Back to index

lightning-sunbird  0.9+nobinonly
Classes | Defines | Typedefs | Enumerations | Functions | Variables
pk11mode.c File Reference
#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdarg.h>
#include "prlink.h"
#include "pkcs11.h"

Go to the source code of this file.

Classes

struct  tuple_str
struct  CK_C_INITIALIZE_ARGS_NSS

Defines

#define NUM_ELEM(array)   (sizeof(array)/sizeof(array[0]))
#define NULL_PTR   0
#define MAX_SIG_SZ   128
#define MAX_CIPHER_SZ   128
#define MAX_DATA_SZ   64
#define MAX_DIGEST_SZ   64
#define HMAC_MAX_LENGTH   64
#define FIPSMODE   0
#define NONFIPSMODE   1
#define HYBRIDMODE   2
#define NOMODE   3

Typedefs

typedef struct tuple_str
typedef struct
CK_C_INITIALIZE_ARGS_NSS 
CK_C_INITIALIZE_ARGS_NSS

Enumerations

enum  enum_random_t {
  CORRECT, BOGUS_CLIENT_RANDOM, BOGUS_CLIENT_RANDOM_LEN, BOGUS_SERVER_RANDOM,
  BOGUS_SERVER_RANDOM_LEN, CORRECT, BOGUS_CLIENT_RANDOM, BOGUS_CLIENT_RANDOM_LEN,
  BOGUS_SERVER_RANDOM, BOGUS_SERVER_RANDOM_LEN
}

Functions

const char * PKM_CK_RVtoStr (CK_RV errNum)
void dumpToHash64 (const unsigned char *buf, unsigned int bufLen)
void PKM_LogIt (const char *fmt,...)
void PKM_Error (const char *fmt,...)
CK_SLOT_IDPKM_GetSlotList (CK_FUNCTION_LIST_PTR pFunctionList, CK_ULONG slotID)
CK_RV PKM_ShowInfo (CK_FUNCTION_LIST_PTR pFunctionList, CK_ULONG slotID)
CK_RV PKM_InitPWforDB (CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID *pSlotList, CK_ULONG slotID, CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen)
CK_RV PKM_Mechanism (CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID *pSlotList, CK_ULONG slotID)
CK_RV PKM_RNG (CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID *pSlotList, CK_ULONG slotID)
CK_RV PKM_SessionLogin (CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID *pSlotList, CK_ULONG slotID, CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen)
CK_RV PKM_SecretKey (CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID *pSlotList, CK_ULONG slotID, CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen)
CK_RV PKM_PublicKey (CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID *pSlotList, CK_ULONG slotID, CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen)
CK_RV PKM_HybridMode (CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen)
CK_RV PKM_FindAllObjects (CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID *pSlotList, CK_ULONG slotID, CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen)
CK_RV PKM_MultiObjectManagement (CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID *pSlotList, CK_ULONG slotID, CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen)
CK_RV PKM_OperationalState (CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID *pSlotList, CK_ULONG slotID, CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen)
CK_RV PKM_LegacyFunctions (CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID *pSlotList, CK_ULONG slotID, CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen)
CK_RV PKM_AttributeCheck (CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR expected_attrs, CK_ULONG expected_attrs_count)
CK_RV PKM_MechCheck (CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession, CK_MECHANISM_TYPE mechType, CK_FLAGS flags, CK_BBOOL check_sizes, CK_ULONG minkeysize, CK_ULONG maxkeysize)
CK_RV PKM_TLSKeyAndMacDerive (CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID *pSlotList, CK_ULONG slotID, CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen, CK_MECHANISM_TYPE mechType, enum_random_t rnd)
CK_RV PKM_TLSMasterKeyDerive (CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID *pSlotList, CK_ULONG slotID, CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen, CK_MECHANISM_TYPE mechType, enum_random_t rnd)
CK_RV PKM_KeyTests (CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID *pSlotList, CK_ULONG slotID, CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen)
CK_RV PKM_DualFuncSign (CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hRwSession, CK_OBJECT_HANDLE publicKey, CK_OBJECT_HANDLE privateKey, CK_MECHANISM *sigMech, CK_OBJECT_HANDLE secretKey, CK_MECHANISM *cryptMech, const CK_BYTE *pData, CK_ULONG pDataLen)
CK_RV PKM_DualFuncDigest (CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hSecKey, CK_MECHANISM *cryptMech, CK_OBJECT_HANDLE hSecKeyDigest, CK_MECHANISM *digestMech, const CK_BYTE *pData, CK_ULONG pDataLen)
CK_RV PKM_PubKeySign (CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hRwSession, CK_OBJECT_HANDLE hPubKey, CK_OBJECT_HANDLE hPrivKey, CK_MECHANISM *signMech, const CK_BYTE *pData, CK_ULONG dataLen)
CK_RV PKM_SecKeyCrypt (CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hSymKey, CK_MECHANISM *cryptMech, const CK_BYTE *pData, CK_ULONG dataLen)
CK_RV PKM_Hmac (CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE sKey, CK_MECHANISM *hmacMech, const CK_BYTE *pData, CK_ULONG pDataLen)
CK_RV PKM_Digest (CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hRwSession, CK_MECHANISM *digestMech, CK_OBJECT_HANDLE hSecretKey, const CK_BYTE *pData, CK_ULONG pDataLen)
CK_RV PKM_wrapUnwrap (CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hPublicKey, CK_OBJECT_HANDLE hPrivateKey, CK_MECHANISM *wrapMechanism, CK_OBJECT_HANDLE hSecretKey, CK_ATTRIBUTE *sKeyTemplate, CK_ULONG skeyTempSize)
CK_RV PKM_RecoverFunctions (CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hPubKey, CK_OBJECT_HANDLE hPrivKey, CK_MECHANISM *signMech, const CK_BYTE *pData, CK_ULONG pDataLen)
int main (int argc, char **argv)
 The Xalan testcases app.

