute +( + NSSCKFWObject *fwObject, + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_TYPE attribute, + NSSItem *value +); + +/* + * nssCKFWObject_GetObjectSize + * + */ +NSS_EXTERN CK_ULONG +nssCKFWObject_GetObjectSize +( + NSSCKFWObject *fwObject, + CK_RV *pError +); + +/* + * NSSCKFWFindObjects + * + * -- create/destroy -- + * nssCKFWFindObjects_Create + * nssCKFWFindObjects_Destroy + * + * -- implement public accessors -- + * nssCKFWFindObjects_GetMDFindObjects + * + * -- private accessors -- + * + * -- module fronts -- + * nssCKFWFindObjects_Next + */ + +/* + * nssCKFWFindObjects_Create + * + */ +NSS_EXTERN NSSCKFWFindObjects * +nssCKFWFindObjects_Create +( + NSSCKFWSession *fwSession, + NSSCKFWToken *fwToken, + NSSCKFWInstance *fwInstance, + NSSCKMDFindObjects *mdFindObjects1, + NSSCKMDFindObjects *mdFindObjects2, + CK_RV *pError +); + +/* + * nssCKFWFindObjects_Destroy + * + */ +NSS_EXTERN void +nssCKFWFindObjects_Destroy +( + NSSCKFWFindObjects *fwFindObjects +); + +/* + * nssCKFWFindObjects_GetMDFindObjects + * + */ +NSS_EXTERN NSSCKMDFindObjects * +nssCKFWFindObjects_GetMDFindObjects +( + NSSCKFWFindObjects *fwFindObjects +); + +/* + * nssCKFWFindObjects_Next + * + */ +NSS_EXTERN NSSCKFWObject * +nssCKFWFindObjects_Next +( + NSSCKFWFindObjects *fwFindObjects, + NSSArena *arenaOpt, + CK_RV *pError +); + +/* + * NSSCKFWMutex + * + * nssCKFWMutex_Create + * nssCKFWMutex_Destroy + * nssCKFWMutex_Lock + * nssCKFWMutex_Unlock + * + */ + +/* + * nssCKFWMutex_Create + * + */ +NSS_EXTERN NSSCKFWMutex * +nssCKFWMutex_Create +( + CK_C_INITIALIZE_ARGS_PTR pInitArgs, + CryptokiLockingState LockingState, + NSSArena *arena, + CK_RV *pError +); + +/* + * nssCKFWMutex_Destroy + * + */ +NSS_EXTERN CK_RV +nssCKFWMutex_Destroy +( + NSSCKFWMutex *mutex +); + +/* + * nssCKFWMutex_Lock + * + */ +NSS_EXTERN CK_RV +nssCKFWMutex_Lock +( + NSSCKFWMutex *mutex +); + +/* + * nssCKFWMutex_Unlock + * + */ +NSS_EXTERN CK_RV +nssCKFWMutex_Unlock +( + NSSCKFWMutex *mutex +); + +#endif /* CKFW_H */ diff --git a/security/nss/lib/ckfw/ckfwm.h b/security/nss/lib/ckfw/ckfwm.h new file mode 100644 index 000000000..542bc390c --- /dev/null +++ b/security/nss/lib/ckfw/ckfwm.h @@ -0,0 +1,164 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifndef CKFWM_H +#define CKFWM_H + +#ifdef DEBUG +static const char CKFWM_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +/* + * ckfwm.h + * + * This file prototypes the module-private calls of the NSS Cryptoki Framework. + */ + +#ifndef NSSBASET_H +#include "nssbaset.h" +#endif /* NSSBASET_H */ + +#ifndef NSSCKT_H +#include "nssckt.h" +#endif /* NSSCKT_H */ + +#ifndef NSSCKFWT_H +#include "nssckfwt.h" +#endif /* NSSCKFWT_H */ + +/* + * nssCKFWHash + * + * nssCKFWHash_Create + * nssCKFWHash_Destroy + * nssCKFWHash_Add + * nssCKFWHash_Remove + * nssCKFWHash_Count + * nssCKFWHash_Exists + * nssCKFWHash_Lookup + * nssCKFWHash_Iterate + */ + +/* + * nssCKFWHash_Create + * + */ +NSS_EXTERN nssCKFWHash * +nssCKFWHash_Create +( + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError +); + +/* + * nssCKFWHash_Destroy + * + */ +NSS_EXTERN void +nssCKFWHash_Destroy +( + nssCKFWHash *hash +); + +/* + * nssCKFWHash_Add + * + */ +NSS_EXTERN CK_RV +nssCKFWHash_Add +( + nssCKFWHash *hash, + const void *key, + const void *value +); + +/* + * nssCKFWHash_Remove + * + */ +NSS_EXTERN void +nssCKFWHash_Remove +( + nssCKFWHash *hash, + const void *it +); + +/* + * nssCKFWHash_Count + * + */ +NSS_EXTERN CK_ULONG +nssCKFWHash_Count +( + nssCKFWHash *hash +); + +/* + * nssCKFWHash_Exists + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWHash_Exists +( + nssCKFWHash *hash, + const void *it +); + +/* + * nssCKFWHash_Lookup + * + */ +NSS_EXTERN void * +nssCKFWHash_Lookup +( + nssCKFWHash *hash, + const void *it +); + +/* + * nssCKFWHash_Iterate + * + */ +NSS_EXTERN void +nssCKFWHash_Iterate +( + nssCKFWHash *hash, + nssCKFWHashIterator fcn, + void *closure +); + +#endif /* CKFWM_H */ diff --git a/security/nss/lib/ckfw/ckfwtm.h b/security/nss/lib/ckfw/ckfwtm.h new file mode 100644 index 000000000..b3eee1edb --- /dev/null +++ b/security/nss/lib/ckfw/ckfwtm.h @@ -0,0 +1,59 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifndef CKFWTM_H +#define CKFWTM_H + +#ifdef DEBUG +static const char CKFWTM_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +/* + * ckfwtm.h + * + * This file declares the module-private types of the NSS Cryptoki Framework. + */ + +#ifndef NSSBASET_H +#include "nssbaset.h" +#endif /* NSSBASET_H */ + +struct nssCKFWHashStr; +typedef struct nssCKFWHashStr nssCKFWHash; + +typedef void (PR_CALLBACK *nssCKFWHashIterator)(const void *key, void *value, void *closure); + +#endif /* CKFWTM_H */ diff --git a/security/nss/lib/ckfw/ckmd.h b/security/nss/lib/ckfw/ckmd.h new file mode 100644 index 000000000..0c6b14311 --- /dev/null +++ b/security/nss/lib/ckfw/ckmd.h @@ -0,0 +1,68 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifndef CKMD_H +#define CKMD_H + +#ifdef DEBUG +static const char CKMD_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +/* + * ckmd.h + * + */ + +NSS_EXTERN NSSCKMDObject * +nssCKMDSessionObject_Create +( + NSSCKFWToken *fwToken, + NSSArena *arena, + CK_ATTRIBUTE_PTR attributes, + CK_ULONG ulCount, + CK_RV *pError +); + +NSS_EXTERN NSSCKMDFindObjects * +nssCKMDFindSessionObjects_Create +( + NSSCKFWToken *fwToken, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_RV *pError +); + +#endif /* CKMD_H */ diff --git a/security/nss/lib/ckfw/ckt.h b/security/nss/lib/ckfw/ckt.h new file mode 100644 index 000000000..f2e631679 --- /dev/null +++ b/security/nss/lib/ckfw/ckt.h @@ -0,0 +1,40 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +/* get back to just one set of PKCS #11 headers. Use the onese that + * are easiest to maintain from the RSA website */ +/* this one is the one that defines NSS specific data */ +#include "pkcs11n.h" diff --git a/security/nss/lib/ckfw/config.mk b/security/nss/lib/ckfw/config.mk new file mode 100644 index 000000000..5202c7103 --- /dev/null +++ b/security/nss/lib/ckfw/config.mk @@ -0,0 +1,58 @@ +# +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is +# Netscape Communications Corporation. +# Portions created by the Initial Developer are Copyright (C) 1994-2000 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** +CONFIG_CVS_ID = "@(#) $RCSfile$ $Revision$ $Date$" + +ifdef BUILD_IDG +DEFINES += -DNSSDEBUG +endif + +# +# Hack to see if everything still builds +# + + +# +# Override TARGETS variable so that only static libraries +# are specifed as dependencies within rules.mk. +# + +TARGETS = $(LIBRARY) +SHARED_LIBRARY = +IMPORT_LIBRARY = +PROGRAM = + + diff --git a/security/nss/lib/ckfw/crypto.c b/security/nss/lib/ckfw/crypto.c new file mode 100644 index 000000000..38b696f54 --- /dev/null +++ b/security/nss/lib/ckfw/crypto.c @@ -0,0 +1,377 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Red Hat, Inc. + * Portions created by the Initial Developer are Copyright (C) 2005 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * Bob Relyea (rrelyea@redhat.com) + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +/* + * crypto.c + * + * This file implements the NSSCKFWCryptoOperation type and methods. + */ + +#ifndef CK_T +#include "ck.h" +#endif /* CK_T */ + +/* + * NSSCKFWCryptoOperation + * + * -- create/destroy -- + * nssCKFWCrytoOperation_Create + * nssCKFWCryptoOperation_Destroy + * + * -- implement public accessors -- + * nssCKFWCryptoOperation_GetMDCryptoOperation + * nssCKFWCryptoOperation_GetType + * + * -- private accessors -- + * + * -- module fronts -- + * nssCKFWCryptoOperation_GetFinalLength + * nssCKFWCryptoOperation_GetOperationLength + * nssCKFWCryptoOperation_Final + * nssCKFWCryptoOperation_Update + * nssCKFWCryptoOperation_DigestUpdate + * nssCKFWCryptoOperation_UpdateFinal + */ + +struct NSSCKFWCryptoOperationStr { + /* NSSArena *arena; */ + NSSCKMDCryptoOperation *mdOperation; + NSSCKMDSession *mdSession; + NSSCKFWSession *fwSession; + NSSCKMDToken *mdToken; + NSSCKFWToken *fwToken; + NSSCKMDInstance *mdInstance; + NSSCKFWInstance *fwInstance; + NSSCKFWCryptoOperationType type; +}; + +/* + * nssCKFWCrytoOperation_Create + */ +NSS_EXTERN NSSCKFWCryptoOperation * +nssCKFWCryptoOperation_Create( + NSSCKMDCryptoOperation *mdOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKFWCryptoOperationType type, + CK_RV *pError +) +{ + NSSCKFWCryptoOperation *fwOperation; + fwOperation = nss_ZNEW(NULL, NSSCKFWCryptoOperation); + if (!fwOperation) { + *pError = CKR_HOST_MEMORY; + return (NSSCKFWCryptoOperation *)NULL; + } + fwOperation->mdOperation = mdOperation; + fwOperation->mdSession = mdSession; + fwOperation->fwSession = fwSession; + fwOperation->mdToken = mdToken; + fwOperation->fwToken = fwToken; + fwOperation->mdInstance = mdInstance; + fwOperation->fwInstance = fwInstance; + fwOperation->type = type; + return fwOperation; +} + +/* + * nssCKFWCryptoOperation_Destroy + */ +NSS_EXTERN void +nssCKFWCryptoOperation_Destroy +( + NSSCKFWCryptoOperation *fwOperation +) +{ + if ((NSSCKMDCryptoOperation *) NULL != fwOperation->mdOperation) { + if (fwOperation->mdOperation->Destroy) { + fwOperation->mdOperation->Destroy( + fwOperation->mdOperation, + fwOperation, + fwOperation->mdInstance, + fwOperation->fwInstance); + } + } + nss_ZFreeIf(fwOperation); +} + +/* + * nssCKFWCryptoOperation_GetMDCryptoOperation + */ +NSS_EXTERN NSSCKMDCryptoOperation * +nssCKFWCryptoOperation_GetMDCryptoOperation +( + NSSCKFWCryptoOperation *fwOperation +) +{ + return fwOperation->mdOperation; +} + +/* + * nssCKFWCryptoOperation_GetType + */ +NSS_EXTERN NSSCKFWCryptoOperationType +nssCKFWCryptoOperation_GetType +( + NSSCKFWCryptoOperation *fwOperation +) +{ + return fwOperation->type; +} + +/* + * nssCKFWCryptoOperation_GetFinalLength + */ +NSS_EXTERN CK_ULONG +nssCKFWCryptoOperation_GetFinalLength +( + NSSCKFWCryptoOperation *fwOperation, + CK_RV *pError +) +{ + if (!fwOperation->mdOperation->GetFinalLength) { + *pError = CKR_FUNCTION_FAILED; + return 0; + } + return fwOperation->mdOperation->GetFinalLength( + fwOperation->mdOperation, + fwOperation, + fwOperation->mdSession, + fwOperation->fwSession, + fwOperation->mdToken, + fwOperation->fwToken, + fwOperation->mdInstance, + fwOperation->fwInstance, + pError); +} + +/* + * nssCKFWCryptoOperation_GetOperationLength + */ +NSS_EXTERN CK_ULONG +nssCKFWCryptoOperation_GetOperationLength +( + NSSCKFWCryptoOperation *fwOperation, + NSSItem *inputBuffer, + CK_RV *pError +) +{ + if (!fwOperation->mdOperation->GetOperationLength) { + *pError = CKR_FUNCTION_FAILED; + return 0; + } + return fwOperation->mdOperation->GetOperationLength( + fwOperation->mdOperation, + fwOperation, + fwOperation->mdSession, + fwOperation->fwSession, + fwOperation->mdToken, + fwOperation->fwToken, + fwOperation->mdInstance, + fwOperation->fwInstance, + inputBuffer, + pError); +} + +/* + * nssCKFWCryptoOperation_Final + */ +NSS_EXTERN CK_RV +nssCKFWCryptoOperation_Final +( + NSSCKFWCryptoOperation *fwOperation, + NSSItem *outputBuffer +) +{ + if (!fwOperation->mdOperation->Final) { + return CKR_FUNCTION_FAILED; + } + return fwOperation->mdOperation->Final( + fwOperation->mdOperation, + fwOperation, + fwOperation->mdSession, + fwOperation->fwSession, + fwOperation->mdToken, + fwOperation->fwToken, + fwOperation->mdInstance, + fwOperation->fwInstance, + outputBuffer); +} + +/* + * nssCKFWCryptoOperation_Update + */ +NSS_EXTERN CK_RV +nssCKFWCryptoOperation_Update +( + NSSCKFWCryptoOperation *fwOperation, + NSSItem *inputBuffer, + NSSItem *outputBuffer +) +{ + if (!fwOperation->mdOperation->Update) { + return CKR_FUNCTION_FAILED; + } + return fwOperation->mdOperation->Update( + fwOperation->mdOperation, + fwOperation, + fwOperation->mdSession, + fwOperation->fwSession, + fwOperation->mdToken, + fwOperation->fwToken, + fwOperation->mdInstance, + fwOperation->fwInstance, + inputBuffer, + outputBuffer); +} + +/* + * nssCKFWCryptoOperation_DigestUpdate + */ +NSS_EXTERN CK_RV +nssCKFWCryptoOperation_DigestUpdate +( + NSSCKFWCryptoOperation *fwOperation, + NSSItem *inputBuffer +) +{ + if (!fwOperation->mdOperation->DigestUpdate) { + return CKR_FUNCTION_FAILED; + } + return fwOperation->mdOperation->DigestUpdate( + fwOperation->mdOperation, + fwOperation, + fwOperation->mdSession, + fwOperation->fwSession, + fwOperation->mdToken, + fwOperation->fwToken, + fwOperation->mdInstance, + fwOperation->fwInstance, + inputBuffer); +} + +/* + * nssCKFWCryptoOperation_DigestKey + */ +NSS_EXTERN CK_RV +nssCKFWCryptoOperation_DigestKey +( + NSSCKFWCryptoOperation *fwOperation, + NSSCKFWObject *fwObject /* Key */ +) +{ + NSSCKMDObject *mdObject; + + if (!fwOperation->mdOperation->DigestKey) { + return CKR_FUNCTION_FAILED; + } + mdObject = nssCKFWObject_GetMDObject(fwObject); + return fwOperation->mdOperation->DigestKey( + fwOperation->mdOperation, + fwOperation, + fwOperation->mdToken, + fwOperation->fwToken, + fwOperation->mdInstance, + fwOperation->fwInstance, + mdObject, + fwObject); +} + +/* + * nssCKFWCryptoOperation_UpdateFinal + */ +NSS_EXTERN CK_RV +nssCKFWCryptoOperation_UpdateFinal +( + NSSCKFWCryptoOperation *fwOperation, + NSSItem *inputBuffer, + NSSItem *outputBuffer +) +{ + if (!fwOperation->mdOperation->UpdateFinal) { + return CKR_FUNCTION_FAILED; + } + return fwOperation->mdOperation->UpdateFinal( + fwOperation->mdOperation, + fwOperation, + fwOperation->mdSession, + fwOperation->fwSession, + fwOperation->mdToken, + fwOperation->fwToken, + fwOperation->mdInstance, + fwOperation->fwInstance, + inputBuffer, + outputBuffer); +} + +/* + * nssCKFWCryptoOperation_UpdateCombo + */ +NSS_EXTERN CK_RV +nssCKFWCryptoOperation_UpdateCombo +( + NSSCKFWCryptoOperation *fwOperation, + NSSCKFWCryptoOperation *fwPeerOperation, + NSSItem *inputBuffer, + NSSItem *outputBuffer +) +{ + if (!fwOperation->mdOperation->UpdateCombo) { + return CKR_FUNCTION_FAILED; + } + return fwOperation->mdOperation->UpdateCombo( + fwOperation->mdOperation, + fwOperation, + fwPeerOperation->mdOperation, + fwPeerOperation, + fwOperation->mdSession, + fwOperation->fwSession, + fwOperation->mdToken, + fwOperation->fwToken, + fwOperation->mdInstance, + fwOperation->fwInstance, + inputBuffer, + outputBuffer); +} diff --git a/security/nss/lib/ckfw/dbm/Makefile b/security/nss/lib/ckfw/dbm/Makefile new file mode 100644 index 000000000..0df6bf84e --- /dev/null +++ b/security/nss/lib/ckfw/dbm/Makefile @@ -0,0 +1,42 @@ +# +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is +# Netscape Communications Corporation. +# Portions created by the Initial Developer are Copyright (C) 1994-2000 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** +MAKEFILE_CVS_ID = "@(#) $RCSfile$ $Revision$ $Date$" + +include manifest.mn +include config.mk +include $(CORE_DEPTH)/coreconf/config.mk +include $(CORE_DEPTH)/coreconf/rules.mk diff --git a/security/nss/lib/ckfw/dbm/anchor.c b/security/nss/lib/ckfw/dbm/anchor.c new file mode 100644 index 000000000..26f5a3fc6 --- /dev/null +++ b/security/nss/lib/ckfw/dbm/anchor.c @@ -0,0 +1,53 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +/* + * dbm/anchor.c + * + * This file "anchors" the actual cryptoki entry points in this module's + * shared library, which is required for dynamic loading. See the + * comments in nssck.api for more information. + */ + +#include "ckdbm.h" + +#define MODULE_NAME dbm +#define INSTANCE_NAME (NSSCKMDInstance *)&nss_dbm_mdInstance +#include "nssck.api" diff --git a/security/nss/lib/ckfw/dbm/ckdbm.h b/security/nss/lib/ckfw/dbm/ckdbm.h new file mode 100644 index 000000000..d0b723c14 --- /dev/null +++ b/security/nss/lib/ckfw/dbm/ckdbm.h @@ -0,0 +1,284 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef DEBUG +static const char CKDBM_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +#ifndef CKDBM_H +#define CKDBM_H + +#include "nssckmdt.h" +#include "nssckfw.h" + +/* + * I'm including this for access to the arena functions. + * Looks like we should publish that API. + */ +#ifndef BASE_H +#include "base.h" +#endif /* BASE_H */ + +/* + * This is where the Netscape extensions live, at least for now. + */ +#ifndef CKT_H +#include "ckt.h" +#endif /* CKT_H */ + +#include "mcom_db.h" + +NSS_EXTERN_DATA NSSCKMDInstance nss_dbm_mdInstance; + +typedef struct nss_dbm_db_struct nss_dbm_db_t; +struct nss_dbm_db_struct { + DB *db; + NSSCKFWMutex *crustylock; +}; + +typedef struct nss_dbm_dbt_struct nss_dbm_dbt_t; +struct nss_dbm_dbt_struct { + DBT dbt; + nss_dbm_db_t *my_db; +}; + +typedef struct nss_dbm_instance_struct nss_dbm_instance_t; +struct nss_dbm_instance_struct { + NSSArena *arena; + CK_ULONG nSlots; + char **filenames; + int *flags; /* e.g. O_RDONLY, O_RDWR */ +}; + +typedef struct nss_dbm_slot_struct nss_dbm_slot_t; +struct nss_dbm_slot_struct { + nss_dbm_instance_t *instance; + char *filename; + int flags; + nss_dbm_db_t *token_db; +}; + +typedef struct nss_dbm_token_struct nss_dbm_token_t; +struct nss_dbm_token_struct { + NSSArena *arena; + nss_dbm_slot_t *slot; + nss_dbm_db_t *session_db; + NSSUTF8 *label; +}; + +struct nss_dbm_dbt_node { + struct nss_dbm_dbt_node *next; + nss_dbm_dbt_t *dbt; +}; + +typedef struct nss_dbm_session_struct nss_dbm_session_t; +struct nss_dbm_session_struct { + NSSArena *arena; + nss_dbm_token_t *token; + CK_ULONG deviceError; + struct nss_dbm_dbt_node *session_objects; + NSSCKFWMutex *list_lock; +}; + +typedef struct nss_dbm_object_struct nss_dbm_object_t; +struct nss_dbm_object_struct { + NSSArena *arena; /* token or session */ + nss_dbm_dbt_t *handle; +}; + +typedef struct nss_dbm_find_struct nss_dbm_find_t; +struct nss_dbm_find_struct { + NSSArena *arena; + struct nss_dbm_dbt_node *found; + NSSCKFWMutex *list_lock; +}; + +NSS_EXTERN NSSCKMDSlot * +nss_dbm_mdSlot_factory +( + nss_dbm_instance_t *instance, + char *filename, + int flags, + CK_RV *pError +); + +NSS_EXTERN NSSCKMDToken * +nss_dbm_mdToken_factory +( + nss_dbm_slot_t *slot, + CK_RV *pError +); + +NSS_EXTERN NSSCKMDSession * +nss_dbm_mdSession_factory +( + nss_dbm_token_t *token, + NSSCKFWSession *fwSession, + NSSCKFWInstance *fwInstance, + CK_BBOOL rw, + CK_RV *pError +); + +NSS_EXTERN NSSCKMDObject * +nss_dbm_mdObject_factory +( + nss_dbm_object_t *object, + CK_RV *pError +); + +NSS_EXTERN NSSCKMDFindObjects * +nss_dbm_mdFindObjects_factory +( + nss_dbm_find_t *find, + CK_RV *pError +); + +NSS_EXTERN nss_dbm_db_t * +nss_dbm_db_open +( + NSSArena *arena, + NSSCKFWInstance *fwInstance, + char *filename, + int flags, + CK_RV *pError +); + +NSS_EXTERN void +nss_dbm_db_close +( + nss_dbm_db_t *db +); + +NSS_EXTERN CK_VERSION +nss_dbm_db_get_format_version +( + nss_dbm_db_t *db +); + +NSS_EXTERN CK_RV +nss_dbm_db_set_label +( + nss_dbm_db_t *db, + NSSUTF8 *label +); + +NSS_EXTERN NSSUTF8 * +nss_dbm_db_get_label +( + nss_dbm_db_t *db, + NSSArena *arena, + CK_RV *pError +); + +NSS_EXTERN CK_RV +nss_dbm_db_delete_object +( + nss_dbm_dbt_t *dbt +); + +NSS_EXTERN nss_dbm_dbt_t * +nss_dbm_db_create_object +( + NSSArena *arena, + nss_dbm_db_t *db, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError, + CK_ULONG *pdbrv +); + +NSS_EXTERN CK_RV +nss_dbm_db_find_objects +( + nss_dbm_find_t *find, + nss_dbm_db_t *db, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_ULONG *pdbrv +); + +NSS_EXTERN CK_BBOOL +nss_dbm_db_object_still_exists +( + nss_dbm_dbt_t *dbt +); + +NSS_EXTERN CK_ULONG +nss_dbm_db_get_object_attribute_count +( + nss_dbm_dbt_t *dbt, + CK_RV *pError, + CK_ULONG *pdbrv +); + +NSS_EXTERN CK_RV +nss_dbm_db_get_object_attribute_types +( + nss_dbm_dbt_t *dbt, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount, + CK_ULONG *pdbrv +); + +NSS_EXTERN CK_ULONG +nss_dbm_db_get_object_attribute_size +( + nss_dbm_dbt_t *dbt, + CK_ATTRIBUTE_TYPE type, + CK_RV *pError, + CK_ULONG *pdbrv +); + +NSS_EXTERN NSSItem * +nss_dbm_db_get_object_attribute +( + nss_dbm_dbt_t *dbt, + NSSArena *arena, + CK_ATTRIBUTE_TYPE type, + CK_RV *pError, + CK_ULONG *pdbrv +); + +NSS_EXTERN CK_RV +nss_dbm_db_set_object_attribute +( + nss_dbm_dbt_t *dbt, + CK_ATTRIBUTE_TYPE type, + NSSItem *value, + CK_ULONG *pdbrv +); + +#endif /* CKDBM_H */ diff --git a/security/nss/lib/ckfw/dbm/config.mk b/security/nss/lib/ckfw/dbm/config.mk new file mode 100644 index 000000000..a885d8663 --- /dev/null +++ b/security/nss/lib/ckfw/dbm/config.mk @@ -0,0 +1,41 @@ +# +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is +# Netscape Communications Corporation. +# Portions created by the Initial Developer are Copyright (C) 1994-2000 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** +CONFIG_CVS_ID = "@(#) $RCSfile$ $Revision$ $Date$" + +ifdef BUILD_IDG +DEFINES += -DNSSDEBUG +endif diff --git a/security/nss/lib/ckfw/dbm/db.c b/security/nss/lib/ckfw/dbm/db.c new file mode 100644 index 000000000..6abdce6af --- /dev/null +++ b/security/nss/lib/ckfw/dbm/db.c @@ -0,0 +1,1068 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +#include "ckdbm.h" + +#define PREFIX_METADATA "0000" +#define PREFIX_OBJECT "0001" +#define PREFIX_INDEX "0002" + +static CK_VERSION nss_dbm_db_format_version = { 1, 0 }; +struct handle { + char prefix[4]; + CK_ULONG id; +}; + +NSS_IMPLEMENT nss_dbm_db_t * +nss_dbm_db_open +( + NSSArena *arena, + NSSCKFWInstance *fwInstance, + char *filename, + int flags, + CK_RV *pError +) +{ + nss_dbm_db_t *rv; + CK_VERSION db_version; + + rv = nss_ZNEW(arena, nss_dbm_db_t); + if( (nss_dbm_db_t *)NULL == rv ) { + *pError = CKR_HOST_MEMORY; + return (nss_dbm_db_t *)NULL; + } + + rv->db = dbopen(filename, flags, 0600, DB_HASH, (const void *)NULL); + if( (DB *)NULL == rv->db ) { + *pError = CKR_TOKEN_NOT_PRESENT; + return (nss_dbm_db_t *)NULL; + } + + rv->crustylock = NSSCKFWInstance_CreateMutex(fwInstance, arena, pError); + if( (NSSCKFWMutex *)NULL == rv->crustylock ) { + return (nss_dbm_db_t *)NULL; + } + + db_version = nss_dbm_db_get_format_version(rv); + if( db_version.major != nss_dbm_db_format_version.major ) { + nss_dbm_db_close(rv); + *pError = CKR_TOKEN_NOT_RECOGNIZED; + return (nss_dbm_db_t *)NULL; + } + + return rv; +} + +NSS_IMPLEMENT void +nss_dbm_db_close +( + nss_dbm_db_t *db +) +{ + if( (NSSCKFWMutex *)NULL != db->crustylock ) { + (void)NSSCKFWMutex_Destroy(db->crustylock); + } + + if( (DB *)NULL != db->db ) { + (void)db->db->close(db->db); + } + + nss_ZFreeIf(db); +} + +NSS_IMPLEMENT CK_VERSION +nss_dbm_db_get_format_version +( + nss_dbm_db_t *db +) +{ + CK_VERSION rv; + DBT k, v; + int dbrv; + char buffer[64]; + + rv.major = rv.minor = 0; + + k.data = PREFIX_METADATA "FormatVersion"; + k.size = nssUTF8_Size((NSSUTF8 *)k.data, (PRStatus *)NULL); + (void)memset(&v, 0, sizeof(v)); + + /* Locked region */ + { + if( CKR_OK != NSSCKFWMutex_Lock(db->crustylock) ) { + return rv; + } + + dbrv = db->db->get(db->db, &k, &v, 0); + if( dbrv == 0 ) { + CK_ULONG major = 0, minor = 0; + (void)PR_sscanf(v.data, "%ld.%ld", &major, &minor); + rv.major = major; + rv.minor = minor; + } else if( dbrv > 0 ) { + (void)PR_snprintf(buffer, sizeof(buffer), "%ld.%ld", nss_dbm_db_format_version.major, + nss_dbm_db_format_version.minor); + v.data = buffer; + v.size = nssUTF8_Size((NSSUTF8 *)v.data, (PRStatus *)NULL); + dbrv = db->db->put(db->db, &k, &v, 0); + (void)db->db->sync(db->db, 0); + rv = nss_dbm_db_format_version; + } else { + /* No error return.. */ + ; + } + + (void)NSSCKFWMutex_Unlock(db->crustylock); + } + + return rv; +} + +NSS_IMPLEMENT CK_RV +nss_dbm_db_set_label +( + nss_dbm_db_t *db, + NSSUTF8 *label +) +{ + CK_RV rv; + DBT k, v; + int dbrv; + + k.data = PREFIX_METADATA "Label"; + k.size = nssUTF8_Size((NSSUTF8 *)k.data, (PRStatus *)NULL); + v.data = label; + v.size = nssUTF8_Size((NSSUTF8 *)v.data, (PRStatus *)NULL); + + /* Locked region */ + { + if( CKR_OK != NSSCKFWMutex_Lock(db->crustylock) ) { + return rv; + } + + dbrv = db->db->put(db->db, &k, &v, 0); + if( 0 != dbrv ) { + rv = CKR_DEVICE_ERROR; + } + + dbrv = db->db->sync(db->db, 0); + if( 0 != dbrv ) { + rv = CKR_DEVICE_ERROR; + } + + (void)NSSCKFWMutex_Unlock(db->crustylock); + } + + return rv; +} + +NSS_IMPLEMENT NSSUTF8 * +nss_dbm_db_get_label +( + nss_dbm_db_t *db, + NSSArena *arena, + CK_RV *pError +) +{ + NSSUTF8 *rv = (NSSUTF8 *)NULL; + DBT k, v; + int dbrv; + + k.data = PREFIX_METADATA "Label"; + k.size = nssUTF8_Size((NSSUTF8 *)k.data, (PRStatus *)NULL); + + /* Locked region */ + { + if( CKR_OK != NSSCKFWMutex_Lock(db->crustylock) ) { + return rv; + } + + dbrv = db->db->get(db->db, &k, &v, 0); + if( 0 == dbrv ) { + rv = nssUTF8_Duplicate((NSSUTF8 *)v.data, arena); + if( (NSSUTF8 *)NULL == rv ) { + *pError = CKR_HOST_MEMORY; + } + } else if( dbrv > 0 ) { + /* Just return null */ + ; + } else { + *pError = CKR_DEVICE_ERROR; + ; + } + + + (void)NSSCKFWMutex_Unlock(db->crustylock); + } + + return rv; +} + +NSS_IMPLEMENT CK_RV +nss_dbm_db_delete_object +( + nss_dbm_dbt_t *dbt +) +{ + CK_RV rv; + int dbrv; + + /* Locked region */ + { + rv = NSSCKFWMutex_Lock(dbt->my_db->crustylock); + if( CKR_OK != rv ) { + return rv; + } + + dbrv = dbt->my_db->db->del(dbt->my_db->db, &dbt->dbt, 0); + if( 0 != dbrv ) { + rv = CKR_DEVICE_ERROR; + goto done; + } + + dbrv = dbt->my_db->db->sync(dbt->my_db->db, 0); + if( 0 != dbrv ) { + rv = CKR_DEVICE_ERROR; + goto done; + } + + done: + (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock); + } + + return rv; +} + +static CK_ULONG +nss_dbm_db_new_handle +( + nss_dbm_db_t *db, + DBT *dbt, /* pre-allocated */ + CK_RV *pError +) +{ + CK_ULONG rv; + DBT k, v; + CK_ULONG align = 0, id, myid; + struct handle *hp; + + if( sizeof(struct handle) != dbt->size ) { + return EINVAL; + } + + /* Locked region */ + { + *pError = NSSCKFWMutex_Lock(db->crustylock); + if( CKR_OK != *pError ) { + return EINVAL; + } + + k.data = PREFIX_METADATA "LastID"; + k.size = nssUTF8_Size((NSSUTF8 *)k.data, (PRStatus *)NULL); + (void)memset(&v, 0, sizeof(v)); + + rv = db->db->get(db->db, &k, &v, 0); + if( 0 == rv ) { + (void)memcpy(&align, v.data, sizeof(CK_ULONG)); + id = ntohl(align); + } else if( rv > 0 ) { + id = 0; + } else { + goto done; + } + + myid = id; + id++; + align = htonl(id); + v.data = &align; + v.size = sizeof(CK_ULONG); + + rv = db->db->put(db->db, &k, &v, 0); + if( 0 != rv ) { + goto done; + } + + rv = db->db->sync(db->db, 0); + if( 0 != rv ) { + goto done; + } + + done: + (void)NSSCKFWMutex_Unlock(db->crustylock); + } + + if( 0 != rv ) { + return rv; + } + + hp = (struct handle *)dbt->data; + (void)memcpy(&hp->prefix[0], PREFIX_OBJECT, 4); + hp->id = myid; + + return 0; +} + +/* + * This attribute-type-dependent swapping should probably + * be in the Framework, because it'll be a concern of just + * about every Module. Of course any Framework implementation + * will have to be augmentable or overridable by a Module. + */ + +enum swap_type { type_byte, type_short, type_long, type_opaque }; + +static enum swap_type +nss_dbm_db_swap_type +( + CK_ATTRIBUTE_TYPE type +) +{ + switch( type ) { + case CKA_CLASS: return type_long; + case CKA_TOKEN: return type_byte; + case CKA_PRIVATE: return type_byte; + case CKA_LABEL: return type_opaque; + case CKA_APPLICATION: return type_opaque; + case CKA_VALUE: return type_opaque; + case CKA_CERTIFICATE_TYPE: return type_long; + case CKA_ISSUER: return type_opaque; + case CKA_SERIAL_NUMBER: return type_opaque; + case CKA_KEY_TYPE: return type_long; + case CKA_SUBJECT: return type_opaque; + case CKA_ID: return type_opaque; + case CKA_SENSITIVE: return type_byte; + case CKA_ENCRYPT: return type_byte; + case CKA_DECRYPT: return type_byte; + case CKA_WRAP: return type_byte; + case CKA_UNWRAP: return type_byte; + case CKA_SIGN: return type_byte; + case CKA_SIGN_RECOVER: return type_byte; + case CKA_VERIFY: return type_byte; + case CKA_VERIFY_RECOVER: return type_byte; + case CKA_DERIVE: return type_byte; + case CKA_START_DATE: return type_opaque; + case CKA_END_DATE: return type_opaque; + case CKA_MODULUS: return type_opaque; + case CKA_MODULUS_BITS: return type_long; + case CKA_PUBLIC_EXPONENT: return type_opaque; + case CKA_PRIVATE_EXPONENT: return type_opaque; + case CKA_PRIME_1: return type_opaque; + case CKA_PRIME_2: return type_opaque; + case CKA_EXPONENT_1: return type_opaque; + case CKA_EXPONENT_2: return type_opaque; + case CKA_COEFFICIENT: return type_opaque; + case CKA_PRIME: return type_opaque; + case CKA_SUBPRIME: return type_opaque; + case CKA_BASE: return type_opaque; + case CKA_VALUE_BITS: return type_long; + case CKA_VALUE_LEN: return type_long; + case CKA_EXTRACTABLE: return type_byte; + case CKA_LOCAL: return type_byte; + case CKA_NEVER_EXTRACTABLE: return type_byte; + case CKA_ALWAYS_SENSITIVE: return type_byte; + case CKA_MODIFIABLE: return type_byte; + case CKA_NETSCAPE_URL: return type_opaque; + case CKA_NETSCAPE_EMAIL: return type_opaque; + case CKA_NETSCAPE_SMIME_INFO: return type_opaque; + case CKA_NETSCAPE_SMIME_TIMESTAMP: return type_opaque; + case CKA_NETSCAPE_PKCS8_SALT: return type_opaque; + case CKA_NETSCAPE_PASSWORD_CHECK: return type_opaque; + case CKA_NETSCAPE_EXPIRES: return type_opaque; + case CKA_TRUST_DIGITAL_SIGNATURE: return type_long; + case CKA_TRUST_NON_REPUDIATION: return type_long; + case CKA_TRUST_KEY_ENCIPHERMENT: return type_long; + case CKA_TRUST_DATA_ENCIPHERMENT: return type_long; + case CKA_TRUST_KEY_AGREEMENT: return type_long; + case CKA_TRUST_KEY_CERT_SIGN: return type_long; + case CKA_TRUST_CRL_SIGN: return type_long; + case CKA_TRUST_SERVER_AUTH: return type_long; + case CKA_TRUST_CLIENT_AUTH: return type_long; + case CKA_TRUST_CODE_SIGNING: return type_long; + case CKA_TRUST_EMAIL_PROTECTION: return type_long; + case CKA_TRUST_IPSEC_END_SYSTEM: return type_long; + case CKA_TRUST_IPSEC_TUNNEL: return type_long; + case CKA_TRUST_IPSEC_USER: return type_long; + case CKA_TRUST_TIME_STAMPING: return type_long; + case CKA_NETSCAPE_DB: return type_opaque; + case CKA_NETSCAPE_TRUST: return type_opaque; + default: return type_opaque; + } +} + +static void +nss_dbm_db_swap_copy +( + CK_ATTRIBUTE_TYPE type, + void *dest, + void *src, + CK_ULONG len +) +{ + switch( nss_dbm_db_swap_type(type) ) { + case type_byte: + case type_opaque: + (void)memcpy(dest, src, len); + break; + case type_short: + { + CK_USHORT s, d; + (void)memcpy(&s, src, sizeof(CK_USHORT)); + d = htons(s); + (void)memcpy(dest, &d, sizeof(CK_USHORT)); + break; + } + case type_long: + { + CK_ULONG s, d; + (void)memcpy(&s, src, sizeof(CK_ULONG)); + d = htonl(s); + (void)memcpy(dest, &d, sizeof(CK_ULONG)); + break; + } + } +} + +static CK_RV +nss_dbm_db_wrap_object +( + NSSArena *arena, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + DBT *object +) +{ + CK_ULONG object_size; + CK_ULONG i; + CK_ULONG *pulData; + char *pcData; + CK_ULONG offset; + + object_size = (1 + ulAttributeCount*3) * sizeof(CK_ULONG); + offset = object_size; + for( i = 0; i < ulAttributeCount; i++ ) { + object_size += pTemplate[i].ulValueLen; + } + + object->size = object_size; + object->data = nss_ZAlloc(arena, object_size); + if( (void *)NULL == object->data ) { + return CKR_HOST_MEMORY; + } + + pulData = (CK_ULONG *)object->data; + pcData = (char *)object->data; + + pulData[0] = htonl(ulAttributeCount); + for( i = 0; i < ulAttributeCount; i++ ) { + CK_ULONG len = pTemplate[i].ulValueLen; + pulData[1 + i*3] = htonl(pTemplate[i].type); + pulData[2 + i*3] = htonl(len); + pulData[3 + i*3] = htonl(offset); + nss_dbm_db_swap_copy(pTemplate[i].type, &pcData[offset], pTemplate[i].pValue, len); + offset += len; + } + + return CKR_OK; +} + +static CK_RV +nss_dbm_db_unwrap_object +( + NSSArena *arena, + DBT *object, + CK_ATTRIBUTE_PTR *ppTemplate, + CK_ULONG *pulAttributeCount +) +{ + CK_ULONG *pulData; + char *pcData; + CK_ULONG n, i; + CK_ATTRIBUTE_PTR pTemplate; + + pulData = (CK_ULONG *)object->data; + pcData = (char *)object->data; + + n = ntohl(pulData[0]); + *pulAttributeCount = n; + pTemplate = nss_ZNEWARRAY(arena, CK_ATTRIBUTE, n); + if( (CK_ATTRIBUTE_PTR)NULL == pTemplate ) { + return CKR_HOST_MEMORY; + } + + for( i = 0; i < n; i++ ) { + CK_ULONG len; + CK_ULONG offset; + void *p; + + pTemplate[i].type = ntohl(pulData[1 + i*3]); + len = ntohl(pulData[2 + i*3]); + offset = ntohl(pulData[3 + i*3]); + + p = nss_ZAlloc(arena, len); + if( (void *)NULL == p ) { + return CKR_HOST_MEMORY; + } + + nss_dbm_db_swap_copy(pTemplate[i].type, p, &pcData[offset], len); + pTemplate[i].ulValueLen = len; + pTemplate[i].pValue = p; + } + + *ppTemplate = pTemplate; + return CKR_OK; +} + + +NSS_IMPLEMENT nss_dbm_dbt_t * +nss_dbm_db_create_object +( + NSSArena *arena, + nss_dbm_db_t *db, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError, + CK_ULONG *pdbrv +) +{ + NSSArena *tmparena = (NSSArena *)NULL; + nss_dbm_dbt_t *rv = (nss_dbm_dbt_t *)NULL; + DBT object; + + rv = nss_ZNEW(arena, nss_dbm_dbt_t); + if( (nss_dbm_dbt_t *)NULL == rv ) { + *pError = CKR_HOST_MEMORY; + return (nss_dbm_dbt_t *)NULL; + } + + rv->my_db = db; + rv->dbt.size = sizeof(struct handle); + rv->dbt.data = nss_ZAlloc(arena, rv->dbt.size); + if( (void *)NULL == rv->dbt.data ) { + *pError = CKR_HOST_MEMORY; + return (nss_dbm_dbt_t *)NULL; + } + + *pdbrv = nss_dbm_db_new_handle(db, &rv->dbt, pError); + if( 0 != *pdbrv ) { + return (nss_dbm_dbt_t *)NULL; + } + + tmparena = NSSArena_Create(); + if( (NSSArena *)NULL == tmparena ) { + *pError = CKR_HOST_MEMORY; + return (nss_dbm_dbt_t *)NULL; + } + + *pError = nss_dbm_db_wrap_object(tmparena, pTemplate, ulAttributeCount, &object); + if( CKR_OK != *pError ) { + return (nss_dbm_dbt_t *)NULL; + } + + /* Locked region */ + { + *pError = NSSCKFWMutex_Lock(db->crustylock); + if( CKR_OK != *pError ) { + goto loser; + } + + *pdbrv = db->db->put(db->db, &rv->dbt, &object, 0); + if( 0 != *pdbrv ) { + *pError = CKR_DEVICE_ERROR; + } + + (void)db->db->sync(db->db, 0); + + (void)NSSCKFWMutex_Unlock(db->crustylock); + } + + loser: + if( (NSSArena *)NULL != tmparena ) { + (void)NSSArena_Destroy(tmparena); + } + + return rv; +} + + +NSS_IMPLEMENT CK_RV +nss_dbm_db_find_objects +( + nss_dbm_find_t *find, + nss_dbm_db_t *db, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_ULONG *pdbrv +) +{ + CK_RV rv = CKR_OK; + + if( (nss_dbm_db_t *)NULL != db ) { + DBT k, v; + + rv = NSSCKFWMutex_Lock(db->crustylock); + if( CKR_OK != rv ) { + return rv; + } + + *pdbrv = db->db->seq(db->db, &k, &v, R_FIRST); + while( 0 == *pdbrv ) { + CK_ULONG i, j; + NSSArena *tmparena = (NSSArena *)NULL; + CK_ULONG ulac; + CK_ATTRIBUTE_PTR pt; + + if( (k.size < 4) || (0 != memcmp(k.data, PREFIX_OBJECT, 4)) ) { + goto nomatch; + } + + tmparena = NSSArena_Create(); + + rv = nss_dbm_db_unwrap_object(tmparena, &v, &pt, &ulac); + if( CKR_OK != rv ) { + goto loser; + } + + for( i = 0; i < ulAttributeCount; i++ ) { + for( j = 0; j < ulac; j++ ) { + if( pTemplate[i].type == pt[j].type ) { + if( pTemplate[i].ulValueLen != pt[j].ulValueLen ) { + goto nomatch; + } + if( 0 != memcmp(pTemplate[i].pValue, pt[j].pValue, pt[j].ulValueLen) ) { + goto nomatch; + } + break; + } + } + if( j == ulac ) { + goto nomatch; + } + } + + /* entire template matches */ + { + struct nss_dbm_dbt_node *node; + + node = nss_ZNEW(find->arena, struct nss_dbm_dbt_node); + if( (struct nss_dbm_dbt_node *)NULL == node ) { + rv = CKR_HOST_MEMORY; + goto loser; + } + + node->dbt = nss_ZNEW(find->arena, nss_dbm_dbt_t); + if( (nss_dbm_dbt_t *)NULL == node->dbt ) { + rv = CKR_HOST_MEMORY; + goto loser; + } + + node->dbt->dbt.size = k.size; + node->dbt->dbt.data = nss_ZAlloc(find->arena, k.size); + if( (void *)NULL == node->dbt->dbt.data ) { + rv = CKR_HOST_MEMORY; + goto loser; + } + + (void)memcpy(node->dbt->dbt.data, k.data, k.size); + + node->dbt->my_db = db; + + node->next = find->found; + find->found = node; + } + + nomatch: + if( (NSSArena *)NULL != tmparena ) { + (void)NSSArena_Destroy(tmparena); + } + *pdbrv = db->db->seq(db->db, &k, &v, R_NEXT); + } + + if( *pdbrv < 0 ) { + rv = CKR_DEVICE_ERROR; + goto loser; + } + + rv = CKR_OK; + + loser: + (void)NSSCKFWMutex_Unlock(db->crustylock); + } + + return rv; +} + +NSS_IMPLEMENT CK_BBOOL +nss_dbm_db_object_still_exists +( + nss_dbm_dbt_t *dbt +) +{ + CK_BBOOL rv; + CK_RV ckrv; + int dbrv; + DBT object; + + ckrv = NSSCKFWMutex_Lock(dbt->my_db->crustylock); + if( CKR_OK != ckrv ) { + return CK_FALSE; + } + + dbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0); + if( 0 == dbrv ) { + rv = CK_TRUE; + } else { + rv = CK_FALSE; + } + + (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock); + + return rv; +} + +NSS_IMPLEMENT CK_ULONG +nss_dbm_db_get_object_attribute_count +( + nss_dbm_dbt_t *dbt, + CK_RV *pError, + CK_ULONG *pdbrv +) +{ + CK_ULONG rv = 0; + DBT object; + CK_ULONG *pulData; + + /* Locked region */ + { + *pError = NSSCKFWMutex_Lock(dbt->my_db->crustylock); + if( CKR_OK != *pError ) { + return rv; + } + + *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0); + if( 0 == *pdbrv ) { + ; + } else if( *pdbrv > 0 ) { + *pError = CKR_OBJECT_HANDLE_INVALID; + goto done; + } else { + *pError = CKR_DEVICE_ERROR; + goto done; + } + + pulData = (CK_ULONG *)object.data; + rv = ntohl(pulData[0]); + + done: + (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock); + } + + return rv; +} + +NSS_IMPLEMENT CK_RV +nss_dbm_db_get_object_attribute_types +( + nss_dbm_dbt_t *dbt, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount, + CK_ULONG *pdbrv +) +{ + CK_RV rv = CKR_OK; + DBT object; + CK_ULONG *pulData; + CK_ULONG n, i; + + /* Locked region */ + { + rv = NSSCKFWMutex_Lock(dbt->my_db->crustylock); + if( CKR_OK != rv ) { + return rv; + } + + *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0); + if( 0 == *pdbrv ) { + ; + } else if( *pdbrv > 0 ) { + rv = CKR_OBJECT_HANDLE_INVALID; + goto done; + } else { + rv = CKR_DEVICE_ERROR; + goto done; + } + + pulData = (CK_ULONG *)object.data; + n = ntohl(pulData[0]); + + if( ulCount < n ) { + rv = CKR_BUFFER_TOO_SMALL; + goto done; + } + + for( i = 0; i < n; i++ ) { + typeArray[i] = ntohl(pulData[1 + i*3]); + } + + done: + (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock); + } + + return rv; +} + +NSS_IMPLEMENT CK_ULONG +nss_dbm_db_get_object_attribute_size +( + nss_dbm_dbt_t *dbt, + CK_ATTRIBUTE_TYPE type, + CK_RV *pError, + CK_ULONG *pdbrv +) +{ + CK_ULONG rv = 0; + DBT object; + CK_ULONG *pulData; + CK_ULONG n, i; + + /* Locked region */ + { + *pError = NSSCKFWMutex_Lock(dbt->my_db->crustylock); + if( CKR_OK != *pError ) { + return rv; + } + + *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0); + if( 0 == *pdbrv ) { + ; + } else if( *pdbrv > 0 ) { + *pError = CKR_OBJECT_HANDLE_INVALID; + goto done; + } else { + *pError = CKR_DEVICE_ERROR; + goto done; + } + + pulData = (CK_ULONG *)object.data; + n = ntohl(pulData[0]); + + for( i = 0; i < n; i++ ) { + if( type == ntohl(pulData[1 + i*3]) ) { + rv = ntohl(pulData[2 + i*3]); + } + } + + if( i == n ) { + *pError = CKR_ATTRIBUTE_TYPE_INVALID; + goto done; + } + + done: + (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock); + } + + return rv; +} + +NSS_IMPLEMENT NSSItem * +nss_dbm_db_get_object_attribute +( + nss_dbm_dbt_t *dbt, + NSSArena *arena, + CK_ATTRIBUTE_TYPE type, + CK_RV *pError, + CK_ULONG *pdbrv +) +{ + NSSItem *rv = (NSSItem *)NULL; + DBT object; + CK_ULONG i; + NSSArena *tmp = NSSArena_Create(); + CK_ATTRIBUTE_PTR pTemplate; + CK_ULONG ulAttributeCount; + + /* Locked region */ + { + *pError = NSSCKFWMutex_Lock(dbt->my_db->crustylock); + if( CKR_OK != *pError ) { + goto loser; + } + + *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0); + if( 0 == *pdbrv ) { + ; + } else if( *pdbrv > 0 ) { + *pError = CKR_OBJECT_HANDLE_INVALID; + goto done; + } else { + *pError = CKR_DEVICE_ERROR; + goto done; + } + + *pError = nss_dbm_db_unwrap_object(tmp, &object, &pTemplate, &ulAttributeCount); + if( CKR_OK != *pError ) { + goto done; + } + + for( i = 0; i < ulAttributeCount; i++ ) { + if( type == pTemplate[i].type ) { + rv = nss_ZNEW(arena, NSSItem); + if( (NSSItem *)NULL == rv ) { + *pError = CKR_HOST_MEMORY; + goto done; + } + rv->size = pTemplate[i].ulValueLen; + rv->data = nss_ZAlloc(arena, rv->size); + if( (void *)NULL == rv->data ) { + *pError = CKR_HOST_MEMORY; + goto done; + } + (void)memcpy(rv->data, pTemplate[i].pValue, rv->size); + break; + } + } + if( ulAttributeCount == i ) { + *pError = CKR_ATTRIBUTE_TYPE_INVALID; + goto done; + } + + done: + (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock); + } + + loser: + if( (NSSArena *)NULL != tmp ) { + NSSArena_Destroy(tmp); + } + + return rv; +} + +NSS_IMPLEMENT CK_RV +nss_dbm_db_set_object_attribute +( + nss_dbm_dbt_t *dbt, + CK_ATTRIBUTE_TYPE type, + NSSItem *value, + CK_ULONG *pdbrv +) +{ + CK_RV rv = CKR_OK; + DBT object; + CK_ULONG i; + NSSArena *tmp = NSSArena_Create(); + CK_ATTRIBUTE_PTR pTemplate; + CK_ULONG ulAttributeCount; + + /* Locked region */ + { + rv = NSSCKFWMutex_Lock(dbt->my_db->crustylock); + if( CKR_OK != rv ) { + goto loser; + } + + *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0); + if( 0 == *pdbrv ) { + ; + } else if( *pdbrv > 0 ) { + rv = CKR_OBJECT_HANDLE_INVALID; + goto done; + } else { + rv = CKR_DEVICE_ERROR; + goto done; + } + + rv = nss_dbm_db_unwrap_object(tmp, &object, &pTemplate, &ulAttributeCount); + if( CKR_OK != rv ) { + goto done; + } + + for( i = 0; i < ulAttributeCount; i++ ) { + if( type == pTemplate[i].type ) { + /* Replacing an existing attribute */ + pTemplate[i].ulValueLen = value->size; + pTemplate[i].pValue = value->data; + break; + } + } + + if( i == ulAttributeCount ) { + /* Adding a new attribute */ + CK_ATTRIBUTE_PTR npt = nss_ZNEWARRAY(tmp, CK_ATTRIBUTE, ulAttributeCount+1); + if( (CK_ATTRIBUTE_PTR)NULL == npt ) { + rv = CKR_DEVICE_ERROR; + goto done; + } + + for( i = 0; i < ulAttributeCount; i++ ) { + npt[i] = pTemplate[i]; + } + + npt[ulAttributeCount].type = type; + npt[ulAttributeCount].ulValueLen = value->size; + npt[ulAttributeCount].pValue = value->data; + + pTemplate = npt; + ulAttributeCount++; + } + + rv = nss_dbm_db_wrap_object(tmp, pTemplate, ulAttributeCount, &object); + if( CKR_OK != rv ) { + goto done; + } + + *pdbrv = dbt->my_db->db->put(dbt->my_db->db, &dbt->dbt, &object, 0); + if( 0 != *pdbrv ) { + rv = CKR_DEVICE_ERROR; + goto done; + } + + (void)dbt->my_db->db->sync(dbt->my_db->db, 0); + + done: + (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock); + } + + loser: + if( (NSSArena *)NULL != tmp ) { + NSSArena_Destroy(tmp); + } + + return rv; +} diff --git a/security/nss/lib/ckfw/dbm/find.c b/security/nss/lib/ckfw/dbm/find.c new file mode 100644 index 000000000..6979e029b --- /dev/null +++ b/security/nss/lib/ckfw/dbm/find.c @@ -0,0 +1,169 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +#include "ckdbm.h" + +static void +nss_dbm_mdFindObjects_Final +( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + nss_dbm_find_t *find = (nss_dbm_find_t *)mdFindObjects->etc; + + /* Locks might have system resources associated */ + (void)NSSCKFWMutex_Destroy(find->list_lock); + (void)NSSArena_Destroy(find->arena); +} + + +static NSSCKMDObject * +nss_dbm_mdFindObjects_Next +( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError +) +{ + nss_dbm_find_t *find = (nss_dbm_find_t *)mdFindObjects->etc; + struct nss_dbm_dbt_node *node; + nss_dbm_object_t *object; + NSSCKMDObject *rv; + + while(1) { + /* Lock */ + { + *pError = NSSCKFWMutex_Lock(find->list_lock); + if( CKR_OK != *pError ) { + return (NSSCKMDObject *)NULL; + } + + node = find->found; + if( (struct nss_dbm_dbt_node *)NULL != node ) { + find->found = node->next; + } + + *pError = NSSCKFWMutex_Unlock(find->list_lock); + if( CKR_OK != *pError ) { + /* screwed now */ + return (NSSCKMDObject *)NULL; + } + } + + if( (struct nss_dbm_dbt_node *)NULL == node ) { + break; + } + + if( nss_dbm_db_object_still_exists(node->dbt) ) { + break; + } + } + + if( (struct nss_dbm_dbt_node *)NULL == node ) { + *pError = CKR_OK; + return (NSSCKMDObject *)NULL; + } + + object = nss_ZNEW(arena, nss_dbm_object_t); + if( (nss_dbm_object_t *)NULL == object ) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDObject *)NULL; + } + + object->arena = arena; + object->handle = nss_ZNEW(arena, nss_dbm_dbt_t); + if( (nss_dbm_dbt_t *)NULL == object->handle ) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDObject *)NULL; + } + + object->handle->my_db = node->dbt->my_db; + object->handle->dbt.size = node->dbt->dbt.size; + object->handle->dbt.data = nss_ZAlloc(arena, node->dbt->dbt.size); + if( (void *)NULL == object->handle->dbt.data ) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDObject *)NULL; + } + + (void)memcpy(object->handle->dbt.data, node->dbt->dbt.data, node->dbt->dbt.size); + + rv = nss_dbm_mdObject_factory(object, pError); + if( (NSSCKMDObject *)NULL == rv ) { + return (NSSCKMDObject *)NULL; + } + + return rv; +} + +NSS_IMPLEMENT NSSCKMDFindObjects * +nss_dbm_mdFindObjects_factory +( + nss_dbm_find_t *find, + CK_RV *pError +) +{ + NSSCKMDFindObjects *rv; + + rv = nss_ZNEW(find->arena, NSSCKMDFindObjects); + if( (NSSCKMDFindObjects *)NULL == rv ) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDFindObjects *)NULL; + } + + rv->etc = (void *)find; + rv->Final = nss_dbm_mdFindObjects_Final; + rv->Next = nss_dbm_mdFindObjects_Next; + + return rv; +} diff --git a/security/nss/lib/ckfw/dbm/instance.c b/security/nss/lib/ckfw/dbm/instance.c new file mode 100644 index 000000000..f1fced615 --- /dev/null +++ b/security/nss/lib/ckfw/dbm/instance.c @@ -0,0 +1,199 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +#include "ckdbm.h" + +static CK_RV +nss_dbm_mdInstance_Initialize +( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSUTF8 *configurationData +) +{ + CK_RV rv = CKR_OK; + NSSArena *arena; + nss_dbm_instance_t *instance; + + arena = NSSCKFWInstance_GetArena(fwInstance, &rv); + if( ((NSSArena *)NULL == arena) && (CKR_OK != rv) ) { + return rv; + } + + instance = nss_ZNEW(arena, nss_dbm_instance_t); + if( (nss_dbm_instance_t *)NULL == instance ) { + return CKR_HOST_MEMORY; + } + + instance->arena = arena; + + /* + * This should parse the configuration data for information on + * number and locations of databases, modes (e.g. readonly), etc. + * But for now, we'll have one slot with a creatable read-write + * database called "cert8.db." + */ + + instance->nSlots = 1; + instance->filenames = nss_ZNEWARRAY(arena, char *, instance->nSlots); + if( (char **)NULL == instance->filenames ) { + return CKR_HOST_MEMORY; + } + + instance->flags = nss_ZNEWARRAY(arena, int, instance->nSlots); + if( (int *)NULL == instance->flags ) { + return CKR_HOST_MEMORY; + } + + instance->filenames[0] = "cert8.db"; + instance->flags[0] = O_RDWR|O_CREAT; + + mdInstance->etc = (void *)instance; + return CKR_OK; +} + +/* nss_dbm_mdInstance_Finalize is not required */ + +static CK_ULONG +nss_dbm_mdInstance_GetNSlots +( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + nss_dbm_instance_t *instance = (nss_dbm_instance_t *)mdInstance->etc; + return instance->nSlots; +} + +static CK_VERSION +nss_dbm_mdInstance_GetCryptokiVersion +( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + static CK_VERSION rv = { 2, 1 }; + return rv; +} + +static NSSUTF8 * +nss_dbm_mdInstance_GetManufacturerID +( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + return "Mozilla Foundation"; +} + +static NSSUTF8 * +nss_dbm_mdInstance_GetLibraryDescription +( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + return "Berkeley Database Module"; +} + +static CK_VERSION +nss_dbm_mdInstance_GetLibraryVersion +( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + static CK_VERSION rv = { 1, 0 }; /* My own version number */ + return rv; +} + +static CK_BBOOL +nss_dbm_mdInstance_ModuleHandlesSessionObjects +( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + return CK_TRUE; +} + +static CK_RV +nss_dbm_mdInstance_GetSlots +( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDSlot *slots[] +) +{ + nss_dbm_instance_t *instance = (nss_dbm_instance_t *)mdInstance->etc; + CK_ULONG i; + CK_RV rv = CKR_OK; + + for( i = 0; i < instance->nSlots; i++ ) { + slots[i] = nss_dbm_mdSlot_factory(instance, instance->filenames[i], + instance->flags[i], &rv); + if( (NSSCKMDSlot *)NULL == slots[i] ) { + return rv; + } + } + + return rv; +} + +/* nss_dbm_mdInstance_WaitForSlotEvent is not relevant */ + +NSS_IMPLEMENT_DATA NSSCKMDInstance +nss_dbm_mdInstance = { + NULL, /* etc; filled in later */ + nss_dbm_mdInstance_Initialize, + NULL, /* nss_dbm_mdInstance_Finalize */ + nss_dbm_mdInstance_GetNSlots, + nss_dbm_mdInstance_GetCryptokiVersion, + nss_dbm_mdInstance_GetManufacturerID, + nss_dbm_mdInstance_GetLibraryDescription, + nss_dbm_mdInstance_GetLibraryVersion, + nss_dbm_mdInstance_ModuleHandlesSessionObjects, + nss_dbm_mdInstance_GetSlots, + NULL, /* nss_dbm_mdInstance_WaitForSlotEvent */ + NULL /* terminator */ +}; diff --git a/security/nss/lib/ckfw/dbm/manifest.mn b/security/nss/lib/ckfw/dbm/manifest.mn new file mode 100644 index 000000000..0bee9e620 --- /dev/null +++ b/security/nss/lib/ckfw/dbm/manifest.mn @@ -0,0 +1,58 @@ +# +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is +# Netscape Communications Corporation. +# Portions created by the Initial Developer are Copyright (C) 1994-2000 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** +MANIFEST_CVS_ID = "@(#) $RCSfile$ $Revision$ $Date$" + +CORE_DEPTH = ../../../.. + +MODULE = nss + +CSRCS = \ + anchor.c \ + instance.c \ + slot.c \ + token.c \ + session.c \ + object.c \ + find.c \ + db.c \ + $(NULL) + +REQUIRES = dbm nspr + +LIBRARY_NAME = nssckdbm + +EXTRA_SHARED_LIBS = -L$(DIST)/lib -lnssckfw -lnssb -ldbm -lnspr4 -lplc4 -lplds4 diff --git a/security/nss/lib/ckfw/dbm/object.c b/security/nss/lib/ckfw/dbm/object.c new file mode 100644 index 000000000..1a8f76ed3 --- /dev/null +++ b/security/nss/lib/ckfw/dbm/object.c @@ -0,0 +1,207 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +#include "ckdbm.h" + +static void +nss_dbm_mdObject_Finalize +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + ; +} + +static CK_RV +nss_dbm_mdObject_Destroy +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc; + return nss_dbm_db_delete_object(object->handle); +} + +static CK_ULONG +nss_dbm_mdObject_GetAttributeCount +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc; + nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; + return nss_dbm_db_get_object_attribute_count(object->handle, pError, + &session->deviceError); +} + +static CK_RV +nss_dbm_mdObject_GetAttributeTypes +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount +) +{ + nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc; + nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; + return nss_dbm_db_get_object_attribute_types(object->handle, typeArray, + ulCount, &session->deviceError); +} + +static CK_ULONG +nss_dbm_mdObject_GetAttributeSize +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError +) +{ + nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc; + nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; + return nss_dbm_db_get_object_attribute_size(object->handle, attribute, pError, + &session->deviceError); +} + +static NSSItem * +nss_dbm_mdObject_GetAttribute +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError +) +{ + nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc; + nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; + return nss_dbm_db_get_object_attribute(object->handle, object->arena, attribute, + pError, &session->deviceError); +} + +static CK_RV +nss_dbm_mdObject_SetAttribute +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + NSSItem *value +) +{ + nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc; + nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; + return nss_dbm_db_set_object_attribute(object->handle, attribute, value, + &session->deviceError); +} + +NSS_IMPLEMENT NSSCKMDObject * +nss_dbm_mdObject_factory +( + nss_dbm_object_t *object, + CK_RV *pError +) +{ + NSSCKMDObject *rv; + + rv = nss_ZNEW(object->arena, NSSCKMDObject); + if( (NSSCKMDObject *)NULL == rv ) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDObject *)NULL; + } + + rv->etc = (void *)object; + rv->Finalize = nss_dbm_mdObject_Finalize; + rv->Destroy = nss_dbm_mdObject_Destroy; + /* IsTokenObject can be deferred */ + rv->GetAttributeCount = nss_dbm_mdObject_GetAttributeCount; + rv->GetAttributeTypes = nss_dbm_mdObject_GetAttributeTypes; + rv->GetAttributeSize = nss_dbm_mdObject_GetAttributeSize; + rv->GetAttribute = nss_dbm_mdObject_GetAttribute; + rv->SetAttribute = nss_dbm_mdObject_SetAttribute; + /* GetObjectSize can be deferred */ + + return rv; +} diff --git a/security/nss/lib/ckfw/dbm/session.c b/security/nss/lib/ckfw/dbm/session.c new file mode 100644 index 000000000..371a94adc --- /dev/null +++ b/security/nss/lib/ckfw/dbm/session.c @@ -0,0 +1,301 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +#include "ckdbm.h" + +static void +nss_dbm_mdSession_Close +( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; + + struct nss_dbm_dbt_node *w; + + /* Lock */ + { + if( CKR_OK != NSSCKFWMutex_Lock(session->list_lock) ) { + return; + } + + w = session->session_objects; + session->session_objects = (struct nss_dbm_dbt_node *)NULL; /* sanity */ + + (void)NSSCKFWMutex_Unlock(session->list_lock); + } + + for( ; (struct nss_dbm_dbt_node *)NULL != w; w = w->next ) { + (void)nss_dbm_db_delete_object(w->dbt); + } +} + +static CK_ULONG +nss_dbm_mdSession_GetDeviceError +( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; + return session->deviceError; +} + +/* Login isn't needed */ +/* Logout isn't needed */ +/* InitPIN is irrelevant */ +/* SetPIN is irrelevant */ +/* GetOperationStateLen is irrelevant */ +/* GetOperationState is irrelevant */ +/* SetOperationState is irrelevant */ + +static NSSCKMDObject * +nss_dbm_mdSession_CreateObject +( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSArena *handyArenaPointer, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError +) +{ + nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; + nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; + CK_ULONG i; + CK_BBOOL isToken = CK_FALSE; /* defaults to false */ + NSSCKMDObject *rv; + struct nss_dbm_dbt_node *node = (struct nss_dbm_dbt_node *)NULL; + nss_dbm_object_t *object; + nss_dbm_db_t *which_db; + + /* This framework should really pass this to me */ + for( i = 0; i < ulAttributeCount; i++ ) { + if( CKA_TOKEN == pTemplate[i].type ) { + isToken = *(CK_BBOOL *)pTemplate[i].pValue; + break; + } + } + + object = nss_ZNEW(handyArenaPointer, nss_dbm_object_t); + if( (nss_dbm_object_t *)NULL == object ) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDObject *)NULL; + } + + object->arena = handyArenaPointer; + which_db = isToken ? token->slot->token_db : token->session_db; + + /* Do this before the actual database call; it's easier to recover from */ + rv = nss_dbm_mdObject_factory(object, pError); + if( (NSSCKMDObject *)NULL == rv ) { + return (NSSCKMDObject *)NULL; + } + + if( CK_FALSE == isToken ) { + node = nss_ZNEW(session->arena, struct nss_dbm_dbt_node); + if( (struct nss_dbm_dbt_node *)NULL == node ) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDObject *)NULL; + } + } + + object->handle = nss_dbm_db_create_object(handyArenaPointer, which_db, + pTemplate, ulAttributeCount, + pError, &session->deviceError); + if( (nss_dbm_dbt_t *)NULL == object->handle ) { + return (NSSCKMDObject *)NULL; + } + + if( CK_FALSE == isToken ) { + node->dbt = object->handle; + /* Lock */ + { + *pError = NSSCKFWMutex_Lock(session->list_lock); + if( CKR_OK != *pError ) { + (void)nss_dbm_db_delete_object(object->handle); + return (NSSCKMDObject *)NULL; + } + + node->next = session->session_objects; + session->session_objects = node; + + *pError = NSSCKFWMutex_Unlock(session->list_lock); + } + } + + return rv; +} + +/* CopyObject isn't needed; the framework will use CreateObject */ + +static NSSCKMDFindObjects * +nss_dbm_mdSession_FindObjectsInit +( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError +) +{ + nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc; + nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; + NSSArena *arena; + nss_dbm_find_t *find; + NSSCKMDFindObjects *rv; + + arena = NSSArena_Create(); + if( (NSSArena *)NULL == arena ) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + find = nss_ZNEW(arena, nss_dbm_find_t); + if( (nss_dbm_find_t *)NULL == find ) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + find->arena = arena; + find->list_lock = NSSCKFWInstance_CreateMutex(fwInstance, arena, pError); + if( (NSSCKFWMutex *)NULL == find->list_lock ) { + goto loser; + } + + *pError = nss_dbm_db_find_objects(find, token->slot->token_db, pTemplate, + ulAttributeCount, &session->deviceError); + if( CKR_OK != *pError ) { + goto loser; + } + + *pError = nss_dbm_db_find_objects(find, token->session_db, pTemplate, + ulAttributeCount, &session->deviceError); + if( CKR_OK != *pError ) { + goto loser; + } + + rv = nss_dbm_mdFindObjects_factory(find, pError); + if( (NSSCKMDFindObjects *)NULL == rv ) { + goto loser; + } + + return rv; + + loser: + if( (NSSArena *)NULL != arena ) { + (void)NSSArena_Destroy(arena); + } + + return (NSSCKMDFindObjects *)NULL; +} + +/* SeedRandom is irrelevant */ +/* GetRandom is irrelevant */ + +NSS_IMPLEMENT NSSCKMDSession * +nss_dbm_mdSession_factory +( + nss_dbm_token_t *token, + NSSCKFWSession *fwSession, + NSSCKFWInstance *fwInstance, + CK_BBOOL rw, + CK_RV *pError +) +{ + NSSArena *arena; + nss_dbm_session_t *session; + NSSCKMDSession *rv; + + arena = NSSCKFWSession_GetArena(fwSession, pError); + + session = nss_ZNEW(arena, nss_dbm_session_t); + if( (nss_dbm_session_t *)NULL == session ) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDSession *)NULL; + } + + rv = nss_ZNEW(arena, NSSCKMDSession); + if( (NSSCKMDSession *)NULL == rv ) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDSession *)NULL; + } + + session->arena = arena; + session->token = token; + session->list_lock = NSSCKFWInstance_CreateMutex(fwInstance, arena, pError); + if( (NSSCKFWMutex *)NULL == session->list_lock ) { + return (NSSCKMDSession *)NULL; + } + + rv->etc = (void *)session; + rv->Close = nss_dbm_mdSession_Close; + rv->GetDeviceError = nss_dbm_mdSession_GetDeviceError; + /* Login isn't needed */ + /* Logout isn't needed */ + /* InitPIN is irrelevant */ + /* SetPIN is irrelevant */ + /* GetOperationStateLen is irrelevant */ + /* GetOperationState is irrelevant */ + /* SetOperationState is irrelevant */ + rv->CreateObject = nss_dbm_mdSession_CreateObject; + /* CopyObject isn't needed; the framework will use CreateObject */ + rv->FindObjectsInit = nss_dbm_mdSession_FindObjectsInit; + rv->null = NULL; + + return rv; +} diff --git a/security/nss/lib/ckfw/dbm/slot.c b/security/nss/lib/ckfw/dbm/slot.c new file mode 100644 index 000000000..e43700c75 --- /dev/null +++ b/security/nss/lib/ckfw/dbm/slot.c @@ -0,0 +1,217 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +#include "ckdbm.h" + +static CK_RV +nss_dbm_mdSlot_Initialize +( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + nss_dbm_slot_t *slot = (nss_dbm_slot_t *)mdSlot->etc; + nss_dbm_instance_t *instance = (nss_dbm_instance_t *)mdInstance->etc; + CK_RV rv = CKR_OK; + + slot->token_db = nss_dbm_db_open(instance->arena, fwInstance, slot->filename, + slot->flags, &rv); + if( (nss_dbm_db_t *)NULL == slot->token_db ) { + if( CKR_TOKEN_NOT_PRESENT == rv ) { + /* This is not an error-- just means "the token isn't there" */ + rv = CKR_OK; + } + } + + return rv; +} + +static void +nss_dbm_mdSlot_Destroy +( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + nss_dbm_slot_t *slot = (nss_dbm_slot_t *)mdSlot->etc; + + if( (nss_dbm_db_t *)NULL != slot->token_db ) { + nss_dbm_db_close(slot->token_db); + slot->token_db = (nss_dbm_db_t *)NULL; + } +} + +static NSSUTF8 * +nss_dbm_mdSlot_GetSlotDescription +( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + return "Database"; +} + +static NSSUTF8 * +nss_dbm_mdSlot_GetManufacturerID +( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + return "Berkeley"; +} + +static CK_BBOOL +nss_dbm_mdSlot_GetTokenPresent +( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + nss_dbm_slot_t *slot = (nss_dbm_slot_t *)mdSlot->etc; + + if( (nss_dbm_db_t *)NULL == slot->token_db ) { + return CK_FALSE; + } else { + return CK_TRUE; + } +} + +static CK_BBOOL +nss_dbm_mdSlot_GetRemovableDevice +( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + /* + * Well, this supports "tokens" (databases) that aren't there, so in + * that sense they're removable. It'd be nice to handle databases + * that suddenly disappear (NFS-mounted home directories and network + * errors, for instance) but that's a harder problem. We'll say + * we support removable devices, badly. + */ + + return CK_TRUE; +} + +/* nss_dbm_mdSlot_GetHardwareSlot defaults to CK_FALSE */ +/* + * nss_dbm_mdSlot_GetHardwareVersion + * nss_dbm_mdSlot_GetFirmwareVersion + * + * These are kinda fuzzy concepts here. I suppose we could return the + * Berkeley DB version for one of them, if we had an actual number we + * were confident in. But mcom's "dbm" has been hacked enough that I + * don't really know from what "real" version it stems.. + */ + +static NSSCKMDToken * +nss_dbm_mdSlot_GetToken +( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + nss_dbm_slot_t *slot = (nss_dbm_slot_t *)mdSlot->etc; + return nss_dbm_mdToken_factory(slot, pError); +} + +NSS_IMPLEMENT NSSCKMDSlot * +nss_dbm_mdSlot_factory +( + nss_dbm_instance_t *instance, + char *filename, + int flags, + CK_RV *pError +) +{ + nss_dbm_slot_t *slot; + NSSCKMDSlot *rv; + + slot = nss_ZNEW(instance->arena, nss_dbm_slot_t); + if( (nss_dbm_slot_t *)NULL == slot ) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDSlot *)NULL; + } + + slot->instance = instance; + slot->filename = filename; + slot->flags = flags; + slot->token_db = (nss_dbm_db_t *)NULL; + + rv = nss_ZNEW(instance->arena, NSSCKMDSlot); + if( (NSSCKMDSlot *)NULL == rv ) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDSlot *)NULL; + } + + rv->etc = (void *)slot; + rv->Initialize = nss_dbm_mdSlot_Initialize; + rv->Destroy = nss_dbm_mdSlot_Destroy; + rv->GetSlotDescription = nss_dbm_mdSlot_GetSlotDescription; + rv->GetManufacturerID = nss_dbm_mdSlot_GetManufacturerID; + rv->GetTokenPresent = nss_dbm_mdSlot_GetTokenPresent; + rv->GetRemovableDevice = nss_dbm_mdSlot_GetRemovableDevice; + /* GetHardwareSlot */ + /* GetHardwareVersion */ + /* GetFirmwareVersion */ + rv->GetToken = nss_dbm_mdSlot_GetToken; + rv->null = (void *)NULL; + + return rv; +} diff --git a/security/nss/lib/ckfw/dbm/token.c b/security/nss/lib/ckfw/dbm/token.c new file mode 100644 index 000000000..16bd2b3fc --- /dev/null +++ b/security/nss/lib/ckfw/dbm/token.c @@ -0,0 +1,318 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +#include "ckdbm.h" + +static CK_RV +nss_dbm_mdToken_Setup +( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; + CK_RV rv = CKR_OK; + + token->arena = NSSCKFWToken_GetArena(fwToken, &rv); + token->session_db = nss_dbm_db_open(token->arena, fwInstance, (char *)NULL, + O_RDWR|O_CREAT, &rv); + if( (nss_dbm_db_t *)NULL == token->session_db ) { + return rv; + } + + /* Add a label record if there isn't one? */ + + return CKR_OK; +} + +static void +nss_dbm_mdToken_Invalidate +( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; + + if( (nss_dbm_db_t *)NULL != token->session_db ) { + nss_dbm_db_close(token->session_db); + token->session_db = (nss_dbm_db_t *)NULL; + } +} + +static CK_RV +nss_dbm_mdToken_InitToken +( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSItem *pin, + NSSUTF8 *label +) +{ + nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; + nss_dbm_instance_t *instance = (nss_dbm_instance_t *)mdInstance->etc; + CK_RV rv; + + /* Wipe the session object data */ + + if( (nss_dbm_db_t *)NULL != token->session_db ) { + nss_dbm_db_close(token->session_db); + } + + token->session_db = nss_dbm_db_open(token->arena, fwInstance, (char *)NULL, + O_RDWR|O_CREAT, &rv); + if( (nss_dbm_db_t *)NULL == token->session_db ) { + return rv; + } + + /* Wipe the token object data */ + + if( token->slot->flags & O_RDWR ) { + if( (nss_dbm_db_t *)NULL != token->slot->token_db ) { + nss_dbm_db_close(token->slot->token_db); + } + + token->slot->token_db = nss_dbm_db_open(instance->arena, fwInstance, + token->slot->filename, + token->slot->flags | O_CREAT | O_TRUNC, + &rv); + if( (nss_dbm_db_t *)NULL == token->slot->token_db ) { + return rv; + } + + /* PIN is irrelevant */ + + rv = nss_dbm_db_set_label(token->slot->token_db, label); + if( CKR_OK != rv ) { + return rv; + } + } + + return CKR_OK; +} + +static NSSUTF8 * +nss_dbm_mdToken_GetLabel +( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; + + if( (NSSUTF8 *)NULL == token->label ) { + token->label = nss_dbm_db_get_label(token->slot->token_db, token->arena, pError); + } + + /* If no label has been set, return *something* */ + if( (NSSUTF8 *)NULL == token->label ) { + return token->slot->filename; + } + + return token->label; +} + +static NSSUTF8 * +nss_dbm_mdToken_GetManufacturerID +( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + return "mozilla.org NSS"; +} + +static NSSUTF8 * +nss_dbm_mdToken_GetModel +( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + return "dbm"; +} + +/* GetSerialNumber is irrelevant */ +/* GetHasRNG defaults to CK_FALSE */ + +static CK_BBOOL +nss_dbm_mdToken_GetIsWriteProtected +( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; + + if( token->slot->flags & O_RDWR ) { + return CK_FALSE; + } else { + return CK_TRUE; + } +} + +/* GetLoginRequired defaults to CK_FALSE */ +/* GetUserPinInitialized defaults to CK_FALSE */ +/* GetRestoreKeyNotNeeded is irrelevant */ +/* GetHasClockOnToken defaults to CK_FALSE */ +/* GetHasProtectedAuthenticationPath defaults to CK_FALSE */ +/* GetSupportsDualCryptoOperations is irrelevant */ + +static CK_ULONG +nss_dbm_mdToken_effectively_infinite +( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + return CK_EFFECTIVELY_INFINITE; +} + +static CK_VERSION +nss_dbm_mdToken_GetHardwareVersion +( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; + return nss_dbm_db_get_format_version(token->slot->token_db); +} + +/* GetFirmwareVersion is irrelevant */ +/* GetUTCTime is irrelevant */ + +static NSSCKMDSession * +nss_dbm_mdToken_OpenSession +( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKFWSession *fwSession, + CK_BBOOL rw, + CK_RV *pError +) +{ + nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc; + return nss_dbm_mdSession_factory(token, fwSession, fwInstance, rw, pError); +} + +/* GetMechanismCount defaults to zero */ +/* GetMechanismTypes is irrelevant */ +/* GetMechanism is irrelevant */ + +NSS_IMPLEMENT NSSCKMDToken * +nss_dbm_mdToken_factory +( + nss_dbm_slot_t *slot, + CK_RV *pError +) +{ + nss_dbm_token_t *token; + NSSCKMDToken *rv; + + token = nss_ZNEW(slot->instance->arena, nss_dbm_token_t); + if( (nss_dbm_token_t *)NULL == token ) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDToken *)NULL; + } + + rv = nss_ZNEW(slot->instance->arena, NSSCKMDToken); + if( (NSSCKMDToken *)NULL == rv ) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDToken *)NULL; + } + + token->slot = slot; + + rv->etc = (void *)token; + rv->Setup = nss_dbm_mdToken_Setup; + rv->Invalidate = nss_dbm_mdToken_Invalidate; + rv->InitToken = nss_dbm_mdToken_InitToken; + rv->GetLabel = nss_dbm_mdToken_GetLabel; + rv->GetManufacturerID = nss_dbm_mdToken_GetManufacturerID; + rv->GetModel = nss_dbm_mdToken_GetModel; + /* GetSerialNumber is irrelevant */ + /* GetHasRNG defaults to CK_FALSE */ + rv->GetIsWriteProtected = nss_dbm_mdToken_GetIsWriteProtected; + /* GetLoginRequired defaults to CK_FALSE */ + /* GetUserPinInitialized defaults to CK_FALSE */ + /* GetRestoreKeyNotNeeded is irrelevant */ + /* GetHasClockOnToken defaults to CK_FALSE */ + /* GetHasProtectedAuthenticationPath defaults to CK_FALSE */ + /* GetSupportsDualCryptoOperations is irrelevant */ + rv->GetMaxSessionCount = nss_dbm_mdToken_effectively_infinite; + rv->GetMaxRwSessionCount = nss_dbm_mdToken_effectively_infinite; + /* GetMaxPinLen is irrelevant */ + /* GetMinPinLen is irrelevant */ + /* GetTotalPublicMemory defaults to CK_UNAVAILABLE_INFORMATION */ + /* GetFreePublicMemory defaults to CK_UNAVAILABLE_INFORMATION */ + /* GetTotalPrivateMemory defaults to CK_UNAVAILABLE_INFORMATION */ + /* GetFreePrivateMemory defaults to CK_UNAVAILABLE_INFORMATION */ + rv->GetHardwareVersion = nss_dbm_mdToken_GetHardwareVersion; + /* GetFirmwareVersion is irrelevant */ + /* GetUTCTime is irrelevant */ + rv->OpenSession = nss_dbm_mdToken_OpenSession; + rv->null = NULL; + + return rv; +} diff --git a/security/nss/lib/ckfw/find.c b/security/nss/lib/ckfw/find.c new file mode 100644 index 000000000..4c723a56b --- /dev/null +++ b/security/nss/lib/ckfw/find.c @@ -0,0 +1,415 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +/* + * find.c + * + * This file implements the nssCKFWFindObjects type and methods. + */ + +#ifndef CK_H +#include "ck.h" +#endif /* CK_H */ + +/* + * NSSCKFWFindObjects + * + * -- create/destroy -- + * nssCKFWFindObjects_Create + * nssCKFWFindObjects_Destroy + * + * -- public accessors -- + * NSSCKFWFindObjects_GetMDFindObjects + * + * -- implement public accessors -- + * nssCKFWFindObjects_GetMDFindObjects + * + * -- private accessors -- + * + * -- module fronts -- + * nssCKFWFindObjects_Next + */ + +struct NSSCKFWFindObjectsStr { + NSSCKFWMutex *mutex; /* merely to serialise the MDObject calls */ + NSSCKMDFindObjects *mdfo1; + NSSCKMDFindObjects *mdfo2; + NSSCKFWSession *fwSession; + NSSCKMDSession *mdSession; + NSSCKFWToken *fwToken; + NSSCKMDToken *mdToken; + NSSCKFWInstance *fwInstance; + NSSCKMDInstance *mdInstance; + + NSSCKMDFindObjects *mdFindObjects; /* varies */ +}; + +#ifdef DEBUG +/* + * But first, the pointer-tracking stuff. + * + * NOTE: the pointer-tracking support in NSS/base currently relies + * upon NSPR's CallOnce support. That, however, relies upon NSPR's + * locking, which is tied into the runtime. We need a pointer-tracker + * implementation that uses the locks supplied through C_Initialize. + * That support, however, can be filled in later. So for now, I'll + * just do these routines as no-ops. + */ + +static CK_RV +findObjects_add_pointer +( + const NSSCKFWFindObjects *fwFindObjects +) +{ + return CKR_OK; +} + +static CK_RV +findObjects_remove_pointer +( + const NSSCKFWFindObjects *fwFindObjects +) +{ + return CKR_OK; +} + +NSS_IMPLEMENT CK_RV +nssCKFWFindObjects_verifyPointer +( + const NSSCKFWFindObjects *fwFindObjects +) +{ + return CKR_OK; +} + +#endif /* DEBUG */ + +/* + * nssCKFWFindObjects_Create + * + */ +NSS_EXTERN NSSCKFWFindObjects * +nssCKFWFindObjects_Create +( + NSSCKFWSession *fwSession, + NSSCKFWToken *fwToken, + NSSCKFWInstance *fwInstance, + NSSCKMDFindObjects *mdFindObjects1, + NSSCKMDFindObjects *mdFindObjects2, + CK_RV *pError +) +{ + NSSCKFWFindObjects *fwFindObjects = NULL; + NSSCKMDSession *mdSession; + NSSCKMDToken *mdToken; + NSSCKMDInstance *mdInstance; + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdToken = nssCKFWToken_GetMDToken(fwToken); + mdInstance = nssCKFWInstance_GetMDInstance(fwInstance); + + fwFindObjects = nss_ZNEW(NULL, NSSCKFWFindObjects); + if (!fwFindObjects) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + fwFindObjects->mdfo1 = mdFindObjects1; + fwFindObjects->mdfo2 = mdFindObjects2; + fwFindObjects->fwSession = fwSession; + fwFindObjects->mdSession = mdSession; + fwFindObjects->fwToken = fwToken; + fwFindObjects->mdToken = mdToken; + fwFindObjects->fwInstance = fwInstance; + fwFindObjects->mdInstance = mdInstance; + + fwFindObjects->mutex = nssCKFWInstance_CreateMutex(fwInstance, NULL, pError); + if (!fwFindObjects->mutex) { + goto loser; + } + +#ifdef DEBUG + *pError = findObjects_add_pointer(fwFindObjects); + if( CKR_OK != *pError ) { + goto loser; + } +#endif /* DEBUG */ + + return fwFindObjects; + + loser: + if( fwFindObjects ) { + if( NULL != mdFindObjects1 ) { + if( NULL != mdFindObjects1->Final ) { + fwFindObjects->mdFindObjects = mdFindObjects1; + mdFindObjects1->Final(mdFindObjects1, fwFindObjects, mdSession, + fwSession, mdToken, fwToken, mdInstance, fwInstance); + } + } + + if( NULL != mdFindObjects2 ) { + if( NULL != mdFindObjects2->Final ) { + fwFindObjects->mdFindObjects = mdFindObjects2; + mdFindObjects2->Final(mdFindObjects2, fwFindObjects, mdSession, + fwSession, mdToken, fwToken, mdInstance, fwInstance); + } + } + + nss_ZFreeIf(fwFindObjects); + } + + if( CKR_OK == *pError ) { + *pError = CKR_GENERAL_ERROR; + } + + return (NSSCKFWFindObjects *)NULL; +} + + +/* + * nssCKFWFindObjects_Destroy + * + */ +NSS_EXTERN void +nssCKFWFindObjects_Destroy +( + NSSCKFWFindObjects *fwFindObjects +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWFindObjects_verifyPointer(fwFindObjects) ) { + return; + } +#endif /* NSSDEBUG */ + + (void)nssCKFWMutex_Destroy(fwFindObjects->mutex); + + if (fwFindObjects->mdfo1) { + if (fwFindObjects->mdfo1->Final) { + fwFindObjects->mdFindObjects = fwFindObjects->mdfo1; + fwFindObjects->mdfo1->Final(fwFindObjects->mdfo1, fwFindObjects, + fwFindObjects->mdSession, fwFindObjects->fwSession, + fwFindObjects->mdToken, fwFindObjects->fwToken, + fwFindObjects->mdInstance, fwFindObjects->fwInstance); + } + } + + if (fwFindObjects->mdfo2) { + if (fwFindObjects->mdfo2->Final) { + fwFindObjects->mdFindObjects = fwFindObjects->mdfo2; + fwFindObjects->mdfo2->Final(fwFindObjects->mdfo2, fwFindObjects, + fwFindObjects->mdSession, fwFindObjects->fwSession, + fwFindObjects->mdToken, fwFindObjects->fwToken, + fwFindObjects->mdInstance, fwFindObjects->fwInstance); + } + } + + nss_ZFreeIf(fwFindObjects); + +#ifdef DEBUG + (void)findObjects_remove_pointer(fwFindObjects); +#endif /* DEBUG */ + + return; +} + +/* + * nssCKFWFindObjects_GetMDFindObjects + * + */ +NSS_EXTERN NSSCKMDFindObjects * +nssCKFWFindObjects_GetMDFindObjects +( + NSSCKFWFindObjects *fwFindObjects +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWFindObjects_verifyPointer(fwFindObjects) ) { + return (NSSCKMDFindObjects *)NULL; + } +#endif /* NSSDEBUG */ + + return fwFindObjects->mdFindObjects; +} + +/* + * nssCKFWFindObjects_Next + * + */ +NSS_EXTERN NSSCKFWObject * +nssCKFWFindObjects_Next +( + NSSCKFWFindObjects *fwFindObjects, + NSSArena *arenaOpt, + CK_RV *pError +) +{ + NSSCKMDObject *mdObject; + NSSCKFWObject *fwObject = (NSSCKFWObject *)NULL; + NSSArena *objArena; + +#ifdef NSSDEBUG + if (!pError) { + return (NSSCKFWObject *)NULL; + } + + *pError = nssCKFWFindObjects_verifyPointer(fwFindObjects); + if( CKR_OK != *pError ) { + return (NSSCKFWObject *)NULL; + } +#endif /* NSSDEBUG */ + + *pError = nssCKFWMutex_Lock(fwFindObjects->mutex); + if( CKR_OK != *pError ) { + return (NSSCKFWObject *)NULL; + } + + if (fwFindObjects->mdfo1) { + if (fwFindObjects->mdfo1->Next) { + fwFindObjects->mdFindObjects = fwFindObjects->mdfo1; + mdObject = fwFindObjects->mdfo1->Next(fwFindObjects->mdfo1, + fwFindObjects, fwFindObjects->mdSession, fwFindObjects->fwSession, + fwFindObjects->mdToken, fwFindObjects->fwToken, + fwFindObjects->mdInstance, fwFindObjects->fwInstance, + arenaOpt, pError); + if (!mdObject) { + if( CKR_OK != *pError ) { + goto done; + } + + /* All done. */ + fwFindObjects->mdfo1->Final(fwFindObjects->mdfo1, fwFindObjects, + fwFindObjects->mdSession, fwFindObjects->fwSession, + fwFindObjects->mdToken, fwFindObjects->fwToken, + fwFindObjects->mdInstance, fwFindObjects->fwInstance); + fwFindObjects->mdfo1 = (NSSCKMDFindObjects *)NULL; + } else { + goto wrap; + } + } + } + + if (fwFindObjects->mdfo2) { + if (fwFindObjects->mdfo2->Next) { + fwFindObjects->mdFindObjects = fwFindObjects->mdfo2; + mdObject = fwFindObjects->mdfo2->Next(fwFindObjects->mdfo2, + fwFindObjects, fwFindObjects->mdSession, fwFindObjects->fwSession, + fwFindObjects->mdToken, fwFindObjects->fwToken, + fwFindObjects->mdInstance, fwFindObjects->fwInstance, + arenaOpt, pError); + if (!mdObject) { + if( CKR_OK != *pError ) { + goto done; + } + + /* All done. */ + fwFindObjects->mdfo2->Final(fwFindObjects->mdfo2, fwFindObjects, + fwFindObjects->mdSession, fwFindObjects->fwSession, + fwFindObjects->mdToken, fwFindObjects->fwToken, + fwFindObjects->mdInstance, fwFindObjects->fwInstance); + fwFindObjects->mdfo2 = (NSSCKMDFindObjects *)NULL; + } else { + goto wrap; + } + } + } + + /* No more objects */ + *pError = CKR_OK; + goto done; + + wrap: + /* + * This seems is less than ideal-- we should determine if it's a token + * object or a session object, and use the appropriate arena. + * But that duplicates logic in nssCKFWObject_IsTokenObject. + * Also we should lookup the real session the object was created on + * if the object was a session object... however this code is actually + * correct because nssCKFWObject_Create will return a cached version of + * the object from it's hash. This is necessary because 1) we don't want + * to create an arena style leak (where our arena grows with every search), + * and 2) we want the same object to always have the same ID. This means + * the only case the nssCKFWObject_Create() will need the objArena and the + * Session is in the case of token objects (session objects should already + * exist in the cache from their initial creation). So this code is correct, + * but it depends on nssCKFWObject_Create caching all objects. + */ + objArena = nssCKFWToken_GetArena(fwFindObjects->fwToken, pError); + if (!objArena) { + if( CKR_OK == *pError ) { + *pError = CKR_HOST_MEMORY; + } + goto done; + } + + fwObject = nssCKFWObject_Create(objArena, mdObject, + NULL, fwFindObjects->fwToken, + fwFindObjects->fwInstance, pError); + if (!fwObject) { + if( CKR_OK == *pError ) { + *pError = CKR_GENERAL_ERROR; + } + } + + done: + (void)nssCKFWMutex_Unlock(fwFindObjects->mutex); + return fwObject; +} + +/* + * NSSCKFWFindObjects_GetMDFindObjects + * + */ + +NSS_EXTERN NSSCKMDFindObjects * +NSSCKFWFindObjects_GetMDFindObjects +( + NSSCKFWFindObjects *fwFindObjects +) +{ +#ifdef DEBUG + if( CKR_OK != nssCKFWFindObjects_verifyPointer(fwFindObjects) ) { + return (NSSCKMDFindObjects *)NULL; + } +#endif /* DEBUG */ + + return nssCKFWFindObjects_GetMDFindObjects(fwFindObjects); +} diff --git a/security/nss/lib/ckfw/hash.c b/security/nss/lib/ckfw/hash.c new file mode 100644 index 000000000..6caba8f6a --- /dev/null +++ b/security/nss/lib/ckfw/hash.c @@ -0,0 +1,337 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +/* + * hash.c + * + * This is merely a couple wrappers around NSPR's PLHashTable, using + * the identity hash and arena-aware allocators. The reason I did + * this is that hash tables are used in a few places throughout the + * NSS Cryptoki Framework in a fairly stereotyped way, and this allows + * me to pull the commonalities into one place. Should we ever want + * to change the implementation, it's all right here. + */ + +#ifndef CK_T +#include "ck.h" +#endif /* CK_T */ + +/* + * nssCKFWHash + * + * nssCKFWHash_Create + * nssCKFWHash_Destroy + * nssCKFWHash_Add + * nssCKFWHash_Remove + * nssCKFWHash_Count + * nssCKFWHash_Exists + * nssCKFWHash_Lookup + * nssCKFWHash_Iterate + */ + +struct nssCKFWHashStr { + NSSCKFWMutex *mutex; + + /* + * The invariant that mutex protects is: + * The count accurately reflects the hashtable state. + */ + + PLHashTable *plHashTable; + CK_ULONG count; +}; + +static PLHashNumber +nss_ckfw_identity_hash +( + const void *key +) +{ + PRUint32 i = (PRUint32)key; + PR_ASSERT(sizeof(PLHashNumber) == sizeof(PRUint32)); + return (PLHashNumber)i; +} + +/* + * nssCKFWHash_Create + * + */ +NSS_IMPLEMENT nssCKFWHash * +nssCKFWHash_Create +( + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError +) +{ + nssCKFWHash *rv; + +#ifdef NSSDEBUG + if (!pError) { + return (nssCKFWHash *)NULL; + } + + if( PR_SUCCESS != nssArena_verifyPointer(arena) ) { + *pError = CKR_ARGUMENTS_BAD; + return (nssCKFWHash *)NULL; + } +#endif /* NSSDEBUG */ + + rv = nss_ZNEW(arena, nssCKFWHash); + if (!rv) { + *pError = CKR_HOST_MEMORY; + return (nssCKFWHash *)NULL; + } + + rv->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError); + if (!rv->mutex) { + if( CKR_OK == *pError ) { + *pError = CKR_GENERAL_ERROR; + } + return (nssCKFWHash *)NULL; + } + + rv->plHashTable = PL_NewHashTable(0, nss_ckfw_identity_hash, + PL_CompareValues, PL_CompareValues, &nssArenaHashAllocOps, arena); + if (!rv->plHashTable) { + (void)nssCKFWMutex_Destroy(rv->mutex); + (void)nss_ZFreeIf(rv); + *pError = CKR_HOST_MEMORY; + return (nssCKFWHash *)NULL; + } + + rv->count = 0; + + return rv; +} + +/* + * nssCKFWHash_Destroy + * + */ +NSS_IMPLEMENT void +nssCKFWHash_Destroy +( + nssCKFWHash *hash +) +{ + (void)nssCKFWMutex_Destroy(hash->mutex); + PL_HashTableDestroy(hash->plHashTable); + (void)nss_ZFreeIf(hash); +} + +/* + * nssCKFWHash_Add + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWHash_Add +( + nssCKFWHash *hash, + const void *key, + const void *value +) +{ + CK_RV error = CKR_OK; + PLHashEntry *he; + + error = nssCKFWMutex_Lock(hash->mutex); + if( CKR_OK != error ) { + return error; + } + + he = PL_HashTableAdd(hash->plHashTable, key, (void *)value); + if (!he) { + error = CKR_HOST_MEMORY; + } else { + hash->count++; + } + + (void)nssCKFWMutex_Unlock(hash->mutex); + + return error; +} + +/* + * nssCKFWHash_Remove + * + */ +NSS_IMPLEMENT void +nssCKFWHash_Remove +( + nssCKFWHash *hash, + const void *it +) +{ + PRBool found; + + if( CKR_OK != nssCKFWMutex_Lock(hash->mutex) ) { + return; + } + + found = PL_HashTableRemove(hash->plHashTable, it); + if( found ) { + hash->count--; + } + + (void)nssCKFWMutex_Unlock(hash->mutex); + return; +} + +/* + * nssCKFWHash_Count + * + */ +NSS_IMPLEMENT CK_ULONG +nssCKFWHash_Count +( + nssCKFWHash *hash +) +{ + CK_ULONG count; + + if( CKR_OK != nssCKFWMutex_Lock(hash->mutex) ) { + return (CK_ULONG)0; + } + + count = hash->count; + + (void)nssCKFWMutex_Unlock(hash->mutex); + + return count; +} + +/* + * nssCKFWHash_Exists + * + */ +NSS_IMPLEMENT CK_BBOOL +nssCKFWHash_Exists +( + nssCKFWHash *hash, + const void *it +) +{ + void *value; + + if( CKR_OK != nssCKFWMutex_Lock(hash->mutex) ) { + return CK_FALSE; + } + + value = PL_HashTableLookup(hash->plHashTable, it); + + (void)nssCKFWMutex_Unlock(hash->mutex); + + if (!value) { + return CK_FALSE; + } else { + return CK_TRUE; + } +} + +/* + * nssCKFWHash_Lookup + * + */ +NSS_IMPLEMENT void * +nssCKFWHash_Lookup +( + nssCKFWHash *hash, + const void *it +) +{ + void *rv; + + if( CKR_OK != nssCKFWMutex_Lock(hash->mutex) ) { + return (void *)NULL; + } + + rv = PL_HashTableLookup(hash->plHashTable, it); + + (void)nssCKFWMutex_Unlock(hash->mutex); + + return rv; +} + +struct arg_str { + nssCKFWHashIterator fcn; + void *closure; +}; + +static PRIntn +nss_ckfwhash_enumerator +( + PLHashEntry *he, + PRIntn index, + void *arg +) +{ + struct arg_str *as = (struct arg_str *)arg; + as->fcn(he->key, he->value, as->closure); + return HT_ENUMERATE_NEXT; +} + +/* + * nssCKFWHash_Iterate + * + * NOTE that the iteration function will be called with the hashtable locked. + */ +NSS_IMPLEMENT void +nssCKFWHash_Iterate +( + nssCKFWHash *hash, + nssCKFWHashIterator fcn, + void *closure +) +{ + struct arg_str as; + as.fcn = fcn; + as.closure = closure; + + if( CKR_OK != nssCKFWMutex_Lock(hash->mutex) ) { + return; + } + + PL_HashTableEnumerateEntries(hash->plHashTable, nss_ckfwhash_enumerator, &as); + + (void)nssCKFWMutex_Unlock(hash->mutex); + + return; +} diff --git a/security/nss/lib/ckfw/instance.c b/security/nss/lib/ckfw/instance.c new file mode 100644 index 000000000..7c269dbb2 --- /dev/null +++ b/security/nss/lib/ckfw/instance.c @@ -0,0 +1,1372 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +/* + * instance.c + * + * This file implements the NSSCKFWInstance type and methods. + */ + +#ifndef CK_T +#include "ck.h" +#endif /* CK_T */ + +/* + * NSSCKFWInstance + * + * -- create/destroy -- + * nssCKFWInstance_Create + * nssCKFWInstance_Destroy + * + * -- public accessors -- + * NSSCKFWInstance_GetMDInstance + * NSSCKFWInstance_GetArena + * NSSCKFWInstance_MayCreatePthreads + * NSSCKFWInstance_CreateMutex + * NSSCKFWInstance_GetConfigurationData + * NSSCKFWInstance_GetInitArgs + * + * -- implement public accessors -- + * nssCKFWInstance_GetMDInstance + * nssCKFWInstance_GetArena + * nssCKFWInstance_MayCreatePthreads + * nssCKFWInstance_CreateMutex + * nssCKFWInstance_GetConfigurationData + * nssCKFWInstance_GetInitArgs + * + * -- private accessors -- + * nssCKFWInstance_CreateSessionHandle + * nssCKFWInstance_ResolveSessionHandle + * nssCKFWInstance_DestroySessionHandle + * nssCKFWInstance_FindSessionHandle + * nssCKFWInstance_CreateObjectHandle + * nssCKFWInstance_ResolveObjectHandle + * nssCKFWInstance_DestroyObjectHandle + * + * -- module fronts -- + * nssCKFWInstance_GetNSlots + * nssCKFWInstance_GetCryptokiVersion + * nssCKFWInstance_GetManufacturerID + * nssCKFWInstance_GetFlags + * nssCKFWInstance_GetLibraryDescription + * nssCKFWInstance_GetLibraryVersion + * nssCKFWInstance_GetModuleHandlesSessionObjects + * nssCKFWInstance_GetSlots + * nssCKFWInstance_WaitForSlotEvent + * + * -- debugging versions only -- + * nssCKFWInstance_verifyPointer + */ + +struct NSSCKFWInstanceStr { + NSSCKFWMutex *mutex; + NSSArena *arena; + NSSCKMDInstance *mdInstance; + CK_C_INITIALIZE_ARGS_PTR pInitArgs; + CK_C_INITIALIZE_ARGS initArgs; + CryptokiLockingState LockingState; + CK_BBOOL mayCreatePthreads; + NSSUTF8 *configurationData; + CK_ULONG nSlots; + NSSCKFWSlot **fwSlotList; + NSSCKMDSlot **mdSlotList; + CK_BBOOL moduleHandlesSessionObjects; + + /* + * Everything above is set at creation time, and then not modified. + * The invariants the mutex protects are: + * + * 1) Each of the cached descriptions (versions, etc.) are in an + * internally consistant state. + * + * 2) The session handle hashes and count are consistant + * + * 3) The object handle hashes and count are consistant. + * + * I could use multiple locks, but let's wait to see if that's + * really necessary. + * + * Note that the calls accessing the cached descriptions will + * call the NSSCKMDInstance methods with the mutex locked. Those + * methods may then call the public NSSCKFWInstance routines. + * Those public routines only access the constant data above, so + * there's no problem. But be careful if you add to this object; + * mutexes are in general not reentrant, so don't create deadlock + * situations. + */ + + CK_VERSION cryptokiVersion; + NSSUTF8 *manufacturerID; + NSSUTF8 *libraryDescription; + CK_VERSION libraryVersion; + + CK_ULONG lastSessionHandle; + nssCKFWHash *sessionHandleHash; + + CK_ULONG lastObjectHandle; + nssCKFWHash *objectHandleHash; +}; + +#ifdef DEBUG +/* + * But first, the pointer-tracking stuff. + * + * NOTE: the pointer-tracking support in NSS/base currently relies + * upon NSPR's CallOnce support. That, however, relies upon NSPR's + * locking, which is tied into the runtime. We need a pointer-tracker + * implementation that uses the locks supplied through C_Initialize. + * That support, however, can be filled in later. So for now, I'll + * just do this routines as no-ops. + */ + +static CK_RV +instance_add_pointer +( + const NSSCKFWInstance *fwInstance +) +{ + return CKR_OK; +} + +static CK_RV +instance_remove_pointer +( + const NSSCKFWInstance *fwInstance +) +{ + return CKR_OK; +} + +NSS_IMPLEMENT CK_RV +nssCKFWInstance_verifyPointer +( + const NSSCKFWInstance *fwInstance +) +{ + return CKR_OK; +} + +#endif /* DEBUG */ + +/* + * nssCKFWInstance_Create + * + */ +NSS_IMPLEMENT NSSCKFWInstance * +nssCKFWInstance_Create +( + CK_C_INITIALIZE_ARGS_PTR pInitArgs, + CryptokiLockingState LockingState, + NSSCKMDInstance *mdInstance, + CK_RV *pError +) +{ + NSSCKFWInstance *fwInstance; + NSSArena *arena = (NSSArena *)NULL; + CK_ULONG i; + CK_BBOOL called_Initialize = CK_FALSE; + +#ifdef NSSDEBUG + if( (CK_RV)NULL == pError ) { + return (NSSCKFWInstance *)NULL; + } + + if (!mdInstance) { + *pError = CKR_ARGUMENTS_BAD; + return (NSSCKFWInstance *)NULL; + } +#endif /* NSSDEBUG */ + + arena = NSSArena_Create(); + if (!arena) { + *pError = CKR_HOST_MEMORY; + return (NSSCKFWInstance *)NULL; + } + + fwInstance = nss_ZNEW(arena, NSSCKFWInstance); + if (!fwInstance) { + goto nomem; + } + + fwInstance->arena = arena; + fwInstance->mdInstance = mdInstance; + + fwInstance->LockingState = LockingState; + if( (CK_C_INITIALIZE_ARGS_PTR)NULL != pInitArgs ) { + fwInstance->initArgs = *pInitArgs; + fwInstance->pInitArgs = &fwInstance->initArgs; + if( pInitArgs->flags & CKF_LIBRARY_CANT_CREATE_OS_THREADS ) { + fwInstance->mayCreatePthreads = CK_FALSE; + } else { + fwInstance->mayCreatePthreads = CK_TRUE; + } + fwInstance->configurationData = (NSSUTF8 *)(pInitArgs->pReserved); + } else { + fwInstance->mayCreatePthreads = CK_TRUE; + } + + fwInstance->mutex = nssCKFWMutex_Create(pInitArgs, LockingState, arena, + pError); + if (!fwInstance->mutex) { + if( CKR_OK == *pError ) { + *pError = CKR_GENERAL_ERROR; + } + goto loser; + } + + if (mdInstance->Initialize) { + *pError = mdInstance->Initialize(mdInstance, fwInstance, fwInstance->configurationData); + if( CKR_OK != *pError ) { + goto loser; + } + + called_Initialize = CK_TRUE; + } + + if (mdInstance->ModuleHandlesSessionObjects) { + fwInstance->moduleHandlesSessionObjects = + mdInstance->ModuleHandlesSessionObjects(mdInstance, fwInstance); + } else { + fwInstance->moduleHandlesSessionObjects = CK_FALSE; + } + + if (!mdInstance->GetNSlots) { + /* That routine is required */ + *pError = CKR_GENERAL_ERROR; + goto loser; + } + + fwInstance->nSlots = mdInstance->GetNSlots(mdInstance, fwInstance, pError); + if( (CK_ULONG)0 == fwInstance->nSlots ) { + if( CKR_OK == *pError ) { + /* Zero is not a legitimate answer */ + *pError = CKR_GENERAL_ERROR; + } + goto loser; + } + + fwInstance->fwSlotList = nss_ZNEWARRAY(arena, NSSCKFWSlot *, fwInstance->nSlots); + if( (NSSCKFWSlot **)NULL == fwInstance->fwSlotList ) { + goto nomem; + } + + fwInstance->mdSlotList = nss_ZNEWARRAY(arena, NSSCKMDSlot *, fwInstance->nSlots); + if( (NSSCKMDSlot **)NULL == fwInstance->mdSlotList ) { + goto nomem; + } + + fwInstance->sessionHandleHash = nssCKFWHash_Create(fwInstance, + fwInstance->arena, pError); + if (!fwInstance->sessionHandleHash) { + goto loser; + } + + fwInstance->objectHandleHash = nssCKFWHash_Create(fwInstance, + fwInstance->arena, pError); + if (!fwInstance->objectHandleHash) { + goto loser; + } + + if (!mdInstance->GetSlots) { + /* That routine is required */ + *pError = CKR_GENERAL_ERROR; + goto loser; + } + + *pError = mdInstance->GetSlots(mdInstance, fwInstance, fwInstance->mdSlotList); + if( CKR_OK != *pError ) { + goto loser; + } + + for( i = 0; i < fwInstance->nSlots; i++ ) { + NSSCKMDSlot *mdSlot = fwInstance->mdSlotList[i]; + + if (!mdSlot) { + *pError = CKR_GENERAL_ERROR; + goto loser; + } + + fwInstance->fwSlotList[i] = nssCKFWSlot_Create(fwInstance, mdSlot, i, pError); + if( CKR_OK != *pError ) { + CK_ULONG j; + + for( j = 0; j < i; j++ ) { + (void)nssCKFWSlot_Destroy(fwInstance->fwSlotList[j]); + } + + for( j = i; j < fwInstance->nSlots; j++ ) { + NSSCKMDSlot *mds = fwInstance->mdSlotList[j]; + if (mds->Destroy) { + mds->Destroy(mds, (NSSCKFWSlot *)NULL, mdInstance, fwInstance); + } + } + + goto loser; + } + } + +#ifdef DEBUG + *pError = instance_add_pointer(fwInstance); + if( CKR_OK != *pError ) { + for( i = 0; i < fwInstance->nSlots; i++ ) { + (void)nssCKFWSlot_Destroy(fwInstance->fwSlotList[i]); + } + + goto loser; + } +#endif /* DEBUG */ + + *pError = CKR_OK; + return fwInstance; + + nomem: + *pError = CKR_HOST_MEMORY; + /*FALLTHROUGH*/ + loser: + + if( CK_TRUE == called_Initialize ) { + if (mdInstance->Finalize) { + mdInstance->Finalize(mdInstance, fwInstance); + } + } + + if (arena) { + (void)NSSArena_Destroy(arena); + } + return (NSSCKFWInstance *)NULL; +} + +/* + * nssCKFWInstance_Destroy + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWInstance_Destroy +( + NSSCKFWInstance *fwInstance +) +{ +#ifdef NSSDEBUG + CK_RV error = CKR_OK; +#endif /* NSSDEBUG */ + CK_ULONG i; + +#ifdef NSSDEBUG + error = nssCKFWInstance_verifyPointer(fwInstance); + if( CKR_OK != error ) { + return error; + } +#endif /* NSSDEBUG */ + + nssCKFWMutex_Destroy(fwInstance->mutex); + + for( i = 0; i < fwInstance->nSlots; i++ ) { + (void)nssCKFWSlot_Destroy(fwInstance->fwSlotList[i]); + } + + if (fwInstance->mdInstance->Finalize) { + fwInstance->mdInstance->Finalize(fwInstance->mdInstance, fwInstance); + } + + if (fwInstance->sessionHandleHash) { + nssCKFWHash_Destroy(fwInstance->sessionHandleHash); + } + + if (fwInstance->objectHandleHash) { + nssCKFWHash_Destroy(fwInstance->objectHandleHash); + } + +#ifdef DEBUG + (void)instance_remove_pointer(fwInstance); +#endif /* DEBUG */ + + (void)NSSArena_Destroy(fwInstance->arena); + return CKR_OK; +} + +/* + * nssCKFWInstance_GetMDInstance + * + */ +NSS_IMPLEMENT NSSCKMDInstance * +nssCKFWInstance_GetMDInstance +( + NSSCKFWInstance *fwInstance +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { + return (NSSCKMDInstance *)NULL; + } +#endif /* NSSDEBUG */ + + return fwInstance->mdInstance; +} + +/* + * nssCKFWInstance_GetArena + * + */ +NSS_IMPLEMENT NSSArena * +nssCKFWInstance_GetArena +( + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ +#ifdef NSSDEBUG + if (!pError) { + return (NSSArena *)NULL; + } + + *pError = nssCKFWInstance_verifyPointer(fwInstance); + if( CKR_OK != *pError ) { + return (NSSArena *)NULL; + } +#endif /* NSSDEBUG */ + + *pError = CKR_OK; + return fwInstance->arena; +} + +/* + * nssCKFWInstance_MayCreatePthreads + * + */ +NSS_IMPLEMENT CK_BBOOL +nssCKFWInstance_MayCreatePthreads +( + NSSCKFWInstance *fwInstance +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { + return CK_FALSE; + } +#endif /* NSSDEBUG */ + + return fwInstance->mayCreatePthreads; +} + +/* + * nssCKFWInstance_CreateMutex + * + */ +NSS_IMPLEMENT NSSCKFWMutex * +nssCKFWInstance_CreateMutex +( + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError +) +{ + NSSCKFWMutex *mutex; + +#ifdef NSSDEBUG + if (!pError) { + return (NSSCKFWMutex *)NULL; + } + + *pError = nssCKFWInstance_verifyPointer(fwInstance); + if( CKR_OK != *pError ) { + return (NSSCKFWMutex *)NULL; + } +#endif /* NSSDEBUG */ + + mutex = nssCKFWMutex_Create(fwInstance->pInitArgs, fwInstance->LockingState, + arena, pError); + if (!mutex) { + if( CKR_OK == *pError ) { + *pError = CKR_GENERAL_ERROR; + } + + return (NSSCKFWMutex *)NULL; + } + + return mutex; +} + +/* + * nssCKFWInstance_GetConfigurationData + * + */ +NSS_IMPLEMENT NSSUTF8 * +nssCKFWInstance_GetConfigurationData +( + NSSCKFWInstance *fwInstance +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { + return (NSSUTF8 *)NULL; + } +#endif /* NSSDEBUG */ + + return fwInstance->configurationData; +} + +/* + * nssCKFWInstance_GetInitArgs + * + */ +CK_C_INITIALIZE_ARGS_PTR +nssCKFWInstance_GetInitArgs +( + NSSCKFWInstance *fwInstance +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { + return (CK_C_INITIALIZE_ARGS_PTR)NULL; + } +#endif /* NSSDEBUG */ + + return fwInstance->pInitArgs; +} + +/* + * nssCKFWInstance_CreateSessionHandle + * + */ +NSS_IMPLEMENT CK_SESSION_HANDLE +nssCKFWInstance_CreateSessionHandle +( + NSSCKFWInstance *fwInstance, + NSSCKFWSession *fwSession, + CK_RV *pError +) +{ + CK_SESSION_HANDLE hSession; + +#ifdef NSSDEBUG + if (!pError) { + return (CK_SESSION_HANDLE)0; + } + + *pError = nssCKFWInstance_verifyPointer(fwInstance); + if( CKR_OK != *pError ) { + return (CK_SESSION_HANDLE)0; + } +#endif /* NSSDEBUG */ + + *pError = nssCKFWMutex_Lock(fwInstance->mutex); + if( CKR_OK != *pError ) { + return (CK_SESSION_HANDLE)0; + } + + hSession = ++(fwInstance->lastSessionHandle); + + /* Alan would say I should unlock for this call. */ + + *pError = nssCKFWSession_SetHandle(fwSession, hSession); + if( CKR_OK != *pError ) { + goto done; + } + + *pError = nssCKFWHash_Add(fwInstance->sessionHandleHash, + (const void *)hSession, (const void *)fwSession); + if( CKR_OK != *pError ) { + hSession = (CK_SESSION_HANDLE)0; + goto done; + } + + done: + nssCKFWMutex_Unlock(fwInstance->mutex); + return hSession; +} + +/* + * nssCKFWInstance_ResolveSessionHandle + * + */ +NSS_IMPLEMENT NSSCKFWSession * +nssCKFWInstance_ResolveSessionHandle +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession +) +{ + NSSCKFWSession *fwSession; + +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { + return (NSSCKFWSession *)NULL; + } +#endif /* NSSDEBUG */ + + if( CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex) ) { + return (NSSCKFWSession *)NULL; + } + + fwSession = (NSSCKFWSession *)nssCKFWHash_Lookup( + fwInstance->sessionHandleHash, (const void *)hSession); + + /* Assert(hSession == nssCKFWSession_GetHandle(fwSession)) */ + + (void)nssCKFWMutex_Unlock(fwInstance->mutex); + + return fwSession; +} + +/* + * nssCKFWInstance_DestroySessionHandle + * + */ +NSS_IMPLEMENT void +nssCKFWInstance_DestroySessionHandle +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession +) +{ + NSSCKFWSession *fwSession; + +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { + return; + } +#endif /* NSSDEBUG */ + + if( CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex) ) { + return; + } + + fwSession = (NSSCKFWSession *)nssCKFWHash_Lookup( + fwInstance->sessionHandleHash, (const void *)hSession); + if (fwSession) { + nssCKFWHash_Remove(fwInstance->sessionHandleHash, (const void *)hSession); + nssCKFWSession_SetHandle(fwSession, (CK_SESSION_HANDLE)0); + } + + (void)nssCKFWMutex_Unlock(fwInstance->mutex); + + return; +} + +/* + * nssCKFWInstance_FindSessionHandle + * + */ +NSS_IMPLEMENT CK_SESSION_HANDLE +nssCKFWInstance_FindSessionHandle +( + NSSCKFWInstance *fwInstance, + NSSCKFWSession *fwSession +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { + return (CK_SESSION_HANDLE)0; + } + + if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { + return (CK_SESSION_HANDLE)0; + } +#endif /* NSSDEBUG */ + + return nssCKFWSession_GetHandle(fwSession); + /* look it up and assert? */ +} + +/* + * nssCKFWInstance_CreateObjectHandle + * + */ +NSS_IMPLEMENT CK_OBJECT_HANDLE +nssCKFWInstance_CreateObjectHandle +( + NSSCKFWInstance *fwInstance, + NSSCKFWObject *fwObject, + CK_RV *pError +) +{ + CK_OBJECT_HANDLE hObject; + +#ifdef NSSDEBUG + if (!pError) { + return (CK_OBJECT_HANDLE)0; + } + + *pError = nssCKFWInstance_verifyPointer(fwInstance); + if( CKR_OK != *pError ) { + return (CK_OBJECT_HANDLE)0; + } +#endif /* NSSDEBUG */ + + *pError = nssCKFWMutex_Lock(fwInstance->mutex); + if( CKR_OK != *pError ) { + return (CK_OBJECT_HANDLE)0; + } + + hObject = ++(fwInstance->lastObjectHandle); + + *pError = nssCKFWObject_SetHandle(fwObject, hObject); + if( CKR_OK != *pError ) { + hObject = (CK_OBJECT_HANDLE)0; + goto done; + } + + *pError = nssCKFWHash_Add(fwInstance->objectHandleHash, + (const void *)hObject, (const void *)fwObject); + if( CKR_OK != *pError ) { + hObject = (CK_OBJECT_HANDLE)0; + goto done; + } + + done: + (void)nssCKFWMutex_Unlock(fwInstance->mutex); + return hObject; +} + +/* + * nssCKFWInstance_ResolveObjectHandle + * + */ +NSS_IMPLEMENT NSSCKFWObject * +nssCKFWInstance_ResolveObjectHandle +( + NSSCKFWInstance *fwInstance, + CK_OBJECT_HANDLE hObject +) +{ + NSSCKFWObject *fwObject; + +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { + return (NSSCKFWObject *)NULL; + } +#endif /* NSSDEBUG */ + + if( CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex) ) { + return (NSSCKFWObject *)NULL; + } + + fwObject = (NSSCKFWObject *)nssCKFWHash_Lookup( + fwInstance->objectHandleHash, (const void *)hObject); + + /* Assert(hObject == nssCKFWObject_GetHandle(fwObject)) */ + + (void)nssCKFWMutex_Unlock(fwInstance->mutex); + return fwObject; +} + +/* + * nssCKFWInstance_ReassignObjectHandle + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWInstance_ReassignObjectHandle +( + NSSCKFWInstance *fwInstance, + CK_OBJECT_HANDLE hObject, + NSSCKFWObject *fwObject +) +{ + CK_RV error = CKR_OK; + NSSCKFWObject *oldObject; + +#ifdef NSSDEBUG + error = nssCKFWInstance_verifyPointer(fwInstance); + if( CKR_OK != error ) { + return error; + } +#endif /* NSSDEBUG */ + + error = nssCKFWMutex_Lock(fwInstance->mutex); + if( CKR_OK != error ) { + return error; + } + + oldObject = (NSSCKFWObject *)nssCKFWHash_Lookup( + fwInstance->objectHandleHash, (const void *)hObject); + if(oldObject) { + /* Assert(hObject == nssCKFWObject_GetHandle(oldObject) */ + (void)nssCKFWObject_SetHandle(oldObject, (CK_SESSION_HANDLE)0); + nssCKFWHash_Remove(fwInstance->objectHandleHash, (const void *)hObject); + } + + error = nssCKFWObject_SetHandle(fwObject, hObject); + if( CKR_OK != error ) { + goto done; + } + error = nssCKFWHash_Add(fwInstance->objectHandleHash, + (const void *)hObject, (const void *)fwObject); + + done: + (void)nssCKFWMutex_Unlock(fwInstance->mutex); + return error; +} + +/* + * nssCKFWInstance_DestroyObjectHandle + * + */ +NSS_IMPLEMENT void +nssCKFWInstance_DestroyObjectHandle +( + NSSCKFWInstance *fwInstance, + CK_OBJECT_HANDLE hObject +) +{ + NSSCKFWObject *fwObject; + +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { + return; + } +#endif /* NSSDEBUG */ + + if( CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex) ) { + return; + } + + fwObject = (NSSCKFWObject *)nssCKFWHash_Lookup( + fwInstance->objectHandleHash, (const void *)hObject); + if (fwObject) { + /* Assert(hObject = nssCKFWObject_GetHandle(fwObject)) */ + nssCKFWHash_Remove(fwInstance->objectHandleHash, (const void *)hObject); + (void)nssCKFWObject_SetHandle(fwObject, (CK_SESSION_HANDLE)0); + } + + (void)nssCKFWMutex_Unlock(fwInstance->mutex); + return; +} + +/* + * nssCKFWInstance_FindObjectHandle + * + */ +NSS_IMPLEMENT CK_OBJECT_HANDLE +nssCKFWInstance_FindObjectHandle +( + NSSCKFWInstance *fwInstance, + NSSCKFWObject *fwObject +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { + return (CK_OBJECT_HANDLE)0; + } + + if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) { + return (CK_OBJECT_HANDLE)0; + } +#endif /* NSSDEBUG */ + + return nssCKFWObject_GetHandle(fwObject); +} + +/* + * nssCKFWInstance_GetNSlots + * + */ +NSS_IMPLEMENT CK_ULONG +nssCKFWInstance_GetNSlots +( + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ +#ifdef NSSDEBUG + if (!pError) { + return (CK_ULONG)0; + } + + *pError = nssCKFWInstance_verifyPointer(fwInstance); + if( CKR_OK != *pError ) { + return (CK_ULONG)0; + } +#endif /* NSSDEBUG */ + + *pError = CKR_OK; + return fwInstance->nSlots; +} + +/* + * nssCKFWInstance_GetCryptokiVersion + * + */ +NSS_IMPLEMENT CK_VERSION +nssCKFWInstance_GetCryptokiVersion +( + NSSCKFWInstance *fwInstance +) +{ + CK_VERSION rv; + +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { + rv.major = rv.minor = 0; + return rv; + } +#endif /* NSSDEBUG */ + + if( CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex) ) { + rv.major = rv.minor = 0; + return rv; + } + + if( (0 != fwInstance->cryptokiVersion.major) || + (0 != fwInstance->cryptokiVersion.minor) ) { + rv = fwInstance->cryptokiVersion; + goto done; + } + + if (fwInstance->mdInstance->GetCryptokiVersion) { + fwInstance->cryptokiVersion = fwInstance->mdInstance->GetCryptokiVersion( + fwInstance->mdInstance, fwInstance); + } else { + fwInstance->cryptokiVersion.major = 2; + fwInstance->cryptokiVersion.minor = 1; + } + + rv = fwInstance->cryptokiVersion; + + done: + (void)nssCKFWMutex_Unlock(fwInstance->mutex); + return rv; +} + +/* + * nssCKFWInstance_GetManufacturerID + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWInstance_GetManufacturerID +( + NSSCKFWInstance *fwInstance, + CK_CHAR manufacturerID[32] +) +{ + CK_RV error = CKR_OK; + +#ifdef NSSDEBUG + if( (CK_CHAR_PTR)NULL == manufacturerID ) { + return CKR_ARGUMENTS_BAD; + } + + error = nssCKFWInstance_verifyPointer(fwInstance); + if( CKR_OK != error ) { + return error; + } +#endif /* NSSDEBUG */ + + error = nssCKFWMutex_Lock(fwInstance->mutex); + if( CKR_OK != error ) { + return error; + } + + if (!fwInstance->manufacturerID) { + if (fwInstance->mdInstance->GetManufacturerID) { + fwInstance->manufacturerID = fwInstance->mdInstance->GetManufacturerID( + fwInstance->mdInstance, fwInstance, &error); + if ((!fwInstance->manufacturerID) && (CKR_OK != error)) { + goto done; + } + } else { + fwInstance->manufacturerID = (NSSUTF8 *) ""; + } + } + + (void)nssUTF8_CopyIntoFixedBuffer(fwInstance->manufacturerID, (char *)manufacturerID, 32, ' '); + error = CKR_OK; + + done: + (void)nssCKFWMutex_Unlock(fwInstance->mutex); + return error; +} + +/* + * nssCKFWInstance_GetFlags + * + */ +NSS_IMPLEMENT CK_ULONG +nssCKFWInstance_GetFlags +( + NSSCKFWInstance *fwInstance +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { + return (CK_ULONG)0; + } +#endif /* NSSDEBUG */ + + /* No "instance flags" are yet defined by Cryptoki. */ + return (CK_ULONG)0; +} + +/* + * nssCKFWInstance_GetLibraryDescription + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWInstance_GetLibraryDescription +( + NSSCKFWInstance *fwInstance, + CK_CHAR libraryDescription[32] +) +{ + CK_RV error = CKR_OK; + +#ifdef NSSDEBUG + if( (CK_CHAR_PTR)NULL == libraryDescription ) { + return CKR_ARGUMENTS_BAD; + } + + error = nssCKFWInstance_verifyPointer(fwInstance); + if( CKR_OK != error ) { + return error; + } +#endif /* NSSDEBUG */ + + error = nssCKFWMutex_Lock(fwInstance->mutex); + if( CKR_OK != error ) { + return error; + } + + if (!fwInstance->libraryDescription) { + if (fwInstance->mdInstance->GetLibraryDescription) { + fwInstance->libraryDescription = fwInstance->mdInstance->GetLibraryDescription( + fwInstance->mdInstance, fwInstance, &error); + if ((!fwInstance->libraryDescription) && (CKR_OK != error)) { + goto done; + } + } else { + fwInstance->libraryDescription = (NSSUTF8 *) ""; + } + } + + (void)nssUTF8_CopyIntoFixedBuffer(fwInstance->libraryDescription, (char *)libraryDescription, 32, ' '); + error = CKR_OK; + + done: + (void)nssCKFWMutex_Unlock(fwInstance->mutex); + return error; +} + +/* + * nssCKFWInstance_GetLibraryVersion + * + */ +NSS_IMPLEMENT CK_VERSION +nssCKFWInstance_GetLibraryVersion +( + NSSCKFWInstance *fwInstance +) +{ + CK_VERSION rv; + +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { + rv.major = rv.minor = 0; + return rv; + } +#endif /* NSSDEBUG */ + + if( CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex) ) { + rv.major = rv.minor = 0; + return rv; + } + + if( (0 != fwInstance->libraryVersion.major) || + (0 != fwInstance->libraryVersion.minor) ) { + rv = fwInstance->libraryVersion; + goto done; + } + + if (fwInstance->mdInstance->GetLibraryVersion) { + fwInstance->libraryVersion = fwInstance->mdInstance->GetLibraryVersion( + fwInstance->mdInstance, fwInstance); + } else { + fwInstance->libraryVersion.major = 0; + fwInstance->libraryVersion.minor = 3; + } + + rv = fwInstance->libraryVersion; + done: + (void)nssCKFWMutex_Unlock(fwInstance->mutex); + return rv; +} + +/* + * nssCKFWInstance_GetModuleHandlesSessionObjects + * + */ +NSS_IMPLEMENT CK_BBOOL +nssCKFWInstance_GetModuleHandlesSessionObjects +( + NSSCKFWInstance *fwInstance +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { + return CK_FALSE; + } +#endif /* NSSDEBUG */ + + return fwInstance->moduleHandlesSessionObjects; +} + +/* + * nssCKFWInstance_GetSlots + * + */ +NSS_IMPLEMENT NSSCKFWSlot ** +nssCKFWInstance_GetSlots +( + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ +#ifdef NSSDEBUG + if (!pError) { + return (NSSCKFWSlot **)NULL; + } + + *pError = nssCKFWInstance_verifyPointer(fwInstance); + if( CKR_OK != *pError ) { + return (NSSCKFWSlot **)NULL; + } +#endif /* NSSDEBUG */ + + return fwInstance->fwSlotList; +} + +/* + * nssCKFWInstance_WaitForSlotEvent + * + */ +NSS_IMPLEMENT NSSCKFWSlot * +nssCKFWInstance_WaitForSlotEvent +( + NSSCKFWInstance *fwInstance, + CK_BBOOL block, + CK_RV *pError +) +{ + NSSCKFWSlot *fwSlot = (NSSCKFWSlot *)NULL; + NSSCKMDSlot *mdSlot; + CK_ULONG i, n; + +#ifdef NSSDEBUG + if (!pError) { + return (NSSCKFWSlot *)NULL; + } + + *pError = nssCKFWInstance_verifyPointer(fwInstance); + if( CKR_OK != *pError ) { + return (NSSCKFWSlot *)NULL; + } + + switch( block ) { + case CK_TRUE: + case CK_FALSE: + break; + default: + *pError = CKR_ARGUMENTS_BAD; + return (NSSCKFWSlot *)NULL; + } +#endif /* NSSDEBUG */ + + if (!fwInstance->mdInstance->WaitForSlotEvent) { + *pError = CKR_NO_EVENT; + return (NSSCKFWSlot *)NULL; + } + + mdSlot = fwInstance->mdInstance->WaitForSlotEvent( + fwInstance->mdInstance, + fwInstance, + block, + pError + ); + + if (!mdSlot) { + return (NSSCKFWSlot *)NULL; + } + + n = nssCKFWInstance_GetNSlots(fwInstance, pError); + if( ((CK_ULONG)0 == n) && (CKR_OK != *pError) ) { + return (NSSCKFWSlot *)NULL; + } + + for( i = 0; i < n; i++ ) { + if( fwInstance->mdSlotList[i] == mdSlot ) { + fwSlot = fwInstance->fwSlotList[i]; + break; + } + } + + if (!fwSlot) { + /* Internal error */ + *pError = CKR_GENERAL_ERROR; + return (NSSCKFWSlot *)NULL; + } + + return fwSlot; +} + +/* + * NSSCKFWInstance_GetMDInstance + * + */ +NSS_IMPLEMENT NSSCKMDInstance * +NSSCKFWInstance_GetMDInstance +( + NSSCKFWInstance *fwInstance +) +{ +#ifdef DEBUG + if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { + return (NSSCKMDInstance *)NULL; + } +#endif /* DEBUG */ + + return nssCKFWInstance_GetMDInstance(fwInstance); +} + +/* + * NSSCKFWInstance_GetArena + * + */ +NSS_IMPLEMENT NSSArena * +NSSCKFWInstance_GetArena +( + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ +#ifdef DEBUG + if (!pError) { + return (NSSArena *)NULL; + } + + *pError = nssCKFWInstance_verifyPointer(fwInstance); + if( CKR_OK != *pError ) { + return (NSSArena *)NULL; + } +#endif /* DEBUG */ + + return nssCKFWInstance_GetArena(fwInstance, pError); +} + +/* + * NSSCKFWInstance_MayCreatePthreads + * + */ +NSS_IMPLEMENT CK_BBOOL +NSSCKFWInstance_MayCreatePthreads +( + NSSCKFWInstance *fwInstance +) +{ +#ifdef DEBUG + if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { + return CK_FALSE; + } +#endif /* DEBUG */ + + return nssCKFWInstance_MayCreatePthreads(fwInstance); +} + +/* + * NSSCKFWInstance_CreateMutex + * + */ +NSS_IMPLEMENT NSSCKFWMutex * +NSSCKFWInstance_CreateMutex +( + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError +) +{ +#ifdef DEBUG + if (!pError) { + return (NSSCKFWMutex *)NULL; + } + + *pError = nssCKFWInstance_verifyPointer(fwInstance); + if( CKR_OK != *pError ) { + return (NSSCKFWMutex *)NULL; + } +#endif /* DEBUG */ + + return nssCKFWInstance_CreateMutex(fwInstance, arena, pError); +} + +/* + * NSSCKFWInstance_GetConfigurationData + * + */ +NSS_IMPLEMENT NSSUTF8 * +NSSCKFWInstance_GetConfigurationData +( + NSSCKFWInstance *fwInstance +) +{ +#ifdef DEBUG + if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { + return (NSSUTF8 *)NULL; + } +#endif /* DEBUG */ + + return nssCKFWInstance_GetConfigurationData(fwInstance); +} + +/* + * NSSCKFWInstance_GetInitArgs + * + */ +NSS_IMPLEMENT CK_C_INITIALIZE_ARGS_PTR +NSSCKFWInstance_GetInitArgs +( + NSSCKFWInstance *fwInstance +) +{ +#ifdef DEBUG + if( CKR_OK != nssCKFWInstance_verifyPointer(fwInstance) ) { + return (CK_C_INITIALIZE_ARGS_PTR)NULL; + } +#endif /* DEBUG */ + + return nssCKFWInstance_GetInitArgs(fwInstance); +} + diff --git a/security/nss/lib/ckfw/manifest.mn b/security/nss/lib/ckfw/manifest.mn new file mode 100644 index 000000000..977e07082 --- /dev/null +++ b/security/nss/lib/ckfw/manifest.mn @@ -0,0 +1,86 @@ +# +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is +# Netscape Communications Corporation. +# Portions created by the Initial Developer are Copyright (C) 1994-2000 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** +MANIFEST_CVS_ID = "@(#) $RCSfile$ $Revision$ $Date$" + +CORE_DEPTH = ../../.. + +DIRS = builtins + +PRIVATE_EXPORTS = \ + ck.h \ + ckfw.h \ + ckfwm.h \ + ckfwtm.h \ + ckmd.h \ + ckt.h \ + $(NULL) + +EXPORTS = \ + nssck.api \ + nssckepv.h \ + nssckft.h \ + nssckfw.h \ + nssckfwc.h \ + nssckfwt.h \ + nssckg.h \ + nssckmdt.h \ + nssckt.h \ + $(NULL) + +MODULE = nss + +CSRCS = \ + crypto.c \ + find.c \ + hash.c \ + instance.c \ + mutex.c \ + object.c \ + session.c \ + sessobj.c \ + slot.c \ + token.c \ + wrap.c \ + mechanism.c \ + $(NULL) + +REQUIRES = nspr + +LIBRARY_NAME = nssckfw + +# This part of the code, including all sub-dirs, can be optimized for size +export ALLOW_OPT_CODE_SIZE = 1 diff --git a/security/nss/lib/ckfw/mechanism.c b/security/nss/lib/ckfw/mechanism.c new file mode 100644 index 000000000..58b9583fc --- /dev/null +++ b/security/nss/lib/ckfw/mechanism.c @@ -0,0 +1,1218 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +/* + * mechanism.c + * + * This file implements the NSSCKFWMechanism type and methods. + */ + +#ifndef CK_T +#include "ck.h" +#endif /* CK_T */ + +/* + * NSSCKFWMechanism + * + * -- create/destroy -- + * nssCKFWMechanism_Create + * nssCKFWMechanism_Destroy + * + * -- implement public accessors -- + * nssCKFWMechanism_GetMDMechanism + * nssCKFWMechanism_GetParameter + * + * -- private accessors -- + * + * -- module fronts -- + * nssCKFWMechanism_GetMinKeySize + * nssCKFWMechanism_GetMaxKeySize + * nssCKFWMechanism_GetInHardware + * nssCKFWMechanism_GetCanEncrypt + * nssCKFWMechanism_GetCanDecrypt + * nssCKFWMechanism_GetCanDigest + * nssCKFWMechanism_GetCanSign + * nssCKFWMechanism_GetCanSignRecover + * nssCKFWMechanism_GetCanVerify + * nssCKFWMechanism_GetCanGenerate + * nssCKFWMechanism_GetCanGenerateKeyPair + * nssCKFWMechanism_GetCanUnwrap + * nssCKFWMechanism_GetCanWrap + * nssCKFWMechanism_GetCanDerive + * nssCKFWMechanism_EncryptInit + * nssCKFWMechanism_DecryptInit + * nssCKFWMechanism_DigestInit + * nssCKFWMechanism_SignInit + * nssCKFWMechanism_VerifyInit + * nssCKFWMechanism_SignRecoverInit + * nssCKFWMechanism_VerifyRecoverInit + * nssCKFWMechanism_GenerateKey + * nssCKFWMechanism_GenerateKeyPair + * nssCKFWMechanism_GetWrapKeyLength + * nssCKFWMechanism_WrapKey + * nssCKFWMechanism_UnwrapKey + * nssCKFWMechanism_DeriveKey + */ + + +struct NSSCKFWMechanismStr { + NSSCKMDMechanism *mdMechanism; + NSSCKMDToken *mdToken; + NSSCKFWToken *fwToken; + NSSCKMDInstance *mdInstance; + NSSCKFWInstance *fwInstance; +}; + +/* + * nssCKFWMechanism_Create + * + */ +NSS_IMPLEMENT NSSCKFWMechanism * +nssCKFWMechanism_Create +( + NSSCKMDMechanism *mdMechanism, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + NSSCKFWMechanism *fwMechanism; + + + fwMechanism = nss_ZNEW(NULL, NSSCKFWMechanism); + if (!fwMechanism) { + return (NSSCKFWMechanism *)NULL; + } + fwMechanism->mdMechanism = mdMechanism; + fwMechanism->mdToken = mdToken; + fwMechanism->fwToken = fwToken; + fwMechanism->mdInstance = mdInstance; + fwMechanism->fwInstance = fwInstance; + return fwMechanism; +} + +/* + * nssCKFWMechanism_Destroy + * + */ +NSS_IMPLEMENT void +nssCKFWMechanism_Destroy +( + NSSCKFWMechanism *fwMechanism +) +{ + /* destroy any fw resources held by nssCKFWMechanism (currently none) */ + + if (!fwMechanism->mdMechanism->Destroy) { + /* destroys it's parent as well */ + fwMechanism->mdMechanism->Destroy( + fwMechanism->mdMechanism, + fwMechanism, + fwMechanism->mdInstance, + fwMechanism->fwInstance); + } + /* if the Destroy function wasn't supplied, then the mechanism is 'static', + * and there is nothing to destroy */ + return; +} + +/* + * nssCKFWMechanism_GetMDMechanism + * + */ +NSS_IMPLEMENT NSSCKMDMechanism * +nssCKFWMechanism_GetMDMechanism +( + NSSCKFWMechanism *fwMechanism +) +{ + return fwMechanism->mdMechanism; +} + +/* + * nssCKFWMechanism_GetMinKeySize + * + */ +NSS_IMPLEMENT CK_ULONG +nssCKFWMechanism_GetMinKeySize +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +) +{ + if (!fwMechanism->mdMechanism->GetMinKeySize) { + return 0; + } + + return fwMechanism->mdMechanism->GetMinKeySize(fwMechanism->mdMechanism, + fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, pError); +} + +/* + * nssCKFWMechanism_GetMaxKeySize + * + */ +NSS_IMPLEMENT CK_ULONG +nssCKFWMechanism_GetMaxKeySize +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +) +{ + if (!fwMechanism->mdMechanism->GetMaxKeySize) { + return 0; + } + + return fwMechanism->mdMechanism->GetMaxKeySize(fwMechanism->mdMechanism, + fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, pError); +} + +/* + * nssCKFWMechanism_GetInHardware + * + */ +NSS_IMPLEMENT CK_BBOOL +nssCKFWMechanism_GetInHardware +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +) +{ + if (!fwMechanism->mdMechanism->GetInHardware) { + return CK_FALSE; + } + + return fwMechanism->mdMechanism->GetInHardware(fwMechanism->mdMechanism, + fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, pError); +} + + +/* + * the following are determined automatically by which of the cryptographic + * functions are defined for this mechanism. + */ +/* + * nssCKFWMechanism_GetCanEncrypt + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWMechanism_GetCanEncrypt +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +) +{ + if (!fwMechanism->mdMechanism->EncryptInit) { + return CK_FALSE; + } + return CK_TRUE; +} + +/* + * nssCKFWMechanism_GetCanDecrypt + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWMechanism_GetCanDecrypt +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +) +{ + if (!fwMechanism->mdMechanism->DecryptInit) { + return CK_FALSE; + } + return CK_TRUE; +} + +/* + * nssCKFWMechanism_GetCanDigest + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWMechanism_GetCanDigest +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +) +{ + if (!fwMechanism->mdMechanism->DigestInit) { + return CK_FALSE; + } + return CK_TRUE; +} + +/* + * nssCKFWMechanism_GetCanSign + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWMechanism_GetCanSign +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +) +{ + if (!fwMechanism->mdMechanism->SignInit) { + return CK_FALSE; + } + return CK_TRUE; +} + +/* + * nssCKFWMechanism_GetCanSignRecover + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWMechanism_GetCanSignRecover +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +) +{ + if (!fwMechanism->mdMechanism->SignRecoverInit) { + return CK_FALSE; + } + return CK_TRUE; +} + +/* + * nssCKFWMechanism_GetCanVerify + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWMechanism_GetCanVerify +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +) +{ + if (!fwMechanism->mdMechanism->VerifyInit) { + return CK_FALSE; + } + return CK_TRUE; +} + +/* + * nssCKFWMechanism_GetCanVerifyRecover + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWMechanism_GetCanVerifyRecover +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +) +{ + if (!fwMechanism->mdMechanism->VerifyRecoverInit) { + return CK_FALSE; + } + return CK_TRUE; +} + +/* + * nssCKFWMechanism_GetCanGenerate + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWMechanism_GetCanGenerate +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +) +{ + if (!fwMechanism->mdMechanism->GenerateKey) { + return CK_FALSE; + } + return CK_TRUE; +} + +/* + * nssCKFWMechanism_GetCanGenerateKeyPair + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWMechanism_GetCanGenerateKeyPair +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +) +{ + if (!fwMechanism->mdMechanism->GenerateKeyPair) { + return CK_FALSE; + } + return CK_TRUE; +} + +/* + * nssCKFWMechanism_GetCanUnwrap + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWMechanism_GetCanUnwrap +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +) +{ + if (!fwMechanism->mdMechanism->UnwrapKey) { + return CK_FALSE; + } + return CK_TRUE; +} + +/* + * nssCKFWMechanism_GetCanWrap + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWMechanism_GetCanWrap +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +) +{ + if (!fwMechanism->mdMechanism->WrapKey) { + return CK_FALSE; + } + return CK_TRUE; +} + +/* + * nssCKFWMechanism_GetCanDerive + * + */ +NSS_EXTERN CK_BBOOL +nssCKFWMechanism_GetCanDerive +( + NSSCKFWMechanism *fwMechanism, + CK_RV *pError +) +{ + if (!fwMechanism->mdMechanism->DeriveKey) { + return CK_FALSE; + } + return CK_TRUE; +} + +/* + * These are the actual crypto operations + */ + +/* + * nssCKFWMechanism_EncryptInit + * Start an encryption session. + */ +NSS_EXTERN CK_RV +nssCKFWMechanism_EncryptInit +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject +) +{ + NSSCKFWCryptoOperation *fwOperation; + NSSCKMDCryptoOperation *mdOperation; + NSSCKMDSession *mdSession; + NSSCKMDObject *mdObject; + CK_RV error = CKR_OK; + + + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, + NSSCKFWCryptoOperationState_EncryptDecrypt); + if (fwOperation) { + return CKR_OPERATION_ACTIVE; + } + + if (!fwMechanism->mdMechanism->EncryptInit) { + return CKR_FUNCTION_FAILED; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdObject = nssCKFWObject_GetMDObject(fwObject); + mdOperation = fwMechanism->mdMechanism->EncryptInit( + fwMechanism->mdMechanism, + fwMechanism, + pMechanism, + mdSession, + fwSession, + fwMechanism->mdToken, + fwMechanism->fwToken, + fwMechanism->mdInstance, + fwMechanism->fwInstance, + mdObject, + fwObject, + &error + ); + if (!mdOperation) { + goto loser; + } + + fwOperation = nssCKFWCryptoOperation_Create(mdOperation, + mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, + NSSCKFWCryptoOperationType_Encrypt, &error); + if (fwOperation) { + nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, + NSSCKFWCryptoOperationState_EncryptDecrypt); + } + +loser: + return error; +} + +/* + * nssCKFWMechanism_DecryptInit + * Start an encryption session. + */ +NSS_EXTERN CK_RV +nssCKFWMechanism_DecryptInit +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject +) +{ + NSSCKFWCryptoOperation *fwOperation; + NSSCKMDCryptoOperation *mdOperation; + NSSCKMDSession *mdSession; + NSSCKMDObject *mdObject; + CK_RV error = CKR_OK; + + + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, + NSSCKFWCryptoOperationState_EncryptDecrypt); + if (fwOperation) { + return CKR_OPERATION_ACTIVE; + } + + if (!fwMechanism->mdMechanism->DecryptInit) { + return CKR_FUNCTION_FAILED; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdObject = nssCKFWObject_GetMDObject(fwObject); + mdOperation = fwMechanism->mdMechanism->DecryptInit( + fwMechanism->mdMechanism, + fwMechanism, + pMechanism, + mdSession, + fwSession, + fwMechanism->mdToken, + fwMechanism->fwToken, + fwMechanism->mdInstance, + fwMechanism->fwInstance, + mdObject, + fwObject, + &error + ); + if (!mdOperation) { + goto loser; + } + + fwOperation = nssCKFWCryptoOperation_Create(mdOperation, + mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, + NSSCKFWCryptoOperationType_Decrypt, &error); + if (fwOperation) { + nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, + NSSCKFWCryptoOperationState_EncryptDecrypt); + } + +loser: + return error; +} + +/* + * nssCKFWMechanism_DigestInit + * Start an encryption session. + */ +NSS_EXTERN CK_RV +nssCKFWMechanism_DigestInit +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession +) +{ + NSSCKFWCryptoOperation *fwOperation; + NSSCKMDCryptoOperation *mdOperation; + NSSCKMDSession *mdSession; + CK_RV error = CKR_OK; + + + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, + NSSCKFWCryptoOperationState_Digest); + if (fwOperation) { + return CKR_OPERATION_ACTIVE; + } + + if (!fwMechanism->mdMechanism->DigestInit) { + return CKR_FUNCTION_FAILED; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdOperation = fwMechanism->mdMechanism->DigestInit( + fwMechanism->mdMechanism, + fwMechanism, + pMechanism, + mdSession, + fwSession, + fwMechanism->mdToken, + fwMechanism->fwToken, + fwMechanism->mdInstance, + fwMechanism->fwInstance, + &error + ); + if (!mdOperation) { + goto loser; + } + + fwOperation = nssCKFWCryptoOperation_Create(mdOperation, + mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, + NSSCKFWCryptoOperationType_Digest, &error); + if (fwOperation) { + nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, + NSSCKFWCryptoOperationState_Digest); + } + +loser: + return error; +} + +/* + * nssCKFWMechanism_SignInit + * Start an encryption session. + */ +NSS_EXTERN CK_RV +nssCKFWMechanism_SignInit +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject +) +{ + NSSCKFWCryptoOperation *fwOperation; + NSSCKMDCryptoOperation *mdOperation; + NSSCKMDSession *mdSession; + NSSCKMDObject *mdObject; + CK_RV error = CKR_OK; + + + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, + NSSCKFWCryptoOperationState_SignVerify); + if (fwOperation) { + return CKR_OPERATION_ACTIVE; + } + + if (!fwMechanism->mdMechanism->SignInit) { + return CKR_FUNCTION_FAILED; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdObject = nssCKFWObject_GetMDObject(fwObject); + mdOperation = fwMechanism->mdMechanism->SignInit( + fwMechanism->mdMechanism, + fwMechanism, + pMechanism, + mdSession, + fwSession, + fwMechanism->mdToken, + fwMechanism->fwToken, + fwMechanism->mdInstance, + fwMechanism->fwInstance, + mdObject, + fwObject, + &error + ); + if (!mdOperation) { + goto loser; + } + + fwOperation = nssCKFWCryptoOperation_Create(mdOperation, + mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, + NSSCKFWCryptoOperationType_Sign, &error); + if (fwOperation) { + nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, + NSSCKFWCryptoOperationState_SignVerify); + } + +loser: + return error; +} + +/* + * nssCKFWMechanism_VerifyInit + * Start an encryption session. + */ +NSS_EXTERN CK_RV +nssCKFWMechanism_VerifyInit +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject +) +{ + NSSCKFWCryptoOperation *fwOperation; + NSSCKMDCryptoOperation *mdOperation; + NSSCKMDSession *mdSession; + NSSCKMDObject *mdObject; + CK_RV error = CKR_OK; + + + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, + NSSCKFWCryptoOperationState_SignVerify); + if (fwOperation) { + return CKR_OPERATION_ACTIVE; + } + + if (!fwMechanism->mdMechanism->VerifyInit) { + return CKR_FUNCTION_FAILED; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdObject = nssCKFWObject_GetMDObject(fwObject); + mdOperation = fwMechanism->mdMechanism->VerifyInit( + fwMechanism->mdMechanism, + fwMechanism, + pMechanism, + mdSession, + fwSession, + fwMechanism->mdToken, + fwMechanism->fwToken, + fwMechanism->mdInstance, + fwMechanism->fwInstance, + mdObject, + fwObject, + &error + ); + if (!mdOperation) { + goto loser; + } + + fwOperation = nssCKFWCryptoOperation_Create(mdOperation, + mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, + NSSCKFWCryptoOperationType_Verify, &error); + if (fwOperation) { + nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, + NSSCKFWCryptoOperationState_SignVerify); + } + +loser: + return error; +} + +/* + * nssCKFWMechanism_SignRecoverInit + * Start an encryption session. + */ +NSS_EXTERN CK_RV +nssCKFWMechanism_SignRecoverInit +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject +) +{ + NSSCKFWCryptoOperation *fwOperation; + NSSCKMDCryptoOperation *mdOperation; + NSSCKMDSession *mdSession; + NSSCKMDObject *mdObject; + CK_RV error = CKR_OK; + + + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, + NSSCKFWCryptoOperationState_SignVerify); + if (fwOperation) { + return CKR_OPERATION_ACTIVE; + } + + if (!fwMechanism->mdMechanism->SignRecoverInit) { + return CKR_FUNCTION_FAILED; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdObject = nssCKFWObject_GetMDObject(fwObject); + mdOperation = fwMechanism->mdMechanism->SignRecoverInit( + fwMechanism->mdMechanism, + fwMechanism, + pMechanism, + mdSession, + fwSession, + fwMechanism->mdToken, + fwMechanism->fwToken, + fwMechanism->mdInstance, + fwMechanism->fwInstance, + mdObject, + fwObject, + &error + ); + if (!mdOperation) { + goto loser; + } + + fwOperation = nssCKFWCryptoOperation_Create(mdOperation, + mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, + NSSCKFWCryptoOperationType_SignRecover, &error); + if (fwOperation) { + nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, + NSSCKFWCryptoOperationState_SignVerify); + } + +loser: + return error; +} + +/* + * nssCKFWMechanism_VerifyRecoverInit + * Start an encryption session. + */ +NSS_EXTERN CK_RV +nssCKFWMechanism_VerifyRecoverInit +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject +) +{ + NSSCKFWCryptoOperation *fwOperation; + NSSCKMDCryptoOperation *mdOperation; + NSSCKMDSession *mdSession; + NSSCKMDObject *mdObject; + CK_RV error = CKR_OK; + + + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, + NSSCKFWCryptoOperationState_SignVerify); + if (fwOperation) { + return CKR_OPERATION_ACTIVE; + } + + if (!fwMechanism->mdMechanism->VerifyRecoverInit) { + return CKR_FUNCTION_FAILED; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdObject = nssCKFWObject_GetMDObject(fwObject); + mdOperation = fwMechanism->mdMechanism->VerifyRecoverInit( + fwMechanism->mdMechanism, + fwMechanism, + pMechanism, + mdSession, + fwSession, + fwMechanism->mdToken, + fwMechanism->fwToken, + fwMechanism->mdInstance, + fwMechanism->fwInstance, + mdObject, + fwObject, + &error + ); + if (!mdOperation) { + goto loser; + } + + fwOperation = nssCKFWCryptoOperation_Create(mdOperation, + mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken, + fwMechanism->mdInstance, fwMechanism->fwInstance, + NSSCKFWCryptoOperationType_VerifyRecover, &error); + if (fwOperation) { + nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation, + NSSCKFWCryptoOperationState_SignVerify); + } + +loser: + return error; +} + +/* + * nssCKFWMechanism_GenerateKey + */ +NSS_EXTERN NSSCKFWObject * +nssCKFWMechanism_GenerateKey +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError +) +{ + NSSCKMDSession *mdSession; + NSSCKMDObject *mdObject; + NSSCKFWObject *fwObject = NULL; + NSSArena *arena; + + if (!fwMechanism->mdMechanism->GenerateKey) { + *pError = CKR_FUNCTION_FAILED; + return (NSSCKFWObject *)NULL; + } + + arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError); + if (!arena) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + return (NSSCKFWObject *)NULL; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdObject = fwMechanism->mdMechanism->GenerateKey( + fwMechanism->mdMechanism, + fwMechanism, + pMechanism, + mdSession, + fwSession, + fwMechanism->mdToken, + fwMechanism->fwToken, + fwMechanism->mdInstance, + fwMechanism->fwInstance, + pTemplate, + ulAttributeCount, + pError); + + if (!mdObject) { + return (NSSCKFWObject *)NULL; + } + + fwObject = nssCKFWObject_Create(arena, mdObject, + fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError); + + return fwObject; +} + +/* + * nssCKFWMechanism_GenerateKeyPair + */ +NSS_EXTERN CK_RV +nssCKFWMechanism_GenerateKeyPair +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pPublicKeyTemplate, + CK_ULONG ulPublicKeyAttributeCount, + CK_ATTRIBUTE_PTR pPrivateKeyTemplate, + CK_ULONG ulPrivateKeyAttributeCount, + NSSCKFWObject **fwPublicKeyObject, + NSSCKFWObject **fwPrivateKeyObject +) +{ + NSSCKMDSession *mdSession; + NSSCKMDObject *mdPublicKeyObject; + NSSCKMDObject *mdPrivateKeyObject; + NSSArena *arena; + CK_RV error = CKR_OK; + + if (!fwMechanism->mdMechanism->GenerateKeyPair) { + return CKR_FUNCTION_FAILED; + } + + arena = nssCKFWToken_GetArena(fwMechanism->fwToken, &error); + if (!arena) { + if (CKR_OK == error) { + error = CKR_GENERAL_ERROR; + } + return error; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + error = fwMechanism->mdMechanism->GenerateKeyPair( + fwMechanism->mdMechanism, + fwMechanism, + pMechanism, + mdSession, + fwSession, + fwMechanism->mdToken, + fwMechanism->fwToken, + fwMechanism->mdInstance, + fwMechanism->fwInstance, + pPublicKeyTemplate, + ulPublicKeyAttributeCount, + pPrivateKeyTemplate, + ulPrivateKeyAttributeCount, + &mdPublicKeyObject, + &mdPrivateKeyObject); + + if (CKR_OK != error) { + return error; + } + + *fwPublicKeyObject = nssCKFWObject_Create(arena, mdPublicKeyObject, + fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, &error); + if (!*fwPublicKeyObject) { + return error; + } + *fwPrivateKeyObject = nssCKFWObject_Create(arena, mdPrivateKeyObject, + fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, &error); + + return error; +} + +/* + * nssCKFWMechanism_GetWrapKeyLength + */ +NSS_EXTERN CK_ULONG +nssCKFWMechanism_GetWrapKeyLength +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwWrappingKeyObject, + NSSCKFWObject *fwKeyObject, + CK_RV *pError +) +{ + NSSCKMDSession *mdSession; + NSSCKMDObject *mdWrappingKeyObject; + NSSCKMDObject *mdKeyObject; + + if (!fwMechanism->mdMechanism->WrapKey) { + *pError = CKR_FUNCTION_FAILED; + return (CK_ULONG) 0; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject); + mdKeyObject = nssCKFWObject_GetMDObject(fwKeyObject); + return fwMechanism->mdMechanism->GetWrapKeyLength( + fwMechanism->mdMechanism, + fwMechanism, + pMechanism, + mdSession, + fwSession, + fwMechanism->mdToken, + fwMechanism->fwToken, + fwMechanism->mdInstance, + fwMechanism->fwInstance, + mdWrappingKeyObject, + fwWrappingKeyObject, + mdKeyObject, + fwKeyObject, + pError); +} + +/* + * nssCKFWMechanism_WrapKey + */ +NSS_EXTERN CK_RV +nssCKFWMechanism_WrapKey +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwWrappingKeyObject, + NSSCKFWObject *fwKeyObject, + NSSItem *wrappedKey +) +{ + NSSCKMDSession *mdSession; + NSSCKMDObject *mdWrappingKeyObject; + NSSCKMDObject *mdKeyObject; + + if (!fwMechanism->mdMechanism->WrapKey) { + return CKR_FUNCTION_FAILED; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject); + mdKeyObject = nssCKFWObject_GetMDObject(fwKeyObject); + return fwMechanism->mdMechanism->WrapKey( + fwMechanism->mdMechanism, + fwMechanism, + pMechanism, + mdSession, + fwSession, + fwMechanism->mdToken, + fwMechanism->fwToken, + fwMechanism->mdInstance, + fwMechanism->fwInstance, + mdWrappingKeyObject, + fwWrappingKeyObject, + mdKeyObject, + fwKeyObject, + wrappedKey); +} + +/* + * nssCKFWMechanism_UnwrapKey + */ +NSS_EXTERN NSSCKFWObject * +nssCKFWMechanism_UnwrapKey +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwWrappingKeyObject, + NSSItem *wrappedKey, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError +) +{ + NSSCKMDSession *mdSession; + NSSCKMDObject *mdObject; + NSSCKMDObject *mdWrappingKeyObject; + NSSCKFWObject *fwObject = NULL; + NSSArena *arena; + + if (!fwMechanism->mdMechanism->UnwrapKey) { + /* we could simulate UnwrapKey using Decrypt and Create object, but + * 1) it's not clear that would work well, and 2) the low level token + * may want to restrict unwrap key for a reason, so just fail it it + * can't be done */ + *pError = CKR_FUNCTION_FAILED; + return (NSSCKFWObject *)NULL; + } + + arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError); + if (!arena) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + return (NSSCKFWObject *)NULL; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject); + mdObject = fwMechanism->mdMechanism->UnwrapKey( + fwMechanism->mdMechanism, + fwMechanism, + pMechanism, + mdSession, + fwSession, + fwMechanism->mdToken, + fwMechanism->fwToken, + fwMechanism->mdInstance, + fwMechanism->fwInstance, + mdWrappingKeyObject, + fwWrappingKeyObject, + wrappedKey, + pTemplate, + ulAttributeCount, + pError); + + if (!mdObject) { + return (NSSCKFWObject *)NULL; + } + + fwObject = nssCKFWObject_Create(arena, mdObject, + fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError); + + return fwObject; +} + +/* + * nssCKFWMechanism_DeriveKey + */ +NSS_EXTERN NSSCKFWObject * +nssCKFWMechanism_DeriveKey +( + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKFWSession *fwSession, + NSSCKFWObject *fwBaseKeyObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError +) +{ + NSSCKMDSession *mdSession; + NSSCKMDObject *mdObject; + NSSCKMDObject *mdBaseKeyObject; + NSSCKFWObject *fwObject = NULL; + NSSArena *arena; + + if (!fwMechanism->mdMechanism->DeriveKey) { + *pError = CKR_FUNCTION_FAILED; + return (NSSCKFWObject *)NULL; + } + + arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError); + if (!arena) { + if (CKR_OK == *pError) { + *pError = CKR_GENERAL_ERROR; + } + return (NSSCKFWObject *)NULL; + } + + mdSession = nssCKFWSession_GetMDSession(fwSession); + mdBaseKeyObject = nssCKFWObject_GetMDObject(fwBaseKeyObject); + mdObject = fwMechanism->mdMechanism->DeriveKey( + fwMechanism->mdMechanism, + fwMechanism, + pMechanism, + mdSession, + fwSession, + fwMechanism->mdToken, + fwMechanism->fwToken, + fwMechanism->mdInstance, + fwMechanism->fwInstance, + mdBaseKeyObject, + fwBaseKeyObject, + pTemplate, + ulAttributeCount, + pError); + + if (!mdObject) { + return (NSSCKFWObject *)NULL; + } + + fwObject = nssCKFWObject_Create(arena, mdObject, + fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError); + + return fwObject; +} + diff --git a/security/nss/lib/ckfw/mutex.c b/security/nss/lib/ckfw/mutex.c new file mode 100644 index 000000000..ad714b8f2 --- /dev/null +++ b/security/nss/lib/ckfw/mutex.c @@ -0,0 +1,305 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +/* + * mutex.c + * + * This file implements a mutual-exclusion locking facility for Modules + * using the NSS Cryptoki Framework. + */ + +#ifndef CK_T +#include "ck.h" +#endif /* CK_T */ + +/* + * NSSCKFWMutex + * + * NSSCKFWMutex_Destroy + * NSSCKFWMutex_Lock + * NSSCKFWMutex_Unlock + * + * nssCKFWMutex_Create + * nssCKFWMutex_Destroy + * nssCKFWMutex_Lock + * nssCKFWMutex_Unlock + * + * -- debugging versions only -- + * nssCKFWMutex_verifyPointer + * + */ + +struct NSSCKFWMutexStr { + PRLock *lock; +}; + +#ifdef DEBUG +/* + * But first, the pointer-tracking stuff. + * + * NOTE: the pointer-tracking support in NSS/base currently relies + * upon NSPR's CallOnce support. That, however, relies upon NSPR's + * locking, which is tied into the runtime. We need a pointer-tracker + * implementation that uses the locks supplied through C_Initialize. + * That support, however, can be filled in later. So for now, I'll + * just do this routines as no-ops. + */ + +static CK_RV +mutex_add_pointer +( + const NSSCKFWMutex *fwMutex +) +{ + return CKR_OK; +} + +static CK_RV +mutex_remove_pointer +( + const NSSCKFWMutex *fwMutex +) +{ + return CKR_OK; +} + +NSS_IMPLEMENT CK_RV +nssCKFWMutex_verifyPointer +( + const NSSCKFWMutex *fwMutex +) +{ + return CKR_OK; +} + +#endif /* DEBUG */ + +/* + * nssCKFWMutex_Create + * + */ +NSS_EXTERN NSSCKFWMutex * +nssCKFWMutex_Create +( + CK_C_INITIALIZE_ARGS_PTR pInitArgs, + CryptokiLockingState LockingState, + NSSArena *arena, + CK_RV *pError +) +{ + NSSCKFWMutex *mutex; + + mutex = nss_ZNEW(arena, NSSCKFWMutex); + if (!mutex) { + *pError = CKR_HOST_MEMORY; + return (NSSCKFWMutex *)NULL; + } + *pError = CKR_OK; + mutex->lock = NULL; + if (LockingState == MultiThreaded) { + mutex->lock = PR_NewLock(); + if (!mutex->lock) { + *pError = CKR_HOST_MEMORY; /* we couldn't get the resource */ + } + } + + if( CKR_OK != *pError ) { + (void)nss_ZFreeIf(mutex); + return (NSSCKFWMutex *)NULL; + } + +#ifdef DEBUG + *pError = mutex_add_pointer(mutex); + if( CKR_OK != *pError ) { + if (mutex->lock) { + PR_DestroyLock(mutex->lock); + } + (void)nss_ZFreeIf(mutex); + return (NSSCKFWMutex *)NULL; + } +#endif /* DEBUG */ + + return mutex; +} + +/* + * nssCKFWMutex_Destroy + * + */ +NSS_EXTERN CK_RV +nssCKFWMutex_Destroy +( + NSSCKFWMutex *mutex +) +{ + CK_RV rv = CKR_OK; + +#ifdef NSSDEBUG + rv = nssCKFWMutex_verifyPointer(mutex); + if( CKR_OK != rv ) { + return rv; + } +#endif /* NSSDEBUG */ + + if (mutex->lock) { + PR_DestroyLock(mutex->lock); + } + +#ifdef DEBUG + (void)mutex_remove_pointer(mutex); +#endif /* DEBUG */ + + (void)nss_ZFreeIf(mutex); + return rv; +} + +/* + * nssCKFWMutex_Lock + * + */ +NSS_EXTERN CK_RV +nssCKFWMutex_Lock +( + NSSCKFWMutex *mutex +) +{ +#ifdef NSSDEBUG + CK_RV rv = nssCKFWMutex_verifyPointer(mutex); + if( CKR_OK != rv ) { + return rv; + } +#endif /* NSSDEBUG */ + if (mutex->lock) { + PR_Lock(mutex->lock); + } + + return CKR_OK; +} + +/* + * nssCKFWMutex_Unlock + * + */ +NSS_EXTERN CK_RV +nssCKFWMutex_Unlock +( + NSSCKFWMutex *mutex +) +{ + PRStatus nrv; +#ifdef NSSDEBUG + CK_RV rv = nssCKFWMutex_verifyPointer(mutex); + + if( CKR_OK != rv ) { + return rv; + } +#endif /* NSSDEBUG */ + + if (!mutex->lock) + return CKR_OK; + + nrv = PR_Unlock(mutex->lock); + + /* if unlock fails, either we have a programming error, or we have + * some sort of hardware failure... in either case return CKR_DEVICE_ERROR. + */ + return nrv == PR_SUCCESS ? CKR_OK : CKR_DEVICE_ERROR; +} + +/* + * NSSCKFWMutex_Destroy + * + */ +NSS_EXTERN CK_RV +NSSCKFWMutex_Destroy +( + NSSCKFWMutex *mutex +) +{ +#ifdef DEBUG + CK_RV rv = nssCKFWMutex_verifyPointer(mutex); + if( CKR_OK != rv ) { + return rv; + } +#endif /* DEBUG */ + + return nssCKFWMutex_Destroy(mutex); +} + +/* + * NSSCKFWMutex_Lock + * + */ +NSS_EXTERN CK_RV +NSSCKFWMutex_Lock +( + NSSCKFWMutex *mutex +) +{ +#ifdef DEBUG + CK_RV rv = nssCKFWMutex_verifyPointer(mutex); + if( CKR_OK != rv ) { + return rv; + } +#endif /* DEBUG */ + + return nssCKFWMutex_Lock(mutex); +} + +/* + * NSSCKFWMutex_Unlock + * + */ +NSS_EXTERN CK_RV +NSSCKFWMutex_Unlock +( + NSSCKFWMutex *mutex +) +{ +#ifdef DEBUG + CK_RV rv = nssCKFWMutex_verifyPointer(mutex); + if( CKR_OK != rv ) { + return rv; + } +#endif /* DEBUG */ + + return nssCKFWMutex_Unlock(mutex); +} + diff --git a/security/nss/lib/ckfw/nssck.api b/security/nss/lib/ckfw/nssck.api new file mode 100644 index 000000000..d0b15ff45 --- /dev/null +++ b/security/nss/lib/ckfw/nssck.api @@ -0,0 +1,1890 @@ +/* THIS IS A GENERATED FILE */ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef DEBUG +static const char NSSCKAPI_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ ; @(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +/* + * nssck.api + * + * This automatically-generated file is used to generate a set of + * Cryptoki entry points within the object space of a Module using + * the NSS Cryptoki Framework. + * + * The Module should have a .c file with the following: + * + * #define MODULE_NAME name + * #define INSTANCE_NAME instance + * #include "nssck.api" + * + * where "name" is some module-specific name that can be used to + * disambiguate various modules. This included file will then + * define the actual Cryptoki routines which pass through to the + * Framework calls. All routines, except C_GetFunctionList, will + * be prefixed with the name; C_GetFunctionList will be generated + * to return an entry-point vector with these routines. The + * instance specified should be the basic instance of NSSCKMDInstance. + * + * If, prior to including nssck.api, the .c file also specifies + * + * #define DECLARE_STRICT_CRYTPOKI_NAMES + * + * Then a set of "stub" routines not prefixed with the name will + * be included. This would allow the combined module and framework + * to be used in applications which are hard-coded to use the + * PKCS#11 names (instead