Back to index

lightning-sunbird  0.9+nobinonly
Defines | Functions
pk11obj.c File Reference
#include "seccomon.h"
#include "secmod.h"
#include "secmodi.h"
#include "secmodti.h"
#include "pkcs11.h"
#include "pkcs11t.h"
#include "pk11func.h"
#include "key.h"
#include "secitem.h"
#include "secerr.h"
#include "sslerr.h"

Go to the source code of this file.

Defines

#define PK11_SEARCH_CHUNKSIZE   10

Functions

SECItem * PK11_BlockData (SECItem *data, unsigned long size)
SECStatus PK11_DestroyObject (PK11SlotInfo *slot, CK_OBJECT_HANDLE object)
SECStatus PK11_DestroyTokenObject (PK11SlotInfo *slot, CK_OBJECT_HANDLE object)
SECStatus PK11_ReadAttribute (PK11SlotInfo *slot, CK_OBJECT_HANDLE id, CK_ATTRIBUTE_TYPE type, PRArenaPool *arena, SECItem *result)
CK_ULONG PK11_ReadULongAttribute (PK11SlotInfo *slot, CK_OBJECT_HANDLE id, CK_ATTRIBUTE_TYPE type)
CK_BBOOL PK11_HasAttributeSet (PK11SlotInfo *slot, CK_OBJECT_HANDLE id, CK_ATTRIBUTE_TYPE type)
CK_RV PK11_GetAttributes (PRArenaPool *arena, PK11SlotInfo *slot, CK_OBJECT_HANDLE obj, CK_ATTRIBUTE *attr, int count)
PRBool PK11_IsPermObject (PK11SlotInfo *slot, CK_OBJECT_HANDLE handle)
char * PK11_GetObjectNickname (PK11SlotInfo *slot, CK_OBJECT_HANDLE id)
SECStatus PK11_SetObjectNickname (PK11SlotInfo *slot, CK_OBJECT_HANDLE id, const char *nickname)
void pk11_SignedToUnsigned (CK_ATTRIBUTE *attrib)
CK_SESSION_HANDLE pk11_GetNewSession (PK11SlotInfo *slot, PRBool *owner)
void pk11_CloseSession (PK11SlotInfo *slot, CK_SESSION_HANDLE session, PRBool owner)
SECStatus PK11_CreateNewObject (PK11SlotInfo *slot, CK_SESSION_HANDLE session, CK_ATTRIBUTE *theTemplate, int count, PRBool token, CK_OBJECT_HANDLE *objectID)
unsigned int pk11_OpFlagsToAttributes (CK_FLAGS flags, CK_ATTRIBUTE *attrs, CK_BBOOL *ckTrue)
PRBool pk11_BadAttrFlags (PK11AttrFlags attrFlags)
unsigned int pk11_AttrFlagsToAttributes (PK11AttrFlags attrFlags, CK_ATTRIBUTE *attrs, CK_BBOOL *ckTrue, CK_BBOOL *ckFalse)
static int pk11_backupGetSignLength (SECKEYPrivateKey *key)
int PK11_SignatureLen (SECKEYPrivateKey *key)
CK_OBJECT_HANDLE PK11_CopyKey (PK11SlotInfo *slot, CK_OBJECT_HANDLE srcObject)
PRBool pk11_FindAttrInTemplate (CK_ATTRIBUTE *attr, unsigned int numAttrs, CK_ATTRIBUTE_TYPE target)
SECStatus PK11_VerifyRecover (SECKEYPublicKey *key, SECItem *sig, SECItem *dsig, void *wincx)
SECStatus PK11_Verify (SECKEYPublicKey *key, SECItem *sig, SECItem *hash, void *wincx)
SECStatus PK11_Sign (SECKEYPrivateKey *key, SECItem *sig, SECItem *hash)
static SECStatus pk11_PrivDecryptRaw (SECKEYPrivateKey *key, unsigned char *data, unsigned *outLen, unsigned int maxLen, unsigned char *enc, unsigned encLen, CK_MECHANISM_PTR mech)
SECStatus PK11_PubDecryptRaw (SECKEYPrivateKey *key, unsigned char *data, unsigned *outLen, unsigned int maxLen, unsigned char *enc, unsigned encLen)
SECStatus PK11_PrivDecryptPKCS1 (SECKEYPrivateKey *key, unsigned char *data, unsigned *outLen, unsigned int maxLen, unsigned char *enc, unsigned encLen)
static SECStatus pk11_PubEncryptRaw (SECKEYPublicKey *key, unsigned char *enc, unsigned char *data, unsigned dataLen, CK_MECHANISM_PTR mech, void *wincx)
SECStatus PK11_PubEncryptRaw (SECKEYPublicKey *key, unsigned char *enc, unsigned char *data, unsigned dataLen, void *wincx)
SECStatus PK11_PubEncryptPKCS1 (SECKEYPublicKey *key, unsigned char *enc, unsigned char *data, unsigned dataLen, void *wincx)
SECKEYPrivateKey * PK11_UnwrapPrivKey (PK11SlotInfo *slot, PK11SymKey *wrappingKey, CK_MECHANISM_TYPE wrapType, SECItem *param, SECItem *wrappedKey, SECItem *label, SECItem *idValue, PRBool perm, PRBool sensitive, CK_KEY_TYPE keyType, CK_ATTRIBUTE_TYPE *usage, int usageCount, void *wincx)
SECStatus PK11_WrapPrivKey (PK11SlotInfo *slot, PK11SymKey *wrappingKey, SECKEYPrivateKey *privKey, CK_MECHANISM_TYPE wrapType, SECItem *param, SECItem *wrappedKey, void *wincx)
PK11GenericObject * PK11_FindGenericObjects (PK11SlotInfo *slot, CK_OBJECT_CLASS objClass)
PK11GenericObject * PK11_GetNextGenericObject (PK11GenericObject *object)
PK11GenericObject * PK11_GetPrevGenericObject (PK11GenericObject *object)
SECStatus PK11_LinkGenericObject (PK11GenericObject *list, PK11GenericObject *object)
SECStatus PK11_UnlinkGenericObject (PK11GenericObject *object)
SECStatus PK11_DestroyGenericObject (PK11GenericObject *object)
SECStatus PK11_DestroyGenericObjects (PK11GenericObject *objects)
SECStatus PK11_ReadRawAttribute (PK11ObjectType objType, void *objSpec, CK_ATTRIBUTE_TYPE attrType, SECItem *item)
CK_OBJECT_HANDLE pk11_FindObjectByTemplate (PK11SlotInfo *slot, CK_ATTRIBUTE *theTemplate, int tsize)
CK_OBJECT_HANDLEpk11_FindObjectsByTemplate (PK11SlotInfo *slot, CK_ATTRIBUTE *findTemplate, int findCount, int *object_count)
CK_OBJECT_HANDLE PK11_MatchItem (PK11SlotInfo *slot, CK_OBJECT_HANDLE searchID, CK_OBJECT_CLASS matchclass)
int PK11_NumberObjectsFor (PK11SlotInfo *slot, CK_ATTRIBUTE *findTemplate, int templateCount)
SECStatus PK11_TraverseSlot (PK11SlotInfo *slot, void *arg)
SECStatus pk11_TraverseAllSlots (SECStatus(*callback)(PK11SlotInfo *, void *), void *arg, PRBool forceLogin, void *wincx)
CK_OBJECT_HANDLEPK11_FindObjectsFromNickname (char *nickname, PK11SlotInfo **slotptr, CK_OBJECT_CLASS objclass, int *returnCount, void *wincx)
SECItem * pk11_GetLowLevelKeyFromHandle (PK11SlotInfo *slot, CK_OBJECT_HANDLE handle)

Define Documentation

Definition at line 53 of file pk11obj.c.


Function Documentation

unsigned int pk11_AttrFlagsToAttributes ( PK11AttrFlags  attrFlags,
CK_ATTRIBUTE attrs,
CK_BBOOL ckTrue,
CK_BBOOL ckFalse 
)

Definition at line 473 of file pk11obj.c.