Variables

static const tuple_str errStrings []
static const CK_ULONG numStrings = sizeof(errStrings) / sizeof(tuple_str)
static CK_ATTRIBUTE_TYPE all_known_attribute_types []
static int number_of_all_known_attribute_types
int MODE = FIPSMODE
CK_BBOOL true = CK_TRUE
CK_BBOOL false = CK_FALSE
static const CK_BYTE PLAINTEXT [] = {"Firefox Rules!"}
static const CK_BYTE PLAINTEXT_PAD [] = {"Firefox and thunderbird rule the world!"}
CK_ULONG NUMTESTS = 0
static const char * slotFlagName []
static const char * tokenFlagName []
static const unsigned char TLSClientRandom []
static const unsigned char TLSServerRandom []
PRLibrarylib

Class Documentation

struct tuple_str

Definition at line 105 of file errormap.c.

Class Members
CK_RV errNum
PRErrorCode errNum
const char * errString
struct CK_C_INITIALIZE_ARGS_NSS

Definition at line 222 of file pk11mode.c.

Class Members
CK_CREATEMUTEX CreateMutex
CK_DESTROYMUTEX DestroyMutex
CK_FLAGS flags
CK_CHAR_PTR * LibraryParameters
CK_LOCKMUTEX LockMutex
CK_VOID_PTR pReserved
CK_UNLOCKMUTEX UnlockMutex

Define Documentation

#define FIPSMODE   0

Definition at line 319 of file pk11mode.c.

Definition at line 318 of file pk11mode.c.

#define HYBRIDMODE   2

Definition at line 321 of file pk11mode.c.

#define MAX_CIPHER_SZ   128

Definition at line 315 of file pk11mode.c.

#define MAX_DATA_SZ   64

Definition at line 316 of file pk11mode.c.

Definition at line 317 of file pk11mode.c.

#define MAX_SIG_SZ   128

Definition at line 314 of file pk11mode.c.

#define NOMODE   3

Definition at line 322 of file pk11mode.c.

Definition at line 320 of file pk11mode.c.

#define NULL_PTR   0

Definition at line 64 of file pk11mode.c.

#define NUM_ELEM (   array)    (sizeof(array)/sizeof(array[0]))

Definition at line 61 of file pk11mode.c.


Typedef Documentation

typedef struct tuple_str

Definition at line 73 of file pk11mode.c.


Enumeration Type Documentation

Enumerator:
CORRECT 
BOGUS_CLIENT_RANDOM 
BOGUS_CLIENT_RANDOM_LEN 
BOGUS_SERVER_RANDOM 
BOGUS_SERVER_RANDOM_LEN 
CORRECT 
BOGUS_CLIENT_RANDOM 
BOGUS_CLIENT_RANDOM_LEN 
BOGUS_SERVER_RANDOM 
BOGUS_SERVER_RANDOM_LEN 

Definition at line 414 of file pk11mode.c.


Function Documentation

void dumpToHash64 ( const unsigned char *  buf,
unsigned int  bufLen 
)

Definition at line 423 of file pk11mode.c.

{
    unsigned int i;
    for (i = 0; i < bufLen; i += 8) {
        if (i % 32 == 0)
            printf("\n");
        printf(" 0x%02x,0x%02x,0x%02x,0x%02x,0x%02x,0x%02x,0x%02x,0x%02x,",
               buf[i  ], buf[i+1], buf[i+2], buf[i+3],
               buf[i+4], buf[i+5], buf[i+6], buf[i+7]);
    }
    printf("\n");
}
int main ( int  argc,
char **  argv 
)

The Xalan testcases app.

Definition at line 539 of file pk11mode.c.