of going through the EPV). Please note + * that such applications should be careful resolving symbols when + * more than one PKCS#11 module is loaded. + */ + +#ifndef MODULE_NAME +#error "Error: MODULE_NAME must be defined." +#endif /* MODULE_NAME */ + +#ifndef INSTANCE_NAME +#error "Error: INSTANCE_NAME must be defined." +#endif /* INSTANCE_NAME */ + +#ifndef NSSCKT_H +#include "nssckt.h" +#endif /* NSSCKT_H */ + +#ifndef NSSCKFWT_H +#include "nssckfwt.h" +#endif /* NSSCKFWT_H */ + +#ifndef NSSCKFWC_H +#include "nssckfwc.h" +#endif /* NSSCKFWC_H */ + +#ifndef NSSCKEPV_H +#include "nssckepv.h" +#endif /* NSSCKEPV_H */ + +#define ADJOIN(x,y) x##y + +#define __ADJOIN(x,y) ADJOIN(x,y) + +/* + * The anchor. This object is used to store an "anchor" pointer in + * the Module's object space, so the wrapper functions can relate + * back to this instance. + */ + +static NSSCKFWInstance *fwInstance = (NSSCKFWInstance *)0; + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_Initialize) +( + CK_VOID_PTR pInitArgs +) +{ + return NSSCKFWC_Initialize(&fwInstance, INSTANCE_NAME, pInitArgs); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_Initialize +( + CK_VOID_PTR pInitArgs +) +{ + return __ADJOIN(MODULE_NAME,C_Initialize)(pInitArgs); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_Finalize) +( + CK_VOID_PTR pReserved +) +{ + return NSSCKFWC_Finalize(&fwInstance); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_Finalize +( + CK_VOID_PTR pReserved +) +{ + return __ADJOIN(MODULE_NAME,C_Finalize)(pReserved); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_GetInfo) +( + CK_INFO_PTR pInfo +) +{ + return NSSCKFWC_GetInfo(fwInstance, pInfo); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_GetInfo +( + CK_INFO_PTR pInfo +) +{ + return __ADJOIN(MODULE_NAME,C_GetInfo)(pInfo); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +/* + * C_GetFunctionList is defined at the end. + */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_GetSlotList) +( + CK_BBOOL tokenPresent, + CK_SLOT_ID_PTR pSlotList, + CK_ULONG_PTR pulCount +) +{ + return NSSCKFWC_GetSlotList(fwInstance, tokenPresent, pSlotList, pulCount); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_GetSlotList +( + CK_BBOOL tokenPresent, + CK_SLOT_ID_PTR pSlotList, + CK_ULONG_PTR pulCount +) +{ + return __ADJOIN(MODULE_NAME,C_GetSlotList)(tokenPresent, pSlotList, pulCount); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_GetSlotInfo) +( + CK_SLOT_ID slotID, + CK_SLOT_INFO_PTR pInfo +) +{ + return NSSCKFWC_GetSlotInfo(fwInstance, slotID, pInfo); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_GetSlotInfo +( + CK_SLOT_ID slotID, + CK_SLOT_INFO_PTR pInfo +) +{ + return __ADJOIN(MODULE_NAME,C_GetSlotInfo)(slotID, pInfo); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_GetTokenInfo) +( + CK_SLOT_ID slotID, + CK_TOKEN_INFO_PTR pInfo +) +{ + return NSSCKFWC_GetTokenInfo(fwInstance, slotID, pInfo); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_GetTokenInfo +( + CK_SLOT_ID slotID, + CK_TOKEN_INFO_PTR pInfo +) +{ + return __ADJOIN(MODULE_NAME,C_GetTokenInfo)(slotID, pInfo); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_GetMechanismList) +( + CK_SLOT_ID slotID, + CK_MECHANISM_TYPE_PTR pMechanismList, + CK_ULONG_PTR pulCount +) +{ + return NSSCKFWC_GetMechanismList(fwInstance, slotID, pMechanismList, pulCount); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_GetMechanismList +( + CK_SLOT_ID slotID, + CK_MECHANISM_TYPE_PTR pMechanismList, + CK_ULONG_PTR pulCount +) +{ + return __ADJOIN(MODULE_NAME,C_GetMechanismList)(slotID, pMechanismList, pulCount); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_GetMechanismInfo) +( + CK_SLOT_ID slotID, + CK_MECHANISM_TYPE type, + CK_MECHANISM_INFO_PTR pInfo +) +{ + return NSSCKFWC_GetMechanismInfo(fwInstance, slotID, type, pInfo); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_GetMechanismInfo +( + CK_SLOT_ID slotID, + CK_MECHANISM_TYPE type, + CK_MECHANISM_INFO_PTR pInfo +) +{ + return __ADJOIN(MODULE_NAME,C_GetMechanismInfo)(slotID, type, pInfo); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_InitToken) +( + CK_SLOT_ID slotID, + CK_CHAR_PTR pPin, + CK_ULONG ulPinLen, + CK_CHAR_PTR pLabel +) +{ + return NSSCKFWC_InitToken(fwInstance, slotID, pPin, ulPinLen, pLabel); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_InitToken +( + CK_SLOT_ID slotID, + CK_CHAR_PTR pPin, + CK_ULONG ulPinLen, + CK_CHAR_PTR pLabel +) +{ + return __ADJOIN(MODULE_NAME,C_InitToken)(slotID, pPin, ulPinLen, pLabel); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_InitPIN) +( + CK_SESSION_HANDLE hSession, + CK_CHAR_PTR pPin, + CK_ULONG ulPinLen +) +{ + return NSSCKFWC_InitPIN(fwInstance, hSession, pPin, ulPinLen); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_InitPIN +( + CK_SESSION_HANDLE hSession, + CK_CHAR_PTR pPin, + CK_ULONG ulPinLen +) +{ + return __ADJOIN(MODULE_NAME,C_InitPIN)(hSession, pPin, ulPinLen); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_SetPIN) +( + CK_SESSION_HANDLE hSession, + CK_CHAR_PTR pOldPin, + CK_ULONG ulOldLen, + CK_CHAR_PTR pNewPin, + CK_ULONG ulNewLen +) +{ + return NSSCKFWC_SetPIN(fwInstance, hSession, pOldPin, ulOldLen, pNewPin, ulNewLen); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_SetPIN +( + CK_SESSION_HANDLE hSession, + CK_CHAR_PTR pOldPin, + CK_ULONG ulOldLen, + CK_CHAR_PTR pNewPin, + CK_ULONG ulNewLen +) +{ + return __ADJOIN(MODULE_NAME,C_SetPIN)(hSession, pOldPin, ulOldLen, pNewPin, ulNewLen); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_OpenSession) +( + CK_SLOT_ID slotID, + CK_FLAGS flags, + CK_VOID_PTR pApplication, + CK_NOTIFY Notify, + CK_SESSION_HANDLE_PTR phSession +) +{ + return NSSCKFWC_OpenSession(fwInstance, slotID, flags, pApplication, Notify, phSession); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_OpenSession +( + CK_SLOT_ID slotID, + CK_FLAGS flags, + CK_VOID_PTR pApplication, + CK_NOTIFY Notify, + CK_SESSION_HANDLE_PTR phSession +) +{ + return __ADJOIN(MODULE_NAME,C_OpenSession)(slotID, flags, pApplication, Notify, phSession); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_CloseSession) +( + CK_SESSION_HANDLE hSession +) +{ + return NSSCKFWC_CloseSession(fwInstance, hSession); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_CloseSession +( + CK_SESSION_HANDLE hSession +) +{ + return __ADJOIN(MODULE_NAME,C_CloseSession)(hSession); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_CloseAllSessions) +( + CK_SLOT_ID slotID +) +{ + return NSSCKFWC_CloseAllSessions(fwInstance, slotID); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_CloseAllSessions +( + CK_SLOT_ID slotID +) +{ + return __ADJOIN(MODULE_NAME,C_CloseAllSessions)(slotID); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_GetSessionInfo) +( + CK_SESSION_HANDLE hSession, + CK_SESSION_INFO_PTR pInfo +) +{ + return NSSCKFWC_GetSessionInfo(fwInstance, hSession, pInfo); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_GetSessionInfo +( + CK_SESSION_HANDLE hSession, + CK_SESSION_INFO_PTR pInfo +) +{ + return __ADJOIN(MODULE_NAME,C_GetSessionInfo)(hSession, pInfo); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_GetOperationState) +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pOperationState, + CK_ULONG_PTR pulOperationStateLen +) +{ + return NSSCKFWC_GetOperationState(fwInstance, hSession, pOperationState, pulOperationStateLen); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_GetOperationState +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pOperationState, + CK_ULONG_PTR pulOperationStateLen +) +{ + return __ADJOIN(MODULE_NAME,C_GetOperationState)(hSession, pOperationState, pulOperationStateLen); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_SetOperationState) +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pOperationState, + CK_ULONG ulOperationStateLen, + CK_OBJECT_HANDLE hEncryptionKey, + CK_OBJECT_HANDLE hAuthenticationKey +) +{ + return NSSCKFWC_SetOperationState(fwInstance, hSession, pOperationState, ulOperationStateLen, hEncryptionKey, hAuthenticationKey); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_SetOperationState +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pOperationState, + CK_ULONG ulOperationStateLen, + CK_OBJECT_HANDLE hEncryptionKey, + CK_OBJECT_HANDLE hAuthenticationKey +) +{ + return __ADJOIN(MODULE_NAME,C_SetOperationState)(hSession, pOperationState, ulOperationStateLen, hEncryptionKey, hAuthenticationKey); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_Login) +( + CK_SESSION_HANDLE hSession, + CK_USER_TYPE userType, + CK_CHAR_PTR pPin, + CK_ULONG ulPinLen +) +{ + return NSSCKFWC_Login(fwInstance, hSession, userType, pPin, ulPinLen); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_Login +( + CK_SESSION_HANDLE hSession, + CK_USER_TYPE userType, + CK_CHAR_PTR pPin, + CK_ULONG ulPinLen +) +{ + return __ADJOIN(MODULE_NAME,C_Login)(hSession, userType, pPin, ulPinLen); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_Logout) +( + CK_SESSION_HANDLE hSession +) +{ + return NSSCKFWC_Logout(fwInstance, hSession); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_Logout +( + CK_SESSION_HANDLE hSession +) +{ + return __ADJOIN(MODULE_NAME,C_Logout)(hSession); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_CreateObject) +( + CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phObject +) +{ + return NSSCKFWC_CreateObject(fwInstance, hSession, pTemplate, ulCount, phObject); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_CreateObject +( + CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phObject +) +{ + return __ADJOIN(MODULE_NAME,C_CreateObject)(hSession, pTemplate, ulCount, phObject); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_CopyObject) +( + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phNewObject +) +{ + return NSSCKFWC_CopyObject(fwInstance, hSession, hObject, pTemplate, ulCount, phNewObject); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_CopyObject +( + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phNewObject +) +{ + return __ADJOIN(MODULE_NAME,C_CopyObject)(hSession, hObject, pTemplate, ulCount, phNewObject); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_DestroyObject) +( + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject +) +{ + return NSSCKFWC_DestroyObject(fwInstance, hSession, hObject); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_DestroyObject +( + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject +) +{ + return __ADJOIN(MODULE_NAME,C_DestroyObject)(hSession, hObject); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_GetObjectSize) +( + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ULONG_PTR pulSize +) +{ + return NSSCKFWC_GetObjectSize(fwInstance, hSession, hObject, pulSize); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_GetObjectSize +( + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ULONG_PTR pulSize +) +{ + return __ADJOIN(MODULE_NAME,C_GetObjectSize)(hSession, hObject, pulSize); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_GetAttributeValue) +( + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount +) +{ + return NSSCKFWC_GetAttributeValue(fwInstance, hSession, hObject, pTemplate, ulCount); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_GetAttributeValue +( + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount +) +{ + return __ADJOIN(MODULE_NAME,C_GetAttributeValue)(hSession, hObject, pTemplate, ulCount); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_SetAttributeValue) +( + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount +) +{ + return NSSCKFWC_SetAttributeValue(fwInstance, hSession, hObject, pTemplate, ulCount); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_SetAttributeValue +( + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount +) +{ + return __ADJOIN(MODULE_NAME,C_SetAttributeValue)(hSession, hObject, pTemplate, ulCount); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_FindObjectsInit) +( + CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount +) +{ + return NSSCKFWC_FindObjectsInit(fwInstance, hSession, pTemplate, ulCount); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_FindObjectsInit +( + CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount +) +{ + return __ADJOIN(MODULE_NAME,C_FindObjectsInit)(hSession, pTemplate, ulCount); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_FindObjects) +( + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE_PTR phObject, + CK_ULONG ulMaxObjectCount, + CK_ULONG_PTR pulObjectCount +) +{ + return NSSCKFWC_FindObjects(fwInstance, hSession, phObject, ulMaxObjectCount, pulObjectCount); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_FindObjects +( + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE_PTR phObject, + CK_ULONG ulMaxObjectCount, + CK_ULONG_PTR pulObjectCount +) +{ + return __ADJOIN(MODULE_NAME,C_FindObjects)(hSession, phObject, ulMaxObjectCount, pulObjectCount); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_FindObjectsFinal) +( + CK_SESSION_HANDLE hSession +) +{ + return NSSCKFWC_FindObjectsFinal(fwInstance, hSession); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_FindObjectsFinal +( + CK_SESSION_HANDLE hSession +) +{ + return __ADJOIN(MODULE_NAME,C_FindObjectsFinal)(hSession); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_EncryptInit) +( + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey +) +{ + return NSSCKFWC_EncryptInit(fwInstance, hSession, pMechanism, hKey); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_EncryptInit +( + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey +) +{ + return __ADJOIN(MODULE_NAME,C_EncryptInit)(hSession, pMechanism, hKey); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_Encrypt) +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pEncryptedData, + CK_ULONG_PTR pulEncryptedDataLen +) +{ + return NSSCKFWC_Encrypt(fwInstance, hSession, pData, ulDataLen, pEncryptedData, pulEncryptedDataLen); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_Encrypt +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pEncryptedData, + CK_ULONG_PTR pulEncryptedDataLen +) +{ + return __ADJOIN(MODULE_NAME,C_Encrypt)(hSession, pData, ulDataLen, pEncryptedData, pulEncryptedDataLen); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_EncryptUpdate) +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen +) +{ + return NSSCKFWC_EncryptUpdate(fwInstance, hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_EncryptUpdate +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen +) +{ + return __ADJOIN(MODULE_NAME,C_EncryptUpdate)(hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_EncryptFinal) +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pLastEncryptedPart, + CK_ULONG_PTR pulLastEncryptedPartLen +) +{ + return NSSCKFWC_EncryptFinal(fwInstance, hSession, pLastEncryptedPart, pulLastEncryptedPartLen); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_EncryptFinal +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pLastEncryptedPart, + CK_ULONG_PTR pulLastEncryptedPartLen +) +{ + return __ADJOIN(MODULE_NAME,C_EncryptFinal)(hSession, pLastEncryptedPart, pulLastEncryptedPartLen); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_DecryptInit) +( + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey +) +{ + return NSSCKFWC_DecryptInit(fwInstance, hSession, pMechanism, hKey); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_DecryptInit +( + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey +) +{ + return __ADJOIN(MODULE_NAME,C_DecryptInit)(hSession, pMechanism, hKey); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_Decrypt) +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedData, + CK_ULONG ulEncryptedDataLen, + CK_BYTE_PTR pData, + CK_ULONG_PTR pulDataLen +) +{ + return NSSCKFWC_Decrypt(fwInstance, hSession, pEncryptedData, ulEncryptedDataLen, pData, pulDataLen); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_Decrypt +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedData, + CK_ULONG ulEncryptedDataLen, + CK_BYTE_PTR pData, + CK_ULONG_PTR pulDataLen +) +{ + return __ADJOIN(MODULE_NAME,C_Decrypt)(hSession, pEncryptedData, ulEncryptedDataLen, pData, pulDataLen); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_DecryptUpdate) +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, + CK_ULONG_PTR pulPartLen +) +{ + return NSSCKFWC_DecryptUpdate(fwInstance, hSession, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_DecryptUpdate +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, + CK_ULONG_PTR pulPartLen +) +{ + return __ADJOIN(MODULE_NAME,C_DecryptUpdate)(hSession, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_DecryptFinal) +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pLastPart, + CK_ULONG_PTR pulLastPartLen +) +{ + return NSSCKFWC_DecryptFinal(fwInstance, hSession, pLastPart, pulLastPartLen); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_DecryptFinal +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pLastPart, + CK_ULONG_PTR pulLastPartLen +) +{ + return __ADJOIN(MODULE_NAME,C_DecryptFinal)(hSession, pLastPart, pulLastPartLen); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_DigestInit) +( + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism +) +{ + return NSSCKFWC_DigestInit(fwInstance, hSession, pMechanism); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_DigestInit +( + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism +) +{ + return __ADJOIN(MODULE_NAME,C_DigestInit)(hSession, pMechanism); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_Digest) +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pDigest, + CK_ULONG_PTR pulDigestLen +) +{ + return NSSCKFWC_Digest(fwInstance, hSession, pData, ulDataLen, pDigest, pulDigestLen); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_Digest +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pDigest, + CK_ULONG_PTR pulDigestLen +) +{ + return __ADJOIN(MODULE_NAME,C_Digest)(hSession, pData, ulDataLen, pDigest, pulDigestLen); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_DigestUpdate) +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen +) +{ + return NSSCKFWC_DigestUpdate(fwInstance, hSession, pPart, ulPartLen); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_DigestUpdate +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen +) +{ + return __ADJOIN(MODULE_NAME,C_DigestUpdate)(hSession, pPart, ulPartLen); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_DigestKey) +( + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hKey +) +{ + return NSSCKFWC_DigestKey(fwInstance, hSession, hKey); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_DigestKey +( + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hKey +) +{ + return __ADJOIN(MODULE_NAME,C_DigestKey)(hSession, hKey); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_DigestFinal) +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pDigest, + CK_ULONG_PTR pulDigestLen +) +{ + return NSSCKFWC_DigestFinal(fwInstance, hSession, pDigest, pulDigestLen); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_DigestFinal +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pDigest, + CK_ULONG_PTR pulDigestLen +) +{ + return __ADJOIN(MODULE_NAME,C_DigestFinal)(hSession, pDigest, pulDigestLen); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_SignInit) +( + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey +) +{ + return NSSCKFWC_SignInit(fwInstance, hSession, pMechanism, hKey); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_SignInit +( + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey +) +{ + return __ADJOIN(MODULE_NAME,C_SignInit)(hSession, pMechanism, hKey); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_Sign) +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen +) +{ + return NSSCKFWC_Sign(fwInstance, hSession, pData, ulDataLen, pSignature, pulSignatureLen); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_Sign +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen +) +{ + return __ADJOIN(MODULE_NAME,C_Sign)(hSession, pData, ulDataLen, pSignature, pulSignatureLen); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_SignUpdate) +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen +) +{ + return NSSCKFWC_SignUpdate(fwInstance, hSession, pPart, ulPartLen); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_SignUpdate +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen +) +{ + return __ADJOIN(MODULE_NAME,C_SignUpdate)(hSession, pPart, ulPartLen); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_SignFinal) +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen +) +{ + return NSSCKFWC_SignFinal(fwInstance, hSession, pSignature, pulSignatureLen); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_SignFinal +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen +) +{ + return __ADJOIN(MODULE_NAME,C_SignFinal)(hSession, pSignature, pulSignatureLen); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_SignRecoverInit) +( + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey +) +{ + return NSSCKFWC_SignRecoverInit(fwInstance, hSession, pMechanism, hKey); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_SignRecoverInit +( + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey +) +{ + return __ADJOIN(MODULE_NAME,C_SignRecoverInit)(hSession, pMechanism, hKey); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_SignRecover) +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen +) +{ + return NSSCKFWC_SignRecover(fwInstance, hSession, pData, ulDataLen, pSignature, pulSignatureLen); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_SignRecover +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen +) +{ + return __ADJOIN(MODULE_NAME,C_SignRecover)(hSession, pData, ulDataLen, pSignature, pulSignatureLen); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_VerifyInit) +( + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey +) +{ + return NSSCKFWC_VerifyInit(fwInstance, hSession, pMechanism, hKey); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_VerifyInit +( + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey +) +{ + return __ADJOIN(MODULE_NAME,C_VerifyInit)(hSession, pMechanism, hKey); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_Verify) +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen +) +{ + return NSSCKFWC_Verify(fwInstance, hSession, pData, ulDataLen, pSignature, ulSignatureLen); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_Verify +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen +) +{ + return __ADJOIN(MODULE_NAME,C_Verify)(hSession, pData, ulDataLen, pSignature, ulSignatureLen); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_VerifyUpdate) +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen +) +{ + return NSSCKFWC_VerifyUpdate(fwInstance, hSession, pPart, ulPartLen); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_VerifyUpdate +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen +) +{ + return __ADJOIN(MODULE_NAME,C_VerifyUpdate)(hSession, pPart, ulPartLen); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_VerifyFinal) +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen +) +{ + return NSSCKFWC_VerifyFinal(fwInstance, hSession, pSignature, ulSignatureLen); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_VerifyFinal +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen +) +{ + return __ADJOIN(MODULE_NAME,C_VerifyFinal)(hSession, pSignature, ulSignatureLen); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_VerifyRecoverInit) +( + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey +) +{ + return NSSCKFWC_VerifyRecoverInit(fwInstance, hSession, pMechanism, hKey); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_VerifyRecoverInit +( + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey +) +{ + return __ADJOIN(MODULE_NAME,C_VerifyRecoverInit)(hSession, pMechanism, hKey); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_VerifyRecover) +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen, + CK_BYTE_PTR pData, + CK_ULONG_PTR pulDataLen +) +{ + return NSSCKFWC_VerifyRecover(fwInstance, hSession, pSignature, ulSignatureLen, pData, pulDataLen); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_VerifyRecover +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen, + CK_BYTE_PTR pData, + CK_ULONG_PTR pulDataLen +) +{ + return __ADJOIN(MODULE_NAME,C_VerifyRecover)(hSession, pSignature, ulSignatureLen, pData, pulDataLen); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_DigestEncryptUpdate) +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen +) +{ + return NSSCKFWC_DigestEncryptUpdate(fwInstance, hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_DigestEncryptUpdate +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen +) +{ + return __ADJOIN(MODULE_NAME,C_DigestEncryptUpdate)(hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_DecryptDigestUpdate) +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, + CK_ULONG_PTR pulPartLen +) +{ + return NSSCKFWC_DecryptDigestUpdate(fwInstance, hSession, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_DecryptDigestUpdate +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, + CK_ULONG_PTR pulPartLen +) +{ + return __ADJOIN(MODULE_NAME,C_DecryptDigestUpdate)(hSession, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_SignEncryptUpdate) +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen +) +{ + return NSSCKFWC_SignEncryptUpdate(fwInstance, hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_SignEncryptUpdate +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen +) +{ + return __ADJOIN(MODULE_NAME,C_SignEncryptUpdate)(hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_DecryptVerifyUpdate) +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, + CK_ULONG_PTR pulPartLen +) +{ + return NSSCKFWC_DecryptVerifyUpdate(fwInstance, hSession, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_DecryptVerifyUpdate +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, + CK_ULONG_PTR pulPartLen +) +{ + return __ADJOIN(MODULE_NAME,C_DecryptVerifyUpdate)(hSession, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_GenerateKey) +( + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phKey +) +{ + return NSSCKFWC_GenerateKey(fwInstance, hSession, pMechanism, pTemplate, ulCount, phKey); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_GenerateKey +( + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phKey +) +{ + return __ADJOIN(MODULE_NAME,C_GenerateKey)(hSession, pMechanism, pTemplate, ulCount, phKey); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_GenerateKeyPair) +( + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_ATTRIBUTE_PTR pPublicKeyTemplate, + CK_ULONG ulPublicKeyAttributeCount, + CK_ATTRIBUTE_PTR pPrivateKeyTemplate, + CK_ULONG ulPrivateKeyAttributeCount, + CK_OBJECT_HANDLE_PTR phPublicKey, + CK_OBJECT_HANDLE_PTR phPrivateKey +) +{ + return NSSCKFWC_GenerateKeyPair(fwInstance, hSession, pMechanism, pPublicKeyTemplate, ulPublicKeyAttributeCount, pPrivateKeyTemplate, ulPrivateKeyAttributeCount, phPublicKey, phPrivateKey); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_GenerateKeyPair +( + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_ATTRIBUTE_PTR pPublicKeyTemplate, + CK_ULONG ulPublicKeyAttributeCount, + CK_ATTRIBUTE_PTR pPrivateKeyTemplate, + CK_ULONG ulPrivateKeyAttributeCount, + CK_OBJECT_HANDLE_PTR phPublicKey, + CK_OBJECT_HANDLE_PTR phPrivateKey +) +{ + return __ADJOIN(MODULE_NAME,C_GenerateKeyPair)(hSession, pMechanism, pPublicKeyTemplate, ulPublicKeyAttributeCount, pPrivateKeyTemplate, ulPrivateKeyAttributeCount, phPublicKey, phPrivateKey); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_WrapKey) +( + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hWrappingKey, + CK_OBJECT_HANDLE hKey, + CK_BYTE_PTR pWrappedKey, + CK_ULONG_PTR pulWrappedKeyLen +) +{ + return NSSCKFWC_WrapKey(fwInstance, hSession, pMechanism, hWrappingKey, hKey, pWrappedKey, pulWrappedKeyLen); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_WrapKey +( + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hWrappingKey, + CK_OBJECT_HANDLE hKey, + CK_BYTE_PTR pWrappedKey, + CK_ULONG_PTR pulWrappedKeyLen +) +{ + return __ADJOIN(MODULE_NAME,C_WrapKey)(hSession, pMechanism, hWrappingKey, hKey, pWrappedKey, pulWrappedKeyLen); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_UnwrapKey) +( + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hUnwrappingKey, + CK_BYTE_PTR pWrappedKey, + CK_ULONG ulWrappedKeyLen, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_OBJECT_HANDLE_PTR phKey +) +{ + return NSSCKFWC_UnwrapKey(fwInstance, hSession, pMechanism, hUnwrappingKey, pWrappedKey, ulWrappedKeyLen, pTemplate, ulAttributeCount, phKey); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_UnwrapKey +( + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hUnwrappingKey, + CK_BYTE_PTR pWrappedKey, + CK_ULONG ulWrappedKeyLen, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_OBJECT_HANDLE_PTR phKey +) +{ + return __ADJOIN(MODULE_NAME,C_UnwrapKey)(hSession, pMechanism, hUnwrappingKey, pWrappedKey, ulWrappedKeyLen, pTemplate, ulAttributeCount, phKey); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_DeriveKey) +( + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hBaseKey, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_OBJECT_HANDLE_PTR phKey +) +{ + return NSSCKFWC_DeriveKey(fwInstance, hSession, pMechanism, hBaseKey, pTemplate, ulAttributeCount, phKey); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_DeriveKey +( + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hBaseKey, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_OBJECT_HANDLE_PTR phKey +) +{ + return __ADJOIN(MODULE_NAME,C_DeriveKey)(hSession, pMechanism, hBaseKey, pTemplate, ulAttributeCount, phKey); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_SeedRandom) +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSeed, + CK_ULONG ulSeedLen +) +{ + return NSSCKFWC_SeedRandom(fwInstance, hSession, pSeed, ulSeedLen); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_SeedRandom +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSeed, + CK_ULONG ulSeedLen +) +{ + return __ADJOIN(MODULE_NAME,C_SeedRandom)(hSession, pSeed, ulSeedLen); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_GenerateRandom) +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR RandomData, + CK_ULONG ulRandomLen +) +{ + return NSSCKFWC_GenerateRandom(fwInstance, hSession, RandomData, ulRandomLen); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_GenerateRandom +( + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR RandomData, + CK_ULONG ulRandomLen +) +{ + return __ADJOIN(MODULE_NAME,C_GenerateRandom)(hSession, RandomData, ulRandomLen); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_GetFunctionStatus) +( + CK_SESSION_HANDLE hSession +) +{ + return NSSCKFWC_GetFunctionStatus(fwInstance, hSession); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_GetFunctionStatus +( + CK_SESSION_HANDLE hSession +) +{ + return __ADJOIN(MODULE_NAME,C_GetFunctionStatus)(hSession); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_CancelFunction) +( + CK_SESSION_HANDLE hSession +) +{ + return NSSCKFWC_CancelFunction(fwInstance, hSession); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_CancelFunction +( + CK_SESSION_HANDLE hSession +) +{ + return __ADJOIN(MODULE_NAME,C_CancelFunction)(hSession); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_WaitForSlotEvent) +( + CK_FLAGS flags, + CK_SLOT_ID_PTR pSlot, + CK_VOID_PTR pRserved +) +{ + return NSSCKFWC_WaitForSlotEvent(fwInstance, flags, pSlot, pRserved); +} + +#ifdef DECLARE_STRICT_CRYPTOKI_NAMES +CK_RV CK_ENTRY +C_WaitForSlotEvent +( + CK_FLAGS flags, + CK_SLOT_ID_PTR pSlot, + CK_VOID_PTR pRserved +) +{ + return __ADJOIN(MODULE_NAME,C_WaitForSlotEvent)(flags, pSlot, pRserved); +} +#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_GetFunctionList) +( + CK_FUNCTION_LIST_PTR_PTR ppFunctionList +); + +static CK_FUNCTION_LIST FunctionList = { + { 2, 1 }, +__ADJOIN(MODULE_NAME,C_Initialize), +__ADJOIN(MODULE_NAME,C_Finalize), +__ADJOIN(MODULE_NAME,C_GetInfo), +__ADJOIN(MODULE_NAME,C_GetFunctionList), +__ADJOIN(MODULE_NAME,C_GetSlotList), +__ADJOIN(MODULE_NAME,C_GetSlotInfo), +__ADJOIN(MODULE_NAME,C_GetTokenInfo), +__ADJOIN(MODULE_NAME,C_GetMechanismList), +__ADJOIN(MODULE_NAME,C_GetMechanismInfo), +__ADJOIN(MODULE_NAME,C_InitToken), +__ADJOIN(MODULE_NAME,C_InitPIN), +__ADJOIN(MODULE_NAME,C_SetPIN), +__ADJOIN(MODULE_NAME,C_OpenSession), +__ADJOIN(MODULE_NAME,C_CloseSession), +__ADJOIN(MODULE_NAME,C_CloseAllSessions), +__ADJOIN(MODULE_NAME,C_GetSessionInfo), +__ADJOIN(MODULE_NAME,C_GetOperationState), +__ADJOIN(MODULE_NAME,C_SetOperationState), +__ADJOIN(MODULE_NAME,C_Login), +__ADJOIN(MODULE_NAME,C_Logout), +__ADJOIN(MODULE_NAME,C_CreateObject), +__ADJOIN(MODULE_NAME,C_CopyObject), +__ADJOIN(MODULE_NAME,C_DestroyObject), +__ADJOIN(MODULE_NAME,C_GetObjectSize), +__ADJOIN(MODULE_NAME,C_GetAttributeValue), +__ADJOIN(MODULE_NAME,C_SetAttributeValue), +__ADJOIN(MODULE_NAME,C_FindObjectsInit), +__ADJOIN(MODULE_NAME,C_FindObjects), +__ADJOIN(MODULE_NAME,C_FindObjectsFinal), +__ADJOIN(MODULE_NAME,C_EncryptInit), +__ADJOIN(MODULE_NAME,C_Encrypt), +__ADJOIN(MODULE_NAME,C_EncryptUpdate), +__ADJOIN(MODULE_NAME,C_EncryptFinal), +__ADJOIN(MODULE_NAME,C_DecryptInit), +__ADJOIN(MODULE_NAME,C_Decrypt), +__ADJOIN(MODULE_NAME,C_DecryptUpdate), +__ADJOIN(MODULE_NAME,C_DecryptFinal), +__ADJOIN(MODULE_NAME,C_DigestInit), +__ADJOIN(MODULE_NAME,C_Digest), +__ADJOIN(MODULE_NAME,C_DigestUpdate), +__ADJOIN(MODULE_NAME,C_DigestKey), +__ADJOIN(MODULE_NAME,C_DigestFinal), +__ADJOIN(MODULE_NAME,C_SignInit), +__ADJOIN(MODULE_NAME,C_Sign), +__ADJOIN(MODULE_NAME,C_SignUpdate), +__ADJOIN(MODULE_NAME,C_SignFinal), +__ADJOIN(MODULE_NAME,C_SignRecoverInit), +__ADJOIN(MODULE_NAME,C_SignRecover), +__ADJOIN(MODULE_NAME,C_VerifyInit), +__ADJOIN(MODULE_NAME,C_Verify), +__ADJOIN(MODULE_NAME,C_VerifyUpdate), +__ADJOIN(MODULE_NAME,C_VerifyFinal), +__ADJOIN(MODULE_NAME,C_VerifyRecoverInit), +__ADJOIN(MODULE_NAME,C_VerifyRecover), +__ADJOIN(MODULE_NAME,C_DigestEncryptUpdate), +__ADJOIN(MODULE_NAME,C_DecryptDigestUpdate), +__ADJOIN(MODULE_NAME,C_SignEncryptUpdate), +__ADJOIN(MODULE_NAME,C_DecryptVerifyUpdate), +__ADJOIN(MODULE_NAME,C_GenerateKey), +__ADJOIN(MODULE_NAME,C_GenerateKeyPair), +__ADJOIN(MODULE_NAME,C_WrapKey), +__ADJOIN(MODULE_NAME,C_UnwrapKey), +__ADJOIN(MODULE_NAME,C_DeriveKey), +__ADJOIN(MODULE_NAME,C_SeedRandom), +__ADJOIN(MODULE_NAME,C_GenerateRandom), +__ADJOIN(MODULE_NAME,C_GetFunctionStatus), +__ADJOIN(MODULE_NAME,C_CancelFunction), +__ADJOIN(MODULE_NAME,C_WaitForSlotEvent) +}; + +static CK_RV CK_ENTRY +__ADJOIN(MODULE_NAME,C_GetFunctionList) +( + CK_FUNCTION_LIST_PTR_PTR ppFunctionList +) +{ + *ppFunctionList = &FunctionList; + return CKR_OK; +} + +/* This one is always present */ +CK_RV CK_ENTRY +C_GetFunctionList +( + CK_FUNCTION_LIST_PTR_PTR ppFunctionList +) +{ + return __ADJOIN(MODULE_NAME,C_GetFunctionList)(ppFunctionList); +} + +#undef __ADJOIN + diff --git a/security/nss/lib/ckfw/nssckepv.h b/security/nss/lib/ckfw/nssckepv.h new file mode 100644 index 000000000..c65260829 --- /dev/null +++ b/security/nss/lib/ckfw/nssckepv.h @@ -0,0 +1,42 @@ +/* THIS IS A GENERATED FILE */ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ +#ifndef NSSCKEPV_H +#define NSSCKEPV_H + +#include "pkcs11.h" + +#endif /* NSSCKEPV_H */ diff --git a/security/nss/lib/ckfw/nssckft.h b/security/nss/lib/ckfw/nssckft.h new file mode 100644 index 000000000..506992c3f --- /dev/null +++ b/security/nss/lib/ckfw/nssckft.h @@ -0,0 +1,43 @@ +/* THIS IS A GENERATED FILE */ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifndef _NSSCKFT_H_ +#define _NSSCKFT_H_ 1 + +#include "pkcs11t.h" + +#endif /* _NSSCKFT_H_ */ diff --git a/security/nss/lib/ckfw/nssckfw.h b/security/nss/lib/ckfw/nssckfw.h new file mode 100644 index 000000000..e8149bb5d --- /dev/null +++ b/security/nss/lib/ckfw/nssckfw.h @@ -0,0 +1,526 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifndef NSSCKFW_H +#define NSSCKFW_H + +#ifdef DEBUG +static const char NSSCKFW_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +/* + * nssckfw.h + * + * This file prototypes the publicly available calls of the + * NSS Cryptoki Framework. + */ + +#ifndef NSSBASET_H +#include "nssbaset.h" +#endif /* NSSBASET_H */ + +#ifndef NSSCKT_H +#include "nssckt.h" +#endif /* NSSCKT_H */ + +#ifndef NSSCKFWT_H +#include "nssckfwt.h" +#endif /* NSSCKFWT_H */ + +/* + * NSSCKFWInstance + * + * NSSCKFWInstance_GetMDInstance + * NSSCKFWInstance_GetArena + * NSSCKFWInstance_MayCreatePthreads + * NSSCKFWInstance_CreateMutex + * NSSCKFWInstance_GetConfigurationData + */ + +/* + * NSSCKFWInstance_GetMDInstance + * + */ + +NSS_EXTERN NSSCKMDInstance * +NSSCKFWInstance_GetMDInstance +( + NSSCKFWInstance *fwInstance +); + +/* + * NSSCKFWInstance_GetArena + * + */ + +NSS_EXTERN NSSArena * +NSSCKFWInstance_GetArena +( + NSSCKFWInstance *fwInstance, + CK_RV *pError +); + +/* + * NSSCKFWInstance_MayCreatePthreads + * + */ + +NSS_EXTERN CK_BBOOL +NSSCKFWInstance_MayCreatePthreads +( + NSSCKFWInstance *fwInstance +); + +/* + * NSSCKFWInstance_CreateMutex + * + */ + +NSS_EXTERN NSSCKFWMutex * +NSSCKFWInstance_CreateMutex +( + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError +); + +/* + * NSSCKFWInstance_GetConfigurationData + * + */ + +NSS_EXTERN NSSUTF8 * +NSSCKFWInstance_GetConfigurationData +( + NSSCKFWInstance *fwInstance +); + +/* + * NSSCKFWInstance_GetInitArgs + * + */ + +NSS_EXTERN CK_C_INITIALIZE_ARGS_PTR +NSSCKFWInstance_GetInitArgs +( + NSSCKFWInstance *fwInstance +); + +/* + * NSSCKFWSlot + * + * NSSCKFWSlot_GetMDSlot + * NSSCKFWSlot_GetFWInstance + * NSSCKFWSlot_GetMDInstance + * + */ + +/* + * NSSCKFWSlot_GetMDSlot + * + */ + +NSS_EXTERN NSSCKMDSlot * +NSSCKFWSlot_GetMDSlot +( + NSSCKFWSlot *fwSlot +); + +/* + * NSSCKFWSlot_GetFWInstance + * + */ + +NSS_EXTERN NSSCKFWInstance * +NSSCKFWSlot_GetFWInstance +( + NSSCKFWSlot *fwSlot +); + +/* + * NSSCKFWSlot_GetMDInstance + * + */ + +NSS_EXTERN NSSCKMDInstance * +NSSCKFWSlot_GetMDInstance +( + NSSCKFWSlot *fwSlot +); + +/* + * NSSCKFWToken + * + * NSSCKFWToken_GetMDToken + * NSSCKFWToken_GetFWSlot + * NSSCKFWToken_GetMDSlot + * NSSCKFWToken_GetSessionState + * + */ + +/* + * NSSCKFWToken_GetMDToken + * + */ + +NSS_EXTERN NSSCKMDToken * +NSSCKFWToken_GetMDToken +( + NSSCKFWToken *fwToken +); + +/* + * NSSCKFWToken_GetArena + * + */ + +NSS_EXTERN NSSArena * +NSSCKFWToken_GetArena +( + NSSCKFWToken *fwToken, + CK_RV *pError +); + +/* + * NSSCKFWToken_GetFWSlot + * + */ + +NSS_EXTERN NSSCKFWSlot * +NSSCKFWToken_GetFWSlot +( + NSSCKFWToken *fwToken +); + +/* + * NSSCKFWToken_GetMDSlot + * + */ + +NSS_EXTERN NSSCKMDSlot * +NSSCKFWToken_GetMDSlot +( + NSSCKFWToken *fwToken +); + +/* + * NSSCKFWToken_GetSessionState + * + */ + +NSS_EXTERN CK_STATE +NSSCKFWToken_GetSessionState +( + NSSCKFWToken *fwToken +); + +/* + * NSSCKFWMechanism + * + * NSSKCFWMechanism_GetMDMechanism + * NSSCKFWMechanism_GetParameter + * + */ + +/* + * NSSKCFWMechanism_GetMDMechanism + * + */ + +NSS_EXTERN NSSCKMDMechanism * +NSSCKFWMechanism_GetMDMechanism +( + NSSCKFWMechanism *fwMechanism +); + +/* + * NSSCKFWMechanism_GetParameter + * + */ + +NSS_EXTERN NSSItem * +NSSCKFWMechanism_GetParameter +( + NSSCKFWMechanism *fwMechanism +); + +/* + * NSSCKFWSession + * + * NSSCKFWSession_GetMDSession + * NSSCKFWSession_GetArena + * NSSCKFWSession_CallNotification + * NSSCKFWSession_IsRWSession + * NSSCKFWSession_IsSO + * NSSCKFWSession_GetCurrentCryptoOperation + * + */ + +/* + * NSSCKFWSession_GetMDSession + * + */ + +NSS_EXTERN NSSCKMDSession * +NSSCKFWSession_GetMDSession +( + NSSCKFWSession *fwSession +); + +/* + * NSSCKFWSession_GetArena + * + */ + +NSS_EXTERN NSSArena * +NSSCKFWSession_GetArena +( + NSSCKFWSession *fwSession, + CK_RV *pError +); + +/* + * NSSCKFWSession_CallNotification + * + */ + +NSS_EXTERN CK_RV +NSSCKFWSession_CallNotification +( + NSSCKFWSession *fwSession, + CK_NOTIFICATION event +); + +/* + * NSSCKFWSession_IsRWSession + * + */ + +NSS_EXTERN CK_BBOOL +NSSCKFWSession_IsRWSession +( + NSSCKFWSession *fwSession +); + +/* + * NSSCKFWSession_IsSO + * + */ + +NSS_EXTERN CK_BBOOL +NSSCKFWSession_IsSO +( + NSSCKFWSession *fwSession +); + +/* + * NSSCKFWSession_GetCurrentCryptoOperation + * + */ + +NSS_EXTERN NSSCKFWCryptoOperation * +NSSCKFWSession_GetCurrentCryptoOperation +( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationState state +); + +/* + * NSSCKFWObject + * + * NSSCKFWObject_GetMDObject + * NSSCKFWObject_GetArena + * NSSCKFWObject_IsTokenObject + * NSSCKFWObject_GetAttributeCount + * NSSCKFWObject_GetAttributeTypes + * NSSCKFWObject_GetAttributeSize + * NSSCKFWObject_GetAttribute + * NSSCKFWObject_GetObjectSize + */ + +/* + * NSSCKFWObject_GetMDObject + * + */ +NSS_EXTERN NSSCKMDObject * +NSSCKFWObject_GetMDObject +( + NSSCKFWObject *fwObject +); + +/* + * NSSCKFWObject_GetArena + * + */ +NSS_EXTERN NSSArena * +NSSCKFWObject_GetArena +( + NSSCKFWObject *fwObject, + CK_RV *pError +); + +/* + * NSSCKFWObject_IsTokenObject + * + */ +NSS_EXTERN CK_BBOOL +NSSCKFWObject_IsTokenObject +( + NSSCKFWObject *fwObject +); + +/* + * NSSCKFWObject_GetAttributeCount + * + */ +NSS_EXTERN CK_ULONG +NSSCKFWObject_GetAttributeCount +( + NSSCKFWObject *fwObject, + CK_RV *pError +); + +/* + * NSSCKFWObject_GetAttributeTypes + * + */ +NSS_EXTERN CK_RV +NSSCKFWObject_GetAttributeTypes +( + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount +); + +/* + * NSSCKFWObject_GetAttributeSize + * + */ +NSS_EXTERN CK_ULONG +NSSCKFWObject_GetAttributeSize +( + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError +); + +/* + * NSSCKFWObject_GetAttribute + * + */ +NSS_EXTERN NSSItem * +NSSCKFWObject_GetAttribute +( + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_TYPE attribute, + NSSItem *itemOpt, + NSSArena *arenaOpt, + CK_RV *pError +); + +/* + * NSSCKFWObject_GetObjectSize + * + */ +NSS_EXTERN CK_ULONG +NSSCKFWObject_GetObjectSize +( + NSSCKFWObject *fwObject, + CK_RV *pError +); + +/* + * NSSCKFWFindObjects + * + * NSSCKFWFindObjects_GetMDFindObjects + * + */ + +/* + * NSSCKFWFindObjects_GetMDFindObjects + * + */ + +NSS_EXTERN NSSCKMDFindObjects * +NSSCKFWFindObjects_GetMDFindObjects +( + NSSCKFWFindObjects * +); + +/* + * NSSCKFWMutex + * + * NSSCKFWMutex_Destroy + * NSSCKFWMutex_Lock + * NSSCKFWMutex_Unlock + * + */ + +/* + * NSSCKFWMutex_Destroy + * + */ + +NSS_EXTERN CK_RV +NSSCKFWMutex_Destroy +( + NSSCKFWMutex *mutex +); + +/* + * NSSCKFWMutex_Lock + * + */ + +NSS_EXTERN CK_RV +NSSCKFWMutex_Lock +( + NSSCKFWMutex *mutex +); + +/* + * NSSCKFWMutex_Unlock + * + */ + +NSS_EXTERN CK_RV +NSSCKFWMutex_Unlock +( + NSSCKFWMutex *mutex +); + +#endif /* NSSCKFW_H */ + diff --git a/security/nss/lib/ckfw/nssckfwc.h b/security/nss/lib/ckfw/nssckfwc.h new file mode 100644 index 000000000..965fb2a02 --- /dev/null +++ b/security/nss/lib/ckfw/nssckfwc.h @@ -0,0 +1,1049 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifndef NSSCKFWC_H +#define NSSCKFWC_H + +#ifdef DEBUG +static const char NSSCKFWC_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +/* + * nssckfwc.h + * + * This file prototypes all of the NSS Cryptoki Framework "wrapper" + * which implement the PKCS#11 API. Technically, these are public + * routines (with capital "NSS" prefixes), since they are called + * from (generated) code within a Module using the Framework. + * However, they should not be called except from those generated + * calls. Hence, the prototypes have been split out into this file. + */ + +#ifndef NSSCKT_H +#include "nssckt.h" +#endif /* NSSCKT_H */ + +#ifndef NSSCKFWT_H +#include "nssckfwt.h" +#endif /* NSSCKFWT_H */ + +#ifndef NSSCKMDT_H +#include "nssckmdt.h" +#endif /* NSSCKMDT_H */ + +/* + * NSSCKFWC_Initialize + * NSSCKFWC_Finalize + * NSSCKFWC_GetInfo + * -- NSSCKFWC_GetFunctionList -- see the API insert file + * NSSCKFWC_GetSlotList + * NSSCKFWC_GetSlotInfo + * NSSCKFWC_GetTokenInfo + * NSSCKFWC_WaitForSlotEvent + * NSSCKFWC_GetMechanismList + * NSSCKFWC_GetMechanismInfo + * NSSCKFWC_InitToken + * NSSCKFWC_InitPIN + * NSSCKFWC_SetPIN + * NSSCKFWC_OpenSession + * NSSCKFWC_CloseSession + * NSSCKFWC_CloseAllSessions + * NSSCKFWC_GetSessionInfo + * NSSCKFWC_GetOperationState + * NSSCKFWC_SetOperationState + * NSSCKFWC_Login + * NSSCKFWC_Logout + * NSSCKFWC_CreateObject + * NSSCKFWC_CopyObject + * NSSCKFWC_DestroyObject + * NSSCKFWC_GetObjectSize + * NSSCKFWC_GetAttributeValue + * NSSCKFWC_SetAttributeValue + * NSSCKFWC_FindObjectsInit + * NSSCKFWC_FindObjects + * NSSCKFWC_FindObjectsFinal + * NSSCKFWC_EncryptInit + * NSSCKFWC_Encrypt + * NSSCKFWC_EncryptUpdate + * NSSCKFWC_EncryptFinal + * NSSCKFWC_DecryptInit + * NSSCKFWC_Decrypt + * NSSCKFWC_DecryptUpdate + * NSSCKFWC_DecryptFinal + * NSSCKFWC_DigestInit + * NSSCKFWC_Digest + * NSSCKFWC_DigestUpdate + * NSSCKFWC_DigestKey + * NSSCKFWC_DigestFinal + * NSSCKFWC_SignInit + * NSSCKFWC_Sign + * NSSCKFWC_SignUpdate + * NSSCKFWC_SignFinal + * NSSCKFWC_SignRecoverInit + * NSSCKFWC_SignRecover + * NSSCKFWC_VerifyInit + * NSSCKFWC_Verify + * NSSCKFWC_VerifyUpdate + * NSSCKFWC_VerifyFinal + * NSSCKFWC_VerifyRecoverInit + * NSSCKFWC_VerifyRecover + * NSSCKFWC_DigestEncryptUpdate + * NSSCKFWC_DecryptDigestUpdate + * NSSCKFWC_SignEncryptUpdate + * NSSCKFWC_DecryptVerifyUpdate + * NSSCKFWC_GenerateKey + * NSSCKFWC_GenerateKeyPair + * NSSCKFWC_WrapKey + * NSSCKFWC_UnwrapKey + * NSSCKFWC_DeriveKey + * NSSCKFWC_SeedRandom + * NSSCKFWC_GenerateRandom + * NSSCKFWC_GetFunctionStatus + * NSSCKFWC_CancelFunction + */ + +/* + * NSSCKFWC_Initialize + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_Initialize +( + NSSCKFWInstance **pFwInstance, + NSSCKMDInstance *mdInstance, + CK_VOID_PTR pInitArgs +); + +/* + * NSSCKFWC_Finalize + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_Finalize +( + NSSCKFWInstance **pFwInstance +); + +/* + * NSSCKFWC_GetInfo + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_GetInfo +( + NSSCKFWInstance *fwInstance, + CK_INFO_PTR pInfo +); + +/* + * C_GetFunctionList is implemented entirely in the Module's file which + * includes the Framework API insert file. It requires no "actual" + * NSSCKFW routine. + */ + +/* + * NSSCKFWC_GetSlotList + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_GetSlotList +( + NSSCKFWInstance *fwInstance, + CK_BBOOL tokenPresent, + CK_SLOT_ID_PTR pSlotList, + CK_ULONG_PTR pulCount +); + +/* + * NSSCKFWC_GetSlotInfo + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_GetSlotInfo +( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID, + CK_SLOT_INFO_PTR pInfo +); + +/* + * NSSCKFWC_GetTokenInfo + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_GetTokenInfo +( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID, + CK_TOKEN_INFO_PTR pInfo +); + +/* + * NSSCKFWC_WaitForSlotEvent + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_WaitForSlotEvent +( + NSSCKFWInstance *fwInstance, + CK_FLAGS flags, + CK_SLOT_ID_PTR pSlot, + CK_VOID_PTR pReserved +); + +/* + * NSSCKFWC_GetMechanismList + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_GetMechanismList +( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID, + CK_MECHANISM_TYPE_PTR pMechanismList, + CK_ULONG_PTR pulCount +); + +/* + * NSSCKFWC_GetMechanismInfo + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_GetMechanismInfo +( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID, + CK_MECHANISM_TYPE type, + CK_MECHANISM_INFO_PTR pInfo +); + +/* + * NSSCKFWC_InitToken + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_InitToken +( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID, + CK_CHAR_PTR pPin, + CK_ULONG ulPinLen, + CK_CHAR_PTR pLabel +); + +/* + * NSSCKFWC_InitPIN + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_InitPIN +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_CHAR_PTR pPin, + CK_ULONG ulPinLen +); + +/* + * NSSCKFWC_SetPIN + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_SetPIN +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_CHAR_PTR pOldPin, + CK_ULONG ulOldLen, + CK_CHAR_PTR pNewPin, + CK_ULONG ulNewLen +); + +/* + * NSSCKFWC_OpenSession + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_OpenSession +( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID, + CK_FLAGS flags, + CK_VOID_PTR pApplication, + CK_NOTIFY Notify, + CK_SESSION_HANDLE_PTR phSession +); + +/* + * NSSCKFWC_CloseSession + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_CloseSession +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession +); + +/* + * NSSCKFWC_CloseAllSessions + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_CloseAllSessions +( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID +); + +/* + * NSSCKFWC_GetSessionInfo + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_GetSessionInfo +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_SESSION_INFO_PTR pInfo +); + +/* + * NSSCKFWC_GetOperationState + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_GetOperationState +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pOperationState, + CK_ULONG_PTR pulOperationStateLen +); + +/* + * NSSCKFWC_SetOperationState + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_SetOperationState +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pOperationState, + CK_ULONG ulOperationStateLen, + CK_OBJECT_HANDLE hEncryptionKey, + CK_OBJECT_HANDLE hAuthenticationKey +); + +/* + * NSSCKFWC_Login + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_Login +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_USER_TYPE userType, + CK_CHAR_PTR pPin, + CK_ULONG ulPinLen +); + +/* + * NSSCKFWC_Logout + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_Logout +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession +); + +/* + * NSSCKFWC_CreateObject + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_CreateObject +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phObject +); + +/* + * NSSCKFWC_CopyObject + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_CopyObject +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phNewObject +); + +/* + * NSSCKFWC_DestroyObject + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_DestroyObject +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject +); + +/* + * NSSCKFWC_GetObjectSize + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_GetObjectSize +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ULONG_PTR pulSize +); + +/* + * NSSCKFWC_GetAttributeValue + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_GetAttributeValue +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount +); + +/* + * NSSCKFWC_SetAttributeValue + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_SetAttributeValue +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount +); + +/* + * NSSCKFWC_FindObjectsInit + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_FindObjectsInit +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount +); + +/* + * NSSCKFWC_FindObjects + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_FindObjects +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE_PTR phObject, + CK_ULONG ulMaxObjectCount, + CK_ULONG_PTR pulObjectCount +); + +/* + * NSSCKFWC_FindObjectsFinal + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_FindObjectsFinal +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession +); + +/* + * NSSCKFWC_EncryptInit + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_EncryptInit +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey +); + +/* + * NSSCKFWC_Encrypt + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_Encrypt +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pEncryptedData, + CK_ULONG_PTR pulEncryptedDataLen +); + +/* + * NSSCKFWC_EncryptUpdate + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_EncryptUpdate +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen +); + +/* + * NSSCKFWC_EncryptFinal + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_EncryptFinal +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pLastEncryptedPart, + CK_ULONG_PTR pulLastEncryptedPartLen +); + +/* + * NSSCKFWC_DecryptInit + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_DecryptInit +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey +); + +/* + * NSSCKFWC_Decrypt + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_Decrypt +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedData, + CK_ULONG ulEncryptedDataLen, + CK_BYTE_PTR pData, + CK_ULONG_PTR pulDataLen +); + +/* + * NSSCKFWC_DecryptUpdate + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_DecryptUpdate +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, + CK_ULONG_PTR pulPartLen +); + +/* + * NSSCKFWC_DecryptFinal + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_DecryptFinal +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pLastPart, + CK_ULONG_PTR pulLastPartLen +); + +/* + * NSSCKFWC_DigestInit + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_DigestInit +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism +); + +/* + * NSSCKFWC_Digest + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_Digest +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pDigest, + CK_ULONG_PTR pulDigestLen +); + +/* + * NSSCKFWC_DigestUpdate + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_DigestUpdate +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen +); + +/* + * NSSCKFWC_DigestKey + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_DigestKey +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hKey +); + +/* + * NSSCKFWC_DigestFinal + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_DigestFinal +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pDigest, + CK_ULONG_PTR pulDigestLen +); + +/* + * NSSCKFWC_SignInit + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_SignInit +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey +); + +/* + * NSSCKFWC_Sign + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_Sign +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen +); + +/* + * NSSCKFWC_SignUpdate + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_SignUpdate +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen +); + +/* + * NSSCKFWC_SignFinal + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_SignFinal +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen +); + +/* + * NSSCKFWC_SignRecoverInit + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_SignRecoverInit +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey +); + +/* + * NSSCKFWC_SignRecover + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_SignRecover +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen +); + +/* + * NSSCKFWC_VerifyInit + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_VerifyInit +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey +); + +/* + * NSSCKFWC_Verify + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_Verify +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen +); + +/* + * NSSCKFWC_VerifyUpdate + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_VerifyUpdate +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen +); + +/* + * NSSCKFWC_VerifyFinal + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_VerifyFinal +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen +); + +/* + * NSSCKFWC_VerifyRecoverInit + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_VerifyRecoverInit +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey +); + +/* + * NSSCKFWC_VerifyRecover + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_VerifyRecover +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen, + CK_BYTE_PTR pData, + CK_ULONG_PTR pulDataLen +); + +/* + * NSSCKFWC_DigestEncryptUpdate + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_DigestEncryptUpdate +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen +); + +/* + * NSSCKFWC_DecryptDigestUpdate + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_DecryptDigestUpdate +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, + CK_ULONG_PTR pulPartLen +); + +/* + * NSSCKFWC_SignEncryptUpdate + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_SignEncryptUpdate +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen +); + +/* + * NSSCKFWC_DecryptVerifyUpdate + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_DecryptVerifyUpdate +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, + CK_ULONG_PTR pulPartLen +); + +/* + * NSSCKFWC_GenerateKey + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_GenerateKey +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phKey +); + +/* + * NSSCKFWC_GenerateKeyPair + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_GenerateKeyPair +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_ATTRIBUTE_PTR pPublicKeyTemplate, + CK_ULONG ulPublicKeyAttributeCount, + CK_ATTRIBUTE_PTR pPrivateKeyTemplate, + CK_ULONG ulPrivateKeyAttributeCount, + CK_OBJECT_HANDLE_PTR phPublicKey, + CK_OBJECT_HANDLE_PTR phPrivateKey +); + +/* + * NSSCKFWC_WrapKey + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_WrapKey +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hWrappingKey, + CK_OBJECT_HANDLE hKey, + CK_BYTE_PTR pWrappedKey, + CK_ULONG_PTR pulWrappedKeyLen +); + +/* + * NSSCKFWC_UnwrapKey + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_UnwrapKey +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hUnwrappingKey, + CK_BYTE_PTR pWrappedKey, + CK_ULONG ulWrappedKeyLen, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_OBJECT_HANDLE_PTR phKey +); + +/* + * NSSCKFWC_DeriveKey + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_DeriveKey +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hBaseKey, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_OBJECT_HANDLE_PTR phKey +); + +/* + * NSSCKFWC_SeedRandom + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_SeedRandom +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSeed, + CK_ULONG ulSeedLen +); + +/* + * NSSCKFWC_GenerateRandom + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_GenerateRandom +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pRandomData, + CK_ULONG ulRandomLen +); + +/* + * NSSCKFWC_GetFunctionStatus + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_GetFunctionStatus +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession +); + +/* + * NSSCKFWC_CancelFunction + * + */ +NSS_EXTERN CK_RV +NSSCKFWC_CancelFunction +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession +); + +#endif /* NSSCKFWC_H */ diff --git a/security/nss/lib/ckfw/nssckfwt.h b/security/nss/lib/ckfw/nssckfwt.h new file mode 100644 index 000000000..2645b4631 --- /dev/null +++ b/security/nss/lib/ckfw/nssckfwt.h @@ -0,0 +1,146 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifndef NSSCKFWT_H +#define NSSCKFWT_H + +#ifdef DEBUG +static const char NSSCKFWT_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +/* + * nssckfwt.h + * + * This file declares the public types used by the NSS Cryptoki Framework. + */ + +/* + * NSSCKFWInstance + * + */ + +struct NSSCKFWInstanceStr; +typedef struct NSSCKFWInstanceStr NSSCKFWInstance; + +/* + * NSSCKFWSlot + * + */ + +struct NSSCKFWSlotStr; +typedef struct NSSCKFWSlotStr NSSCKFWSlot; + +/* + * NSSCKFWToken + * + */ + +struct NSSCKFWTokenStr; +typedef struct NSSCKFWTokenStr NSSCKFWToken; + +/* + * NSSCKFWMechanism + * + */ + +struct NSSCKFWMechanismStr; +typedef struct NSSCKFWMechanismStr NSSCKFWMechanism; + +/* + * NSSCKFWCryptoOperation + * + */ + +struct NSSCKFWCryptoOperationStr; +typedef struct NSSCKFWCryptoOperationStr NSSCKFWCryptoOperation; + + +/* + * NSSCKFWSession + * + */ + +struct NSSCKFWSessionStr; +typedef struct NSSCKFWSessionStr NSSCKFWSession; + +/* + * NSSCKFWObject + * + */ + +struct NSSCKFWObjectStr; +typedef struct NSSCKFWObjectStr NSSCKFWObject; + +/* + * NSSCKFWFindObjects + * + */ + +struct NSSCKFWFindObjectsStr; +typedef struct NSSCKFWFindObjectsStr NSSCKFWFindObjects; + +/* + * NSSCKFWMutex + * + */ + +struct NSSCKFWMutexStr; +typedef struct NSSCKFWMutexStr NSSCKFWMutex; + +typedef enum { + SingleThreaded, + MultiThreaded +} CryptokiLockingState ; + +/* used as an index into an array, make sure it starts at '0' */ +typedef enum { + NSSCKFWCryptoOperationState_EncryptDecrypt = 0, + NSSCKFWCryptoOperationState_SignVerify, + NSSCKFWCryptoOperationState_Digest, + NSSCKFWCryptoOperationState_Max +} NSSCKFWCryptoOperationState; + +typedef enum { + NSSCKFWCryptoOperationType_Encrypt, + NSSCKFWCryptoOperationType_Decrypt, + NSSCKFWCryptoOperationType_Digest, + NSSCKFWCryptoOperationType_Sign, + NSSCKFWCryptoOperationType_Verify, + NSSCKFWCryptoOperationType_SignRecover, + NSSCKFWCryptoOperationType_VerifyRecover +} NSSCKFWCryptoOperationType; + +#endif /* NSSCKFWT_H */ diff --git a/security/nss/lib/ckfw/nssckg.h b/security/nss/lib/ckfw/nssckg.h new file mode 100644 index 000000000..f6d55243c --- /dev/null +++ b/security/nss/lib/ckfw/nssckg.h @@ -0,0 +1,42 @@ +/* THIS IS A GENERATED FILE */ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ +#ifndef NSSCKG_H +#define NSSCKG_H + +#include "pkcs11.h" + +#endif /* NSSCKG_H */ diff --git a/security/nss/lib/ckfw/nssckmdt.h b/security/nss/lib/ckfw/nssckmdt.h new file mode 100644 index 000000000..96fa0853d --- /dev/null +++ b/security/nss/lib/ckfw/nssckmdt.h @@ -0,0 +1,1981 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifndef NSSCKMDT_H +#define NSSCKMDT_H + +#ifdef DEBUG +static const char NSSCKMDT_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +/* + * nssckmdt.h + * + * This file specifies the basic types that must be implemented by + * any Module using the NSS Cryptoki Framework. + */ + +#ifndef NSSBASET_H +#include "nssbaset.h" +#endif /* NSSBASET_H */ + +#ifndef NSSCKT_H +#include "nssckt.h" +#endif /* NSSCKT_H */ + +#ifndef NSSCKFWT_H +#include "nssckfwt.h" +#endif /* NSSCKFWT_H */ + +typedef struct NSSCKMDInstanceStr NSSCKMDInstance; +typedef struct NSSCKMDSlotStr NSSCKMDSlot; +typedef struct NSSCKMDTokenStr NSSCKMDToken; +typedef struct NSSCKMDSessionStr NSSCKMDSession; +typedef struct NSSCKMDCryptoOperationStr NSSCKMDCryptoOperation; +typedef struct NSSCKMDFindObjectsStr NSSCKMDFindObjects; +typedef struct NSSCKMDMechanismStr NSSCKMDMechanism; +typedef struct NSSCKMDObjectStr NSSCKMDObject; + +/* + * NSSCKFWItem + * + * This is a structure used by modules to return object attributes. + * The needsFreeing bit indicates whether the object needs to be freed. + * If so, the framework will call the FreeAttribute function on the item + * after it is done using it. + * + */ + +typedef struct { + PRBool needsFreeing; + NSSItem* item; +} NSSCKFWItem ; + +/* + * NSSCKMDInstance + * + * This is the basic handle for an instance of a PKCS#11 Module. + * It is returned by the Module's CreateInstance routine, and + * may be obtained from the corresponding NSSCKFWInstance object. + * It contains a pointer for use by the Module, to store any + * instance-related data, and it contains the EPV for a set of + * routines which the Module may implement for use by the Framework. + * Some of these routines are optional; others are mandatory. + */ + +struct NSSCKMDInstanceStr { + /* + * The Module may use this pointer for its own purposes. + */ + void *etc; + + /* + * This routine is called by the Framework to initialize + * the Module. This routine is optional; if unimplemented, + * it won't be called. If this routine returns an error, + * then the initialization will fail. + */ + CK_RV (PR_CALLBACK *Initialize)( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSUTF8 *configurationData + ); + + /* + * This routine is called when the Framework is finalizing + * the PKCS#11 Module. It is the last thing called before + * the NSSCKFWInstance's NSSArena is destroyed. This routine + * is optional; if unimplemented, it merely won't be called. + */ + void (PR_CALLBACK *Finalize)( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * This routine gets the number of slots. This value must + * never change, once the instance is initialized. This + * routine must be implemented. It may return zero on error. + */ + CK_ULONG (PR_CALLBACK *GetNSlots)( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError + ); + + /* + * This routine returns the version of the Cryptoki standard + * to which this Module conforms. This routine is optional; + * if unimplemented, the Framework uses the version to which + * ~it~ was implemented. + */ + CK_VERSION (PR_CALLBACK *GetCryptokiVersion)( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * This routine returns a pointer to a UTF8-encoded string + * containing the manufacturer ID for this Module. Only + * the characters completely encoded in the first thirty- + * two bytes are significant. This routine is optional. + * The string returned is never freed; if dynamically generated, + * the space for it should be allocated from the NSSArena + * that may be obtained from the NSSCKFWInstance. This + * routine may return NULL upon error; however if *pError + * is CKR_OK, the NULL will be considered the valid response. + */ + NSSUTF8 *(PR_CALLBACK *GetManufacturerID)( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError + ); + + /* + * This routine returns a pointer to a UTF8-encoded string + * containing a description of this Module library. Only + * the characters completely encoded in the first thirty- + * two bytes are significant. This routine is optional. + * The string returned is never freed; if dynamically generated, + * the space for it should be allocated from the NSSArena + * that may be obtained from the NSSCKFWInstance. This + * routine may return NULL upon error; however if *pError + * is CKR_OK, the NULL will be considered the valid response. + */ + NSSUTF8 *(PR_CALLBACK *GetLibraryDescription)( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError + ); + + /* + * This routine returns the version of this Module library. + * This routine is optional; if unimplemented, the Framework + * will assume a Module library version of 0.1. + */ + CK_VERSION (PR_CALLBACK *GetLibraryVersion)( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * This routine returns CK_TRUE if the Module wishes to + * handle session objects. This routine is optional. + * If this routine is NULL, or if it exists but returns + * CK_FALSE, the Framework will assume responsibility + * for managing session objects. + */ + CK_BBOOL (PR_CALLBACK *ModuleHandlesSessionObjects)( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * This routine stuffs pointers to NSSCKMDSlot objects into + * the specified array; one for each slot supported by this + * instance. The Framework will determine the size needed + * for the array by calling GetNSlots. This routine is + * required. + */ + CK_RV (PR_CALLBACK *GetSlots)( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDSlot *slots[] + ); + + /* + * This call returns a pointer to the slot in which an event + * has occurred. If the block argument is CK_TRUE, the call + * should block until a slot event occurs; if CK_FALSE, it + * should check to see if an event has occurred, occurred, + * but return NULL (and set *pError to CK_NO_EVENT) if one + * hasn't. This routine is optional; if unimplemented, the + * Framework will assume that no event has happened. This + * routine may return NULL upon error. + */ + NSSCKMDSlot *(PR_CALLBACK *WaitForSlotEvent)( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_BBOOL block, + CK_RV *pError + ); + + /* + * This object may be extended in future versions of the + * NSS Cryptoki Framework. To allow for some flexibility + * in the area of binary compatibility, this field should + * be NULL. + */ + void *null; +}; + + +/* + * NSSCKMDSlot + * + * This is the basic handle for a PKCS#11 Module Slot. It is + * created by the NSSCKMDInstance->GetSlots call, and may be + * obtained from the Framework's corresponding NSSCKFWSlot + * object. It contains a pointer for use by the Module, to + * store any slot-related data, and it contains the EPV for + * a set of routines which the Module may implement for use + * by the Framework. Some of these routines are optional. + */ + +struct NSSCKMDSlotStr { + /* + * The Module may use this pointer for its own purposes. + */ + void *etc; + + /* + * This routine is called during the Framework initialization + * step, after the Framework Instance has obtained the list + * of slots (by calling NSSCKMDInstance->GetSlots). Any slot- + * specific initialization can be done here. This routine is + * optional; if unimplemented, it won't be called. Note that + * if this routine returns an error, the entire Framework + * initialization for this Module will fail. + */ + CK_RV (PR_CALLBACK *Initialize)( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * This routine is called when the Framework is finalizing + * the PKCS#11 Module. This call (for each of the slots) + * is the last thing called before NSSCKMDInstance->Finalize. + * This routine is optional; if unimplemented, it merely + * won't be called. Note: In the rare circumstance that + * the Framework initialization cannot complete (due to, + * for example, memory limitations), this can be called with + * a NULL value for fwSlot. + */ + void (PR_CALLBACK *Destroy)( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * This routine returns a pointer to a UTF8-encoded string + * containing a description of this slot. Only the characters + * completely encoded in the first sixty-four bytes are + * significant. This routine is optional. The string + * returned is never freed; if dynamically generated, + * the space for it should be allocated from the NSSArena + * that may be obtained from the NSSCKFWInstance. This + * routine may return NULL upon error; however if *pError + * is CKR_OK, the NULL will be considered the valid response. + */ + NSSUTF8 *(PR_CALLBACK *GetSlotDescription)( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError + ); + + /* + * This routine returns a pointer to a UTF8-encoded string + * containing a description of the manufacturer of this slot. + * Only the characters completely encoded in the first thirty- + * two bytes are significant. This routine is optional. + * The string returned is never freed; if dynamically generated, + * the space for it should be allocated from the NSSArena + * that may be obtained from the NSSCKFWInstance. This + * routine may return NULL upon error; however if *pError + * is CKR_OK, the NULL will be considered the valid response. + */ + NSSUTF8 *(PR_CALLBACK *GetManufacturerID)( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError + ); + + /* + * This routine returns CK_TRUE if a token is present in this + * slot. This routine is optional; if unimplemented, CK_TRUE + * is assumed. + */ + CK_BBOOL (PR_CALLBACK *GetTokenPresent)( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * This routine returns CK_TRUE if the slot supports removable + * tokens. This routine is optional; if unimplemented, CK_FALSE + * is assumed. + */ + CK_BBOOL (PR_CALLBACK *GetRemovableDevice)( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * This routine returns CK_TRUE if this slot is a hardware + * device, or CK_FALSE if this slot is a