{
    const static CK_ATTRIBUTE_TYPE attrTypes[5] = {
       CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_SENSITIVE,
       CKA_EXTRACTABLE
    };

    const CK_ATTRIBUTE_TYPE *pType = attrTypes;
          CK_ATTRIBUTE      *attr  = attrs;
          PK11AttrFlags      test  = PK11_ATTR_TOKEN;

    PR_ASSERT(!pk11_BadAttrFlags(attrFlags));

    /* we test two related bitflags in each iteration */
    for (; attrFlags && test <= PK11_ATTR_EXTRACTABLE; test <<= 2, ++pType) {
       if (test & attrFlags) {
           attrFlags ^= test;
           PK11_SETATTRS(attr, *pType, ckTrue, sizeof *ckTrue); 
           ++attr;
       } else if ((test << 1) & attrFlags) {
           attrFlags ^= (test << 1);
           PK11_SETATTRS(attr, *pType, ckFalse, sizeof *ckFalse); 
           ++attr;
       }
    }
    return (attr - attrs);
}

Here is the call graph for this function:

static int pk11_backupGetSignLength ( SECKEYPrivateKey *  key) [static]

Definition at line 507 of file pk11obj.c.

{
    PK11SlotInfo *slot = key->pkcs11Slot;
    CK_MECHANISM mech = {0, NULL, 0 };
    PRBool owner = PR_TRUE;
    CK_SESSION_HANDLE session;
    CK_ULONG len;
    CK_RV crv;
    unsigned char h_data[20]  = { 0 };
    unsigned char buf[20]; /* obviously to small */
    CK_ULONG smallLen = sizeof(buf);

    mech.mechanism = PK11_MapSignKeyType(key->keyType);

    session = pk11_GetNewSession(slot,&owner);
    if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot);
    crv = PK11_GETTAB(slot)->C_SignInit(session,&mech,key->pkcs11ID);
    if (crv != CKR_OK) {
       if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
       pk11_CloseSession(slot,session,owner);
       PORT_SetError( PK11_MapError(crv) );
       return -1;
    }
    len = 0;
    crv = PK11_GETTAB(slot)->C_Sign(session,h_data,sizeof(h_data),
                                   NULL, &len);
    /* now call C_Sign with too small a buffer to clear the session state */
    (void) PK11_GETTAB(slot)->
                     C_Sign(session,h_data,sizeof(h_data),buf,&smallLen);
       
    if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
    pk11_CloseSession(slot,session,owner);
    if (crv != CKR_OK) {
       PORT_SetError( PK11_MapError(crv) );
       return -1;
    }
    return len;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 461 of file pk11obj.c.

{
    PK11AttrFlags trueFlags = attrFlags & 0x55555555;
    PK11AttrFlags falseFlags = (attrFlags >> 1) & 0x55555555;
    return ((trueFlags & falseFlags) != 0);
}
SECItem* PK11_BlockData ( SECItem *  data,
unsigned long  size 
)

Definition at line 59 of file pk11obj.c.

                                                 {
    SECItem *newData;

    newData = (SECItem *)PORT_Alloc(sizeof(SECItem));
    if (newData == NULL) return NULL;

    newData->len = (data->len + (size-1))/size;
    newData->len *= size;

    newData->data = (unsigned char *) PORT_ZAlloc(newData->len); 
    if (newData->data == NULL) {
       PORT_Free(newData);
       return NULL;
    }
    PORT_Memset(newData->data,newData->len-data->len,newData->len); 
    PORT_Memcpy(newData->data,data->data,data->len);
    return newData;
}

Here is the call graph for this function:

void pk11_CloseSession ( PK11SlotInfo *  slot,
CK_SESSION_HANDLE  session,
PRBool  owner 
)

Definition at line 380 of file pk11obj.c.

{
    if (!owner) return;
    if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);
    (void) PK11_GETTAB(slot)->C_CloseSession(session);
    if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
}

Here is the call graph for this function:

CK_OBJECT_HANDLE PK11_CopyKey ( PK11SlotInfo *  slot,
CK_OBJECT_HANDLE  srcObject 
)

Definition at line 595 of file pk11obj.c.

{
    CK_OBJECT_HANDLE destObject;
    CK_RV crv;

    PK11_EnterSlotMonitor(slot);
    crv = PK11_GETTAB(slot)->C_CopyObject(slot->session,srcObject,NULL,0,
                            &destObject);
    PK11_ExitSlotMonitor(slot);
    if (crv == CKR_OK) return destObject;
    PORT_SetError( PK11_MapError(crv) );
    return CK_INVALID_HANDLE;
}

Here is the call graph for this function:

SECStatus PK11_CreateNewObject ( PK11SlotInfo *  slot,
CK_SESSION_HANDLE  session,
CK_ATTRIBUTE theTemplate,
int  count,
PRBool  token,
CK_OBJECT_HANDLE objectID 
)

Definition at line 390 of file pk11obj.c.

{
       CK_SESSION_HANDLE rwsession;
       CK_RV crv;
       SECStatus rv = SECSuccess;

       rwsession = session;
       if (token) {
           rwsession =  PK11_GetRWSession(slot);
       } else if (rwsession == CK_INVALID_SESSION) {
           rwsession =  slot->session;
           if (rwsession != CK_INVALID_SESSION)
              PK11_EnterSlotMonitor(slot);
       }
       if (rwsession == CK_INVALID_SESSION) {
           PORT_SetError(SEC_ERROR_BAD_DATA);
           return SECFailure;
       }
       crv = PK11_GETTAB(slot)->C_CreateObject(rwsession, theTemplate,
                                                 count,objectID);
       if(crv != CKR_OK) {
           PORT_SetError( PK11_MapError(crv) );
           rv = SECFailure;
       }
       if (token) {
           PK11_RestoreROSession(slot, rwsession);
       } else if (session == CK_INVALID_SESSION) {
           PK11_ExitSlotMonitor(slot);
        }

       return rv;
}

Here is the call graph for this function:

SECStatus PK11_DestroyGenericObject ( PK11GenericObject *  object)

Definition at line 1269 of file pk11obj.c.

{
    if (object == NULL) {
       return SECSuccess;
    }

    PK11_UnlinkGenericObject(object);
    if (object->slot) {
       PK11_FreeSlot(object->slot);
    }
    PORT_Free(object);
    return SECSuccess;
}

Here is the call graph for this function:

SECStatus PK11_DestroyGenericObjects ( PK11GenericObject *  objects)

Definition at line 1289 of file pk11obj.c.

{
    PK11GenericObject *nextObject;
    PK11GenericObject *prevObject = objects->prev;
 
    if (objects == NULL) {
       return SECSuccess;
    }

    nextObject = objects->next;
    prevObject = objects->prev;

    /* delete all the objects after it in the list */
    for (; objects;  objects = nextObject) {
       nextObject = objects->next;
       PK11_DestroyGenericObject(objects);
    }
    /* delete all the objects before it in the list */
    for (objects = prevObject; objects;  objects = nextObject) {
       prevObject = objects->prev;
       PK11_DestroyGenericObject(objects);
    }
    return SECSuccess;
}

Here is the call graph for this function:

SECStatus PK11_DestroyObject ( PK11SlotInfo *  slot,
CK_OBJECT_HANDLE  object 
)

Definition at line 80 of file pk11obj.c.

                                                               {
    CK_RV crv;

    PK11_EnterSlotMonitor(slot);
    crv = PK11_GETTAB(slot)->C_DestroyObject(slot->session,object);
    PK11_ExitSlotMonitor(slot);
    if (crv != CKR_OK) {
       return SECFailure;
    }
    return SECSuccess;
}

Here is the call graph for this function:

SECStatus PK11_DestroyTokenObject ( PK11SlotInfo *  slot,
CK_OBJECT_HANDLE  object 
)

Definition at line 93 of file pk11obj.c.