{
    CK_C_GetFunctionList pC_GetFunctionList;
    CK_FUNCTION_LIST_PTR pFunctionList;
    CK_RV crv = CKR_OK;
    CK_C_INITIALIZE_ARGS_NSS initArgs;
    CK_SLOT_ID *pSlotList = NULL;
    CK_UTF8CHAR pwd[] ="1Mozilla";
    CK_TOKEN_INFO tokenInfo;
    CK_ULONG slotID;

    slotID = 0;
    if (argc == 2) {
        if (strcmp(argv[1], "FIPS") == 0) {
            MODE = FIPSMODE;
        } else {
            MODE = NONFIPSMODE;
            slotID = 1;
        }
    } else MODE = FIPSMODE;

#ifdef _WIN32
    hModule = LoadLibrary(LIB_NAME);
    if (hModule == NULL) {
        PKM_Error( "cannot load %s\n", LIB_NAME);
        exit(1);
    }
    if (MODE == FIPSMODE) {
        /* FIPS mode == FC_GetFunctionList */
        pC_GetFunctionList = (CK_C_GetFunctionList)
                             GetProcAddress(hModule, "FC_GetFunctionList");
        PKM_LogIt("loading FC_GetFunctionList for FIPS Mode; slotID %d \n",
                  slotID);
        PKM_LogIt("pFunctionList->C_Foo == pFunctionList->FC_Foo\n");

    } else {
        /* NON FIPS mode  == C_GetFunctionList */
        pC_GetFunctionList = (CK_C_GetFunctionList)
                             GetProcAddress(hModule, "C_GetFunctionList");
        PKM_LogIt("loading C_GetFunctionList for Non FIPS Mode; slotID %d \n",
                  slotID);
    }
    if (pC_GetFunctionList == NULL) {
        PKM_Error( "cannot load %s\n", LIB_NAME);
        exit(1);
    }
#else
    {
    char *libname = NULL;
    /* Get the platform-dependent library name of the NSS cryptographic module */
    libname = PR_GetLibraryName(NULL, "softokn3");
    assert(libname != NULL);
    lib = PR_LoadLibrary(libname);
    assert(lib != NULL);
    PR_FreeLibraryName(libname);
    } 
    if (MODE == FIPSMODE) {
        pC_GetFunctionList = (CK_C_GetFunctionList) PR_FindFunctionSymbol(lib,
        "FC_GetFunctionList");
        assert(pC_GetFunctionList != NULL);
        slotID = 0;
    } else {
        pC_GetFunctionList = (CK_C_GetFunctionList) PR_FindFunctionSymbol(lib,
        "C_GetFunctionList");
        assert(pC_GetFunctionList != NULL);
        slotID = 1;
    }
#endif

    crv = (*pC_GetFunctionList)(&pFunctionList);
    assert(crv == CKR_OK);

    initArgs.CreateMutex = NULL;
    initArgs.DestroyMutex = NULL;
    initArgs.LockMutex = NULL;
    initArgs.UnlockMutex = NULL;
    initArgs.flags = CKF_OS_LOCKING_OK;
    initArgs.LibraryParameters = (CK_CHAR_PTR *)
    "configdir='.' certPrefix='' keyPrefix='' secmod='secmod.db' flags= ";
    initArgs.pReserved = NULL;

    /*DebugBreak();*/
    /* FIPSMODE invokes FC_Initialize as pFunctionList->C_Initialize */
    /* NSS cryptographic module library initialization for the FIPS  */
    /* Approved mode when FC_Initialize is envoked will perfom       */
    /* software integrity test, and power-up self-tests before       */
    /* FC_Initialize returns                                         */
    crv = pFunctionList->C_Initialize(&initArgs);
    if (crv == CKR_OK) {
        PKM_LogIt("C_Initialize succeeded\n");
    } else {
        PKM_Error( "C_Initialize failed with 0x%08X, %-26s\n", crv, 
                   PKM_CK_RVtoStr(crv));
        exit(1);
    }
    crv = PKM_ShowInfo(pFunctionList, slotID);
    if (crv == CKR_OK) {
        PKM_LogIt("PKM_ShowInfo succeeded\n");
    } else {
        PKM_Error( "PKM_ShowInfo failed with 0x%08X, %-26s\n", crv, 
                   PKM_CK_RVtoStr(crv));
        exit(1);
    }
    pSlotList = PKM_GetSlotList(pFunctionList, slotID);
    if (pSlotList == NULL) {
        PKM_Error( "PKM_GetSlotList failed with \n");
        exit(1);
    }
    crv = pFunctionList->C_GetTokenInfo(pSlotList[slotID], &tokenInfo);
    if (crv == CKR_OK) {
        PKM_LogIt("C_GetTokenInfo succeeded\n\n");
    } else {
        PKM_Error( "C_GetTokenInfo failed with 0x%08X, %-26s\n", crv, 
                   PKM_CK_RVtoStr(crv));
        exit(1);
    }

    if (!(tokenInfo.flags & CKF_USER_PIN_INITIALIZED)) {
        PKM_LogIt("Initing PW for DB\n");
        PKM_InitPWforDB(pFunctionList, pSlotList, slotID,
                        pwd, sizeof(pwd));
    } else {
        PKM_LogIt("using existing DB\n");
    }

    /* general mechanism by token */ 
    crv = PKM_Mechanism(pFunctionList, pSlotList, slotID);
    if (crv == CKR_OK) {
        PKM_LogIt("PKM_Mechanism succeeded\n\n");
    } else {
        PKM_Error( "PKM_Mechanism failed with 0x%08X, %-26s\n", crv, 
                   PKM_CK_RVtoStr(crv));
        exit(1);
    } 
    /* RNG example without Login */
    crv = PKM_RNG(pFunctionList, pSlotList, slotID);
    if (crv == CKR_OK) {
        PKM_LogIt("PKM_RNG succeeded\n\n");
    } else {
        PKM_Error( "PKM_RNG failed with 0x%08X, %-26s\n", crv, 
                   PKM_CK_RVtoStr(crv));
        exit(1);
    }

    crv = PKM_SessionLogin(pFunctionList, pSlotList, slotID,
                           pwd, sizeof(pwd));
    if (crv == CKR_OK) {
        PKM_LogIt("PKM_SessionLogin succeeded\n\n");
    } else {
        PKM_Error( "PKM_SessionLogin failed with 0x%08X, %-26s\n", crv, 
                   PKM_CK_RVtoStr(crv));
        exit(1);
    }