software device. This + * routine is optional; if unimplemented, CK_FALSE is assumed. + */ + CK_BBOOL (PR_CALLBACK *GetHardwareSlot)( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * This routine returns the version of this slot's hardware. + * This routine is optional; if unimplemented, the Framework + * will assume a hardware version of 0.1. + */ + CK_VERSION (PR_CALLBACK *GetHardwareVersion)( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * This routine returns the version of this slot's firmware. + * This routine is optional; if unimplemented, the Framework + * will assume a hardware version of 0.1. + */ + CK_VERSION (PR_CALLBACK *GetFirmwareVersion)( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * This routine should return a pointer to an NSSCKMDToken + * object corresponding to the token in the specified slot. + * The NSSCKFWToken object passed in has an NSSArena + * available which is dedicated for this token. This routine + * must be implemented. This routine may return NULL upon + * error. + */ + NSSCKMDToken *(PR_CALLBACK *GetToken)( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError + ); + + /* + * This object may be extended in future versions of the + * NSS Cryptoki Framework. To allow for some flexibility + * in the area of binary compatibility, this field should + * be NULL. + */ + void *null; +}; + +/* + * NSSCKMDToken + * + * This is the basic handle for a PKCS#11 Token. It is created by + * the NSSCKMDSlot->GetToken call, and may be obtained from the + * Framework's corresponding NSSCKFWToken object. It contains a + * pointer for use by the Module, to store any token-related + * data, and it contains the EPV for a set of routines which the + * Module may implement for use by the Framework. Some of these + * routines are optional. + */ + +struct NSSCKMDTokenStr { + /* + * The Module may use this pointer for its own purposes. + */ + void *etc; + + /* + * This routine is used to prepare a Module token object for + * use. It is called after the NSSCKMDToken object is obtained + * from NSSCKMDSlot->GetToken. It is named "Setup" here because + * Cryptoki already defines "InitToken" to do the process of + * wiping out any existing state on a token and preparing it for + * a new use. This routine is optional; if unimplemented, it + * merely won't be called. + */ + CK_RV (PR_CALLBACK *Setup)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * This routine is called by the Framework whenever it notices + * that the token object is invalid. (Typically this is when a + * routine indicates an error such as CKR_DEVICE_REMOVED). This + * call is the last thing called before the NSSArena in the + * corresponding NSSCKFWToken is destroyed. This routine is + * optional; if unimplemented, it merely won't be called. + */ + void (PR_CALLBACK *Invalidate)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * This routine initialises the token in the specified slot. + * This routine is optional; if unimplemented, the Framework + * will fail this operation with an error of CKR_DEVICE_ERROR. + */ + + CK_RV (PR_CALLBACK *InitToken)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSItem *pin, + NSSUTF8 *label + ); + + /* + * This routine returns a pointer to a UTF8-encoded string + * containing this token's label. Only the characters + * completely encoded in the first thirty-two bytes are + * significant. This routine is optional. The string + * returned is never freed; if dynamically generated, + * the space for it should be allocated from the NSSArena + * that may be obtained from the NSSCKFWInstance. This + * routine may return NULL upon error; however if *pError + * is CKR_OK, the NULL will be considered the valid response. + */ + NSSUTF8 *(PR_CALLBACK *GetLabel)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError + ); + + /* + * This routine returns a pointer to a UTF8-encoded string + * containing this token's manufacturer ID. Only the characters + * completely encoded in the first thirty-two bytes are + * significant. This routine is optional. The string + * returned is never freed; if dynamically generated, + * the space for it should be allocated from the NSSArena + * that may be obtained from the NSSCKFWInstance. This + * routine may return NULL upon error; however if *pError + * is CKR_OK, the NULL will be considered the valid response. + */ + NSSUTF8 *(PR_CALLBACK *GetManufacturerID)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError + ); + + /* + * This routine returns a pointer to a UTF8-encoded string + * containing this token's model name. Only the characters + * completely encoded in the first thirty-two bytes are + * significant. This routine is optional. The string + * returned is never freed; if dynamically generated, + * the space for it should be allocated from the NSSArena + * that may be obtained from the NSSCKFWInstance. This + * routine may return NULL upon error; however if *pError + * is CKR_OK, the NULL will be considered the valid response. + */ + NSSUTF8 *(PR_CALLBACK *GetModel)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError + ); + + /* + * This routine returns a pointer to a UTF8-encoded string + * containing this token's serial number. Only the characters + * completely encoded in the first thirty-two bytes are + * significant. This routine is optional. The string + * returned is never freed; if dynamically generated, + * the space for it should be allocated from the NSSArena + * that may be obtained from the NSSCKFWInstance. This + * routine may return NULL upon error; however if *pError + * is CKR_OK, the NULL will be considered the valid response. + */ + NSSUTF8 *(PR_CALLBACK *GetSerialNumber)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError + ); + + /* + * This routine returns CK_TRUE if the token has its own + * random number generator. This routine is optional; if + * unimplemented, CK_FALSE is assumed. + */ + CK_BBOOL (PR_CALLBACK *GetHasRNG)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * This routine returns CK_TRUE if this token is write-protected. + * This routine is optional; if unimplemented, CK_FALSE is + * assumed. + */ + CK_BBOOL (PR_CALLBACK *GetIsWriteProtected)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * This routine returns CK_TRUE if this token requires a login. + * This routine is optional; if unimplemented, CK_FALSE is + * assumed. + */ + CK_BBOOL (PR_CALLBACK *GetLoginRequired)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * This routine returns CK_TRUE if the normal user's PIN on this + * token has been initialised. This routine is optional; if + * unimplemented, CK_FALSE is assumed. + */ + CK_BBOOL (PR_CALLBACK *GetUserPinInitialized)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * This routine returns CK_TRUE if a successful save of a + * session's cryptographic operations state ~always~ contains + * all keys needed to restore the state of the session. This + * routine is optional; if unimplemented, CK_FALSE is assumed. + */ + CK_BBOOL (PR_CALLBACK *GetRestoreKeyNotNeeded)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * This routine returns CK_TRUE if the token has its own + * hardware clock. This routine is optional; if unimplemented, + * CK_FALSE is assumed. + */ + CK_BBOOL (PR_CALLBACK *GetHasClockOnToken)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * This routine returns CK_TRUE if the token has a protected + * authentication path. This routine is optional; if + * unimplemented, CK_FALSE is assumed. + */ + CK_BBOOL (PR_CALLBACK *GetHasProtectedAuthenticationPath)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * This routine returns CK_TRUE if the token supports dual + * cryptographic operations within a single session. This + * routine is optional; if unimplemented, CK_FALSE is assumed. + */ + CK_BBOOL (PR_CALLBACK *GetSupportsDualCryptoOperations)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * XXX fgmr-- should we have a call to return all the flags + * at once, for folks who already know about Cryptoki? + */ + + /* + * This routine returns the maximum number of sessions that + * may be opened on this token. This routine is optional; + * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION + * is assumed. XXX fgmr-- or CK_EFFECTIVELY_INFINITE? + */ + CK_ULONG (PR_CALLBACK *GetMaxSessionCount)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * This routine returns the maximum number of read/write + * sesisons that may be opened on this token. This routine + * is optional; if unimplemented, the special value + * CK_UNAVAILABLE_INFORMATION is assumed. XXX fgmr-- or + * CK_EFFECTIVELY_INFINITE? + */ + CK_ULONG (PR_CALLBACK *GetMaxRwSessionCount)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * This routine returns the maximum PIN code length that is + * supported on this token. This routine is optional; + * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION + * is assumed. + */ + CK_ULONG (PR_CALLBACK *GetMaxPinLen)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * This routine returns the minimum PIN code length that is + * supported on this token. This routine is optional; if + * unimplemented, the special value CK_UNAVAILABLE_INFORMATION + * is assumed. XXX fgmr-- or 0? + */ + CK_ULONG (PR_CALLBACK *GetMinPinLen)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * This routine returns the total amount of memory on the token + * in which public objects may be stored. This routine is + * optional; if unimplemented, the special value + * CK_UNAVAILABLE_INFORMATION is assumed. + */ + CK_ULONG (PR_CALLBACK *GetTotalPublicMemory)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * This routine returns the amount of unused memory on the + * token in which public objects may be stored. This routine + * is optional; if unimplemented, the special value + * CK_UNAVAILABLE_INFORMATION is assumed. + */ + CK_ULONG (PR_CALLBACK *GetFreePublicMemory)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * This routine returns the total amount of memory on the token + * in which private objects may be stored. This routine is + * optional; if unimplemented, the special value + * CK_UNAVAILABLE_INFORMATION is assumed. + */ + CK_ULONG (PR_CALLBACK *GetTotalPrivateMemory)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * This routine returns the amount of unused memory on the + * token in which private objects may be stored. This routine + * is optional; if unimplemented, the special value + * CK_UNAVAILABLE_INFORMATION is assumed. + */ + CK_ULONG (PR_CALLBACK *GetFreePrivateMemory)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * This routine returns the version number of this token's + * hardware. This routine is optional; if unimplemented, + * the value 0.1 is assumed. + */ + CK_VERSION (PR_CALLBACK *GetHardwareVersion)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * This routine returns the version number of this token's + * firmware. This routine is optional; if unimplemented, + * the value 0.1 is assumed. + */ + CK_VERSION (PR_CALLBACK *GetFirmwareVersion)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * This routine stuffs the current UTC time, as obtained from + * the token, into the sixteen-byte buffer in the form + * YYYYMMDDhhmmss00. This routine need only be implemented + * by token which indicate that they have a real-time clock. + * XXX fgmr-- think about time formats. + */ + CK_RV (PR_CALLBACK *GetUTCTime)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_CHAR utcTime[16] + ); + + /* + * This routine creates a session on the token, and returns + * the corresponding NSSCKMDSession object. The value of + * rw will be CK_TRUE if the session is to be a read/write + * session, or CK_FALSE otherwise. An NSSArena dedicated to + * the new session is available from the specified NSSCKFWSession. + * This routine may return NULL upon error. + */ + NSSCKMDSession *(PR_CALLBACK *OpenSession)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKFWSession *fwSession, + CK_BBOOL rw, + CK_RV *pError + ); + + /* + * This routine returns the number of PKCS#11 Mechanisms + * supported by this token. This routine is optional; if + * unimplemented, zero is assumed. + */ + CK_ULONG (PR_CALLBACK *GetMechanismCount)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * This routine stuffs into the specified array the types + * of the mechanisms supported by this token. The Framework + * determines the size of the array by calling GetMechanismCount. + */ + CK_RV (PR_CALLBACK *GetMechanismTypes)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_MECHANISM_TYPE types[] + ); + + /* + * This routine returns a pointer to a Module mechanism + * object corresponding to a specified type. This routine + * need only exist for tokens implementing at least one + * mechanism. + */ + NSSCKMDMechanism *(PR_CALLBACK *GetMechanism)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_MECHANISM_TYPE which, + CK_RV *pError + ); + + /* + * This object may be extended in future versions of the + * NSS Cryptoki Framework. To allow for some flexibility + * in the area of binary compatibility, this field should + * be NULL. + */ + void *null; +}; + +/* + * NSSCKMDSession + * + * This is the basic handle for a session on a PKCS#11 Token. It + * is created by NSSCKMDToken->OpenSession, and may be obtained + * from the Framework's corresponding NSSCKFWSession object. It + * contains a pointer for use by the Module, to store any session- + * realted data, and it contains the EPV for a set of routines + * which the Module may implement for use by the Framework. Some + * of these routines are optional. + */ + +struct NSSCKMDSessionStr { + /* + * The Module may use this pointer for its own purposes. + */ + void *etc; + + /* + * This routine is called by the Framework when a session is + * closed. This call is the last thing called before the + * NSSArena in the correspoinding NSSCKFWSession is destroyed. + * This routine is optional; if unimplemented, it merely won't + * be called. + */ + void (PR_CALLBACK *Close)( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * This routine is used to get any device-specific error. + * This routine is optional. + */ + CK_ULONG (PR_CALLBACK *GetDeviceError)( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * This routine is used to log in a user to the token. This + * routine is optional, since the Framework's NSSCKFWSession + * object keeps track of the login state. + */ + CK_RV (PR_CALLBACK *Login)( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_USER_TYPE userType, + NSSItem *pin, + CK_STATE oldState, + CK_STATE newState + ); + + /* + * This routine is used to log out a user from the token. This + * routine is optional, since the Framework's NSSCKFWSession + * object keeps track of the login state. + */ + CK_RV (PR_CALLBACK *Logout)( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_STATE oldState, + CK_STATE newState + ); + + /* + * This routine is used to initialize the normal user's PIN or + * password. This will only be called in the "read/write + * security officer functions" state. If this token has a + * protected authentication path, then the pin argument will + * be NULL. This routine is optional; if unimplemented, the + * Framework will return the error CKR_TOKEN_WRITE_PROTECTED. + */ + CK_RV (PR_CALLBACK *InitPIN)( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSItem *pin + ); + + /* + * This routine is used to modify a user's PIN or password. This + * routine will only be called in the "read/write security officer + * functions" or "read/write user functions" state. If this token + * has a protected authentication path, then the pin arguments + * will be NULL. This routine is optional; if unimplemented, the + * Framework will return the error CKR_TOKEN_WRITE_PROTECTED. + */ + CK_RV (PR_CALLBACK *SetPIN)( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSItem *oldPin, + NSSItem *newPin + ); + + /* + * This routine is used to find out how much space would be required + * to save the current operational state. This routine is optional; + * if unimplemented, the Framework will reject any attempts to save + * the operational state with the error CKR_STATE_UNSAVEABLE. This + * routine may return zero on error. + */ + CK_ULONG (PR_CALLBACK *GetOperationStateLen)( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError + ); + + /* + * This routine is used to store the current operational state. This + * routine is only required if GetOperationStateLen is implemented + * and can return a nonzero value. The buffer in the specified item + * will be pre-allocated, and the length will specify the amount of + * space available (which may be more than GetOperationStateLen + * asked for, but which will not be smaller). + */ + CK_RV (PR_CALLBACK *GetOperationState)( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSItem *buffer + ); + + /* + * This routine is used to restore an operational state previously + * obtained with GetOperationState. The Framework will take pains + * to be sure that the state is (or was at one point) valid; if the + * Module notices that the state is invalid, it should return an + * error, but it is not required to be paranoid about the issue. + * [XXX fgmr-- should (can?) the framework verify the keys match up?] + * This routine is required only if GetOperationState is implemented. + */ + CK_RV (PR_CALLBACK *SetOperationState)( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSItem *state, + NSSCKMDObject *mdEncryptionKey, + NSSCKFWObject *fwEncryptionKey, + NSSCKMDObject *mdAuthenticationKey, + NSSCKFWObject *fwAuthenticationKey + ); + + /* + * This routine is used to create an object. The specified template + * will only specify a session object if the Module has indicated + * that it wishes to handle its own session objects. This routine + * is optional; if unimplemented, the Framework will reject the + * operation with the error CKR_TOKEN_WRITE_PROTECTED. Space for + * token objects should come from the NSSArena available from the + * NSSCKFWToken object; space for session objects (if supported) + * should come from the NSSArena available from the NSSCKFWSession + * object. The appropriate NSSArena pointer will, as a convenience, + * be passed as the handyArenaPointer argument. This routine may + * return NULL upon error. + */ + NSSCKMDObject *(PR_CALLBACK *CreateObject)( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSArena *handyArenaPointer, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError + ); + + /* + * This routine is used to make a copy of an object. It is entirely + * optional; if unimplemented, the Framework will try to use + * CreateObject instead. If the Module has indicated that it does + * not wish to handle session objects, then this routine will only + * be called to copy a token object to another token object. + * Otherwise, either the original object or the new may be of + * either the token or session variety. As with CreateObject, the + * handyArenaPointer will point to the appropriate arena for the + * new object. This routine may return NULL upon error. + */ + NSSCKMDObject *(PR_CALLBACK *CopyObject)( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdOldObject, + NSSCKFWObject *fwOldObject, + NSSArena *handyArenaPointer, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError + ); + + /* + * This routine is used to begin an object search. This routine may + * be unimplemented only if the Module does not handle session + * objects, and if none of its tokens have token objects. The + * NSSCKFWFindObjects pointer has an NSSArena that may be used for + * storage for the life of this "find" operation. This routine may + * return NULL upon error. If the Module can determine immediately + * that the search will not find any matching objects, it may return + * NULL, and specify CKR_OK as the error. + */ + NSSCKMDFindObjects *(PR_CALLBACK *FindObjectsInit)( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError + ); + + /* + * This routine seeds the random-number generator. It is + * optional, even if GetRandom is implemented. If unimplemented, + * the Framework will issue the error CKR_RANDOM_SEED_NOT_SUPPORTED. + */ + CK_RV (PR_CALLBACK *SeedRandom)( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSItem *seed + ); + + /* + * This routine gets random data. It is optional. If unimplemented, + * the Framework will issue the error CKR_RANDOM_NO_RNG. + */ + CK_RV (PR_CALLBACK *GetRandom)( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSItem *buffer + ); + + /* + * This object may be extended in future versions of the + * NSS Cryptoki Framework. To allow for some flexibility + * in the area of binary compatibility, this field should + * be NULL. + */ + void *null; +}; + +/* + * NSSCKMDFindObjects + * + * This is the basic handle for an object search. It is + * created by NSSCKMDSession->FindObjectsInit, and may be + * obtained from the Framework's corresponding object. + * It contains a pointer for use by the Module, to store + * any search-related data, and it contains the EPV for a + * set of routines which the Module may implement for use + * by the Framework. Some of these routines are optional. + */ + +struct NSSCKMDFindObjectsStr { + /* + * The Module may use this pointer for its own purposes. + */ + void *etc; + + /* + * This routine is called by the Framework to finish a + * search operation. Note that the Framework may finish + * a search before it has completed. This routine is + * optional; if unimplemented, it merely won't be called. + */ + void (PR_CALLBACK *Final)( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * This routine is used to obtain another pointer to an + * object matching the search criteria. This routine is + * required. If no (more) objects match the search, it + * should return NULL and set the error to CKR_OK. + */ + NSSCKMDObject *(PR_CALLBACK *Next)( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError + ); + + /* + * This object may be extended in future versions of the + * NSS Cryptoki Framework. To allow for some flexibility + * in the area of binary compatibility, this field should + * be NULL. + */ + void *null; +}; + +/* + * NSSCKMDCryptoOperaion + * + * This is the basic handle for an encryption, decryption, + * sign, verify, or hash opertion. + * created by NSSCKMDMechanism->XXXXInit, and may be + * obtained from the Framework's corresponding object. + * It contains a pointer for use by the Module, to store + * any intermediate data, and it contains the EPV for a + * set of routines which the Module may implement for use + * by the Framework. Some of these routines are optional. + */ + +struct NSSCKMDCryptoOperationStr { + /* + * The Module may use this pointer for its own purposes. + */ + void *etc; + + /* + * This routine is called by the Framework clean up the mdCryptoOperation + * structure. + * This routine is optional; if unimplemented, it will be ignored. + */ + void (PR_CALLBACK *Destroy)( + NSSCKMDCryptoOperation *mdCryptoOperation, + NSSCKFWCryptoOperation *fwCryptoOperation, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + + /* + * how many bytes do we need to finish this buffer? + * must be implemented if Final is implemented. + */ + CK_ULONG (PR_CALLBACK *GetFinalLength)( + NSSCKMDCryptoOperation *mdCryptoOperation, + NSSCKFWCryptoOperation *fwCryptoOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError + ); + + /* + * how many bytes do we need to complete the next operation. + * used in both Update and UpdateFinal. + */ + CK_ULONG (PR_CALLBACK *GetOperationLength)( + NSSCKMDCryptoOperation *mdCryptoOperation, + NSSCKFWCryptoOperation *fwCryptoOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *inputBuffer, + CK_RV *pError + ); + + /* + * This routine is called by the Framework to finish a + * search operation. Note that the Framework may finish + * a search before it has completed. This routine is + * optional; if unimplemented, it merely won't be called. + * The respective final call with fail with CKR_FUNCTION_FAILED + * Final should not free the mdCryptoOperation. + */ + CK_RV(PR_CALLBACK *Final)( + NSSCKMDCryptoOperation *mdCryptoOperation, + NSSCKFWCryptoOperation *fwCryptoOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSItem *outputBuffer + ); + + + /* + * This routine is called by the Framework to complete the + * next step in an encryption/decryption operation. + * This routine is optional; if unimplemented, the respective + * update call with fail with CKR_FUNCTION_FAILED. + * Update should not be implemented for signing/verification/digest + * mechanisms. + */ + CK_RV(PR_CALLBACK *Update)( + NSSCKMDCryptoOperation *mdCryptoOperation, + NSSCKFWCryptoOperation *fwCryptoOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *inputBuffer, + NSSItem *outputBuffer + ); + + /* + * This routine is called by the Framework to complete the + * next step in a signing/verification/digest operation. + * This routine is optional; if unimplemented, the respective + * update call with fail with CKR_FUNCTION_FAILED + * Update should not be implemented for encryption/decryption + * mechanisms. + */ + CK_RV(PR_CALLBACK *DigestUpdate)( + NSSCKMDCryptoOperation *mdCryptoOperation, + NSSCKFWCryptoOperation *fwCryptoOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *inputBuffer + ); + + /* + * This routine is called by the Framework to complete a + * single step operation. This routine is optional; if unimplemented, + * the framework will use the Update and Final functions to complete + * the operation. + */ + CK_RV(PR_CALLBACK *UpdateFinal)( + NSSCKMDCryptoOperation *mdCryptoOperation, + NSSCKFWCryptoOperation *fwCryptoOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *inputBuffer, + NSSItem *outputBuffer + ); + + /* + * This routine is called by the Framework to complete next + * step in a combined operation. The Decrypt/Encrypt mechanism + * should define and drive the combo step. + * This routine is optional; if unimplemented, + * the framework will use the appropriate Update functions to complete + * the operation. + */ + CK_RV(PR_CALLBACK *UpdateCombo)( + NSSCKMDCryptoOperation *mdCryptoOperation, + NSSCKFWCryptoOperation *fwCryptoOperation, + NSSCKMDCryptoOperation *mdPeerCryptoOperation, + NSSCKFWCryptoOperation *fwPeerCryptoOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *inputBuffer, + NSSItem *outputBuffer + ); + + /* + * Hash a key directly into the digest + */ + CK_RV(PR_CALLBACK *DigestKey)( + NSSCKMDCryptoOperation *mdCryptoOperation, + NSSCKFWCryptoOperation *fwCryptoOperation, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey + ); + + /* + * This object may be extended in future versions of the + * NSS Cryptoki Framework. To allow for some flexibility + * in the area of binary compatibility, this field should + * be NULL. + */ + void *null; +}; + +/* + * NSSCKMDMechanism + * + */ + +struct NSSCKMDMechanismStr { + /* + * The Module may use this pointer for its own purposes. + */ + void *etc; + + /* + * This also frees the fwMechanism if appropriate. + * If it is not supplied, the Framework will assume that the Token + * Manages a static list of mechanisms and the function will not be called. + */ + void (PR_CALLBACK *Destroy)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + + /* + * This routine returns the minimum key size allowed for + * this mechanism. This routine is optional; if unimplemented, + * zero will be assumed. This routine may return zero on + * error; if the error is CKR_OK, zero will be accepted as + * a valid response. + */ + CK_ULONG (PR_CALLBACK *GetMinKeySize)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError + ); + + /* + * This routine returns the maximum key size allowed for + * this mechanism. This routine is optional; if unimplemented, + * zero will be assumed. This routine may return zero on + * error; if the error is CKR_OK, zero will be accepted as + * a valid response. + */ + CK_ULONG (PR_CALLBACK *GetMaxKeySize)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError + ); + + /* + * This routine is called to determine if the mechanism is + * implemented in hardware or software. It returns CK_TRUE + * if it is done in hardware. + */ + CK_BBOOL (PR_CALLBACK *GetInHardware)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError + ); + + /* + * The crypto routines themselves. Most crypto operations may + * be performed in two ways, streaming and single-part. The + * streaming operations involve the use of (typically) three + * calls-- an Init method to set up the operation, an Update + * method to feed data to the operation, and a Final method to + * obtain the final result. Single-part operations involve + * one method, to perform the crypto operation all at once. + * + * The NSS Cryptoki Framework can implement the single-part + * operations in terms of the streaming operations on behalf + * of the Module. There are a few variances. + * + * Only the Init Functions are defined by the mechanism. Each + * init function will return a NSSCKFWCryptoOperation which + * can supply update, final, the single part updateFinal, and + * the combo updateCombo functions. + * + * For simplicity, the routines are listed in summary here: + * + * EncryptInit, + * DecryptInit, + * DigestInit, + * SignInit, + * SignRecoverInit; + * VerifyInit, + * VerifyRecoverInit; + * + * The key-management routines are + * + * GenerateKey + * GenerateKeyPair + * WrapKey + * UnwrapKey + * DeriveKey + * + * All of these routines based on the Cryptoki API; + * see PKCS#11 for further information. + */ + + /* + */ + NSSCKMDCryptoOperation * (PR_CALLBACK *EncryptInit)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey, + CK_RV *pError + ); + + /* + */ + NSSCKMDCryptoOperation * (PR_CALLBACK *DecryptInit)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey, + CK_RV *pError + ); + + /* + */ + NSSCKMDCryptoOperation * (PR_CALLBACK *DigestInit)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError + ); + + + /* + */ + NSSCKMDCryptoOperation * (PR_CALLBACK *SignInit)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey, + CK_RV *pError + ); + + /* + */ + NSSCKMDCryptoOperation * (PR_CALLBACK *VerifyInit)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey, + CK_RV *pError + ); + + /* + */ + NSSCKMDCryptoOperation * (PR_CALLBACK *SignRecoverInit)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey, + CK_RV *pError + ); + + /* + */ + NSSCKMDCryptoOperation * (PR_CALLBACK *VerifyRecoverInit)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey, + CK_RV *pError + ); + + /* + * Key management operations. + */ + + /* + * This routine generates a key. This routine may return NULL + * upon error. + */ + NSSCKMDObject *(PR_CALLBACK *GenerateKey)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError + ); + + /* + * This routine generates a key pair. + */ + CK_RV (PR_CALLBACK *GenerateKeyPair)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_PTR pPublicKeyTemplate, + CK_ULONG ulPublicKeyAttributeCount, + CK_ATTRIBUTE_PTR pPrivateKeyTemplate, + CK_ULONG ulPrivateKeyAttributeCount, + NSSCKMDObject **pPublicKey, + NSSCKMDObject **pPrivateKey + ); + + /* + * This routine wraps a key. + */ + CK_ULONG (PR_CALLBACK *GetWrapKeyLength)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdWrappingKey, + NSSCKFWObject *fwWrappingKey, + NSSCKMDObject *mdWrappedKey, + NSSCKFWObject *fwWrappedKey, + CK_RV *pError + ); + + /* + * This routine wraps a key. + */ + CK_RV (PR_CALLBACK *WrapKey)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdWrappingKey, + NSSCKFWObject *fwWrappingKey, + NSSCKMDObject *mdKeyObject, + NSSCKFWObject *fwKeyObject, + NSSItem *wrappedKey + ); + + /* + * This routine unwraps a key. This routine may return NULL + * upon error. + */ + NSSCKMDObject *(PR_CALLBACK *UnwrapKey)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdWrappingKey, + NSSCKFWObject *fwWrappingKey, + NSSItem *wrappedKey, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError + ); + + /* + * This routine derives a key. This routine may return NULL + * upon error. + */ + NSSCKMDObject *(PR_CALLBACK *DeriveKey)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdBaseKey, + NSSCKFWObject *fwBaseKey, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError + ); + + /* + * This object may be extended in future versions of the + * NSS Cryptoki Framework. To allow for some flexibility + * in the area of binary compatibility, this field should + * be NULL. + */ + void *null; +}; + +/* + * NSSCKMDObject + * + * This is the basic handle for any object used by a PKCS#11 Module. + * Modules must implement it if they support their own objects, and + * the Framework supports it for Modules that do not handle session + * objects. This type contains a pointer for use by the implementor, + * to store any object-specific data, and it contains an EPV for a + * set of routines used to access the object. + */ + +struct NSSCKMDObjectStr { + /* + * The implementation my use this pointer for its own purposes. + */ + void *etc; + + /* + * This routine is called by the Framework when it is letting + * go of an object handle. It can be used by the Module to + * free any resources tied up by an object "in use." It is + * optional. + */ + void (PR_CALLBACK *Finalize)( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * This routine is used to completely destroy an object. + * It is optional. The parameter fwObject might be NULL + * if the framework runs out of memory at the wrong moment. + */ + CK_RV (PR_CALLBACK *Destroy)( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * This helper routine is used by the Framework, and is especially + * useful when it is managing session objects on behalf of the + * Module. This routine is optional; if unimplemented, the + * Framework will actually look up the CKA_TOKEN attribute. In the + * event of an error, just make something up-- the Framework will + * find out soon enough anyway. + */ + CK_BBOOL (PR_CALLBACK *IsTokenObject)( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance + ); + + /* + * This routine returns the number of attributes of which this + * object consists. It is mandatory. It can return zero on + * error. + */ + CK_ULONG (PR_CALLBACK *GetAttributeCount)( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError + ); + + /* + * This routine stuffs the attribute types into the provided array. + * The array size (as obtained from GetAttributeCount) is passed in + * as a check; return CKR_BUFFER_TOO_SMALL if the count is wrong + * (either too big or too small). + */ + CK_RV (PR_CALLBACK *GetAttributeTypes)( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount + ); + + /* + * This routine returns the size (in bytes) of the specified + * attribute. It can return zero on error. + */ + CK_ULONG (PR_CALLBACK *GetAttributeSize)( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError + ); + + /* + * This routine returns an NSSCKFWItem structure. + * The item pointer points to an NSSItem containing the attribute value. + * The needsFreeing bit tells the framework whether to call the + * FreeAttribute function . Upon error, an NSSCKFWItem structure + * with a NULL NSSItem item pointer will be returned + */ + NSSCKFWItem (PR_CALLBACK *GetAttribute)( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError + ); + + /* + * This routine returns CKR_OK if the attribute could be freed. + */ + CK_RV (PR_CALLBACK *FreeAttribute)( + NSSCKFWItem * item + ); + + /* + * This routine changes the specified attribute. If unimplemented, + * the object will be considered read-only. + */ + CK_RV (PR_CALLBACK *SetAttribute)( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + NSSItem *value + ); + + /* + * This routine returns the storage requirements of this object, + * in bytes. Cryptoki doesn't strictly define the definition, + * but it should relate to the values returned by the "Get Memory" + * routines of the NSSCKMDToken. This routine is optional; if + * unimplemented, the Framework will consider this information + * sensitive. This routine may return zero on error. If the + * specified error is CKR_OK, zero will be accepted as a valid + * response. + */ + CK_ULONG (PR_CALLBACK *GetObjectSize)( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError + ); + + /* + * This object may be extended in future versions of the + * NSS Cryptoki Framework. To allow for some flexibility + * in the area of binary compatibility, this field should + * be NULL. + */ + void *null; +}; + + +#endif /* NSSCKMDT_H */ diff --git a/security/nss/lib/ckfw/nssckt.h b/security/nss/lib/ckfw/nssckt.h new file mode 100644 index 000000000..9e67f7fdf --- /dev/null +++ b/security/nss/lib/ckfw/nssckt.h @@ -0,0 +1,45 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ +#ifndef _NSSCKT_H_ +#define _NSSCKT_H_ 1 + +#include "pkcs11t.h" + +typedef CK_ATTRIBUTE_TYPE CK_PTR CK_ATTRIBUTE_TYPE_PTR; +#define CK_ENTRY + +#endif /* _NSSCKT_H_ */ + diff --git a/security/nss/lib/ckfw/nssmkey/Makefile b/security/nss/lib/ckfw/nssmkey/Makefile new file mode 100644 index 000000000..2f489aa9c --- /dev/null +++ b/security/nss/lib/ckfw/nssmkey/Makefile @@ -0,0 +1,105 @@ +# +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is +# Netscape Communications Corporation. +# Portions created by the Initial Developer are Copyright (C) 1994-2000 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** +MAKEFILE_CVS_ID = "@(#) $RCSfile$ $Revision$ $Date$" + +include manifest.mn +include $(CORE_DEPTH)/coreconf/config.mk +include config.mk + +EXTRA_LIBS = \ + $(DIST)/lib/$(LIB_PREFIX)nssckfw.$(LIB_SUFFIX) \ + $(DIST)/lib/$(LIB_PREFIX)secutil.$(LIB_SUFFIX) \ + $(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \ + $(NULL) + +# can't do this in manifest.mn because OS_TARGET isn't defined there. +ifeq (,$(filter-out WIN%,$(OS_TARGET))) + +ifdef NS_USE_GCC +EXTRA_LIBS += \ + -L$(NSPR_LIB_DIR) \ + -lplc4 \ + -lplds4 \ + -lnspr4 \ + $(NULL) +else +EXTRA_SHARED_LIBS += \ + $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.lib \ + $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.lib \ + $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.lib \ + $(NULL) +endif # NS_USE_GCC +else + +EXTRA_LIBS += \ + -L$(NSPR_LIB_DIR) \ + -lplc4 \ + -lplds4 \ + -lnspr4 \ + -framework Security \ + -framework CoreServices \ + $(NULL) +endif + + +include $(CORE_DEPTH)/coreconf/rules.mk + +# Generate certdata.c. +generate: + perl certdata.perl < certdata.txt + +# This'll need some help from a build person. + + +ifeq ($(OS_TARGET)$(OS_RELEASE), AIX4.1) +DSO_LDOPTS = -bM:SRE -bh:4 -bnoentry +EXTRA_DSO_LDOPTS = -lc +MKSHLIB = xlC $(DSO_LDOPTS) + +$(SHARED_LIBRARY): $(OBJS) + @$(MAKE_OBJDIR) + rm -f $@ + $(MKSHLIB) -o $@ $(OBJS) $(EXTRA_LIBS) $(EXTRA_DSO_LDOPTS) + chmod +x $@ + +endif + +ifeq ($(OS_TARGET)$(OS_RELEASE), AIX4.2) +LD += -G +endif + + diff --git a/security/nss/lib/ckfw/nssmkey/README b/security/nss/lib/ckfw/nssmkey/README new file mode 100644 index 000000000..c060d9c3c --- /dev/null +++ b/security/nss/lib/ckfw/nssmkey/README @@ -0,0 +1,21 @@ +This Cryptoki module provides acces to certs and keys stored in +Macintosh key Ring. + +- It does not yet export PKCS #12 keys. To get this to work should be + implemented using exporting the key object in PKCS #8 wrapped format. + PSM work needs to happen before this can be completed. +- It does not import or export CA Root trust from the mac keychain. +- It does not handle S/MIME objects (pkcs #7 in mac keychain terms?). +- The AuthRoots don't show up on the default list. +- Only RSA keys are supported currently. + +There are a number of things that have not been tested that other PKCS #11 +apps may need: +- reading Modulus and Public Exponents from private keys and public keys. +- storing public keys. +- setting attributes other than CKA_ID and CKA_LABEL. + +Other TODOs: +- Check for and plug memory leaks. +- Need to map mac errors into something more intellegible than + CKR_GENERAL_ERROR. diff --git a/security/nss/lib/ckfw/nssmkey/ckmk.h b/security/nss/lib/ckfw/nssmkey/ckmk.h new file mode 100644 index 000000000..1eeba5986 --- /dev/null +++ b/security/nss/lib/ckfw/nssmkey/ckmk.h @@ -0,0 +1,236 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * Portions created by Red Hat, Inc, are Copyright (C) 2005 + * + * Contributor(s): + * Bob Relyea (rrelyea@redhat.com) + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifndef CKMK_H +#define CKMK_H 1 + +#ifdef DEBUG +static const char CKMK_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +#include <Security/SecKeychainSearch.h> +#include <Security/SecKeychainItem.h> +#include <Security/SecKeychain.h> +#include <Security/cssmtype.h> +#include <Security/cssmapi.h> +#include <Security/SecKey.h> +#include <Security/SecCertificate.h> + +#define NTO + +#include "nssckmdt.h" +#include "nssckfw.h" +/* + * I'm including this for access to the arena functions. + * Looks like we should publish that API. + */ +#ifndef BASE_H +#include "base.h" +#endif /* BASE_H */ +/* + * This is where the Netscape extensions live, at least for now. + */ +#ifndef CKT_H +#include "ckt.h" +#endif /* CKT_H */ + +/* + * statically defined raw objects. Allows us to data description objects + * to this PKCS #11 module. + */ +struct ckmkRawObjectStr { + CK_ULONG n; + const CK_ATTRIBUTE_TYPE *types; + const NSSItem *items; +}; +typedef struct ckmkRawObjectStr ckmkRawObject; + +/* + * Key/Cert Items + */ +struct ckmkItemObjectStr { + SecKeychainItemRef itemRef; + SecItemClass itemClass; + PRBool hasID; + NSSItem modify; + NSSItem private; + NSSItem encrypt; + NSSItem decrypt; + NSSItem derive; + NSSItem sign; + NSSItem signRecover; + NSSItem verify; + NSSItem verifyRecover; + NSSItem wrap; + NSSItem unwrap; + NSSItem label; + NSSItem subject; + NSSItem issuer; + NSSItem serial; + NSSItem derCert; + NSSItem id; + NSSItem modulus; + NSSItem exponent; + NSSItem privateExponent; + NSSItem prime1; + NSSItem prime2; + NSSItem exponent1; + NSSItem exponent2; + NSSItem coefficient; +}; +typedef struct ckmkItemObjectStr ckmkItemObject; + +typedef enum { + ckmkRaw, + ckmkItem, +} ckmkObjectType; + +/* + * all the various types of objects are abstracted away in cobject and + * cfind as ckmkInternalObjects. + */ +struct ckmkInternalObjectStr { + ckmkObjectType type; + union { + ckmkRawObject raw; + ckmkItemObject item; + } u; + CK_OBJECT_CLASS objClass; + NSSItem hashKey; + unsigned char hashKeyData[128]; + NSSCKMDObject mdObject; +}; +typedef struct ckmkInternalObjectStr ckmkInternalObject; + +/* our raw object data array */ +NSS_EXTERN_DATA ckmkInternalObject nss_ckmk_data[]; +NSS_EXTERN_DATA const PRUint32 nss_ckmk_nObjects; + +NSS_EXTERN_DATA const CK_VERSION nss_ckmk_CryptokiVersion; +NSS_EXTERN_DATA const NSSUTF8 * nss_ckmk_ManufacturerID; +NSS_EXTERN_DATA const NSSUTF8 * nss_ckmk_LibraryDescription; +NSS_EXTERN_DATA const CK_VERSION nss_ckmk_LibraryVersion; +NSS_EXTERN_DATA const NSSUTF8 * nss_ckmk_SlotDescription; +NSS_EXTERN_DATA const CK_VERSION nss_ckmk_HardwareVersion; +NSS_EXTERN_DATA const CK_VERSION nss_ckmk_FirmwareVersion; +NSS_EXTERN_DATA const NSSUTF8 * nss_ckmk_TokenLabel; +NSS_EXTERN_DATA const NSSUTF8 * nss_ckmk_TokenModel; +NSS_EXTERN_DATA const NSSUTF8 * nss_ckmk_TokenSerialNumber; + +NSS_EXTERN_DATA const NSSCKMDInstance nss_ckmk_mdInstance; +NSS_EXTERN_DATA const NSSCKMDSlot nss_ckmk_mdSlot; +NSS_EXTERN_DATA const NSSCKMDToken nss_ckmk_mdToken; +NSS_EXTERN_DATA const NSSCKMDMechanism nss_ckmk_mdMechanismRSA; + +NSS_EXTERN NSSCKMDSession * +nss_ckmk_CreateSession +( + NSSCKFWSession *fwSession, + CK_RV *pError +); + +NSS_EXTERN NSSCKMDFindObjects * +nss_ckmk_FindObjectsInit +( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError +); + +/* + * Object Utilities + */ +NSS_EXTERN NSSCKMDObject * +nss_ckmk_CreateMDObject +( + NSSArena *arena, + ckmkInternalObject *io, + CK_RV *pError +); + +NSS_EXTERN NSSCKMDObject * +nss_ckmk_CreateObject +( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError +); + +NSS_EXTERN const NSSItem * +nss_ckmk_FetchAttribute +( + ckmkInternalObject *io, + CK_ATTRIBUTE_TYPE type, + CK_RV *pError +); + +NSS_EXTERN void +nss_ckmk_DestroyInternalObject +( + ckmkInternalObject *io +); + +unsigned char * +nss_ckmk_DERUnwrap +( + unsigned char *src, + int size, + int *outSize, + unsigned char **next +); + +CK_ULONG +nss_ckmk_GetULongAttribute +( + CK_ATTRIBUTE_TYPE type, + CK_ATTRIBUTE *template, + CK_ULONG templateSize, + CK_RV *pError +); + +#define NSS_CKMK_ARRAY_SIZE(x) ((sizeof (x))/(sizeof ((x)[0]))) + +#ifdef DEBUG +#define CKMK_MACERR(str,err) cssmPerror(str,err) +#else +#define CKMK_MACERR(str,err) +#endif + +#endif diff --git a/security/nss/lib/ckfw/nssmkey/ckmkver.c b/security/nss/lib/ckfw/nssmkey/ckmkver.c new file mode 100644 index 000000000..9cbb2d2e0 --- /dev/null +++ b/security/nss/lib/ckfw/nssmkey/ckmkver.c @@ -0,0 +1,59 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * Portions created by Red Hat, Inc, are Copyright (C) 2005 + * + * Contributor(s): + * Bob Relyea (rrelyea@redhat.com) + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ +/* Library identity and versioning */ + +#include "nssmkey.h" + +#if defined(DEBUG) +#define _DEBUG_STRING " (debug)" +#else +#define _DEBUG_STRING "" +#endif + +/* + * Version information for the 'ident' and 'what commands + * + * NOTE: the first component of the concatenated rcsid string + * must not end in a '$' to prevent rcs keyword substitution. + */ +const char __nss_ckmk_rcsid[] = "$Header: NSS Access to the MAC OS X Key Ring " + NSS_CKMK_LIBRARY_VERSION _DEBUG_STRING + " " __DATE__ " " __TIME__ " $"; +const char __nss_ckmk_sccsid[] = "@(#)NSS Access to the MAC OS X Key Ring " + NSS_CKMK_LIBRARY_VERSION _DEBUG_STRING + " " __DATE__ " " __TIME__; diff --git a/security/nss/lib/ckfw/nssmkey/config.mk b/security/nss/lib/ckfw/nssmkey/config.mk new file mode 100644 index 000000000..e329b6b55 --- /dev/null +++ b/security/nss/lib/ckfw/nssmkey/config.mk @@ -0,0 +1,57 @@ +# +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is +# Netscape Communications Corporation. +# Portions created by the Initial Developer are Copyright (C) 1994-2000 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** +CONFIG_CVS_ID = "@(#) $RCSfile$ $Revision$ $Date$" + +ifdef BUILD_IDG +DEFINES += -DNSSDEBUG +endif + +ifdef NS_USE_CKFW_TRACE +DEFINES += -DTRACE +endif + +# +# Override TARGETS variable so that only static libraries +# are specifed as dependencies within rules.mk. +# + +TARGETS = $(LIBRARY) +SHARED_LIBRARY = +IMPORT_LIBRARY = +PROGRAM = + + diff --git a/security/nss/lib/ckfw/nssmkey/manchor.c b/security/nss/lib/ckfw/nssmkey/manchor.c new file mode 100644 index 000000000..7d50186cd --- /dev/null +++ b/security/nss/lib/ckfw/nssmkey/manchor.c @@ -0,0 +1,55 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * Portions created by Red Hat, Inc, are Copyright (C) 2005 + * + * Contributor(s): + * Bob Relyea (rrelyea@redhat.com) + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +/* + * nssmkey/manchor.c + * + * This file "anchors" the actual cryptoki entry points in this module's + * shared library, which is required for dynamic loading. See the + * comments in nssck.api for more information. + */ + +#include "ckmk.h" + +#define MODULE_NAME ckmk +#define INSTANCE_NAME (NSSCKMDInstance *)&nss_ckmk_mdInstance +#include "nssck.api" diff --git a/security/nss/lib/ckfw/nssmkey/manifest.mn b/security/nss/lib/ckfw/nssmkey/manifest.mn new file mode 100644 index 000000000..4d0c72369 --- /dev/null +++ b/security/nss/lib/ckfw/nssmkey/manifest.mn @@ -0,0 +1,66 @@ +# +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is +# Netscape Communications Corporation. +# Portions created by the Initial Developer are Copyright (C) 1994-2000 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** +MANIFEST_CVS_ID = "@(#) $RCSfile$ $Revision$ $Date$" + +CORE_DEPTH = ../../../.. + +MODULE = nss +MAPFILE = $(OBJDIR)/nssmkey.def + +EXPORTS = \ + nssmkey.h \ + $(NULL) + +CSRCS = \ + manchor.c \ + mconstants.c \ + mfind.c \ + minst.c \ + mobject.c \ + mrsa.c \ + msession.c \ + mslot.c \ + mtoken.c \ + ckmkver.c \ + staticobj.c \ + $(NULL) + +REQUIRES = nspr + +LIBRARY_NAME = nssmkey + +#EXTRA_SHARED_LIBS = -L$(DIST)/lib -lnssckfw -lnssb -lplc4 -lplds4 diff --git a/security/nss/lib/ckfw/nssmkey/mconstants.c b/security/nss/lib/ckfw/nssmkey/mconstants.c new file mode 100644 index 000000000..ff2aba6a6 --- /dev/null +++ b/security/nss/lib/ckfw/nssmkey/mconstants.c @@ -0,0 +1,96 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * Portions created by Red Hat, Inc, are Copyright (C) 2005 + * + * Contributor(s): + * Bob Relyea (rrelyea@redhat.com) + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +/* + * nssmkey/constants.c + * + * Identification and other constants, all collected here in one place. + */ + +#ifndef NSSBASET_H +#include "nssbaset.h" +#endif /* NSSBASET_H */ + +#ifndef NSSCKT_H +#include "nssckt.h" +#endif /* NSSCKT_H */ + +#include "nssmkey.h" + +NSS_IMPLEMENT_DATA const CK_VERSION +nss_ckmk_CryptokiVersion = { + NSS_CKMK_CRYPTOKI_VERSION_MAJOR, + NSS_CKMK_CRYPTOKI_VERSION_MINOR }; + +NSS_IMPLEMENT_DATA const NSSUTF8 * +nss_ckmk_ManufacturerID = (NSSUTF8 *) "Mozilla Foundation"; + +NSS_IMPLEMENT_DATA const NSSUTF8 * +nss_ckmk_LibraryDescription = (NSSUTF8 *) "NSS Access to Mac OS X Key Ring"; + +NSS_IMPLEMENT_DATA const CK_VERSION +nss_ckmk_LibraryVersion = { + NSS_CKMK_LIBRARY_VERSION_MAJOR, + NSS_CKMK_LIBRARY_VERSION_MINOR}; + +NSS_IMPLEMENT_DATA const NSSUTF8 * +nss_ckmk_SlotDescription = (NSSUTF8 *) "Mac OS X Key Ring"; + +NSS_IMPLEMENT_DATA const CK_VERSION +nss_ckmk_HardwareVersion = { + NSS_CKMK_HARDWARE_VERSION_MAJOR, + NSS_CKMK_HARDWARE_VERSION_MINOR }; + +NSS_IMPLEMENT_DATA const CK_VERSION +nss_ckmk_FirmwareVersion = { + NSS_CKMK_FIRMWARE_VERSION_MAJOR, + NSS_CKMK_FIRMWARE_VERSION_MINOR }; + +NSS_IMPLEMENT_DATA const NSSUTF8 * +nss_ckmk_TokenLabel = (NSSUTF8 *) "Mac OS X Key Ring"; + +NSS_IMPLEMENT_DATA const NSSUTF8 * +nss_ckmk_TokenModel = (NSSUTF8 *) "1"; + +NSS_IMPLEMENT_DATA const NSSUTF8 * +nss_ckmk_TokenSerialNumber = (NSSUTF8 *) "1"; + diff --git a/security/nss/lib/ckfw/nssmkey/mfind.c b/security/nss/lib/ckfw/nssmkey/mfind.c new file mode 100644 index 000000000..4eb9efc10 --- /dev/null +++ b/security/nss/lib/ckfw/nssmkey/mfind.c @@ -0,0 +1,404 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * Portions created by Red Hat, Inc, are Copyright (C) 2005 + * + * Contributor(s): + * Bob Relyea (rrelyea@redhat.com) + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +#ifndef CKMK_H +#include "ckmk.h" +#endif /* CKMK_H */ + +/* + * nssmkey/mfind.c + * + * This file implements the NSSCKMDFindObjects object for the + * "nssmkey" cryptoki module. + */ + +struct ckmkFOStr { + NSSArena *arena; + CK_ULONG n; + CK_ULONG i; + ckmkInternalObject **objs; +}; + +static void +ckmk_mdFindObjects_Final +( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + struct ckmkFOStr *fo = (struct ckmkFOStr *)mdFindObjects->etc; + NSSArena *arena = fo->arena; + PRUint32 i; + + /* walk down an free the unused 'objs' */ + for (i=fo->i; i < fo->n ; i++) { + nss_ckmk_DestroyInternalObject(fo->objs[i]); + } + + nss_ZFreeIf(fo->objs); + nss_ZFreeIf(fo); + nss_ZFreeIf(mdFindObjects); + if ((NSSArena *)NULL != arena) { + NSSArena_Destroy(arena); + } + + return; +} + +static NSSCKMDObject * +ckmk_mdFindObjects_Next +( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError +) +{ + struct ckmkFOStr *fo = (struct ckmkFOStr *)mdFindObjects->etc; + ckmkInternalObject *io; + + if( fo->i == fo->n ) { + *pError = CKR_OK; + return (NSSCKMDObject *)NULL; + } + + io = fo->objs[ fo->i ]; + fo->i++; + + return nss_ckmk_CreateMDObject(arena, io, pError); +} + +static CK_BBOOL +ckmk_attrmatch +( + CK_ATTRIBUTE_PTR a, + ckmkInternalObject *o +) +{ + PRBool prb; + const NSSItem *b; + CK_RV error; + + b = nss_ckmk_FetchAttribute(o, a->type, &error); + if (b == NULL) { + return CK_FALSE; + } + + if( a->ulValueLen != b->size ) { + /* match a decoded serial number */ + if ((a->type == CKA_SERIAL_NUMBER) && (a->ulValueLen < b->size)) { + int len; + unsigned char *data; + + data = nss_ckmk_DERUnwrap(b->data, b->size, &len, NULL); + if ((len == a->ulValueLen) && + nsslibc_memequal(a->pValue, data, len, (PRStatus *)NULL)) { + return CK_TRUE; + } + } + return CK_FALSE; + } + + prb = nsslibc_memequal(a->pValue, b->data, b->size, (PRStatus *)NULL); + + if( PR_TRUE == prb ) { + return CK_TRUE; + } else { + return CK_FALSE; + } +} + + +static CK_BBOOL +ckmk_match +( + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + ckmkInternalObject *o +) +{ + CK_ULONG i; + + for( i = 0; i < ulAttributeCount; i++ ) { + if (CK_FALSE == ckmk_attrmatch(&pTemplate[i], o)) { + return CK_FALSE; + } + } + + /* Every attribute passed */ + return CK_TRUE; +} + +#define CKMK_ITEM_CHUNK 20 + +#define PUT_OBJECT(obj, err, size, count, list) \ + { \ + if (count >= size) { \ + (list) = (list) ? \ + nss_ZREALLOCARRAY(list, ckmkInternalObject *, \ + ((size)+CKMK_ITEM_CHUNK) ) : \ + nss_ZNEWARRAY(NULL, ckmkInternalObject *, \ + ((size)+CKMK_ITEM_CHUNK) ) ; \ + if ((ckmkInternalObject **)NULL == list) { \ + err = CKR_HOST_MEMORY; \ + goto loser; \ + } \ + (size) += CKMK_ITEM_CHUNK; \ + } \ + (list)[ count ] = (obj); \ + count++; \ + } + + +/* find all the certs that represent the appropriate object (cert, priv key, or + * pub key) in the cert store. + */ +static PRUint32 +collect_class( + CK_OBJECT_CLASS objClass, + SecItemClass itemClass, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + ckmkInternalObject ***listp, + PRUint32 *sizep, + PRUint32 count, + CK_RV *pError +) +{ + ckmkInternalObject *next = NULL; + SecKeychainSearchRef searchRef = 0; + SecKeychainItemRef itemRef = 0; + OSStatus error; + + /* future, build the attribute list based on the template + * so we can refine the search */ + error = SecKeychainSearchCreateFromAttributes( + NULL, itemClass, NULL, &searchRef); + + while (noErr == SecKeychainSearchCopyNext(searchRef, &itemRef)) { + /* if we don't have an internal object structure, get one */ + if ((ckmkInternalObject *)NULL == next) { + next = nss_ZNEW(NULL, ckmkInternalObject); + if ((ckmkInternalObject *)NULL == next) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + } + /* fill in the relevant object data */ + next->type = ckmkItem; + next->objClass = objClass; + next->u.item.itemRef = itemRef; + next->u.item.itemClass = itemClass; + + /* see if this is one of the objects we are looking for */ + if( CK_TRUE == ckmk_match(pTemplate, ulAttributeCount, next) ) { + /* yes, put it on the list */ + PUT_OBJECT(next, *pError, *sizep, count, *listp); + next = NULL; /* this one is on the list, need to allocate a new one now */ + } else { + /* no , release the current item and clear out the structure for reuse */ + CFRelease(itemRef); + /* don't cache the values we just loaded */ + nsslibc_memset(next, 0, sizeof(*next)); + } + } +loser: + if (searchRef) { + CFRelease(searchRef); + } + nss_ZFreeIf(next); + return count; +} + +static PRUint32 +collect_objects( + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + ckmkInternalObject ***listp, + CK_RV *pError +) +{ + PRUint32 i; + PRUint32 count = 0; + PRUint32 size = 0; + CK_OBJECT_CLASS objClass; + + /* + * first handle the static build in objects (if any) + */ + for( i = 0; i < nss_ckmk_nObjects; i++ ) { + ckmkInternalObject *o = (ckmkInternalObject *)&nss_ckmk_data[i]; + + if( CK_TRUE == ckmk_match(pTemplate, ulAttributeCount, o) ) { + PUT_OBJECT(o, *pError, size, count, *listp); + } + } + + /* + * now handle the various object types + */ + objClass = nss_ckmk_GetULongAttribute(CKA_CLASS, + pTemplate, ulAttributeCount, pError); + if (CKR_OK != *pError) { + objClass = CK_INVALID_HANDLE; + } + *pError = CKR_OK; + switch (objClass) { + case CKO_CERTIFICATE: + count = collect_class(objClass, kSecCertificateItemClass, + pTemplate, ulAttributeCount, listp, + &size, count, pError); + break; + case CKO_PUBLIC_KEY: + count = collect_class(objClass, CSSM_DL_DB_RECORD_PUBLIC_KEY, + pTemplate, ulAttributeCount, listp, + &size, count, pError); + break; + case CKO_PRIVATE_KEY: + count = collect_class(objClass, CSSM_DL_DB_RECORD_PRIVATE_KEY, + pTemplate, ulAttributeCount, listp, + &size, count, pError); + break; + /* all of them */ + case CK_INVALID_HANDLE: + count = collect_class(CKO_CERTIFICATE, kSecCertificateItemClass, + pTemplate, ulAttributeCount, listp, + &size, count, pError); + count = collect_class(CKO_PUBLIC_KEY, CSSM_DL_DB_RECORD_PUBLIC_KEY, + pTemplate, ulAttributeCount, listp, + &size, count, pError); + count = collect_class(CKO_PUBLIC_KEY, CSSM_DL_DB_RECORD_PRIVATE_KEY, + pTemplate, ulAttributeCount, listp, + &size, count, pError); + break; + default: + break; + } + if (CKR_OK != *pError) { + goto loser; + } + + return count; +loser: + nss_ZFreeIf(*listp); + return 0; +} + + +NSS_IMPLEMENT NSSCKMDFindObjects * +nss_ckmk_FindObjectsInit +( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError +) +{ + /* This could be made more efficient. I'm rather rushed. */ + NSSArena *arena; + NSSCKMDFindObjects *rv = (NSSCKMDFindObjects *)NULL; + struct ckmkFOStr *fo = (struct ckmkFOStr *)NULL; + ckmkInternalObject **temp = (ckmkInternalObject **)NULL; + + arena = NSSArena_Create(); + if( (NSSArena *)NULL == arena ) { + goto loser; + } + + rv = nss_ZNEW(arena, NSSCKMDFindObjects); + if( (NSSCKMDFindObjects *)NULL == rv ) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + fo = nss_ZNEW(arena, struct ckmkFOStr); + if( (struct ckmkFOStr *)NULL == fo ) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + fo->arena = arena; + /* fo->n and fo->i are already zero */ + + rv->etc = (void *)fo; + rv->Final = ckmk_mdFindObjects_Final; + rv->Next = ckmk_mdFindObjects_Next; + rv->null = (void *)NULL; + + fo->n = collect_objects(pTemplate, ulAttributeCount, &temp, pError); + if (*pError != CKR_OK) { + goto loser; + } + + fo->objs = nss_ZNEWARRAY(arena, ckmkInternalObject *, fo->n); + if( (ckmkInternalObject **)NULL == fo->objs ) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + (void)nsslibc_memcpy(fo->objs, temp, sizeof(ckmkInternalObject *) * fo->n); + nss_ZFreeIf(temp); + temp = (ckmkInternalObject **)NULL; + + return rv; + + loser: + nss_ZFreeIf(temp); + nss_ZFreeIf(fo); + nss_ZFreeIf(rv); + if ((NSSArena *)NULL != arena) { + NSSArena_Destroy(arena); + } + return (NSSCKMDFindObjects *)NULL; +} + diff --git a/security/nss/lib/ckfw/nssmkey/minst.c b/security/nss/lib/ckfw/nssmkey/minst.c new file mode 100644 index 000000000..0e81358a1 --- /dev/null +++ b/security/nss/lib/ckfw/nssmkey/minst.c @@ -0,0 +1,148 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * Portions created by Red Hat, Inc, are Copyright (C) 2005 + * + * Contributor(s): + * Bob Relyea (rrelyea@redhat.com) + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +#include "ckmk.h" + +/* + * nssmkey/minstance.c + * + * This file implements the NSSCKMDInstance object for the + * "nssmkey" cryptoki module. + */ + +/* + * NSSCKMDInstance methods + */ + +static CK_ULONG +ckmk_mdInstance_GetNSlots +( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + return (CK_ULONG)1; +} + +static CK_VERSION +ckmk_mdInstance_GetCryptokiVersion +( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + return nss_ckmk_CryptokiVersion; +} + +static NSSUTF8 * +ckmk_mdInstance_GetManufacturerID +( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + return (NSSUTF8 *)nss_ckmk_ManufacturerID; +} + +static NSSUTF8 * +ckmk_mdInstance_GetLibraryDescription +( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + return (NSSUTF8 *)nss_ckmk_LibraryDescription; +} + +static CK_VERSION +ckmk_mdInstance_GetLibraryVersion +( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + return nss_ckmk_LibraryVersion; +} + +static CK_RV +ckmk_mdInstance_GetSlots +( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDSlot *slots[] +) +{ + slots[0] = (NSSCKMDSlot *)&nss_ckmk_mdSlot; + return CKR_OK; +} + +static CK_BBOOL +ckmk_mdInstance_ModuleHandlesSessionObjects +( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + /* we don't want to allow any session object creation, at least + * until we can investigate whether or not we can use those objects + */ + return CK_TRUE; +} + +NSS_IMPLEMENT_DATA const NSSCKMDInstance +nss_ckmk_mdInstance = { + (void *)NULL, /* etc */ + NULL, /* Initialize */ + NULL, /* Finalize */ + ckmk_mdInstance_GetNSlots, + ckmk_mdInstance_GetCryptokiVersion, + ckmk_mdInstance_GetManufacturerID, + ckmk_mdInstance_GetLibraryDescription, + ckmk_mdInstance_GetLibraryVersion, + ckmk_mdInstance_ModuleHandlesSessionObjects, + /*NULL, /* HandleSessionObjects */ + ckmk_mdInstance_GetSlots, + NULL, /* WaitForSlotEvent */ + (void *)NULL /* null terminator */ +}; diff --git a/security/nss/lib/ckfw/nssmkey/mobject.c b/security/nss/lib/ckfw/nssmkey/mobject.c new file mode 100644 index 000000000..b56eda6a5 --- /dev/null +++ b/security/nss/lib/ckfw/nssmkey/mobject.c @@ -0,0 +1,1961 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * Portions created by Red Hat, Inc, are Copyright (C) 2005 + * + * Contributor(s): + * Bob Relyea (rrelyea@redhat.com) + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +#include "ckmk.h" +#include "nssbase.h" + +#include "secdert.h" /* for DER_INTEGER */ +#include "string.h" + +/* asn1 encoder (to build pkcs#8 blobs) */ +#include <seccomon.h> +#include <secitem.h> +#include <blapit.h> +#include <secoid.h> +#include <secasn1.h> + +/* for importing the keys */ +#include <CoreFoundation/CoreFoundation.h> +#include <security/SecImportExport.h> + +/* + * nssmkey/mobject.c + * + * This file implements the NSSCKMDObject object for the + * "nssmkey" cryptoki module. + */ + +const CK_ATTRIBUTE_TYPE certAttrs[] = { + CKA_CLASS, + CKA_TOKEN, + CKA_PRIVATE, + CKA_MODIFIABLE, + CKA_LABEL, + CKA_CERTIFICATE_TYPE, + CKA_SUBJECT, + CKA_ISSUER, + CKA_SERIAL_NUMBER, + CKA_VALUE +}; +const PRUint32 certAttrsCount = NSS_CKMK_ARRAY_SIZE(certAttrs); + +/* private keys, for now only support RSA */ +const CK_ATTRIBUTE_TYPE privKeyAttrs[] = { + CKA_CLASS, + CKA_TOKEN, + CKA_PRIVATE, + CKA_MODIFIABLE, + CKA_LABEL, + CKA_KEY_TYPE, + CKA_DERIVE, + CKA_LOCAL, + CKA_SUBJECT, + CKA_SENSITIVE, + CKA_DECRYPT, + CKA_SIGN, + CKA_SIGN_RECOVER, + CKA_UNWRAP, + CKA_EXTRACTABLE, + CKA_ALWAYS_SENSITIVE, + CKA_NEVER_EXTRACTABLE, + CKA_MODULUS, + CKA_PUBLIC_EXPONENT, +}; +const PRUint32 privKeyAttrsCount = NSS_CKMK_ARRAY_SIZE(privKeyAttrs); + +/* public keys, for now only support RSA */ +const CK_ATTRIBUTE_TYPE pubKeyAttrs[] = { + CKA_CLASS, + CKA_TOKEN, + CKA_PRIVATE, + CKA_MODIFIABLE, + CKA_LABEL, + CKA_KEY_TYPE, + CKA_DERIVE, + CKA_LOCAL, + CKA_SUBJECT, + CKA_ENCRYPT, + CKA_VERIFY, + CKA_VERIFY_RECOVER, + CKA_WRAP, + CKA_MODULUS, + CKA_PUBLIC_EXPONENT, +}; +const PRUint32 pubKeyAttrsCount = NSS_CKMK_ARRAY_SIZE(pubKeyAttrs); +static const CK_BBOOL ck_true = CK_TRUE; +static const CK_BBOOL ck_false = CK_FALSE; +static const CK_CERTIFICATE_TYPE ckc_x509 = CKC_X_509; +static const CK_KEY_TYPE ckk_rsa = CKK_RSA; +static const CK_OBJECT_CLASS cko_certificate = CKO_CERTIFICATE; +static const CK_OBJECT_CLASS cko_private_key = CKO_PRIVATE_KEY; +static const CK_OBJECT_CLASS cko_public_key = CKO_PUBLIC_KEY; +static const NSSItem ckmk_trueItem = { + (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }; +static const NSSItem ckmk_falseItem = { + (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }; +static const NSSItem ckmk_x509Item = { + (void *)&ckc_x509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) }; +static const NSSItem ckmk_rsaItem = { + (void *)&ckk_rsa, (PRUint32)sizeof(CK_KEY_TYPE) }; +static const NSSItem ckmk_certClassItem = { + (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }; +static const NSSItem ckmk_privKeyClassItem = { + (void *)&cko_private_key, (PRUint32)sizeof(CK_OBJECT_CLASS) }; +static const NSSItem ckmk_pubKeyClassItem = { + (void *)&cko_public_key, (PRUint32)sizeof(CK_OBJECT_CLASS) }; +static const NSSItem ckmk_emptyItem = { + (void *)&ck_true, 0}; + +/* + * these are utilities. The chould be moved to a new utilities file. + */ +#ifdef DEBUG +static void +itemdump(char *str, void *data, int size, CK_RV error) +{ + unsigned char *ptr = (unsigned char *)data; + int i; + fprintf(stderr,str); + for (i=0; i < size; i++) { + fprintf(stderr,"%02x ",(unsigned int) ptr[i]); + } + fprintf(stderr," (error = %d)\n", (int ) error); +} +#endif + +/* + * unwrap a single DER value + * now that we have util linked in, we should probably use + * the ANS1_Decoder for this work... + */ +unsigned char * +nss_ckmk_DERUnwrap +( + unsigned char *src, + int size, + int *outSize, + unsigned char **next +) +{ + unsigned char *start = src; + unsigned int len = 0; + + /* initialize error condition return values */ + *outSize = 0; + if (next) { + *next = src; + } + + if (size < 2) { + return start; + } + src ++ ; /* skip the tag -- should check it against an expected value! */ + len = (unsigned) *src++; + if (len & 0x80) { + int count = len & 0x7f; + len =0; + + if (count+2 > size) { + return start; + } + while (count-- > 0) { + len = (len << 8) | (unsigned) *src++; + } + } + if (len + (src-start) > (unsigned int)size) { + return start; + } + if (next) { + *next = src+len; + } + *outSize = len; + + return src; +} + +/* + * get an attribute from a template. Value is returned in NSS item. + * data for the item is owned by the template. + */ +CK_RV +nss_ckmk_GetAttribute +( + CK_ATTRIBUTE_TYPE type, + CK_ATTRIBUTE *template, + CK_ULONG templateSize, + NSSItem *item +) +{ + CK_ULONG i; + + for (i=0; i < templateSize; i++) { + if (template[i].type == type) { + item->data = template[i].pValue; + item->size = template[i].ulValueLen; + return CKR_OK; + } + } + return CKR_TEMPLATE_INCOMPLETE; +} + +/* + * get an attribute which is type CK_ULONG. + */ +CK_ULONG +nss_ckmk_GetULongAttribute +( + CK_ATTRIBUTE_TYPE type, + CK_ATTRIBUTE *template, + CK_ULONG templateSize, + CK_RV *pError +) +{ + NSSItem item; + + *pError = nss_ckmk_GetAttribute(type, template, templateSize, &item); + if (CKR_OK != *pError) { + return (CK_ULONG) 0; + } + if (item.size != sizeof(CK_ULONG)) { + *pError = CKR_ATTRIBUTE_VALUE_INVALID; + return (CK_ULONG) 0; + } + return *(CK_ULONG *)item.data; +} + +/* + * get an attribute which is type CK_BBOOL. + */ +CK_BBOOL +nss_ckmk_GetBoolAttribute +( + CK_ATTRIBUTE_TYPE type, + CK_ATTRIBUTE *template, + CK_ULONG templateSize, + CK_BBOOL defaultBool +) +{ + NSSItem item; + CK_RV error; + + error = nss_ckmk_GetAttribute(type, template, templateSize, &item); + if (CKR_OK != error) { + return defaultBool; + } + if (item.size != sizeof(CK_BBOOL)) { + return defaultBool; + } + return *(CK_BBOOL *)item.data; +} + +/* + * get an attribute as a NULL terminated string. Caller is responsible to + * free the string. + */ +char * +nss_ckmk_GetStringAttribute +( + CK_ATTRIBUTE_TYPE type, + CK_ATTRIBUTE *template, + CK_ULONG templateSize, + CK_RV *pError +) +{ + NSSItem item; + char *str; + + /* get the attribute */ + *pError = nss_ckmk_GetAttribute(type, template, templateSize, &item); + if (CKR_OK != *pError) { + return (char *)NULL; + } + /* make sure it is null terminated */ + str = nss_ZNEWARRAY(NULL, char, item.size+1); + if ((char *)NULL == str) { + *pError = CKR_HOST_MEMORY; + return (char *)NULL; + } + + nsslibc_memcpy(str, item.data, item.size); + str[item.size] = 0; + + return str; +} + +/* + * Apple doesn't seem to have a public interface to the DER encoder, + * wip out a quick one for integers only (anything more complicated, + * we should use one of the 3 in lib/util). -- especially since we + * now link with it. + */ +static CK_RV +ckmk_encodeInt(NSSItem *dest, void *src, int srcLen) +{ + int dataLen = srcLen; + int lenLen = 1; + int encLen; + int isSigned = 0; + int offset = 0; + unsigned char *data = NULL; + int i; + + if (*(unsigned char *)src & 0x80) { + dataLen++; + isSigned = 1; + } + + /* calculate the length of the length specifier */ + /* (NOTE: destroys dataLen value) */ + if (dataLen > 0x7f) { + do { + lenLen++; + dataLen >>= 8; + } while (dataLen); + } + + /* calculate our total length */ + dataLen = isSigned + srcLen; + encLen = 1 + lenLen + dataLen; + data = nss_ZNEWARRAY(NULL, unsigned char, encLen); + if ((unsigned char *)NULL == data) { + return CKR_HOST_MEMORY; + } + data[0] = DER_INTEGER; + if (1 == lenLen) { + data[1] = dataLen; + } else { + data[1] = 0x80 + lenLen; + for (i=0; i < lenLen; i++) { + data[i+1] = ((dataLen >> ((lenLen-i-1)*8)) & 0xff); + } + } + offset = lenLen+1; + + if (isSigned) { + data[offset++] = 0; + } + nsslibc_memcpy(&data[offset], src, srcLen); + dest->data = data; + dest->size = encLen; + return CKR_OK; +} + + +/* + * Get a Keyring attribute. If content is set to true, then we get the + * content, not the attribute. + */ +static CK_RV +ckmk_GetCommonAttribute +( + ckmkInternalObject *io, + SecItemAttr itemAttr, + PRBool content, + NSSItem *item, + char *dbString +) +{ + SecKeychainAttributeList *attrList = NULL; + SecKeychainAttributeInfo attrInfo; + PRUint32 len = 0; + PRUint32 dataLen = 0; + PRUint32 attrFormat = 0; + void *dataVal = 0; + void *out = NULL; + CK_RV error = CKR_OK; + OSStatus macErr; + + attrInfo.count = 1; + attrInfo.tag = &itemAttr; + attrInfo.format = &attrFormat; + + macErr = SecKeychainItemCopyAttributesAndData(io->u.item.itemRef, + &attrInfo, NULL, &attrList, &len, &out); + if (noErr != macErr) { + CKMK_MACERR(dbString, macErr); + return CKR_ATTRIBUTE_TYPE_INVALID; + } + dataLen = content ? len : attrList->attr->length; + dataVal = content ? out : attrList->attr->data; + + /* Apple's documentation says this value is DER Encoded, but it clearly isn't + * der encode it before we ship it back off to NSS + */ + if ( kSecSerialNumberItemAttr == itemAttr ) { + error = ckmk_encodeInt(item, dataVal, dataLen); + goto loser; /* logically 'done' if error == CKR_OK */ + } + item->data = nss_ZNEWARRAY(NULL, char, dataLen); + if (NULL == item->data) { + error = CKR_HOST_MEMORY; + goto loser; + } + nsslibc_memcpy(item->data, dataVal, dataLen); + item->size = dataLen; + +loser: + SecKeychainItemFreeAttributesAndData(attrList, out); + return error; +} + +/* + * change an attribute (does not operate on the content). + */ +static CK_RV +ckmk_updateAttribute +( + SecKeychainItemRef itemRef, + SecItemAttr itemAttr, + void *data, + PRUint32 len, + char *dbString +) +{ + SecKeychainAttributeList attrList; + SecKeychainAttribute attrAttr; + OSStatus macErr; + CK_RV error = CKR_OK; + + attrList.count = 1; + attrList.attr = &attrAttr; + attrAttr.tag = itemAttr; + attrAttr.data = data; + attrAttr.length = len; + macErr = SecKeychainItemModifyAttributesAndData(itemRef, &attrList, 0, NULL); + if (noErr != macErr) { + CKMK_MACERR(dbString, macErr); + error = CKR_ATTRIBUTE_TYPE_INVALID; + } + return error; +} + +/* + * get an attribute (does not operate on the content) + */ +static CK_RV +ckmk_GetDataAttribute +( + ckmkInternalObject *io, + SecItemAttr itemAttr, + NSSItem *item, + char *dbString +) +{ + return ckmk_GetCommonAttribute(io, itemAttr, PR_FALSE, item, dbString); +} + +/* + * get an attribute we know is a BOOL. + */ +static CK_RV +ckmk_GetBoolAttribute +( + ckmkInternalObject *io, + SecItemAttr itemAttr, + NSSItem *item, + char *dbString +) +{ + SecKeychainAttribute attr; + SecKeychainAttributeList attrList; + CK_BBOOL *boolp = NULL; + PRUint32 len = 0;; + void *out = NULL; + CK_RV error = CKR_OK; + OSStatus macErr; + + attr.tag = itemAttr; + attr.length = 0; + attr.data = NULL; + attrList.count = 1; + attrList.attr = &attr; + + boolp = nss_ZNEW(NULL, CK_BBOOL); + if ((CK_BBOOL *)NULL == boolp) { + error = CKR_HOST_MEMORY; + goto loser; + } + + macErr = SecKeychainItemCopyContent(io->u.item.itemRef, NULL, + &attrList, &len, &out); + if (noErr != macErr) { + CKMK_MACERR(dbString, macErr); + error = CKR_ATTRIBUTE_TYPE_INVALID; + goto loser; + } + if (sizeof(PRUint32) != attr.length) { + error = CKR_ATTRIBUTE_TYPE_INVALID; + goto loser; + } + *boolp = *(PRUint32 *)attr.data ? 