                                                                    {
    CK_RV crv;
    SECStatus rv = SECSuccess;
    CK_SESSION_HANDLE rwsession;

    
    rwsession = PK11_GetRWSession(slot);
    if (rwsession == CK_INVALID_SESSION) {
       PORT_SetError(SEC_ERROR_BAD_DATA);
       return SECFailure;
    }

    crv = PK11_GETTAB(slot)->C_DestroyObject(rwsession,object);
    if (crv != CKR_OK) {
       rv = SECFailure;
       PORT_SetError(PK11_MapError(crv));
    }
    PK11_RestoreROSession(slot,rwsession);
    return rv;
}

Here is the call graph for this function:

PRBool pk11_FindAttrInTemplate ( CK_ATTRIBUTE attr,
unsigned int  numAttrs,
CK_ATTRIBUTE_TYPE  target 
)

Definition at line 610 of file pk11obj.c.

{
    for (; numAttrs > 0; ++attr, --numAttrs) {
       if (attr->type == target)
           return PR_TRUE;
    }
    return PR_FALSE;
}
PK11GenericObject* PK11_FindGenericObjects ( PK11SlotInfo *  slot,
CK_OBJECT_CLASS  objClass 
)

Definition at line 1169 of file pk11obj.c.

{
    CK_ATTRIBUTE template[1];
    CK_ATTRIBUTE *attrs = template;
    CK_OBJECT_HANDLE *objectIDs = NULL;
    PK11GenericObject *lastObj = NULL, *obj;
    PK11GenericObject *firstObj = NULL;
    int i, count = 0;


    PK11_SETATTRS(attrs, CKA_CLASS, &objClass, sizeof(objClass)); attrs++;

    objectIDs = pk11_FindObjectsByTemplate(slot,template,1,&count);
    if (objectIDs == NULL) {
       return NULL;
    }

    /* where we connect our object once we've created it.. */
    for (i=0; i < count; i++) {
       obj = PORT_New(PK11GenericObject);
       if ( !obj ) {
           PK11_DestroyGenericObjects(firstObj);
           PORT_Free(objectIDs);
           return NULL;
       }
       /* initialize it */  
       obj->slot = PK11_ReferenceSlot(slot);
       obj->objectID = objectIDs[i];
       obj->next = NULL;
       obj->prev = NULL;

       /* link it in */
       if (firstObj == NULL) {
           firstObj = obj;
       } else {
           PK11_LinkGenericObject(lastObj, obj);
       }
       lastObj = obj;
    }
    PORT_Free(objectIDs);
    return firstObj;
}

Here is the call graph for this function:

CK_OBJECT_HANDLE pk11_FindObjectByTemplate ( PK11SlotInfo *  slot,
CK_ATTRIBUTE theTemplate,
int  tsize 
)

Definition at line 1356 of file pk11obj.c.

{
    CK_OBJECT_HANDLE object;
    CK_RV crv;
    CK_ULONG objectCount;

    /*
     * issue the find
     */
    PK11_EnterSlotMonitor(slot);
    crv=PK11_GETTAB(slot)->C_FindObjectsInit(slot->session, theTemplate, tsize);
    if (crv != CKR_OK) {
        PK11_ExitSlotMonitor(slot);
       PORT_SetError( PK11_MapError(crv) );
       return CK_INVALID_HANDLE;
    }

    crv=PK11_GETTAB(slot)->C_FindObjects(slot->session,&object,1,&objectCount);
    PK11_GETTAB(slot)->C_FindObjectsFinal(slot->session);
    PK11_ExitSlotMonitor(slot);
    if ((crv != CKR_OK) || (objectCount < 1)) {
       /* shouldn't use SSL_ERROR... here */
       PORT_SetError( crv != CKR_OK ? PK11_MapError(crv) :
                                            SSL_ERROR_NO_CERTIFICATE);
       return CK_INVALID_HANDLE;
    }

    /* blow up if the PKCS #11 module returns us and invalid object handle */
    PORT_Assert(object != CK_INVALID_HANDLE);
    return object;
} 

Here is the call graph for this function:

CK_OBJECT_HANDLE* pk11_FindObjectsByTemplate ( PK11SlotInfo *  slot,
CK_ATTRIBUTE findTemplate,
int  findCount,
int object_count 
)

Definition at line 1392 of file pk11obj.c.

                                                                          {
    CK_OBJECT_HANDLE *objID = NULL;
    CK_ULONG returned_count = 0;
    CK_RV crv;


    PK11_EnterSlotMonitor(slot);
    crv = PK11_GETTAB(slot)->C_FindObjectsInit(slot->session, findTemplate, 
                                                        findCount);
    if (crv != CKR_OK) {
       PK11_ExitSlotMonitor(slot);
       PORT_SetError( PK11_MapError(crv) );
       *object_count = -1;
       return NULL;
    }


    /*
     * collect all the Matching Objects
     */
    do {
       CK_OBJECT_HANDLE *oldObjID = objID;

       if (objID == NULL) {
           objID = (CK_OBJECT_HANDLE *) PORT_Alloc(sizeof(CK_OBJECT_HANDLE)*
                            (*object_count+ PK11_SEARCH_CHUNKSIZE));
       } else {
           objID = (CK_OBJECT_HANDLE *) PORT_Realloc(objID,
              sizeof(CK_OBJECT_HANDLE)*(*object_count+PK11_SEARCH_CHUNKSIZE));
       }

       if (objID == NULL) {
           if (oldObjID) PORT_Free(oldObjID);
           break;
       }
       crv = PK11_GETTAB(slot)->C_FindObjects(slot->session,
              &objID[*object_count],PK11_SEARCH_CHUNKSIZE,&returned_count);
       if (crv != CKR_OK) {
           PORT_SetError( PK11_MapError(crv) );
           PORT_Free(objID);
           objID = NULL;
           break;
       }
       *object_count += returned_count;
    } while (returned_count == PK11_SEARCH_CHUNKSIZE);

    PK11_GETTAB(slot)->C_FindObjectsFinal(slot->session);
    PK11_ExitSlotMonitor(slot);

    if (objID && (*object_count == 0)) {
       PORT_Free(objID);
       return NULL;
    }
    if (objID == NULL) *object_count = -1;
    return objID;
}

Here is the call graph for this function:

CK_OBJECT_HANDLE* PK11_FindObjectsFromNickname ( char *  nickname,
PK11SlotInfo **  slotptr,
CK_OBJECT_CLASS  objclass,
int returnCount,
void wincx 
)

Definition at line 1603 of file pk11obj.c.

{
    char *tokenName;
    char *delimit;
    PK11SlotInfo *slot;
    CK_OBJECT_HANDLE *objID;
    CK_ATTRIBUTE findTemplate[] = {
        { CKA_LABEL, NULL, 0},
        { CKA_CLASS, NULL, 0},
    };
    int findCount = sizeof(findTemplate)/sizeof(findTemplate[0]);
    SECStatus rv;
    PK11_SETATTRS(&findTemplate[1], CKA_CLASS, &objclass, sizeof(objclass));

    *slotptr = slot = NULL;
    *returnCount = 0;
    /* first find the slot associated with this nickname */
    if ((delimit = PORT_Strchr(nickname,':')) != NULL) {
       int len = delimit - nickname;
       tokenName = (char*)PORT_Alloc(len+1);
       PORT_Memcpy(tokenName,nickname,len);
       tokenName[len] = 0;

        slot = *slotptr = PK11_FindSlotByName(tokenName);
        PORT_Free(tokenName);
       /* if we couldn't find a slot, assume the nickname is an internal cert
        * with no proceding slot name */
       if (slot == NULL) {
              slot = *slotptr = PK11_GetInternalKeySlot();
       } else {
              nickname = delimit+1;
       }
    } else {
       *slotptr = slot = PK11_GetInternalKeySlot();
    }
    if (slot == NULL) {
        return CK_INVALID_HANDLE;
    }

    rv = pk11_AuthenticateUnfriendly(slot, PR_TRUE, wincx);
    if (rv != SECSuccess) {
       PK11_FreeSlot(slot);
       *slotptr = NULL;
       return CK_INVALID_HANDLE;
    }

    findTemplate[0].pValue = nickname;
    findTemplate[0].ulValueLen = PORT_Strlen(nickname);
    objID = pk11_FindObjectsByTemplate(slot,findTemplate,findCount,returnCount);
    if (objID == NULL) {
       /* PKCS #11 isn't clear on whether or not the NULL is
        * stored in the template.... try the find again with the
        * full null terminated string. */
       findTemplate[0].ulValueLen += 1;
        objID = pk11_FindObjectsByTemplate(slot,findTemplate,findCount,
                                                        returnCount);
       if (objID == NULL) {
           /* Well that's the best we can do. It's just not here */
           /* what about faked nicknames? */
           PK11_FreeSlot(slot);
           *slotptr = NULL;
           *returnCount = 0;
       }
    }

    return objID;
}

Here is the call graph for this function:

CK_RV PK11_GetAttributes ( PRArenaPool arena,
PK11SlotInfo *  slot,
CK_OBJECT_HANDLE  obj,
CK_ATTRIBUTE attr,
int  count 
)

Definition at line 210 of file pk11obj.c.