    /*
     * PKM_KeyTest creates RSA,DSA public keys 
     * and AES, DES3 secret keys.
     * then does digest, hmac, encrypt/decrypt, signing operations. 
     */
    crv = PKM_KeyTests(pFunctionList, pSlotList, slotID,
                            pwd, sizeof(pwd));
    if (crv == CKR_OK) {
        PKM_LogIt("PKM_KeyTests succeeded\n\n");
    } else {
        PKM_Error( "PKM_KeyTest failed with 0x%08X, %-26s\n", crv, 
                   PKM_CK_RVtoStr(crv));
        exit(1);
    }

    crv = PKM_SecretKey(pFunctionList, pSlotList, slotID, pwd, sizeof(pwd));
    if (crv == CKR_OK) {
        PKM_LogIt("PKM_SecretKey succeeded\n\n");
    } else {
        PKM_Error( "PKM_SecretKey failed with 0x%08X, %-26s\n", crv, 
                   PKM_CK_RVtoStr(crv));
        exit(1);
    }

    crv = PKM_PublicKey(pFunctionList, pSlotList, slotID,
                        pwd, sizeof(pwd));
    if (crv == CKR_OK) {
        PKM_LogIt("PKM_PublicKey succeeded\n\n");
    } else {
        PKM_Error( "PKM_PublicKey failed with 0x%08X, %-26s\n", crv, 
                   PKM_CK_RVtoStr(crv));
        exit(1);
    }
    crv = PKM_OperationalState(pFunctionList, pSlotList, slotID,
                               pwd, sizeof(pwd));
    if (crv == CKR_OK) {
        PKM_LogIt("PKM_OperationalState succeeded\n\n");
    } else {
        PKM_Error( "PKM_OperationalState failed with 0x%08X, %-26s\n", crv, 
                   PKM_CK_RVtoStr(crv));
        exit(1);
    }
    crv = PKM_MultiObjectManagement(pFunctionList, pSlotList, slotID,
                                    pwd, sizeof(pwd));
    if (crv == CKR_OK) {
        PKM_LogIt("PKM_MultiObjectManagement succeeded\n\n");
    } else {
        PKM_Error( "PKM_MultiObjectManagement failed with 0x%08X, %-26s\n", crv, 
                   PKM_CK_RVtoStr(crv));
        exit(1);
    }
    crv = PKM_LegacyFunctions(pFunctionList, pSlotList, slotID,
                              pwd, sizeof(pwd));
    if (crv == CKR_OK) {
        PKM_LogIt("PKM_LegacyFunctions succeeded\n\n");
    } else {
        PKM_Error( "PKM_LegacyFunctions failed with 0x%08X, %-26s\n", crv, 
                   PKM_CK_RVtoStr(crv));
        exit(1);
    }
    crv = PKM_TLSKeyAndMacDerive(pFunctionList, pSlotList, slotID,
                                 pwd, sizeof(pwd),
                                 CKM_TLS_KEY_AND_MAC_DERIVE, CORRECT);

    if (crv == CKR_OK) {
        PKM_LogIt("PKM_TLSKeyAndMacDerive succeeded\n\n");
    } else {
        PKM_Error( "PKM_TLSKeyAndMacDerive failed with 0x%08X, %-26s\n", crv, 
                   PKM_CK_RVtoStr(crv));
        exit(1);
    }
    crv = PKM_TLSMasterKeyDerive(pFunctionList, pSlotList, slotID,
                                 pwd, sizeof(pwd),CKM_TLS_MASTER_KEY_DERIVE,
                                 CORRECT);
    if (crv == CKR_OK) {
        PKM_LogIt("PKM_TLSMasterKeyDerive succeeded\n\n");
    } else {
        PKM_Error( "PKM_TLSMasterKeyDerive failed with 0x%08X, %-26s\n", crv, 
                   PKM_CK_RVtoStr(crv));
        exit(1);
    }
    crv = PKM_TLSMasterKeyDerive(pFunctionList, pSlotList, slotID,
                                 pwd, sizeof(pwd),CKM_TLS_MASTER_KEY_DERIVE_DH,
                                 CORRECT);
    if (crv == CKR_OK) {
        PKM_LogIt("PKM_TLSMasterKeyDerive succeeded\n\n");
    } else {
        PKM_Error( "PKM_TLSMasterKeyDerive failed with 0x%08X, %-26s\n", crv, 
                   PKM_CK_RVtoStr(crv));
        exit(1);
    }
    crv = PKM_FindAllObjects(pFunctionList, pSlotList, slotID,
                             pwd, sizeof(pwd));
    if (crv == CKR_OK) {
        PKM_LogIt("PKM_FindAllObjects succeeded\n\n");
    } else {
        PKM_Error( "PKM_FindAllObjects failed with 0x%08X, %-26s\n", crv, 
                   PKM_CK_RVtoStr(crv));
        exit(1);
    }
    crv = pFunctionList->C_Finalize(NULL);
    if (crv == CKR_OK) {
        PKM_LogIt("C_Finalize succeeded\n");
    } else {
        PKM_Error( "C_Finalize failed with 0x%08X, %-26s\n", crv, 
                   PKM_CK_RVtoStr(crv));
        exit(1);
    }

    if (pSlotList) free(pSlotList);