1 : 0; + item->data = boolp; + boolp = NULL; + item->size = sizeof(CK_BBOOL); + +loser: + nss_ZFreeIf(boolp); + SecKeychainItemFreeContent(&attrList, out); + return error; +} + + +/* + * macros for fetching attributes into a cache and returning the + * appropriate value. These operate inside switch statements + */ +#define CKMK_HANDLE_ITEM(func, io, type, loc, item, error, str) \ + if (0 == (item)->loc.size) { \ + error = func(io, type, &(item)->loc, str); \ + } \ + return (CKR_OK == (error)) ? &(item)->loc : NULL; + +#define CKMK_HANDLE_OPT_ITEM(func, io, type, loc, item, error, str) \ + if (0 == (item)->loc.size) { \ + (void) func(io, type, &(item)->loc, str); \ + } \ + return &(item)->loc ; + +#define CKMK_HANDLE_BOOL_ITEM(io, type, loc, item, error, str) \ + CKMK_HANDLE_ITEM(ckmk_GetBoolAttribute, io, type, loc, item, error, str) +#define CKMK_HANDLE_DATA_ITEM(io, type, loc, item, error, str) \ + CKMK_HANDLE_ITEM(ckmk_GetDataAttribute, io, type, loc, item, error, str) +#define CKMK_HANDLE_OPT_DATA_ITEM(io, type, loc, item, error, str) \ + CKMK_HANDLE_OPT_ITEM(ckmk_GetDataAttribute, io, type, loc, item, error, str) + +/* + * fetch the unique identifier for each object type. + */ +static void +ckmk_FetchHashKey +( + ckmkInternalObject *io +) +{ + NSSItem *key = &io->hashKey; + + if (io->objClass == CKO_CERTIFICATE) { + ckmk_GetCommonAttribute(io, kSecCertEncodingItemAttr, + PR_TRUE, key, "Fetching HashKey (cert)"); + } else { + ckmk_GetCommonAttribute(io, kSecKeyLabel, + PR_FALSE, key, "Fetching HashKey (key)"); + } +} + +/* + * Apple mucks with the actual subject and issuer, so go fetch + * the real ones ourselves. + */ +static void +ckmk_fetchCert +( + ckmkInternalObject *io +) +{ + CK_RV error; + unsigned char * cert, *next; + int certSize, thisEntrySize; + + error = ckmk_GetCommonAttribute(io, kSecCertEncodingItemAttr, PR_TRUE, + &io->u.item.derCert, "Fetching Value (cert)"); + if (CKR_OK != error) { + return; + } + /* unwrap the cert bundle */ + cert = nss_ckmk_DERUnwrap((unsigned char *)io->u.item.derCert.data, + io->u.item.derCert.size, + &certSize, NULL); + /* unwrap the cert itself */ + /* cert == certdata */ + cert = nss_ckmk_DERUnwrap(cert, certSize, &certSize, NULL); + + /* skip the optional version */ + if ((cert[0] & 0xa0) == 0xa0) { + nss_ckmk_DERUnwrap(cert, certSize, &thisEntrySize, &next); + certSize -= next - cert; + cert = next; + } + /* skip the serial number */ + nss_ckmk_DERUnwrap(cert, certSize, &thisEntrySize, &next); + certSize -= next - cert; + cert = next; + + /* skip the OID */ + nss_ckmk_DERUnwrap(cert, certSize, &thisEntrySize, &next); + certSize -= next - cert; + cert = next; + + /* save the (wrapped) issuer */ + io->u.item.issuer.data = cert; + nss_ckmk_DERUnwrap(cert, certSize, &thisEntrySize, &next); + io->u.item.issuer.size = next - cert; + certSize -= io->u.item.issuer.size; + cert = next; + + /* skip the OID */ + nss_ckmk_DERUnwrap(cert, certSize, &thisEntrySize, &next); + certSize -= next - cert; + cert = next; + + /* save the (wrapped) subject */ + io->u.item.subject.data = cert; + nss_ckmk_DERUnwrap(cert, certSize, &thisEntrySize, &next); + io->u.item.subject.size = next - cert; + certSize -= io->u.item.subject.size; + cert = next; +} + +static void +ckmk_fetchModulus +( + ckmkInternalObject *io +) +{ + NSSItem item; + PRInt32 modLen; + CK_RV error; + + /* we can't reliably get the modulus for private keys through CSSM (sigh). + * For NSS this is OK because we really only use this to get the modulus + * length (unless we are trying to get a public key from a private keys, + * something CSSM ALSO does not do!). + */ + error = ckmk_GetDataAttribute(io, kSecKeyKeySizeInBits, &item, + "Key Fetch Modulus"); + if (CKR_OK != error) { + return; + } + + modLen = *(PRInt32 *)item.data; + modLen = modLen/8; /* convert from bits to bytes */ + + nss_ZFreeIf(item.data); + io->u.item.modulus.data = nss_ZNEWARRAY(NULL, char, modLen); + if (NULL == io->u.item.modulus.data) { + return; + } + *(char *)io->u.item.modulus.data = 0x80; /* fake NSS out or it will + * drop the first byte */ + io->u.item.modulus.size = modLen; + return; +} + +const NSSItem * +ckmk_FetchCertAttribute +( + ckmkInternalObject *io, + CK_ATTRIBUTE_TYPE type, + CK_RV *pError +) +{ + ckmkItemObject *item = &io->u.item; + *pError = CKR_OK; + switch(type) { + case CKA_CLASS: + return &ckmk_certClassItem; + case CKA_TOKEN: + case CKA_MODIFIABLE: + return &ckmk_trueItem; + case CKA_PRIVATE: + return &ckmk_falseItem; + case CKA_CERTIFICATE_TYPE: + return &ckmk_x509Item; + case CKA_LABEL: + CKMK_HANDLE_OPT_DATA_ITEM(io, kSecLabelItemAttr, label, item, *pError, + "Cert:Label attr") + case CKA_SUBJECT: + /* OK, well apple does provide an subject and issuer attribute, but they + * decided to cannonicalize that value. Probably a good move for them, + * but makes it useless for most users of PKCS #11.. Get the real subject + * from the certificate */ + if (0 == item->derCert.size) { + ckmk_fetchCert(io); + } + return &item->subject; + case CKA_ISSUER: + if (0 == item->derCert.size) { + ckmk_fetchCert(io); + } + return &item->issuer; + case CKA_SERIAL_NUMBER: + CKMK_HANDLE_DATA_ITEM(io, kSecSerialNumberItemAttr, serial, item, *pError, + "Cert:Serial Number attr") + case CKA_VALUE: + if (0 == item->derCert.size) { + ckmk_fetchCert(io); + } + return &item->derCert; + case CKA_ID: + CKMK_HANDLE_OPT_DATA_ITEM(io, kSecPublicKeyHashItemAttr, id, item, *pError, + "Cert:ID attr") + default: + *pError = CKR_ATTRIBUTE_TYPE_INVALID; + break; + } + return NULL; +} + +const NSSItem * +ckmk_FetchPubKeyAttribute +( + ckmkInternalObject *io, + CK_ATTRIBUTE_TYPE type, + CK_RV *pError +) +{ + ckmkItemObject *item = &io->u.item; + *pError = CKR_OK; + + switch(type) { + case CKA_CLASS: + return &ckmk_pubKeyClassItem; + case CKA_TOKEN: + case CKA_LOCAL: + return &ckmk_trueItem; + case CKA_KEY_TYPE: + return &ckmk_rsaItem; + case CKA_LABEL: + CKMK_HANDLE_OPT_DATA_ITEM(io, kSecKeyPrintName, label, item, *pError, + "PubKey:Label attr") + case CKA_ENCRYPT: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeyEncrypt, encrypt, item, *pError, + "PubKey:Encrypt attr") + case CKA_VERIFY: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeyVerify, verify, item, *pError, + "PubKey:Verify attr") + case CKA_VERIFY_RECOVER: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeyVerifyRecover, verifyRecover, + item, *pError, "PubKey:VerifyRecover attr") + case CKA_PRIVATE: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeyPrivate, private, item, *pError, + "PubKey:Private attr") + case CKA_MODIFIABLE: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeyModifiable, modify, item, *pError, + "PubKey:Modify attr") + case CKA_DERIVE: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeyDerive, derive, item, *pError, + "PubKey:Derive attr") + case CKA_WRAP: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeyWrap, wrap, item, *pError, + "PubKey:Wrap attr") + case CKA_SUBJECT: + CKMK_HANDLE_OPT_DATA_ITEM(io, kSecSubjectItemAttr, subject, item, *pError, + "PubKey:Subect attr") + case CKA_MODULUS: + return &ckmk_emptyItem; + case CKA_PUBLIC_EXPONENT: + return &ckmk_emptyItem; + case CKA_ID: + CKMK_HANDLE_OPT_DATA_ITEM(io, kSecKeyLabel, id, item, *pError, + "PubKey:ID attr") + default: + *pError = CKR_ATTRIBUTE_TYPE_INVALID; + break; + } + return NULL; +} + +const NSSItem * +ckmk_FetchPrivKeyAttribute +( + ckmkInternalObject *io, + CK_ATTRIBUTE_TYPE type, + CK_RV *pError +) +{ + ckmkItemObject *item = &io->u.item; + *pError = CKR_OK; + + switch(type) { + case CKA_CLASS: + return &ckmk_privKeyClassItem; + case CKA_TOKEN: + case CKA_LOCAL: + return &ckmk_trueItem; + case CKA_SENSITIVE: + case CKA_EXTRACTABLE: /* will probably move in the future */ + case CKA_ALWAYS_SENSITIVE: + case CKA_NEVER_EXTRACTABLE: + return &ckmk_falseItem; + case CKA_KEY_TYPE: + return &ckmk_rsaItem; + case CKA_LABEL: + CKMK_HANDLE_OPT_DATA_ITEM(io, kSecKeyPrintName, label, item, *pError, + "PrivateKey:Label attr") + case CKA_DECRYPT: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeyDecrypt, decrypt, item, *pError, + "PrivateKey:Decrypt attr") + case CKA_SIGN: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeySign, sign, item, *pError, + "PrivateKey:Sign attr") + case CKA_SIGN_RECOVER: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeySignRecover, signRecover, item, *pError, + "PrivateKey:Sign Recover attr") + case CKA_PRIVATE: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeyPrivate, private, item, *pError, + "PrivateKey:Private attr") + case CKA_MODIFIABLE: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeyModifiable, modify, item, *pError, + "PrivateKey:Modify attr") + case CKA_DERIVE: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeyDerive, derive, item, *pError, + "PrivateKey:Derive attr") + case CKA_UNWRAP: + CKMK_HANDLE_BOOL_ITEM(io, kSecKeyUnwrap, unwrap, item, *pError, + "PrivateKey:Unwrap attr") + case CKA_SUBJECT: + CKMK_HANDLE_OPT_DATA_ITEM(io, kSecSubjectItemAttr, subject, item, *pError, + "PrivateKey:Subject attr") + case CKA_MODULUS: + if (0 == item->modulus.size) { + ckmk_fetchModulus(io); + } + return &item->modulus; + case CKA_PUBLIC_EXPONENT: + return &ckmk_emptyItem; +#ifdef notdef + /* the following are sensitive attributes. We could implement them for + * sensitive keys using the key export function, but it's better to + * just support wrap through this token. That will more reliably allow us + * to export any private key that is truly exportable. + */ + case CKA_PRIVATE_EXPONENT: + CKMK_HANDLE_DATA_ITEM(io, kSecPrivateExponentItemAttr, privateExponent, + item, *pError) + case CKA_PRIME_1: + CKMK_HANDLE_DATA_ITEM(io, kSecPrime1ItemAttr, prime1, item, *pError) + case CKA_PRIME_2: + CKMK_HANDLE_DATA_ITEM(io, kSecPrime2ItemAttr, prime2, item, *pError) + case CKA_EXPONENT_1: + CKMK_HANDLE_DATA_ITEM(io, kSecExponent1ItemAttr, exponent1, item, *pError) + case CKA_EXPONENT_2: + CKMK_HANDLE_DATA_ITEM(io, kSecExponent2ItemAttr, exponent2, item, *pError) + case CKA_COEFFICIENT: + CKMK_HANDLE_DATA_ITEM(io, kSecCoefficientItemAttr, coefficient, + item, *pError) +#endif + case CKA_ID: + CKMK_HANDLE_OPT_DATA_ITEM(io, kSecKeyLabel, id, item, *pError, + "PrivateKey:ID attr") + default: + *pError = CKR_ATTRIBUTE_TYPE_INVALID; + return NULL; + } +} + +const NSSItem * +nss_ckmk_FetchAttribute +( + ckmkInternalObject *io, + CK_ATTRIBUTE_TYPE type, + CK_RV *pError +) +{ + CK_ULONG i; + const NSSItem * value = NULL; + + if (io->type == ckmkRaw) { + for( i = 0; i < io->u.raw.n; i++ ) { + if( type == io->u.raw.types[i] ) { + return &io->u.raw.items[i]; + } + } + *pError = CKR_ATTRIBUTE_TYPE_INVALID; + return NULL; + } + /* deal with the common attributes */ + switch (io->objClass) { + case CKO_CERTIFICATE: + value = ckmk_FetchCertAttribute(io, type, pError); + break; + case CKO_PRIVATE_KEY: + value = ckmk_FetchPrivKeyAttribute(io, type, pError); + break; + case CKO_PUBLIC_KEY: + value = ckmk_FetchPubKeyAttribute(io, type, pError); + break; + default: + *pError = CKR_OBJECT_HANDLE_INVALID; + return NULL; + } + +#ifdef DEBUG + if (CKA_ID == type) { + itemdump("id: ", value->data, value->size, *pError); + } +#endif + return value; +} + +static void +ckmk_removeObjectFromHash +( + ckmkInternalObject *io +); + +/* + * + * These are the MSObject functions we need to implement + * + * Finalize - unneeded (actually we should clean up the hashtables) + * Destroy + * IsTokenObject - CK_TRUE + * GetAttributeCount + * GetAttributeTypes + * GetAttributeSize + * GetAttribute + * SetAttribute + * GetObjectSize + */ + +static CK_RV +ckmk_mdObject_Destroy +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc; + OSStatus macErr; + + if (ckmkRaw == io->type) { + /* there is not 'object write protected' error, use the next best thing */ + return CKR_TOKEN_WRITE_PROTECTED; + } + + /* This API is done well. The following 4 lines are the complete apple + * specific part of this implementation */ + macErr = SecKeychainItemDelete(io->u.item.itemRef); + if (noErr != macErr) { + CKMK_MACERR("Delete object", macErr); + } + + /* remove it from the hash */ + ckmk_removeObjectFromHash(io); + + /* free the puppy.. */ + nss_ckmk_DestroyInternalObject(io); + + return CKR_OK; +} + +static CK_BBOOL +ckmk_mdObject_IsTokenObject +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + return CK_TRUE; +} + +static CK_ULONG +ckmk_mdObject_GetAttributeCount +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc; + + if (ckmkRaw == io->type) { + return io->u.raw.n; + } + switch (io->objClass) { + case CKO_CERTIFICATE: + return certAttrsCount; + case CKO_PUBLIC_KEY: + return pubKeyAttrsCount; + case CKO_PRIVATE_KEY: + return privKeyAttrsCount; + default: + break; + } + return 0; +} + +static CK_RV +ckmk_mdObject_GetAttributeTypes +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount +) +{ + ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc; + CK_ULONG i; + CK_RV error = CKR_OK; + const CK_ATTRIBUTE_TYPE *attrs = NULL; + CK_ULONG size = ckmk_mdObject_GetAttributeCount( + mdObject, fwObject, mdSession, fwSession, + mdToken, fwToken, mdInstance, fwInstance, &error); + + if( size != ulCount ) { + return CKR_BUFFER_TOO_SMALL; + } + if (io->type == ckmkRaw) { + attrs = io->u.raw.types; + } else switch(io->objClass) { + case CKO_CERTIFICATE: + attrs = certAttrs; + break; + case CKO_PUBLIC_KEY: + attrs = pubKeyAttrs; + break; + case CKO_PRIVATE_KEY: + attrs = privKeyAttrs; + break; + default: + return CKR_OK; + } + + for( i = 0; i < size; i++) { + typeArray[i] = attrs[i]; + } + + return CKR_OK; +} + +static CK_ULONG +ckmk_mdObject_GetAttributeSize +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError +) +{ + ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc; + + const NSSItem *b; + + b = nss_ckmk_FetchAttribute(io, attribute, pError); + + if ((const NSSItem *)NULL == b) { + return 0; + } + return b->size; +} + +static CK_RV +ckmk_mdObject_SetAttribute +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + NSSItem *value +) +{ + ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc; + SecKeychainItemRef itemRef; + + if (io->type == ckmkRaw) { + return CKR_TOKEN_WRITE_PROTECTED; + } + itemRef = io->u.item.itemRef; + + switch (io->objClass) { + case CKO_PRIVATE_KEY: + case CKO_PUBLIC_KEY: + switch (attribute) { + case CKA_ID: + ckmk_updateAttribute(itemRef, kSecKeyLabel, + value->data, value->size, "Set Attr Key ID"); +#ifdef DEBUG + itemdump("key id: ", value->data, value->size, CKR_OK); +#endif + break; + case CKA_LABEL: + ckmk_updateAttribute(itemRef, kSecKeyPrintName, value->data, + value->size, "Set Attr Key Label"); + break; + default: + break; + } + break; + + case CKO_CERTIFICATE: + switch (attribute) { + case CKA_ID: + ckmk_updateAttribute(itemRef, kSecPublicKeyHashItemAttr, + value->data, value->size, "Set Attr Cert ID"); + break; + case CKA_LABEL: + ckmk_updateAttribute(itemRef, kSecLabelItemAttr, value->data, + value->size, "Set Attr Cert Label"); + break; + default: + break; + } + break; + + default: + break; + } + return CKR_OK; +} + +static NSSCKFWItem +ckmk_mdObject_GetAttribute +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError +) +{ + NSSCKFWItem mdItem; + ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc; + + mdItem.needsFreeing = PR_FALSE; + mdItem.item = (NSSItem*)nss_ckmk_FetchAttribute(io, attribute, pError); + + + return mdItem; +} + +static CK_ULONG +ckmk_mdObject_GetObjectSize +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + CK_ULONG rv = 1; + + /* size is irrelevant to this token */ + return rv; +} + +static const NSSCKMDObject +ckmk_prototype_mdObject = { + (void *)NULL, /* etc */ + NULL, /* Finalize */ + ckmk_mdObject_Destroy, + ckmk_mdObject_IsTokenObject, + ckmk_mdObject_GetAttributeCount, + ckmk_mdObject_GetAttributeTypes, + ckmk_mdObject_GetAttributeSize, + ckmk_mdObject_GetAttribute, + NULL, /* FreeAttribute */ + ckmk_mdObject_SetAttribute, + ckmk_mdObject_GetObjectSize, + (void *)NULL /* null terminator */ +}; + +static nssHash *ckmkInternalObjectHash = NULL; + +NSS_IMPLEMENT NSSCKMDObject * +nss_ckmk_CreateMDObject +( + NSSArena *arena, + ckmkInternalObject *io, + CK_RV *pError +) +{ + if ((nssHash *)NULL == ckmkInternalObjectHash) { + ckmkInternalObjectHash = nssHash_CreateItem(NULL, 10); + } + if (ckmkItem == io->type) { + /* the hash key, not a cryptographic key */ + NSSItem *key = &io->hashKey; + ckmkInternalObject *old_o = NULL; + + if (key->size == 0) { + ckmk_FetchHashKey(io); + } + old_o = (ckmkInternalObject *) + nssHash_Lookup(ckmkInternalObjectHash, key); + if (!old_o) { + nssHash_Add(ckmkInternalObjectHash, key, io); + } else if (old_o != io) { + nss_ckmk_DestroyInternalObject(io); + io = old_o; + } + } + + if ( (void*)NULL == io->mdObject.etc) { + (void) nsslibc_memcpy(&io->mdObject,&ckmk_prototype_mdObject, + sizeof(ckmk_prototype_mdObject)); + io->mdObject.etc = (void *)io; + } + return &io->mdObject; +} + +static void +ckmk_removeObjectFromHash +( + ckmkInternalObject *io +) +{ + NSSItem *key = &io->hashKey; + + if ((nssHash *)NULL == ckmkInternalObjectHash) { + return; + } + if (key->size == 0) { + ckmk_FetchHashKey(io); + } + nssHash_Remove(ckmkInternalObjectHash, key); + return; +} + + +void +nss_ckmk_DestroyInternalObject +( + ckmkInternalObject *io +) +{ + switch (io->type) { + case ckmkRaw: + return; + case ckmkItem: + nss_ZFreeIf(io->u.item.modify.data); + nss_ZFreeIf(io->u.item.private.data); + nss_ZFreeIf(io->u.item.encrypt.data); + nss_ZFreeIf(io->u.item.decrypt.data); + nss_ZFreeIf(io->u.item.derive.data); + nss_ZFreeIf(io->u.item.sign.data); + nss_ZFreeIf(io->u.item.signRecover.data); + nss_ZFreeIf(io->u.item.verify.data); + nss_ZFreeIf(io->u.item.verifyRecover.data); + nss_ZFreeIf(io->u.item.wrap.data); + nss_ZFreeIf(io->u.item.unwrap.data); + nss_ZFreeIf(io->u.item.label.data); + /*nss_ZFreeIf(io->u.item.subject.data); */ + /*nss_ZFreeIf(io->u.item.issuer.data); */ + nss_ZFreeIf(io->u.item.serial.data); + nss_ZFreeIf(io->u.item.modulus.data); + nss_ZFreeIf(io->u.item.exponent.data); + nss_ZFreeIf(io->u.item.privateExponent.data); + nss_ZFreeIf(io->u.item.prime1.data); + nss_ZFreeIf(io->u.item.prime2.data); + nss_ZFreeIf(io->u.item.exponent1.data); + nss_ZFreeIf(io->u.item.exponent2.data); + nss_ZFreeIf(io->u.item.coefficient.data); + break; + } + nss_ZFreeIf(io); + return; +} + + +static ckmkInternalObject * +nss_ckmk_NewInternalObject +( + CK_OBJECT_CLASS objClass, + SecKeychainItemRef itemRef, + SecItemClass itemClass, + CK_RV *pError +) +{ + ckmkInternalObject *io = nss_ZNEW(NULL, ckmkInternalObject); + + if ((ckmkInternalObject *)NULL == io) { + *pError = CKR_HOST_MEMORY; + return io; + } + io->type = ckmkItem; + io->objClass = objClass; + io->u.item.itemRef = itemRef; + io->u.item.itemClass = itemClass; + return io; +} + +/* + * Apple doesn't alway have a default keyChain set by the OS, use the + * SearchList to try to find one. + */ +static CK_RV +ckmk_GetSafeDefaultKeychain +( + SecKeychainRef *keychainRef +) +{ + OSStatus macErr; + CFArrayRef searchList = 0; + CK_RV error = CKR_OK; + + macErr = SecKeychainCopyDefault(keychainRef); + if (noErr != macErr) { + int searchCount = 0; + if (errSecNoDefaultKeychain != macErr) { + CKMK_MACERR("Getting default key chain", macErr); + error = CKR_GENERAL_ERROR; + goto loser; + } + /* ok, we don't have a default key chain, find one */ + macErr = SecKeychainCopySearchList(&searchList); + if (noErr != macErr) { + CKMK_MACERR("failed to find a keyring searchList", macErr); + error = CKR_DEVICE_REMOVED; + goto loser; + } + searchCount = CFArrayGetCount(searchList); + if (searchCount < 1) { + error = CKR_DEVICE_REMOVED; + goto loser; + } + *keychainRef = + (SecKeychainRef)CFRetain(CFArrayGetValueAtIndex(searchList, 0)); + if (0 == *keychainRef) { + error = CKR_DEVICE_REMOVED; + goto loser; + } + /* should we set it as default? */ + } +loser: + if (0 != searchList) { + CFRelease(searchList); + } + return error; +} +static ckmkInternalObject * +nss_ckmk_CreateCertificate +( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError +) +{ + NSSItem value; + ckmkInternalObject *io = NULL; + OSStatus macErr; + SecCertificateRef certRef; + SecKeychainItemRef itemRef; + SecKeychainRef keychainRef; + CSSM_DATA certData; + + *pError = nss_ckmk_GetAttribute(CKA_VALUE, pTemplate, + ulAttributeCount, &value); + if (CKR_OK != *pError) { + goto loser; + } + + certData.Data = value.data; + certData.Length = value.size; + macErr = SecCertificateCreateFromData(&certData, CSSM_CERT_X_509v3, + CSSM_CERT_ENCODING_BER, &certRef); + if (noErr != macErr) { + CKMK_MACERR("Create cert from data Failed", macErr); + *pError = CKR_GENERAL_ERROR; /* need to map macErr */ + goto loser; + } + + *pError = ckmk_GetSafeDefaultKeychain(&keychainRef); + if (CKR_OK != *pError) { + goto loser; + } + + macErr = SecCertificateAddToKeychain( certRef, keychainRef); + itemRef = (SecKeychainItemRef) certRef; + if (errSecDuplicateItem != macErr) { + NSSItem keyID = { NULL, 0 }; + char *nickname = NULL; + CK_RV dummy; + + if (noErr != macErr) { + CKMK_MACERR("Add cert to keychain Failed", macErr); + *pError = CKR_GENERAL_ERROR; /* need to map macErr */ + goto loser; + } + /* these two are optional */ + nickname = nss_ckmk_GetStringAttribute(CKA_LABEL, pTemplate, + ulAttributeCount, &dummy); + /* we've added a new one, update the attributes in the key ring */ + if (nickname) { + ckmk_updateAttribute(itemRef, kSecLabelItemAttr, nickname, + strlen(nickname)+1, "Modify Cert Label"); + nss_ZFreeIf(nickname); + } + dummy = nss_ckmk_GetAttribute(CKA_ID, pTemplate, + ulAttributeCount, &keyID); + if (CKR_OK == dummy) { + dummy = ckmk_updateAttribute(itemRef, kSecPublicKeyHashItemAttr, + keyID.data, keyID.size, "Modify Cert ID"); + } + } + + io = nss_ckmk_NewInternalObject(CKO_CERTIFICATE, itemRef, + kSecCertificateItemClass, pError); + if ((ckmkInternalObject *)NULL != io) { + itemRef = 0; + } + +loser: + if (0 != itemRef) { + CFRelease(itemRef); + } + if (0 != keychainRef) { + CFRelease(keychainRef); + } + + return io; +} + +/* + * PKCS #8 attributes + */ +struct ckmk_AttributeStr { + SECItem attrType; + SECItem *attrValue; +}; +typedef struct ckmk_AttributeStr ckmk_Attribute; + +/* +** A PKCS#8 private key info object +*/ +struct PrivateKeyInfoStr { + PLArenaPool *arena; + SECItem version; + SECAlgorithmID algorithm; + SECItem privateKey; + ckmk_Attribute **attributes; +}; +typedef struct PrivateKeyInfoStr PrivateKeyInfo; + +const SEC_ASN1Template ckmk_RSAPrivateKeyTemplate[] = { + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(RSAPrivateKey) }, + { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey,version) }, + { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey,modulus) }, + { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey,publicExponent) }, + { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey,privateExponent) }, + { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey,prime1) }, + { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey,prime2) }, + { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey,exponent1) }, + { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey,exponent2) }, + { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey,coefficient) }, + { 0 } +}; + +const SEC_ASN1Template ckmk_AttributeTemplate[] = { + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(ckmk_Attribute) }, + { SEC_ASN1_OBJECT_ID, offsetof(ckmk_Attribute, attrType) }, + { SEC_ASN1_SET_OF, offsetof(ckmk_Attribute, attrValue), + SEC_AnyTemplate }, + { 0 } +}; + +const SEC_ASN1Template ckmk_SetOfAttributeTemplate[] = { + { SEC_ASN1_SET_OF, 0, ckmk_AttributeTemplate }, +}; + +SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate) + +/* ASN1 Templates for new decoder/encoder */ +const SEC_ASN1Template ckmk_PrivateKeyInfoTemplate[] = { + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(PrivateKeyInfo) }, + { SEC_ASN1_INTEGER, offsetof(PrivateKeyInfo,version) }, + { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(PrivateKeyInfo,algorithm), + SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, + { SEC_ASN1_OCTET_STRING, offsetof(PrivateKeyInfo,privateKey) }, + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0, + offsetof(PrivateKeyInfo, attributes), ckmk_SetOfAttributeTemplate }, + { 0 } +}; + +#define CKMK_PRIVATE_KEY_INFO_VERSION 0 +static CK_RV +ckmk_CreateRSAKeyBlob +( + RSAPrivateKey *lk, + NSSItem *keyBlob +) +{ + PrivateKeyInfo *pki = NULL; + PLArenaPool *arena = NULL; + SECOidTag algorithm = SEC_OID_UNKNOWN; + void *dummy; + SECStatus rv; + SECItem *encodedKey = NULL; + CK_RV error = CKR_OK; + + arena = PORT_NewArena(2048); /* XXX different size? */ + if(!arena) { + error = CKR_HOST_MEMORY; + goto loser; + } + + pki = (PrivateKeyInfo*)PORT_ArenaZAlloc(arena, sizeof(PrivateKeyInfo)); + if(!pki) { + error = CKR_HOST_MEMORY; + goto loser; + } + pki->arena = arena; + + dummy = SEC_ASN1EncodeItem(arena, &pki->privateKey, lk, + ckmk_RSAPrivateKeyTemplate); + algorithm = SEC_OID_PKCS1_RSA_ENCRYPTION; + + if (!dummy) { + error = CKR_DEVICE_ERROR; /* should map NSS SECError */ + goto loser; + } + + rv = SECOID_SetAlgorithmID(arena, &pki->algorithm, algorithm, + (SECItem*)NULL); + if (rv != SECSuccess) { + error = CKR_DEVICE_ERROR; /* should map NSS SECError */ + goto loser; + } + + dummy = SEC_ASN1EncodeInteger(arena, &pki->version, + CKMK_PRIVATE_KEY_INFO_VERSION); + if (!dummy) { + error = CKR_DEVICE_ERROR; /* should map NSS SECError */ + goto loser; + } + + encodedKey = SEC_ASN1EncodeItem(NULL, NULL, pki, + ckmk_PrivateKeyInfoTemplate); + if (!encodedKey) { + error = CKR_DEVICE_ERROR; + goto loser; + } + + keyBlob->data = nss_ZNEWARRAY(NULL, char, encodedKey->len); + if (NULL == keyBlob->data) { + error = CKR_HOST_MEMORY; + goto loser; + } + nsslibc_memcpy(keyBlob->data, encodedKey->data, encodedKey->len); + keyBlob->size = encodedKey->len; + +loser: + if(arena) { + PORT_FreeArena(arena, PR_TRUE); + } + if (encodedKey) { + SECITEM_FreeItem(encodedKey, PR_TRUE); + } + + return error; +} +/* + * There MUST be a better way to do this. For now, find the key based on the + * default name Apple gives it once we import. + */ +#define IMPORTED_NAME "Imported Private Key" +static CK_RV +ckmk_FindImportedKey +( + SecKeychainRef keychainRef, + SecItemClass itemClass, + SecKeychainItemRef *outItemRef +) +{ + OSStatus macErr; + SecKeychainSearchRef searchRef = 0; + SecKeychainItemRef newItemRef; + + macErr = SecKeychainSearchCreateFromAttributes(keychainRef, itemClass, + NULL, &searchRef); + if (noErr != macErr) { + CKMK_MACERR("Can't search for Key", macErr); + return CKR_GENERAL_ERROR; + } + while (noErr == SecKeychainSearchCopyNext(searchRef, &newItemRef)) { + SecKeychainAttributeList *attrList = NULL; + SecKeychainAttributeInfo attrInfo; + SecItemAttr itemAttr = kSecKeyPrintName; + PRUint32 attrFormat = 0; + OSStatus macErr; + + attrInfo.count = 1; + attrInfo.tag = &itemAttr; + attrInfo.format = &attrFormat; + + macErr = SecKeychainItemCopyAttributesAndData(newItemRef, + &attrInfo, NULL, &attrList, NULL, NULL); + if (noErr == macErr) { + if (nsslibc_memcmp(attrList->attr->data, IMPORTED_NAME, + attrList->attr->length, NULL) == 0) { + *outItemRef = newItemRef; + CFRelease (searchRef); + SecKeychainItemFreeAttributesAndData(attrList, NULL); + return CKR_OK; + } + SecKeychainItemFreeAttributesAndData(attrList, NULL); + } + CFRelease(newItemRef); + } + CFRelease (searchRef); + return CKR_GENERAL_ERROR; /* we can come up with something better! */ +} + +static ckmkInternalObject * +nss_ckmk_CreatePrivateKey +( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError +) +{ + NSSItem attribute; + RSAPrivateKey lk; + NSSItem keyID; + char *nickname = NULL; + ckmkInternalObject *io = NULL; + CK_KEY_TYPE keyType; + OSStatus macErr; + SecKeychainItemRef itemRef = 0; + NSSItem keyBlob = { NULL, 0 }; + CFDataRef dataRef = 0; + SecExternalFormat inputFormat = kSecFormatBSAFE; + /*SecExternalFormat inputFormat = kSecFormatOpenSSL; */ + SecExternalItemType itemType = kSecItemTypePrivateKey; + SecKeyImportExportParameters keyParams ; + SecKeychainRef targetKeychain = 0; + unsigned char zero = 0; + CK_RV error; + + keyParams.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION; + keyParams.flags = 0; + keyParams.passphrase = 0; + keyParams.alertTitle = 0; + keyParams.alertPrompt = 0; + keyParams.accessRef = 0; /* default */ + keyParams.keyUsage = 0; /* will get filled in */ + keyParams.keyAttributes = CSSM_KEYATTR_PERMANENT; /* will get filled in */ + keyType = nss_ckmk_GetULongAttribute + (CKA_KEY_TYPE, pTemplate, ulAttributeCount, pError); + if (CKR_OK != *pError) { + return (ckmkInternalObject *)NULL; + } + if (CKK_RSA != keyType) { + *pError = CKR_ATTRIBUTE_VALUE_INVALID; + return (ckmkInternalObject *)NULL; + } + if (nss_ckmk_GetBoolAttribute(CKA_DECRYPT, + pTemplate, ulAttributeCount, CK_TRUE)) { + keyParams.keyUsage |= CSSM_KEYUSE_DECRYPT; + } + if (nss_ckmk_GetBoolAttribute(CKA_UNWRAP, + pTemplate, ulAttributeCount, CK_TRUE)) { + keyParams.keyUsage |= CSSM_KEYUSE_UNWRAP; + } + if (nss_ckmk_GetBoolAttribute(CKA_SIGN, + pTemplate, ulAttributeCount, CK_TRUE)) { + keyParams.keyUsage |= CSSM_KEYUSE_SIGN; + } + if (nss_ckmk_GetBoolAttribute(CKA_DERIVE, + pTemplate, ulAttributeCount, CK_FALSE)) { + keyParams.keyUsage |= CSSM_KEYUSE_DERIVE; + } + if (nss_ckmk_GetBoolAttribute(CKA_SENSITIVE, + pTemplate, ulAttributeCount, CK_TRUE)) { + keyParams.keyAttributes |= CSSM_KEYATTR_SENSITIVE; + } + if (nss_ckmk_GetBoolAttribute(CKA_EXTRACTABLE, + pTemplate, ulAttributeCount, CK_TRUE)) { + keyParams.keyAttributes |= CSSM_KEYATTR_EXTRACTABLE; + } + + lk.version.type = siUnsignedInteger; + lk.version.data = &zero; + lk.version.len = 1; + + *pError = nss_ckmk_GetAttribute(CKA_MODULUS, pTemplate, + ulAttributeCount, &attribute); + if (CKR_OK != *pError) { + return (ckmkInternalObject *)NULL; + } + lk.modulus.type = siUnsignedInteger; + lk.modulus.data = attribute.data; + lk.modulus.len = attribute.size; + + *pError = nss_ckmk_GetAttribute(CKA_PUBLIC_EXPONENT, pTemplate, + ulAttributeCount, &attribute); + if (CKR_OK != *pError) { + return (ckmkInternalObject *)NULL; + } + lk.publicExponent.type = siUnsignedInteger; + lk.publicExponent.data = attribute.data; + lk.publicExponent.len = attribute.size; + + *pError = nss_ckmk_GetAttribute(CKA_PRIVATE_EXPONENT, pTemplate, + ulAttributeCount, &attribute); + if (CKR_OK != *pError) { + return (ckmkInternalObject *)NULL; + } + lk.privateExponent.type = siUnsignedInteger; + lk.privateExponent.data = attribute.data; + lk.privateExponent.len = attribute.size; + + *pError = nss_ckmk_GetAttribute(CKA_PRIME_1, pTemplate, + ulAttributeCount, &attribute); + if (CKR_OK != *pError) { + return (ckmkInternalObject *)NULL; + } + lk.prime1.type = siUnsignedInteger; + lk.prime1.data = attribute.data; + lk.prime1.len = attribute.size; + + *pError = nss_ckmk_GetAttribute(CKA_PRIME_2, pTemplate, + ulAttributeCount, &attribute); + if (CKR_OK != *pError) { + return (ckmkInternalObject *)NULL; + } + lk.prime2.type = siUnsignedInteger; + lk.prime2.data = attribute.data; + lk.prime2.len = attribute.size; + + *pError = nss_ckmk_GetAttribute(CKA_EXPONENT_1, pTemplate, + ulAttributeCount, &attribute); + if (CKR_OK != *pError) { + return (ckmkInternalObject *)NULL; + } + lk.exponent1.type = siUnsignedInteger; + lk.exponent1.data = attribute.data; + lk.exponent1.len = attribute.size; + + *pError = nss_ckmk_GetAttribute(CKA_EXPONENT_2, pTemplate, + ulAttributeCount, &attribute); + if (CKR_OK != *pError) { + return (ckmkInternalObject *)NULL; + } + lk.exponent2.type = siUnsignedInteger; + lk.exponent2.data = attribute.data; + lk.exponent2.len = attribute.size; + + *pError = nss_ckmk_GetAttribute(CKA_COEFFICIENT, pTemplate, + ulAttributeCount, &attribute); + if (CKR_OK != *pError) { + return (ckmkInternalObject *)NULL; + } + lk.coefficient.type = siUnsignedInteger; + lk.coefficient.data = attribute.data; + lk.coefficient.len = attribute.size; + + /* ASN1 Encode the pkcs8 structure... look at softoken to see how this + * is done... */ + error = ckmk_CreateRSAKeyBlob(&lk, &keyBlob); + if (CKR_OK != error) { + goto loser; + } + + dataRef = CFDataCreate(NULL, (UInt8 *)keyBlob.data, keyBlob.size); + if (0 == dataRef) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + *pError == ckmk_GetSafeDefaultKeychain(&targetKeychain); + if (CKR_OK != *pError) { + goto loser; + } + + + /* the itemArray that is returned is useless. the item does not + * is 'not on the key chain' so none of the modify calls work on it. + * It also has a key that isn't the same key as the one in the actual + * key chain. In short it isn't the item we want, and it gives us zero + * information about the item we want, so don't even bother with it... + */ + macErr = SecKeychainItemImport(dataRef, NULL, &inputFormat, &itemType, 0, + &keyParams, targetKeychain, NULL); + if (noErr != macErr) { + CKMK_MACERR("Import Private Key", macErr); + *pError = CKR_GENERAL_ERROR; + goto loser; + } + + *pError = ckmk_FindImportedKey(targetKeychain, + CSSM_DL_DB_RECORD_PRIVATE_KEY, + &itemRef); + if (CKR_OK != *pError) { +#ifdef DEBUG + fprintf(stderr,"couldn't find key in keychain \n"); +#endif + goto loser; + } + + + /* set the CKA_ID and the CKA_LABEL */ + error = nss_ckmk_GetAttribute(CKA_ID, pTemplate, + ulAttributeCount, &keyID); + if (CKR_OK == error) { + error = ckmk_updateAttribute(itemRef, kSecKeyLabel, + keyID.data, keyID.size, "Modify Key ID"); +#ifdef DEBUG + itemdump("key id: ", keyID.data, keyID.size, error); +#endif + } + nickname = nss_ckmk_GetStringAttribute(CKA_LABEL, pTemplate, + ulAttributeCount, &error); + if (nickname) { + ckmk_updateAttribute(itemRef, kSecKeyPrintName, nickname, + strlen(nickname)+1, "Modify Key Label"); + } else { +#define DEFAULT_NICKNAME "NSS Imported Key" + ckmk_updateAttribute(itemRef, kSecKeyPrintName, DEFAULT_NICKNAME, + sizeof(DEFAULT_NICKNAME), "Modify Key Label"); + } + + io = nss_ckmk_NewInternalObject(CKO_PRIVATE_KEY, itemRef, + CSSM_DL_DB_RECORD_PRIVATE_KEY, pError); + if ((ckmkInternalObject *)NULL == io) { + CFRelease(itemRef); + } + + return io; + +loser: + /* free the key blob */ + if (keyBlob.data) { + nss_ZFreeIf(keyBlob.data); + } + if (0 != targetKeychain) { + CFRelease(targetKeychain); + } + if (0 != dataRef) { + CFRelease(dataRef); + } + return io; +} + + +NSS_EXTERN NSSCKMDObject * +nss_ckmk_CreateObject +( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError +) +{ + CK_OBJECT_CLASS objClass; + ckmkInternalObject *io; + CK_BBOOL isToken; + + /* + * only create token objects + */ + isToken = nss_ckmk_GetBoolAttribute(CKA_TOKEN, pTemplate, + ulAttributeCount, CK_FALSE); + if (!isToken) { + *pError = CKR_ATTRIBUTE_VALUE_INVALID; + return (NSSCKMDObject *) NULL; + } + + /* + * only create keys and certs. + */ + objClass = nss_ckmk_GetULongAttribute(CKA_CLASS, pTemplate, + ulAttributeCount, pError); + if (CKR_OK != *pError) { + return (NSSCKMDObject *) NULL; + } +#ifdef notdef + if (objClass == CKO_PUBLIC_KEY) { + return CKR_OK; /* fake public key creation, happens as a side effect of + * private key creation */ + } +#endif + if (objClass == CKO_CERTIFICATE) { + io = nss_ckmk_CreateCertificate(fwSession, pTemplate, + ulAttributeCount, pError); + } else if (objClass == CKO_PRIVATE_KEY) { + io = nss_ckmk_CreatePrivateKey(fwSession, pTemplate, + ulAttributeCount, pError); + } else { + *pError = CKR_ATTRIBUTE_VALUE_INVALID; + } + + if ((ckmkInternalObject *)NULL == io) { + return (NSSCKMDObject *) NULL; + } + return nss_ckmk_CreateMDObject(NULL, io, pError); +} diff --git a/security/nss/lib/ckfw/nssmkey/mrsa.c b/security/nss/lib/ckfw/nssmkey/mrsa.c new file mode 100644 index 000000000..7292b22a1 --- /dev/null +++ b/security/nss/lib/ckfw/nssmkey/mrsa.c @@ -0,0 +1,547 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Red Hat, Inc. + * Portions created by the Initial Developer are Copyright (C) 2005 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * Bob Relyea (rrelyea@redhat.com) + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +#include "ckmk.h" + +/* Sigh, For all the talk about 'ease of use', apple has hidden the interfaces + * needed to be able to truly use CSSM. These came from their modification + * to NSS's S/MIME code. The following two functions currently are not + * part of the SecKey.h interface. + */ +OSStatus +SecKeyGetCredentials +( + SecKeyRef keyRef, + CSSM_ACL_AUTHORIZATION_TAG authTag, + int type, + const CSSM_ACCESS_CREDENTIALS **creds +); + +/* this function could be implemented using 'SecKeychainItemCopyKeychain' and + * 'SecKeychainGetCSPHandle' */ +OSStatus +SecKeyGetCSPHandle +( + SecKeyRef keyRef, + CSSM_CSP_HANDLE *cspHandle +); + + +typedef struct ckmkInternalCryptoOperationRSAPrivStr + ckmkInternalCryptoOperationRSAPriv; +struct ckmkInternalCryptoOperationRSAPrivStr +{ + NSSCKMDCryptoOperation mdOperation; + NSSCKMDMechanism *mdMechanism; + ckmkInternalObject *iKey; + NSSItem *buffer; + CSSM_CC_HANDLE cssmContext; +}; + +typedef enum { + CKMK_DECRYPT, + CKMK_SIGN +} ckmkRSAOpType; + +/* + * ckmk_mdCryptoOperationRSAPriv_Create + */ +static NSSCKMDCryptoOperation * +ckmk_mdCryptoOperationRSAPriv_Create +( + const NSSCKMDCryptoOperation *proto, + NSSCKMDMechanism *mdMechanism, + NSSCKMDObject *mdKey, + ckmkRSAOpType type, + CK_RV *pError +) +{ + ckmkInternalObject *iKey = (ckmkInternalObject *)mdKey->etc; + const NSSItem *classItem = nss_ckmk_FetchAttribute(iKey, CKA_CLASS, pError); + const NSSItem *keyType = nss_ckmk_FetchAttribute(iKey, CKA_KEY_TYPE, pError); + ckmkInternalCryptoOperationRSAPriv *iOperation; + SecKeyRef privateKey; + OSStatus macErr; + CSSM_RETURN cssmErr; + const CSSM_KEY *cssmKey; + CSSM_CSP_HANDLE cspHandle; + const CSSM_ACCESS_CREDENTIALS *creds = NULL; + CSSM_CC_HANDLE cssmContext; + CSSM_ACL_AUTHORIZATION_TAG authType; + + /* make sure we have the right objects */ + if (((const NSSItem *)NULL == classItem) || + (sizeof(CK_OBJECT_CLASS) != classItem->size) || + (CKO_PRIVATE_KEY != *(CK_OBJECT_CLASS *)classItem->data) || + ((const NSSItem *)NULL == keyType) || + (sizeof(CK_KEY_TYPE) != keyType->size) || + (CKK_RSA != *(CK_KEY_TYPE *)keyType->data)) { + *pError = CKR_KEY_TYPE_INCONSISTENT; + return (NSSCKMDCryptoOperation *)NULL; + } + + privateKey = (SecKeyRef) iKey->u.item.itemRef; + macErr = SecKeyGetCSSMKey(privateKey, &cssmKey); + if (noErr != macErr) { + CKMK_MACERR("Getting CSSM Key", macErr); + *pError = CKR_KEY_HANDLE_INVALID; + return (NSSCKMDCryptoOperation *)NULL; + } + macErr = SecKeyGetCSPHandle(privateKey, &cspHandle); + if (noErr != macErr) { + CKMK_MACERR("Getting CSP for Key", macErr); + *pError = CKR_KEY_HANDLE_INVALID; + return (NSSCKMDCryptoOperation *)NULL; + } + switch (type) { + case CKMK_DECRYPT: + authType = CSSM_ACL_AUTHORIZATION_DECRYPT; + break; + case CKMK_SIGN: + authType = CSSM_ACL_AUTHORIZATION_SIGN; + break; + default: + *pError = CKR_GENERAL_ERROR; +#ifdef DEBUG + fprintf(stderr,"RSAPriv_Create: bad type = %d\n", type); +#endif + return (NSSCKMDCryptoOperation *)NULL; + } + + macErr = SecKeyGetCredentials(privateKey, authType, 0, &creds); + if (noErr != macErr) { + CKMK_MACERR("Getting Credentials for Key", macErr); + *pError = CKR_KEY_HANDLE_INVALID; + return (NSSCKMDCryptoOperation *)NULL; + } + + switch (type) { + case CKMK_DECRYPT: + cssmErr = CSSM_CSP_CreateAsymmetricContext(cspHandle, CSSM_ALGID_RSA, + creds, cssmKey, CSSM_PADDING_PKCS1, &cssmContext); + break; + case CKMK_SIGN: + cssmErr = CSSM_CSP_CreateSignatureContext(cspHandle, CSSM_ALGID_RSA, + creds, cssmKey, &cssmContext); + break; + default: + *pError = CKR_GENERAL_ERROR; +#ifdef DEBUG + fprintf(stderr,"RSAPriv_Create: bad type = %d\n", type); +#endif + return (NSSCKMDCryptoOperation *)NULL; + } + if (noErr != cssmErr) { + CKMK_MACERR("Getting Context for Key", cssmErr); + *pError = CKR_GENERAL_ERROR; + return (NSSCKMDCryptoOperation *)NULL; + } + + iOperation = nss_ZNEW(NULL, ckmkInternalCryptoOperationRSAPriv); + if ((ckmkInternalCryptoOperationRSAPriv *)NULL == iOperation) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDCryptoOperation *)NULL; + } + iOperation->mdMechanism = mdMechanism; + iOperation->iKey = iKey; + iOperation->cssmContext = cssmContext; + + nsslibc_memcpy(&iOperation->mdOperation, + proto, sizeof(NSSCKMDCryptoOperation)); + iOperation->mdOperation.etc = iOperation; + + return &iOperation->mdOperation; +} + +static void +ckmk_mdCryptoOperationRSAPriv_Destroy +( + NSSCKMDCryptoOperation *mdOperation, + NSSCKFWCryptoOperation *fwOperation, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + ckmkInternalCryptoOperationRSAPriv *iOperation = + (ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc; + + if (iOperation->buffer) { + nssItem_Destroy(iOperation->buffer); + } + if (iOperation->cssmContext) { + CSSM_DeleteContext(iOperation->cssmContext); + } + nss_ZFreeIf(iOperation); + return; +} + +static CK_ULONG +ckmk_mdCryptoOperationRSA_GetFinalLength +( + NSSCKMDCryptoOperation *mdOperation, + NSSCKFWCryptoOperation *fwOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + ckmkInternalCryptoOperationRSAPriv *iOperation = + (ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc; + const NSSItem *modulus = + nss_ckmk_FetchAttribute(iOperation->iKey, CKA_MODULUS, pError); + + return modulus->size; +} + + +/* + * ckmk_mdCryptoOperationRSADecrypt_GetOperationLength + * we won't know the length until we actually decrypt the + * input block. Since we go to all the work to decrypt the + * the block, we'll save if for when the block is asked for + */ +static CK_ULONG +ckmk_mdCryptoOperationRSADecrypt_GetOperationLength +( + NSSCKMDCryptoOperation *mdOperation, + NSSCKFWCryptoOperation *fwOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *input, + CK_RV *pError +) +{ + ckmkInternalCryptoOperationRSAPriv *iOperation = + (ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc; + CSSM_DATA cssmInput; + CSSM_DATA cssmOutput = { 0, NULL }; + PRUint32 bytesDecrypted; + CSSM_DATA remainder = { 0, NULL }; + NSSItem output; + CSSM_RETURN cssmErr; + + if (iOperation->buffer) { + return iOperation->buffer->size; + } + + cssmInput.Data = input->data; + cssmInput.Length = input->size; + + cssmErr = CSSM_DecryptData(iOperation->cssmContext, + &cssmInput, 1, &cssmOutput, 1, + &bytesDecrypted, &remainder); + if (CSSM_OK != cssmErr) { + CKMK_MACERR("Decrypt Failed", cssmErr); + *pError = CKR_DATA_INVALID; + return 0; + } + /* we didn't suppy any buffers, so it should all be in remainder */ + output.data = nss_ZNEWARRAY(NULL, char, bytesDecrypted + remainder.Length); + if (NULL == output.data) { + free(cssmOutput.Data); + free(remainder.Data); + *pError = CKR_HOST_MEMORY; + return 0; + } + output.size = bytesDecrypted + remainder.Length; + + if (0 != bytesDecrypted) { + nsslibc_memcpy(output.data, cssmOutput.Data, bytesDecrypted); + free(cssmOutput.Data); + } + if (0 != remainder.Length) { + nsslibc_memcpy(((char *)output.data)+bytesDecrypted, + remainder.Data, remainder.Length); + free(remainder.Data); + } + + iOperation->buffer = nssItem_Duplicate(&output, NULL, NULL); + nss_ZFreeIf(output.data); + if ((NSSItem *) NULL == iOperation->buffer) { + *pError = CKR_HOST_MEMORY; + return 0; + } + + return iOperation->buffer->size; +} + +/* + * ckmk_mdCryptoOperationRSADecrypt_UpdateFinal + * + * NOTE: ckmk_mdCryptoOperationRSADecrypt_GetOperationLength is presumed to + * have been called previously. + */ +static CK_RV +ckmk_mdCryptoOperationRSADecrypt_UpdateFinal +( + NSSCKMDCryptoOperation *mdOperation, + NSSCKFWCryptoOperation *fwOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *input, + NSSItem *output +) +{ + ckmkInternalCryptoOperationRSAPriv *iOperation = + (ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc; + NSSItem *buffer = iOperation->buffer; + + if ((NSSItem *)NULL == buffer) { + return CKR_GENERAL_ERROR; + } + nsslibc_memcpy(output->data, buffer->data, buffer->size); + output->size = buffer->size; + return CKR_OK; +} + +/* + * ckmk_mdCryptoOperationRSASign_UpdateFinal + * + */ +static CK_RV +ckmk_mdCryptoOperationRSASign_UpdateFinal +( + NSSCKMDCryptoOperation *mdOperation, + NSSCKFWCryptoOperation *fwOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *input, + NSSItem *output +) +{ + ckmkInternalCryptoOperationRSAPriv *iOperation = + (ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc; + CSSM_DATA cssmInput; + CSSM_DATA cssmOutput = { 0, NULL }; + CSSM_RETURN cssmErr; + + cssmInput.Data = input->data; + cssmInput.Length = input->size; + + cssmErr = CSSM_SignData(iOperation->cssmContext, &cssmInput, 1, + CSSM_ALGID_NONE, &cssmOutput); + if (CSSM_OK != cssmErr) { + CKMK_MACERR("Signed Failed", cssmErr); + return CKR_FUNCTION_FAILED; + } + if (cssmOutput.Length > output->size) { + free(cssmOutput.Data); + return CKR_BUFFER_TOO_SMALL; + } + nsslibc_memcpy(output->data, cssmOutput.Data, cssmOutput.Length); + free(cssmOutput.Data); + output->size = cssmOutput.Length; + + return CKR_OK; +} + + +NSS_IMPLEMENT_DATA const NSSCKMDCryptoOperation +ckmk_mdCryptoOperationRSADecrypt_proto = { + NULL, /* etc */ + ckmk_mdCryptoOperationRSAPriv_Destroy, + NULL, /* GetFinalLengh - not needed for one shot Decrypt/Encrypt */ + ckmk_mdCryptoOperationRSADecrypt_GetOperationLength, + NULL, /* Final - not needed for one shot operation */ + NULL, /* Update - not needed for one shot operation */ + NULL, /* DigetUpdate - not needed for one shot operation */ + ckmk_mdCryptoOperationRSADecrypt_UpdateFinal, + NULL, /* UpdateCombo - not needed for one shot operation */ + NULL, /* DigetKey - not needed for one shot operation */ + (void *)NULL /* null terminator */ +}; + +NSS_IMPLEMENT_DATA const NSSCKMDCryptoOperation +ckmk_mdCryptoOperationRSASign_proto = { + NULL, /* etc */ + ckmk_mdCryptoOperationRSAPriv_Destroy, + ckmk_mdCryptoOperationRSA_GetFinalLength, + NULL, /* GetOperationLengh - not needed for one shot Sign/Verify */ + NULL, /* Final - not needed for one shot operation */ + NULL, /* Update - not needed for one shot operation */ + NULL, /* DigetUpdate - not needed for one shot operation */ + ckmk_mdCryptoOperationRSASign_UpdateFinal, + NULL, /* UpdateCombo - not needed for one shot operation */ + NULL, /* DigetKey - not needed for one shot operation */ + (void *)NULL /* null terminator */ +}; + +/********** NSSCKMDMechansim functions ***********************/ +/* + * ckmk_mdMechanismRSA_Destroy + */ +static void +ckmk_mdMechanismRSA_Destroy +( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + nss_ZFreeIf(fwMechanism); +} + +/* + * ckmk_mdMechanismRSA_GetMinKeySize + */ +static CK_ULONG +ckmk_mdMechanismRSA_GetMinKeySize +( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + return 384; +} + +/* + * ckmk_mdMechanismRSA_GetMaxKeySize + */ +static CK_ULONG +ckmk_mdMechanismRSA_GetMaxKeySize +( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + return 16384; +} + +/* + * ckmk_mdMechanismRSA_DecryptInit + */ +static NSSCKMDCryptoOperation * +ckmk_mdMechanismRSA_DecryptInit +( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey, + CK_RV *pError +) +{ + return ckmk_mdCryptoOperationRSAPriv_Create( + &ckmk_mdCryptoOperationRSADecrypt_proto, + mdMechanism, mdKey, CKMK_DECRYPT, pError); +} + +/* + * ckmk_mdMechanismRSA_SignInit + */ +static NSSCKMDCryptoOperation * +ckmk_mdMechanismRSA_SignInit +( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM *pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey, + CK_RV *pError +) +{ + return ckmk_mdCryptoOperationRSAPriv_Create( + &ckmk_mdCryptoOperationRSASign_proto, + mdMechanism, mdKey, CKMK_SIGN, pError); +} + + +NSS_IMPLEMENT_DATA const NSSCKMDMechanism +nss_ckmk_mdMechanismRSA = { + (void *)NULL, /* etc */ + ckmk_mdMechanismRSA_Destroy, + ckmk_mdMechanismRSA_GetMinKeySize, + ckmk_mdMechanismRSA_GetMaxKeySize, + NULL, /* GetInHardware - default false */ + NULL, /* EncryptInit - default errs */ + ckmk_mdMechanismRSA_DecryptInit, + NULL, /* DigestInit - default errs*/ + ckmk_mdMechanismRSA_SignInit, + NULL, /* VerifyInit - default errs */ + ckmk_mdMechanismRSA_SignInit, /* SignRecoverInit */ + NULL, /* VerifyRecoverInit - default errs */ + NULL, /* GenerateKey - default errs */ + NULL, /* GenerateKeyPair - default errs */ + NULL, /* GetWrapKeyLength - default errs */ + NULL, /* WrapKey - default errs */ + NULL, /* UnwrapKey - default errs */ + NULL, /* DeriveKey - default errs */ + (void *)NULL /* null terminator */ +}; diff --git a/security/nss/lib/ckfw/nssmkey/msession.c b/security/nss/lib/ckfw/nssmkey/msession.c new file mode 100644 index 000000000..c64ae23db --- /dev/null +++ b/security/nss/lib/ckfw/nssmkey/msession.c @@ -0,0 +1,131 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * Portions created by Red Hat, Inc, are Copyright (C) 2005 + * + * Contributor(s): + * Bob Relyea (rrelyea@redhat.com) + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +#include "ckmk.h" + +/* + * nssmkey/msession.c + * + * This file implements the NSSCKMDSession object for the + * "nssmkey" cryptoki module. + */ + +static NSSCKMDFindObjects * +ckmk_mdSession_FindObjectsInit +( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError +) +{ + return nss_ckmk_FindObjectsInit(fwSession, pTemplate, ulAttributeCount, pError); +} + +static NSSCKMDObject * +ckmk_mdSession_CreateObject +( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError +) +{ + return nss_ckmk_CreateObject(fwSession, pTemplate, ulAttributeCount, pError); +} + +NSS_IMPLEMENT NSSCKMDSession * +nss_ckmk_CreateSession +( + NSSCKFWSession *fwSession, + CK_RV *pError +) +{ + NSSArena *arena; + NSSCKMDSession *rv; + + arena = NSSCKFWSession_GetArena(fwSession, pError); + if( (NSSArena *)NULL == arena ) { + return (NSSCKMDSession *)NULL; + } + + rv = nss_ZNEW(arena, NSSCKMDSession); + if( (NSSCKMDSession *)NULL == rv ) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDSession *)NULL; + } + + /* + * rv was zeroed when allocated, so we only + * need to set the non-zero members. + */ + + rv->etc = (void *)fwSession; + /* rv->Close */ + /* rv->GetDeviceError */ + /* rv->Login */ + /* rv->Logout */ + /* rv->InitPIN */ + /* rv->SetPIN */ + /* rv->GetOperationStateLen */ + /* rv->GetOperationState */ + /* rv->SetOperationState */ + rv->CreateObject = ckmk_mdSession_CreateObject; + /* rv->CopyObject */ + rv->FindObjectsInit = ckmk_mdSession_FindObjectsInit; + /* rv->SeedRandom */ + /* rv->GetRandom */ + /* rv->null */ + + return rv; +} diff --git a/security/nss/lib/ckfw/nssmkey/mslot.c b/security/nss/lib/ckfw/nssmkey/mslot.c new file mode 100644 index 000000000..e237e103b --- /dev/null +++ b/security/nss/lib/ckfw/nssmkey/mslot.c @@ -0,0 +1,129 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * Portions created by Red Hat, Inc, are Copyright (C) 2005 + * + * Contributor(s): + * Bob Relyea (rrelyea@redhat.com) + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +#include "ckmk.h" + +/* + * nssmkey/mslot.c + * + * This file implements the NSSCKMDSlot object for the + * "nssmkey" cryptoki module. + */ + +static NSSUTF8 * +ckmk_mdSlot_GetSlotDescription +( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + return (NSSUTF8 *)nss_ckmk_SlotDescription; +} + +static NSSUTF8 * +ckmk_mdSlot_GetManufacturerID +( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + return (NSSUTF8 *)nss_ckmk_ManufacturerID; +} + +static CK_VERSION +ckmk_mdSlot_GetHardwareVersion +( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + return nss_ckmk_HardwareVersion; +} + +static CK_VERSION +ckmk_mdSlot_GetFirmwareVersion +( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + return nss_ckmk_FirmwareVersion; +} + +static NSSCKMDToken * +ckmk_mdSlot_GetToken +( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + return (NSSCKMDToken *)&nss_ckmk_mdToken; +} + +NSS_IMPLEMENT_DATA const NSSCKMDSlot +nss_ckmk_mdSlot = { + (void *)NULL, /* etc */ + NULL, /* Initialize */ + NULL, /* Destroy */ + ckmk_mdSlot_GetSlotDescription, + ckmk_mdSlot_GetManufacturerID, + NULL, /* GetTokenPresent -- defaults to true */ + NULL, /* GetRemovableDevice -- defaults to false */ + NULL, /* GetHardwareSlot -- defaults to false */ + ckmk_mdSlot_GetHardwareVersion, + ckmk_mdSlot_GetFirmwareVersion, + ckmk_mdSlot_GetToken, + (void *)NULL /* null terminator */ +}; diff --git a/security/nss/lib/ckfw/nssmkey/mtoken.c b/security/nss/lib/ckfw/nssmkey/mtoken.c new file mode 100644 index 000000000..25b5ccdca --- /dev/null +++ b/security/nss/lib/ckfw/nssmkey/mtoken.c @@ -0,0 +1,246 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * Portions created by Red Hat, Inc, are Copyright (C) 2005 + * + * Contributor(s): + * Bob Relyea (rrelyea@redhat.com) + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +#include "ckmk.h" + +/* + * nssmkey/mtoken.c + * + * This file implements the NSSCKMDToken object for the + * "nssmkey" cryptoki module. + */ + +static NSSUTF8 * +ckmk_mdToken_GetLabel +( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + return (NSSUTF8 *)nss_ckmk_TokenLabel; +} + +static NSSUTF8 * +ckmk_mdToken_GetManufacturerID +( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + return (NSSUTF8 *)nss_ckmk_ManufacturerID; +} + +static NSSUTF8 * +ckmk_mdToken_GetModel +( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + return (NSSUTF8 *)nss_ckmk_TokenModel; +} + +static NSSUTF8 * +ckmk_mdToken_GetSerialNumber +( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + return (NSSUTF8 *)nss_ckmk_TokenSerialNumber; +} + +static CK_BBOOL +ckmk_mdToken_GetIsWriteProtected +( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + return CK_FALSE; +} + +/* fake out Mozilla so we don't try to initialize the token */ +static CK_BBOOL +ckmk_mdToken_GetUserPinInitialized +( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + return CK_TRUE; +} + +static CK_VERSION +ckmk_mdToken_GetHardwareVersion +( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + return nss_ckmk_HardwareVersion; +} + +static CK_VERSION +ckmk_mdToken_GetFirmwareVersion +( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + return nss_ckmk_FirmwareVersion; +} + +static NSSCKMDSession * +ckmk_mdToken_OpenSession +( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKFWSession *fwSession, + CK_BBOOL rw, + CK_RV *pError +) +{ + return nss_ckmk_CreateSession(fwSession, pError); +} + +static CK_ULONG +ckmk_mdToken_GetMechanismCount +( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + return (CK_ULONG)1; +} + +static CK_RV +ckmk_mdToken_GetMechanismTypes +( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_MECHANISM_TYPE types[] +) +{ + types[0] = CKM_RSA_PKCS; + return CKR_OK; +} + +static NSSCKMDMechanism * +ckmk_mdToken_GetMechanism +( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_MECHANISM_TYPE which, + CK_RV *pError +) +{ + if (which != CKM_RSA_PKCS) { + *pError = CKR_MECHANISM_INVALID; + return (NSSCKMDMechanism *)NULL; + } + return (NSSCKMDMechanism *)&nss_ckmk_mdMechanismRSA; +} + +NSS_IMPLEMENT_DATA const NSSCKMDToken +nss_ckmk_mdToken = { + (void *)NULL, /* etc */ + NULL, /* Setup */ + NULL, /* Invalidate */ + NULL, /* InitToken -- default errs */ + ckmk_mdToken_GetLabel, + ckmk_mdToken_GetManufacturerID, + ckmk_mdToken_GetModel, + ckmk_mdToken_GetSerialNumber, + NULL, /* GetHasRNG -- default is false */ + ckmk_mdToken_GetIsWriteProtected, + NULL, /* GetLoginRequired -- default is false */ + ckmk_mdToken_GetUserPinInitialized, + NULL, /* GetRestoreKeyNotNeeded -- irrelevant */ + NULL, /* GetHasClockOnToken -- default is false */ + NULL, /* GetHasProtectedAuthenticationPath -- default is false */ + NULL, /* GetSupportsDualCryptoOperations -- default is false */ + NULL, /* GetMaxSessionCount -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetMaxRwSessionCount -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetMaxPinLen -- irrelevant */ + NULL, /* GetMinPinLen -- irrelevant */ + NULL, /* GetTotalPublicMemory -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetFreePublicMemory -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetTotalPrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */ + NULL, /* GetFreePrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */ + ckmk_mdToken_GetHardwareVersion, + ckmk_mdToken_GetFirmwareVersion, + NULL, /* GetUTCTime -- no clock */ + ckmk_mdToken_OpenSession, + ckmk_mdToken_GetMechanismCount, + ckmk_mdToken_GetMechanismTypes, + ckmk_mdToken_GetMechanism, + (void *)NULL /* null terminator */ +}; diff --git a/security/nss/lib/ckfw/nssmkey/nssmkey.def b/security/nss/lib/ckfw/nssmkey/nssmkey.def new file mode 100644 index 000000000..054fbd82a --- /dev/null +++ b/security/nss/lib/ckfw/nssmkey/nssmkey.def @@ -0,0 +1,58 @@ +;+# +;+# ***** BEGIN LICENSE BLOCK ***** +;+# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +;+# +;+# The contents of this file are subject to the Mozilla Public License Version +;+# 1.1 (the "License"); you may not use this file except in compliance with +;+# the License. You may obtain a copy of the License at +;+# http://www.mozilla.org/MPL/ +;+# +;+# Software distributed under the License is distributed on an "AS IS" basis, +;+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +;+# for the specific language governing rights and limitations under the +;+# License. +;+# +;+# The Original Code is the Netscape security libraries. +;+# +;+# The Initial Developer of the Original Code is +;+# Netscape Communications Corporation. +;+# Portions created by the Initial Developer are Copyright (C) 2003 +;+# the Initial Developer. All Rights Reserved. +;+# +;+# Contributor(s): +;+# +;+# Alternatively, the contents of this file may be used under the terms of +;+# either the GNU General Public License Version 2 or later (the "GPL"), or +;+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +;+# in which case the provisions of the GPL or the LGPL are applicable instead +;+# of those above. If you wish to allow use of your version of this file only +;+# under the terms of either the GPL or the LGPL, and not to allow others to +;+# use your version of this file under the terms of the MPL, indicate your +;+# decision by deleting the provisions above and replace them with the notice +;+# and other provisions required by the GPL or the LGPL. If you do not delete +;+# the provisions above, a recipient may use your version of this file under +;+# the terms of any one of the MPL, the GPL or the LGPL. +;+# +;+# ***** END LICENSE BLOCK ***** +;+# +;+# OK, this file is meant to support SUN, LINUX, AIX and WINDOWS +;+# 1. For all unix platforms, the string ";-" means "remove this line" +;+# 2. For all unix platforms, the string " DATA " will be removed from any +;+# line on which it occurs. +;+# 3. Lines containing ";+" will have ";+" removed on SUN and LINUX. +;+# On AIX, lines containing ";+" will be removed. +;+# 4. For all unix platforms, the string ";;" will thave the ";;" removed. +;+# 5. For all unix platforms, after the above processing has taken place, +;+# all characters after the first ";" on the line will be removed. +;+# And for AIX, the first ";" will also be removed. +;+# This file is passed directly to windows. Since ';' is a comment, all UNIX +;+# directives are hidden behind ";", ";+", and ";-" +;+ +;+NSSMKEY_3.0 { # First release of nssmkey +;+ global: +LIBRARY nssmkey ;- +EXPORTS ;- +C_GetFunctionList; +;+ local: +;+*; +;+}; diff --git a/security/nss/lib/ckfw/nssmkey/nssmkey.h b/security/nss/lib/ckfw/nssmkey/nssmkey.h new file mode 100644 index 000000000..5bf181222 --- /dev/null +++ b/security/nss/lib/ckfw/nssmkey/nssmkey.h @@ -0,0 +1,75 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * Portions created by Red Hat, Inc, are Copyright (C) 2005 + * + * Contributor(s): + * Bob Relyea (rrelyea@redhat.com) + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifndef NSSMKEY_H +#define NSSMKEY_H + +/* + * NSS CKMK Version numbers. + * + * These are the version numbers for the nssmkey module packaged with + * this release on NSS. To determine the version numbers of the builtin + * module you are using, use the appropriate PKCS #11 calls. + * + * These version numbers detail changes to the PKCS #11 interface. They map + * to the PKCS #11 spec versions. + */ +#define NSS_CKMK_CRYPTOKI_VERSION_MAJOR 2 +#define NSS_CKMK_CRYPTOKI_VERSION_MINOR 20 + +/* These version numbers detail the changes + * to the list of trusted certificates. + * + * NSS_CKMK_LIBRARY_VERSION_MINOR is a CK_BYTE. It's not clear + * whether we may use its full range (0-255) or only 0-99 because + * of the comment in the CK_VERSION type definition. + */ +#define NSS_CKMK_LIBRARY_VERSION_MAJOR 1 +#define NSS_CKMK_LIBRARY_VERSION_MINOR 1 +#define NSS_CKMK_LIBRARY_VERSION "1.1" + +/* These version numbers detail the semantic changes to the ckfw engine. */ +#define NSS_CKMK_HARDWARE_VERSION_MAJOR 1 +#define NSS_CKMK_HARDWARE_VERSION_MINOR 0 + +/* These version numbers detail the semantic changes to ckbi itself + * (new PKCS #11 objects), etc. */ +#define NSS_CKMK_FIRMWARE_VERSION_MAJOR 1 +#define NSS_CKMK_FIRMWARE_VERSION_MINOR 0 + +#endif /* NSSMKEY_H */ diff --git a/security/nss/lib/ckfw/nssmkey/staticobj.c b/security/nss/lib/ckfw/nssmkey/staticobj.c new file mode 100644 index 000000000..ad9f1dff6 --- /dev/null +++ b/security/nss/lib/ckfw/nssmkey/staticobj.c @@ -0,0 +1,74 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * Portions created by Red Hat, Inc, are Copyright (C) 2005 + * + * Contributor(s): + * Bob Relyea (rrelyea@redhat.com) + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$""; @(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +#ifndef CKMK_H +#include "ckmk.h" +#endif /* CKMK_H */ + +static const CK_TRUST ckt_netscape_valid = CKT_NETSCAPE_VALID; +static const CK_OBJECT_CLASS cko_certificate = CKO_CERTIFICATE; +static const CK_TRUST ckt_netscape_trusted_delegator = CKT_NETSCAPE_TRUSTED_DELEGATOR; +static const CK_OBJECT_CLASS cko_netscape_trust = CKO_NETSCAPE_TRUST; +static const CK_BBOOL ck_true = CK_TRUE; +static const CK_OBJECT_CLASS cko_data = CKO_DATA; +static const CK_CERTIFICATE_TYPE ckc_x_509 = CKC_X_509; +static const CK_BBOOL ck_false = CK_FALSE; +static const CK_OBJECT_CLASS cko_netscape_builtin_root_list = CKO_NETSCAPE_BUILTIN_ROOT_LIST; + +/* example of a static object */ +static const CK_ATTRIBUTE_TYPE nss_ckmk_types_1 [] = { + CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL +}; + +static const NSSItem nss_ckmk_items_1 [] = { + { (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) }, + { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)"Mozilla Mac Key Ring Access", (PRUint32)28 } +}; + +ckmkInternalObject nss_ckmk_data[] = { + { ckmkRaw, {{ 5, nss_ckmk_types_1, nss_ckmk_items_1}} , CKO_DATA, {NULL} }, +}; + +const PRUint32 nss_ckmk_nObjects = 1; diff --git a/security/nss/lib/ckfw/object.c b/security/nss/lib/ckfw/object.c new file mode 100644 index 000000000..f7573b0dd --- /dev/null +++ b/security/nss/lib/ckfw/object.c @@ -0,0 +1,1059 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +/* + * object.c + * + * This file implements the NSSCKFWObject type and methods. + */ + +#ifndef CK_T +#include "ck.h" +#endif /* CK_T */ + +/* + * NSSCKFWObject + * + * -- create/destroy -- + * nssCKFWObject_Create + * nssCKFWObject_Finalize + * nssCKFWObject_Destroy + * + * -- public accessors -- + * NSSCKFWObject_GetMDObject + * NSSCKFWObject_GetArena + * NSSCKFWObject_IsTokenObject + * NSSCKFWObject_GetAttributeCount + * NSSCKFWObject_GetAttributeTypes + * NSSCKFWObject_GetAttributeSize + * NSSCKFWObject_GetAttribute + * NSSCKFWObject_SetAttribute + * NSSCKFWObject_GetObjectSize + * + * -- implement public accessors -- + * nssCKFWObject_GetMDObject + * nssCKFWObject_GetArena + * + * -- private accessors -- + * nssCKFWObject_SetHandle + * nssCKFWObject_GetHandle + * + * -- module fronts -- + * nssCKFWObject_IsTokenObject + * nssCKFWObject_GetAttributeCount + * nssCKFWObject_GetAttributeTypes + * nssCKFWObject_GetAttributeSize + * nssCKFWObject_GetAttribute + * nssCKFWObject_SetAttribute + * nssCKFWObject_GetObjectSize + */ + +struct NSSCKFWObjectStr { + NSSCKFWMutex *mutex; /* merely to serialise the MDObject calls */ + NSSArena *arena; + NSSCKMDObject *mdObject; + NSSCKMDSession *mdSession; + NSSCKFWSession *fwSession; + NSSCKMDToken *mdToken; + NSSCKFWToken *fwToken; + NSSCKMDInstance *mdInstance; + NSSCKFWInstance *fwInstance; + CK_OBJECT_HANDLE hObject; +}; + +#ifdef DEBUG +/* + * But first, the pointer-tracking stuff. + * + * NOTE: the pointer-tracking support in NSS/base currently relies + * upon NSPR's CallOnce support. That, however, relies upon NSPR's + * locking, which is tied into the runtime. We need a pointer-tracker + * implementation that uses the locks supplied through C_Initialize. + * That support, however, can be filled in later. So for now, I'll + * just do this routines as no-ops. + */ + +static CK_RV +object_add_pointer +( + const NSSCKFWObject *fwObject +) +{ + return CKR_OK; +} + +static CK_RV +object_remove_pointer +( + const NSSCKFWObject *fwObject +) +{ + return CKR_OK; +} + +NSS_IMPLEMENT CK_RV +nssCKFWObject_verifyPointer +( + const NSSCKFWObject *fwObject +) +{ + return CKR_OK; +} + +#endif /* DEBUG */ + + +/* + * nssCKFWObject_Create + * + */ +NSS_IMPLEMENT NSSCKFWObject * +nssCKFWObject_Create +( + NSSArena *arena, + NSSCKMDObject *mdObject, + NSSCKFWSession *fwSession, + NSSCKFWToken *fwToken, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + NSSCKFWObject *fwObject; + nssCKFWHash *mdObjectHash; + +#ifdef NSSDEBUG + if (!pError) { + return (NSSCKFWObject *)NULL; + } + + if( PR_SUCCESS != nssArena_verifyPointer(arena) ) { + *pError = CKR_ARGUMENTS_BAD; + return (NSSCKFWObject *)NULL; + } +#endif /* NSSDEBUG */ + + if (!fwToken) { + *pError = CKR_ARGUMENTS_BAD; + return (NSSCKFWObject *)NULL; + } + mdObjectHash = nssCKFWToken_GetMDObjectHash(fwToken); + if (!mdObjectHash) { + *pError = CKR_GENERAL_ERROR; + return (NSSCKFWObject *)NULL; + } + + if( nssCKFWHash_Exists(mdObjectHash, mdObject) ) { + fwObject = nssCKFWHash_Lookup(mdObjectHash, mdObject); + return fwObject; + } + + fwObject = nss_ZNEW(arena, NSSCKFWObject); + if (!fwObject) { + *pError = CKR_HOST_MEMORY; + return (NSSCKFWObject *)NULL; + } + + fwObject->arena = arena; + fwObject->mdObject = mdObject; + fwObject->fwSession = fwSession; + + if (fwSession) { + fwObject->mdSession = nssCKFWSession_GetMDSession(fwSession); + } + + fwObject->fwToken = fwToken; + fwObject->mdToken = nssCKFWToken_GetMDToken(fwToken); + fwObject->fwInstance = fwInstance; + fwObject->mdInstance = nssCKFWInstance_GetMDInstance(fwInstance); + fwObject->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError); + if (!fwObject->mutex) { + if( CKR_OK == *pError ) { + *pError = CKR_GENERAL_ERROR; + } + return (NSSCKFWObject *)NULL; + } + + *pError = nssCKFWHash_Add(mdObjectHash, mdObject, fwObject); + if( CKR_OK != *pError ) { + nss_ZFreeIf(fwObject); + return (NSSCKFWObject *)NULL; + } + +#ifdef DEBUG + *pError = object_add_pointer(fwObject); + if( CKR_OK != *pError ) { + nssCKFWHash_Remove(mdObjectHash, mdObject); + nss_ZFreeIf(fwObject); + return (NSSCKFWObject *)NULL; + } +#endif /* DEBUG */ + + *pError = CKR_OK; + return fwObject; +} + +/* + * nssCKFWObject_Finalize + * + */ +NSS_IMPLEMENT void +nssCKFWObject_Finalize +( + NSSCKFWObject *fwObject, + PRBool removeFromHash +) +{ + nssCKFWHash *mdObjectHash; + +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) { + return; + } +#endif /* NSSDEBUG */ + + (void)nssCKFWMutex_Destroy(fwObject->mutex); + + if (fwObject->mdObject->Finalize) { + fwObject->mdObject->Finalize(fwObject->mdObject, fwObject, + fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, + fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance); + } + + if (removeFromHash) { + mdObjectHash = nssCKFWToken_GetMDObjectHash(fwObject->fwToken); + if (mdObjectHash) { + nssCKFWHash_Remove(mdObjectHash, fwObject->mdObject); + } + } + + if (fwObject->fwSession) { + nssCKFWSession_DeregisterSessionObject(fwObject->fwSession, fwObject); + } + nss_ZFreeIf(fwObject); + +#ifdef DEBUG + (void)object_remove_pointer(fwObject); +#endif /* DEBUG */ + + return; +} + +/* + * nssCKFWObject_Destroy + * + */ +NSS_IMPLEMENT void +nssCKFWObject_Destroy +( + NSSCKFWObject *fwObject +) +{ + nssCKFWHash *mdObjectHash; + +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) { + return; + } +#endif /* NSSDEBUG */ + + (void)nssCKFWMutex_Destroy(fwObject->mutex); + + if (fwObject->mdObject->Destroy) { + fwObject->mdObject->Destroy(fwObject->mdObject, fwObject, + fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, + fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance); + } + + mdObjectHash = nssCKFWToken_GetMDObjectHash(fwObject->fwToken); + if (mdObjectHash) { + nssCKFWHash_Remove(mdObjectHash, fwObject->mdObject); + } + + if (fwObject->fwSession) { + nssCKFWSession_DeregisterSessionObject(fwObject->fwSession, fwObject); + } + nss_ZFreeIf(fwObject); + +#ifdef DEBUG + (void)object_remove_pointer(fwObject); +#endif /* DEBUG */ + + return; +} + +/* + * nssCKFWObject_GetMDObject + * + */ +NSS_IMPLEMENT NSSCKMDObject * +nssCKFWObject_GetMDObject +( + NSSCKFWObject *fwObject +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) { + return (NSSCKMDObject *)NULL; + } +#endif /* NSSDEBUG */ + + return fwObject->mdObject; +} + +/* + * nssCKFWObject_GetArena + * + */ +NSS_IMPLEMENT NSSArena * +nssCKFWObject_GetArena +( + NSSCKFWObject *fwObject, + CK_RV *pError +) +{ +#ifdef NSSDEBUG + if (!pError) { + return (NSSArena *)NULL; + } + + *pError = nssCKFWObject_verifyPointer(fwObject); + if( CKR_OK != *pError ) { + return (NSSArena *)NULL; + } +#endif /* NSSDEBUG */ + + return fwObject->arena; +} + +/* + * nssCKFWObject_SetHandle + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWObject_SetHandle +( + NSSCKFWObject *fwObject, + CK_OBJECT_HANDLE hObject +) +{ +#ifdef NSSDEBUG + CK_RV error = CKR_OK; +#endif /* NSSDEBUG */ + +#ifdef NSSDEBUG + error = nssCKFWObject_verifyPointer(fwObject); + if( CKR_OK != error ) { + return error; + } +#endif /* NSSDEBUG */ + + if( (CK_OBJECT_HANDLE)0 != fwObject->hObject ) { + return CKR_GENERAL_ERROR; + } + + fwObject->hObject = hObject; + + return CKR_OK; +} + +/* + * nssCKFWObject_GetHandle + * + */ +NSS_IMPLEMENT CK_OBJECT_HANDLE +nssCKFWObject_GetHandle +( + NSSCKFWObject *fwObject +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) { + return (CK_OBJECT_HANDLE)0; + } +#endif /* NSSDEBUG */ + + return fwObject->hObject; +} + +/* + * nssCKFWObject_IsTokenObject + * + */ +NSS_IMPLEMENT CK_BBOOL +nssCKFWObject_IsTokenObject +( + NSSCKFWObject *fwObject +) +{ + CK_BBOOL b = CK_FALSE; + +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) { + return CK_FALSE; + } +#endif /* NSSDEBUG */ + + if (!fwObject->mdObject->IsTokenObject) { + NSSItem item; + NSSItem *pItem; + CK_RV rv = CKR_OK; + + item.data = (void *)&b; + item.size = sizeof(b); + + pItem = nssCKFWObject_GetAttribute(fwObject, CKA_TOKEN, &item, + (NSSArena *)NULL, &rv); + if (!pItem) { + /* Error of some type */ + b = CK_FALSE; + goto done; + } + + goto done; + } + + b = fwObject->mdObject->IsTokenObject(fwObject->mdObject, fwObject, + fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, + fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance); + + done: + return b; +} + +/* + * nssCKFWObject_GetAttributeCount + * + */ +NSS_IMPLEMENT CK_ULONG +nssCKFWObject_GetAttributeCount +( + NSSCKFWObject *fwObject, + CK_RV *pError +) +{ + CK_ULONG rv; + +#ifdef NSSDEBUG + if (!pError) { + return (CK_ULONG)0; + } + + *pError = nssCKFWObject_verifyPointer(fwObject); + if( CKR_OK != *pError ) { + return (CK_ULONG)0; + } +#endif /* NSSDEBUG */ + + if (!fwObject->mdObject->GetAttributeCount) { + *pError = CKR_GENERAL_ERROR; + return (CK_ULONG)0; + } + + *pError = nssCKFWMutex_Lock(fwObject->mutex); + if( CKR_OK != *pError ) { + return (CK_ULONG)0; + } + + rv = fwObject->mdObject->GetAttributeCount(fwObject->mdObject, fwObject, + fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, + fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance, + pError); + + (void)nssCKFWMutex_Unlock(fwObject->mutex); + return rv; +} + +/* + * nssCKFWObject_GetAttributeTypes + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWObject_GetAttributeTypes +( + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount +) +{ + CK_RV error = CKR_OK; + +#ifdef NSSDEBUG + error = nssCKFWObject_verifyPointer(fwObject); + if( CKR_OK != error ) { + return error; + } + + if( (CK_ATTRIBUTE_TYPE_PTR)NULL == typeArray ) { + return CKR_ARGUMENTS_BAD; + } +#endif /* NSSDEBUG */ + + if (!fwObject->mdObject->GetAttributeTypes) { + return CKR_GENERAL_ERROR; + } + + error = nssCKFWMutex_Lock(fwObject->mutex); + if( CKR_OK != error ) { + return error; + } + + error = fwObject->mdObject->GetAttributeTypes(fwObject->mdObject, fwObject, + fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, + fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance, + typeArray, ulCount); + + (void)nssCKFWMutex_Unlock(fwObject->mutex); + return error; +} + +/* + * nssCKFWObject_GetAttributeSize + * + */ +NSS_IMPLEMENT CK_ULONG +nssCKFWObject_GetAttributeSize +( + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError +) +{ + CK_ULONG rv; + +#ifdef NSSDEBUG + if (!pError) { + return (CK_ULONG)0; + } + + *pError = nssCKFWObject_verifyPointer(fwObject); + if( CKR_OK != *pError ) { + return (CK_ULONG)0; + } +#endif /* NSSDEBUG */ + + if (!fwObject->mdObject->GetAttributeSize) { + *pError = CKR_GENERAL_ERROR; + return (CK_ULONG )0; + } + + *pError = nssCKFWMutex_Lock(fwObject->mutex); + if( CKR_OK != *pError ) { + return (CK_ULONG)0; + } + + rv = fwObject->mdObject->GetAttributeSize(fwObject->mdObject, fwObject, + fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, + fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance, + attribute, pError); + + (void)nssCKFWMutex_Unlock(fwObject->mutex); + return rv; +} + +/* + * nssCKFWObject_GetAttribute + * + * Usual NSS allocation rules: + * If itemOpt is not NULL, it will be returned; otherwise an NSSItem + * will be allocated. If itemOpt is not NULL but itemOpt->data is, + * the buffer will be allocated; otherwise, the buffer will be used. + * Any allocations will come from the optional arena, if one is + * specified. + */ +NSS_IMPLEMENT NSSItem * +nssCKFWObject_GetAttribute +( + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_TYPE attribute, + NSSItem *itemOpt, + NSSArena *arenaOpt, + CK_RV *pError +) +{ + NSSItem *rv = (NSSItem *)NULL; + NSSCKFWItem mdItem; + +#ifdef NSSDEBUG + if (!pError) { + return (NSSItem *)NULL; + } + + *pError = nssCKFWObject_verifyPointer(fwObject); + if( CKR_OK != *pError ) { + return (NSSItem *)NULL; + } +#endif /* NSSDEBUG */ + + if (!fwObject->mdObject->GetAttribute) { + *pError = CKR_GENERAL_ERROR; + return (NSSItem *)NULL; + } + + *pError = nssCKFWMutex_Lock(fwObject->mutex); + if( CKR_OK != *pError ) { + return (NSSItem *)NULL; + } + + mdItem = fwObject->mdObject->GetAttribute(fwObject->mdObject, fwObject, + fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, + fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance, + attribute, pError); + + if (!mdItem.item) { + if( CKR_OK == *pError ) { + *pError = CKR_GENERAL_ERROR; + } + + goto done; + } + + if (!itemOpt) { + rv = nss_ZNEW(arenaOpt, NSSItem); + if (!rv) { + *pError = CKR_HOST_MEMORY; + goto done; + } + } else { + rv = itemOpt; + } + + if (!rv->data) { + rv->size = mdItem.item->size; + rv->data = nss_ZAlloc(arenaOpt, rv->size); + if (!rv->data) { + *pError = CKR_HOST_MEMORY; + if (!itemOpt) { + nss_ZFreeIf(rv); + } + rv = (NSSItem *)NULL; + goto done; + } + } else { + if( rv->size >= mdItem.item->size ) { + rv->size = mdItem.item->size; + } else { + *pError = CKR_BUFFER_TOO_SMALL; + /* Should we set rv->size to mdItem->size? */ + /* rv can't have been allocated */ + rv = (NSSItem *)NULL; + goto done; + } + } + + (void)nsslibc_memcpy(rv->data, mdItem.item->data, rv->size); + + if (PR_TRUE == mdItem.needsFreeing) { + PR_ASSERT(fwObject->mdObject->FreeAttribute); + if (fwObject->mdObject->FreeAttribute) { + *pError = fwObject->mdObject->FreeAttribute(&mdItem); + } + } + + done: + (void)nssCKFWMutex_Unlock(fwObject->mutex); + return rv; +} + +/* + * nssCKFWObject_SetAttribute + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWObject_SetAttribute +( + NSSCKFWObject *fwObject, + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_TYPE attribute, + NSSItem *value +) +{ + CK_RV error = CKR_OK; + +#ifdef NSSDEBUG + error = nssCKFWObject_verifyPointer(fwObject); + if( CKR_OK != error ) { + return error; + } +#endif /* NSSDEBUG */ + + if( CKA_TOKEN == attribute ) { + /* + * We're changing from a session object to a token object or + * vice-versa. + */ + + CK_ATTRIBUTE a; + NSSCKFWObject *newFwObject; + NSSCKFWObject swab; + + a.type = CKA_TOKEN; + a.pValue = value->data; + a.ulValueLen = value->size; + + newFwObject = nssCKFWSession_CopyObject(fwSession, fwObject, + &a, 1, &error); + if (!newFwObject) { + if( CKR_OK == error ) { + error = CKR_GENERAL_ERROR; + } + return error; + } + + /* + * Actually, I bet the locking is worse than this.. this part of + * the code could probably use some scrutiny and reworking. + */ + error = nssCKFWMutex_Lock(fwObject->mutex); + if( CKR_OK != error ) { + nssCKFWObject_Destroy(newFwObject); + return error; + } + + error = nssCKFWMutex_Lock(newFwObject->mutex); + if( CKR_OK != error ) { + nssCKFWMutex_Unlock(fwObject->mutex); + nssCKFWObject_Destroy(newFwObject); + return error; + } + + /* + * Now, we have our new object, but it has a new fwObject pointer, + * while we have to keep the existing one. So quick swap the contents. + */ + swab = *fwObject; + *fwObject = *newFwObject; + *newFwObject = swab; + + /* But keep the mutexes the same */ + swab.mutex = fwObject->mutex; + fwObject->mutex = newFwObject->mutex; + newFwObject->mutex = swab.mutex; + + (void)nssCKFWMutex_Unlock(newFwObject->mutex); + (void)nssCKFWMutex_Unlock(fwObject->mutex); + + /* + * Either remove or add this to the list of session objects + */ + + if( CK_FALSE == *(CK_BBOOL *)value->data ) { + /* + * New one is a session object, except since we "stole" the fwObject, it's + * not in the list. Add it. + */ + nssCKFWSession_RegisterSessionObject(fwSession, fwObject); + } else { + /* + * New one is a token object, except since we "stole" the fwObject, it's + * in the list. Remove it. + */ + if (fwObject->fwSession) { + nssCKFWSession_DeregisterSessionObject(fwObject->fwSession, fwObject); + } + } + + /* + * Now delete the old object. Remember the names have changed. + */ + nssCKFWObject_Destroy(newFwObject); + + return CKR_OK; + } else { + /* + * An "ordinary" change. + */ + if (!fwObject->mdObject->SetAttribute) { + /* We could fake it with copying, like above.. later */ + return CKR_ATTRIBUTE_READ_ONLY; + } + + error = nssCKFWMutex_Lock(fwObject->mutex); + if( CKR_OK != error ) { + return error; + } + + error = fwObject->mdObject->SetAttribute(fwObject->mdObject, fwObject, + fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, + fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance, + attribute, value); + + (void)nssCKFWMutex_Unlock(fwObject->mutex); + + return error; + } +} + +/* + * nssCKFWObject_GetObjectSize + * + */ +NSS_IMPLEMENT CK_ULONG +nssCKFWObject_GetObjectSize +( + NSSCKFWObject *fwObject, + CK_RV *pError +) +{ + CK_ULONG rv; + +#ifdef NSSDEBUG + if (!pError) { + return (CK_ULONG)0; + } + + *pError = nssCKFWObject_verifyPointer(fwObject); + if( CKR_OK != *pError ) { + return (CK_ULONG)0; + } +#endif /* NSSDEBUG */ + + if (!fwObject->mdObject->GetObjectSize) { + *pError = CKR_INFORMATION_SENSITIVE; + return (CK_ULONG)0; + } + + *pError = nssCKFWMutex_Lock(fwObject->mutex); + if( CKR_OK != *pError ) { + return (CK_ULONG)0; + } + + rv = fwObject->mdObject->GetObjectSize(fwObject->mdObject, fwObject, + fwObject->mdSession, fwObject->fwSession, fwObject->mdToken, + fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance, + pError); + + (void)nssCKFWMutex_Unlock(fwObject->mutex); + return rv; +} + +/* + * NSSCKFWObject_GetMDObject + * + */ +NSS_IMPLEMENT NSSCKMDObject * +NSSCKFWObject_GetMDObject +( + NSSCKFWObject *fwObject +) +{ +#ifdef DEBUG + if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) { + return (NSSCKMDObject *)NULL; + } +#endif /* DEBUG */ + + return nssCKFWObject_GetMDObject(fwObject); +} + +/* + * NSSCKFWObject_GetArena + * + */ +NSS_IMPLEMENT NSSArena * +NSSCKFWObject_GetArena +( + NSSCKFWObject *fwObject, + CK_RV *pError +) +{ +#ifdef DEBUG + if (!pError) { + return (NSSArena *)NULL; + } + + *pError = nssCKFWObject_verifyPointer(fwObject); + if( CKR_OK != *pError ) { + return (NSSArena *)NULL; + } +#endif /* DEBUG */ + + return nssCKFWObject_GetArena(fwObject, pError); +} + +/* + * NSSCKFWObject_IsTokenObject + * + */ +NSS_IMPLEMENT CK_BBOOL +NSSCKFWObject_IsTokenObject +( + NSSCKFWObject *fwObject +) +{ +#ifdef DEBUG + if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) { + return CK_FALSE; + } +#endif /* DEBUG */ + + return nssCKFWObject_IsTokenObject(fwObject); +} + +/* + * NSSCKFWObject_GetAttributeCount + * + */ +NSS_IMPLEMENT CK_ULONG +NSSCKFWObject_GetAttributeCount +( + NSSCKFWObject *fwObject, + CK_RV *pError +) +{ +#ifdef DEBUG + if (!pError) { + return (CK_ULONG)0; + } + + *pError = nssCKFWObject_verifyPointer(fwObject); + if( CKR_OK != *pError ) { + return (CK_ULONG)0; + } +#endif /* DEBUG */ + + return nssCKFWObject_GetAttributeCount(fwObject, pError); +} + +/* + * NSSCKFWObject_GetAttributeTypes + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWObject_GetAttributeTypes +( + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount +) +{ +#ifdef DEBUG + CK_RV error = CKR_OK; + + error = nssCKFWObject_verifyPointer(fwObject); + if( CKR_OK != error ) { + return error; + } + + if( (CK_ATTRIBUTE_TYPE_PTR)NULL == typeArray ) { + return CKR_ARGUMENTS_BAD; + } +#endif /* DEBUG */ + + return nssCKFWObject_GetAttributeTypes(fwObject, typeArray, ulCount); +} + +/* + * NSSCKFWObject_GetAttributeSize + * + */ +NSS_IMPLEMENT CK_ULONG +NSSCKFWObject_GetAttributeSize +( + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError +) +{ +#ifdef DEBUG + if (!pError) { + return (CK_ULONG)0; + } + + *pError = nssCKFWObject_verifyPointer(fwObject); + if( CKR_OK != *pError ) { + return (CK_ULONG)0; + } +#endif /* DEBUG */ + + return nssCKFWObject_GetAttributeSize(fwObject, attribute, pError); +} + +/* + * NSSCKFWObject_GetAttribute + * + */ +NSS_IMPLEMENT NSSItem * +NSSCKFWObject_GetAttribute +( + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_TYPE attribute, + NSSItem *itemOpt, + NSSArena *arenaOpt, + CK_RV *pError +) +{ +#ifdef DEBUG + if (!pError) { + return (NSSItem *)NULL; + } + + *pError = nssCKFWObject_verifyPointer(fwObject); + if( CKR_OK != *pError ) { + return (NSSItem *)NULL; + } +#endif /* DEBUG */ + + return nssCKFWObject_GetAttribute(fwObject, attribute, itemOpt, arenaOpt, pError); +} + +/* + * NSSCKFWObject_GetObjectSize + * + */ +NSS_IMPLEMENT CK_ULONG +NSSCKFWObject_GetObjectSize +( + NSSCKFWObject *fwObject, + CK_RV *pError +) +{ +#ifdef DEBUG + if (!pError) { + return (CK_ULONG)0; + } + + *pError = nssCKFWObject_verifyPointer(fwObject); + if( CKR_OK != *pError ) { + return (CK_ULONG)0; + } +#endif /* DEBUG */ + + return nssCKFWObject_GetObjectSize(fwObject, pError); +} diff --git a/security/nss/lib/ckfw/session.c b/security/nss/lib/ckfw/session.c new file mode 100644 index 000000000..26bf02421 --- /dev/null +++ b/security/nss/lib/ckfw/session.c @@ -0,0 +1,2496 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +/* + * session.c + * + * This file implements the NSSCKFWSession type and methods. + */ + +#ifndef CK_T +#include "ck.h" +#endif /* CK_T */ + +/* + * NSSCKFWSession + * + * -- create/destroy -- + * nssCKFWSession_Create + * nssCKFWSession_Destroy + * + * -- public accessors -- + * NSSCKFWSession_GetMDSession + * NSSCKFWSession_GetArena + * NSSCKFWSession_CallNotification + * NSSCKFWSession_IsRWSession + * NSSCKFWSession_IsSO + * + * -- implement public accessors -- + * nssCKFWSession_GetMDSession + * nssCKFWSession_GetArena + * nssCKFWSession_CallNotification + * nssCKFWSession_IsRWSession + * nssCKFWSession_IsSO + * + * -- private accessors -- + * nssCKFWSession_GetSlot + * nssCKFWSession_GetSessionState + * nssCKFWSession_SetFWFindObjects + * nssCKFWSession_GetFWFindObjects + * nssCKFWSession_SetMDSession + * nssCKFWSession_SetHandle + * nssCKFWSession_GetHandle + * nssCKFWSession_RegisterSessionObject + * nssCKFWSession_DeegisterSessionObject + * + * -- module fronts -- + * nssCKFWSession_GetDeviceError + * nssCKFWSession_Login + * nssCKFWSession_Logout + * nssCKFWSession_InitPIN + * nssCKFWSession_SetPIN + * nssCKFWSession_GetOperationStateLen + * nssCKFWSession_GetOperationState + * nssCKFWSession_SetOperationState + * nssCKFWSession_CreateObject + * nssCKFWSession_CopyObject + * nssCKFWSession_FindObjectsInit + * nssCKFWSession_SeedRandom + * nssCKFWSession_GetRandom + */ + +struct NSSCKFWSessionStr { + NSSArena *arena; + NSSCKMDSession *mdSession; + NSSCKFWToken *fwToken; + NSSCKMDToken *mdToken; + NSSCKFWInstance *fwInstance; + NSSCKMDInstance *mdInstance; + CK_VOID_PTR pApplication; + CK_NOTIFY Notify; + + /* + * Everything above is set at creation time, and then not modified. + * The items below are atomic. No locking required. If we fear + * about pointer-copies being nonatomic, we'll lock fwFindObjects. + */ + + CK_BBOOL rw; + NSSCKFWFindObjects *fwFindObjects; + NSSCKFWCryptoOperation *fwOperationArray[NSSCKFWCryptoOperationState_Max]; + nssCKFWHash *sessionObjectHash; + CK_SESSION_HANDLE hSession; +}; + +#ifdef DEBUG +/* + * But first, the pointer-tracking stuff. + * + * NOTE: the pointer-tracking support in NSS/base currently relies + * upon NSPR's CallOnce support. That, however, relies upon NSPR's + * locking, which is tied into the runtime. We need a pointer-tracker + * implementation that uses the locks supplied through C_Initialize. + * That support, however, can be filled in later. So for now, I'll + * just do this routines as no-ops. + */ + +static CK_RV +session_add_pointer +( + const NSSCKFWSession *fwSession +) +{ + return CKR_OK; +} + +static CK_RV +session_remove_pointer +( + const NSSCKFWSession *fwSession +) +{ + return CKR_OK; +} + +NSS_IMPLEMENT CK_RV +nssCKFWSession_verifyPointer +( + const NSSCKFWSession *fwSession +) +{ + return CKR_OK; +} + +#endif /* DEBUG */ + +/* + * nssCKFWSession_Create + * + */ +NSS_IMPLEMENT NSSCKFWSession * +nssCKFWSession_Create +( + NSSCKFWToken *fwToken, + CK_BBOOL rw, + CK_VOID_PTR pApplication, + CK_NOTIFY Notify, + CK_RV *pError +) +{ + NSSArena *arena = (NSSArena *)NULL; + NSSCKFWSession *fwSession; + NSSCKFWSlot *fwSlot; + +#ifdef NSSDEBUG + if (!pError) { + return (NSSCKFWSession *)NULL; + } + + *pError = nssCKFWToken_verifyPointer(fwToken); + if( CKR_OK != *pError ) { + return (NSSCKFWSession *)NULL; + } +#endif /* NSSDEBUG */ + + arena = NSSArena_Create(); + if (!arena) { + *pError = CKR_HOST_MEMORY; + return (NSSCKFWSession *)NULL; + } + + fwSession = nss_ZNEW(arena, NSSCKFWSession); + if (!fwSession) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + fwSession->arena = arena; + fwSession->mdSession = (NSSCKMDSession *)NULL; /* set later */ + fwSession->fwToken = fwToken; + fwSession->mdToken = nssCKFWToken_GetMDToken(fwToken); + + fwSlot = nssCKFWToken_GetFWSlot(fwToken); + fwSession->fwInstance = nssCKFWSlot_GetFWInstance(fwSlot); + fwSession->mdInstance = nssCKFWSlot_GetMDInstance(fwSlot); + + fwSession->rw = rw; + fwSession->pApplication = pApplication; + fwSession->Notify = Notify; + + fwSession->fwFindObjects = (NSSCKFWFindObjects *)NULL; + + fwSession->sessionObjectHash = nssCKFWHash_Create(fwSession->fwInstance, arena, pError); + if (!fwSession->sessionObjectHash) { + if( CKR_OK == *pError ) { + *pError = CKR_GENERAL_ERROR; + } + goto loser; + } + +#ifdef DEBUG + *pError = session_add_pointer(fwSession); + if( CKR_OK != *pError ) { + goto loser; + } +#endif /* DEBUG */ + + return fwSession; + + loser: + if (arena) { + if (fwSession && fwSession->sessionObjectHash) { + (void)nssCKFWHash_Destroy(fwSession->sessionObjectHash); + } + NSSArena_Destroy(arena); + } + + return (NSSCKFWSession *)NULL; +} + +static void +nss_ckfw_session_object_destroy_iterator +( + const void *key, + void *value, + void *closure +) +{ + NSSCKFWObject *fwObject = (NSSCKFWObject *)value; + nssCKFWObject_Finalize(fwObject, PR_TRUE); +} + +/* + * nssCKFWSession_Destroy + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWSession_Destroy +( + NSSCKFWSession *fwSession, + CK_BBOOL removeFromTokenHash +) +{ + CK_RV error = CKR_OK; + nssCKFWHash *sessionObjectHash; + NSSCKFWCryptoOperationState i; + +#ifdef NSSDEBUG + error = nssCKFWSession_verifyPointer(fwSession); + if( CKR_OK != error ) { + return error; + } +#endif /* NSSDEBUG */ + + if( removeFromTokenHash ) { + error = nssCKFWToken_RemoveSession(fwSession->fwToken, fwSession); + } + + /* + * Invalidate session objects + */ + + sessionObjectHash = fwSession->sessionObjectHash; + fwSession->sessionObjectHash = (nssCKFWHash *)NULL; + + nssCKFWHash_Iterate(sessionObjectHash, + nss_ckfw_session_object_destroy_iterator, + (void *)NULL); + + for (i=0; i < NSSCKFWCryptoOperationState_Max; i++) { + if (fwSession->fwOperationArray[i]) { + nssCKFWCryptoOperation_Destroy(fwSession->fwOperationArray[i]); + } + } + +#ifdef DEBUG + (void)session_remove_pointer(fwSession); +#endif /* DEBUG */ + (void)nssCKFWHash_Destroy(sessionObjectHash); + NSSArena_Destroy(fwSession->arena); + + return error; +} + +/* + * nssCKFWSession_GetMDSession + * + */ +NSS_IMPLEMENT NSSCKMDSession * +nssCKFWSession_GetMDSession +( + NSSCKFWSession *fwSession +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { + return (NSSCKMDSession *)NULL; + } +#endif /* NSSDEBUG */ + + return fwSession->mdSession; +} + +/* + * nssCKFWSession_GetArena + * + */ +NSS_IMPLEMENT NSSArena * +nssCKFWSession_GetArena +( + NSSCKFWSession *fwSession, + CK_RV *pError +) +{ +#ifdef NSSDEBUG + if (!pError) { + return (NSSArena *)NULL; + } + + *pError = nssCKFWSession_verifyPointer(fwSession); + if( CKR_OK != *pError ) { + return (NSSArena *)NULL; + } +#endif /* NSSDEBUG */ + + return fwSession->arena; +} + +/* + * nssCKFWSession_CallNotification + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWSession_CallNotification +( + NSSCKFWSession *fwSession, + CK_NOTIFICATION event +) +{ + CK_RV error = CKR_OK; + CK_SESSION_HANDLE handle; + +#ifdef NSSDEBUG + error = nssCKFWSession_verifyPointer(fwSession); + if( CKR_OK != error ) { + return error; + } +#endif /* NSSDEBUG */ + + if( (CK_NOTIFY)NULL == fwSession->Notify ) { + return CKR_OK; + } + + handle = nssCKFWInstance_FindSessionHandle(fwSession->fwInstance, fwSession); + if( (CK_SESSION_HANDLE)0 == handle ) { + return CKR_GENERAL_ERROR; + } + + error = fwSession->Notify(handle, event, fwSession->pApplication); + + return error; +} + +/* + * nssCKFWSession_IsRWSession + * + */ +NSS_IMPLEMENT CK_BBOOL +nssCKFWSession_IsRWSession +( + NSSCKFWSession *fwSession +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { + return CK_FALSE; + } +#endif /* NSSDEBUG */ + + return fwSession->rw; +} + +/* + * nssCKFWSession_IsSO + * + */ +NSS_IMPLEMENT CK_BBOOL +nssCKFWSession_IsSO +( + NSSCKFWSession *fwSession +) +{ + CK_STATE state; + +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { + return CK_FALSE; + } +#endif /* NSSDEBUG */ + + state = nssCKFWToken_GetSessionState(fwSession->fwToken); + switch( state ) { + case CKS_RO_PUBLIC_SESSION: + case CKS_RO_USER_FUNCTIONS: + case CKS_RW_PUBLIC_SESSION: + case CKS_RW_USER_FUNCTIONS: + return CK_FALSE; + case CKS_RW_SO_FUNCTIONS: + return CK_TRUE; + default: + return CK_FALSE; + } +} + +/* + * nssCKFWSession_GetFWSlot + * + */ +NSS_IMPLEMENT NSSCKFWSlot * +nssCKFWSession_GetFWSlot +( + NSSCKFWSession *fwSession +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { + return (NSSCKFWSlot *)NULL; + } +#endif /* NSSDEBUG */ + + return nssCKFWToken_GetFWSlot(fwSession->fwToken); +} + +/* + * nssCFKWSession_GetSessionState + * + */ +NSS_IMPLEMENT CK_STATE +nssCKFWSession_GetSessionState +( + NSSCKFWSession *fwSession +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { + return CKS_RO_PUBLIC_SESSION; /* whatever */ + } +#endif /* NSSDEBUG */ + + return nssCKFWToken_GetSessionState(fwSession->fwToken); +} + +/* + * nssCKFWSession_SetFWFindObjects + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWSession_SetFWFindObjects +( + NSSCKFWSession *fwSession, + NSSCKFWFindObjects *fwFindObjects +) +{ +#ifdef NSSDEBUG + CK_RV error = CKR_OK; +#endif /* NSSDEBUG */ + +#ifdef NSSDEBUG + error = nssCKFWSession_verifyPointer(fwSession); + if( CKR_OK != error ) { + return error; + } + + /* fwFindObjects may be null */ +#endif /* NSSDEBUG */ + + if ((fwSession->fwFindObjects) && + (fwFindObjects)) { + return CKR_OPERATION_ACTIVE; + } + + fwSession->fwFindObjects = fwFindObjects; + + return CKR_OK; +} + +/* + * nssCKFWSession_GetFWFindObjects + * + */ +NSS_IMPLEMENT NSSCKFWFindObjects * +nssCKFWSession_GetFWFindObjects +( + NSSCKFWSession *fwSession, + CK_RV *pError +) +{ +#ifdef NSSDEBUG + if (!pError) { + return (NSSCKFWFindObjects *)NULL; + } + + *pError = nssCKFWSession_verifyPointer(fwSession); + if( CKR_OK != *pError ) { + return (NSSCKFWFindObjects *)NULL; + } +#endif /* NSSDEBUG */ + + if (!fwSession->fwFindObjects) { + *pError = CKR_OPERATION_NOT_INITIALIZED; + return (NSSCKFWFindObjects *)NULL; + } + + return fwSession->fwFindObjects; +} + +/* + * nssCKFWSession_SetMDSession + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWSession_SetMDSession +( + NSSCKFWSession *fwSession, + NSSCKMDSession *mdSession +) +{ +#ifdef NSSDEBUG + CK_RV error = CKR_OK; +#endif /* NSSDEBUG */ + +#ifdef NSSDEBUG + error = nssCKFWSession_verifyPointer(fwSession); + if( CKR_OK != error ) { + return error; + } + + if (!mdSession) { + return CKR_ARGUMENTS_BAD; + } +#endif /* NSSDEBUG */ + + if (fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } + + fwSession->mdSession = mdSession; + + return CKR_OK; +} + +/* + * nssCKFWSession_SetHandle + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWSession_SetHandle +( + NSSCKFWSession *fwSession, + CK_SESSION_HANDLE hSession +) +{ +#ifdef NSSDEBUG + CK_RV error = CKR_OK; +#endif /* NSSDEBUG */ + +#ifdef NSSDEBUG + error = nssCKFWSession_verifyPointer(fwSession); + if( CKR_OK != error ) { + return error; + } +#endif /* NSSDEBUG */ + + if( (CK_SESSION_HANDLE)0 != fwSession->hSession ) { + return CKR_GENERAL_ERROR; + } + + fwSession->hSession = hSession; + + return CKR_OK; +} + +/* + * nssCKFWSession_GetHandle + * + */ +NSS_IMPLEMENT CK_SESSION_HANDLE +nssCKFWSession_GetHandle +( + NSSCKFWSession *fwSession +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { + return NULL; + } +#endif /* NSSDEBUG */ + + return fwSession->hSession; +} + +/* + * nssCKFWSession_RegisterSessionObject + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWSession_RegisterSessionObject +( + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject +) +{ + CK_RV rv = CKR_OK; + +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { + return CKR_GENERAL_ERROR; + } +#endif /* NSSDEBUG */ + + if (fwSession->sessionObjectHash) { + rv = nssCKFWHash_Add(fwSession->sessionObjectHash, fwObject, fwObject); + } + + return rv; +} + +/* + * nssCKFWSession_DeregisterSessionObject + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWSession_DeregisterSessionObject +( + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { + return CKR_GENERAL_ERROR; + } +#endif /* NSSDEBUG */ + + if (fwSession->sessionObjectHash) { + nssCKFWHash_Remove(fwSession->sessionObjectHash, fwObject); + } + + return CKR_OK; +} + +/* + * nssCKFWSession_GetDeviceError + * + */ +NSS_IMPLEMENT CK_ULONG +nssCKFWSession_GetDeviceError +( + NSSCKFWSession *fwSession +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { + return (CK_ULONG)0; + } + + if (!fwSession->mdSession) { + return (CK_ULONG)0; + } +#endif /* NSSDEBUG */ + + if (!fwSession->mdSession->GetDeviceError) { + return (CK_ULONG)0; + } + + return fwSession->mdSession->GetDeviceError(fwSession->mdSession, + fwSession, fwSession->mdToken, fwSession->fwToken, + fwSession->mdInstance, fwSession->fwInstance); +} + +/* + * nssCKFWSession_Login + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWSession_Login +( + NSSCKFWSession *fwSession, + CK_USER_TYPE userType, + NSSItem *pin +) +{ + CK_RV error = CKR_OK; + CK_STATE oldState; + CK_STATE newState; + +#ifdef NSSDEBUG + error = nssCKFWSession_verifyPointer(fwSession); + if( CKR_OK != error ) { + return error; + } + + switch( userType ) { + case CKU_SO: + case CKU_USER: + break; + default: + return CKR_USER_TYPE_INVALID; + } + + if (!pin) { + if( CK_TRUE != nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken) ) { + return CKR_ARGUMENTS_BAD; + } + } + + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } +#endif /* NSSDEBUG */ + + oldState = nssCKFWToken_GetSessionState(fwSession->fwToken); + + /* + * It's not clear what happens when you're already logged in. + * I'll just fail; but if we decide to change, the logic is + * all right here. + */ + + if( CKU_SO == userType ) { + switch( oldState ) { + case CKS_RO_PUBLIC_SESSION: + /* + * There's no such thing as a read-only security officer + * session, so fail. The error should be CKR_SESSION_READ_ONLY, + * except that C_Login isn't defined to return that. So we'll + * do CKR_SESSION_READ_ONLY_EXISTS, which is what is documented. + */ + return CKR_SESSION_READ_ONLY_EXISTS; + case CKS_RO_USER_FUNCTIONS: + return CKR_USER_ANOTHER_ALREADY_LOGGED_IN; + case CKS_RW_PUBLIC_SESSION: + newState = CKS_RW_SO_FUNCTIONS; + break; + case CKS_RW_USER_FUNCTIONS: + return CKR_USER_ANOTHER_ALREADY_LOGGED_IN; + case CKS_RW_SO_FUNCTIONS: + return CKR_USER_ALREADY_LOGGED_IN; + default: + return CKR_GENERAL_ERROR; + } + } else /* CKU_USER == userType */ { + switch( oldState ) { + case CKS_RO_PUBLIC_SESSION: + newState = CKS_RO_USER_FUNCTIONS; + break; + case CKS_RO_USER_FUNCTIONS: + return CKR_USER_ALREADY_LOGGED_IN; + case CKS_RW_PUBLIC_SESSION: + newState = CKS_RW_USER_FUNCTIONS; + break; + case CKS_RW_USER_FUNCTIONS: + return CKR_USER_ALREADY_LOGGED_IN; + case CKS_RW_SO_FUNCTIONS: + return CKR_USER_ANOTHER_ALREADY_LOGGED_IN; + default: + return CKR_GENERAL_ERROR; + } + } + + /* + * So now we're in one of three cases: + * + * Old == CKS_RW_PUBLIC_SESSION, New == CKS_RW_SO_FUNCTIONS; + * Old == CKS_RW_PUBLIC_SESSION, New == CKS_RW_USER_FUNCTIONS; + * Old == CKS_RO_PUBLIC_SESSION, New == CKS_RO_USER_FUNCTIONS; + */ + + if (!fwSession->mdSession->Login) { + /* + * The Module doesn't want to be informed (or check the pin) + * it'll just rely on the Framework as needed. + */ + ; + } else { + error = fwSession->mdSession->Login(fwSession->mdSession, fwSession, + fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, + fwSession->fwInstance, userType, pin, oldState, newState); + if( CKR_OK != error ) { + return error; + } + } + + (void)nssCKFWToken_SetSessionState(fwSession->fwToken, newState); + return CKR_OK; +} + +/* + * nssCKFWSession_Logout + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWSession_Logout +( + NSSCKFWSession *fwSession +) +{ + CK_RV error = CKR_OK; + CK_STATE oldState; + CK_STATE newState; + +#ifdef NSSDEBUG + error = nssCKFWSession_verifyPointer(fwSession); + if( CKR_OK != error ) { + return error; + } + + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } +#endif /* NSSDEBUG */ + + oldState = nssCKFWToken_GetSessionState(fwSession->fwToken); + + switch( oldState ) { + case CKS_RO_PUBLIC_SESSION: + return CKR_USER_NOT_LOGGED_IN; + case CKS_RO_USER_FUNCTIONS: + newState = CKS_RO_PUBLIC_SESSION; + break; + case CKS_RW_PUBLIC_SESSION: + return CKR_USER_NOT_LOGGED_IN; + case CKS_RW_USER_FUNCTIONS: + newState = CKS_RW_PUBLIC_SESSION; + break; + case CKS_RW_SO_FUNCTIONS: + newState = CKS_RW_PUBLIC_SESSION; + break; + default: + return CKR_GENERAL_ERROR; + } + + /* + * So now we're in one of three cases: + * + * Old == CKS_RW_SO_FUNCTIONS, New == CKS_RW_PUBLIC_SESSION; + * Old == CKS_RW_USER_FUNCTIONS, New == CKS_RW_PUBLIC_SESSION; + * Old == CKS_RO_USER_FUNCTIONS, New == CKS_RO_PUBLIC_SESSION; + */ + + if (!fwSession->mdSession->Logout) { + /* + * The Module doesn't want to be informed. Okay. + */ + ; + } else { + error = fwSession->mdSession->Logout(fwSession->mdSession, fwSession, + fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, + fwSession->fwInstance, oldState, newState); + if( CKR_OK != error ) { + /* + * Now what?! A failure really should end up with the Framework + * considering it logged out, right? + */ + ; + } + } + + (void)nssCKFWToken_SetSessionState(fwSession->fwToken, newState); + return error; +} + +/* + * nssCKFWSession_InitPIN + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWSession_InitPIN +( + NSSCKFWSession *fwSession, + NSSItem *pin +) +{ + CK_RV error = CKR_OK; + CK_STATE state; + +#ifdef NSSDEBUG + error = nssCKFWSession_verifyPointer(fwSession); + if( CKR_OK != error ) { + return error; + } + + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } +#endif /* NSSDEBUG */ + + state = nssCKFWToken_GetSessionState(fwSession->fwToken); + if( CKS_RW_SO_FUNCTIONS != state ) { + return CKR_USER_NOT_LOGGED_IN; + } + + if (!pin) { + CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken); + if( CK_TRUE != has ) { + return CKR_ARGUMENTS_BAD; + } + } + + if (!fwSession->mdSession->InitPIN) { + return CKR_TOKEN_WRITE_PROTECTED; + } + + error = fwSession->mdSession->InitPIN(fwSession->mdSession, fwSession, + fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, + fwSession->fwInstance, pin); + + return error; +} + +/* + * nssCKFWSession_SetPIN + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWSession_SetPIN +( + NSSCKFWSession *fwSession, + NSSItem *newPin, + NSSItem *oldPin +) +{ + CK_RV error = CKR_OK; + +#ifdef NSSDEBUG + error = nssCKFWSession_verifyPointer(fwSession); + if( CKR_OK != error ) { + return error; + } + + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } +#endif /* NSSDEBUG */ + + if (!newPin) { + CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken); + if( CK_TRUE != has ) { + return CKR_ARGUMENTS_BAD; + } + } + + if (!oldPin) { + CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken); + if( CK_TRUE != has ) { + return CKR_ARGUMENTS_BAD; + } + } + + if (!fwSession->mdSession->SetPIN) { + return CKR_TOKEN_WRITE_PROTECTED; + } + + error = fwSession->mdSession->SetPIN(fwSession->mdSession, fwSession, + fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, + fwSession->fwInstance, newPin, oldPin); + + return error; +} + +/* + * nssCKFWSession_GetOperationStateLen + * + */ +NSS_IMPLEMENT CK_ULONG +nssCKFWSession_GetOperationStateLen +( + NSSCKFWSession *fwSession, + CK_RV *pError +) +{ + CK_ULONG mdAmt; + CK_ULONG fwAmt; + +#ifdef NSSDEBUG + if (!pError) { + return (CK_ULONG)0; + } + + *pError = nssCKFWSession_verifyPointer(fwSession); + if( CKR_OK != *pError ) { + return (CK_ULONG)0; + } + + if (!fwSession->mdSession) { + *pError = CKR_GENERAL_ERROR; + return (CK_ULONG)0; + } +#endif /* NSSDEBUG */ + + if (!fwSession->mdSession->GetOperationStateLen) { + *pError = CKR_STATE_UNSAVEABLE; + return (CK_ULONG)0; + } + + /* + * We could check that the session is actually in some state.. + */ + + mdAmt = fwSession->mdSession->GetOperationStateLen(fwSession->mdSession, + fwSession, fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, + fwSession->fwInstance, pError); + + if( ((CK_ULONG)0 == mdAmt) && (CKR_OK != *pError) ) { + return (CK_ULONG)0; + } + + /* + * Add a bit of sanity-checking + */ + fwAmt = mdAmt + 2*sizeof(CK_ULONG); + + return fwAmt; +} + +/* + * nssCKFWSession_GetOperationState + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWSession_GetOperationState +( + NSSCKFWSession *fwSession, + NSSItem *buffer +) +{ + CK_RV error = CKR_OK; + CK_ULONG fwAmt; + CK_ULONG *ulBuffer; + NSSItem i2; + CK_ULONG n, i; + +#ifdef NSSDEBUG + error = nssCKFWSession_verifyPointer(fwSession); + if( CKR_OK != error ) { + return error; + } + + if (!buffer) { + return CKR_ARGUMENTS_BAD; + } + + if (!buffer->data) { + return CKR_ARGUMENTS_BAD; + } + + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } +#endif /* NSSDEBUG */ + + if (!fwSession->mdSession->GetOperationState) { + return CKR_STATE_UNSAVEABLE; + } + + /* + * Sanity-check the caller's buffer. + */ + + error = CKR_OK; + fwAmt = nssCKFWSession_GetOperationStateLen(fwSession, &error); + if( ((CK_ULONG)0 == fwAmt) && (CKR_OK != error) ) { + return error; + } + + if( buffer->size < fwAmt ) { + return CKR_BUFFER_TOO_SMALL; + } + + ulBuffer = (CK_ULONG *)buffer->data; + + i2.size = buffer->size - 2*sizeof(CK_ULONG); + i2.data = (void *)&ulBuffer[2]; + + error = fwSession->mdSession->GetOperationState(fwSession->mdSession, + fwSession, fwSession->mdToken, fwSession->fwToken, + fwSession->mdInstance, fwSession->fwInstance, &i2); + + if( CKR_OK != error ) { + return error; + } + + /* + * Add a little integrety/identity check. + * NOTE: right now, it's pretty stupid. + * A CRC or something would be better. + */ + + ulBuffer[0] = 0x434b4657; /* CKFW */ + ulBuffer[1] = 0; + n = i2.size/sizeof(CK_ULONG); + for( i = 0; i < n; i++ ) { + ulBuffer[1] ^= ulBuffer[2+i]; + } + + return CKR_OK; +} + +/* + * nssCKFWSession_SetOperationState + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWSession_SetOperationState +( + NSSCKFWSession *fwSession, + NSSItem *state, + NSSCKFWObject *encryptionKey, + NSSCKFWObject *authenticationKey +) +{ + CK_RV error = CKR_OK; + CK_ULONG *ulBuffer; + CK_ULONG n, i; + CK_ULONG x; + NSSItem s; + NSSCKMDObject *mdek; + NSSCKMDObject *mdak; + +#ifdef NSSDEBUG + error = nssCKFWSession_verifyPointer(fwSession); + if( CKR_OK != error ) { + return error; + } + + if (!state) { + return CKR_ARGUMENTS_BAD; + } + + if (!state->data) { + return CKR_ARGUMENTS_BAD; + } + + if (encryptionKey) { + error = nssCKFWObject_verifyPointer(encryptionKey); + if( CKR_OK != error ) { + return error; + } + } + + if (authenticationKey) { + error = nssCKFWObject_verifyPointer(authenticationKey); + if( CKR_OK != error ) { + return error; + } + } + + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } +#endif /* NSSDEBUG */ + + ulBuffer = (CK_ULONG *)state->data; + if( 0x43b4657 != ulBuffer[0] ) { + return CKR_SAVED_STATE_INVALID; + } + n = (state->size / sizeof(CK_ULONG)) - 2; + x = (CK_ULONG)0; + for( i = 0; i < n; i++ ) { + x ^= ulBuffer[2+i]; + } + + if( x != ulBuffer[1] ) { + return CKR_SAVED_STATE_INVALID; + } + + if (!fwSession->mdSession->SetOperationState) { + return CKR_GENERAL_ERROR; + } + + s.size = state->size - 2*sizeof(CK_ULONG); + s.data = (void *)&ulBuffer[2]; + + if (encryptionKey) { + mdek = nssCKFWObject_GetMDObject(encryptionKey); + } else { + mdek = (NSSCKMDObject *)NULL; + } + + if (authenticationKey) { + mdak = nssCKFWObject_GetMDObject(authenticationKey); + } else { + mdak = (NSSCKMDObject *)NULL; + } + + error = fwSession->mdSession->SetOperationState(fwSession->mdSession, + fwSession, fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, + fwSession->fwInstance, &s, mdek, encryptionKey, mdak, authenticationKey); + + if( CKR_OK != error ) { + return error; + } + + /* + * Here'd we restore any session data + */ + + return CKR_OK; +} + +static CK_BBOOL +nss_attributes_form_token_object +( + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount +) +{ + CK_ULONG i; + CK_BBOOL rv; + + for( i = 0; i < ulAttributeCount; i++ ) { + if( CKA_TOKEN == pTemplate[i].type ) { + /* If we sanity-check, we can remove this sizeof check */ + if( sizeof(CK_BBOOL) == pTemplate[i].ulValueLen ) { + (void)nsslibc_memcpy(&rv, pTemplate[i].pValue, sizeof(CK_BBOOL)); + return rv; + } else { + return CK_FALSE; + } + } + } + + return CK_FALSE; +} + +/* + * nssCKFWSession_CreateObject + * + */ +NSS_IMPLEMENT NSSCKFWObject * +nssCKFWSession_CreateObject +( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError +) +{ + NSSArena *arena; + NSSCKMDObject *mdObject; + NSSCKFWObject *fwObject; + CK_BBOOL isTokenObject; + +#ifdef NSSDEBUG + if (!pError) { + return (NSSCKFWObject *)NULL; + } + + *pError = nssCKFWSession_verifyPointer(fwSession); + if( CKR_OK != pError ) { + return (NSSCKFWObject *)NULL; + } + + if( (CK_ATTRIBUTE_PTR)NULL == pTemplate ) { + *pError = CKR_ARGUMENTS_BAD; + return (NSSCKFWObject *)NULL; + } + + if (!fwSession->mdSession) { + *pError = CKR_GENERAL_ERROR; + return (NSSCKFWObject *)NULL; + } +#endif /* NSSDEBUG */ + + /* + * Here would be an excellent place to sanity-check the object. + */ + + isTokenObject = nss_attributes_form_token_object(pTemplate, ulAttributeCount); + if( CK_TRUE == isTokenObject ) { + /* === TOKEN OBJECT === */ + + if (!fwSession->mdSession->CreateObject) { + *pError = CKR_TOKEN_WRITE_PROTECTED; + return (NSSCKFWObject *)NULL; + } + + arena = nssCKFWToken_GetArena(fwSession->fwToken, pError); + if (!arena) { + if( CKR_OK == *pError ) { + *pError = CKR_GENERAL_ERROR; + } + return (NSSCKFWObject *)NULL; + } + + goto callmdcreateobject; + } else { + /* === SESSION OBJECT === */ + + arena = nssCKFWSession_GetArena(fwSession, pError); + if (!arena) { + if( CKR_OK == *pError ) { + *pError = CKR_GENERAL_ERROR; + } + return (NSSCKFWObject *)NULL; + } + + if( CK_TRUE == nssCKFWInstance_GetModuleHandlesSessionObjects( + fwSession->fwInstance) ) { + /* --- module handles the session object -- */ + + if (!fwSession->mdSession->CreateObject) { + *pError = CKR_GENERAL_ERROR; + return (NSSCKFWObject *)NULL; + } + + goto callmdcreateobject; + } else { + /* --- framework handles the session object -- */ + mdObject = nssCKMDSessionObject_Create(fwSession->fwToken, + arena, pTemplate, ulAttributeCount, pError); + goto gotmdobject; + } + } + + callmdcreateobject: + mdObject = fwSession->mdSession->CreateObject(fwSession->mdSession, + fwSession, fwSession->mdToken, fwSession->fwToken, + fwSession->mdInstance, fwSession->fwInstance, arena, pTemplate, + ulAttributeCount, pError); + + gotmdobject: + if (!mdObject) { + if( CKR_OK == *pError ) { + *pError = CKR_GENERAL_ERROR; + } + return (NSSCKFWObject *)NULL; + } + + fwObject = nssCKFWObject_Create(arena, mdObject, + isTokenObject ? NULL : fwSession, + fwSession->fwToken, fwSession->fwInstance, pError); + if (!fwObject) { + if( CKR_OK == *pError ) { + *pError = CKR_GENERAL_ERROR; + } + + if (mdObject->Destroy) { + (void)mdObject->Destroy(mdObject, (NSSCKFWObject *)NULL, + fwSession->mdSession, fwSession, fwSession->mdToken, + fwSession->fwToken, fwSession->mdInstance, fwSession->fwInstance); + } + + return (NSSCKFWObject *)NULL; + } + + if( CK_FALSE == isTokenObject ) { + if( CK_FALSE == nssCKFWHash_Exists(fwSession->sessionObjectHash, fwObject) ) { + *pError = nssCKFWHash_Add(fwSession->sessionObjectHash, fwObject, fwObject); + if( CKR_OK != *pError ) { + nssCKFWObject_Finalize(fwObject, PR_TRUE); + return (NSSCKFWObject *)NULL; + } + } + } + + return fwObject; +} + +/* + * nssCKFWSession_CopyObject + * + */ +NSS_IMPLEMENT NSSCKFWObject * +nssCKFWSession_CopyObject +( + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError +) +{ + CK_BBOOL oldIsToken; + CK_BBOOL newIsToken; + CK_ULONG i; + NSSCKFWObject *rv; + +#ifdef NSSDEBUG + if (!pError) { + return (NSSCKFWObject *)NULL; + } + + *pError = nssCKFWSession_verifyPointer(fwSession); + if( CKR_OK != *pError ) { + return (NSSCKFWObject *)NULL; + } + + *pError = nssCKFWObject_verifyPointer(fwObject); + if( CKR_OK != *pError ) { + return (NSSCKFWObject *)NULL; + } + + if (!fwSession->mdSession) { + *pError = CKR_GENERAL_ERROR; + return (NSSCKFWObject *)NULL; + } +#endif /* NSSDEBUG */ + + /* + * Sanity-check object + */ + + if (!fwObject) { + *pError = CKR_ARGUMENTS_BAD; + return (NSSCKFWObject *)NULL; + } + + oldIsToken = nssCKFWObject_IsTokenObject(fwObject); + + newIsToken = oldIsToken; + for( i = 0; i < ulAttributeCount; i++ ) { + if( CKA_TOKEN == pTemplate[i].type ) { + /* Since we sanity-checked the object, we know this is the right size. */ + (void)nsslibc_memcpy(&newIsToken, pTemplate[i].pValue, sizeof(CK_BBOOL)); + break; + } + } + + /* + * If the Module handles its session objects, or if both the new + * and old object are token objects, use CopyObject if it exists. + */ + + if ((fwSession->mdSession->CopyObject) && + (((CK_TRUE == oldIsToken) && (CK_TRUE == newIsToken)) || + (CK_TRUE == nssCKFWInstance_GetModuleHandlesSessionObjects( + fwSession->fwInstance))) ) { + /* use copy object */ + NSSArena *arena; + NSSCKMDObject *mdOldObject; + NSSCKMDObject *mdObject; + + mdOldObject = nssCKFWObject_GetMDObject(fwObject); + + if( CK_TRUE == newIsToken ) { + arena = nssCKFWToken_GetArena(fwSession->fwToken, pError); + } else { + arena = nssCKFWSession_GetArena(fwSession, pError); + } + if (!arena) { + if( CKR_OK == *pError ) { + *pError = CKR_GENERAL_ERROR; + } + return (NSSCKFWObject *)NULL; + } + + mdObject = fwSession->mdSession->CopyObject(fwSession->mdSession, + fwSession, fwSession->mdToken, fwSession->fwToken, + fwSession->mdInstance, fwSession->fwInstance, mdOldObject, + fwObject, arena, pTemplate, ulAttributeCount, pError); + if (!mdObject) { + if( CKR_OK == *pError ) { + *pError = CKR_GENERAL_ERROR; + } + return (NSSCKFWObject *)NULL; + } + + rv = nssCKFWObject_Create(arena, mdObject, + newIsToken ? NULL : fwSession, + fwSession->fwToken, fwSession->fwInstance, pError); + + if( CK_FALSE == newIsToken ) { + if( CK_FALSE == nssCKFWHash_Exists(fwSession->sessionObjectHash, rv) ) { + *pError = nssCKFWHash_Add(fwSession->sessionObjectHash, rv, rv); + if( CKR_OK != *pError ) { + nssCKFWObject_Finalize(rv, PR_TRUE); + return (NSSCKFWObject *)NULL; + } + } + } + + return rv; + } else { + /* use create object */ + NSSArena *tmpArena; + CK_ATTRIBUTE_PTR newTemplate; + CK_ULONG i, j, n, newLength, k; + CK_ATTRIBUTE_TYPE_PTR oldTypes; + NSSCKFWObject *rv; + + tmpArena = NSSArena_Create(); + if (!tmpArena) { + *pError = CKR_HOST_MEMORY; + return (NSSCKFWObject *)NULL; + } + + n = nssCKFWObject_GetAttributeCount(fwObject, pError); + if( (0 == n) && (CKR_OK != *pError) ) { + return (NSSCKFWObject *)NULL; + } + + oldTypes = nss_ZNEWARRAY(tmpArena, CK_ATTRIBUTE_TYPE, n); + if( (CK_ATTRIBUTE_TYPE_PTR)NULL == oldTypes ) { + NSSArena_Destroy(tmpArena); + *pError = CKR_HOST_MEMORY; + return (NSSCKFWObject *)NULL; + } + + *pError = nssCKFWObject_GetAttributeTypes(fwObject, oldTypes, n); + if( CKR_OK != *pError ) { + NSSArena_Destroy(tmpArena); + return (NSSCKFWObject *)NULL; + } + + newLength = n; + for( i = 0; i < ulAttributeCount; i++ ) { + for( j = 0; j < n; j++ ) { + if( oldTypes[j] == pTemplate[i].type ) { + if( (CK_VOID_PTR)NULL == pTemplate[i].pValue ) { + /* Removing the attribute */ + newLength--; + } + break; + } + } + if( j == n ) { + /* Not found */ + newLength++; + } + } + + newTemplate = nss_ZNEWARRAY(tmpArena, CK_ATTRIBUTE, newLength); + if( (CK_ATTRIBUTE_PTR)NULL == newTemplate ) { + NSSArena_Destroy(tmpArena); + *pError = CKR_HOST_MEMORY; + return (NSSCKFWObject *)NULL; + } + + k = 0; + for( j = 0; j < n; j++ ) { + for( i = 0; i < ulAttributeCount; i++ ) { + if( oldTypes[j] == pTemplate[i].type ) { + if( (CK_VOID_PTR)NULL == pTemplate[i].pValue ) { + /* This attribute is being deleted */ + ; + } else { + /* This attribute is being replaced */ + newTemplate[k].type = pTemplate[i].type; + newTemplate[k].pValue = pTemplate[i].pValue; + newTemplate[k].ulValueLen = pTemplate[i].ulValueLen; + k++; + } + break; + } + } + if( i == ulAttributeCount ) { + /* This attribute is being copied over from the old object */ + NSSItem item, *it; + item.size = 0; + item.data = (void *)NULL; + it = nssCKFWObject_GetAttribute(fwObject, oldTypes[j], + &item, tmpArena, pError); + if (!it) { + if( CKR_OK == *pError ) { + *pError = CKR_GENERAL_ERROR; + } + NSSArena_Destroy(tmpArena); + return (NSSCKFWObject *)NULL; + } + newTemplate[k].type = oldTypes[j]; + newTemplate[k].pValue = it->data; + newTemplate[k].ulValueLen = it->size; + k++; + } + } + /* assert that k == newLength */ + + rv = nssCKFWSession_CreateObject(fwSession, newTemplate, newLength, pError); + if (!rv) { + if( CKR_OK == *pError ) { + *pError = CKR_GENERAL_ERROR; + } + NSSArena_Destroy(tmpArena); + return (NSSCKFWObject *)NULL; + } + + NSSArena_Destroy(tmpArena); + return rv; + } +} + +/* + * nssCKFWSession_FindObjectsInit + * + */ +NSS_IMPLEMENT NSSCKFWFindObjects * +nssCKFWSession_FindObjectsInit +( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError +) +{ + NSSCKMDFindObjects *mdfo1 = (NSSCKMDFindObjects *)NULL; + NSSCKMDFindObjects *mdfo2 = (NSSCKMDFindObjects *)NULL; + +#ifdef NSSDEBUG + if (!pError) { + return (NSSCKFWFindObjects *)NULL; + } + + *pError = nssCKFWSession_verifyPointer(fwSession); + if( CKR_OK != *pError ) { + return (NSSCKFWFindObjects *)NULL; + } + + if( ((CK_ATTRIBUTE_PTR)NULL == pTemplate) && (ulAttributeCount != 0) ) { + *pError = CKR_ARGUMENTS_BAD; + return (NSSCKFWFindObjects *)NULL; + } + + if (!fwSession->mdSession) { + *pError = CKR_GENERAL_ERROR; + return (NSSCKFWFindObjects *)NULL; + } +#endif /* NSSDEBUG */ + + if( CK_TRUE != nssCKFWInstance_GetModuleHandlesSessionObjects( + fwSession->fwInstance) ) { + CK_ULONG i; + + /* + * Does the search criteria restrict us to token or session + * objects? + */ + + for( i = 0; i < ulAttributeCount; i++ ) { + if( CKA_TOKEN == pTemplate[i].type ) { + /* Yes, it does. */ + CK_BBOOL isToken; + if( sizeof(CK_BBOOL) != pTemplate[i].ulValueLen ) { + *pError = CKR_ATTRIBUTE_VALUE_INVALID; + return (NSSCKFWFindObjects *)NULL; + } + (void)nsslibc_memcpy(&isToken, pTemplate[i].pValue, sizeof(CK_BBOOL)); + + if( CK_TRUE == isToken ) { + /* Pass it on to the module's search routine */ + if (!fwSession->mdSession->FindObjectsInit) { + goto wrap; + } + + mdfo1 = fwSession->mdSession->FindObjectsInit(fwSession->mdSession, + fwSession, fwSession->mdToken, fwSession->fwToken, + fwSession->mdInstance, fwSession->fwInstance, + pTemplate, ulAttributeCount, pError); + } else { + /* Do the search ourselves */ + mdfo1 = nssCKMDFindSessionObjects_Create(fwSession->fwToken, + pTemplate, ulAttributeCount, pError); + } + + if (!mdfo1) { + if( CKR_OK == *pError ) { + *pError = CKR_GENERAL_ERROR; + } + return (NSSCKFWFindObjects *)NULL; + } + + goto wrap; + } + } + + if( i == ulAttributeCount ) { + /* No, it doesn't. Do a hybrid search. */ + mdfo1 = fwSession->mdSession->FindObjectsInit(fwSession->mdSession, + fwSession, fwSession->mdToken, fwSession->fwToken, + fwSession->mdInstance, fwSession->fwInstance, + pTemplate, ulAttributeCount, pError); + + if (!mdfo1) { + if( CKR_OK == *pError ) { + *pError = CKR_GENERAL_ERROR; + } + return (NSSCKFWFindObjects *)NULL; + } + + mdfo2 = nssCKMDFindSessionObjects_Create(fwSession->fwToken, + pTemplate, ulAttributeCount, pError); + if (!mdfo2) { + if( CKR_OK == *pError ) { + *pError = CKR_GENERAL_ERROR; + } + if (mdfo1->Final) { + mdfo1->Final(mdfo1, (NSSCKFWFindObjects *)NULL, fwSession->mdSession, + fwSession, fwSession->mdToken, fwSession->fwToken, + fwSession->mdInstance, fwSession->fwInstance); + } + return (NSSCKFWFindObjects *)NULL; + } + + goto wrap; + } + /*NOTREACHED*/ + } else { + /* Module handles all its own objects. Pass on to module's search */ + mdfo1 = fwSession->mdSession->FindObjectsInit(fwSession->mdSession, + fwSession, fwSession->mdToken, fwSession->fwToken, + fwSession->mdInstance, fwSession->fwInstance, + pTemplate, ulAttributeCount, pError); + + if (!mdfo1) { + if( CKR_OK == *pError ) { + *pError = CKR_GENERAL_ERROR; + } + return (NSSCKFWFindObjects *)NULL; + } + + goto wrap; + } + + wrap: + return nssCKFWFindObjects_Create(fwSession, fwSession->fwToken, + fwSession->fwInstance, mdfo1, mdfo2, pError); +} + +/* + * nssCKFWSession_SeedRandom + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWSession_SeedRandom +( + NSSCKFWSession *fwSession, + NSSItem *seed +) +{ + CK_RV error = CKR_OK; + +#ifdef NSSDEBUG + error = nssCKFWSession_verifyPointer(fwSession); + if( CKR_OK != error ) { + return error; + } + + if (!seed) { + return CKR_ARGUMENTS_BAD; + } + + if (!seed->data) { + return CKR_ARGUMENTS_BAD; + } + + if( 0 == seed->size ) { + return CKR_ARGUMENTS_BAD; + } + + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } +#endif /* NSSDEBUG */ + + if (!fwSession->mdSession->SeedRandom) { + return CKR_RANDOM_SEED_NOT_SUPPORTED; + } + + error = fwSession->mdSession->SeedRandom(fwSession->mdSession, fwSession, + fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, + fwSession->fwInstance, seed); + + return error; +} + +/* + * nssCKFWSession_GetRandom + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWSession_GetRandom +( + NSSCKFWSession *fwSession, + NSSItem *buffer +) +{ + CK_RV error = CKR_OK; + +#ifdef NSSDEBUG + error = nssCKFWSession_verifyPointer(fwSession); + if( CKR_OK != error ) { + return error; + } + + if (!buffer) { + return CKR_ARGUMENTS_BAD; + } + + if (!buffer->data) { + return CKR_ARGUMENTS_BAD; + } + + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } +#endif /* NSSDEBUG */ + + if (!fwSession->mdSession->GetRandom) { + if( CK_TRUE == nssCKFWToken_GetHasRNG(fwSession->fwToken) ) { + return CKR_GENERAL_ERROR; + } else { + return CKR_RANDOM_NO_RNG; + } + } + + if( 0 == buffer->size ) { + return CKR_OK; + } + + error = fwSession->mdSession->GetRandom(fwSession->mdSession, fwSession, + fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, + fwSession->fwInstance, buffer); + + return error; +} + + +/* + * nssCKFWSession_SetCurrentCryptoOperation + */ +NSS_IMPLEMENT void +nssCKFWSession_SetCurrentCryptoOperation +( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperation * fwOperation, + NSSCKFWCryptoOperationState state +) +{ +#ifdef NSSDEBUG + CK_RV error = CKR_OK; + error = nssCKFWSession_verifyPointer(fwSession); + if( CKR_OK != error ) { + return; + } + + if ( state >= NSSCKFWCryptoOperationState_Max) { + return; + } + + if (!fwSession->mdSession) { + return; + } +#endif /* NSSDEBUG */ + fwSession->fwOperationArray[state] = fwOperation; + return; +} + +/* + * nssCKFWSession_GetCurrentCryptoOperation + */ +NSS_IMPLEMENT NSSCKFWCryptoOperation * +nssCKFWSession_GetCurrentCryptoOperation +( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationState state +) +{ +#ifdef NSSDEBUG + CK_RV error = CKR_OK; + error = nssCKFWSession_verifyPointer(fwSession); + if( CKR_OK != error ) { + return (NSSCKFWCryptoOperation *)NULL; + } + + if ( state >= NSSCKFWCryptoOperationState_Max) { + return (NSSCKFWCryptoOperation *)NULL; + } + + if (!fwSession->mdSession) { + return (NSSCKFWCryptoOperation *)NULL; + } +#endif /* NSSDEBUG */ + return fwSession->fwOperationArray[state]; +} + +/* + * nssCKFWSession_Final + */ +NSS_IMPLEMENT CK_RV +nssCKFWSession_Final +( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationType type, + NSSCKFWCryptoOperationState state, + CK_BYTE_PTR outBuf, + CK_ULONG_PTR outBufLen +) +{ + NSSCKFWCryptoOperation *fwOperation; + NSSItem outputBuffer; + CK_RV error = CKR_OK; + +#ifdef NSSDEBUG + error = nssCKFWSession_verifyPointer(fwSession); + if( CKR_OK != error ) { + return error; + } + + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } +#endif /* NSSDEBUG */ + + /* make sure we have a valid operation initialized */ + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state); + if (!fwOperation) { + return CKR_OPERATION_NOT_INITIALIZED; + } + + /* make sure it's the correct type */ + if (type != nssCKFWCryptoOperation_GetType(fwOperation)) { + return CKR_OPERATION_NOT_INITIALIZED; + } + + /* handle buffer issues, note for Verify, the type is an input buffer. */ + if (NSSCKFWCryptoOperationType_Verify == type) { + if ((CK_BYTE_PTR)NULL == outBuf) { + error = CKR_ARGUMENTS_BAD; + goto done; + } + } else { + CK_ULONG len = nssCKFWCryptoOperation_GetFinalLength(fwOperation, &error); + CK_ULONG maxBufLen = *outBufLen; + + if (CKR_OK != error) { + goto done; + } + *outBufLen = len; + if ((CK_BYTE_PTR)NULL == outBuf) { + return CKR_OK; + } + + if (len > maxBufLen) { + return CKR_BUFFER_TOO_SMALL; + } + } + outputBuffer.data = outBuf; + outputBuffer.size = *outBufLen; + + error = nssCKFWCryptoOperation_Final(fwOperation, &outputBuffer); +done: + if (CKR_BUFFER_TOO_SMALL == error) { + return error; + } + /* clean up our state */ + nssCKFWCryptoOperation_Destroy(fwOperation); + nssCKFWSession_SetCurrentCryptoOperation(fwSession, NULL, state); + return error; +} + +/* + * nssCKFWSession_Update + */ +NSS_IMPLEMENT CK_RV +nssCKFWSession_Update +( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationType type, + NSSCKFWCryptoOperationState state, + CK_BYTE_PTR inBuf, + CK_ULONG inBufLen, + CK_BYTE_PTR outBuf, + CK_ULONG_PTR outBufLen +) +{ + NSSCKFWCryptoOperation *fwOperation; + NSSItem inputBuffer; + NSSItem outputBuffer; + CK_ULONG len; + CK_ULONG maxBufLen; + CK_RV error = CKR_OK; + +#ifdef NSSDEBUG + error = nssCKFWSession_verifyPointer(fwSession); + if( CKR_OK != error ) { + return error; + } + + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } +#endif /* NSSDEBUG */ + + /* make sure we have a valid operation initialized */ + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state); + if (!fwOperation) { + return CKR_OPERATION_NOT_INITIALIZED; + } + + /* make sure it's the correct type */ + if (type != nssCKFWCryptoOperation_GetType(fwOperation)) { + return CKR_OPERATION_NOT_INITIALIZED; + } + + inputBuffer.data = inBuf; + inputBuffer.size = inBufLen; + + /* handle buffer issues, note for Verify, the type is an input buffer. */ + len = nssCKFWCryptoOperation_GetOperationLength(fwOperation, &inputBuffer, + &error); + if (CKR_OK != error) { + return error; + } + maxBufLen = *outBufLen; + + *outBufLen = len; + if ((CK_BYTE_PTR)NULL == outBuf) { + return CKR_OK; + } + + if (len > maxBufLen) { + return CKR_BUFFER_TOO_SMALL; + } + outputBuffer.data = outBuf; + outputBuffer.size = *outBufLen; + + return nssCKFWCryptoOperation_Update(fwOperation, + &inputBuffer, &outputBuffer); +} + +/* + * nssCKFWSession_DigestUpdate + */ +NSS_IMPLEMENT CK_RV +nssCKFWSession_DigestUpdate +( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationType type, + NSSCKFWCryptoOperationState state, + CK_BYTE_PTR inBuf, + CK_ULONG inBufLen +) +{ + NSSCKFWCryptoOperation *fwOperation; + NSSItem inputBuffer; + CK_RV error = CKR_OK; + +#ifdef NSSDEBUG + error = nssCKFWSession_verifyPointer(fwSession); + if( CKR_OK != error ) { + return error; + } + + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } +#endif /* NSSDEBUG */ + + /* make sure we have a valid operation initialized */ + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state); + if (!fwOperation) { + return CKR_OPERATION_NOT_INITIALIZED; + } + + /* make sure it's the correct type */ + if (type != nssCKFWCryptoOperation_GetType(fwOperation)) { + return CKR_OPERATION_NOT_INITIALIZED; + } + + inputBuffer.data = inBuf; + inputBuffer.size = inBufLen; + + + error = nssCKFWCryptoOperation_DigestUpdate(fwOperation, &inputBuffer); + return error; +} + +/* + * nssCKFWSession_DigestUpdate + */ +NSS_IMPLEMENT CK_RV +nssCKFWSession_DigestKey +( + NSSCKFWSession *fwSession, + NSSCKFWObject *fwKey +) +{ + NSSCKFWCryptoOperation *fwOperation; + NSSItem *inputBuffer; + CK_RV error = CKR_OK; + +#ifdef NSSDEBUG + error = nssCKFWSession_verifyPointer(fwSession); + if( CKR_OK != error ) { + return error; + } + + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } +#endif /* NSSDEBUG */ + + /* make sure we have a valid operation initialized */ + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, + NSSCKFWCryptoOperationState_Digest); + if (!fwOperation) { + return CKR_OPERATION_NOT_INITIALIZED; + } + + /* make sure it's the correct type */ + if (NSSCKFWCryptoOperationType_Digest != + nssCKFWCryptoOperation_GetType(fwOperation)) { + return CKR_OPERATION_NOT_INITIALIZED; + } + + error = nssCKFWCryptoOperation_DigestKey(fwOperation, fwKey); + if (CKR_FUNCTION_FAILED != error) { + return error; + } + + /* no machine depended way for this to happen, do it by hand */ + inputBuffer=nssCKFWObject_GetAttribute(fwKey, CKA_VALUE, NULL, NULL, &error); + if (!inputBuffer) { + /* couldn't get the value, just fail then */ + return error; + } + error = nssCKFWCryptoOperation_DigestUpdate(fwOperation, inputBuffer); + nssItem_Destroy(inputBuffer); + return error; +} + +/* + * nssCKFWSession_UpdateFinal + */ +NSS_IMPLEMENT CK_RV +nssCKFWSession_UpdateFinal +( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationType type, + NSSCKFWCryptoOperationState state, + CK_BYTE_PTR inBuf, + CK_ULONG inBufLen, + CK_BYTE_PTR outBuf, + CK_ULONG_PTR outBufLen +) +{ + NSSCKFWCryptoOperation *fwOperation; + NSSItem inputBuffer; + NSSItem outputBuffer; + PRBool isEncryptDecrypt; + CK_RV error = CKR_OK; + +#ifdef NSSDEBUG + error = nssCKFWSession_verifyPointer(fwSession); + if( CKR_OK != error ) { + return error; + } + + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } +#endif /* NSSDEBUG */ + + /* make sure we have a valid operation initialized */ + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state); + if (!fwOperation) { + return CKR_OPERATION_NOT_INITIALIZED; + } + + /* make sure it's the correct type */ + if (type != nssCKFWCryptoOperation_GetType(fwOperation)) { + return CKR_OPERATION_NOT_INITIALIZED; + } + + inputBuffer.data = inBuf; + inputBuffer.size = inBufLen; + isEncryptDecrypt = (PRBool) ((NSSCKFWCryptoOperationType_Encrypt == type) || + (NSSCKFWCryptoOperationType_Decrypt == type)) ; + + /* handle buffer issues, note for Verify, the type is an input buffer. */ + if (NSSCKFWCryptoOperationType_Verify == type) { + if ((CK_BYTE_PTR)NULL == outBuf) { + error = CKR_ARGUMENTS_BAD; + goto done; + } + } else { + CK_ULONG maxBufLen = *outBufLen; + CK_ULONG len; + + len = (isEncryptDecrypt) ? + nssCKFWCryptoOperation_GetOperationLength(fwOperation, + &inputBuffer, &error) : + nssCKFWCryptoOperation_GetFinalLength(fwOperation, &error); + + if (CKR_OK != error) { + goto done; + } + + *outBufLen = len; + if ((CK_BYTE_PTR)NULL == outBuf) { + return CKR_OK; + } + + if (len > maxBufLen) { + return CKR_BUFFER_TOO_SMALL; + } + } + outputBuffer.data = outBuf; + outputBuffer.size = *outBufLen; + + error = nssCKFWCryptoOperation_UpdateFinal(fwOperation, + &inputBuffer, &outputBuffer); + + /* UpdateFinal isn't support, manually use Update and Final */ + if (CKR_FUNCTION_FAILED == error) { + error = isEncryptDecrypt ? + nssCKFWCryptoOperation_Update(fwOperation, &inputBuffer, &outputBuffer) : + nssCKFWCryptoOperation_DigestUpdate(fwOperation, &inputBuffer); + + if (CKR_OK == error) { + error = nssCKFWCryptoOperation_Final(fwOperation, &outputBuffer); + } + } + + +done: + if (CKR_BUFFER_TOO_SMALL == error) { + /* if we return CKR_BUFFER_TOO_SMALL, we the caller is not expecting. + * the crypto state to be freed */ + return error; + } + + /* clean up our state */ + nssCKFWCryptoOperation_Destroy(fwOperation); + nssCKFWSession_SetCurrentCryptoOperation(fwSession, NULL, state); + return error; +} + +NSS_IMPLEMENT CK_RV +nssCKFWSession_UpdateCombo +( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationType encryptType, + NSSCKFWCryptoOperationType digestType, + NSSCKFWCryptoOperationState digestState, + CK_BYTE_PTR inBuf, + CK_ULONG inBufLen, + CK_BYTE_PTR outBuf, + CK_ULONG_PTR outBufLen +) +{ + NSSCKFWCryptoOperation *fwOperation; + NSSCKFWCryptoOperation *fwPeerOperation; + NSSItem inputBuffer; + NSSItem outputBuffer; + CK_ULONG maxBufLen = *outBufLen; + CK_ULONG len; + CK_RV error = CKR_OK; + +#ifdef NSSDEBUG + error = nssCKFWSession_verifyPointer(fwSession); + if( CKR_OK != error ) { + return error; + } + + if (!fwSession->mdSession) { + return CKR_GENERAL_ERROR; + } +#endif /* NSSDEBUG */ + + /* make sure we have a valid operation initialized */ + fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, + NSSCKFWCryptoOperationState_EncryptDecrypt); + if (!fwOperation) { + return CKR_OPERATION_NOT_INITIALIZED; + } + + /* make sure it's the correct type */ + if (encryptType != nssCKFWCryptoOperation_GetType(fwOperation)) { + return CKR_OPERATION_NOT_INITIALIZED; + } + /* make sure we have a valid operation initialized */ + fwPeerOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, + digestState); + if (!fwPeerOperation) { + return CKR_OPERATION_NOT_INITIALIZED; + } + + /* make sure it's the correct type */ + if (digestType != nssCKFWCryptoOperation_GetType(fwOperation)) { + return CKR_OPERATION_NOT_INITIALIZED; + } + + inputBuffer.data = inBuf; + inputBuffer.size = inBufLen; + len = nssCKFWCryptoOperation_GetOperationLength(fwOperation, + &inputBuffer, &error); + if (CKR_OK != error) { + return error; + } + + *outBufLen = len; + if ((CK_BYTE_PTR)NULL == outBuf) { + return CKR_OK; + } + + if (len > maxBufLen) { + return CKR_BUFFER_TOO_SMALL; + } + + outputBuffer.data = outBuf; + outputBuffer.size = *outBufLen; + + error = nssCKFWCryptoOperation_UpdateCombo(fwOperation, fwPeerOperation, + &inputBuffer, &outputBuffer); + if (CKR_FUNCTION_FAILED == error) { + PRBool isEncrypt = + (PRBool) (NSSCKFWCryptoOperationType_Encrypt == encryptType); + + if (isEncrypt) { + error = nssCKFWCryptoOperation_DigestUpdate(fwPeerOperation, + &inputBuffer); + if (CKR_OK != error) { + return error; + } + } + error = nssCKFWCryptoOperation_Update(fwOperation, + &inputBuffer, &outputBuffer); + if (CKR_OK != error) { + return error; + } + if (!isEncrypt) { + error = nssCKFWCryptoOperation_DigestUpdate(fwPeerOperation, + &outputBuffer); + } + } + return error; +} + + +/* + * NSSCKFWSession_GetMDSession + * + */ + +NSS_IMPLEMENT NSSCKMDSession * +NSSCKFWSession_GetMDSession +( + NSSCKFWSession *fwSession +) +{ +#ifdef DEBUG + if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { + return (NSSCKMDSession *)NULL; + } +#endif /* DEBUG */ + + return nssCKFWSession_GetMDSession(fwSession); +} + +/* + * NSSCKFWSession_GetArena + * + */ + +NSS_IMPLEMENT NSSArena * +NSSCKFWSession_GetArena +( + NSSCKFWSession *fwSession, + CK_RV *pError +) +{ +#ifdef DEBUG + if (!pError) { + return (NSSArena *)NULL; + } + + *pError = nssCKFWSession_verifyPointer(fwSession); + if( CKR_OK != *pError ) { + return (NSSArena *)NULL; + } +#endif /* DEBUG */ + + return nssCKFWSession_GetArena(fwSession, pError); +} + +/* + * NSSCKFWSession_CallNotification + * + */ + +NSS_IMPLEMENT CK_RV +NSSCKFWSession_CallNotification +( + NSSCKFWSession *fwSession, + CK_NOTIFICATION event +) +{ +#ifdef DEBUG + CK_RV error = CKR_OK; + + error = nssCKFWSession_verifyPointer(fwSession); + if( CKR_OK != error ) { + return error; + } +#endif /* DEBUG */ + + return nssCKFWSession_CallNotification(fwSession, event); +} + +/* + * NSSCKFWSession_IsRWSession + * + */ + +NSS_IMPLEMENT CK_BBOOL +NSSCKFWSession_IsRWSession +( + NSSCKFWSession *fwSession +) +{ +#ifdef DEBUG + if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { + return CK_FALSE; + } +#endif /* DEBUG */ + + return nssCKFWSession_IsRWSession(fwSession); +} + +/* + * NSSCKFWSession_IsSO + * + */ + +NSS_IMPLEMENT CK_BBOOL +NSSCKFWSession_IsSO +( + NSSCKFWSession *fwSession +) +{ +#ifdef DEBUG + if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { + return CK_FALSE; + } +#endif /* DEBUG */ + + return nssCKFWSession_IsSO(fwSession); +} + +NSS_IMPLEMENT NSSCKFWCryptoOperation * +NSSCKFWSession_GetCurrentCryptoOperation +( + NSSCKFWSession *fwSession, + NSSCKFWCryptoOperationState state +) +{ +#ifdef DEBUG + CK_RV error = CKR_OK; + error = nssCKFWSession_verifyPointer(fwSession); + if( CKR_OK != error ) { + return (NSSCKFWCryptoOperation *)NULL; + } + + if ( state >= NSSCKFWCryptoOperationState_Max) { + return (NSSCKFWCryptoOperation *)NULL; + } +#endif /* DEBUG */ + return nssCKFWSession_GetCurrentCryptoOperation(fwSession, state); +} diff --git a/security/nss/lib/ckfw/sessobj.c b/security/nss/lib/ckfw/sessobj.c new file mode 100644 index 000000000..b594d48a2 --- /dev/null +++ b/security/nss/lib/ckfw/sessobj.c @@ -0,0 +1,1111 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +/* + * sessobj.c + * + * This file contains an NSSCKMDObject implementation for session + * objects. The framework uses this implementation to manage + * session objects when a Module doesn't wish to be bothered. + */ + +#ifndef CK_T +#include "ck.h" +#endif /* CK_T */ + +/* + * nssCKMDSessionObject + * + * -- create -- + * nssCKMDSessionObject_Create + * + * -- EPV calls -- + * nss_ckmdSessionObject_Finalize + * nss_ckmdSessionObject_IsTokenObject + * nss_ckmdSessionObject_GetAttributeCount + * nss_ckmdSessionObject_GetAttributeTypes + * nss_ckmdSessionObject_GetAttributeSize + * nss_ckmdSessionObject_GetAttribute + * nss_ckmdSessionObject_SetAttribute + * nss_ckmdSessionObject_GetObjectSize + */ + +struct nssCKMDSessionObjectStr { + CK_ULONG n; + NSSArena *arena; + NSSItem *attributes; + CK_ATTRIBUTE_TYPE_PTR types; + nssCKFWHash *hash; +}; +typedef struct nssCKMDSessionObjectStr nssCKMDSessionObject; + +#ifdef DEBUG +/* + * But first, the pointer-tracking stuff. + * + * NOTE: the pointer-tracking support in NSS/base currently relies + * upon NSPR's CallOnce support. That, however, relies upon NSPR's + * locking, which is tied into the runtime. We need a pointer-tracker + * implementation that uses the locks supplied through C_Initialize. + * That support, however, can be filled in later. So for now, I'll + * just do this routines as no-ops. + */ + +static CK_RV +nss_ckmdSessionObject_add_pointer +( + const NSSCKMDObject *mdObject +) +{ + return CKR_OK; +} + +static CK_RV +nss_ckmdSessionObject_remove_pointer +( + const NSSCKMDObject *mdObject +) +{ + return CKR_OK; +} + +#ifdef NSS_DEBUG +static CK_RV +nss_ckmdSessionObject_verifyPointer +( + const NSSCKMDObject *mdObject +) +{ + return CKR_OK; +} +#endif + +#endif /* DEBUG */ + +/* + * We must forward-declare these routines + */ +static void +nss_ckmdSessionObject_Finalize +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +); + +static CK_RV +nss_ckmdSessionObject_Destroy +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +); + +static CK_BBOOL +nss_ckmdSessionObject_IsTokenObject +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +); + +static CK_ULONG +nss_ckmdSessionObject_GetAttributeCount +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +); + +static CK_RV +nss_ckmdSessionObject_GetAttributeTypes +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount +); + +static CK_ULONG +nss_ckmdSessionObject_GetAttributeSize +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError +); + +static NSSCKFWItem +nss_ckmdSessionObject_GetAttribute +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError +); + +static CK_RV +nss_ckmdSessionObject_SetAttribute +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + NSSItem *value +); + +static CK_ULONG +nss_ckmdSessionObject_GetObjectSize +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +); + +/* + * nssCKMDSessionObject_Create + * + */ +NSS_IMPLEMENT NSSCKMDObject * +nssCKMDSessionObject_Create +( + NSSCKFWToken *fwToken, + NSSArena *arena, + CK_ATTRIBUTE_PTR attributes, + CK_ULONG ulCount, + CK_RV *pError +) +{ + NSSCKMDObject *mdObject = (NSSCKMDObject *)NULL; + nssCKMDSessionObject *mdso = (nssCKMDSessionObject *)NULL; + CK_ULONG i; + nssCKFWHash *hash; + + *pError = CKR_OK; + + mdso = nss_ZNEW(arena, nssCKMDSessionObject); + if (!mdso) { + goto loser; + } + + mdso->arena = arena; + mdso->n = ulCount; + mdso->attributes = nss_ZNEWARRAY(arena, NSSItem, ulCount); + if (!mdso->attributes) { + goto loser; + } + + mdso->types = nss_ZNEWARRAY(arena, CK_ATTRIBUTE_TYPE, ulCount); + if (!mdso->types) { + goto loser; + } + for( i = 0; i < ulCount; i++ ) { + mdso->types[i] = attributes[i].type; + mdso->attributes[i].size = attributes[i].ulValueLen; + mdso->attributes[i].data = nss_ZAlloc(arena, attributes[i].ulValueLen); + if (!mdso->attributes[i].data) { + goto loser; + } + (void)nsslibc_memcpy(mdso->attributes[i].data, attributes[i].pValue, + attributes[i].ulValueLen); + } + + mdObject = nss_ZNEW(arena, NSSCKMDObject); + if (!mdObject) { + goto loser; + } + + mdObject->etc = (void *)mdso; + mdObject->Finalize = nss_ckmdSessionObject_Finalize; + mdObject->Destroy = nss_ckmdSessionObject_Destroy; + mdObject->IsTokenObject = nss_ckmdSessionObject_IsTokenObject; + mdObject->GetAttributeCount = nss_ckmdSessionObject_GetAttributeCount; + mdObject->GetAttributeTypes = nss_ckmdSessionObject_GetAttributeTypes; + mdObject->GetAttributeSize = nss_ckmdSessionObject_GetAttributeSize; + mdObject->GetAttribute = nss_ckmdSessionObject_GetAttribute; + mdObject->SetAttribute = nss_ckmdSessionObject_SetAttribute; + mdObject->GetObjectSize = nss_ckmdSessionObject_GetObjectSize; + + hash = nssCKFWToken_GetSessionObjectHash(fwToken); + if (!hash) { + *pError = CKR_GENERAL_ERROR; + goto loser; + } + + mdso->hash = hash; + + *pError = nssCKFWHash_Add(hash, mdObject, mdObject); + if( CKR_OK != *pError ) { + goto loser; + } + +#ifdef DEBUG + if(( *pError = nss_ckmdSessionObject_add_pointer(mdObject)) != CKR_OK ) { + goto loser; + } +#endif /* DEBUG */ + + return mdObject; + + loser: + if (mdso) { + if (mdso->attributes) { + for( i = 0; i < ulCount; i++ ) { + nss_ZFreeIf(mdso->attributes[i].data); + } + nss_ZFreeIf(mdso->attributes); + } + nss_ZFreeIf(mdso->types); + nss_ZFreeIf(mdso); + } + + nss_ZFreeIf(mdObject); + if (*pError == CKR_OK) { + *pError = CKR_HOST_MEMORY; + } + return (NSSCKMDObject *)NULL; +} + +/* + * nss_ckmdSessionObject_Finalize + * + */ +static void +nss_ckmdSessionObject_Finalize +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + /* This shouldn't ever be called */ + return; +} + +/* + * nss_ckmdSessionObject_Destroy + * + */ + +static