{
    int i;
    /* make pedantic happy... note that it's only used arena != NULL */ 
    void *mark = NULL; 
    CK_RV crv;
    PORT_Assert(slot->session != CK_INVALID_SESSION);
    if (slot->session == CK_INVALID_SESSION)
       return CKR_SESSION_HANDLE_INVALID;

    /*
     * first get all the lengths of the parameters.
     */
    PK11_EnterSlotMonitor(slot);
    crv = PK11_GETTAB(slot)->C_GetAttributeValue(slot->session,obj,attr,count);
    if (crv != CKR_OK) {
       PK11_ExitSlotMonitor(slot);
       return crv;
    }

    if (arena) {
       mark = PORT_ArenaMark(arena);
       if (mark == NULL) return CKR_HOST_MEMORY;
    }

    /*
     * now allocate space to store the results.
     */
    for (i=0; i < count; i++) {
       if (arena) {
           attr[i].pValue = PORT_ArenaAlloc(arena,attr[i].ulValueLen);
           if (attr[i].pValue == NULL) {
              /* arena failures, just release the mark */
              PORT_ArenaRelease(arena,mark);
              PK11_ExitSlotMonitor(slot);
              return CKR_HOST_MEMORY;
           }
       } else {
           attr[i].pValue = PORT_Alloc(attr[i].ulValueLen);
           if (attr[i].pValue == NULL) {
              /* Separate malloc failures, loop to release what we have 
               * so far */
              int j;
              for (j= 0; j < i; j++) { 
                  PORT_Free(attr[j].pValue);
                  /* don't give the caller pointers to freed memory */
                  attr[j].pValue = NULL; 
              }
              PK11_ExitSlotMonitor(slot);
              return CKR_HOST_MEMORY;
           }
       }
    }

    /*
     * finally get the results.
     */
    crv = PK11_GETTAB(slot)->C_GetAttributeValue(slot->session,obj,attr,count);
    PK11_ExitSlotMonitor(slot);
    if (crv != CKR_OK) {
       if (arena) {
           PORT_ArenaRelease(arena,mark);
       } else {
           for (i= 0; i < count; i++) {
              PORT_Free(attr[i].pValue);
              /* don't give the caller pointers to freed memory */
              attr[i].pValue = NULL;
           }
       }
    } else if (arena && mark) {
       PORT_ArenaUnmark(arena,mark);
    }
    return crv;
}

Here is the call graph for this function:

SECItem* pk11_GetLowLevelKeyFromHandle ( PK11SlotInfo *  slot,
CK_OBJECT_HANDLE  handle 
)

Definition at line 1673 of file pk11obj.c.

{
    CK_ATTRIBUTE theTemplate[] = {
       { CKA_ID, NULL, 0 },
    };
    int tsize = sizeof(theTemplate)/sizeof(theTemplate[0]);
    CK_RV crv;
    SECItem *item;

    item = SECITEM_AllocItem(NULL, NULL, 0);

    if (item == NULL) {
       return NULL;
    }

    crv = PK11_GetAttributes(NULL,slot,handle,theTemplate,tsize);
    if (crv != CKR_OK) {
       SECITEM_FreeItem(item,PR_TRUE);
       PORT_SetError( PK11_MapError(crv) );
       return NULL;
    }

    item->data = (unsigned char*) theTemplate[0].pValue;
    item->len =theTemplate[0].ulValueLen;

    return item;
}

Here is the call graph for this function:

CK_SESSION_HANDLE pk11_GetNewSession ( PK11SlotInfo *  slot,
PRBool owner 
)

Definition at line 364 of file pk11obj.c.

{
    CK_SESSION_HANDLE session;
    *owner =  PR_TRUE;
    if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);
    if ( PK11_GETTAB(slot)->C_OpenSession(slot->slotID,CKF_SERIAL_SESSION, 
                     slot,pk11_notify,&session) != CKR_OK) {
       *owner = PR_FALSE;
       session = slot->session;
    }
    if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);

    return session;
}

Here is the call graph for this function:

PK11GenericObject* PK11_GetNextGenericObject ( PK11GenericObject *  object)

Definition at line 1216 of file pk11obj.c.

{
    return object->next;
}
char* PK11_GetObjectNickname ( PK11SlotInfo *  slot,
CK_OBJECT_HANDLE  id 
)

Definition at line 293 of file pk11obj.c.

{
    char *nickname = NULL;
    SECItem result;
    SECStatus rv;

    rv = PK11_ReadAttribute(slot,id,CKA_LABEL,NULL,&result);
    if (rv != SECSuccess) {
       return NULL;
    }

    nickname = PORT_ZAlloc(result.len+1);
    if (nickname == NULL) {
       PORT_Free(result.data);
       return NULL;
    }
    PORT_Memcpy(nickname, result.data, result.len);
    PORT_Free(result.data);
    return nickname;
}

Here is the call graph for this function:

PK11GenericObject* PK11_GetPrevGenericObject ( PK11GenericObject *  object)

Definition at line 1222 of file pk11obj.c.

{
    return object->prev;
}
CK_BBOOL PK11_HasAttributeSet ( PK11SlotInfo *  slot,
CK_OBJECT_HANDLE  id,
CK_ATTRIBUTE_TYPE  type 
)

Definition at line 182 of file pk11obj.c.

{
    CK_BBOOL ckvalue = CK_FALSE;
    CK_ATTRIBUTE theTemplate;
    CK_RV crv;

    /* Prepare to retrieve the attribute. */
    PK11_SETATTRS( &theTemplate, type, &ckvalue, sizeof( CK_BBOOL ) );

    /* Retrieve attribute value. */
    PK11_EnterSlotMonitor(slot);
    crv = PK11_GETTAB( slot )->C_GetAttributeValue( slot->session, id,
                                                    &theTemplate, 1 );
    PK11_ExitSlotMonitor(slot);
    if( crv != CKR_OK ) {
        PORT_SetError( PK11_MapError( crv ) );
        return CK_FALSE;
    }

    return ckvalue;
}

Here is the call graph for this function:

PRBool PK11_IsPermObject ( PK11SlotInfo *  slot,
CK_OBJECT_HANDLE  handle 
)

Definition at line 287 of file pk11obj.c.

Here is the call graph for this function:

SECStatus PK11_LinkGenericObject ( PK11GenericObject *  list,
PK11GenericObject *  object 
)

Definition at line 1232 of file pk11obj.c.

{
    PK11_UnlinkGenericObject(object);
    object->prev = list;
    object->next = list->next;
    list->next = object;
    if (object->next != NULL) {
       object->next->prev = object;
    }
   return SECSuccess;
}

Here is the call graph for this function:

CK_OBJECT_HANDLE PK11_MatchItem ( PK11SlotInfo *  slot,
CK_OBJECT_HANDLE  searchID,
CK_OBJECT_CLASS  matchclass 
)

Definition at line 1454 of file pk11obj.c.