    /* demostrate how an application can be in Hybrid mode */
    /* PKM_HybridMode shows how to switch between NONFIPS */
    /* mode to FIPS mode */

    PKM_LogIt("Testing Hybrid mode \n");
    crv = PKM_HybridMode(pwd, sizeof(pwd));
    if (crv == CKR_OK) {
        PKM_LogIt("PKM_HybridMode succeeded\n");
    } else {
        PKM_Error( "PKM_HybridMode failed with 0x%08X, %-26s\n", crv, 
                   PKM_CK_RVtoStr(crv));
        exit(1);
    }
    
    PKM_LogIt("**** ALL TESTS PASSED ****\n");
    PKM_LogIt("**** Total number of TESTS %d. ****\n", NUMTESTS);
    PKM_LogIt("unloading NSS PKCS # 11 softoken and exiting\n");

#ifdef _WIN32
    FreeLibrary(hModule);
#else 
    PR_UnloadLibrary(lib);
#endif

    return 0;
}

Here is the call graph for this function:

CK_RV PKM_AttributeCheck ( CK_FUNCTION_LIST_PTR  pFunctionList,
CK_SESSION_HANDLE  hSession,
CK_OBJECT_HANDLE  obj,
CK_ATTRIBUTE_PTR  expected_attrs,
CK_ULONG  expected_attrs_count 
)
const char* PKM_CK_RVtoStr ( CK_RV  errNum)

Definition at line 172 of file pk11mode.c.

                             {
    CK_ULONG low  = 1;
    CK_ULONG high = numStrings - 1;
    CK_ULONG i;
    CK_RV num;
    static int initDone;

    /* make sure table is in  ascending order.
     * binary search depends on it.
     */
    if (!initDone) {
        CK_RV lastNum = CKR_OK;
        for (i = low; i <= high; ++i) {
            num = errStrings[i].errNum;
            if (num <= lastNum) {
                    fprintf(stderr,
"sequence error in error strings at item %d\n"
"error %d (%s)\n"
"should come after \n"
"error %d (%s)\n",
                        (int) i, (int) lastNum, errStrings[i-1].errString,
                        (int) num, errStrings[i].errString);
            }
            lastNum = num;
        }
        initDone = 1;
    }

    /* Do binary search of table. */
    while (low + 1 < high) {
        i = (low + high) / 2;
        num = errStrings[i].errNum;
        if (errNum == num)
            return errStrings[i].errString;
        if (errNum < num)
            high = i;
        else
            low = i;
    }
    if (errNum == errStrings[low].errNum)
            return errStrings[low].errString;
    if (errNum == errStrings[high].errNum)
            return errStrings[high].errString;
    return "unknown error";
}

Here is the call graph for this function:

CK_RV PKM_Digest ( CK_FUNCTION_LIST_PTR  pFunctionList,
CK_SESSION_HANDLE  hRwSession,
CK_MECHANISM digestMech,
CK_OBJECT_HANDLE  hSecretKey,
const CK_BYTE pData,
CK_ULONG  pDataLen 
)
CK_RV PKM_DualFuncDigest ( CK_FUNCTION_LIST_PTR  pFunctionList,
CK_SESSION_HANDLE  hSession,
CK_OBJECT_HANDLE  hSecKey,
CK_MECHANISM cryptMech,
CK_OBJECT_HANDLE  hSecKeyDigest,
CK_MECHANISM digestMech,
const CK_BYTE pData,
CK_ULONG  pDataLen 
)
CK_RV PKM_DualFuncSign ( CK_FUNCTION_LIST_PTR  pFunctionList,
CK_SESSION_HANDLE  hRwSession,
CK_OBJECT_HANDLE  publicKey,
CK_OBJECT_HANDLE  privateKey,
CK_MECHANISM sigMech,
CK_OBJECT_HANDLE  secretKey,
CK_MECHANISM cryptMech,
const CK_BYTE pData,
CK_ULONG  pDataLen 
)
void PKM_Error ( const char *  fmt,
  ... 
)
CK_RV PKM_FindAllObjects ( CK_FUNCTION_LIST_PTR  pFunctionList,
CK_SLOT_ID pSlotList,
CK_ULONG  slotID,
CK_UTF8CHAR_PTR  pwd,
CK_ULONG  pwdLen 
)
CK_SLOT_ID* PKM_GetSlotList ( CK_FUNCTION_LIST_PTR  pFunctionList,
CK_ULONG  slotID 
)
CK_RV PKM_Hmac ( CK_FUNCTION_LIST_PTR  pFunctionList,
CK_SESSION_HANDLE  hSession,
CK_OBJECT_HANDLE  sKey,
CK_MECHANISM hmacMech,
const CK_BYTE pData,
CK_ULONG  pDataLen 
)

Definition at line 1930 of file pk11mode.c.