CK_RV +nss_ckmdSessionObject_Destroy +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ +#ifdef NSSDEBUG + CK_RV error = CKR_OK; +#endif /* NSSDEBUG */ + nssCKMDSessionObject *mdso; + CK_ULONG i; + +#ifdef NSSDEBUG + error = nss_ckmdSessionObject_verifyPointer(mdObject); + if( CKR_OK != error ) { + return error; + } +#endif /* NSSDEBUG */ + + mdso = (nssCKMDSessionObject *)mdObject->etc; + + nssCKFWHash_Remove(mdso->hash, mdObject); + + for( i = 0; i < mdso->n; i++ ) { + nss_ZFreeIf(mdso->attributes[i].data); + } + nss_ZFreeIf(mdso->attributes); + nss_ZFreeIf(mdso->types); + nss_ZFreeIf(mdso); + nss_ZFreeIf(mdObject); + +#ifdef DEBUG + (void)nss_ckmdSessionObject_remove_pointer(mdObject); +#endif /* DEBUG */ + + return CKR_OK; +} + +/* + * nss_ckmdSessionObject_IsTokenObject + * + */ + +static CK_BBOOL +nss_ckmdSessionObject_IsTokenObject +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nss_ckmdSessionObject_verifyPointer(mdObject) ) { + return CK_FALSE; + } +#endif /* NSSDEBUG */ + + /* + * This implementation is only ever used for session objects. + */ + return CK_FALSE; +} + +/* + * nss_ckmdSessionObject_GetAttributeCount + * + */ +static CK_ULONG +nss_ckmdSessionObject_GetAttributeCount +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + nssCKMDSessionObject *obj; + +#ifdef NSSDEBUG + if (!pError) { + return 0; + } + + *pError = nss_ckmdSessionObject_verifyPointer(mdObject); + if( CKR_OK != *pError ) { + return 0; + } + + /* We could even check all the other arguments, for sanity. */ +#endif /* NSSDEBUG */ + + obj = (nssCKMDSessionObject *)mdObject->etc; + + return obj->n; +} + +/* + * nss_ckmdSessionObject_GetAttributeTypes + * + */ +static CK_RV +nss_ckmdSessionObject_GetAttributeTypes +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount +) +{ +#ifdef NSSDEBUG + CK_RV error = CKR_OK; +#endif /* NSSDEBUG */ + nssCKMDSessionObject *obj; + +#ifdef NSSDEBUG + error = nss_ckmdSessionObject_verifyPointer(mdObject); + if( CKR_OK != error ) { + return error; + } + + /* We could even check all the other arguments, for sanity. */ +#endif /* NSSDEBUG */ + + obj = (nssCKMDSessionObject *)mdObject->etc; + + if( ulCount < obj->n ) { + return CKR_BUFFER_TOO_SMALL; + } + + (void)nsslibc_memcpy(typeArray, obj->types, + sizeof(CK_ATTRIBUTE_TYPE) * obj->n); + + return CKR_OK; +} + +/* + * nss_ckmdSessionObject_GetAttributeSize + * + */ +static CK_ULONG +nss_ckmdSessionObject_GetAttributeSize +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError +) +{ + nssCKMDSessionObject *obj; + CK_ULONG i; + +#ifdef NSSDEBUG + if (!pError) { + return 0; + } + + *pError = nss_ckmdSessionObject_verifyPointer(mdObject); + if( CKR_OK != *pError ) { + return 0; + } + + /* We could even check all the other arguments, for sanity. */ +#endif /* NSSDEBUG */ + + obj = (nssCKMDSessionObject *)mdObject->etc; + + for( i = 0; i < obj->n; i++ ) { + if( attribute == obj->types[i] ) { + return (CK_ULONG)(obj->attributes[i].size); + } + } + + *pError = CKR_ATTRIBUTE_TYPE_INVALID; + return 0; +} + +/* + * nss_ckmdSessionObject_GetAttribute + * + */ +static NSSCKFWItem +nss_ckmdSessionObject_GetAttribute +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError +) +{ + NSSCKFWItem item; + nssCKMDSessionObject *obj; + CK_ULONG i; + + item.needsFreeing = PR_FALSE; + item.item = NULL; +#ifdef NSSDEBUG + if (!pError) { + return item; + } + + *pError = nss_ckmdSessionObject_verifyPointer(mdObject); + if( CKR_OK != *pError ) { + return item; + } + + /* We could even check all the other arguments, for sanity. */ +#endif /* NSSDEBUG */ + + obj = (nssCKMDSessionObject *)mdObject->etc; + + for( i = 0; i < obj->n; i++ ) { + if( attribute == obj->types[i] ) { + item.item = &obj->attributes[i]; + return item; + } + } + + *pError = CKR_ATTRIBUTE_TYPE_INVALID; + return item; +} + +/* + * nss_ckmdSessionObject_SetAttribute + * + */ + +/* + * Okay, so this implementation sucks. It doesn't support removing + * an attribute (if value == NULL), and could be more graceful about + * memory. It should allow "blank" slots in the arrays, with some + * invalid attribute type, and then it could support removal much + * more easily. Do this later. + */ +static CK_RV +nss_ckmdSessionObject_SetAttribute +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + NSSItem *value +) +{ + nssCKMDSessionObject *obj; + CK_ULONG i; + NSSItem n; + NSSItem *ra; + CK_ATTRIBUTE_TYPE_PTR rt; +#ifdef NSSDEBUG + CK_RV error; +#endif /* NSSDEBUG */ + +#ifdef NSSDEBUG + error = nss_ckmdSessionObject_verifyPointer(mdObject); + if( CKR_OK != error ) { + return 0; + } + + /* We could even check all the other arguments, for sanity. */ +#endif /* NSSDEBUG */ + + obj = (nssCKMDSessionObject *)mdObject->etc; + + n.size = value->size; + n.data = nss_ZAlloc(obj->arena, n.size); + if (!n.data) { + return CKR_HOST_MEMORY; + } + (void)nsslibc_memcpy(n.data, value->data, n.size); + + for( i = 0; i < obj->n; i++ ) { + if( attribute == obj->types[i] ) { + nss_ZFreeIf(obj->attributes[i].data); + obj->attributes[i] = n; + return CKR_OK; + } + } + + /* + * It's new. + */ + + ra = (NSSItem *)nss_ZRealloc(obj->attributes, sizeof(NSSItem) * (obj->n + 1)); + if (!ra) { + nss_ZFreeIf(n.data); + return CKR_HOST_MEMORY; + } + obj->attributes = ra; + + rt = (CK_ATTRIBUTE_TYPE_PTR)nss_ZRealloc(obj->types, + sizeof(CK_ATTRIBUTE_TYPE) * (obj->n + 1)); + if (!rt) { + nss_ZFreeIf(n.data); + return CKR_HOST_MEMORY; + } + + obj->types = rt; + obj->attributes[obj->n] = n; + obj->types[obj->n] = attribute; + obj->n++; + + return CKR_OK; +} + +/* + * nss_ckmdSessionObject_GetObjectSize + * + */ +static CK_ULONG +nss_ckmdSessionObject_GetObjectSize +( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError +) +{ + nssCKMDSessionObject *obj; + CK_ULONG i; + CK_ULONG rv = (CK_ULONG)0; + +#ifdef NSSDEBUG + if (!pError) { + return 0; + } + + *pError = nss_ckmdSessionObject_verifyPointer(mdObject); + if( CKR_OK != *pError ) { + return 0; + } + + /* We could even check all the other arguments, for sanity. */ +#endif /* NSSDEBUG */ + + obj = (nssCKMDSessionObject *)mdObject->etc; + + for( i = 0; i < obj->n; i++ ) { + rv += obj->attributes[i].size; + } + + rv += sizeof(NSSItem) * obj->n; + rv += sizeof(CK_ATTRIBUTE_TYPE) * obj->n; + rv += sizeof(nssCKMDSessionObject); + + return rv; +} + +/* + * nssCKMDFindSessionObjects + * + * -- create -- + * nssCKMDFindSessionObjects_Create + * + * -- EPV calls -- + * nss_ckmdFindSessionObjects_Final + * nss_ckmdFindSessionObjects_Next + */ + +struct nodeStr { + struct nodeStr *next; + NSSCKMDObject *mdObject; +}; + +struct nssCKMDFindSessionObjectsStr { + NSSArena *arena; + CK_RV error; + CK_ATTRIBUTE_PTR pTemplate; + CK_ULONG ulCount; + struct nodeStr *list; + nssCKFWHash *hash; + +}; +typedef struct nssCKMDFindSessionObjectsStr nssCKMDFindSessionObjects; + +#ifdef DEBUG +/* + * But first, the pointer-tracking stuff. + * + * NOTE: the pointer-tracking support in NSS/base currently relies + * upon NSPR's CallOnce support. That, however, relies upon NSPR's + * locking, which is tied into the runtime. We need a pointer-tracker + * implementation that uses the locks supplied through C_Initialize. + * That support, however, can be filled in later. So for now, I'll + * just do this routines as no-ops. + */ + +static CK_RV +nss_ckmdFindSessionObjects_add_pointer +( + const NSSCKMDFindObjects *mdFindObjects +) +{ + return CKR_OK; +} + +static CK_RV +nss_ckmdFindSessionObjects_remove_pointer +( + const NSSCKMDFindObjects *mdFindObjects +) +{ + return CKR_OK; +} + +#ifdef NSS_DEBUG +static CK_RV +nss_ckmdFindSessionObjects_verifyPointer +( + const NSSCKMDFindObjects *mdFindObjects +) +{ + return CKR_OK; +} +#endif + +#endif /* DEBUG */ + +/* + * We must forward-declare these routines. + */ +static void +nss_ckmdFindSessionObjects_Final +( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +); + +static NSSCKMDObject * +nss_ckmdFindSessionObjects_Next +( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError +); + +static CK_BBOOL +items_match +( + NSSItem *a, + CK_VOID_PTR pValue, + CK_ULONG ulValueLen +) +{ + if( a->size != ulValueLen ) { + return CK_FALSE; + } + + if( PR_TRUE == nsslibc_memequal(a->data, pValue, ulValueLen, (PRStatus *)NULL) ) { + return CK_TRUE; + } else { + return CK_FALSE; + } +} + +/* + * Our hashtable iterator + */ +static void +findfcn +( + const void *key, + void *value, + void *closure +) +{ + NSSCKMDObject *mdObject = (NSSCKMDObject *)value; + nssCKMDSessionObject *mdso = (nssCKMDSessionObject *)mdObject->etc; + nssCKMDFindSessionObjects *mdfso = (nssCKMDFindSessionObjects *)closure; + CK_ULONG i, j; + struct nodeStr *node; + + if( CKR_OK != mdfso->error ) { + return; + } + + for( i = 0; i < mdfso->ulCount; i++ ) { + CK_ATTRIBUTE_PTR p = &mdfso->pTemplate[i]; + + for( j = 0; j < mdso->n; j++ ) { + if( mdso->types[j] == p->type ) { + if( !items_match(&mdso->attributes[j], p->pValue, p->ulValueLen) ) { + return; + } else { + break; + } + } + } + + if( j == mdso->n ) { + /* Attribute not found */ + return; + } + } + + /* Matches */ + node = nss_ZNEW(mdfso->arena, struct nodeStr); + if( (struct nodeStr *)NULL == node ) { + mdfso->error = CKR_HOST_MEMORY; + return; + } + + node->mdObject = mdObject; + node->next = mdfso->list; + mdfso->list = node; + + return; +} + +/* + * nssCKMDFindSessionObjects_Create + * + */ +NSS_IMPLEMENT NSSCKMDFindObjects * +nssCKMDFindSessionObjects_Create +( + NSSCKFWToken *fwToken, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_RV *pError +) +{ + NSSArena *arena; + nssCKMDFindSessionObjects *mdfso; + nssCKFWHash *hash; + NSSCKMDFindObjects *rv; + +#ifdef NSSDEBUG + if (!pError) { + return (NSSCKMDFindObjects *)NULL; + } + + *pError = nssCKFWToken_verifyPointer(fwToken); + if( CKR_OK != *pError ) { + return (NSSCKMDFindObjects *)NULL; + } + + if( (CK_ATTRIBUTE_PTR)NULL == pTemplate ) { + *pError = CKR_ARGUMENTS_BAD; + return (NSSCKMDFindObjects *)NULL; + } +#endif /* NSSDEBUG */ + + *pError = CKR_OK; + + hash = nssCKFWToken_GetSessionObjectHash(fwToken); + if (!hash) { + *pError= CKR_GENERAL_ERROR; + return (NSSCKMDFindObjects *)NULL; + } + + arena = NSSArena_Create(); + if (!arena) { + *pError = CKR_HOST_MEMORY; + return (NSSCKMDFindObjects *)NULL; + } + + mdfso = nss_ZNEW(arena, nssCKMDFindSessionObjects); + if (!mdfso) { + goto loser; + } + + rv = nss_ZNEW(arena, NSSCKMDFindObjects); + if(rv == NULL) { + goto loser; + } + + mdfso->error = CKR_OK; + mdfso->pTemplate = pTemplate; + mdfso->ulCount = ulCount; + mdfso->hash = hash; + + nssCKFWHash_Iterate(hash, findfcn, mdfso); + + if( CKR_OK != mdfso->error ) { + goto loser; + } + + rv->etc = (void *)mdfso; + rv->Final = nss_ckmdFindSessionObjects_Final; + rv->Next = nss_ckmdFindSessionObjects_Next; + +#ifdef DEBUG + if( (*pError = nss_ckmdFindSessionObjects_add_pointer(rv)) != CKR_OK ) { + goto loser; + } +#endif /* DEBUG */ + mdfso->arena = arena; + + return rv; + +loser: + if (arena) { + NSSArena_Destroy(arena); + } + if (*pError == CKR_OK) { + *pError = CKR_HOST_MEMORY; + } + return NULL; +} + +static void +nss_ckmdFindSessionObjects_Final +( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance +) +{ + nssCKMDFindSessionObjects *mdfso; + +#ifdef NSSDEBUG + if( CKR_OK != nss_ckmdFindSessionObjects_verifyPointer(mdFindObjects) ) { + return; + } +#endif /* NSSDEBUG */ + + mdfso = (nssCKMDFindSessionObjects *)mdFindObjects->etc; + if (mdfso->arena) NSSArena_Destroy(mdfso->arena); + +#ifdef DEBUG + (void)nss_ckmdFindSessionObjects_remove_pointer(mdFindObjects); +#endif /* DEBUG */ + + return; +} + +static NSSCKMDObject * +nss_ckmdFindSessionObjects_Next +( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError +) +{ + nssCKMDFindSessionObjects *mdfso; + NSSCKMDObject *rv = (NSSCKMDObject *)NULL; + +#ifdef NSSDEBUG + if( CKR_OK != nss_ckmdFindSessionObjects_verifyPointer(mdFindObjects) ) { + return (NSSCKMDObject *)NULL; + } +#endif /* NSSDEBUG */ + + mdfso = (nssCKMDFindSessionObjects *)mdFindObjects->etc; + + while (!rv) { + if( (struct nodeStr *)NULL == mdfso->list ) { + *pError = CKR_OK; + return (NSSCKMDObject *)NULL; + } + + if( nssCKFWHash_Exists(mdfso->hash, mdfso->list->mdObject) ) { + rv = mdfso->list->mdObject; + } + + mdfso->list = mdfso->list->next; + } + + return rv; +} diff --git a/security/nss/lib/ckfw/slot.c b/security/nss/lib/ckfw/slot.c new file mode 100644 index 000000000..c74ed0bbd --- /dev/null +++ b/security/nss/lib/ckfw/slot.c @@ -0,0 +1,759 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +/* + * slot.c + * + * This file implements the NSSCKFWSlot type and methods. + */ + +#ifndef CK_T +#include "ck.h" +#endif /* CK_T */ + +/* + * NSSCKFWSlot + * + * -- create/destroy -- + * nssCKFWSlot_Create + * nssCKFWSlot_Destroy + * + * -- public accessors -- + * NSSCKFWSlot_GetMDSlot + * NSSCKFWSlot_GetFWInstance + * NSSCKFWSlot_GetMDInstance + * + * -- implement public accessors -- + * nssCKFWSlot_GetMDSlot + * nssCKFWSlot_GetFWInstance + * nssCKFWSlot_GetMDInstance + * + * -- private accessors -- + * nssCKFWSlot_GetSlotID + * nssCKFWSlot_ClearToken + * + * -- module fronts -- + * nssCKFWSlot_GetSlotDescription + * nssCKFWSlot_GetManufacturerID + * nssCKFWSlot_GetTokenPresent + * nssCKFWSlot_GetRemovableDevice + * nssCKFWSlot_GetHardwareSlot + * nssCKFWSlot_GetHardwareVersion + * nssCKFWSlot_GetFirmwareVersion + * nssCKFWSlot_InitToken + * nssCKFWSlot_GetToken + */ + +struct NSSCKFWSlotStr { + NSSCKFWMutex *mutex; + NSSCKMDSlot *mdSlot; + NSSCKFWInstance *fwInstance; + NSSCKMDInstance *mdInstance; + CK_SLOT_ID slotID; + + /* + * Everything above is set at creation time, and then not modified. + * The invariants the mutex protects are: + * + * 1) Each of the cached descriptions (versions, etc.) are in an + * internally consistant state. + * + * 2) The fwToken points to the token currently in the slot, and + * it is in a consistant state. + * + * Note that the calls accessing the cached descriptions will + * call the NSSCKMDSlot methods with the mutex locked. Those + * methods may then call the public NSSCKFWSlot routines. Those + * public routines only access the constant data above, so there's + * no problem. But be careful if you add to this object; mutexes + * are in general not reentrant, so don't create deadlock situations. + */ + + NSSUTF8 *slotDescription; + NSSUTF8 *manufacturerID; + CK_VERSION hardwareVersion; + CK_VERSION firmwareVersion; + NSSCKFWToken *fwToken; +}; + +#ifdef DEBUG +/* + * But first, the pointer-tracking stuff. + * + * NOTE: the pointer-tracking support in NSS/base currently relies + * upon NSPR's CallOnce support. That, however, relies upon NSPR's + * locking, which is tied into the runtime. We need a pointer-tracker + * implementation that uses the locks supplied through C_Initialize. + * That support, however, can be filled in later. So for now, I'll + * just do this routines as no-ops. + */ + +static CK_RV +slot_add_pointer +( + const NSSCKFWSlot *fwSlot +) +{ + return CKR_OK; +} + +static CK_RV +slot_remove_pointer +( + const NSSCKFWSlot *fwSlot +) +{ + return CKR_OK; +} + +NSS_IMPLEMENT CK_RV +nssCKFWSlot_verifyPointer +( + const NSSCKFWSlot *fwSlot +) +{ + return CKR_OK; +} + +#endif /* DEBUG */ + +/* + * nssCKFWSlot_Create + * + */ +NSS_IMPLEMENT NSSCKFWSlot * +nssCKFWSlot_Create +( + NSSCKFWInstance *fwInstance, + NSSCKMDSlot *mdSlot, + CK_SLOT_ID slotID, + CK_RV *pError +) +{ + NSSCKFWSlot *fwSlot; + NSSCKMDInstance *mdInstance; + NSSArena *arena; + +#ifdef NSSDEBUG + if (!pError) { + return (NSSCKFWSlot *)NULL; + } + + *pError = nssCKFWInstance_verifyPointer(fwInstance); + if( CKR_OK != *pError ) { + return (NSSCKFWSlot *)NULL; + } +#endif /* NSSDEBUG */ + + mdInstance = nssCKFWInstance_GetMDInstance(fwInstance); + if (!mdInstance) { + *pError = CKR_GENERAL_ERROR; + return (NSSCKFWSlot *)NULL; + } + + arena = nssCKFWInstance_GetArena(fwInstance, pError); + if (!arena) { + if( CKR_OK == *pError ) { + *pError = CKR_GENERAL_ERROR; + } + } + + fwSlot = nss_ZNEW(arena, NSSCKFWSlot); + if (!fwSlot) { + *pError = CKR_HOST_MEMORY; + return (NSSCKFWSlot *)NULL; + } + + fwSlot->mdSlot = mdSlot; + fwSlot->fwInstance = fwInstance; + fwSlot->mdInstance = mdInstance; + fwSlot->slotID = slotID; + + fwSlot->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError); + if (!fwSlot->mutex) { + if( CKR_OK == *pError ) { + *pError = CKR_GENERAL_ERROR; + } + (void)nss_ZFreeIf(fwSlot); + return (NSSCKFWSlot *)NULL; + } + + if (mdSlot->Initialize) { + *pError = CKR_OK; + *pError = mdSlot->Initialize(mdSlot, fwSlot, mdInstance, fwInstance); + if( CKR_OK != *pError ) { + (void)nssCKFWMutex_Destroy(fwSlot->mutex); + (void)nss_ZFreeIf(fwSlot); + return (NSSCKFWSlot *)NULL; + } + } + +#ifdef DEBUG + *pError = slot_add_pointer(fwSlot); + if( CKR_OK != *pError ) { + if (mdSlot->Destroy) { + mdSlot->Destroy(mdSlot, fwSlot, mdInstance, fwInstance); + } + + (void)nssCKFWMutex_Destroy(fwSlot->mutex); + (void)nss_ZFreeIf(fwSlot); + return (NSSCKFWSlot *)NULL; + } +#endif /* DEBUG */ + + return fwSlot; +} + +/* + * nssCKFWSlot_Destroy + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWSlot_Destroy +( + NSSCKFWSlot *fwSlot +) +{ + CK_RV error = CKR_OK; + +#ifdef NSSDEBUG + error = nssCKFWSlot_verifyPointer(fwSlot); + if( CKR_OK != error ) { + return error; + } +#endif /* NSSDEBUG */ + if (fwSlot->fwToken) { + nssCKFWToken_Destroy(fwSlot->fwToken); + } + + (void)nssCKFWMutex_Destroy(fwSlot->mutex); + + if (fwSlot->mdSlot->Destroy) { + fwSlot->mdSlot->Destroy(fwSlot->mdSlot, fwSlot, + fwSlot->mdInstance, fwSlot->fwInstance); + } + +#ifdef DEBUG + error = slot_remove_pointer(fwSlot); +#endif /* DEBUG */ + (void)nss_ZFreeIf(fwSlot); + return error; +} + +/* + * nssCKFWSlot_GetMDSlot + * + */ +NSS_IMPLEMENT NSSCKMDSlot * +nssCKFWSlot_GetMDSlot +( + NSSCKFWSlot *fwSlot +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { + return (NSSCKMDSlot *)NULL; + } +#endif /* NSSDEBUG */ + + return fwSlot->mdSlot; +} + +/* + * nssCKFWSlot_GetFWInstance + * + */ + +NSS_IMPLEMENT NSSCKFWInstance * +nssCKFWSlot_GetFWInstance +( + NSSCKFWSlot *fwSlot +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { + return (NSSCKFWInstance *)NULL; + } +#endif /* NSSDEBUG */ + + return fwSlot->fwInstance; +} + +/* + * nssCKFWSlot_GetMDInstance + * + */ + +NSS_IMPLEMENT NSSCKMDInstance * +nssCKFWSlot_GetMDInstance +( + NSSCKFWSlot *fwSlot +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { + return (NSSCKMDInstance *)NULL; + } +#endif /* NSSDEBUG */ + + return fwSlot->mdInstance; +} + +/* + * nssCKFWSlot_GetSlotID + * + */ +NSS_IMPLEMENT CK_SLOT_ID +nssCKFWSlot_GetSlotID +( + NSSCKFWSlot *fwSlot +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { + return (CK_SLOT_ID)0; + } +#endif /* NSSDEBUG */ + + return fwSlot->slotID; +} + +/* + * nssCKFWSlot_GetSlotDescription + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWSlot_GetSlotDescription +( + NSSCKFWSlot *fwSlot, + CK_CHAR slotDescription[64] +) +{ + CK_RV error = CKR_OK; + +#ifdef NSSDEBUG + if( (CK_CHAR_PTR)NULL == slotDescription ) { + return CKR_ARGUMENTS_BAD; + } + + error = nssCKFWSlot_verifyPointer(fwSlot); + if( CKR_OK != error ) { + return error; + } +#endif /* NSSDEBUG */ + + error = nssCKFWMutex_Lock(fwSlot->mutex); + if( CKR_OK != error ) { + return error; + } + + if (!fwSlot->slotDescription) { + if (fwSlot->mdSlot->GetSlotDescription) { + fwSlot->slotDescription = fwSlot->mdSlot->GetSlotDescription( + fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, + fwSlot->fwInstance, &error); + if ((!fwSlot->slotDescription) && (CKR_OK != error)) { + goto done; + } + } else { + fwSlot->slotDescription = (NSSUTF8 *) ""; + } + } + + (void)nssUTF8_CopyIntoFixedBuffer(fwSlot->slotDescription, (char *)slotDescription, 64, ' '); + error = CKR_OK; + + done: + (void)nssCKFWMutex_Unlock(fwSlot->mutex); + return error; +} + +/* + * nssCKFWSlot_GetManufacturerID + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWSlot_GetManufacturerID +( + NSSCKFWSlot *fwSlot, + CK_CHAR manufacturerID[32] +) +{ + CK_RV error = CKR_OK; + +#ifdef NSSDEBUG + if( (CK_CHAR_PTR)NULL == manufacturerID ) { + return CKR_ARGUMENTS_BAD; + } + + error = nssCKFWSlot_verifyPointer(fwSlot); + if( CKR_OK != error ) { + return error; + } +#endif /* NSSDEBUG */ + + error = nssCKFWMutex_Lock(fwSlot->mutex); + if( CKR_OK != error ) { + return error; + } + + if (!fwSlot->manufacturerID) { + if (fwSlot->mdSlot->GetManufacturerID) { + fwSlot->manufacturerID = fwSlot->mdSlot->GetManufacturerID( + fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, + fwSlot->fwInstance, &error); + if ((!fwSlot->manufacturerID) && (CKR_OK != error)) { + goto done; + } + } else { + fwSlot->manufacturerID = (NSSUTF8 *) ""; + } + } + + (void)nssUTF8_CopyIntoFixedBuffer(fwSlot->manufacturerID, (char *)manufacturerID, 32, ' '); + error = CKR_OK; + + done: + (void)nssCKFWMutex_Unlock(fwSlot->mutex); + return error; +} + +/* + * nssCKFWSlot_GetTokenPresent + * + */ +NSS_IMPLEMENT CK_BBOOL +nssCKFWSlot_GetTokenPresent +( + NSSCKFWSlot *fwSlot +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { + return CK_FALSE; + } +#endif /* NSSDEBUG */ + + if (!fwSlot->mdSlot->GetTokenPresent) { + return CK_TRUE; + } + + return fwSlot->mdSlot->GetTokenPresent(fwSlot->mdSlot, fwSlot, + fwSlot->mdInstance, fwSlot->fwInstance); +} + +/* + * nssCKFWSlot_GetRemovableDevice + * + */ +NSS_IMPLEMENT CK_BBOOL +nssCKFWSlot_GetRemovableDevice +( + NSSCKFWSlot *fwSlot +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { + return CK_FALSE; + } +#endif /* NSSDEBUG */ + + if (!fwSlot->mdSlot->GetRemovableDevice) { + return CK_FALSE; + } + + return fwSlot->mdSlot->GetRemovableDevice(fwSlot->mdSlot, fwSlot, + fwSlot->mdInstance, fwSlot->fwInstance); +} + +/* + * nssCKFWSlot_GetHardwareSlot + * + */ +NSS_IMPLEMENT CK_BBOOL +nssCKFWSlot_GetHardwareSlot +( + NSSCKFWSlot *fwSlot +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { + return CK_FALSE; + } +#endif /* NSSDEBUG */ + + if (!fwSlot->mdSlot->GetHardwareSlot) { + return CK_FALSE; + } + + return fwSlot->mdSlot->GetHardwareSlot(fwSlot->mdSlot, fwSlot, + fwSlot->mdInstance, fwSlot->fwInstance); +} + +/* + * nssCKFWSlot_GetHardwareVersion + * + */ +NSS_IMPLEMENT CK_VERSION +nssCKFWSlot_GetHardwareVersion +( + NSSCKFWSlot *fwSlot +) +{ + CK_VERSION rv; + +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { + rv.major = rv.minor = 0; + return rv; + } +#endif /* NSSDEBUG */ + + if( CKR_OK != nssCKFWMutex_Lock(fwSlot->mutex) ) { + rv.major = rv.minor = 0; + return rv; + } + + if( (0 != fwSlot->hardwareVersion.major) || + (0 != fwSlot->hardwareVersion.minor) ) { + rv = fwSlot->hardwareVersion; + goto done; + } + + if (fwSlot->mdSlot->GetHardwareVersion) { + fwSlot->hardwareVersion = fwSlot->mdSlot->GetHardwareVersion( + fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, fwSlot->fwInstance); + } else { + fwSlot->hardwareVersion.major = 0; + fwSlot->hardwareVersion.minor = 1; + } + + rv = fwSlot->hardwareVersion; + done: + (void)nssCKFWMutex_Unlock(fwSlot->mutex); + return rv; +} + +/* + * nssCKFWSlot_GetFirmwareVersion + * + */ +NSS_IMPLEMENT CK_VERSION +nssCKFWSlot_GetFirmwareVersion +( + NSSCKFWSlot *fwSlot +) +{ + CK_VERSION rv; + +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { + rv.major = rv.minor = 0; + return rv; + } +#endif /* NSSDEBUG */ + + if( CKR_OK != nssCKFWMutex_Lock(fwSlot->mutex) ) { + rv.major = rv.minor = 0; + return rv; + } + + if( (0 != fwSlot->firmwareVersion.major) || + (0 != fwSlot->firmwareVersion.minor) ) { + rv = fwSlot->firmwareVersion; + goto done; + } + + if (fwSlot->mdSlot->GetFirmwareVersion) { + fwSlot->firmwareVersion = fwSlot->mdSlot->GetFirmwareVersion( + fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, fwSlot->fwInstance); + } else { + fwSlot->firmwareVersion.major = 0; + fwSlot->firmwareVersion.minor = 1; + } + + rv = fwSlot->firmwareVersion; + done: + (void)nssCKFWMutex_Unlock(fwSlot->mutex); + return rv; +} + +/* + * nssCKFWSlot_GetToken + * + */ +NSS_IMPLEMENT NSSCKFWToken * +nssCKFWSlot_GetToken +( + NSSCKFWSlot *fwSlot, + CK_RV *pError +) +{ + NSSCKMDToken *mdToken; + NSSCKFWToken *fwToken; + +#ifdef NSSDEBUG + if (!pError) { + return (NSSCKFWToken *)NULL; + } + + *pError = nssCKFWSlot_verifyPointer(fwSlot); + if( CKR_OK != *pError ) { + return (NSSCKFWToken *)NULL; + } +#endif /* NSSDEBUG */ + + *pError = nssCKFWMutex_Lock(fwSlot->mutex); + if( CKR_OK != *pError ) { + return (NSSCKFWToken *)NULL; + } + + if (!fwSlot->fwToken) { + if (!fwSlot->mdSlot->GetToken) { + *pError = CKR_GENERAL_ERROR; + fwToken = (NSSCKFWToken *)NULL; + goto done; + } + + mdToken = fwSlot->mdSlot->GetToken(fwSlot->mdSlot, fwSlot, + fwSlot->mdInstance, fwSlot->fwInstance, pError); + if (!mdToken) { + if( CKR_OK == *pError ) { + *pError = CKR_GENERAL_ERROR; + } + return (NSSCKFWToken *)NULL; + } + + fwToken = nssCKFWToken_Create(fwSlot, mdToken, pError); + fwSlot->fwToken = fwToken; + } else { + fwToken = fwSlot->fwToken; + } + + done: + (void)nssCKFWMutex_Unlock(fwSlot->mutex); + return fwToken; +} + +/* + * nssCKFWSlot_ClearToken + * + */ +NSS_IMPLEMENT void +nssCKFWSlot_ClearToken +( + NSSCKFWSlot *fwSlot +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { + return; + } +#endif /* NSSDEBUG */ + + if( CKR_OK != nssCKFWMutex_Lock(fwSlot->mutex) ) { + /* Now what? */ + return; + } + + fwSlot->fwToken = (NSSCKFWToken *)NULL; + (void)nssCKFWMutex_Unlock(fwSlot->mutex); + return; +} + +/* + * NSSCKFWSlot_GetMDSlot + * + */ + +NSS_IMPLEMENT NSSCKMDSlot * +NSSCKFWSlot_GetMDSlot +( + NSSCKFWSlot *fwSlot +) +{ +#ifdef DEBUG + if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { + return (NSSCKMDSlot *)NULL; + } +#endif /* DEBUG */ + + return nssCKFWSlot_GetMDSlot(fwSlot); +} + +/* + * NSSCKFWSlot_GetFWInstance + * + */ + +NSS_IMPLEMENT NSSCKFWInstance * +NSSCKFWSlot_GetFWInstance +( + NSSCKFWSlot *fwSlot +) +{ +#ifdef DEBUG + if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { + return (NSSCKFWInstance *)NULL; + } +#endif /* DEBUG */ + + return nssCKFWSlot_GetFWInstance(fwSlot); +} + +/* + * NSSCKFWSlot_GetMDInstance + * + */ + +NSS_IMPLEMENT NSSCKMDInstance * +NSSCKFWSlot_GetMDInstance +( + NSSCKFWSlot *fwSlot +) +{ +#ifdef DEBUG + if( CKR_OK != nssCKFWSlot_verifyPointer(fwSlot) ) { + return (NSSCKMDInstance *)NULL; + } +#endif /* DEBUG */ + + return nssCKFWSlot_GetMDInstance(fwSlot); +} diff --git a/security/nss/lib/ckfw/token.c b/security/nss/lib/ckfw/token.c new file mode 100644 index 000000000..7e2493885 --- /dev/null +++ b/security/nss/lib/ckfw/token.c @@ -0,0 +1,1928 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +/* + * token.c + * + * This file implements the NSSCKFWToken type and methods. + */ + +#ifndef CK_T +#include "ck.h" +#endif /* CK_T */ + +/* + * NSSCKFWToken + * + * -- create/destroy -- + * nssCKFWToken_Create + * nssCKFWToken_Destroy + * + * -- public accessors -- + * NSSCKFWToken_GetMDToken + * NSSCKFWToken_GetFWSlot + * NSSCKFWToken_GetMDSlot + * NSSCKFWToken_GetSessionState + * + * -- implement public accessors -- + * nssCKFWToken_GetMDToken + * nssCKFWToken_GetFWSlot + * nssCKFWToken_GetMDSlot + * nssCKFWToken_GetSessionState + * nssCKFWToken_SetSessionState + * + * -- private accessors -- + * nssCKFWToken_SetSessionState + * nssCKFWToken_RemoveSession + * nssCKFWToken_CloseAllSessions + * nssCKFWToken_GetSessionCount + * nssCKFWToken_GetRwSessionCount + * nssCKFWToken_GetRoSessionCount + * nssCKFWToken_GetSessionObjectHash + * nssCKFWToken_GetMDObjectHash + * nssCKFWToken_GetObjectHandleHash + * + * -- module fronts -- + * nssCKFWToken_InitToken + * nssCKFWToken_GetLabel + * nssCKFWToken_GetManufacturerID + * nssCKFWToken_GetModel + * nssCKFWToken_GetSerialNumber + * nssCKFWToken_GetHasRNG + * nssCKFWToken_GetIsWriteProtected + * nssCKFWToken_GetLoginRequired + * nssCKFWToken_GetUserPinInitialized + * nssCKFWToken_GetRestoreKeyNotNeeded + * nssCKFWToken_GetHasClockOnToken + * nssCKFWToken_GetHasProtectedAuthenticationPath + * nssCKFWToken_GetSupportsDualCryptoOperations + * nssCKFWToken_GetMaxSessionCount + * nssCKFWToken_GetMaxRwSessionCount + * nssCKFWToken_GetMaxPinLen + * nssCKFWToken_GetMinPinLen + * nssCKFWToken_GetTotalPublicMemory + * nssCKFWToken_GetFreePublicMemory + * nssCKFWToken_GetTotalPrivateMemory + * nssCKFWToken_GetFreePrivateMemory + * nssCKFWToken_GetHardwareVersion + * nssCKFWToken_GetFirmwareVersion + * nssCKFWToken_GetUTCTime + * nssCKFWToken_OpenSession + * nssCKFWToken_GetMechanismCount + * nssCKFWToken_GetMechanismTypes + * nssCKFWToken_GetMechanism + */ + +struct NSSCKFWTokenStr { + NSSCKFWMutex *mutex; + NSSArena *arena; + NSSCKMDToken *mdToken; + NSSCKFWSlot *fwSlot; + NSSCKMDSlot *mdSlot; + NSSCKFWInstance *fwInstance; + NSSCKMDInstance *mdInstance; + + /* + * Everything above is set at creation time, and then not modified. + * The invariants the mutex protects are: + * + * 1) Each of the cached descriptions (versions, etc.) are in an + * internally consistant state. + * + * 2) The session counts and hashes are consistant. + * + * 3) The object hashes are consistant. + * + * Note that the calls accessing the cached descriptions will call + * the NSSCKMDToken methods with the mutex locked. Those methods + * may then call the public NSSCKFWToken routines. Those public + * routines only access the constant data above and the atomic + * CK_STATE session state variable below, so there's no problem. + * But be careful if you add to this object; mutexes are in + * general not reentrant, so don't create deadlock situations. + */ + + NSSUTF8 *label; + NSSUTF8 *manufacturerID; + NSSUTF8 *model; + NSSUTF8 *serialNumber; + CK_VERSION hardwareVersion; + CK_VERSION firmwareVersion; + + CK_ULONG sessionCount; + CK_ULONG rwSessionCount; + nssCKFWHash *sessions; + nssCKFWHash *sessionObjectHash; + nssCKFWHash *mdObjectHash; + nssCKFWHash *mdMechanismHash; + + CK_STATE state; +}; + +#ifdef DEBUG +/* + * But first, the pointer-tracking stuff. + * + * NOTE: the pointer-tracking support in NSS/base currently relies + * upon NSPR's CallOnce support. That, however, relies upon NSPR's + * locking, which is tied into the runtime. We need a pointer-tracker + * implementation that uses the locks supplied through C_Initialize. + * That support, however, can be filled in later. So for now, I'll + * just do this routines as no-ops. + */ + +static CK_RV +token_add_pointer +( + const NSSCKFWToken *fwToken +) +{ + return CKR_OK; +} + +static CK_RV +token_remove_pointer +( + const NSSCKFWToken *fwToken +) +{ + return CKR_OK; +} + +NSS_IMPLEMENT CK_RV +nssCKFWToken_verifyPointer +( + const NSSCKFWToken *fwToken +) +{ + return CKR_OK; +} + +#endif /* DEBUG */ + +/* + * nssCKFWToken_Create + * + */ +NSS_IMPLEMENT NSSCKFWToken * +nssCKFWToken_Create +( + NSSCKFWSlot *fwSlot, + NSSCKMDToken *mdToken, + CK_RV *pError +) +{ + NSSArena *arena = (NSSArena *)NULL; + NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; + CK_BBOOL called_setup = CK_FALSE; + + /* + * We have already verified the arguments in nssCKFWSlot_GetToken. + */ + + arena = NSSArena_Create(); + if (!arena) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + fwToken = nss_ZNEW(arena, NSSCKFWToken); + if (!fwToken) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + + fwToken->arena = arena; + fwToken->mdToken = mdToken; + fwToken->fwSlot = fwSlot; + fwToken->fwInstance = nssCKFWSlot_GetFWInstance(fwSlot); + fwToken->mdInstance = nssCKFWSlot_GetMDInstance(fwSlot); + fwToken->state = CKS_RO_PUBLIC_SESSION; /* some default */ + fwToken->sessionCount = 0; + fwToken->rwSessionCount = 0; + + fwToken->mutex = nssCKFWInstance_CreateMutex(fwToken->fwInstance, arena, pError); + if (!fwToken->mutex) { + if( CKR_OK == *pError ) { + *pError = CKR_GENERAL_ERROR; + } + goto loser; + } + + fwToken->sessions = nssCKFWHash_Create(fwToken->fwInstance, arena, pError); + if (!fwToken->sessions) { + if( CKR_OK == *pError ) { + *pError = CKR_GENERAL_ERROR; + } + goto loser; + } + + if( CK_TRUE != nssCKFWInstance_GetModuleHandlesSessionObjects( + fwToken->fwInstance) ) { + fwToken->sessionObjectHash = nssCKFWHash_Create(fwToken->fwInstance, + arena, pError); + if (!fwToken->sessionObjectHash) { + if( CKR_OK == *pError ) { + *pError = CKR_GENERAL_ERROR; + } + goto loser; + } + } + + fwToken->mdObjectHash = nssCKFWHash_Create(fwToken->fwInstance, + arena, pError); + if (!fwToken->mdObjectHash) { + if( CKR_OK == *pError ) { + *pError = CKR_GENERAL_ERROR; + } + goto loser; + } + + fwToken->mdMechanismHash = nssCKFWHash_Create(fwToken->fwInstance, + arena, pError); + if (!fwToken->mdMechanismHash) { + if( CKR_OK == *pError ) { + *pError = CKR_GENERAL_ERROR; + } + goto loser; + } + + /* More here */ + + if (mdToken->Setup) { + *pError = mdToken->Setup(mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance); + if( CKR_OK != *pError ) { + goto loser; + } + } + + called_setup = CK_TRUE; + +#ifdef DEBUG + *pError = token_add_pointer(fwToken); + if( CKR_OK != *pError ) { + goto loser; + } +#endif /* DEBUG */ + + *pError = CKR_OK; + return fwToken; + + loser: + + if( CK_TRUE == called_setup ) { + if (mdToken->Invalidate) { + mdToken->Invalidate(mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance); + } + } + + if (arena) { + (void)NSSArena_Destroy(arena); + } + + return (NSSCKFWToken *)NULL; +} + +static void +nss_ckfwtoken_session_iterator +( + const void *key, + void *value, + void *closure +) +{ + /* + * Remember that the fwToken->mutex is locked + */ + NSSCKFWSession *fwSession = (NSSCKFWSession *)value; + (void)nssCKFWSession_Destroy(fwSession, CK_FALSE); + return; +} + +static void +nss_ckfwtoken_object_iterator +( + const void *key, + void *value, + void *closure +) +{ + /* + * Remember that the fwToken->mutex is locked + */ + NSSCKFWObject *fwObject = (NSSCKFWObject *)value; + (void)nssCKFWObject_Finalize(fwObject, CK_FALSE); + return; +} + +/* + * nssCKFWToken_Destroy + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWToken_Destroy +( + NSSCKFWToken *fwToken +) +{ + CK_RV error = CKR_OK; + +#ifdef NSSDEBUG + error = nssCKFWToken_verifyPointer(fwToken); + if( CKR_OK != error ) { + return error; + } +#endif /* NSSDEBUG */ + + (void)nssCKFWMutex_Destroy(fwToken->mutex); + + if (fwToken->mdToken->Invalidate) { + fwToken->mdToken->Invalidate(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); + } + /* we can destroy the list without locking now because no one else is + * referencing us (or _Destroy was invalidly called!) + */ + nssCKFWHash_Iterate(fwToken->sessions, nss_ckfwtoken_session_iterator, + (void *)NULL); + nssCKFWHash_Destroy(fwToken->sessions); + + /* session objects go away when their sessions are removed */ + if (fwToken->sessionObjectHash) { + nssCKFWHash_Destroy(fwToken->sessionObjectHash); + } + + /* free up the token objects */ + if (fwToken->mdObjectHash) { + nssCKFWHash_Iterate(fwToken->mdObjectHash, nss_ckfwtoken_object_iterator, + (void *)NULL); + nssCKFWHash_Destroy(fwToken->mdObjectHash); + } + if (fwToken->mdMechanismHash) { + nssCKFWHash_Destroy(fwToken->mdMechanismHash); + } + + nssCKFWSlot_ClearToken(fwToken->fwSlot); + +#ifdef DEBUG + error = token_remove_pointer(fwToken); +#endif /* DEBUG */ + + (void)NSSArena_Destroy(fwToken->arena); + return error; +} + +/* + * nssCKFWToken_GetMDToken + * + */ +NSS_IMPLEMENT NSSCKMDToken * +nssCKFWToken_GetMDToken +( + NSSCKFWToken *fwToken +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { + return (NSSCKMDToken *)NULL; + } +#endif /* NSSDEBUG */ + + return fwToken->mdToken; +} + +/* + * nssCKFWToken_GetArena + * + */ +NSS_IMPLEMENT NSSArena * +nssCKFWToken_GetArena +( + NSSCKFWToken *fwToken, + CK_RV *pError +) +{ +#ifdef NSSDEBUG + if (!pError) { + return (NSSArena *)NULL; + } + + *pError = nssCKFWToken_verifyPointer(fwToken); + if( CKR_OK != *pError ) { + return (NSSArena *)NULL; + } +#endif /* NSSDEBUG */ + + return fwToken->arena; +} + +/* + * nssCKFWToken_GetFWSlot + * + */ +NSS_IMPLEMENT NSSCKFWSlot * +nssCKFWToken_GetFWSlot +( + NSSCKFWToken *fwToken +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { + return (NSSCKFWSlot *)NULL; + } +#endif /* NSSDEBUG */ + + return fwToken->fwSlot; +} + +/* + * nssCKFWToken_GetMDSlot + * + */ +NSS_IMPLEMENT NSSCKMDSlot * +nssCKFWToken_GetMDSlot +( + NSSCKFWToken *fwToken +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { + return (NSSCKMDSlot *)NULL; + } +#endif /* NSSDEBUG */ + + return fwToken->mdSlot; +} + +/* + * nssCKFWToken_GetSessionState + * + */ +NSS_IMPLEMENT CK_STATE +nssCKFWToken_GetSessionState +( + NSSCKFWToken *fwToken +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { + return CKS_RO_PUBLIC_SESSION; /* whatever */ + } +#endif /* NSSDEBUG */ + + /* + * BTW, do not lock the token in this method. + */ + + /* + * Theoretically, there is no state if there aren't any + * sessions open. But then we'd need to worry about + * reporting an error, etc. What the heck-- let's just + * revert to CKR_RO_PUBLIC_SESSION as the "default." + */ + + return fwToken->state; +} + +/* + * nssCKFWToken_InitToken + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWToken_InitToken +( + NSSCKFWToken *fwToken, + NSSItem *pin, + NSSUTF8 *label +) +{ + CK_RV error; + +#ifdef NSSDEBUG + error = nssCKFWToken_verifyPointer(fwToken); + if( CKR_OK != error ) { + return CKR_ARGUMENTS_BAD; + } +#endif /* NSSDEBUG */ + + error = nssCKFWMutex_Lock(fwToken->mutex); + if( CKR_OK != error ) { + return error; + } + + if( fwToken->sessionCount > 0 ) { + error = CKR_SESSION_EXISTS; + goto done; + } + + if (!fwToken->mdToken->InitToken) { + error = CKR_DEVICE_ERROR; + goto done; + } + + if (!pin) { + if( nssCKFWToken_GetHasProtectedAuthenticationPath(fwToken) ) { + ; /* okay */ + } else { + error = CKR_PIN_INCORRECT; + goto done; + } + } + + if (!label) { + label = (NSSUTF8 *) ""; + } + + error = fwToken->mdToken->InitToken(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance, pin, label); + + done: + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return error; +} + +/* + * nssCKFWToken_GetLabel + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWToken_GetLabel +( + NSSCKFWToken *fwToken, + CK_CHAR label[32] +) +{ + CK_RV error = CKR_OK; + +#ifdef NSSDEBUG + if( (CK_CHAR_PTR)NULL == label ) { + return CKR_ARGUMENTS_BAD; + } + + error = nssCKFWToken_verifyPointer(fwToken); + if( CKR_OK != error ) { + return error; + } +#endif /* NSSDEBUG */ + + error = nssCKFWMutex_Lock(fwToken->mutex); + if( CKR_OK != error ) { + return error; + } + + if (!fwToken->label) { + if (fwToken->mdToken->GetLabel) { + fwToken->label = fwToken->mdToken->GetLabel(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance, &error); + if ((!fwToken->label) && (CKR_OK != error)) { + goto done; + } + } else { + fwToken->label = (NSSUTF8 *) ""; + } + } + + (void)nssUTF8_CopyIntoFixedBuffer(fwToken->label, (char *)label, 32, ' '); + error = CKR_OK; + + done: + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return error; +} + +/* + * nssCKFWToken_GetManufacturerID + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWToken_GetManufacturerID +( + NSSCKFWToken *fwToken, + CK_CHAR manufacturerID[32] +) +{ + CK_RV error = CKR_OK; + +#ifdef NSSDEBUG + if( (CK_CHAR_PTR)NULL == manufacturerID ) { + return CKR_ARGUMENTS_BAD; + } + + error = nssCKFWToken_verifyPointer(fwToken); + if( CKR_OK != error ) { + return error; + } +#endif /* NSSDEBUG */ + + error = nssCKFWMutex_Lock(fwToken->mutex); + if( CKR_OK != error ) { + return error; + } + + if (!fwToken->manufacturerID) { + if (fwToken->mdToken->GetManufacturerID) { + fwToken->manufacturerID = fwToken->mdToken->GetManufacturerID(fwToken->mdToken, + fwToken, fwToken->mdInstance, fwToken->fwInstance, &error); + if ((!fwToken->manufacturerID) && (CKR_OK != error)) { + goto done; + } + } else { + fwToken->manufacturerID = (NSSUTF8 *)""; + } + } + + (void)nssUTF8_CopyIntoFixedBuffer(fwToken->manufacturerID, (char *)manufacturerID, 32, ' '); + error = CKR_OK; + + done: + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return error; +} + +/* + * nssCKFWToken_GetModel + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWToken_GetModel +( + NSSCKFWToken *fwToken, + CK_CHAR model[16] +) +{ + CK_RV error = CKR_OK; + +#ifdef NSSDEBUG + if( (CK_CHAR_PTR)NULL == model ) { + return CKR_ARGUMENTS_BAD; + } + + error = nssCKFWToken_verifyPointer(fwToken); + if( CKR_OK != error ) { + return error; + } +#endif /* NSSDEBUG */ + + error = nssCKFWMutex_Lock(fwToken->mutex); + if( CKR_OK != error ) { + return error; + } + + if (!fwToken->model) { + if (fwToken->mdToken->GetModel) { + fwToken->model = fwToken->mdToken->GetModel(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance, &error); + if ((!fwToken->model) && (CKR_OK != error)) { + goto done; + } + } else { + fwToken->model = (NSSUTF8 *)""; + } + } + + (void)nssUTF8_CopyIntoFixedBuffer(fwToken->model, (char *)model, 16, ' '); + error = CKR_OK; + + done: + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return error; +} + +/* + * nssCKFWToken_GetSerialNumber + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWToken_GetSerialNumber +( + NSSCKFWToken *fwToken, + CK_CHAR serialNumber[16] +) +{ + CK_RV error = CKR_OK; + +#ifdef NSSDEBUG + if( (CK_CHAR_PTR)NULL == serialNumber ) { + return CKR_ARGUMENTS_BAD; + } + + error = nssCKFWToken_verifyPointer(fwToken); + if( CKR_OK != error ) { + return error; + } +#endif /* NSSDEBUG */ + + error = nssCKFWMutex_Lock(fwToken->mutex); + if( CKR_OK != error ) { + return error; + } + + if (!fwToken->serialNumber) { + if (fwToken->mdToken->GetSerialNumber) { + fwToken->serialNumber = fwToken->mdToken->GetSerialNumber(fwToken->mdToken, + fwToken, fwToken->mdInstance, fwToken->fwInstance, &error); + if ((!fwToken->serialNumber) && (CKR_OK != error)) { + goto done; + } + } else { + fwToken->serialNumber = (NSSUTF8 *)""; + } + } + + (void)nssUTF8_CopyIntoFixedBuffer(fwToken->serialNumber, (char *)serialNumber, 16, ' '); + error = CKR_OK; + + done: + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return error; +} + + +/* + * nssCKFWToken_GetHasRNG + * + */ +NSS_IMPLEMENT CK_BBOOL +nssCKFWToken_GetHasRNG +( + NSSCKFWToken *fwToken +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { + return CK_FALSE; + } +#endif /* NSSDEBUG */ + + if (!fwToken->mdToken->GetHasRNG) { + return CK_FALSE; + } + + return fwToken->mdToken->GetHasRNG(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); +} + +/* + * nssCKFWToken_GetIsWriteProtected + * + */ +NSS_IMPLEMENT CK_BBOOL +nssCKFWToken_GetIsWriteProtected +( + NSSCKFWToken *fwToken +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { + return CK_FALSE; + } +#endif /* NSSDEBUG */ + + if (!fwToken->mdToken->GetIsWriteProtected) { + return CK_FALSE; + } + + return fwToken->mdToken->GetIsWriteProtected(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); +} + +/* + * nssCKFWToken_GetLoginRequired + * + */ +NSS_IMPLEMENT CK_BBOOL +nssCKFWToken_GetLoginRequired +( + NSSCKFWToken *fwToken +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { + return CK_FALSE; + } +#endif /* NSSDEBUG */ + + if (!fwToken->mdToken->GetLoginRequired) { + return CK_FALSE; + } + + return fwToken->mdToken->GetLoginRequired(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); +} + +/* + * nssCKFWToken_GetUserPinInitialized + * + */ +NSS_IMPLEMENT CK_BBOOL +nssCKFWToken_GetUserPinInitialized +( + NSSCKFWToken *fwToken +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { + return CK_FALSE; + } +#endif /* NSSDEBUG */ + + if (!fwToken->mdToken->GetUserPinInitialized) { + return CK_FALSE; + } + + return fwToken->mdToken->GetUserPinInitialized(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); +} + +/* + * nssCKFWToken_GetRestoreKeyNotNeeded + * + */ +NSS_IMPLEMENT CK_BBOOL +nssCKFWToken_GetRestoreKeyNotNeeded +( + NSSCKFWToken *fwToken +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { + return CK_FALSE; + } +#endif /* NSSDEBUG */ + + if (!fwToken->mdToken->GetRestoreKeyNotNeeded) { + return CK_FALSE; + } + + return fwToken->mdToken->GetRestoreKeyNotNeeded(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); +} + +/* + * nssCKFWToken_GetHasClockOnToken + * + */ +NSS_IMPLEMENT CK_BBOOL +nssCKFWToken_GetHasClockOnToken +( + NSSCKFWToken *fwToken +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { + return CK_FALSE; + } +#endif /* NSSDEBUG */ + + if (!fwToken->mdToken->GetHasClockOnToken) { + return CK_FALSE; + } + + return fwToken->mdToken->GetHasClockOnToken(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); +} + +/* + * nssCKFWToken_GetHasProtectedAuthenticationPath + * + */ +NSS_IMPLEMENT CK_BBOOL +nssCKFWToken_GetHasProtectedAuthenticationPath +( + NSSCKFWToken *fwToken +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { + return CK_FALSE; + } +#endif /* NSSDEBUG */ + + if (!fwToken->mdToken->GetHasProtectedAuthenticationPath) { + return CK_FALSE; + } + + return fwToken->mdToken->GetHasProtectedAuthenticationPath(fwToken->mdToken, + fwToken, fwToken->mdInstance, fwToken->fwInstance); +} + +/* + * nssCKFWToken_GetSupportsDualCryptoOperations + * + */ +NSS_IMPLEMENT CK_BBOOL +nssCKFWToken_GetSupportsDualCryptoOperations +( + NSSCKFWToken *fwToken +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { + return CK_FALSE; + } +#endif /* NSSDEBUG */ + + if (!fwToken->mdToken->GetSupportsDualCryptoOperations) { + return CK_FALSE; + } + + return fwToken->mdToken->GetSupportsDualCryptoOperations(fwToken->mdToken, + fwToken, fwToken->mdInstance, fwToken->fwInstance); +} + +/* + * nssCKFWToken_GetMaxSessionCount + * + */ +NSS_IMPLEMENT CK_ULONG +nssCKFWToken_GetMaxSessionCount +( + NSSCKFWToken *fwToken +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { + return CK_UNAVAILABLE_INFORMATION; + } +#endif /* NSSDEBUG */ + + if (!fwToken->mdToken->GetMaxSessionCount) { + return CK_UNAVAILABLE_INFORMATION; + } + + return fwToken->mdToken->GetMaxSessionCount(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); +} + +/* + * nssCKFWToken_GetMaxRwSessionCount + * + */ +NSS_IMPLEMENT CK_ULONG +nssCKFWToken_GetMaxRwSessionCount +( + NSSCKFWToken *fwToken +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { + return CK_UNAVAILABLE_INFORMATION; + } +#endif /* NSSDEBUG */ + + if (!fwToken->mdToken->GetMaxRwSessionCount) { + return CK_UNAVAILABLE_INFORMATION; + } + + return fwToken->mdToken->GetMaxRwSessionCount(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); +} + +/* + * nssCKFWToken_GetMaxPinLen + * + */ +NSS_IMPLEMENT CK_ULONG +nssCKFWToken_GetMaxPinLen +( + NSSCKFWToken *fwToken +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { + return CK_UNAVAILABLE_INFORMATION; + } +#endif /* NSSDEBUG */ + + if (!fwToken->mdToken->GetMaxPinLen) { + return CK_UNAVAILABLE_INFORMATION; + } + + return fwToken->mdToken->GetMaxPinLen(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); +} + +/* + * nssCKFWToken_GetMinPinLen + * + */ +NSS_IMPLEMENT CK_ULONG +nssCKFWToken_GetMinPinLen +( + NSSCKFWToken *fwToken +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { + return CK_UNAVAILABLE_INFORMATION; + } +#endif /* NSSDEBUG */ + + if (!fwToken->mdToken->GetMinPinLen) { + return CK_UNAVAILABLE_INFORMATION; + } + + return fwToken->mdToken->GetMinPinLen(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); +} + +/* + * nssCKFWToken_GetTotalPublicMemory + * + */ +NSS_IMPLEMENT CK_ULONG +nssCKFWToken_GetTotalPublicMemory +( + NSSCKFWToken *fwToken +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { + return CK_UNAVAILABLE_INFORMATION; + } +#endif /* NSSDEBUG */ + + if (!fwToken->mdToken->GetTotalPublicMemory) { + return CK_UNAVAILABLE_INFORMATION; + } + + return fwToken->mdToken->GetTotalPublicMemory(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); +} + +/* + * nssCKFWToken_GetFreePublicMemory + * + */ +NSS_IMPLEMENT CK_ULONG +nssCKFWToken_GetFreePublicMemory +( + NSSCKFWToken *fwToken +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { + return CK_UNAVAILABLE_INFORMATION; + } +#endif /* NSSDEBUG */ + + if (!fwToken->mdToken->GetFreePublicMemory) { + return CK_UNAVAILABLE_INFORMATION; + } + + return fwToken->mdToken->GetFreePublicMemory(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); +} + +/* + * nssCKFWToken_GetTotalPrivateMemory + * + */ +NSS_IMPLEMENT CK_ULONG +nssCKFWToken_GetTotalPrivateMemory +( + NSSCKFWToken *fwToken +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { + return CK_UNAVAILABLE_INFORMATION; + } +#endif /* NSSDEBUG */ + + if (!fwToken->mdToken->GetTotalPrivateMemory) { + return CK_UNAVAILABLE_INFORMATION; + } + + return fwToken->mdToken->GetTotalPrivateMemory(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); +} + +/* + * nssCKFWToken_GetFreePrivateMemory + * + */ +NSS_IMPLEMENT CK_ULONG +nssCKFWToken_GetFreePrivateMemory +( + NSSCKFWToken *fwToken +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { + return CK_UNAVAILABLE_INFORMATION; + } +#endif /* NSSDEBUG */ + + if (!fwToken->mdToken->GetFreePrivateMemory) { + return CK_UNAVAILABLE_INFORMATION; + } + + return fwToken->mdToken->GetFreePrivateMemory(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); +} + +/* + * nssCKFWToken_GetHardwareVersion + * + */ +NSS_IMPLEMENT CK_VERSION +nssCKFWToken_GetHardwareVersion +( + NSSCKFWToken *fwToken +) +{ + CK_VERSION rv; + +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { + rv.major = rv.minor = 0; + return rv; + } +#endif /* NSSDEBUG */ + + if( CKR_OK != nssCKFWMutex_Lock(fwToken->mutex) ) { + rv.major = rv.minor = 0; + return rv; + } + + if( (0 != fwToken->hardwareVersion.major) || + (0 != fwToken->hardwareVersion.minor) ) { + rv = fwToken->hardwareVersion; + goto done; + } + + if (fwToken->mdToken->GetHardwareVersion) { + fwToken->hardwareVersion = fwToken->mdToken->GetHardwareVersion( + fwToken->mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance); + } else { + fwToken->hardwareVersion.major = 0; + fwToken->hardwareVersion.minor = 1; + } + + rv = fwToken->hardwareVersion; + + done: + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return rv; +} + +/* + * nssCKFWToken_GetFirmwareVersion + * + */ +NSS_IMPLEMENT CK_VERSION +nssCKFWToken_GetFirmwareVersion +( + NSSCKFWToken *fwToken +) +{ + CK_VERSION rv; + +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { + rv.major = rv.minor = 0; + return rv; + } +#endif /* NSSDEBUG */ + + if( CKR_OK != nssCKFWMutex_Lock(fwToken->mutex) ) { + rv.major = rv.minor = 0; + return rv; + } + + if( (0 != fwToken->firmwareVersion.major) || + (0 != fwToken->firmwareVersion.minor) ) { + rv = fwToken->firmwareVersion; + goto done; + } + + if (fwToken->mdToken->GetFirmwareVersion) { + fwToken->firmwareVersion = fwToken->mdToken->GetFirmwareVersion( + fwToken->mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance); + } else { + fwToken->firmwareVersion.major = 0; + fwToken->firmwareVersion.minor = 1; + } + + rv = fwToken->firmwareVersion; + + done: + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return rv; +} + +/* + * nssCKFWToken_GetUTCTime + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWToken_GetUTCTime +( + NSSCKFWToken *fwToken, + CK_CHAR utcTime[16] +) +{ + CK_RV error = CKR_OK; + +#ifdef NSSDEBUG + error = nssCKFWToken_verifyPointer(fwToken); + if( CKR_OK != error ) { + return error; + } + + if( (CK_CHAR_PTR)NULL == utcTime ) { + return CKR_ARGUMENTS_BAD; + } +#endif /* DEBUG */ + + if( CK_TRUE != nssCKFWToken_GetHasClockOnToken(fwToken) ) { + /* return CKR_DEVICE_ERROR; */ + (void)nssUTF8_CopyIntoFixedBuffer((NSSUTF8 *)NULL, (char *)utcTime, 16, ' '); + return CKR_OK; + } + + if (!fwToken->mdToken->GetUTCTime) { + /* It said it had one! */ + return CKR_GENERAL_ERROR; + } + + error = fwToken->mdToken->GetUTCTime(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance, utcTime); + if( CKR_OK != error ) { + return error; + } + + /* Sanity-check the data */ + { + /* Format is YYYYMMDDhhmmss00 */ + int i; + int Y, M, D, h, m, s, z; + static int dims[] = { 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }; + + for( i = 0; i < 16; i++ ) { + if( (utcTime[i] < '0') || (utcTime[i] > '9') ) { + goto badtime; + } + } + + Y = ((utcTime[ 0] - '0') * 1000) + ((utcTime[1] - '0') * 100) + + ((utcTime[ 2] - '0') * 10) + (utcTime[ 3] - '0'); + M = ((utcTime[ 4] - '0') * 10) + (utcTime[ 5] - '0'); + D = ((utcTime[ 6] - '0') * 10) + (utcTime[ 7] - '0'); + h = ((utcTime[ 8] - '0') * 10) + (utcTime[ 9] - '0'); + m = ((utcTime[10] - '0') * 10) + (utcTime[11] - '0'); + s = ((utcTime[12] - '0') * 10) + (utcTime[13] - '0'); + z = ((utcTime[14] - '0') * 10) + (utcTime[15] - '0'); + + if( (Y < 1990) || (Y > 3000) ) goto badtime; /* Y3K problem. heh heh heh */ + if( (M < 1) || (M > 12) ) goto badtime; + if( (D < 1) || (D > 31) ) goto badtime; + + if( D > dims[M-1] ) goto badtime; /* per-month check */ + if( (2 == M) && (((Y%4)||!(Y%100))&&(Y%400)) && (D > 28) ) goto badtime; /* leap years */ + + if( (h < 0) || (h > 23) ) goto badtime; + if( (m < 0) || (m > 60) ) goto badtime; + if( (s < 0) || (s > 61) ) goto badtime; + + /* 60m and 60 or 61s is only allowed for leap seconds. */ + if( (60 == m) || (s >= 60) ) { + if( (23 != h) || (60 != m) || (s < 60) ) goto badtime; + /* leap seconds can only happen on June 30 or Dec 31.. I think */ + /* if( ((6 != M) || (30 != D)) && ((12 != M) || (31 != D)) ) goto badtime; */ + } + } + + return CKR_OK; + + badtime: + return CKR_GENERAL_ERROR; +} + +/* + * nssCKFWToken_OpenSession + * + */ +NSS_IMPLEMENT NSSCKFWSession * +nssCKFWToken_OpenSession +( + NSSCKFWToken *fwToken, + CK_BBOOL rw, + CK_VOID_PTR pApplication, + CK_NOTIFY Notify, + CK_RV *pError +) +{ + NSSCKFWSession *fwSession = (NSSCKFWSession *)NULL; + NSSCKMDSession *mdSession; + +#ifdef NSSDEBUG + if (!pError) { + return (NSSCKFWSession *)NULL; + } + + *pError = nssCKFWToken_verifyPointer(fwToken); + if( CKR_OK != *pError ) { + return (NSSCKFWSession *)NULL; + } + + switch( rw ) { + case CK_TRUE: + case CK_FALSE: + break; + default: + *pError = CKR_ARGUMENTS_BAD; + return (NSSCKFWSession *)NULL; + } +#endif /* NSSDEBUG */ + + *pError = nssCKFWMutex_Lock(fwToken->mutex); + if( CKR_OK != *pError ) { + return (NSSCKFWSession *)NULL; + } + + if( CK_TRUE == rw ) { + /* Read-write session desired */ + if( CK_TRUE == nssCKFWToken_GetIsWriteProtected(fwToken) ) { + *pError = CKR_TOKEN_WRITE_PROTECTED; + goto done; + } + } else { + /* Read-only session desired */ + if( CKS_RW_SO_FUNCTIONS == nssCKFWToken_GetSessionState(fwToken) ) { + *pError = CKR_SESSION_READ_WRITE_SO_EXISTS; + goto done; + } + } + + /* We could compare sesion counts to any limits we know of, I guess.. */ + + if (!fwToken->mdToken->OpenSession) { + /* + * I'm not sure that the Module actually needs to implement + * mdSessions -- the Framework can keep track of everything + * needed, really. But I'll sort out that detail later.. + */ + *pError = CKR_GENERAL_ERROR; + goto done; + } + + fwSession = nssCKFWSession_Create(fwToken, rw, pApplication, Notify, pError); + if (!fwSession) { + if( CKR_OK == *pError ) { + *pError = CKR_GENERAL_ERROR; + } + goto done; + } + + mdSession = fwToken->mdToken->OpenSession(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance, fwSession, + rw, pError); + if (!mdSession) { + (void)nssCKFWSession_Destroy(fwSession, CK_FALSE); + if( CKR_OK == *pError ) { + *pError = CKR_GENERAL_ERROR; + } + goto done; + } + + *pError = nssCKFWSession_SetMDSession(fwSession, mdSession); + if( CKR_OK != *pError ) { + if (mdSession->Close) { + mdSession->Close(mdSession, fwSession, fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); + } + (void)nssCKFWSession_Destroy(fwSession, CK_FALSE); + goto done; + } + + *pError = nssCKFWHash_Add(fwToken->sessions, fwSession, fwSession); + if( CKR_OK != *pError ) { + (void)nssCKFWSession_Destroy(fwSession, CK_FALSE); + fwSession = (NSSCKFWSession *)NULL; + goto done; + } + + done: + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return fwSession; +} + +/* + * nssCKFWToken_GetMechanismCount + * + */ +NSS_IMPLEMENT CK_ULONG +nssCKFWToken_GetMechanismCount +( + NSSCKFWToken *fwToken +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { + return 0; + } +#endif /* NSSDEBUG */ + + if (!fwToken->mdToken->GetMechanismCount) { + return 0; + } + + return fwToken->mdToken->GetMechanismCount(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); +} + +/* + * nssCKFWToken_GetMechanismTypes + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWToken_GetMechanismTypes +( + NSSCKFWToken *fwToken, + CK_MECHANISM_TYPE types[] +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { + return CKR_ARGUMENTS_BAD; + } + + if (!types) { + return CKR_ARGUMENTS_BAD; + } +#endif /* NSSDEBUG */ + + if (!fwToken->mdToken->GetMechanismTypes) { + /* + * This should only be called with a sufficiently-large + * "types" array, which can only be done if GetMechanismCount + * is implemented. If that's implemented (and returns nonzero), + * then this should be too. So return an error. + */ + return CKR_GENERAL_ERROR; + } + + return fwToken->mdToken->GetMechanismTypes(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance, types); +} + + +/* + * nssCKFWToken_GetMechanism + * + */ +NSS_IMPLEMENT NSSCKFWMechanism * +nssCKFWToken_GetMechanism +( + NSSCKFWToken *fwToken, + CK_MECHANISM_TYPE which, + CK_RV *pError +) +{ + NSSCKMDMechanism *mdMechanism; + if (!fwToken->mdMechanismHash) { + *pError = CKR_GENERAL_ERROR; + return (NSSCKFWMechanism *)NULL; + } + + if (!fwToken->mdToken->GetMechanism) { + /* + * If we don't implement any GetMechanism function, then we must + * not support any. + */ + *pError = CKR_MECHANISM_INVALID; + return (NSSCKFWMechanism *)NULL; + } + + /* lookup in hash table */ + mdMechanism = fwToken->mdToken->GetMechanism(fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance, which, pError); + if (!mdMechanism) { + return (NSSCKFWMechanism *) NULL; + } + /* store in hash table */ + return nssCKFWMechanism_Create(mdMechanism, fwToken->mdToken, fwToken, + fwToken->mdInstance, fwToken->fwInstance); +} + +NSS_IMPLEMENT CK_RV +nssCKFWToken_SetSessionState +( + NSSCKFWToken *fwToken, + CK_STATE newState +) +{ + CK_RV error = CKR_OK; + +#ifdef NSSDEBUG + error = nssCKFWToken_verifyPointer(fwToken); + if( CKR_OK != error ) { + return error; + } + + switch( newState ) { + case CKS_RO_PUBLIC_SESSION: + case CKS_RO_USER_FUNCTIONS: + case CKS_RW_PUBLIC_SESSION: + case CKS_RW_USER_FUNCTIONS: + case CKS_RW_SO_FUNCTIONS: + break; + default: + return CKR_ARGUMENTS_BAD; + } +#endif /* NSSDEBUG */ + + error = nssCKFWMutex_Lock(fwToken->mutex); + if( CKR_OK != error ) { + return error; + } + + fwToken->state = newState; + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return CKR_OK; +} + +/* + * nssCKFWToken_RemoveSession + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWToken_RemoveSession +( + NSSCKFWToken *fwToken, + NSSCKFWSession *fwSession +) +{ + CK_RV error = CKR_OK; + +#ifdef NSSDEBUG + error = nssCKFWToken_verifyPointer(fwToken); + if( CKR_OK != error ) { + return error; + } + + error = nssCKFWSession_verifyPointer(fwSession); + if( CKR_OK != error ) { + return error; + } +#endif /* NSSDEBUG */ + + error = nssCKFWMutex_Lock(fwToken->mutex); + if( CKR_OK != error ) { + return error; + } + + if( CK_TRUE != nssCKFWHash_Exists(fwToken->sessions, fwSession) ) { + error = CKR_SESSION_HANDLE_INVALID; + goto done; + } + + nssCKFWHash_Remove(fwToken->sessions, fwSession); + fwToken->sessionCount--; + + if( nssCKFWSession_IsRWSession(fwSession) ) { + fwToken->rwSessionCount--; + } + + if( 0 == fwToken->sessionCount ) { + fwToken->rwSessionCount = 0; /* sanity */ + fwToken->state = CKS_RO_PUBLIC_SESSION; /* some default */ + } + + error = CKR_OK; + + done: + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return error; +} + + +/* + * nssCKFWToken_CloseAllSessions + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWToken_CloseAllSessions +( + NSSCKFWToken *fwToken +) +{ + CK_RV error = CKR_OK; + +#ifdef NSSDEBUG + error = nssCKFWToken_verifyPointer(fwToken); + if( CKR_OK != error ) { + return error; + } +#endif /* NSSDEBUG */ + + error = nssCKFWMutex_Lock(fwToken->mutex); + if( CKR_OK != error ) { + return error; + } + + nssCKFWHash_Iterate(fwToken->sessions, nss_ckfwtoken_session_iterator, (void *)NULL); + + nssCKFWHash_Destroy(fwToken->sessions); + + fwToken->sessions = nssCKFWHash_Create(fwToken->fwInstance, fwToken->arena, &error); + if (!fwToken->sessions) { + if( CKR_OK == error ) { + error = CKR_GENERAL_ERROR; + } + goto done; + } + + fwToken->state = CKS_RO_PUBLIC_SESSION; /* some default */ + fwToken->sessionCount = 0; + fwToken->rwSessionCount = 0; + + error = CKR_OK; + + done: + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return error; +} + +/* + * nssCKFWToken_GetSessionCount + * + */ +NSS_IMPLEMENT CK_ULONG +nssCKFWToken_GetSessionCount +( + NSSCKFWToken *fwToken +) +{ + CK_ULONG rv; + +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { + return (CK_ULONG)0; + } +#endif /* NSSDEBUG */ + + if( CKR_OK != nssCKFWMutex_Lock(fwToken->mutex) ) { + return (CK_ULONG)0; + } + + rv = fwToken->sessionCount; + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return rv; +} + +/* + * nssCKFWToken_GetRwSessionCount + * + */ +NSS_IMPLEMENT CK_ULONG +nssCKFWToken_GetRwSessionCount +( + NSSCKFWToken *fwToken +) +{ + CK_ULONG rv; + +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { + return (CK_ULONG)0; + } +#endif /* NSSDEBUG */ + + if( CKR_OK != nssCKFWMutex_Lock(fwToken->mutex) ) { + return (CK_ULONG)0; + } + + rv = fwToken->rwSessionCount; + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return rv; +} + +/* + * nssCKFWToken_GetRoSessionCount + * + */ +NSS_IMPLEMENT CK_ULONG +nssCKFWToken_GetRoSessionCount +( + NSSCKFWToken *fwToken +) +{ + CK_ULONG rv; + +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { + return (CK_ULONG)0; + } +#endif /* NSSDEBUG */ + + if( CKR_OK != nssCKFWMutex_Lock(fwToken->mutex) ) { + return (CK_ULONG)0; + } + + rv = fwToken->sessionCount - fwToken->rwSessionCount; + (void)nssCKFWMutex_Unlock(fwToken->mutex); + return rv; +} + +/* + * nssCKFWToken_GetSessionObjectHash + * + */ +NSS_IMPLEMENT nssCKFWHash * +nssCKFWToken_GetSessionObjectHash +( + NSSCKFWToken *fwToken +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { + return (nssCKFWHash *)NULL; + } +#endif /* NSSDEBUG */ + + return fwToken->sessionObjectHash; +} + +/* + * nssCKFWToken_GetMDObjectHash + * + */ +NSS_IMPLEMENT nssCKFWHash * +nssCKFWToken_GetMDObjectHash +( + NSSCKFWToken *fwToken +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { + return (nssCKFWHash *)NULL; + } +#endif /* NSSDEBUG */ + + return fwToken->mdObjectHash; +} + +/* + * nssCKFWToken_GetObjectHandleHash + * + */ +NSS_IMPLEMENT nssCKFWHash * +nssCKFWToken_GetObjectHandleHash +( + NSSCKFWToken *fwToken +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { + return (nssCKFWHash *)NULL; + } +#endif /* NSSDEBUG */ + + return fwToken->mdObjectHash; +} + +/* + * NSSCKFWToken_GetMDToken + * + */ + +NSS_IMPLEMENT NSSCKMDToken * +NSSCKFWToken_GetMDToken +( + NSSCKFWToken *fwToken +) +{ +#ifdef DEBUG + if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { + return (NSSCKMDToken *)NULL; + } +#endif /* DEBUG */ + + return nssCKFWToken_GetMDToken(fwToken); +} + +/* + * NSSCKFWToken_GetArena + * + */ + +NSS_IMPLEMENT NSSArena * +NSSCKFWToken_GetArena +( + NSSCKFWToken *fwToken, + CK_RV *pError +) +{ +#ifdef DEBUG + if (!pError) { + return (NSSArena *)NULL; + } + + if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { + *pError = CKR_ARGUMENTS_BAD; + return (NSSArena *)NULL; + } +#endif /* DEBUG */ + + return nssCKFWToken_GetArena(fwToken, pError); +} + +/* + * NSSCKFWToken_GetFWSlot + * + */ + +NSS_IMPLEMENT NSSCKFWSlot * +NSSCKFWToken_GetFWSlot +( + NSSCKFWToken *fwToken +) +{ +#ifdef DEBUG + if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { + return (NSSCKFWSlot *)NULL; + } +#endif /* DEBUG */ + + return nssCKFWToken_GetFWSlot(fwToken); +} + +/* + * NSSCKFWToken_GetMDSlot + * + */ + +NSS_IMPLEMENT NSSCKMDSlot * +NSSCKFWToken_GetMDSlot +( + NSSCKFWToken *fwToken +) +{ +#ifdef DEBUG + if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { + return (NSSCKMDSlot *)NULL; + } +#endif /* DEBUG */ + + return nssCKFWToken_GetMDSlot(fwToken); +} + +/* + * NSSCKFWToken_GetSessionState + * + */ + +NSS_IMPLEMENT CK_STATE +NSSCKFWSession_GetSessionState +( + NSSCKFWToken *fwToken +) +{ +#ifdef DEBUG + if( CKR_OK != nssCKFWToken_verifyPointer(fwToken) ) { + return CKS_RO_PUBLIC_SESSION; + } +#endif /* DEBUG */ + + return nssCKFWToken_GetSessionState(fwToken); +} diff --git a/security/nss/lib/ckfw/wrap.c b/security/nss/lib/ckfw/wrap.c new file mode 100644 index 000000000..4d01dc5ea --- /dev/null +++ b/security/nss/lib/ckfw/wrap.c @@ -0,0 +1,5708 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +/* + * wrap.c + * + * This file contains the routines that actually implement the cryptoki + * API, using the internal APIs of the NSS Cryptoki Framework. There is + * one routine here for every cryptoki routine. For linking reasons + * the actual entry points passed back with C_GetFunctionList have to + * exist in one of the Module's source files; however, those are merely + * simple wrappers that call these routines. The intelligence of the + * implementations is here. + */ + +#ifndef CK_T +#include "ck.h" +#endif /* CK_T */ + +/* + * NSSCKFWC_Initialize + * NSSCKFWC_Finalize + * NSSCKFWC_GetInfo + * -- NSSCKFWC_GetFunctionList -- see the API insert file + * NSSCKFWC_GetSlotList + * NSSCKFWC_GetSlotInfo + * NSSCKFWC_GetTokenInfo + * NSSCKFWC_WaitForSlotEvent + * NSSCKFWC_GetMechanismList + * NSSCKFWC_GetMechanismInfo + * NSSCKFWC_InitToken + * NSSCKFWC_InitPIN + * NSSCKFWC_SetPIN + * NSSCKFWC_OpenSession + * NSSCKFWC_CloseSession + * NSSCKFWC_CloseAllSessions + * NSSCKFWC_GetSessionInfo + * NSSCKFWC_GetOperationState + * NSSCKFWC_SetOperationState + * NSSCKFWC_Login + * NSSCKFWC_Logout + * NSSCKFWC_CreateObject + * NSSCKFWC_CopyObject + * NSSCKFWC_DestroyObject + * NSSCKFWC_GetObjectSize + * NSSCKFWC_GetAttributeValue + * NSSCKFWC_SetAttributeValue + * NSSCKFWC_FindObjectsInit + * NSSCKFWC_FindObjects + * NSSCKFWC_FindObjectsFinal + * NSSCKFWC_EncryptInit + * NSSCKFWC_Encrypt + * NSSCKFWC_EncryptUpdate + * NSSCKFWC_EncryptFinal + * NSSCKFWC_DecryptInit + * NSSCKFWC_Decrypt + * NSSCKFWC_DecryptUpdate + * NSSCKFWC_DecryptFinal + * NSSCKFWC_DigestInit + * NSSCKFWC_Digest + * NSSCKFWC_DigestUpdate + * NSSCKFWC_DigestKey + * NSSCKFWC_DigestFinal + * NSSCKFWC_SignInit + * NSSCKFWC_Sign + * NSSCKFWC_SignUpdate + * NSSCKFWC_SignFinal + * NSSCKFWC_SignRecoverInit + * NSSCKFWC_SignRecover + * NSSCKFWC_VerifyInit + * NSSCKFWC_Verify + * NSSCKFWC_VerifyUpdate + * NSSCKFWC_VerifyFinal + * NSSCKFWC_VerifyRecoverInit + * NSSCKFWC_VerifyRecover + * NSSCKFWC_DigestEncryptUpdate + * NSSCKFWC_DecryptDigestUpdate + * NSSCKFWC_SignEncryptUpdate + * NSSCKFWC_DecryptVerifyUpdate + * NSSCKFWC_GenerateKey + * NSSCKFWC_GenerateKeyPair + * NSSCKFWC_WrapKey + * NSSCKFWC_UnwrapKey + * NSSCKFWC_DeriveKey + * NSSCKFWC_SeedRandom + * NSSCKFWC_GenerateRandom + * NSSCKFWC_GetFunctionStatus + * NSSCKFWC_CancelFunction + */ + +/* figure out out locking semantics */ +static CK_RV +nssCKFW_GetThreadSafeState(CK_C_INITIALIZE_ARGS_PTR pInitArgs, + CryptokiLockingState *pLocking_state) { + int functionCount = 0; + + /* parsed according to (PKCS #11 Section 11.4) */ + /* no args, the degenerate version of case 1 */ + if (!pInitArgs) { + *pLocking_state = SingleThreaded; + return CKR_OK; + } + + /* CKF_OS_LOCKING_OK set, Cases 2 and 4 */ + if (pInitArgs->flags & CKF_OS_LOCKING_OK) { + *pLocking_state = MultiThreaded; + return CKR_OK; + } + if ((CK_CREATEMUTEX) NULL != pInitArgs->CreateMutex) functionCount++; + if ((CK_DESTROYMUTEX) NULL != pInitArgs->DestroyMutex) functionCount++; + if ((CK_LOCKMUTEX) NULL != pInitArgs->LockMutex) functionCount++; + if ((CK_UNLOCKMUTEX) NULL != pInitArgs->UnlockMutex) functionCount++; + + /* CKF_OS_LOCKING_OK is not set, and not functions supplied, + * explicit case 1 */ + if (0 == functionCount) { + *pLocking_state = SingleThreaded; + return CKR_OK; + } + + /* OS_LOCKING_OK is not set and functions have been supplied. Since + * ckfw uses nssbase library which explicitly calls NSPR, and since + * there is no way to reliably override these explicit calls to NSPR, + * therefore we can't support applications which have their own threading + * module. Return CKR_CANT_LOCK if they supplied the correct number of + * arguments, or CKR_ARGUMENTS_BAD if they did not in either case we will + * fail the initialize */ + return (4 == functionCount) ? CKR_CANT_LOCK : CKR_ARGUMENTS_BAD; +} + +static PRInt32 liveInstances; + +/* + * NSSCKFWC_Initialize + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_Initialize +( + NSSCKFWInstance **pFwInstance, + NSSCKMDInstance *mdInstance, + CK_VOID_PTR pInitArgs +) +{ + CK_RV error = CKR_OK; + CryptokiLockingState locking_state; + + if( (NSSCKFWInstance **)NULL == pFwInstance ) { + error = CKR_GENERAL_ERROR; + goto loser; + } + + if (*pFwInstance) { + error = CKR_CRYPTOKI_ALREADY_INITIALIZED; + goto loser; + } + + if (!mdInstance) { + error = CKR_GENERAL_ERROR; + goto loser; + } + + error = nssCKFW_GetThreadSafeState(pInitArgs,&locking_state); + if( CKR_OK != error ) { + goto loser; + } + + *pFwInstance = nssCKFWInstance_Create(pInitArgs, locking_state, mdInstance, &error); + if (!*pFwInstance) { + goto loser; + } + PR_ATOMIC_INCREMENT(&liveInstances); + return CKR_OK; + + loser: + switch( error ) { + case CKR_ARGUMENTS_BAD: + case CKR_CANT_LOCK: + case CKR_CRYPTOKI_ALREADY_INITIALIZED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_NEED_TO_CREATE_THREADS: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; +} + +/* + * NSSCKFWC_Finalize + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_Finalize +( + NSSCKFWInstance **pFwInstance +) +{ + CK_RV error = CKR_OK; + + if( (NSSCKFWInstance **)NULL == pFwInstance ) { + error = CKR_GENERAL_ERROR; + goto loser; + } + + if (!*pFwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + error = nssCKFWInstance_Destroy(*pFwInstance); + + /* In any case */ + *pFwInstance = (NSSCKFWInstance *)NULL; + + loser: + switch( error ) { + PRInt32 remainingInstances; + case CKR_OK: + remainingInstances = PR_ATOMIC_DECREMENT(&liveInstances); + if (!remainingInstances) { + nssArena_Shutdown(); + } + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + break; + default: + error = CKR_GENERAL_ERROR; + break; + } + + /* + * A thread's error stack is automatically destroyed when the thread + * terminates or, for the primordial thread, by PR_Cleanup. On + * Windows with MinGW, the thread private data destructor PR_Free + * registered by this module is actually a thunk for PR_Free defined + * in this module. When the thread that unloads this module terminates + * or calls PR_Cleanup, the thunk for PR_Free is already gone with the + * module. Therefore we need to destroy the error stack before the + * module is unloaded. + */ + nss_DestroyErrorStack(); + return error; +} + +/* + * NSSCKFWC_GetInfo + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_GetInfo +( + NSSCKFWInstance *fwInstance, + CK_INFO_PTR pInfo +) +{ + CK_RV error = CKR_OK; + + if( (CK_INFO_PTR)CK_NULL_PTR == pInfo ) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + /* + * A purify error here means a caller error + */ + (void)nsslibc_memset(pInfo, 0, sizeof(CK_INFO)); + + pInfo->cryptokiVersion = nssCKFWInstance_GetCryptokiVersion(fwInstance); + + error = nssCKFWInstance_GetManufacturerID(fwInstance, pInfo->manufacturerID); + if( CKR_OK != error ) { + goto loser; + } + + pInfo->flags = nssCKFWInstance_GetFlags(fwInstance); + + error = nssCKFWInstance_GetLibraryDescription(fwInstance, pInfo->libraryDescription); + if( CKR_OK != error ) { + goto loser; + } + + pInfo->libraryVersion = nssCKFWInstance_GetLibraryVersion(fwInstance); + + return CKR_OK; + + loser: + switch( error ) { + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + break; + default: + error = CKR_GENERAL_ERROR; + break; + } + + return error; +} + +/* + * C_GetFunctionList is implemented entirely in the Module's file which + * includes the Framework API insert file. It requires no "actual" + * NSSCKFW routine. + */ + +/* + * NSSCKFWC_GetSlotList + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_GetSlotList +( + NSSCKFWInstance *fwInstance, + CK_BBOOL tokenPresent, + CK_SLOT_ID_PTR pSlotList, + CK_ULONG_PTR pulCount +) +{ + CK_RV error = CKR_OK; + CK_ULONG nSlots; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + switch( tokenPresent ) { + case CK_TRUE: + case CK_FALSE: + break; + default: + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + if( (CK_ULONG_PTR)CK_NULL_PTR == pulCount ) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); + if( (CK_ULONG)0 == nSlots ) { + goto loser; + } + + if( (CK_SLOT_ID_PTR)CK_NULL_PTR == pSlotList ) { + *pulCount = nSlots; + return CKR_OK; + } + + /* + * A purify error here indicates caller error. + */ + (void)nsslibc_memset(pSlotList, 0, *pulCount * sizeof(CK_SLOT_ID)); + + if( *pulCount < nSlots ) { + *pulCount = nSlots; + error = CKR_BUFFER_TOO_SMALL; + goto loser; + } else { + CK_ULONG i; + *pulCount = nSlots; + + /* + * Our secret "mapping": CK_SLOT_IDs are integers [1,N], and we + * just index one when we need it. + */ + + for( i = 0; i < nSlots; i++ ) { + pSlotList[i] = i+1; + } + + return CKR_OK; + } + + loser: + switch( error ) { + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; +} + +/* + * NSSCKFWC_GetSlotInfo + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_GetSlotInfo +( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID, + CK_SLOT_INFO_PTR pInfo +) +{ + CK_RV error = CKR_OK; + CK_ULONG nSlots; + NSSCKFWSlot **slots; + NSSCKFWSlot *fwSlot; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); + if( (CK_ULONG)0 == nSlots ) { + goto loser; + } + + if( (slotID < 1) || (slotID > nSlots) ) { + error = CKR_SLOT_ID_INVALID; + goto loser; + } + + if( (CK_SLOT_INFO_PTR)CK_NULL_PTR == pInfo ) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + /* + * A purify error here indicates caller error. + */ + (void)nsslibc_memset(pInfo, 0, sizeof(CK_SLOT_INFO)); + + slots = nssCKFWInstance_GetSlots(fwInstance, &error); + if( (NSSCKFWSlot **)NULL == slots ) { + goto loser; + } + + fwSlot = slots[ slotID-1 ]; + + error = nssCKFWSlot_GetSlotDescription(fwSlot, pInfo->slotDescription); + if( CKR_OK != error ) { + goto loser; + } + + error = nssCKFWSlot_GetManufacturerID(fwSlot, pInfo->manufacturerID); + if( CKR_OK != error ) { + goto loser; + } + + if( nssCKFWSlot_GetTokenPresent(fwSlot) ) { + pInfo->flags |= CKF_TOKEN_PRESENT; + } + + if( nssCKFWSlot_GetRemovableDevice(fwSlot) ) { + pInfo->flags |= CKF_REMOVABLE_DEVICE; + } + + if( nssCKFWSlot_GetHardwareSlot(fwSlot) ) { + pInfo->flags |= CKF_HW_SLOT; + } + + pInfo->hardwareVersion = nssCKFWSlot_GetHardwareVersion(fwSlot); + pInfo->firmwareVersion = nssCKFWSlot_GetFirmwareVersion(fwSlot); + + return CKR_OK; + + loser: + switch( error ) { + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_SLOT_ID_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + } + + return error; +} + +/* + * NSSCKFWC_GetTokenInfo + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_GetTokenInfo +( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID, + CK_TOKEN_INFO_PTR pInfo +) +{ + CK_RV error = CKR_OK; + CK_ULONG nSlots; + NSSCKFWSlot **slots; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); + if( (CK_ULONG)0 == nSlots ) { + goto loser; + } + + if( (slotID < 1) || (slotID > nSlots) ) { + error = CKR_SLOT_ID_INVALID; + goto loser; + } + + if( (CK_TOKEN_INFO_PTR)CK_NULL_PTR == pInfo ) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + /* + * A purify error here indicates caller error. + */ + (void)nsslibc_memset(pInfo, 0, sizeof(CK_TOKEN_INFO)); + + slots = nssCKFWInstance_GetSlots(fwInstance, &error); + if( (NSSCKFWSlot **)NULL == slots ) { + goto loser; + } + + fwSlot = slots[ slotID-1 ]; + + if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + error = nssCKFWToken_GetLabel(fwToken, pInfo->label); + if( CKR_OK != error ) { + goto loser; + } + + error = nssCKFWToken_GetManufacturerID(fwToken, pInfo->manufacturerID); + if( CKR_OK != error ) { + goto loser; + } + + error = nssCKFWToken_GetModel(fwToken, pInfo->model); + if( CKR_OK != error ) { + goto loser; + } + + error = nssCKFWToken_GetSerialNumber(fwToken, pInfo->serialNumber); + if( CKR_OK != error ) { + goto loser; + } + + if( nssCKFWToken_GetHasRNG(fwToken) ) { + pInfo->flags |= CKF_RNG; + } + + if( nssCKFWToken_GetIsWriteProtected(fwToken) ) { + pInfo->flags |= CKF_WRITE_PROTECTED; + } + + if( nssCKFWToken_GetLoginRequired(fwToken) ) { + pInfo->flags |= CKF_LOGIN_REQUIRED; + } + + if( nssCKFWToken_GetUserPinInitialized(fwToken) ) { + pInfo->flags |= CKF_USER_PIN_INITIALIZED; + } + + if( nssCKFWToken_GetRestoreKeyNotNeeded(fwToken) ) { + pInfo->flags |= CKF_RESTORE_KEY_NOT_NEEDED; + } + + if( nssCKFWToken_GetHasClockOnToken(fwToken) ) { + pInfo->flags |= CKF_CLOCK_ON_TOKEN; + } + + if( nssCKFWToken_GetHasProtectedAuthenticationPath(fwToken) ) { + pInfo->flags |= CKF_PROTECTED_AUTHENTICATION_PATH; + } + + if( nssCKFWToken_GetSupportsDualCryptoOperations(fwToken) ) { + pInfo->flags |= CKF_DUAL_CRYPTO_OPERATIONS; + } + + pInfo->ulMaxSessionCount = nssCKFWToken_GetMaxSessionCount(fwToken); + pInfo->ulSessionCount = nssCKFWToken_GetSessionCount(fwToken); + pInfo->ulMaxRwSessionCount = nssCKFWToken_GetMaxRwSessionCount(fwToken); + pInfo->ulRwSessionCount= nssCKFWToken_GetRwSessionCount(fwToken); + pInfo->ulMaxPinLen = nssCKFWToken_GetMaxPinLen(fwToken); + pInfo->ulMinPinLen = nssCKFWToken_GetMinPinLen(fwToken); + pInfo->ulTotalPublicMemory = nssCKFWToken_GetTotalPublicMemory(fwToken); + pInfo->ulFreePublicMemory = nssCKFWToken_GetFreePublicMemory(fwToken); + pInfo->ulTotalPrivateMemory = nssCKFWToken_GetTotalPrivateMemory(fwToken); + pInfo->ulFreePrivateMemory = nssCKFWToken_GetFreePrivateMemory(fwToken); + pInfo->hardwareVersion = nssCKFWToken_GetHardwareVersion(fwToken); + pInfo->firmwareVersion = nssCKFWToken_GetFirmwareVersion(fwToken); + + error = nssCKFWToken_GetUTCTime(fwToken, pInfo->utcTime); + if( CKR_OK != error ) { + goto loser; + } + + return CKR_OK; + + loser: + switch( error ) { + case CKR_DEVICE_REMOVED: + case CKR_TOKEN_NOT_PRESENT: + if (fwToken) + nssCKFWToken_Destroy(fwToken); + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_SLOT_ID_INVALID: + case CKR_TOKEN_NOT_RECOGNIZED: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; +} + +/* + * NSSCKFWC_WaitForSlotEvent + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_WaitForSlotEvent +( + NSSCKFWInstance *fwInstance, + CK_FLAGS flags, + CK_SLOT_ID_PTR pSlot, + CK_VOID_PTR pReserved +) +{ + CK_RV error = CKR_OK; + CK_ULONG nSlots; + CK_BBOOL block; + NSSCKFWSlot **slots; + NSSCKFWSlot *fwSlot; + CK_ULONG i; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + if( flags & ~CKF_DONT_BLOCK ) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + block = (flags & CKF_DONT_BLOCK) ? CK_TRUE : CK_FALSE; + + nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); + if( (CK_ULONG)0 == nSlots ) { + goto loser; + } + + if( (CK_SLOT_ID_PTR)CK_NULL_PTR == pSlot ) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + if( (CK_VOID_PTR)CK_NULL_PTR != pReserved ) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + slots = nssCKFWInstance_GetSlots(fwInstance, &error); + if( (NSSCKFWSlot **)NULL == slots ) { + goto loser; + } + + fwSlot = nssCKFWInstance_WaitForSlotEvent(fwInstance, block, &error); + if (!fwSlot) { + goto loser; + } + + for( i = 0; i < nSlots; i++ ) { + if( fwSlot == slots[i] ) { + *pSlot = (CK_SLOT_ID)(CK_ULONG)(i+1); + return CKR_OK; + } + } + + error = CKR_GENERAL_ERROR; /* returned something not in the slot list */ + + loser: + switch( error ) { + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_NO_EVENT: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; +} + +/* + * NSSCKFWC_GetMechanismList + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_GetMechanismList +( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID, + CK_MECHANISM_TYPE_PTR pMechanismList, + CK_ULONG_PTR pulCount +) +{ + CK_RV error = CKR_OK; + CK_ULONG nSlots; + NSSCKFWSlot **slots; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; + CK_ULONG count; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); + if( (CK_ULONG)0 == nSlots ) { + goto loser; + } + + if( (slotID < 1) || (slotID > nSlots) ) { + error = CKR_SLOT_ID_INVALID; + goto loser; + } + + if( (CK_ULONG_PTR)CK_NULL_PTR == pulCount ) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + slots = nssCKFWInstance_GetSlots(fwInstance, &error); + if( (NSSCKFWSlot **)NULL == slots ) { + goto loser; + } + + fwSlot = slots[ slotID-1 ]; + + if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + count = nssCKFWToken_GetMechanismCount(fwToken); + + if( (CK_MECHANISM_TYPE_PTR)CK_NULL_PTR == pMechanismList ) { + *pulCount = count; + return CKR_OK; + } + + if( *pulCount < count ) { + *pulCount = count; + error = CKR_BUFFER_TOO_SMALL; + goto loser; + } + + /* + * A purify error here indicates caller error. + */ + (void)nsslibc_memset(pMechanismList, 0, *pulCount * sizeof(CK_MECHANISM_TYPE)); + + *pulCount = count; + + if( 0 != count ) { + error = nssCKFWToken_GetMechanismTypes(fwToken, pMechanismList); + } else { + error = CKR_OK; + } + + if( CKR_OK == error ) { + return CKR_OK; + } + + loser: + switch( error ) { + case CKR_DEVICE_REMOVED: + case CKR_TOKEN_NOT_PRESENT: + if (fwToken) + nssCKFWToken_Destroy(fwToken); + break; + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_SLOT_ID_INVALID: + case CKR_TOKEN_NOT_RECOGNIZED: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; +} + +/* + * NSSCKFWC_GetMechanismInfo + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_GetMechanismInfo +( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID, + CK_MECHANISM_TYPE type, + CK_MECHANISM_INFO_PTR pInfo +) +{ + CK_RV error = CKR_OK; + CK_ULONG nSlots; + NSSCKFWSlot **slots; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; + NSSCKFWMechanism *fwMechanism; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); + if( (CK_ULONG)0 == nSlots ) { + goto loser; + } + + if( (slotID < 1) || (slotID > nSlots) ) { + error = CKR_SLOT_ID_INVALID; + goto loser; + } + + slots = nssCKFWInstance_GetSlots(fwInstance, &error); + if( (NSSCKFWSlot **)NULL == slots ) { + goto loser; + } + + fwSlot = slots[ slotID-1 ]; + + if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + if( (CK_MECHANISM_INFO_PTR)CK_NULL_PTR == pInfo ) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + /* + * A purify error here indicates caller error. + */ + (void)nsslibc_memset(pInfo, 0, sizeof(CK_MECHANISM_INFO)); + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, type, &error); + if (!fwMechanism) { + goto loser; + } + + pInfo->ulMinKeySize = nssCKFWMechanism_GetMinKeySize(fwMechanism, &error); + pInfo->ulMaxKeySize = nssCKFWMechanism_GetMaxKeySize(fwMechanism, &error); + + if( nssCKFWMechanism_GetInHardware(fwMechanism, &error) ) { + pInfo->flags |= CKF_HW; + } + if( nssCKFWMechanism_GetCanEncrypt(fwMechanism, &error) ) { + pInfo->flags |= CKF_ENCRYPT; + } + if( nssCKFWMechanism_GetCanDecrypt(fwMechanism, &error) ) { + pInfo->flags |= CKF_DECRYPT; + } + if( nssCKFWMechanism_GetCanDigest(fwMechanism, &error) ) { + pInfo->flags |= CKF_DIGEST; + } + if( nssCKFWMechanism_GetCanSign(fwMechanism, &error) ) { + pInfo->flags |= CKF_SIGN; + } + if( nssCKFWMechanism_GetCanSignRecover(fwMechanism, &error) ) { + pInfo->flags |= CKF_SIGN_RECOVER; + } + if( nssCKFWMechanism_GetCanVerify(fwMechanism, &error) ) { + pInfo->flags |= CKF_VERIFY; + } + if( nssCKFWMechanism_GetCanVerifyRecover(fwMechanism, &error) ) { + pInfo->flags |= CKF_VERIFY_RECOVER; + } + if( nssCKFWMechanism_GetCanGenerate(fwMechanism, &error) ) { + pInfo->flags |= CKF_GENERATE; + } + if( nssCKFWMechanism_GetCanGenerateKeyPair(fwMechanism, &error) ) { + pInfo->flags |= CKF_GENERATE_KEY_PAIR; + } + if( nssCKFWMechanism_GetCanWrap(fwMechanism, &error) ) { + pInfo->flags |= CKF_WRAP; + } + if( nssCKFWMechanism_GetCanUnwrap(fwMechanism, &error) ) { + pInfo->flags |= CKF_UNWRAP; + } + if( nssCKFWMechanism_GetCanDerive(fwMechanism, &error) ) { + pInfo->flags |= CKF_DERIVE; + } + nssCKFWMechanism_Destroy(fwMechanism); + + return error; + + loser: + switch( error ) { + case CKR_DEVICE_REMOVED: + case CKR_TOKEN_NOT_PRESENT: + if (fwToken) + nssCKFWToken_Destroy(fwToken); + break; + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_MECHANISM_INVALID: + case CKR_SLOT_ID_INVALID: + case CKR_TOKEN_NOT_RECOGNIZED: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; +} + +/* + * NSSCKFWC_InitToken + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_InitToken +( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID, + CK_CHAR_PTR pPin, + CK_ULONG ulPinLen, + CK_CHAR_PTR pLabel +) +{ + CK_RV error = CKR_OK; + CK_ULONG nSlots; + NSSCKFWSlot **slots; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; + NSSItem pin; + NSSUTF8 *label; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); + if( (CK_ULONG)0 == nSlots ) { + goto loser; + } + + if( (slotID < 1) || (slotID > nSlots) ) { + error = CKR_SLOT_ID_INVALID; + goto loser; + } + + slots = nssCKFWInstance_GetSlots(fwInstance, &error); + if( (NSSCKFWSlot **)NULL == slots ) { + goto loser; + } + + fwSlot = slots[ slotID-1 ]; + + if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + pin.size = (PRUint32)ulPinLen; + pin.data = (void *)pPin; + label = (NSSUTF8 *)pLabel; /* identity conversion */ + + error = nssCKFWToken_InitToken(fwToken, &pin, label); + if( CKR_OK != error ) { + goto loser; + } + + return CKR_OK; + + loser: + switch( error ) { + case CKR_DEVICE_REMOVED: + case CKR_TOKEN_NOT_PRESENT: + if (fwToken) + nssCKFWToken_Destroy(fwToken); + break; + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_PIN_INCORRECT: + case CKR_PIN_LOCKED: + case CKR_SESSION_EXISTS: + case CKR_SLOT_ID_INVALID: + case CKR_TOKEN_NOT_RECOGNIZED: + case CKR_TOKEN_WRITE_PROTECTED: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; +} + +/* + * NSSCKFWC_InitPIN + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_InitPIN +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_CHAR_PTR pPin, + CK_ULONG ulPinLen +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSItem pin, *arg; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + if( (CK_CHAR_PTR)CK_NULL_PTR == pPin ) { + arg = (NSSItem *)NULL; + } else { + arg = &pin; + pin.size = (PRUint32)ulPinLen; + pin.data = (void *)pPin; + } + + error = nssCKFWSession_InitPIN(fwSession, arg); + if( CKR_OK != error ) { + goto loser; + } + + return CKR_OK; + + loser: + switch( error ) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_PIN_INVALID: + case CKR_PIN_LEN_RANGE: + case CKR_SESSION_READ_ONLY: + case CKR_SESSION_HANDLE_INVALID: + case CKR_TOKEN_WRITE_PROTECTED: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; +} + +/* + * NSSCKFWC_SetPIN + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_SetPIN +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_CHAR_PTR pOldPin, + CK_ULONG ulOldLen, + CK_CHAR_PTR pNewPin, + CK_ULONG ulNewLen +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSItem oldPin, newPin, *oldArg, *newArg; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + if( (CK_CHAR_PTR)CK_NULL_PTR == pOldPin ) { + oldArg = (NSSItem *)NULL; + } else { + oldArg = &oldPin; + oldPin.size = (PRUint32)ulOldLen; + oldPin.data = (void *)pOldPin; + } + + if( (CK_CHAR_PTR)CK_NULL_PTR == pNewPin ) { + newArg = (NSSItem *)NULL; + } else { + newArg = &newPin; + newPin.size = (PRUint32)ulNewLen; + newPin.data = (void *)pNewPin; + } + + error = nssCKFWSession_SetPIN(fwSession, oldArg, newArg); + if( CKR_OK != error ) { + goto loser; + } + + return CKR_OK; + + loser: + switch( error ) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_PIN_INCORRECT: + case CKR_PIN_INVALID: + case CKR_PIN_LEN_RANGE: + case CKR_PIN_LOCKED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_READ_ONLY: + case CKR_TOKEN_WRITE_PROTECTED: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; +} + +/* + * NSSCKFWC_OpenSession + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_OpenSession +( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID, + CK_FLAGS flags, + CK_VOID_PTR pApplication, + CK_NOTIFY Notify, + CK_SESSION_HANDLE_PTR phSession +) +{ + CK_RV error = CKR_OK; + CK_ULONG nSlots; + NSSCKFWSlot **slots; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; + NSSCKFWSession *fwSession; + CK_BBOOL rw; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); + if( (CK_ULONG)0 == nSlots ) { + goto loser; + } + + if( (slotID < 1) || (slotID > nSlots) ) { + error = CKR_SLOT_ID_INVALID; + goto loser; + } + + if( flags & CKF_RW_SESSION ) { + rw = CK_TRUE; + } else { + rw = CK_FALSE; + } + + if( flags & CKF_SERIAL_SESSION ) { + ; + } else { + error = CKR_SESSION_PARALLEL_NOT_SUPPORTED; + goto loser; + } + + if( flags & ~(CKF_RW_SESSION|CKF_SERIAL_SESSION) ) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + if( (CK_SESSION_HANDLE_PTR)CK_NULL_PTR == phSession ) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + /* + * A purify error here indicates caller error. + */ + *phSession = (CK_SESSION_HANDLE)0; + + slots = nssCKFWInstance_GetSlots(fwInstance, &error); + if( (NSSCKFWSlot **)NULL == slots ) { + goto loser; + } + + fwSlot = slots[ slotID-1 ]; + + if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwSession = nssCKFWToken_OpenSession(fwToken, rw, pApplication, + Notify, &error); + if (!fwSession) { + goto loser; + } + + *phSession = nssCKFWInstance_CreateSessionHandle(fwInstance, + fwSession, &error); + if( (CK_SESSION_HANDLE)0 == *phSession ) { + goto loser; + } + + return CKR_OK; + + loser: + switch( error ) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_SESSION_COUNT: + case CKR_SESSION_EXISTS: + case CKR_SESSION_PARALLEL_NOT_SUPPORTED: + case CKR_SESSION_READ_WRITE_SO_EXISTS: + case CKR_SLOT_ID_INVALID: + case CKR_TOKEN_NOT_PRESENT: + case CKR_TOKEN_NOT_RECOGNIZED: + case CKR_TOKEN_WRITE_PROTECTED: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; +} + +/* + * NSSCKFWC_CloseSession + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_CloseSession +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + nssCKFWInstance_DestroySessionHandle(fwInstance, hSession); + error = nssCKFWSession_Destroy(fwSession, CK_TRUE); + + if( CKR_OK != error ) { + goto loser; + } + + return CKR_OK; + + loser: + switch( error ) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; +} + +/* + * NSSCKFWC_CloseAllSessions + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_CloseAllSessions +( + NSSCKFWInstance *fwInstance, + CK_SLOT_ID slotID +) +{ + CK_RV error = CKR_OK; + CK_ULONG nSlots; + NSSCKFWSlot **slots; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error); + if( (CK_ULONG)0 == nSlots ) { + goto loser; + } + + if( (slotID < 1) || (slotID > nSlots) ) { + error = CKR_SLOT_ID_INVALID; + goto loser; + } + + slots = nssCKFWInstance_GetSlots(fwInstance, &error); + if( (NSSCKFWSlot **)NULL == slots ) { + goto loser; + } + + fwSlot = slots[ slotID-1 ]; + + if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + error = nssCKFWToken_CloseAllSessions(fwToken); + if( CKR_OK != error ) { + goto loser; + } + + return CKR_OK; + + loser: + switch( error ) { + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_SLOT_ID_INVALID: + case CKR_TOKEN_NOT_PRESENT: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; +} + +/* + * NSSCKFWC_GetSessionInfo + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_GetSessionInfo +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_SESSION_INFO_PTR pInfo +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWSlot *fwSlot; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + if( (CK_SESSION_INFO_PTR)CK_NULL_PTR == pInfo ) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + /* + * A purify error here indicates caller error. + */ + (void)nsslibc_memset(pInfo, 0, sizeof(CK_SESSION_INFO)); + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; + goto loser; + } + + pInfo->slotID = nssCKFWSlot_GetSlotID(fwSlot); + pInfo->state = nssCKFWSession_GetSessionState(fwSession); + + if( CK_TRUE == nssCKFWSession_IsRWSession(fwSession) ) { + pInfo->flags |= CKF_RW_SESSION; + } + + pInfo->flags |= CKF_SERIAL_SESSION; /* Always true */ + + pInfo->ulDeviceError = nssCKFWSession_GetDeviceError(fwSession); + + return CKR_OK; + + loser: + switch( error ) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; +} + +/* + * NSSCKFWC_GetOperationState + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_GetOperationState +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pOperationState, + CK_ULONG_PTR pulOperationStateLen +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + CK_ULONG len; + NSSItem buf; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + if( (CK_ULONG_PTR)CK_NULL_PTR == pulOperationStateLen ) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + len = nssCKFWSession_GetOperationStateLen(fwSession, &error); + if( ((CK_ULONG)0 == len) && (CKR_OK != error) ) { + goto loser; + } + + if( (CK_BYTE_PTR)CK_NULL_PTR == pOperationState ) { + *pulOperationStateLen = len; + return CKR_OK; + } + + if( *pulOperationStateLen < len ) { + *pulOperationStateLen = len; + error = CKR_BUFFER_TOO_SMALL; + goto loser; + } + + buf.size = (PRUint32)*pulOperationStateLen; + buf.data = (void *)pOperationState; + *pulOperationStateLen = len; + error = nssCKFWSession_GetOperationState(fwSession, &buf); + + if( CKR_OK != error ) { + goto loser; + } + + return CKR_OK; + + loser: + switch( error ) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_STATE_UNSAVEABLE: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; +} + +/* + * NSSCKFWC_SetOperationState + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_SetOperationState +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pOperationState, + CK_ULONG ulOperationStateLen, + CK_OBJECT_HANDLE hEncryptionKey, + CK_OBJECT_HANDLE hAuthenticationKey +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *eKey; + NSSCKFWObject *aKey; + NSSItem state; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + if( (CK_BYTE_PTR)CK_NULL_PTR == pOperationState ) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + /* + * We could loop through the buffer, to catch any purify errors + * in a place with a "user error" note. + */ + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + if( (CK_OBJECT_HANDLE)0 == hEncryptionKey ) { + eKey = (NSSCKFWObject *)NULL; + } else { + eKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hEncryptionKey); + if (!eKey) { + error = CKR_KEY_HANDLE_INVALID; + goto loser; + } + } + + if( (CK_OBJECT_HANDLE)0 == hAuthenticationKey ) { + aKey = (NSSCKFWObject *)NULL; + } else { + aKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hAuthenticationKey); + if (!aKey) { + error = CKR_KEY_HANDLE_INVALID; + goto loser; + } + } + + state.data = pOperationState; + state.size = ulOperationStateLen; + + error = nssCKFWSession_SetOperationState(fwSession, &state, eKey, aKey); + if( CKR_OK != error ) { + goto loser; + } + + return CKR_OK; + + loser: + switch( error ) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_KEY_CHANGED: + case CKR_KEY_NEEDED: + case CKR_KEY_NOT_NEEDED: + case CKR_SAVED_STATE_INVALID: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; +} + +/* + * NSSCKFWC_Login + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_Login +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_USER_TYPE userType, + CK_CHAR_PTR pPin, + CK_ULONG ulPinLen +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSItem pin, *arg; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + if( (CK_CHAR_PTR)CK_NULL_PTR == pPin ) { + arg = (NSSItem *)NULL; + } else { + arg = &pin; + pin.size = (PRUint32)ulPinLen; + pin.data = (void *)pPin; + } + + error = nssCKFWSession_Login(fwSession, userType, arg); + if( CKR_OK != error ) { + goto loser; + } + + return CKR_OK; + + loser: + switch( error ) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_PIN_EXPIRED: + case CKR_PIN_INCORRECT: + case CKR_PIN_LOCKED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_READ_ONLY_EXISTS: + case CKR_USER_ALREADY_LOGGED_IN: + case CKR_USER_ANOTHER_ALREADY_LOGGED_IN: + case CKR_USER_PIN_NOT_INITIALIZED: + case CKR_USER_TOO_MANY_TYPES: + case CKR_USER_TYPE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; +} + +/* + * NSSCKFWC_Logout + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_Logout +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_Logout(fwSession); + if( CKR_OK != error ) { + goto loser; + } + + return CKR_OK; + + loser: + switch( error ) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; +} + +/* + * NSSCKFWC_CreateObject + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_CreateObject +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phObject +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + if( (CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phObject ) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + /* + * A purify error here indicates caller error. + */ + *phObject = (CK_OBJECT_HANDLE)0; + + fwObject = nssCKFWSession_CreateObject(fwSession, pTemplate, + ulCount, &error); + if (!fwObject) { + goto loser; + } + + *phObject = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); + if( (CK_OBJECT_HANDLE)0 == *phObject ) { + nssCKFWObject_Destroy(fwObject); + goto loser; + } + + return CKR_OK; + + loser: + switch( error ) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_ATTRIBUTE_READ_ONLY: + case CKR_ATTRIBUTE_TYPE_INVALID: + case CKR_ATTRIBUTE_VALUE_INVALID: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_READ_ONLY: + case CKR_TEMPLATE_INCOMPLETE: + case CKR_TEMPLATE_INCONSISTENT: + case CKR_TOKEN_WRITE_PROTECTED: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; +} + +/* + * NSSCKFWC_CopyObject + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_CopyObject +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phNewObject +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + NSSCKFWObject *fwNewObject; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + if( (CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phNewObject ) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + /* + * A purify error here indicates caller error. + */ + *phNewObject = (CK_OBJECT_HANDLE)0; + + fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); + if (!fwObject) { + error = CKR_OBJECT_HANDLE_INVALID; + goto loser; + } + + fwNewObject = nssCKFWSession_CopyObject(fwSession, fwObject, + pTemplate, ulCount, &error); + if (!fwNewObject) { + goto loser; + } + + *phNewObject = nssCKFWInstance_CreateObjectHandle(fwInstance, + fwNewObject, &error); + if( (CK_OBJECT_HANDLE)0 == *phNewObject ) { + nssCKFWObject_Destroy(fwNewObject); + goto loser; + } + + return CKR_OK; + + loser: + switch( error ) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_ATTRIBUTE_READ_ONLY: + case CKR_ATTRIBUTE_TYPE_INVALID: + case CKR_ATTRIBUTE_VALUE_INVALID: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OBJECT_HANDLE_INVALID: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_READ_ONLY: + case CKR_TEMPLATE_INCONSISTENT: + case CKR_TOKEN_WRITE_PROTECTED: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; +} + +/* + * NSSCKFWC_DestroyObject + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_DestroyObject +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); + if (!fwObject) { + error = CKR_OBJECT_HANDLE_INVALID; + goto loser; + } + + nssCKFWInstance_DestroyObjectHandle(fwInstance, hObject); + nssCKFWObject_Destroy(fwObject); + + return CKR_OK; + + loser: + switch( error ) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OBJECT_HANDLE_INVALID: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_READ_ONLY: + case CKR_TOKEN_WRITE_PROTECTED: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; +} + +/* + * NSSCKFWC_GetObjectSize + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_GetObjectSize +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ULONG_PTR pulSize +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); + if (!fwObject) { + error = CKR_OBJECT_HANDLE_INVALID; + goto loser; + } + + if( (CK_ULONG_PTR)CK_NULL_PTR == pulSize ) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + /* + * A purify error here indicates caller error. + */ + *pulSize = (CK_ULONG)0; + + *pulSize = nssCKFWObject_GetObjectSize(fwObject, &error); + if( ((CK_ULONG)0 == *pulSize) && (CKR_OK != error) ) { + goto loser; + } + + return CKR_OK; + + loser: + switch( error ) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_INFORMATION_SENSITIVE: + case CKR_OBJECT_HANDLE_INVALID: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; +} + +/* + * NSSCKFWC_GetAttributeValue + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_GetAttributeValue +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + CK_BBOOL sensitive = CK_FALSE; + CK_BBOOL invalid = CK_FALSE; + CK_BBOOL tooSmall = CK_FALSE; + CK_ULONG i; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); + if (!fwObject) { + error = CKR_OBJECT_HANDLE_INVALID; + goto loser; + } + + if( (CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate ) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + for( i = 0; i < ulCount; i++ ) { + CK_ULONG size = nssCKFWObject_GetAttributeSize(fwObject, + pTemplate[i].type, &error); + if( (CK_ULONG)0 == size ) { + switch( error ) { + case CKR_ATTRIBUTE_SENSITIVE: + case CKR_INFORMATION_SENSITIVE: + sensitive = CK_TRUE; + pTemplate[i].ulValueLen = (CK_ULONG)(-1); + continue; + case CKR_ATTRIBUTE_TYPE_INVALID: + invalid = CK_TRUE; + pTemplate[i].ulValueLen = (CK_ULONG)(-1); + continue; + case CKR_OK: + break; + default: + goto loser; + } + } + + if( (CK_VOID_PTR)CK_NULL_PTR == pTemplate[i].pValue ) { + pTemplate[i].ulValueLen = size; + } else { + NSSItem it, *p; + + if( pTemplate[i].ulValueLen < size ) { + tooSmall = CK_TRUE; + continue; + } + + it.size = (PRUint32)pTemplate[i].ulValueLen; + it.data = (void *)pTemplate[i].pValue; + p = nssCKFWObject_GetAttribute(fwObject, pTemplate[i].type, &it, + (NSSArena *)NULL, &error); + if (!p) { + switch( error ) { + case CKR_ATTRIBUTE_SENSITIVE: + case CKR_INFORMATION_SENSITIVE: + sensitive = CK_TRUE; + pTemplate[i].ulValueLen = (CK_ULONG)(-1); + continue; + case CKR_ATTRIBUTE_TYPE_INVALID: + invalid = CK_TRUE; + pTemplate[i].ulValueLen = (CK_ULONG)(-1); + continue; + default: + goto loser; + } + } + + pTemplate[i].ulValueLen = size; + } + } + + if( sensitive ) { + error = CKR_ATTRIBUTE_SENSITIVE; + goto loser; + } else if( invalid ) { + error = CKR_ATTRIBUTE_TYPE_INVALID; + goto loser; + } else if( tooSmall ) { + error = CKR_BUFFER_TOO_SMALL; + goto loser; + } + + return CKR_OK; + + loser: + switch( error ) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_ATTRIBUTE_SENSITIVE: + case CKR_ATTRIBUTE_TYPE_INVALID: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OBJECT_HANDLE_INVALID: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; +} + +/* + * NSSCKFWC_SetAttributeValue + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_SetAttributeValue +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + CK_ULONG i; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject); + if (!fwObject) { + error = CKR_OBJECT_HANDLE_INVALID; + goto loser; + } + + if( (CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate ) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + for (i=0; i < ulCount; i++) { + NSSItem value; + + value.data = pTemplate[i].pValue; + value.size = pTemplate[i].ulValueLen; + + error = nssCKFWObject_SetAttribute(fwObject, fwSession, + pTemplate[i].type, &value); + + if( CKR_OK != error ) { + goto loser; + } + } + + return CKR_OK; + + loser: + switch( error ) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_ATTRIBUTE_READ_ONLY: + case CKR_ATTRIBUTE_TYPE_INVALID: + case CKR_ATTRIBUTE_VALUE_INVALID: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OBJECT_HANDLE_INVALID: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_READ_ONLY: + case CKR_TEMPLATE_INCONSISTENT: + case CKR_TOKEN_WRITE_PROTECTED: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; +} + +/* + * NSSCKFWC_FindObjectsInit + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_FindObjectsInit +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWFindObjects *fwFindObjects; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + if( ((CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate) && (ulCount != 0) ) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error); + if (fwFindObjects) { + error = CKR_OPERATION_ACTIVE; + goto loser; + } + + if( CKR_OPERATION_NOT_INITIALIZED != error ) { + goto loser; + } + + fwFindObjects = nssCKFWSession_FindObjectsInit(fwSession, + pTemplate, ulCount, &error); + if (!fwFindObjects) { + goto loser; + } + + error = nssCKFWSession_SetFWFindObjects(fwSession, fwFindObjects); + + if( CKR_OK != error ) { + nssCKFWFindObjects_Destroy(fwFindObjects); + goto loser; + } + + return CKR_OK; + + loser: + switch( error ) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_ATTRIBUTE_TYPE_INVALID: + case CKR_ATTRIBUTE_VALUE_INVALID: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_ACTIVE: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; +} + +/* + * NSSCKFWC_FindObjects + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_FindObjects +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE_PTR phObject, + CK_ULONG ulMaxObjectCount, + CK_ULONG_PTR pulObjectCount +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWFindObjects *fwFindObjects; + CK_ULONG i; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + if( (CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phObject ) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + /* + * A purify error here indicates caller error. + */ + (void)nsslibc_memset(phObject, 0, sizeof(CK_OBJECT_HANDLE) * ulMaxObjectCount); + *pulObjectCount = (CK_ULONG)0; + + fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error); + if (!fwFindObjects) { + goto loser; + } + + for( i = 0; i < ulMaxObjectCount; i++ ) { + NSSCKFWObject *fwObject = nssCKFWFindObjects_Next(fwFindObjects, + NULL, &error); + if (!fwObject) { + break; + } + + phObject[i] = nssCKFWInstance_FindObjectHandle(fwInstance, fwObject); + if( (CK_OBJECT_HANDLE)0 == phObject[i] ) { + phObject[i] = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); + } + if( (CK_OBJECT_HANDLE)0 == phObject[i] ) { + /* This isn't right either, is it? */ + nssCKFWObject_Destroy(fwObject); + goto loser; + } + } + + *pulObjectCount = i; + + return CKR_OK; + + loser: + switch( error ) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; +} + +/* + * NSSCKFWC_FindObjectsFinal + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_FindObjectsFinal +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWFindObjects *fwFindObjects; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error); + if (!fwFindObjects) { + error = CKR_OPERATION_NOT_INITIALIZED; + goto loser; + } + + nssCKFWFindObjects_Destroy(fwFindObjects); + error = nssCKFWSession_SetFWFindObjects(fwSession, + (NSSCKFWFindObjects *)NULL); + + if( CKR_OK != error ) { + goto loser; + } + + return CKR_OK; + + loser: + switch( error ) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; +} + +/* + * NSSCKFWC_EncryptInit + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_EncryptInit +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken; + NSSCKFWMechanism *fwMechanism; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); + if (!fwObject) { + error = CKR_KEY_HANDLE_INVALID; + goto loser; + } + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; /* should never happen! */ + goto loser; + } + + if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); + if (!fwMechanism) { + goto loser; + } + + error = nssCKFWMechanism_EncryptInit(fwMechanism, pMechanism, + fwSession, fwObject); + + nssCKFWMechanism_Destroy(fwMechanism); + + if (CKR_OK == error) { + return CKR_OK; + } + +loser: + /* verify error */ + switch( error ) { + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_KEY_FUNCTION_NOT_PERMITTED: + case CKR_KEY_HANDLE_INVALID: + case CKR_KEY_SIZE_RANGE: + case CKR_KEY_TYPE_INCONSISTENT: + case CKR_MECHANISM_INVALID: + case CKR_MECHANISM_PARAM_INVALID: + case CKR_OPERATION_ACTIVE: + case CKR_PIN_EXPIRED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; +} + +/* + * NSSCKFWC_Encrypt + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_Encrypt +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pEncryptedData, + CK_ULONG_PTR pulEncryptedDataLen +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_UpdateFinal(fwSession, + NSSCKFWCryptoOperationType_Encrypt, + NSSCKFWCryptoOperationState_EncryptDecrypt, + pData, ulDataLen, pEncryptedData, pulEncryptedDataLen); + + if (CKR_OK == error) { + return CKR_OK; + } + +loser: + /* verify error */ + switch( error ) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_INVALID: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_CLOSED: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; +} + +/* + * NSSCKFWC_EncryptUpdate + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_EncryptUpdate +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_Update(fwSession, + NSSCKFWCryptoOperationType_Encrypt, + NSSCKFWCryptoOperationState_EncryptDecrypt, + pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen); + + if (CKR_OK == error) { + return CKR_OK; + } + +loser: + /* verify error */ + switch( error ) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; +} + +/* + * NSSCKFWC_EncryptFinal + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_EncryptFinal +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pLastEncryptedPart, + CK_ULONG_PTR pulLastEncryptedPartLen +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_Final(fwSession, + NSSCKFWCryptoOperationType_Encrypt, + NSSCKFWCryptoOperationState_EncryptDecrypt, + pLastEncryptedPart, pulLastEncryptedPartLen); + + if (CKR_OK == error) { + return CKR_OK; + } + +loser: + /* verify error */ + switch( error ) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; +} + +/* + * NSSCKFWC_DecryptInit + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_DecryptInit +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken; + NSSCKFWMechanism *fwMechanism; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); + if (!fwObject) { + error = CKR_KEY_HANDLE_INVALID; + goto loser; + } + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; /* should never happen! */ + goto loser; + } + + if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); + if (!fwMechanism) { + goto loser; + } + + error = nssCKFWMechanism_DecryptInit(fwMechanism, pMechanism, + fwSession, fwObject); + nssCKFWMechanism_Destroy(fwMechanism); + + if (CKR_OK == error) { + return CKR_OK; + } + +loser: + /* verify error */ + switch( error ) { + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_KEY_FUNCTION_NOT_PERMITTED: + case CKR_KEY_HANDLE_INVALID: + case CKR_KEY_SIZE_RANGE: + case CKR_KEY_TYPE_INCONSISTENT: + case CKR_MECHANISM_INVALID: + case CKR_MECHANISM_PARAM_INVALID: + case CKR_OPERATION_ACTIVE: + case CKR_PIN_EXPIRED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; +} + +/* + * NSSCKFWC_Decrypt + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_Decrypt +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedData, + CK_ULONG ulEncryptedDataLen, + CK_BYTE_PTR pData, + CK_ULONG_PTR pulDataLen +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_UpdateFinal(fwSession, + NSSCKFWCryptoOperationType_Decrypt, + NSSCKFWCryptoOperationState_EncryptDecrypt, + pEncryptedData, ulEncryptedDataLen, pData, pulDataLen); + + if (CKR_OK == error) { + return CKR_OK; + } + +loser: + /* verify error */ + switch( error ) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_ENCRYPTED_DATA_INVALID: + case CKR_ENCRYPTED_DATA_LEN_RANGE: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + case CKR_DATA_LEN_RANGE: + error = CKR_ENCRYPTED_DATA_LEN_RANGE; + break; + case CKR_DATA_INVALID: + error = CKR_ENCRYPTED_DATA_INVALID; + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; +} + +/* + * NSSCKFWC_DecryptUpdate + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_DecryptUpdate +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, + CK_ULONG_PTR pulPartLen +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_Update(fwSession, + NSSCKFWCryptoOperationType_Decrypt, + NSSCKFWCryptoOperationState_EncryptDecrypt, + pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen); + + if (CKR_OK == error) { + return CKR_OK; + } + +loser: + /* verify error */ + switch( error ) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_ENCRYPTED_DATA_INVALID: + case CKR_ENCRYPTED_DATA_LEN_RANGE: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + case CKR_DATA_LEN_RANGE: + error = CKR_ENCRYPTED_DATA_LEN_RANGE; + break; + case CKR_DATA_INVALID: + error = CKR_ENCRYPTED_DATA_INVALID; + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; +} + +/* + * NSSCKFWC_DecryptFinal + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_DecryptFinal +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pLastPart, + CK_ULONG_PTR pulLastPartLen +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_Final(fwSession, + NSSCKFWCryptoOperationType_Decrypt, + NSSCKFWCryptoOperationState_EncryptDecrypt, + pLastPart, pulLastPartLen); + + if (CKR_OK == error) { + return CKR_OK; + } + +loser: + /* verify error */ + switch( error ) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_FAILED: + case CKR_FUNCTION_CANCELED: + case CKR_ENCRYPTED_DATA_INVALID: + case CKR_ENCRYPTED_DATA_LEN_RANGE: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + case CKR_DATA_LEN_RANGE: + error = CKR_ENCRYPTED_DATA_LEN_RANGE; + break; + case CKR_DATA_INVALID: + error = CKR_ENCRYPTED_DATA_INVALID; + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; +} + +/* + * NSSCKFWC_DigestInit + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_DigestInit +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken; + NSSCKFWMechanism *fwMechanism; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; /* should never happen! */ + goto loser; + } + + if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); + if (!fwMechanism) { + goto loser; + } + + error = nssCKFWMechanism_DigestInit(fwMechanism, pMechanism, fwSession); + + nssCKFWMechanism_Destroy(fwMechanism); + + if (CKR_OK == error) { + return CKR_OK; + } + +loser: + /* verify error */ + switch( error ) { + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_MECHANISM_INVALID: + case CKR_MECHANISM_PARAM_INVALID: + case CKR_OPERATION_ACTIVE: + case CKR_PIN_EXPIRED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; +} + +/* + * NSSCKFWC_Digest + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_Digest +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pDigest, + CK_ULONG_PTR pulDigestLen +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_UpdateFinal(fwSession, + NSSCKFWCryptoOperationType_Digest, + NSSCKFWCryptoOperationState_Digest, + pData, ulDataLen, pDigest, pulDigestLen); + + if (CKR_OK == error) { + return CKR_OK; + } + +loser: + /* verify error */ + switch( error ) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; +} + +/* + * NSSCKFWC_DigestUpdate + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_DigestUpdate +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_DigestUpdate(fwSession, + NSSCKFWCryptoOperationType_Digest, + NSSCKFWCryptoOperationState_Digest, + pData, ulDataLen); + + if (CKR_OK == error) { + return CKR_OK; + } + +loser: + /* verify error */ + switch( error ) { + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; +} + +/* + * NSSCKFWC_DigestKey + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_DigestKey +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hKey +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); + if (!fwObject) { + error = CKR_KEY_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_DigestKey(fwSession, fwObject); + + if (CKR_OK == error) { + return CKR_OK; + } + +loser: + /* verify error */ + switch( error ) { + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_KEY_HANDLE_INVALID: + case CKR_KEY_INDIGESTIBLE: + case CKR_KEY_SIZE_RANGE: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; +} + +/* + * NSSCKFWC_DigestFinal + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_DigestFinal +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pDigest, + CK_ULONG_PTR pulDigestLen +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_Final(fwSession, + NSSCKFWCryptoOperationType_Digest, + NSSCKFWCryptoOperationState_Digest, + pDigest, pulDigestLen); + + if (CKR_OK == error) { + return CKR_OK; + } + +loser: + /* verify error */ + switch( error ) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; +} + +/* + * NSSCKFWC_SignInit + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_SignInit +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken; + NSSCKFWMechanism *fwMechanism; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); + if (!fwObject) { + error = CKR_KEY_HANDLE_INVALID; + goto loser; + } + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; /* should never happen! */ + goto loser; + } + + if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); + if (!fwMechanism) { + goto loser; + } + + error = nssCKFWMechanism_SignInit(fwMechanism, pMechanism, fwSession, + fwObject); + + nssCKFWMechanism_Destroy(fwMechanism); + + if (CKR_OK == error) { + return CKR_OK; + } + +loser: + /* verify error */ + switch( error ) { + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_KEY_FUNCTION_NOT_PERMITTED: + case CKR_KEY_HANDLE_INVALID: + case CKR_KEY_SIZE_RANGE: + case CKR_KEY_TYPE_INCONSISTENT: + case CKR_MECHANISM_INVALID: + case CKR_MECHANISM_PARAM_INVALID: + case CKR_OPERATION_ACTIVE: + case CKR_PIN_EXPIRED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; +} + +/* + * NSSCKFWC_Sign + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_Sign +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_UpdateFinal(fwSession, + NSSCKFWCryptoOperationType_Sign, + NSSCKFWCryptoOperationState_SignVerify, + pData, ulDataLen, pSignature, pulSignatureLen); + + if (CKR_OK == error) { + return CKR_OK; + } + +loser: + /* verify error */ + switch( error ) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_INVALID: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + case CKR_FUNCTION_REJECTED: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; +} + +/* + * NSSCKFWC_SignUpdate + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_SignUpdate +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_DigestUpdate(fwSession, + NSSCKFWCryptoOperationType_Sign, + NSSCKFWCryptoOperationState_SignVerify, + pPart, ulPartLen); + + if (CKR_OK == error) { + return CKR_OK; + } + +loser: + /* verify error */ + switch( error ) { + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; +} + +/* + * NSSCKFWC_SignFinal + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_SignFinal +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_Final(fwSession, + NSSCKFWCryptoOperationType_Sign, + NSSCKFWCryptoOperationState_SignVerify, + pSignature, pulSignatureLen); + + if (CKR_OK == error) { + return CKR_OK; + } + +loser: + /* verify error */ + switch( error ) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + case CKR_FUNCTION_REJECTED: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; +} + +/* + * NSSCKFWC_SignRecoverInit + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_SignRecoverInit +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken; + NSSCKFWMechanism *fwMechanism; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); + if (!fwObject) { + error = CKR_KEY_HANDLE_INVALID; + goto loser; + } + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; /* should never happen! */ + goto loser; + } + + if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); + if (!fwMechanism) { + goto loser; + } + + error = nssCKFWMechanism_SignRecoverInit(fwMechanism, pMechanism, fwSession, + fwObject); + + nssCKFWMechanism_Destroy(fwMechanism); + + if (CKR_OK == error) { + return CKR_OK; + } + +loser: + /* verify error */ + switch( error ) { + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_KEY_FUNCTION_NOT_PERMITTED: + case CKR_KEY_HANDLE_INVALID: + case CKR_KEY_SIZE_RANGE: + case CKR_KEY_TYPE_INCONSISTENT: + case CKR_MECHANISM_INVALID: + case CKR_MECHANISM_PARAM_INVALID: + case CKR_OPERATION_ACTIVE: + case CKR_PIN_EXPIRED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; +} + +/* + * NSSCKFWC_SignRecover + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_SignRecover +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_UpdateFinal(fwSession, + NSSCKFWCryptoOperationType_SignRecover, + NSSCKFWCryptoOperationState_SignVerify, + pData, ulDataLen, pSignature, pulSignatureLen); + + if (CKR_OK == error) { + return CKR_OK; + } + +loser: + /* verify error */ + switch( error ) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_INVALID: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; +} + +/* + * NSSCKFWC_VerifyInit + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_VerifyInit +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken; + NSSCKFWMechanism *fwMechanism; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); + if (!fwObject) { + error = CKR_KEY_HANDLE_INVALID; + goto loser; + } + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; /* should never happen! */ + goto loser; + } + + if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); + if (!fwMechanism) { + goto loser; + } + + error = nssCKFWMechanism_VerifyInit(fwMechanism, pMechanism, fwSession, + fwObject); + + nssCKFWMechanism_Destroy(fwMechanism); + + if (CKR_OK == error) { + return CKR_OK; + } + +loser: + /* verify error */ + switch( error ) { + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_KEY_FUNCTION_NOT_PERMITTED: + case CKR_KEY_HANDLE_INVALID: + case CKR_KEY_SIZE_RANGE: + case CKR_KEY_TYPE_INCONSISTENT: + case CKR_MECHANISM_INVALID: + case CKR_MECHANISM_PARAM_INVALID: + case CKR_OPERATION_ACTIVE: + case CKR_PIN_EXPIRED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; +} + +/* + * NSSCKFWC_Verify + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_Verify +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_UpdateFinal(fwSession, + NSSCKFWCryptoOperationType_Verify, + NSSCKFWCryptoOperationState_SignVerify, + pData, ulDataLen, pSignature, &ulSignatureLen); + + if (CKR_OK == error) { + return CKR_OK; + } + +loser: + /* verify error */ + switch( error ) { + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_INVALID: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SIGNATURE_INVALID: + case CKR_SIGNATURE_LEN_RANGE: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; +} + +/* + * NSSCKFWC_VerifyUpdate + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_VerifyUpdate +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_DigestUpdate(fwSession, + NSSCKFWCryptoOperationType_Verify, + NSSCKFWCryptoOperationState_SignVerify, + pPart, ulPartLen); + + if (CKR_OK == error) { + return CKR_OK; + } + +loser: + /* verify error */ + switch( error ) { + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; +} + +/* + * NSSCKFWC_VerifyFinal + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_VerifyFinal +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_Final(fwSession, + NSSCKFWCryptoOperationType_Verify, + NSSCKFWCryptoOperationState_SignVerify, + pSignature, &ulSignatureLen); + + if (CKR_OK == error) { + return CKR_OK; + } + +loser: + /* verify error */ + switch( error ) { + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SIGNATURE_INVALID: + case CKR_SIGNATURE_LEN_RANGE: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; +} + +/* + * NSSCKFWC_VerifyRecoverInit + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_VerifyRecoverInit +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken; + NSSCKFWMechanism *fwMechanism; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); + if (!fwObject) { + error = CKR_KEY_HANDLE_INVALID; + goto loser; + } + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; /* should never happen! */ + goto loser; + } + + if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); + if (!fwMechanism) { + goto loser; + } + + error = nssCKFWMechanism_VerifyRecoverInit(fwMechanism, pMechanism, + fwSession, fwObject); + + nssCKFWMechanism_Destroy(fwMechanism); + + if (CKR_OK == error) { + return CKR_OK; + } + +loser: + /* verify error */ + switch( error ) { + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_KEY_FUNCTION_NOT_PERMITTED: + case CKR_KEY_HANDLE_INVALID: + case CKR_KEY_SIZE_RANGE: + case CKR_KEY_TYPE_INCONSISTENT: + case CKR_MECHANISM_INVALID: + case CKR_MECHANISM_PARAM_INVALID: + case CKR_OPERATION_ACTIVE: + case CKR_PIN_EXPIRED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_CLOSED: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; +} + +/* + * NSSCKFWC_VerifyRecover + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_VerifyRecover +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen, + CK_BYTE_PTR pData, + CK_ULONG_PTR pulDataLen +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_UpdateFinal(fwSession, + NSSCKFWCryptoOperationType_VerifyRecover, + NSSCKFWCryptoOperationState_SignVerify, + pSignature, ulSignatureLen, pData, pulDataLen); + if (CKR_OK == error) { + return CKR_OK; + } +loser: + /* verify error */ + switch( error ) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_INVALID: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SIGNATURE_INVALID: + case CKR_SIGNATURE_LEN_RANGE: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; +} + +/* + * NSSCKFWC_DigestEncryptUpdate + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_DigestEncryptUpdate +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_UpdateCombo(fwSession, + NSSCKFWCryptoOperationType_Encrypt, + NSSCKFWCryptoOperationType_Digest, + NSSCKFWCryptoOperationState_Digest, + pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen); + + if (CKR_OK == error) { + return CKR_OK; + } + +loser: + /* verify error */ + switch( error ) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; +} + +/* + * NSSCKFWC_DecryptDigestUpdate + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_DecryptDigestUpdate +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, + CK_ULONG_PTR pulPartLen +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_UpdateCombo(fwSession, + NSSCKFWCryptoOperationType_Decrypt, + NSSCKFWCryptoOperationType_Digest, + NSSCKFWCryptoOperationState_Digest, + pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen); + + if (CKR_OK == error) { + return CKR_OK; + } + +loser: + /* verify error */ + switch( error ) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_ENCRYPTED_DATA_INVALID: + case CKR_ENCRYPTED_DATA_LEN_RANGE: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + break; + case CKR_DATA_INVALID: + error = CKR_ENCRYPTED_DATA_INVALID; + break; + case CKR_DATA_LEN_RANGE: + error = CKR_ENCRYPTED_DATA_LEN_RANGE; + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; +} + +/* + * NSSCKFWC_SignEncryptUpdate + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_SignEncryptUpdate +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_UpdateCombo(fwSession, + NSSCKFWCryptoOperationType_Encrypt, + NSSCKFWCryptoOperationType_Sign, + NSSCKFWCryptoOperationState_SignVerify, + pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen); + + if (CKR_OK == error) { + return CKR_OK; + } + +loser: + /* verify error */ + switch( error ) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; +} + +/* + * NSSCKFWC_DecryptVerifyUpdate + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_DecryptVerifyUpdate +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, + CK_ULONG_PTR pulPartLen +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + error = nssCKFWSession_UpdateCombo(fwSession, + NSSCKFWCryptoOperationType_Decrypt, + NSSCKFWCryptoOperationType_Verify, + NSSCKFWCryptoOperationState_SignVerify, + pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen); + + if (CKR_OK == error) { + return CKR_OK; + } + +loser: + /* verify error */ + switch( error ) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DATA_LEN_RANGE: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_ENCRYPTED_DATA_INVALID: + case CKR_ENCRYPTED_DATA_LEN_RANGE: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_NOT_INITIALIZED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + break; + case CKR_DATA_INVALID: + error = CKR_ENCRYPTED_DATA_INVALID; + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; +} + +/* + * NSSCKFWC_GenerateKey + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_GenerateKey +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phKey +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken; + NSSCKFWMechanism *fwMechanism; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; /* should never happen! */ + goto loser; + } + + if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); + if (!fwMechanism) { + goto loser; + } + + fwObject = nssCKFWMechanism_GenerateKey( + fwMechanism, + pMechanism, + fwSession, + pTemplate, + ulCount, + &error); + + nssCKFWMechanism_Destroy(fwMechanism); + if (!fwObject) { + goto loser; + } + *phKey= nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); + + if (CKR_OK == error) { + return CKR_OK; + } + +loser: + /* verify error */ + switch( error ) { + case CKR_ARGUMENTS_BAD: + case CKR_ATTRIBUTE_READ_ONLY: + case CKR_ATTRIBUTE_TYPE_INVALID: + case CKR_ATTRIBUTE_VALUE_INVALID: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_MECHANISM_INVALID: + case CKR_MECHANISM_PARAM_INVALID: + case CKR_OPERATION_ACTIVE: + case CKR_PIN_EXPIRED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_READ_ONLY: + case CKR_TEMPLATE_INCOMPLETE: + case CKR_TEMPLATE_INCONSISTENT: + case CKR_TOKEN_WRITE_PROTECTED: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; +} + +/* + * NSSCKFWC_GenerateKeyPair + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_GenerateKeyPair +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_ATTRIBUTE_PTR pPublicKeyTemplate, + CK_ULONG ulPublicKeyAttributeCount, + CK_ATTRIBUTE_PTR pPrivateKeyTemplate, + CK_ULONG ulPrivateKeyAttributeCount, + CK_OBJECT_HANDLE_PTR phPublicKey, + CK_OBJECT_HANDLE_PTR phPrivateKey +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwPrivateKeyObject; + NSSCKFWObject *fwPublicKeyObject; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken; + NSSCKFWMechanism *fwMechanism; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; /* should never happen! */ + goto loser; + } + + if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); + if (!fwMechanism) { + goto loser; + } + + error= nssCKFWMechanism_GenerateKeyPair( + fwMechanism, + pMechanism, + fwSession, + pPublicKeyTemplate, + ulPublicKeyAttributeCount, + pPublicKeyTemplate, + ulPublicKeyAttributeCount, + &fwPublicKeyObject, + &fwPrivateKeyObject); + + nssCKFWMechanism_Destroy(fwMechanism); + if (CKR_OK != error) { + goto loser; + } + *phPublicKey = nssCKFWInstance_CreateObjectHandle(fwInstance, + fwPublicKeyObject, + &error); + if (CKR_OK != error) { + goto loser; + } + *phPrivateKey = nssCKFWInstance_CreateObjectHandle(fwInstance, + fwPrivateKeyObject, + &error); + if (CKR_OK == error) { + return CKR_OK; + } + +loser: + /* verify error */ + switch( error ) { + case CKR_ARGUMENTS_BAD: + case CKR_ATTRIBUTE_READ_ONLY: + case CKR_ATTRIBUTE_TYPE_INVALID: + case CKR_ATTRIBUTE_VALUE_INVALID: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_DOMAIN_PARAMS_INVALID: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_MECHANISM_INVALID: + case CKR_MECHANISM_PARAM_INVALID: + case CKR_OPERATION_ACTIVE: + case CKR_PIN_EXPIRED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_READ_ONLY: + case CKR_TEMPLATE_INCOMPLETE: + case CKR_TEMPLATE_INCONSISTENT: + case CKR_TOKEN_WRITE_PROTECTED: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; +} + +/* + * NSSCKFWC_WrapKey + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_WrapKey +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hWrappingKey, + CK_OBJECT_HANDLE hKey, + CK_BYTE_PTR pWrappedKey, + CK_ULONG_PTR pulWrappedKeyLen +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwKeyObject; + NSSCKFWObject *fwWrappingKeyObject; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken; + NSSCKFWMechanism *fwMechanism; + NSSItem wrappedKey; + CK_ULONG wrappedKeyLength = 0; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwWrappingKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, + hWrappingKey); + if (!fwWrappingKeyObject) { + error = CKR_WRAPPING_KEY_HANDLE_INVALID; + goto loser; + } + + fwKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey); + if (!fwKeyObject) { + error = CKR_KEY_HANDLE_INVALID; + goto loser; + } + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; /* should never happen! */ + goto loser; + } + + if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); + if (!fwMechanism) { + goto loser; + } + + /* + * first get the length... + */ + wrappedKeyLength = nssCKFWMechanism_GetWrapKeyLength( + fwMechanism, + pMechanism, + fwSession, + fwWrappingKeyObject, + fwKeyObject, + &error); + if ((CK_ULONG) 0 == wrappedKeyLength) { + nssCKFWMechanism_Destroy(fwMechanism); + goto loser; + } + if ((CK_BYTE_PTR)NULL == pWrappedKey) { + *pulWrappedKeyLen = wrappedKeyLength; + nssCKFWMechanism_Destroy(fwMechanism); + return CKR_OK; + } + if (wrappedKeyLength > *pulWrappedKeyLen) { + *pulWrappedKeyLen = wrappedKeyLength; + nssCKFWMechanism_Destroy(fwMechanism); + error = CKR_BUFFER_TOO_SMALL; + goto loser; + } + + + wrappedKey.data = pWrappedKey; + wrappedKey.size = wrappedKeyLength; + + error = nssCKFWMechanism_WrapKey( + fwMechanism, + pMechanism, + fwSession, + fwWrappingKeyObject, + fwKeyObject, + &wrappedKey); + + nssCKFWMechanism_Destroy(fwMechanism); + *pulWrappedKeyLen = wrappedKey.size; + + if (CKR_OK == error) { + return CKR_OK; + } + +loser: + /* verify error */ + switch( error ) { + case CKR_ARGUMENTS_BAD: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_KEY_HANDLE_INVALID: + case CKR_KEY_NOT_WRAPPABLE: + case CKR_KEY_SIZE_RANGE: + case CKR_KEY_UNEXTRACTABLE: + case CKR_MECHANISM_INVALID: + case CKR_MECHANISM_PARAM_INVALID: + case CKR_OPERATION_ACTIVE: + case CKR_PIN_EXPIRED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_WRAPPING_KEY_HANDLE_INVALID: + case CKR_WRAPPING_KEY_SIZE_RANGE: + case CKR_WRAPPING_KEY_TYPE_INCONSISTENT: + break; + case CKR_KEY_TYPE_INCONSISTENT: + error = CKR_WRAPPING_KEY_TYPE_INCONSISTENT; + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; +} + +/* + * NSSCKFWC_UnwrapKey + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_UnwrapKey +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hUnwrappingKey, + CK_BYTE_PTR pWrappedKey, + CK_ULONG ulWrappedKeyLen, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_OBJECT_HANDLE_PTR phKey +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + NSSCKFWObject *fwWrappingKeyObject; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken; + NSSCKFWMechanism *fwMechanism; + NSSItem wrappedKey; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwWrappingKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, + hUnwrappingKey); + if (!fwWrappingKeyObject) { + error = CKR_WRAPPING_KEY_HANDLE_INVALID; + goto loser; + } + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; /* should never happen! */ + goto loser; + } + + if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); + if (!fwMechanism) { + goto loser; + } + + wrappedKey.data = pWrappedKey; + wrappedKey.size = ulWrappedKeyLen; + + fwObject = nssCKFWMechanism_UnwrapKey( + fwMechanism, + pMechanism, + fwSession, + fwWrappingKeyObject, + &wrappedKey, + pTemplate, + ulAttributeCount, + &error); + + nssCKFWMechanism_Destroy(fwMechanism); + if (!fwObject) { + goto loser; + } + *phKey = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); + + if (CKR_OK == error) { + return CKR_OK; + } + +loser: + /* verify error */ + switch( error ) { + case CKR_ARGUMENTS_BAD: + case CKR_ATTRIBUTE_READ_ONLY: + case CKR_ATTRIBUTE_TYPE_INVALID: + case CKR_ATTRIBUTE_VALUE_INVALID: + case CKR_BUFFER_TOO_SMALL: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_DOMAIN_PARAMS_INVALID: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_MECHANISM_INVALID: + case CKR_MECHANISM_PARAM_INVALID: + case CKR_OPERATION_ACTIVE: + case CKR_PIN_EXPIRED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_READ_ONLY: + case CKR_TEMPLATE_INCOMPLETE: + case CKR_TEMPLATE_INCONSISTENT: + case CKR_TOKEN_WRITE_PROTECTED: + case CKR_UNWRAPPING_KEY_HANDLE_INVALID: + case CKR_UNWRAPPING_KEY_SIZE_RANGE: + case CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT: + case CKR_USER_NOT_LOGGED_IN: + case CKR_WRAPPED_KEY_INVALID: + case CKR_WRAPPED_KEY_LEN_RANGE: + break; + case CKR_KEY_HANDLE_INVALID: + error = CKR_UNWRAPPING_KEY_HANDLE_INVALID; + break; + case CKR_KEY_SIZE_RANGE: + error = CKR_UNWRAPPING_KEY_SIZE_RANGE; + break; + case CKR_KEY_TYPE_INCONSISTENT: + error = CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT; + break; + case CKR_ENCRYPTED_DATA_INVALID: + error = CKR_WRAPPED_KEY_INVALID; + break; + case CKR_ENCRYPTED_DATA_LEN_RANGE: + error = CKR_WRAPPED_KEY_LEN_RANGE; + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; +} + +/* + * NSSCKFWC_DeriveKey + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_DeriveKey +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hBaseKey, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_OBJECT_HANDLE_PTR phKey +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSCKFWObject *fwObject; + NSSCKFWObject *fwBaseKeyObject; + NSSCKFWSlot *fwSlot; + NSSCKFWToken *fwToken; + NSSCKFWMechanism *fwMechanism; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + fwBaseKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hBaseKey); + if (!fwBaseKeyObject) { + error = CKR_KEY_HANDLE_INVALID; + goto loser; + } + + fwSlot = nssCKFWSession_GetFWSlot(fwSession); + if (!fwSlot) { + error = CKR_GENERAL_ERROR; /* should never happen! */ + goto loser; + } + + if( CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot) ) { + error = CKR_TOKEN_NOT_PRESENT; + goto loser; + } + + fwToken = nssCKFWSlot_GetToken(fwSlot, &error); + if (!fwToken) { + goto loser; + } + + fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error); + if (!fwMechanism) { + goto loser; + } + + fwObject = nssCKFWMechanism_DeriveKey( + fwMechanism, + pMechanism, + fwSession, + fwBaseKeyObject, + pTemplate, + ulAttributeCount, + &error); + + nssCKFWMechanism_Destroy(fwMechanism); + if (!fwObject) { + goto loser; + } + *phKey = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error); + + if (CKR_OK == error) { + return CKR_OK; + } + +loser: + /* verify error */ + switch( error ) { + case CKR_ARGUMENTS_BAD: + case CKR_ATTRIBUTE_READ_ONLY: + case CKR_ATTRIBUTE_TYPE_INVALID: + case CKR_ATTRIBUTE_VALUE_INVALID: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_DEVICE_REMOVED: + case CKR_DOMAIN_PARAMS_INVALID: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_KEY_HANDLE_INVALID: + case CKR_KEY_SIZE_RANGE: + case CKR_KEY_TYPE_INCONSISTENT: + case CKR_MECHANISM_INVALID: + case CKR_MECHANISM_PARAM_INVALID: + case CKR_OPERATION_ACTIVE: + case CKR_PIN_EXPIRED: + case CKR_SESSION_CLOSED: + case CKR_SESSION_HANDLE_INVALID: + case CKR_SESSION_READ_ONLY: + case CKR_TEMPLATE_INCOMPLETE: + case CKR_TEMPLATE_INCONSISTENT: + case CKR_TOKEN_WRITE_PROTECTED: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + return error; +} + +/* + * NSSCKFWC_SeedRandom + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_SeedRandom +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSeed, + CK_ULONG ulSeedLen +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSItem seed; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + if( (CK_BYTE_PTR)CK_NULL_PTR == pSeed ) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + /* We could read through the buffer in a Purify trap */ + + seed.size = (PRUint32)ulSeedLen; + seed.data = (void *)pSeed; + + error = nssCKFWSession_SeedRandom(fwSession, &seed); + + if( CKR_OK != error ) { + goto loser; + } + + return CKR_OK; + + loser: + switch( error ) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_ACTIVE: + case CKR_RANDOM_SEED_NOT_SUPPORTED: + case CKR_RANDOM_NO_RNG: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; +} + +/* + * NSSCKFWC_GenerateRandom + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_GenerateRandom +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pRandomData, + CK_ULONG ulRandomLen +) +{ + CK_RV error = CKR_OK; + NSSCKFWSession *fwSession; + NSSItem buffer; + + if (!fwInstance) { + error = CKR_CRYPTOKI_NOT_INITIALIZED; + goto loser; + } + + fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession); + if (!fwSession) { + error = CKR_SESSION_HANDLE_INVALID; + goto loser; + } + + if( (CK_BYTE_PTR)CK_NULL_PTR == pRandomData ) { + error = CKR_ARGUMENTS_BAD; + goto loser; + } + + /* + * A purify error here indicates caller error. + */ + (void)nsslibc_memset(pRandomData, 0, ulRandomLen); + + buffer.size = (PRUint32)ulRandomLen; + buffer.data = (void *)pRandomData; + + error = nssCKFWSession_GetRandom(fwSession, &buffer); + + if( CKR_OK != error ) { + goto loser; + } + + return CKR_OK; + + loser: + switch( error ) { + case CKR_SESSION_CLOSED: + /* destroy session? */ + break; + case CKR_DEVICE_REMOVED: + /* (void)nssCKFWToken_Destroy(fwToken); */ + break; + case CKR_ARGUMENTS_BAD: + case CKR_CRYPTOKI_NOT_INITIALIZED: + case CKR_DEVICE_ERROR: + case CKR_DEVICE_MEMORY: + case CKR_FUNCTION_CANCELED: + case CKR_FUNCTION_FAILED: + case CKR_GENERAL_ERROR: + case CKR_HOST_MEMORY: + case CKR_OPERATION_ACTIVE: + case CKR_RANDOM_NO_RNG: + case CKR_SESSION_HANDLE_INVALID: + case CKR_USER_NOT_LOGGED_IN: + break; + default: + case CKR_OK: + error = CKR_GENERAL_ERROR; + break; + } + + return error; +} + +/* + * NSSCKFWC_GetFunctionStatus + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_GetFunctionStatus +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession +) +{ + return CKR_FUNCTION_NOT_PARALLEL; +} + +/* + * NSSCKFWC_CancelFunction + * + */ +NSS_IMPLEMENT CK_RV +NSSCKFWC_CancelFunction +( + NSSCKFWInstance *fwInstance, + CK_SESSION_HANDLE hSession +) +{ + return CKR_FUNCTION_NOT_PARALLEL; +} |