{
    CK_ATTRIBUTE theTemplate[] = {
       { CKA_ID, NULL, 0 },
       { CKA_CLASS, NULL, 0 }
    };
    /* if you change the array, change the variable below as well */
    CK_ATTRIBUTE *keyclass = &theTemplate[1];
    int tsize = sizeof(theTemplate)/sizeof(theTemplate[0]);
    /* if you change the array, change the variable below as well */
    CK_OBJECT_HANDLE peerID;
    CK_OBJECT_HANDLE parent;
    PRArenaPool *arena;
    CK_RV crv;

    /* now we need to create space for the public key */
    arena = PORT_NewArena( DER_DEFAULT_CHUNKSIZE);
    if (arena == NULL) return CK_INVALID_HANDLE;

    crv = PK11_GetAttributes(arena,slot,searchID,theTemplate,tsize);
    if (crv != CKR_OK) {
       PORT_FreeArena(arena,PR_FALSE);
       PORT_SetError( PK11_MapError(crv) );
       return CK_INVALID_HANDLE;
    }

    if ((theTemplate[0].ulValueLen == 0) || (theTemplate[0].ulValueLen == -1)) {
       PORT_FreeArena(arena,PR_FALSE);
       PORT_SetError(SEC_ERROR_BAD_KEY);
       return CK_INVALID_HANDLE;
     }
       
       

    /*
     * issue the find
     */
    parent = *(CK_OBJECT_CLASS *)(keyclass->pValue);
    *(CK_OBJECT_CLASS *)(keyclass->pValue) = matchclass;

    peerID = pk11_FindObjectByTemplate(slot,theTemplate,tsize);
    PORT_FreeArena(arena,PR_FALSE);

    return peerID;
}

Here is the call graph for this function:

int PK11_NumberObjectsFor ( PK11SlotInfo *  slot,
CK_ATTRIBUTE findTemplate,
int  templateCount 
)

Definition at line 1505 of file pk11obj.c.

{
    CK_OBJECT_HANDLE objID[PK11_SEARCH_CHUNKSIZE];
    int object_count = 0;
    CK_ULONG returned_count = 0;
    CK_RV crv;

    PK11_EnterSlotMonitor(slot);
    crv = PK11_GETTAB(slot)->C_FindObjectsInit(slot->session,
                                   findTemplate, templateCount);
    if (crv != CKR_OK) {
        PK11_ExitSlotMonitor(slot);
       PORT_SetError( PK11_MapError(crv) );
       return 0;
    }

    /*
     * collect all the Matching Objects
     */
    do {
       crv = PK11_GETTAB(slot)->C_FindObjects(slot->session,
                            objID,PK11_SEARCH_CHUNKSIZE,&returned_count);
       if (crv != CKR_OK) {
           PORT_SetError( PK11_MapError(crv) );
           break;
       }
       object_count += returned_count;
    } while (returned_count == PK11_SEARCH_CHUNKSIZE);

    PK11_GETTAB(slot)->C_FindObjectsFinal(slot->session);
    PK11_ExitSlotMonitor(slot);
    return object_count;
}

Here is the call graph for this function:

unsigned int pk11_OpFlagsToAttributes ( CK_FLAGS  flags,
CK_ATTRIBUTE attrs,
CK_BBOOL ckTrue 
)

Definition at line 428 of file pk11obj.c.

{

    const static CK_ATTRIBUTE_TYPE attrTypes[12] = {
       CKA_ENCRYPT,      CKA_DECRYPT, 0 /* DIGEST */,     CKA_SIGN,
       CKA_SIGN_RECOVER, CKA_VERIFY,  CKA_VERIFY_RECOVER, 0 /* GEN */,
       0 /* GEN PAIR */, CKA_WRAP,    CKA_UNWRAP,         CKA_DERIVE 
    };

    const CK_ATTRIBUTE_TYPE *pType = attrTypes;
          CK_ATTRIBUTE      *attr  = attrs;
          CK_FLAGS          test   = CKF_ENCRYPT;


    PR_ASSERT(!(flags & ~CKF_KEY_OPERATION_FLAGS));
    flags &= CKF_KEY_OPERATION_FLAGS;

    for (; flags && test <= CKF_DERIVE; test <<= 1, ++pType) {
       if (test & flags) {
           flags ^= test;
           PR_ASSERT(*pType);
           PK11_SETATTRS(attr, *pType, ckTrue, sizeof *ckTrue); 
           ++attr;
       }
    }
    return (attr - attrs);
}
SECStatus PK11_PrivDecryptPKCS1 ( SECKEYPrivateKey *  key,
unsigned char *  data,
unsigned *  outLen,
unsigned int  maxLen,
unsigned char *  enc,
unsigned  encLen 
)

Definition at line 837 of file pk11obj.c.

{
    CK_MECHANISM mech = {CKM_RSA_PKCS, NULL, 0 };
    return pk11_PrivDecryptRaw(key, data, outLen, maxLen, enc, encLen, &mech);
}

Here is the call graph for this function:

static SECStatus pk11_PrivDecryptRaw ( SECKEYPrivateKey *  key,
unsigned char *  data,
unsigned *  outLen,
unsigned int  maxLen,
unsigned char *  enc,
unsigned  encLen,
CK_MECHANISM_PTR  mech 
) [static]

Definition at line 785 of file pk11obj.c.

{
    PK11SlotInfo *slot = key->pkcs11Slot;
    CK_ULONG out = maxLen;
    PRBool owner = PR_TRUE;
    CK_SESSION_HANDLE session;
    CK_RV crv;

    if (key->keyType != rsaKey) {
       PORT_SetError( SEC_ERROR_INVALID_KEY );
       return SECFailure;
    }

    /* Why do we do a PK11_handle check here? for simple
     * decryption? .. because the user may have asked for 'ask always'
     * and this is a private key operation. In practice, thought, it's mute
     * since only servers wind up using this function */
    if (SECKEY_HAS_ATTRIBUTE_SET(key,CKA_PRIVATE)) {
       PK11_HandlePasswordCheck(slot, key->wincx);
    }
    session = pk11_GetNewSession(slot,&owner);
    if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot);
    crv = PK11_GETTAB(slot)->C_DecryptInit(session, mech, key->pkcs11ID);
    if (crv != CKR_OK) {
       if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
       pk11_CloseSession(slot,session,owner);
       PORT_SetError( PK11_MapError(crv) );
       return SECFailure;
    }
    crv = PK11_GETTAB(slot)->C_Decrypt(session,enc, encLen, data, &out);
    if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
    pk11_CloseSession(slot,session,owner);
    *outLen = out;
    if (crv != CKR_OK) {
       PORT_SetError( PK11_MapError(crv) );
       return SECFailure;
    }
    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus PK11_PubDecryptRaw ( SECKEYPrivateKey *  key,
unsigned char *  data,
unsigned *  outLen,
unsigned int  maxLen,
unsigned char *  enc,
unsigned  encLen 
)

Definition at line 828 of file pk11obj.c.

{
    CK_MECHANISM mech = {CKM_RSA_X_509, NULL, 0 };
    return pk11_PrivDecryptRaw(key, data, outLen, maxLen, enc, encLen, &mech);
}

Here is the call graph for this function:

SECStatus PK11_PubEncryptPKCS1 ( SECKEYPublicKey *  key,
unsigned char *  enc,
unsigned char *  data,
unsigned  dataLen,
void wincx 
)

Definition at line 907 of file pk11obj.c.

{
    CK_MECHANISM mech = {CKM_RSA_PKCS, NULL, 0 };
    return pk11_PubEncryptRaw(key, enc, data, dataLen, &mech, wincx);
}

Here is the call graph for this function:

static SECStatus pk11_PubEncryptRaw ( SECKEYPublicKey *  key,
unsigned char *  enc,
unsigned char *  data,
unsigned  dataLen,
CK_MECHANISM_PTR  mech,
void wincx 
) [static]

Definition at line 846 of file pk11obj.c.