                                                           {

    CK_C_GetFunctionList pC_GetFunctionList;  /* NONFIPSMode */
    CK_FUNCTION_LIST_PTR pC_FunctionList;
    CK_SLOT_ID *pC_SlotList = NULL;
    CK_ULONG slotID_C = 1;

    CK_C_GetFunctionList pFC_GetFunctionList; /* FIPSMode */
    CK_FUNCTION_LIST_PTR pFC_FunctionList;
    CK_SLOT_ID *pFC_SlotList = NULL;
    CK_ULONG slotID_FC = 0;


    CK_RV crv = CKR_OK;
    CK_C_INITIALIZE_ARGS_NSS initArgs;
    CK_SESSION_HANDLE hSession;

    NUMTESTS++; /* increment NUMTESTS */
    MODE = NONFIPSMODE;
#ifdef _WIN32
    /* NON FIPS mode  == C_GetFunctionList */
    pC_GetFunctionList = (CK_C_GetFunctionList)
                         GetProcAddress(hModule, "C_GetFunctionList");
    if (pC_GetFunctionList == NULL) {
        PKM_Error( "cannot load %s\n", LIB_NAME);
        return crv;
    }
#else
        pC_GetFunctionList = (CK_C_GetFunctionList) PR_FindFunctionSymbol(lib,
        "C_GetFunctionList");
        assert(pC_GetFunctionList != NULL);
#endif
    PKM_LogIt("loading C_GetFunctionList for Non FIPS Mode; slotID %d \n",
              slotID_C);
    crv = (*pC_GetFunctionList)(&pC_FunctionList);
    assert(crv == CKR_OK);

    initArgs.CreateMutex = NULL;
    initArgs.DestroyMutex = NULL;
    initArgs.LockMutex = NULL;
    initArgs.UnlockMutex = NULL;
    initArgs.flags = CKF_OS_LOCKING_OK;
    initArgs.LibraryParameters = (CK_CHAR_PTR *)
    "configdir='.' certPrefix='' keyPrefix='' secmod='secmod.db' flags= ";
    initArgs.pReserved = NULL;

    /* invoke C_Initialize as pC_FunctionList->C_Initialize */
    crv = pC_FunctionList->C_Initialize(&initArgs);
    if (crv == CKR_OK) {
        PKM_LogIt("C_Initialize succeeded\n");
    } else {
        PKM_Error( "C_Initialize failed with 0x%08X, %-26s\n", crv, 
                   PKM_CK_RVtoStr(crv));
        return crv;
    }

    pC_SlotList = PKM_GetSlotList(pC_FunctionList, slotID_C);
    if (pC_SlotList == NULL) {
        PKM_Error( "PKM_GetSlotList failed with \n");
        return crv;
    }
    crv = pC_FunctionList->C_OpenSession(pC_SlotList[slotID_C],
                                         CKF_SERIAL_SESSION,
                                         NULL, NULL, &hSession);
    if (crv == CKR_OK) {
        PKM_LogIt("NONFIPS C_OpenSession succeeded\n");
    } else {
        PKM_Error( "C_OpenSession failed for NONFIPS token "
                   "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
        return crv;
    }

    crv = pC_FunctionList->C_Login(hSession, CKU_USER, pwd, pwdLen);
    if (crv == CKR_OK) {
        PKM_LogIt("able to login in NONFIPS token\n");
    } else {
        PKM_Error( "Unable to login in to NONFIPS token "
                   "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
        return crv;
    }

    crv = pC_FunctionList->C_Logout(hSession);
    if (crv == CKR_OK) {
        PKM_LogIt("C_Logout succeeded\n");
    } else {
        PKM_Error( "C_Logout failed with 0x%08X, %-26s\n", crv, 
                   PKM_CK_RVtoStr(crv));
        return crv;
    }

    PKM_ShowInfo(pC_FunctionList, slotID_C);
    MODE = HYBRIDMODE;

    /* Now load the FIPS token */
    /* FIPS mode == FC_GetFunctionList */
    pFC_GetFunctionList = NULL; 
#ifdef _WIN32
    pFC_GetFunctionList = (CK_C_GetFunctionList)
                          GetProcAddress(hModule, "FC_GetFunctionList");
#else
     pFC_GetFunctionList = (CK_C_GetFunctionList) PR_FindFunctionSymbol(lib,
        "FC_GetFunctionList");
        assert(pFC_GetFunctionList != NULL);
#endif

    PKM_LogIt("loading FC_GetFunctionList for FIPS Mode; slotID %d \n",
              slotID_FC);
    PKM_LogIt("pFC_FunctionList->C_Foo == pFC_FunctionList->FC_Foo\n");
    if (pFC_GetFunctionList == NULL) {
        PKM_Error( "unable to load pFC_GetFunctionList\n");
        return crv;
    }

    crv = (*pFC_GetFunctionList)(&pFC_FunctionList);
    assert(crv == CKR_OK);