{
    PK11SlotInfo *slot;
    CK_OBJECT_HANDLE id;
    CK_ULONG out;
    PRBool owner = PR_TRUE;
    CK_SESSION_HANDLE session;
    CK_RV crv;

    if (!key || key->keyType != rsaKey) {
       PORT_SetError( SEC_ERROR_BAD_KEY );
       return SECFailure;
    }
    out = SECKEY_PublicKeyStrength(key);

    slot = PK11_GetBestSlot(mech->mechanism, wincx);
    if (slot == NULL) {
       PORT_SetError( SEC_ERROR_NO_MODULE );
       return SECFailure;
    }

    id = PK11_ImportPublicKey(slot,key,PR_FALSE);

    if (id == CK_INVALID_HANDLE) {
       PK11_FreeSlot(slot);
       PORT_SetError( SEC_ERROR_BAD_KEY );
       return SECFailure;
    }

    session = pk11_GetNewSession(slot,&owner);
    if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot);
    crv = PK11_GETTAB(slot)->C_EncryptInit(session, mech, id);
    if (crv != CKR_OK) {
       if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
       pk11_CloseSession(slot,session,owner);
       PK11_FreeSlot(slot);
       PORT_SetError( PK11_MapError(crv) );
       return SECFailure;
    }
    crv = PK11_GETTAB(slot)->C_Encrypt(session,data,dataLen,enc,&out);
    if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
    pk11_CloseSession(slot,session,owner);
    PK11_FreeSlot(slot);
    if (crv != CKR_OK) {
       PORT_SetError( PK11_MapError(crv) );
       return SECFailure;
    }
    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus PK11_PubEncryptRaw ( SECKEYPublicKey *  key,
unsigned char *  enc,
unsigned char *  data,
unsigned  dataLen,
void wincx 
)

Definition at line 899 of file pk11obj.c.

{
    CK_MECHANISM mech = {CKM_RSA_X_509, NULL, 0 };
    return pk11_PubEncryptRaw(key, enc, data, dataLen, &mech, wincx);
}

Here is the call graph for this function:

SECStatus PK11_ReadAttribute ( PK11SlotInfo *  slot,
CK_OBJECT_HANDLE  id,
CK_ATTRIBUTE_TYPE  type,
PRArenaPool arena,
SECItem *  result 
)

Definition at line 120 of file pk11obj.c.

                                                                     {
    CK_ATTRIBUTE attr = { 0, NULL, 0 };
    CK_RV crv;

    attr.type = type;

    PK11_EnterSlotMonitor(slot);
    crv = PK11_GETTAB(slot)->C_GetAttributeValue(slot->session,id,&attr,1);
    if (crv != CKR_OK) {
       PK11_ExitSlotMonitor(slot);
       PORT_SetError(PK11_MapError(crv));
       return SECFailure;
    }
    if (arena) {
       attr.pValue = PORT_ArenaAlloc(arena,attr.ulValueLen);
    } else {
       attr.pValue = PORT_Alloc(attr.ulValueLen);
    }
    if (attr.pValue == NULL) {
       PK11_ExitSlotMonitor(slot);
       return SECFailure;
    }
    crv = PK11_GETTAB(slot)->C_GetAttributeValue(slot->session,id,&attr,1);
    PK11_ExitSlotMonitor(slot);
    if (crv != CKR_OK) {
       PORT_SetError(PK11_MapError(crv));
       if (!arena) PORT_Free(attr.pValue);
       return SECFailure;
    }

    result->data = (unsigned char*)attr.pValue;
    result->len = attr.ulValueLen;

    return SECSuccess;
}

Here is the call graph for this function:

SECStatus PK11_ReadRawAttribute ( PK11ObjectType  objType,
void objSpec,
CK_ATTRIBUTE_TYPE  attrType,
SECItem *  item 
)

Definition at line 1316 of file pk11obj.c.

{
    PK11SlotInfo *slot = NULL;
    CK_OBJECT_HANDLE handle;

    switch (objType) {
    case PK11_TypeGeneric:
       slot = ((PK11GenericObject *)objSpec)->slot;
       handle = ((PK11GenericObject *)objSpec)->objectID;
       break;
    case PK11_TypePrivKey:
       slot = ((SECKEYPrivateKey *)objSpec)->pkcs11Slot;
       handle = ((SECKEYPrivateKey *)objSpec)->pkcs11ID;
       break;
    case PK11_TypePubKey:
       slot = ((SECKEYPublicKey *)objSpec)->pkcs11Slot;
       handle = ((SECKEYPublicKey *)objSpec)->pkcs11ID;
       break;
    case PK11_TypeSymKey:
       slot = ((PK11SymKey *)objSpec)->slot;
       handle = ((PK11SymKey *)objSpec)->objectID;
       break;
    case PK11_TypeCert: /* don't handle cert case for now */
    default:
       break;
    }
    if (slot == NULL) {
       PORT_SetError(SEC_ERROR_UNKNOWN_OBJECT_TYPE);
       return SECFailure;
    }

    return PK11_ReadAttribute(slot, handle, attrType, NULL, item);
}

Here is the call graph for this function:

CK_ULONG PK11_ReadULongAttribute ( PK11SlotInfo *  slot,
CK_OBJECT_HANDLE  id,
CK_ATTRIBUTE_TYPE  type 
)

Definition at line 161 of file pk11obj.c.

                                {
    CK_ATTRIBUTE attr;
    CK_ULONG value = CK_UNAVAILABLE_INFORMATION;
    CK_RV crv;

    PK11_SETATTRS(&attr,type,&value,sizeof(value));

    PK11_EnterSlotMonitor(slot);
    crv = PK11_GETTAB(slot)->C_GetAttributeValue(slot->session,id,&attr,1);
    PK11_ExitSlotMonitor(slot);
    if (crv != CKR_OK) {
       PORT_SetError(PK11_MapError(crv));
    }
    return value;
}

Here is the call graph for this function:

SECStatus PK11_SetObjectNickname ( PK11SlotInfo *  slot,
CK_OBJECT_HANDLE  id,
const char *  nickname 
)

Definition at line 315 of file pk11obj.c.

{
    int len = PORT_Strlen(nickname);
    CK_ATTRIBUTE setTemplate;
    CK_RV crv;
    CK_SESSION_HANDLE rwsession;

    if (len < 0) {
       return SECFailure;
    }

    PK11_SETATTRS(&setTemplate, CKA_LABEL, (CK_CHAR *) nickname, len);
    rwsession = PK11_GetRWSession(slot);
    if (rwsession == CK_INVALID_SESSION) {
       PORT_SetError(SEC_ERROR_BAD_DATA);
       return SECFailure;
    }
    crv = PK11_GETTAB(slot)->C_SetAttributeValue(rwsession, id,
                     &setTemplate, 1);
    PK11_RestoreROSession(slot, rwsession);
    if (crv != CKR_OK) {
       PORT_SetError(PK11_MapError(crv));
       return SECFailure;
    }
    return SECSuccess;
}

Here is the call graph for this function:

SECStatus PK11_Sign ( SECKEYPrivateKey *  key,
SECItem *  sig,
SECItem *  hash 
)

Definition at line 740 of file pk11obj.c.

{
    PK11SlotInfo *slot = key->pkcs11Slot;
    CK_MECHANISM mech = {0, NULL, 0 };
    PRBool owner = PR_TRUE;
    CK_SESSION_HANDLE session;
    CK_ULONG len;
    CK_RV crv;

    mech.mechanism = PK11_MapSignKeyType(key->keyType);

    if (SECKEY_HAS_ATTRIBUTE_SET(key,CKA_PRIVATE)) {
       PK11_HandlePasswordCheck(slot, key->wincx);
    }

    session = pk11_GetNewSession(slot,&owner);
    if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot);
    crv = PK11_GETTAB(slot)->C_SignInit(session,&mech,key->pkcs11ID);
    if (crv != CKR_OK) {
       if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
       pk11_CloseSession(slot,session,owner);
       PORT_SetError( PK11_MapError(crv) );
       return SECFailure;
    }
    len = sig->len;
    crv = PK11_GETTAB(slot)->C_Sign(session,hash->data,
                                   hash->len, sig->data, &len);
    if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
    pk11_CloseSession(slot,session,owner);
    sig->len = len;
    if (crv != CKR_OK) {
       PORT_SetError( PK11_MapError(crv) );
       return SECFailure;
    }
    return SECSuccess;
}

Here is the call graph for this function:

int PK11_SignatureLen ( SECKEYPrivateKey *  key)

Definition at line 550 of file pk11obj.c.