    /* invoke FC_Initialize as pFunctionList->C_Initialize */
    crv = pFC_FunctionList->C_Initialize(&initArgs);
    if (crv == CKR_OK) {
        PKM_LogIt("FC_Initialize succeeded\n");
    } else {
        PKM_Error( "FC_Initialize failed with 0x%08X, %-26s\n", crv, 
                   PKM_CK_RVtoStr(crv));
        return crv;
    }
    PKM_ShowInfo(pFC_FunctionList, slotID_FC);

    pFC_SlotList = PKM_GetSlotList(pFC_FunctionList, slotID_FC);
    if (pFC_SlotList == NULL) {
        PKM_Error( "PKM_GetSlotList failed with \n");
        return crv;
    }

    crv = pC_FunctionList->C_Login(hSession, CKU_USER, pwd, pwdLen);
    if (crv != CKR_OK) {
        PKM_LogIt("NONFIPS token cannot log in when FIPS token is loaded\n");
    } else {
        PKM_Error("Able to login in to NONFIPS token\n");
        return crv;
    }
    crv = pC_FunctionList->C_CloseSession(hSession);
    if (crv == CKR_OK) {
        PKM_LogIt("NONFIPS pC_CloseSession succeeded\n");
    } else {
        PKM_Error( "pC_CloseSession failed for NONFIPS token "
                   "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
        return crv;
    }

    PKM_LogIt("The module is FIPS 140-2 compliant\n"
              "only when the NONFIPS Approved mode is inactive by \n"
              "calling C_Finalize on the NONFIPS token.\n");


    /* to go in FIPSMODE you must Finalize the NONFIPS mode pointer */
    crv = pC_FunctionList->C_Finalize(NULL);
    if (crv == CKR_OK) {
        PKM_LogIt("C_Finalize of NONFIPS Token succeeded\n");
        MODE = FIPSMODE;
    } else {
        PKM_Error( "C_Finalize of NONFIPS Token failed with "
                   "0x%08X, %-26s\n", crv, 
                   PKM_CK_RVtoStr(crv));
        return crv;
    }

    PKM_LogIt("*** In FIPS mode!  ***\n");

    /* could do some operations in FIPS MODE */

    crv = pFC_FunctionList->C_Finalize(NULL);
    if (crv == CKR_OK) {
        PKM_LogIt("Exiting FIPSMODE by caling FC_Finalize.\n");
        MODE = NOMODE;
    } else {
        PKM_Error( "FC_Finalize failed with 0x%08X, %-26s\n", crv, 
                   PKM_CK_RVtoStr(crv));
        return crv;
    }

    if (pC_SlotList) free(pC_SlotList);
    if (pFC_SlotList) free(pFC_SlotList);

    PKM_LogIt("PKM_HybridMode test Completed\n\n");
    return crv;
}

Here is the call graph for this function:

CK_RV PKM_InitPWforDB ( CK_FUNCTION_LIST_PTR  pFunctionList,
CK_SLOT_ID pSlotList,
CK_ULONG  slotID,
CK_UTF8CHAR_PTR  pwd,
CK_ULONG  pwdLen 
)
CK_RV PKM_KeyTests ( CK_FUNCTION_LIST_PTR  pFunctionList,
CK_SLOT_ID pSlotList,
CK_ULONG  slotID,
CK_UTF8CHAR_PTR  pwd,
CK_ULONG  pwdLen 
)
CK_RV PKM_LegacyFunctions ( CK_FUNCTION_LIST_PTR  pFunctionList,
CK_SLOT_ID pSlotList,
CK_ULONG  slotID,
CK_UTF8CHAR_PTR  pwd,
CK_ULONG  pwdLen 
)
void PKM_LogIt ( const char *  fmt,
  ... 
)
CK_RV PKM_Mechanism ( CK_FUNCTION_LIST_PTR  pFunctionList,
CK_SLOT_ID pSlotList,
CK_ULONG  slotID 
)
CK_RV PKM_MechCheck ( CK_FUNCTION_LIST_PTR  pFunctionList,
CK_SESSION_HANDLE  hSession,
CK_MECHANISM_TYPE  mechType,
CK_FLAGS  flags,
CK_BBOOL  check_sizes,
CK_ULONG  minkeysize,
CK_ULONG  maxkeysize 
)
CK_RV PKM_MultiObjectManagement ( CK_FUNCTION_LIST_PTR  pFunctionList,
CK_SLOT_ID pSlotList,
CK_ULONG  slotID,
CK_UTF8CHAR_PTR  pwd,
CK_ULONG  pwdLen 
)
CK_RV PKM_OperationalState ( CK_FUNCTION_LIST_PTR  pFunctionList,
CK_SLOT_ID pSlotList,
CK_ULONG  slotID,
CK_UTF8CHAR_PTR  pwd,
CK_ULONG  pwdLen 
)
CK_RV PKM_PubKeySign ( CK_FUNCTION_LIST_PTR  pFunctionList,
CK_SESSION_HANDLE  hRwSession,
CK_OBJECT_HANDLE  hPubKey,
CK_OBJECT_HANDLE  hPrivKey,
CK_MECHANISM signMech,
const CK_BYTE pData,
CK_ULONG  dataLen 
)
CK_RV PKM_PublicKey ( CK_FUNCTION_LIST_PTR  pFunctionList,
CK_SLOT_ID pSlotList,
CK_ULONG  slotID,
CK_UTF8CHAR_PTR  pwd,
CK_ULONG  pwdLen 
)
CK_RV PKM_RecoverFunctions ( CK_FUNCTION_LIST_PTR  pFunctionList,
CK_SESSION_HANDLE  hSession,
CK_OBJECT_HANDLE  hPubKey,
CK_OBJECT_HANDLE  hPrivKey,
CK_MECHANISM signMech,
const CK_BYTE pData,
CK_ULONG  pDataLen 
)
CK_RV PKM_RNG ( CK_FUNCTION_LIST_PTR  pFunctionList,
CK_SLOT_ID pSlotList,
CK_ULONG  slotID 
)
CK_RV PKM_SecKeyCrypt ( CK_FUNCTION_LIST_PTR  pFunctionList,
CK_SESSION_HANDLE  hSession,
CK_OBJECT_HANDLE  hSymKey,
CK_MECHANISM cryptMech,
const CK_BYTE pData,
CK_ULONG  dataLen 
)
CK_RV PKM_SecretKey ( CK_FUNCTION_LIST_PTR  pFunctionList,
CK_SLOT_ID pSlotList,
CK_ULONG  slotID,
CK_UTF8CHAR_PTR  pwd,
CK_ULONG  pwdLen 
)
CK_RV PKM_SessionLogin ( CK_FUNCTION_LIST_PTR  pFunctionList,
CK_SLOT_ID pSlotList,
CK_ULONG  slotID,
CK_UTF8CHAR_PTR  pwd,
CK_ULONG  pwdLen 
)
CK_RV PKM_ShowInfo ( CK_FUNCTION_LIST_PTR  pFunctionList,
CK_ULONG  slotID 
)
CK_RV PKM_TLSKeyAndMacDerive ( CK_FUNCTION_LIST_PTR  pFunctionList,
CK_SLOT_ID pSlotList,
CK_ULONG  slotID,
CK_UTF8CHAR_PTR  pwd,
CK_ULONG  pwdLen,
CK_MECHANISM_TYPE  mechType,
enum_random_t  rnd 
)
CK_RV PKM_TLSMasterKeyDerive ( CK_FUNCTION_LIST_PTR  pFunctionList,
CK_SLOT_ID pSlotList,
CK_ULONG  slotID,
CK_UTF8CHAR_PTR  pwd,
CK_ULONG  pwdLen,
CK_MECHANISM_TYPE  mechType,
enum_random_t  rnd 
)
CK_RV PKM_wrapUnwrap ( CK_FUNCTION_LIST_PTR  pFunctionList,
CK_SESSION_HANDLE  hSession,
CK_OBJECT_HANDLE  hPublicKey,
CK_OBJECT_HANDLE  hPrivateKey,
CK_MECHANISM wrapMechanism,
CK_OBJECT_HANDLE  hSecretKey,
CK_ATTRIBUTE sKeyTemplate,
CK_ULONG  skeyTempSize 
)

Variable Documentation

Definition at line 239 of file pk11mode.c.

Definition at line 75 of file pk11mode.c.

Definition at line 326 of file pk11mode.c.

Definition at line 440 of file pk11mode.c.

Definition at line 323 of file pk11mode.c.

Initial value:

Definition at line 311 of file pk11mode.c.

const CK_ULONG numStrings = sizeof(errStrings) / sizeof(tuple_str) [static]

Definition at line 166 of file pk11mode.c.

Definition at line 329 of file pk11mode.c.

const CK_BYTE PLAINTEXT[] = {"Firefox Rules!"} [static]

Definition at line 327 of file pk11mode.c.

const CK_BYTE PLAINTEXT_PAD[] = {"Firefox and thunderbird rule the world!"} [static]

Definition at line 328 of file pk11mode.c.

const char* slotFlagName[] [static]

Definition at line 331 of file pk11mode.c.

const unsigned char TLSClientRandom[] [static]
Initial value:
 {
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x0d, 0x90, 0xbb, 0x5e, 0xc6, 0xe1, 0x3f, 0x71,
    0x0a, 0xa2, 0x70, 0x5a, 0x4f, 0xbc, 0x3f, 0x0d
}

Definition at line 401 of file pk11mode.c.

const unsigned char TLSServerRandom[] [static]
Initial value:
 {
    0x00, 0x00, 0x1d, 0x4a, 0x7a, 0x0a, 0xa5, 0x01,
    0x8e, 0x79, 0x72, 0xde, 0x9e, 0x2f, 0x8a, 0x0d,
    0xed, 0xb2, 0x5d, 0xf1, 0x14, 0xc2, 0xc6, 0x66,
    0x95, 0x86, 0xb0, 0x0d, 0x87, 0x2a, 0x2a, 0xc9
}

Definition at line 407 of file pk11mode.c.

const char* tokenFlagName[] [static]

Definition at line 366 of file pk11mode.c.

Definition at line 325 of file pk11mode.c.