{
    int val;
    CK_ATTRIBUTE theTemplate = { CKA_EC_PARAMS, NULL, 0 };
    SECItem params = {siBuffer, NULL, 0};
    int length; 

    switch (key->keyType) {
    case rsaKey:
       val = PK11_GetPrivateModulusLen(key);
       if (val == -1) {
           return pk11_backupGetSignLength(key);
       }
       return (unsigned long) val;
       
    case fortezzaKey:
    case dsaKey:
       return 40;
    case ecKey:
       if (PK11_GetAttributes(NULL, key->pkcs11Slot, key->pkcs11ID,
                            &theTemplate, 1) == CKR_OK) {
           if (theTemplate.pValue != NULL) {
               params.len = theTemplate.ulValueLen;
              params.data = (unsigned char *) theTemplate.pValue;
               length = SECKEY_ECParamsToBasePointOrderLen(&params);
               PORT_Free(theTemplate.pValue);
              if (length == 0) {
                  return pk11_backupGetSignLength(key);
              }
              length = ((length + 7)/8) * 2;
              return length;
           }
       }
       break;
    default:
       break;
    }
    PORT_SetError( SEC_ERROR_INVALID_KEY );
    return 0;
}

Here is the call graph for this function:

Definition at line 347 of file pk11obj.c.

                                            {
    char *ptr = (char *)attrib->pValue;
    unsigned long len = attrib->ulValueLen;

    while (len && (*ptr == 0)) {
       len--;
       ptr++;
    }
    attrib->pValue = ptr;
    attrib->ulValueLen = len;
}

Here is the call graph for this function:

SECStatus pk11_TraverseAllSlots ( SECStatus(*)(PK11SlotInfo *, void *)  callback,
void arg,
PRBool  forceLogin,
void wincx 
)

Definition at line 1574 of file pk11obj.c.

                                                                       {
    PK11SlotList *list;
    PK11SlotListElement *le;
    SECStatus rv;

    /* get them all! */
    list = PK11_GetAllTokens(CKM_INVALID_MECHANISM,PR_FALSE,PR_FALSE,wincx);
    if (list == NULL) return SECFailure;

    /* look at each slot and authenticate as necessary */
    for (le = list->head ; le; le = le->next) {
       if (forceLogin) {
           rv = pk11_AuthenticateUnfriendly(le->slot, PR_FALSE, wincx);
           if (rv != SECSuccess) {
              continue;
           }
       }
       if (callback) {
           (*callback)(le->slot,arg);
       }
    }

    PK11_FreeSlotList(list);

    return SECSuccess;
}

Here is the call graph for this function:

SECStatus PK11_TraverseSlot ( PK11SlotInfo *  slot,
void arg 
)

Definition at line 1544 of file pk11obj.c.

{
    int i;
    CK_OBJECT_HANDLE *objID = NULL;
    int object_count = 0;
    pk11TraverseSlot *slotcb = (pk11TraverseSlot*) arg;

    objID = pk11_FindObjectsByTemplate(slot,slotcb->findTemplate,
              slotcb->templateCount,&object_count);

    /*Actually this isn't a failure... there just were no objs to be found*/
    if (object_count == 0) {
       return SECSuccess;
    }

    if (objID == NULL) {
       return SECFailure;
    }

    for (i=0; i < object_count; i++) {
       (*slotcb->callback)(slot,objID[i],slotcb->callbackArg);
    }
    PORT_Free(objID);
    return SECSuccess;
}

Here is the call graph for this function:

SECStatus PK11_UnlinkGenericObject ( PK11GenericObject *  object)

Definition at line 1249 of file pk11obj.c.

{
    if (object->prev != NULL) {
       object->prev->next = object->next;
    }
    if (object->next != NULL) {
       object->next->prev = object->prev;
    }

    object->next = NULL;
    object->prev = NULL;
    return SECSuccess;
}
SECKEYPrivateKey* PK11_UnwrapPrivKey ( PK11SlotInfo *  slot,
PK11SymKey *  wrappingKey,
CK_MECHANISM_TYPE  wrapType,
SECItem *  param,
SECItem *  wrappedKey,
SECItem *  label,
SECItem *  idValue,
PRBool  perm,
PRBool  sensitive,
CK_KEY_TYPE  keyType,
CK_ATTRIBUTE_TYPE usage,
int  usageCount,
void wincx 
)

Definition at line 915 of file pk11obj.c.

{
    CK_BBOOL cktrue = CK_TRUE;
    CK_BBOOL ckfalse = CK_FALSE;
    CK_OBJECT_CLASS keyClass = CKO_PRIVATE_KEY;
    CK_ATTRIBUTE keyTemplate[15] ;
    int templateCount = 0;
    CK_OBJECT_HANDLE privKeyID;
    CK_MECHANISM mechanism;
    CK_ATTRIBUTE *attrs = keyTemplate;
    SECItem *param_free = NULL, *ck_id;
    CK_RV crv;
    CK_SESSION_HANDLE rwsession;
    PK11SymKey *newKey = NULL;
    int i;

    if(!slot || !wrappedKey || !idValue) {
       /* SET AN ERROR!!! */
       return NULL;
    }

    ck_id = PK11_MakeIDFromPubKey(idValue);
    if(!ck_id) {
       return NULL;
    }

    PK11_SETATTRS(attrs, CKA_TOKEN, perm ? &cktrue : &ckfalse,
                                    sizeof(cktrue)); attrs++;
    PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass)); attrs++;
    PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType)); attrs++;
    PK11_SETATTRS(attrs, CKA_PRIVATE, sensitive ? &cktrue : &ckfalse,
                                    sizeof(cktrue)); attrs++;
    PK11_SETATTRS(attrs, CKA_SENSITIVE, sensitive ? &cktrue : &ckfalse,
                                   sizeof(cktrue)); attrs++;
    PK11_SETATTRS(attrs, CKA_LABEL, label->data, label->len); attrs++;
    PK11_SETATTRS(attrs, CKA_ID, ck_id->data, ck_id->len); attrs++;
    for (i=0; i < usageCount; i++) {
       PK11_SETATTRS(attrs, usage[i], &cktrue, sizeof(cktrue)); attrs++;
    }

    if (PK11_IsInternal(slot)) {
       PK11_SETATTRS(attrs, CKA_NETSCAPE_DB, idValue->data, 
                    idValue->len); attrs++;
    }

    templateCount = attrs - keyTemplate;
    PR_ASSERT(templateCount <= (sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE)) );

    mechanism.mechanism = wrapType;
    if(!param) param = param_free= PK11_ParamFromIV(wrapType, NULL);
    if(param) {
       mechanism.pParameter = param->data;
       mechanism.ulParameterLen = param->len;
    } else {
       mechanism.pParameter = NULL;
       mechanism.ulParameterLen = 0;
    }

    if (wrappingKey->slot != slot) {
       newKey = pk11_CopyToSlot(slot,wrapType,CKA_WRAP,wrappingKey);
    } else {
       newKey = PK11_ReferenceSymKey(wrappingKey);
    }

    if (newKey) {
       if (perm) {
           /* Get RW Session will either lock the monitor if necessary, 
            *  or return a thread safe session handle, or fail. */ 
           rwsession = PK11_GetRWSession(slot);
       } else {
           rwsession = slot->session;
           if (rwsession != CK_INVALID_SESSION) 
              PK11_EnterSlotMonitor(slot);
       }
       if (rwsession == CK_INVALID_SESSION) {
           PK11_FreeSymKey(newKey);
           PORT_SetError(SEC_ERROR_BAD_DATA);
           return NULL;
       }
       crv = PK11_GETTAB(slot)->C_UnwrapKey(rwsession, &mechanism, 
                                    newKey->objectID,
                                    wrappedKey->data, 
                                    wrappedKey->len, keyTemplate, 
                                    templateCount, &privKeyID);

       if (perm) {
           PK11_RestoreROSession(slot, rwsession);
       } else {
           PK11_ExitSlotMonitor(slot);
       }
       PK11_FreeSymKey(newKey);
    } else {
       crv = CKR_FUNCTION_NOT_SUPPORTED;
    }

    if(ck_id) {
       SECITEM_FreeItem(ck_id, PR_TRUE);
       ck_id = NULL;
    }

    if (crv != CKR_OK) {
       /* we couldn't unwrap the key, use the internal module to do the
        * unwrap, then load the new key into the token */
        PK11SlotInfo *int_slot = PK11_GetInternalSlot();

       if (int_slot && (slot != int_slot)) {
           SECKEYPrivateKey *privKey = PK11_UnwrapPrivKey(int_slot,
                     wrappingKey, wrapType, param, wrappedKey, label,
                     idValue, PR_FALSE, PR_FALSE, 
                     keyType, usage, usageCount, wincx);
           if (privKey) {
              SECKEYPrivateKey *newPrivKey = PK11_LoadPrivKey(slot,privKey,
                                          NULL,perm,sensitive);
              SECKEY_DestroyPrivateKey(privKey);
              PK11_FreeSlot(int_slot);
              return newPrivKey;
           }
       }
       if (int_slot) PK11_FreeSlot(int_slot);
       PORT_SetError( PK11_MapError(crv) );
       return NULL;
    }
    return PK11_MakePrivKey(slot, nullKey, PR_FALSE, privKeyID, wincx);
}

Here is the call graph for this function:

SECStatus PK11_Verify ( SECKEYPublicKey *  key,
SECItem *  sig,
SECItem *  hash,
void wincx 
)

Definition at line 684 of file pk11obj.c.

{
    PK11SlotInfo *slot = key->pkcs11Slot;
    CK_OBJECT_HANDLE id = key->pkcs11ID;
    CK_MECHANISM mech = {0, NULL, 0 };
    PRBool owner = PR_TRUE;
    CK_SESSION_HANDLE session;
    CK_RV crv;

    mech.mechanism = PK11_MapSignKeyType(key->keyType);

    if (slot == NULL) {
       slot = PK11_GetBestSlot(mech.mechanism,wincx);
       
       if (slot == NULL) {
           PORT_SetError( SEC_ERROR_NO_MODULE );
           return SECFailure;
       }
       id = PK11_ImportPublicKey(slot,key,PR_FALSE);
            
    } else {
       PK11_ReferenceSlot(slot);
    }

    if (id == CK_INVALID_HANDLE) {
       PK11_FreeSlot(slot);
       PORT_SetError( SEC_ERROR_BAD_KEY );
       return SECFailure;
    }

    session = pk11_GetNewSession(slot,&owner);
    if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot);
    crv = PK11_GETTAB(slot)->C_VerifyInit(session,&mech,id);
    if (crv != CKR_OK) {
       if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
       pk11_CloseSession(slot,session,owner);
       PK11_FreeSlot(slot);
       PORT_SetError( PK11_MapError(crv) );
       return SECFailure;
    }
    crv = PK11_GETTAB(slot)->C_Verify(session,hash->data,
                                   hash->len, sig->data, sig->len);
    if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
    pk11_CloseSession(slot,session,owner);
    PK11_FreeSlot(slot);
    if (crv != CKR_OK) {
       PORT_SetError( PK11_MapError(crv) );
       return SECFailure;
    }
    return SECSuccess;
}

Here is the call graph for this function:

SECStatus PK11_VerifyRecover ( SECKEYPublicKey *  key,
SECItem *  sig,
SECItem *  dsig,
void wincx 
)

Definition at line 625 of file pk11obj.c.

{
    PK11SlotInfo *slot = key->pkcs11Slot;
    CK_OBJECT_HANDLE id = key->pkcs11ID;
    CK_MECHANISM mech = {0, NULL, 0 };
    PRBool owner = PR_TRUE;
    CK_SESSION_HANDLE session;
    CK_ULONG len;
    CK_RV crv;

    mech.mechanism = PK11_MapSignKeyType(key->keyType);

    if (slot == NULL) {
       slot = PK11_GetBestSlot(mech.mechanism,wincx);
       if (slot == NULL) {
              PORT_SetError( SEC_ERROR_NO_MODULE );
              return SECFailure;
       }
       id = PK11_ImportPublicKey(slot,key,PR_FALSE);
    } else {
       PK11_ReferenceSlot(slot);
    }

    if (id == CK_INVALID_HANDLE) {
       PK11_FreeSlot(slot);
       PORT_SetError( SEC_ERROR_BAD_KEY );
       return SECFailure;
    }

    session = pk11_GetNewSession(slot,&owner);
    if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot);
    crv = PK11_GETTAB(slot)->C_VerifyRecoverInit(session,&mech,id);
    if (crv != CKR_OK) {
       if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
       pk11_CloseSession(slot,session,owner);
       PORT_SetError( PK11_MapError(crv) );
       PK11_FreeSlot(slot);
       return SECFailure;
    }
    len = dsig->len;
    crv = PK11_GETTAB(slot)->C_VerifyRecover(session,sig->data,
                                          sig->len, dsig->data, &len);
    if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
    pk11_CloseSession(slot,session,owner);
    dsig->len = len;
    if (crv != CKR_OK) {
       PORT_SetError( PK11_MapError(crv) );
       PK11_FreeSlot(slot);
       return SECFailure;
    }
    PK11_FreeSlot(slot);
    return SECSuccess;
}

Here is the call graph for this function:

SECStatus PK11_WrapPrivKey ( PK11SlotInfo *  slot,
PK11SymKey *  wrappingKey,
SECKEYPrivateKey *  privKey,
CK_MECHANISM_TYPE  wrapType,
SECItem *  param,
SECItem *  wrappedKey,
void wincx 
)

Definition at line 1052 of file pk11obj.c.

{
    PK11SlotInfo     *privSlot   = privKey->pkcs11Slot; /* The slot where
                                                  * the private key
                                                  * we are going to
                                                  * wrap lives.
                                                  */
    PK11SymKey       *newSymKey  = NULL;
    SECKEYPrivateKey *newPrivKey = NULL;
    SECItem          *param_free = NULL;
    CK_ULONG          len        = wrappedKey->len;
    CK_MECHANISM      mech;
    CK_RV             crv;

    if (!privSlot || !PK11_DoesMechanism(privSlot, wrapType)) {
        /* Figure out a slot that does the mechanism and try to import
        * the private key onto that slot.
        */
        PK11SlotInfo *int_slot = PK11_GetInternalSlot();

       privSlot = int_slot; /* The private key has a new home */
       newPrivKey = PK11_LoadPrivKey(privSlot,privKey,NULL,PR_FALSE,PR_FALSE);
       /* newPrivKey has allocated its own reference to the slot, so it's
        * safe until we destroy newPrivkey.
        */
       PK11_FreeSlot(int_slot);
       if (newPrivKey == NULL) {
           return SECFailure;
       }
       privKey = newPrivKey;
    }

    if (privSlot != wrappingKey->slot) {
        newSymKey = pk11_CopyToSlot (privSlot, wrapType, CKA_WRAP, 
                                 wrappingKey);
       wrappingKey = newSymKey;
    }

    if (wrappingKey == NULL) {
        if (newPrivKey) {
              SECKEY_DestroyPrivateKey(newPrivKey);
       }
       return SECFailure;
    }
    mech.mechanism = wrapType;
    if (!param) {
        param = param_free = PK11_ParamFromIV(wrapType, NULL);
    }
    if (param) {
        mech.pParameter     = param->data;
       mech.ulParameterLen = param->len;
    } else {
        mech.pParameter     = NULL;
       mech.ulParameterLen = 0;
    }

    PK11_EnterSlotMonitor(privSlot);
    crv = PK11_GETTAB(privSlot)->C_WrapKey(privSlot->session, &mech, 
                                      wrappingKey->objectID, 
                                      privKey->pkcs11ID,
                                      wrappedKey->data, &len);
    PK11_ExitSlotMonitor(privSlot);

    if (newSymKey) {
        PK11_FreeSymKey(newSymKey);
    }
    if (newPrivKey) {
        SECKEY_DestroyPrivateKey(newPrivKey);
    }
    if (param_free) {
       SECITEM_FreeItem(param_free,PR_TRUE);
    }

    if (crv != CKR_OK) {
        PORT_SetError( PK11_MapError(crv) );
       return SECFailure;
    }

    wrappedKey->len = len;
    return SECSuccess;
}

Here is the call graph for this function: