Back to index

lightning-sunbird  0.9+nobinonly
Defines | Functions
pk11pub.h File Reference
#include "plarena.h"
#include "seccomon.h"
#include "secoidt.h"
#include "secdert.h"
#include "keyt.h"
#include "certt.h"
#include "pkcs11t.h"
#include "secmodt.h"
#include "pkcs7t.h"
#include "cmsreclist.h"
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Defines

#define PK11_PrivDecryptRaw   PK11_PubDecryptRaw

Functions

SEC_BEGIN_PROTOS void PK11_FreeSlotList (PK11SlotList *list)
SECStatus PK11_FreeSlotListElement (PK11SlotList *list, PK11SlotListElement *le)
PK11SlotListElement * PK11_GetFirstSafe (PK11SlotList *list)
PK11SlotListElement * PK11_GetNextSafe (PK11SlotList *list, PK11SlotListElement *le, PRBool restart)
PK11SlotInfo * PK11_ReferenceSlot (PK11SlotInfo *slot)
void PK11_FreeSlot (PK11SlotInfo *slot)
SECStatus PK11_DestroyObject (PK11SlotInfo *slot, CK_OBJECT_HANDLE object)
SECStatus PK11_DestroyTokenObject (PK11SlotInfo *slot, CK_OBJECT_HANDLE object)
PK11SlotInfo * PK11_GetInternalKeySlot (void)
PK11SlotInfo * PK11_GetInternalSlot (void)
SECStatus PK11_Logout (PK11SlotInfo *slot)
void PK11_LogoutAll (void)
void PK11_SetSlotPWValues (PK11SlotInfo *slot, int askpw, int timeout)
void PK11_GetSlotPWValues (PK11SlotInfo *slot, int *askpw, int *timeout)
SECStatus PK11_CheckSSOPassword (PK11SlotInfo *slot, char *ssopw)
SECStatus PK11_CheckUserPassword (PK11SlotInfo *slot, char *pw)
PRBool PK11_IsLoggedIn (PK11SlotInfo *slot, void *wincx)
SECStatus PK11_InitPin (PK11SlotInfo *slot, char *ssopw, char *pk11_userpwd)
SECStatus PK11_ChangePW (PK11SlotInfo *slot, char *oldpw, char *newpw)
void PK11_SetPasswordFunc (PK11PasswordFunc func)
int PK11_GetMinimumPwdLength (PK11SlotInfo *slot)
SECStatus PK11_ResetToken (PK11SlotInfo *slot, char *sso_pwd)
SECStatus PK11_Authenticate (PK11SlotInfo *slot, PRBool loadCerts, void *wincx)
SECStatus PK11_TokenRefresh (PK11SlotInfo *slot)
PK11SlotInfo * PK11_FindSlotByName (const char *name)
PK11SlotList * PK11_FindSlotsByNames (const char *dllName, const char *slotName, const char *tokenName, PRBool presentOnly)
PRBool PK11_IsReadOnly (PK11SlotInfo *slot)
PRBool PK11_IsInternal (PK11SlotInfo *slot)
char * PK11_GetTokenName (PK11SlotInfo *slot)
char * PK11_GetSlotName (PK11SlotInfo *slot)
PRBool PK11_NeedLogin (PK11SlotInfo *slot)
PRBool PK11_IsFriendly (PK11SlotInfo *slot)
PRBool PK11_IsHW (PK11SlotInfo *slot)
PRBool PK11_NeedUserInit (PK11SlotInfo *slot)
PRBool PK11_ProtectedAuthenticationPath (PK11SlotInfo *slot)
int PK11_GetSlotSeries (PK11SlotInfo *slot)
int PK11_GetCurrentWrapIndex (PK11SlotInfo *slot)
unsigned long PK11_GetDefaultFlags (PK11SlotInfo *slot)
CK_SLOT_ID PK11_GetSlotID (PK11SlotInfo *slot)
SECMODModuleID PK11_GetModuleID (PK11SlotInfo *slot)
SECStatus PK11_GetSlotInfo (PK11SlotInfo *slot, CK_SLOT_INFO *info)
SECStatus PK11_GetTokenInfo (PK11SlotInfo *slot, CK_TOKEN_INFO *info)
PRBool PK11_IsDisabled (PK11SlotInfo *slot)
PRBool PK11_HasRootCerts (PK11SlotInfo *slot)
PK11DisableReasons PK11_GetDisabledReason (PK11SlotInfo *slot)
PRBool PK11_UserDisableSlot (PK11SlotInfo *slot)
PRBool PK11_UserEnableSlot (PK11SlotInfo *slot)
PK11TokenStatus PK11_WaitForTokenEvent (PK11SlotInfo *slot, PK11TokenEvent event, PRIntervalTime timeout, PRIntervalTime pollInterval, int series)
PRBool PK11_NeedPWInit (void)
PRBool PK11_TokenExists (CK_MECHANISM_TYPE)
SECStatus PK11_GetModInfo (SECMODModule *mod, CK_INFO *info)
PRBool PK11_IsFIPS (void)
SECMODModule * PK11_GetModule (PK11SlotInfo *slot)
PRBool PK11_IsPresent (PK11SlotInfo *slot)
PRBool PK11_DoesMechanism (PK11SlotInfo *slot, CK_MECHANISM_TYPE type)
PK11SlotList * PK11_GetAllTokens (CK_MECHANISM_TYPE type, PRBool needRW, PRBool loadCerts, void *wincx)
PK11SlotInfo * PK11_GetBestSlotMultiple (CK_MECHANISM_TYPE *type, int count, void *wincx)
PK11SlotInfo * PK11_GetBestSlot (CK_MECHANISM_TYPE type, void *wincx)
CK_MECHANISM_TYPE PK11_GetBestWrapMechanism (PK11SlotInfo *slot)
int PK11_GetBestKeyLength (PK11SlotInfo *slot, CK_MECHANISM_TYPE type)
PK11SlotInfo * SECMOD_OpenUserDB (const char *moduleSpec)
SECStatus SECMOD_CloseUserDB (PK11SlotInfo *slot)
CK_MECHANISM_TYPE PK11_GetKeyType (CK_MECHANISM_TYPE type, unsigned long len)
CK_MECHANISM_TYPE PK11_GetKeyGen (CK_MECHANISM_TYPE type)
int PK11_GetBlockSize (CK_MECHANISM_TYPE type, SECItem *params)
int PK11_GetIVLength (CK_MECHANISM_TYPE type)
SECItem * PK11_ParamFromIV (CK_MECHANISM_TYPE type, SECItem *iv)
unsigned char * PK11_IVFromParam (CK_MECHANISM_TYPE type, SECItem *param, int *len)
SECItem * PK11_BlockData (SECItem *data, unsigned long size)
SECItem * PK11_ParamFromAlgid (SECAlgorithmID *algid)
SECItem * PK11_GenerateNewParam (CK_MECHANISM_TYPE, PK11SymKey *)
CK_MECHANISM_TYPE PK11_AlgtagToMechanism (SECOidTag algTag)
SECOidTag PK11_MechanismToAlgtag (CK_MECHANISM_TYPE type)
SECOidTag PK11_FortezzaMapSig (SECOidTag algTag)
SECStatus PK11_ParamToAlgid (SECOidTag algtag, SECItem *param, PRArenaPool *arena, SECAlgorithmID *algid)
SECStatus PK11_SeedRandom (PK11SlotInfo *, unsigned char *data, int len)
SECStatus PK11_GenerateRandomOnSlot (PK11SlotInfo *, unsigned char *data, int len)
SECStatus PK11_RandomUpdate (void *data, size_t bytes)
SECStatus PK11_GenerateRandom (unsigned char *data, int len)
CK_RV PK11_MapPBEMechanismToCryptoMechanism (CK_MECHANISM_PTR pPBEMechanism, CK_MECHANISM_PTR pCryptoMechanism, SECItem *pbe_pwd, PRBool bad3DES)
CK_MECHANISM_TYPE PK11_GetPadMechanism (CK_MECHANISM_TYPE)
CK_MECHANISM_TYPE PK11_MapSignKeyType (KeyType keyType)
void PK11_FreeSymKey (PK11SymKey *key)
PK11SymKey * PK11_ReferenceSymKey (PK11SymKey *symKey)
PK11SymKey * PK11_ImportSymKey (PK11SlotInfo *slot, CK_MECHANISM_TYPE type, PK11Origin origin, CK_ATTRIBUTE_TYPE operation, SECItem *key, void *wincx)
PK11SymKey * PK11_ImportSymKeyWithFlags (PK11SlotInfo *slot, CK_MECHANISM_TYPE type, PK11Origin origin, CK_ATTRIBUTE_TYPE operation, SECItem *key, CK_FLAGS flags, PRBool isPerm, void *wincx)
PK11SymKey * PK11_SymKeyFromHandle (PK11SlotInfo *slot, PK11SymKey *parent, PK11Origin origin, CK_MECHANISM_TYPE type, CK_OBJECT_HANDLE keyID, PRBool owner, void *wincx)
PK11SymKey * PK11_GetWrapKey (PK11SlotInfo *slot, int wrap, CK_MECHANISM_TYPE type, int series, void *wincx)
void PK11_SetWrapKey (PK11SlotInfo *slot, int wrap, PK11SymKey *wrapKey)
CK_MECHANISM_TYPE PK11_GetMechanism (PK11SymKey *symKey)
CK_OBJECT_HANDLE PK11_ImportPublicKey (PK11SlotInfo *slot, SECKEYPublicKey *pubKey, PRBool isToken)
PK11SymKey * PK11_KeyGen (PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *param, int keySize, void *wincx)
PK11SymKey * PK11_TokenKeyGen (PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *param, int keySize, SECItem *keyid, PRBool isToken, void *wincx)
PK11SymKey * PK11_TokenKeyGenWithFlags (PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *param, int keySize, SECItem *keyid, CK_FLAGS opFlags, PK11AttrFlags attrFlags, void *wincx)
PK11SymKey * PK11_ListFixedKeysInSlot (PK11SlotInfo *slot, char *nickname, void *wincx)
PK11SymKey * PK11_GetNextSymKey (PK11SymKey *symKey)
CK_KEY_TYPE PK11_GetSymKeyType (PK11SymKey *key)
void PK11_SetSymKeyUserData (PK11SymKey *symKey, void *data, PK11FreeDataFunc freefunc)
voidPK11_GetSymKeyUserData (PK11SymKey *symKey)
SECStatus PK11_PubWrapSymKey (CK_MECHANISM_TYPE type, SECKEYPublicKey *pubKey, PK11SymKey *symKey, SECItem *wrappedKey)
SECStatus PK11_WrapSymKey (CK_MECHANISM_TYPE type, SECItem *params, PK11SymKey *wrappingKey, PK11SymKey *symKey, SECItem *wrappedKey)
PK11SymKey * PK11_MoveSymKey (PK11SlotInfo *slot, CK_ATTRIBUTE_TYPE operation, CK_FLAGS flags, PRBool perm, PK11SymKey *symKey)
PK11SymKey * PK11_Derive (PK11SymKey *baseKey, CK_MECHANISM_TYPE mechanism, SECItem *param, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize)
PK11SymKey * PK11_DeriveWithFlags (PK11SymKey *baseKey, CK_MECHANISM_TYPE derive, SECItem *param, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize, CK_FLAGS flags)
PK11SymKey * PK11_DeriveWithFlagsPerm (PK11SymKey *baseKey, CK_MECHANISM_TYPE derive, SECItem *param, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize, CK_FLAGS flags, PRBool isPerm)
PK11SymKey * PK11_PubDerive (SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey, PRBool isSender, SECItem *randomA, SECItem *randomB, CK_MECHANISM_TYPE derive, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize, void *wincx)
PK11SymKey * PK11_PubDeriveWithKDF (SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey, PRBool isSender, SECItem *randomA, SECItem *randomB, CK_MECHANISM_TYPE derive, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize, CK_ULONG kdf, SECItem *sharedData, void *wincx)
PK11SymKey * PK11_UnwrapSymKey (PK11SymKey *key, CK_MECHANISM_TYPE wraptype, SECItem *param, SECItem *wrapppedKey, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize)
PK11SymKey * PK11_UnwrapSymKeyWithFlags (PK11SymKey *wrappingKey, CK_MECHANISM_TYPE wrapType, SECItem *param, SECItem *wrappedKey, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize, CK_FLAGS flags)
PK11SymKey * PK11_UnwrapSymKeyWithFlagsPerm (PK11SymKey *wrappingKey, CK_MECHANISM_TYPE wrapType, SECItem *param, SECItem *wrappedKey, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize, CK_FLAGS flags, PRBool isPerm)
PK11SymKey * PK11_PubUnwrapSymKey (SECKEYPrivateKey *key, SECItem *wrapppedKey, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize)
PK11SymKey * PK11_PubUnwrapSymKeyWithFlagsPerm (SECKEYPrivateKey *wrappingKey, SECItem *wrappedKey, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize, CK_FLAGS flags, PRBool isPerm)
PK11SymKey * PK11_FindFixedKey (PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *keyID, void *wincx)
SECStatus PK11_DeleteTokenPrivateKey (SECKEYPrivateKey *privKey, PRBool force)
SECStatus PK11_DeleteTokenPublicKey (SECKEYPublicKey *pubKey)
SECStatus PK11_DeleteTokenSymKey (PK11SymKey *symKey)
SECStatus PK11_DeleteTokenCertAndKey (CERTCertificate *cert, void *wincx)
SECKEYPrivateKey * PK11_LoadPrivKey (PK11SlotInfo *slot, SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey, PRBool token, PRBool sensitive)
char * PK11_GetSymKeyNickname (PK11SymKey *symKey)
char * PK11_GetPrivateKeyNickname (SECKEYPrivateKey *privKey)
char * PK11_GetPublicKeyNickname (SECKEYPublicKey *pubKey)
SECStatus PK11_SetSymKeyNickname (PK11SymKey *symKey, const char *nickname)
SECStatus PK11_SetPrivateKeyNickname (SECKEYPrivateKey *privKey, const char *nickname)
SECStatus PK11_SetPublicKeyNickname (SECKEYPublicKey *pubKey, const char *nickname)
unsigned int PK11_GetKeyLength (PK11SymKey *key)
unsigned int PK11_GetKeyStrength (PK11SymKey *key, SECAlgorithmID *algid)
SECStatus PK11_ExtractKeyValue (PK11SymKey *symKey)
SECItem * PK11_GetKeyData (PK11SymKey *symKey)
PK11SlotInfo * PK11_GetSlotFromKey (PK11SymKey *symKey)
voidPK11_GetWindow (PK11SymKey *symKey)
SECKEYPrivateKey * PK11_GenerateKeyPairWithFlags (PK11SlotInfo *slot, CK_MECHANISM_TYPE type, void *param, SECKEYPublicKey **pubk, PK11AttrFlags attrFlags, void *wincx)
SECKEYPrivateKey * PK11_GenerateKeyPair (PK11SlotInfo *slot, CK_MECHANISM_TYPE type, void *param, SECKEYPublicKey **pubk, PRBool isPerm, PRBool isSensitive, void *wincx)
SECKEYPrivateKey * PK11_FindPrivateKeyFromCert (PK11SlotInfo *slot, CERTCertificate *cert, void *wincx)
SECKEYPrivateKey * PK11_FindKeyByAnyCert (CERTCertificate *cert, void *wincx)
SECKEYPrivateKey * PK11_FindKeyByKeyID (PK11SlotInfo *slot, SECItem *keyID, void *wincx)
int PK11_GetPrivateModulusLen (SECKEYPrivateKey *key)
SECStatus PK11_PubDecryptRaw (SECKEYPrivateKey *key, unsigned char *data, unsigned *outLen, unsigned int maxLen, unsigned char *enc, unsigned encLen)
SECStatus PK11_PubEncryptRaw (SECKEYPublicKey *key, unsigned char *enc, unsigned char *data, unsigned dataLen, void *wincx)
SECStatus PK11_PrivDecryptPKCS1 (SECKEYPrivateKey *key, unsigned char *data, unsigned *outLen, unsigned int maxLen, unsigned char *enc, unsigned encLen)
SECStatus PK11_PubEncryptPKCS1 (SECKEYPublicKey *key, unsigned char *enc, unsigned char *data, unsigned dataLen, void *wincx)
SECStatus PK11_ImportPrivateKeyInfo (PK11SlotInfo *slot, SECKEYPrivateKeyInfo *pki, SECItem *nickname, SECItem *publicValue, PRBool isPerm, PRBool isPrivate, unsigned int usage, void *wincx)
SECStatus PK11_ImportPrivateKeyInfoAndReturnKey (PK11SlotInfo *slot, SECKEYPrivateKeyInfo *pki, SECItem *nickname, SECItem *publicValue, PRBool isPerm, PRBool isPrivate, unsigned int usage, SECKEYPrivateKey **privk, void *wincx)
SECStatus PK11_ImportDERPrivateKeyInfo (PK11SlotInfo *slot, SECItem *derPKI, SECItem *nickname, SECItem *publicValue, PRBool isPerm, PRBool isPrivate, unsigned int usage, void *wincx)
SECStatus PK11_ImportDERPrivateKeyInfoAndReturnKey (PK11SlotInfo *slot, SECItem *derPKI, SECItem *nickname, SECItem *publicValue, PRBool isPerm, PRBool isPrivate, unsigned int usage, SECKEYPrivateKey **privk, void *wincx)
SECStatus PK11_ImportEncryptedPrivateKeyInfo (PK11SlotInfo *slot, SECKEYEncryptedPrivateKeyInfo *epki, SECItem *pwitem, SECItem *nickname, SECItem *publicValue, PRBool isPerm, PRBool isPrivate, KeyType type, unsigned int usage, void *wincx)
SECKEYPrivateKeyInfo * PK11_ExportPrivateKeyInfo (CERTCertificate *cert, void *wincx)
SECKEYEncryptedPrivateKeyInfo * PK11_ExportEncryptedPrivKeyInfo (PK11SlotInfo *slot, SECOidTag algTag, SECItem *pwitem, SECKEYPrivateKey *pk, int iteration, void *wincx)
SECKEYEncryptedPrivateKeyInfo * PK11_ExportEncryptedPrivateKeyInfo (PK11SlotInfo *slot, SECOidTag algTag, SECItem *pwitem, CERTCertificate *cert, int iteration, void *wincx)
SECKEYPrivateKey * PK11_FindKeyByDERCert (PK11SlotInfo *slot, CERTCertificate *cert, void *wincx)
SECKEYPublicKey * PK11_MakeKEAPubKey (unsigned char *data, int length)
SECStatus PK11_DigestKey (PK11Context *context, PK11SymKey *key)
PRBool PK11_VerifyKeyOK (PK11SymKey *key)
SECKEYPrivateKey * PK11_UnwrapPrivKey (PK11SlotInfo *slot, PK11SymKey *wrappingKey, CK_MECHANISM_TYPE wrapType, SECItem *param, SECItem *wrappedKey, SECItem *label, SECItem *publicValue, PRBool token, PRBool sensitive, CK_KEY_TYPE keyType, CK_ATTRIBUTE_TYPE *usage, int usageCount, void *wincx)
SECStatus PK11_WrapPrivKey (PK11SlotInfo *slot, PK11SymKey *wrappingKey, SECKEYPrivateKey *privKey, CK_MECHANISM_TYPE wrapType, SECItem *param, SECItem *wrappedKey, void *wincx)
SECItem * PK11_DEREncodePublicKey (SECKEYPublicKey *pubk)
PK11SymKey * PK11_CopySymKeyForSigning (PK11SymKey *originalKey, CK_MECHANISM_TYPE mech)
SECKEYPrivateKeyListPK11_ListPrivKeysInSlot (PK11SlotInfo *slot, char *nickname, void *wincx)
SECKEYPublicKeyListPK11_ListPublicKeysInSlot (PK11SlotInfo *slot, char *nickname)
SECKEYPQGParams * PK11_GetPQGParamsFromPrivateKey (SECKEYPrivateKey *privKey)
SECKEYPrivateKeyListPK11_ListPrivateKeysInSlot (PK11SlotInfo *slot)
PK11SymKey * PK11_ConvertSessionSymKeyToTokenSymKey (PK11SymKey *symk, void *wincx)
SECKEYPrivateKey * PK11_ConvertSessionPrivKeyToTokenPrivKey (SECKEYPrivateKey *privk, void *wincx)
SECKEYPrivateKey * PK11_CopyTokenPrivKeyToSessionPrivKey (PK11SlotInfo *destSlot, SECKEYPrivateKey *privKey)
SECItem * PK11_MakeIDFromPubKey (SECItem *pubKeyData)
SECStatus PK11_TraverseSlotCerts (SECStatus(*callback)(CERTCertificate *, SECItem *, void *), void *arg, void *wincx)
CERTCertificate * PK11_FindCertFromNickname (char *nickname, void *wincx)
CERTCertList * PK11_FindCertsFromNickname (char *nickname, void *wincx)
CERTCertificate * PK11_GetCertFromPrivateKey (SECKEYPrivateKey *privKey)
SECStatus PK11_ImportCert (PK11SlotInfo *slot, CERTCertificate *cert, CK_OBJECT_HANDLE key, char *nickname, PRBool includeTrust)
SECStatus PK11_ImportDERCert (PK11SlotInfo *slot, SECItem *derCert, CK_OBJECT_HANDLE key, char *nickname, PRBool includeTrust)
PK11SlotInfo * PK11_ImportCertForKey (CERTCertificate *cert, char *nickname, void *wincx)
PK11SlotInfo * PK11_ImportDERCertForKey (SECItem *derCert, char *nickname, void *wincx)
PK11SlotInfo * PK11_KeyForCertExists (CERTCertificate *cert, CK_OBJECT_HANDLE *keyPtr, void *wincx)
PK11SlotInfo * PK11_KeyForDERCertExists (SECItem *derCert, CK_OBJECT_HANDLE *keyPtr, void *wincx)
CERTCertificate * PK11_FindCertByIssuerAndSN (PK11SlotInfo **slot, CERTIssuerAndSN *sn, void *wincx)
CERTCertificate * PK11_FindCertAndKeyByRecipientList (PK11SlotInfo **slot, SEC_PKCS7RecipientInfo **array, SEC_PKCS7RecipientInfo **rip, SECKEYPrivateKey **privKey, void *wincx)
int PK11_FindCertAndKeyByRecipientListNew (NSSCMSRecipient **recipientlist, void *wincx)
SECStatus PK11_TraverseCertsForSubjectInSlot (CERTCertificate *cert, PK11SlotInfo *slot, SECStatus(*callback)(CERTCertificate *, void *), void *arg)
CERTCertificate * PK11_FindCertFromDERCert (PK11SlotInfo *slot, CERTCertificate *cert, void *wincx)
SECStatus PK11_ImportCertForKeyToSlot (PK11SlotInfo *slot, CERTCertificate *cert, char *nickname, PRBool addUsage, void *wincx)
CERTCertificate * PK11_FindBestKEAMatch (CERTCertificate *serverCert, void *wincx)
PRBool PK11_FortezzaHasKEA (CERTCertificate *cert)
CK_OBJECT_HANDLE PK11_FindCertInSlot (PK11SlotInfo *slot, CERTCertificate *cert, void *wincx)
SECStatus PK11_TraverseCertsForNicknameInSlot (SECItem *nickname, PK11SlotInfo *slot, SECStatus(*callback)(CERTCertificate *, void *), void *arg)
CERTCertList * PK11_ListCerts (PK11CertListType type, void *pwarg)
CERTCertList * PK11_ListCertsInSlot (PK11SlotInfo *slot)
CERTSignedCrl * PK11_ImportCRL (PK11SlotInfo *slot, SECItem *derCRL, char *url, int type, void *wincx, PRInt32 importOptions, PRArenaPool *arena, PRInt32 decodeOptions)
int PK11_SignatureLen (SECKEYPrivateKey *key)
PK11SlotInfo * PK11_GetSlotFromPrivateKey (SECKEYPrivateKey *key)
SECStatus PK11_Sign (SECKEYPrivateKey *key, SECItem *sig, SECItem *hash)
SECStatus PK11_VerifyRecover (SECKEYPublicKey *key, SECItem *sig, SECItem *dsig, void *wincx)
SECStatus PK11_Verify (SECKEYPublicKey *key, SECItem *sig, SECItem *hash, void *wincx)
void PK11_DestroyContext (PK11Context *context, PRBool freeit)
PK11Context * PK11_CreateContextBySymKey (CK_MECHANISM_TYPE type, CK_ATTRIBUTE_TYPE operation, PK11SymKey *symKey, SECItem *param)
PK11Context * PK11_CreateDigestContext (SECOidTag hashAlg)
PK11Context * PK11_CloneContext (PK11Context *old)
SECStatus PK11_DigestBegin (PK11Context *cx)
SECStatus PK11_HashBuf (SECOidTag hashAlg, unsigned char *out, unsigned char *in, int32 len)
SECStatus PK11_DigestOp (PK11Context *context, const unsigned char *in, unsigned len)
SECStatus PK11_CipherOp (PK11Context *context, unsigned char *out, int *outlen, int maxout, unsigned char *in, int inlen)
SECStatus PK11_Finalize (PK11Context *context)
SECStatus PK11_DigestFinal (PK11Context *context, unsigned char *data, unsigned int *outLen, unsigned int length)
SECStatus PK11_SaveContext (PK11Context *cx, unsigned char *save, int *len, int saveLength)
unsigned char * PK11_SaveContextAlloc (PK11Context *cx, unsigned char *preAllocBuf, unsigned int pabLen, unsigned int *stateLen)
SECStatus PK11_RestoreContext (PK11Context *cx, unsigned char *save, int len)
SECStatus PK11_GenerateFortezzaIV (PK11SymKey *symKey, unsigned char *iv, int len)
void PK11_SetFortezzaHack (PK11SymKey *symKey)
SECItem * PK11_CreatePBEParams (SECItem *salt, SECItem *pwd, unsigned int iterations)
void PK11_DestroyPBEParams (SECItem *params)
SECAlgorithmID * PK11_CreatePBEAlgorithmID (SECOidTag algorithm, int iteration, SECItem *salt)
PK11SymKey * PK11_PBEKeyGen (PK11SlotInfo *slot, SECAlgorithmID *algid, SECItem *pwitem, PRBool faulty3DES, void *wincx)
PK11SymKey * PK11_RawPBEKeyGen (PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *params, SECItem *pwitem, PRBool faulty3DES, void *wincx)
SECItem * PK11_GetPBEIV (SECAlgorithmID *algid, SECItem *pwitem)
PK11DefaultArrayEntry * PK11_GetDefaultArray (int *)
SECStatus PK11_UpdateSlotAttribute (PK11SlotInfo *, PK11DefaultArrayEntry *, PRBool)
PK11GenericObject * PK11_FindGenericObjects (PK11SlotInfo *slot, CK_OBJECT_CLASS objClass)
PK11GenericObject * PK11_GetNextGenericObject (PK11GenericObject *object)
PK11GenericObject * PK11_GetPrevGenericObject (PK11GenericObject *object)
SECStatus PK11_UnlinkGenericObject (PK11GenericObject *object)
SECStatus PK11_LinkGenericObject (PK11GenericObject *list, PK11GenericObject *object)
SECStatus PK11_DestroyGenericObjects (PK11GenericObject *object)
SECStatus PK11_DestroyGenericObject (PK11GenericObject *object)
SECStatus PK11_ReadRawAttribute (PK11ObjectType type, void *object, CK_ATTRIBUTE_TYPE attr, SECItem *item)
SECItem * PK11_GetLowLevelKeyIDForCert (PK11SlotInfo *slot, CERTCertificate *cert, void *pwarg)
SECItem * PK11_GetLowLevelKeyIDForPrivateKey (SECKEYPrivateKey *key)
PRBool SECMOD_HasRootCerts (void)

Define Documentation

Definition at line 461 of file pk11pub.h.


Function Documentation

Definition at line 1585 of file pk11mech.c.

                                         {
    SECOidData *oid = SECOID_FindOIDByTag(algTag);

    if (oid) return (CK_MECHANISM_TYPE) oid->mechanism;
    return CKM_INVALID_MECHANISM;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus PK11_Authenticate ( PK11SlotInfo *  slot,
PRBool  loadCerts,
void wincx 
)

Definition at line 294 of file pk11auth.c.

                                                                     {
    if (pk11_LoginStillRequired(slot,wincx)) {
       return PK11_DoPassword(slot,loadCerts,wincx);
    }
    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECItem* PK11_BlockData ( SECItem *  data,
unsigned long  size 
)

Definition at line 59 of file pk11obj.c.

                                                 {
    SECItem *newData;

    newData = (SECItem *)PORT_Alloc(sizeof(SECItem));
    if (newData == NULL) return NULL;

    newData->len = (data->len + (size-1))/size;
    newData->len *= size;

    newData->data = (unsigned char *) PORT_ZAlloc(newData->len); 
    if (newData->data == NULL) {
       PORT_Free(newData);
       return NULL;
    }
    PORT_Memset(newData->data,newData->len-data->len,newData->len); 
    PORT_Memcpy(newData->data,data->data,data->len);
    return newData;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus PK11_ChangePW ( PK11SlotInfo *  slot,
char *  oldpw,
char *  newpw 
)

Definition at line 453 of file pk11auth.c.

{
    CK_RV crv;
    SECStatus rv = SECFailure;
    int newLen;
    int oldLen;
    CK_SESSION_HANDLE rwsession;

    if (newpw == NULL) newpw = "";
    if (oldpw == NULL) oldpw = "";
    newLen = PORT_Strlen(newpw);
    oldLen = PORT_Strlen(oldpw);

    /* get a rwsession */
    rwsession = PK11_GetRWSession(slot);
    if (rwsession == CK_INVALID_SESSION) {
       PORT_SetError(SEC_ERROR_BAD_DATA);
       return rv;
    }

    crv = PK11_GETTAB(slot)->C_SetPIN(rwsession,
              (unsigned char *)oldpw,oldLen,(unsigned char *)newpw,newLen);
    if (crv == CKR_OK) {
       rv = SECSuccess;
    } else {
       PORT_SetError(PK11_MapError(crv));
    }

    PK11_RestoreROSession(slot,rwsession);

    /* update our view of the world */
    PK11_InitToken(slot,PR_TRUE);
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus PK11_CheckSSOPassword ( PK11SlotInfo *  slot,
char *  ssopw 
)

Definition at line 320 of file pk11auth.c.

{
    CK_SESSION_HANDLE rwsession;
    CK_RV crv;
    SECStatus rv = SECFailure;
    int len = 0;

    /* get a rwsession */
    rwsession = PK11_GetRWSession(slot);
    if (rwsession == CK_INVALID_SESSION) {
       PORT_SetError(SEC_ERROR_BAD_DATA);
       return rv;
    }

    if (slot->protectedAuthPath) {
       len = 0;
       ssopw = NULL;
    } else if (ssopw == NULL) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       return SECFailure;
    } else {
       len = PORT_Strlen(ssopw);
    }

    /* check the password */
    crv = PK11_GETTAB(slot)->C_Login(rwsession,CKU_SO,
                                          (unsigned char *)ssopw,len);
    slot->lastLoginCheck = 0;
    switch (crv) {
    /* if we're already logged in, we're good to go */
    case CKR_OK:
       rv = SECSuccess;
       break;
    case CKR_PIN_INCORRECT:
       PORT_SetError(SEC_ERROR_BAD_PASSWORD);
       rv = SECWouldBlock; /* everything else is ok, only the pin is bad */
       break;
    default:
       PORT_SetError(PK11_MapError(crv));
       rv = SECFailure; /* some failure we can't fix by retrying */
    }
    PK11_GETTAB(slot)->C_Logout(rwsession);
    slot->lastLoginCheck = 0;

    /* release rwsession */
    PK11_RestoreROSession(slot,rwsession);
    return rv;
}

Here is the call graph for this function:

SECStatus PK11_CheckUserPassword ( PK11SlotInfo *  slot,
char *  pw 
)

Definition at line 127 of file pk11auth.c.

{
    int len = 0;
    CK_RV crv;
    SECStatus rv;
    int64 currtime = PR_Now();

    if (slot->protectedAuthPath) {
       len = 0;
       pw = NULL;
    } else if (pw == NULL) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       return SECFailure;
    } else {
       len = PORT_Strlen(pw);
    }

    /* force a logout */
    PK11_EnterSlotMonitor(slot);
    PK11_GETTAB(slot)->C_Logout(slot->session);

    crv = PK11_GETTAB(slot)->C_Login(slot->session,CKU_USER,
                                   (unsigned char *)pw,len);
    slot->lastLoginCheck = 0;
    PK11_ExitSlotMonitor(slot);
    switch (crv) {
    /* if we're already logged in, we're good to go */
    case CKR_OK:
       slot->authTransact = PK11_Global.transaction;
       slot->authTime = currtime;
       rv = SECSuccess;
       break;
    case CKR_PIN_INCORRECT:
       PORT_SetError(SEC_ERROR_BAD_PASSWORD);
       rv = SECWouldBlock; /* everything else is ok, only the pin is bad */
       break;
    default:
       PORT_SetError(PK11_MapError(crv));
       rv = SECFailure; /* some failure we can't fix by retrying */
    }
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus PK11_CipherOp ( PK11Context *  context,
unsigned char *  out,
int outlen,
int  maxout,
unsigned char *  in,
int  inlen 
)

Definition at line 669 of file pk11cxt.c.

{
    CK_RV crv = CKR_OK;
    CK_ULONG length = maxout;
    CK_ULONG offset =0;
    SECStatus rv = SECSuccess;
    unsigned char *saveOut = out;
    unsigned char *allocOut = NULL;

    /* if we ran out of session, we need to restore our previously stored
     * state.
     */
    PK11_EnterContextMonitor(context);
    if (!context->ownSession) {
        rv = pk11_restoreContext(context,context->savedData,
                                                 context->savedLength);
       if (rv != SECSuccess) {
           PK11_ExitContextMonitor(context);
           return rv;
       }
    }

    /*
     * The fortezza hack is to send 8 extra bytes on the first encrypted and
     * loose them on the first decrypt.
     */
    if (context->fortezzaHack) {
       unsigned char random[8];
       if (context->operation == CKA_ENCRYPT) {
           PK11_ExitContextMonitor(context);
           rv = PK11_GenerateRandom(random,sizeof(random));
           PK11_EnterContextMonitor(context);

           /* since we are offseting the output, we can't encrypt back into
            * the same buffer... allocate a temporary buffer just for this
            * call. */
           allocOut = out = (unsigned char*)PORT_Alloc(maxout);
           if (out == NULL) {
              PK11_ExitContextMonitor(context);
              return SECFailure;
           }
           crv = PK11_GETTAB(context->slot)->C_EncryptUpdate(context->session,
              random,sizeof(random),out,&length);

           out += length;
           maxout -= length;
           offset = length;
       } else if (context->operation == CKA_DECRYPT) {
           length = sizeof(random);
           crv = PK11_GETTAB(context->slot)->C_DecryptUpdate(context->session,
              in,sizeof(random),random,&length);
           inlen -= length;
           in += length;
           context->fortezzaHack = PR_FALSE;
       }
    }

    switch (context->operation) {
    case CKA_ENCRYPT:
       length = maxout;
       crv=PK11_GETTAB(context->slot)->C_EncryptUpdate(context->session,
                                          in, inlen, out, &length);
       length += offset;
       break;
    case CKA_DECRYPT:
       length = maxout;
       crv=PK11_GETTAB(context->slot)->C_DecryptUpdate(context->session,
                                          in, inlen, out, &length);
       break;
    default:
       crv = CKR_OPERATION_NOT_INITIALIZED;
       break;
    }

    if (crv != CKR_OK) {
        PORT_SetError( PK11_MapError(crv) );
       *outlen = 0;
        rv = SECFailure;
    } else {
       *outlen = length;
    }

    if (context->fortezzaHack) {
       if (context->operation == CKA_ENCRYPT) {
           PORT_Assert(allocOut);
           PORT_Memcpy(saveOut, allocOut, length);
           PORT_Free(allocOut);
       }
       context->fortezzaHack = PR_FALSE;
    }

    /*
     * handle session starvation case.. use our last session to multiplex
     */
    if (!context->ownSession) {
       context->savedData = pk11_saveContext(context,context->savedData,
                            &context->savedLength);
       if (context->savedData == NULL) rv = SECFailure;
       
       /* clear out out session for others to use */
       pk11_Finalize(context);
    }
    PK11_ExitContextMonitor(context);
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

PK11Context* PK11_CloneContext ( PK11Context *  old)

Definition at line 429 of file pk11cxt.c.

{
     PK11Context *newcx;
     PRBool needFree = PR_FALSE;
     SECStatus rv = SECSuccess;
     void *data;
     unsigned long len;

     newcx = pk11_CreateNewContextInSlot(old->type, old->slot, old->operation,
                                          old->key, old->param);
     if (newcx == NULL) return NULL;

     /* now clone the save state. First we need to find the save state
      * of the old session. If the old context owns it's session,
      * the state needs to be saved, otherwise the state is in saveData. */
     if (old->ownSession) {
        PK11_EnterContextMonitor(old);
       data=pk11_saveContext(old,NULL,&len);
        PK11_ExitContextMonitor(old);
       needFree = PR_TRUE;
     } else {
       data = old->savedData;
       len = old->savedLength;
     }

     if (data == NULL) {
       PK11_DestroyContext(newcx,PR_TRUE);
       return NULL;
     }

     /* now copy that state into our new context. Again we have different
      * work if the new context owns it's own session. If it does, we
      * restore the state gathered above. If it doesn't, we copy the
      * saveData pointer... */
     if (newcx->ownSession) {
        PK11_EnterContextMonitor(newcx);
       rv = pk11_restoreContext(newcx,data,len);
        PK11_ExitContextMonitor(newcx);
     } else {
       PORT_Assert(newcx->savedData != NULL);
       if ((newcx->savedData == NULL) || (newcx->savedLength < len)) {
           PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
           rv = SECFailure;
       } else {
           PORT_Memcpy(newcx->savedData,data,len);
           newcx->savedLength = len;
       }
    }

    if (needFree) PORT_Free(data);

    if (rv != SECSuccess) {
       PK11_DestroyContext(newcx,PR_TRUE);
       return NULL;
    }
    return newcx;
}

Here is the call graph for this function:

SECKEYPrivateKey* PK11_ConvertSessionPrivKeyToTokenPrivKey ( SECKEYPrivateKey *  privk,
void wincx 
)

Definition at line 1645 of file pk11akey.c.

{
    PK11SlotInfo* slot = privk->pkcs11Slot;
    CK_ATTRIBUTE template[1];
    CK_ATTRIBUTE *attrs = template;
    CK_BBOOL cktrue = CK_TRUE;
    CK_RV crv;
    CK_OBJECT_HANDLE newKeyID;
    CK_SESSION_HANDLE rwsession;

    PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(cktrue)); attrs++;

    PK11_Authenticate(slot, PR_TRUE, wincx);
    rwsession = PK11_GetRWSession(slot);
    if (rwsession == CK_INVALID_SESSION) {
       PORT_SetError(SEC_ERROR_BAD_DATA);
       return NULL;
    }
    crv = PK11_GETTAB(slot)->C_CopyObject(rwsession, privk->pkcs11ID,
        template, 1, &newKeyID);
    PK11_RestoreROSession(slot, rwsession);

    if (crv != CKR_OK) {
        PORT_SetError( PK11_MapError(crv) );
        return NULL;
    }

    return PK11_MakePrivKey(slot, nullKey /*KeyType*/, PR_FALSE /*isTemp*/,
        newKeyID, NULL /*wincx*/);
}

Here is the call graph for this function:

PK11SymKey* PK11_ConvertSessionSymKeyToTokenSymKey ( PK11SymKey *  symk,
void wincx 
)

Definition at line 1058 of file pk11skey.c.

{
    PK11SlotInfo* slot = symk->slot;
    CK_ATTRIBUTE template[1];
    CK_ATTRIBUTE *attrs = template;
    CK_BBOOL cktrue = CK_TRUE;
    CK_RV crv;
    CK_OBJECT_HANDLE newKeyID;
    CK_SESSION_HANDLE rwsession;

    PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(cktrue)); attrs++;

    PK11_Authenticate(slot, PR_TRUE, wincx);
    rwsession = PK11_GetRWSession(slot);
    if (rwsession == CK_INVALID_SESSION) {
       PORT_SetError(SEC_ERROR_BAD_DATA);
       return NULL;
    }
    crv = PK11_GETTAB(slot)->C_CopyObject(rwsession, symk->objectID,
        template, 1, &newKeyID);
    PK11_RestoreROSession(slot, rwsession);

    if (crv != CKR_OK) {
        PORT_SetError( PK11_MapError(crv) );
        return NULL;
    }

    return PK11_SymKeyFromHandle(slot, NULL /*parent*/, symk->origin,
        symk->type, newKeyID, PR_FALSE /*owner*/, NULL /*wincx*/);
}

Here is the call graph for this function:

PK11SymKey* PK11_CopySymKeyForSigning ( PK11SymKey *  originalKey,
CK_MECHANISM_TYPE  mech 
)

Definition at line 2129 of file pk11skey.c.

{
    CK_RV crv;
    CK_ATTRIBUTE setTemplate;
    CK_BBOOL ckTrue = CK_TRUE; 
    PK11SlotInfo *slot = originalKey->slot;

    /* first just try to set this key up for signing */
    PK11_SETATTRS(&setTemplate, CKA_SIGN, &ckTrue, sizeof(ckTrue));
    pk11_EnterKeyMonitor(originalKey);
    crv = PK11_GETTAB(slot)-> C_SetAttributeValue(originalKey->session, 
                            originalKey->objectID, &setTemplate, 1);
    pk11_ExitKeyMonitor(originalKey);
    if (crv == CKR_OK) {
       return PK11_ReferenceSymKey(originalKey);
    }

    /* nope, doesn't like it, use the pk11 copy object command */
    return pk11_CopyToSlot(slot, mech, CKA_SIGN, originalKey);
}

Here is the call graph for this function:

SECKEYPrivateKey* PK11_CopyTokenPrivKeyToSessionPrivKey ( PK11SlotInfo *  destSlot,
SECKEYPrivateKey *  privKey 
)

Definition at line 1605 of file pk11akey.c.

{
    CK_RV             crv;
    CK_OBJECT_HANDLE  newKeyID;

    static const CK_BBOOL     ckfalse = CK_FALSE;
    static const CK_ATTRIBUTE template[1] = { 
       { CKA_TOKEN, (CK_BBOOL *)&ckfalse, sizeof ckfalse }
    };

    if (destSlot && destSlot != privKey->pkcs11Slot) {
       SECKEYPrivateKey *newKey =
              pk11_loadPrivKey(destSlot, 
                            privKey, 
                             NULL,     /* pubKey    */
                             PR_FALSE, /* token     */
                             PR_FALSE);/* sensitive */
       if (newKey)
           return newKey;
    }
    destSlot = privKey->pkcs11Slot;
    PK11_Authenticate(destSlot, PR_TRUE, privKey->wincx);
    PK11_EnterSlotMonitor(destSlot);
    crv = PK11_GETTAB(destSlot)->C_CopyObject(   destSlot->session, 
                                          privKey->pkcs11ID,
                                          (CK_ATTRIBUTE *)template, 
                                          1, &newKeyID);
    PK11_ExitSlotMonitor(destSlot);

    if (crv != CKR_OK) {
       PORT_SetError( PK11_MapError(crv) );
       return NULL;
    }

    return PK11_MakePrivKey(destSlot, privKey->keyType, PR_TRUE /*isTemp*/, 
                         newKeyID, privKey->wincx);
}

Here is the call graph for this function:

Here is the caller graph for this function:

PK11Context* PK11_CreateContextBySymKey ( CK_MECHANISM_TYPE  type,
CK_ATTRIBUTE_TYPE  operation,
PK11SymKey *  symKey,
SECItem *  param 
)

Definition at line 374 of file pk11cxt.c.

{
    PK11SymKey *newKey;
    PK11Context *context;

    /* if this slot doesn't support the mechanism, go to a slot that does */
    newKey = pk11_ForceSlot(symKey,type,operation);
    if (newKey == NULL) {
       PK11_ReferenceSymKey(symKey);
    } else {
       symKey = newKey;
    }


    /* Context Adopts the symKey.... */
    context = pk11_CreateNewContextInSlot(type, symKey->slot, operation, symKey,
                                                      param);
    PK11_FreeSymKey(symKey);
    return context;
}

Here is the call graph for this function:

Here is the caller graph for this function:

PK11Context* PK11_CreateDigestContext ( SECOidTag  hashAlg)

Definition at line 401 of file pk11cxt.c.

{
    /* digesting has to work without authentication to the slot */
    CK_MECHANISM_TYPE type;
    PK11SlotInfo *slot;
    PK11Context *context;
    SECItem param;

    type = PK11_AlgtagToMechanism(hashAlg);
    slot = PK11_GetBestSlot(type, NULL);
    if (slot == NULL) {
       PORT_SetError( SEC_ERROR_NO_MODULE );
       return NULL;
    }

    /* maybe should really be PK11_GenerateNewParam?? */
    param.data = NULL;
    param.len = 0;
    param.type = 0;

    context = pk11_CreateNewContextInSlot(type, slot, CKA_DIGEST, NULL, &param);
    PK11_FreeSlot(slot);
    return context;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECAlgorithmID* PK11_CreatePBEAlgorithmID ( SECOidTag  algorithm,
int  iteration,
SECItem *  salt 
)

Definition at line 765 of file pk11pbe.c.

{
    SECAlgorithmID *algid = NULL;
    algid = SEC_PKCS5CreateAlgorithmID(algorithm, salt, iteration);
    return algid;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECItem* PK11_CreatePBEParams ( SECItem *  salt,
SECItem *  pwd,
unsigned int  iterations 
)

Definition at line 715 of file pk11pbe.c.

{
    CK_PBE_PARAMS *pbe_params = NULL;
    SECItem *paramRV = NULL;

    paramRV = SECITEM_AllocItem(NULL, NULL, sizeof(CK_PBE_PARAMS));
    if (!paramRV ) {
       goto loser;
    }
    /* init paramRV->data with zeros. SECITEM_AllocItem does not do it */
    PORT_Memset(paramRV->data, 0, sizeof(CK_PBE_PARAMS));

    pbe_params = (CK_PBE_PARAMS *)paramRV->data;
    pbe_params->pPassword = (CK_CHAR_PTR)PORT_ZAlloc(pwd->len);
    if (!pbe_params->pPassword) {
        goto loser;
    }
    PORT_Memcpy(pbe_params->pPassword, pwd->data, pwd->len);
    pbe_params->ulPasswordLen = pwd->len;

    pbe_params->pSalt = (CK_CHAR_PTR)PORT_ZAlloc(salt->len);
    if (!pbe_params->pSalt) {
       goto loser;
    }
    PORT_Memcpy(pbe_params->pSalt, salt->data, salt->len);
    pbe_params->ulSaltLen = salt->len;

    pbe_params->ulIteration = (CK_ULONG)iterations;
    return paramRV;

loser:
    if (pbe_params)
        pk11_destroy_ck_pbe_params(pbe_params);
    if (paramRV) 
       PORT_ZFree(paramRV, sizeof(SECItem));
    return NULL;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus PK11_DeleteTokenCertAndKey ( CERTCertificate *  cert,
void wincx 
)

Definition at line 422 of file pk11cert.c.

{
    SECKEYPrivateKey *privKey = PK11_FindKeyByAnyCert(cert,wincx);
    CK_OBJECT_HANDLE pubKey;
    PK11SlotInfo *slot = NULL;

    pubKey = pk11_FindPubKeyByAnyCert(cert, &slot, wincx);
    if (privKey) {
       /* For 3.4, utilize the generic cert delete function */
       SEC_DeletePermCertificate(cert);
       PK11_DeleteTokenPrivateKey(privKey, PR_FALSE);
    }
    if ((pubKey != CK_INVALID_HANDLE) && (slot != NULL)) { 
       PK11_DestroyTokenObject(slot,pubKey);
        PK11_FreeSlot(slot);
    }
    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus PK11_DeleteTokenPrivateKey ( SECKEYPrivateKey *  privKey,
PRBool  force 
)

Definition at line 1681 of file pk11akey.c.

{
    CERTCertificate *cert=PK11_GetCertFromPrivateKey(privKey);
    SECStatus rv = SECWouldBlock;

    if (!cert || force) {
       /* now, then it's safe for the key to go away */
       rv = PK11_DestroyTokenObject(privKey->pkcs11Slot,privKey->pkcs11ID);
    }
    if (cert) {
       CERT_DestroyCertificate(cert);
    }
    SECKEY_DestroyPrivateKey(privKey);
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus PK11_DeleteTokenPublicKey ( SECKEYPublicKey *  pubKey)

Definition at line 1702 of file pk11akey.c.

{
    /* now, then it's safe for the key to go away */
    if (pubKey->pkcs11Slot == NULL) {
       return SECFailure;
    }
    PK11_DestroyTokenObject(pubKey->pkcs11Slot,pubKey->pkcs11ID);
    SECKEY_DestroyPublicKey(pubKey);
    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus PK11_DeleteTokenSymKey ( PK11SymKey *  symKey)

Definition at line 658 of file pk11skey.c.

{
    if (!PK11_IsPermObject(symKey->slot, symKey->objectID)) {
       return SECFailure;
    }
    PK11_DestroyTokenObject(symKey->slot,symKey->objectID);
    symKey->objectID = CK_INVALID_HANDLE;
    return SECSuccess;
}

Here is the call graph for this function:

SECItem* PK11_DEREncodePublicKey ( SECKEYPublicKey *  pubk)

Definition at line 1508 of file pk11akey.c.

{
    CERTSubjectPublicKeyInfo *spki=NULL;
    SECItem *spkiDER = NULL;

    if( pubk == NULL ) {
        return NULL;
    }

    /* get the subjectpublickeyinfo */
    spki = SECKEY_CreateSubjectPublicKeyInfo(pubk);
    if( spki == NULL ) {
        goto finish;
    }

    /* DER-encode the subjectpublickeyinfo */
    spkiDER = SEC_ASN1EncodeItem(NULL /*arena*/, NULL/*dest*/, spki,
                    CERT_SubjectPublicKeyInfoTemplate);

finish:
    return spkiDER;
}

Here is the call graph for this function:

PK11SymKey* PK11_Derive ( PK11SymKey *  baseKey,
CK_MECHANISM_TYPE  mechanism,
SECItem *  param,
CK_MECHANISM_TYPE  target,
CK_ATTRIBUTE_TYPE  operation,
int  keySize 
)

Definition at line 1311 of file pk11skey.c.

{
    return pk11_DeriveWithTemplate(baseKey, derive, param, target, operation, 
                               keySize, NULL, 0, PR_FALSE);
}

Here is the call graph for this function:

PK11SymKey* PK11_DeriveWithFlags ( PK11SymKey *  baseKey,
CK_MECHANISM_TYPE  derive,
SECItem *  param,
CK_MECHANISM_TYPE  target,
CK_ATTRIBUTE_TYPE  operation,
int  keySize,
CK_FLAGS  flags 
)

Definition at line 1321 of file pk11skey.c.

{
    CK_BBOOL        ckTrue  = CK_TRUE; 
    CK_ATTRIBUTE    keyTemplate[MAX_TEMPL_ATTRS];
    unsigned int    templateCount;

    templateCount = pk11_OpFlagsToAttributes(flags, keyTemplate, &ckTrue);
    return pk11_DeriveWithTemplate(baseKey, derive, param, target, operation, 
                keySize, keyTemplate, templateCount, PR_FALSE);
}

Here is the call graph for this function:

PK11SymKey* PK11_DeriveWithFlagsPerm ( PK11SymKey *  baseKey,
CK_MECHANISM_TYPE  derive,
SECItem *  param,
CK_MECHANISM_TYPE  target,
CK_ATTRIBUTE_TYPE  operation,
int  keySize,
CK_FLAGS  flags,
PRBool  isPerm 
)

Definition at line 1335 of file pk11skey.c.

{
    CK_BBOOL        cktrue  = CK_TRUE; 
    CK_ATTRIBUTE    keyTemplate[MAX_TEMPL_ATTRS];
    CK_ATTRIBUTE    *attrs;
    unsigned int    templateCount = 0;

    attrs = keyTemplate;
    if (isPerm) {
        PK11_SETATTRS(attrs, CKA_TOKEN,  &cktrue, sizeof(CK_BBOOL)); attrs++;
    }
    templateCount = attrs - keyTemplate;
    templateCount += pk11_OpFlagsToAttributes(flags, attrs, &cktrue);
    return pk11_DeriveWithTemplate(baseKey, derive, param, target, operation, 
                               keySize, keyTemplate, templateCount, isPerm);
}

Here is the call graph for this function:

void PK11_DestroyContext ( PK11Context *  context,
PRBool  freeit 
)

Definition at line 92 of file pk11cxt.c.

{
    pk11_CloseSession(context->slot,context->session,context->ownSession);
    /* initialize the critical fields of the context */
    if (context->savedData != NULL ) PORT_Free(context->savedData);
    if (context->key) PK11_FreeSymKey(context->key);
    if (context->param && context->param != &pk11_null_params)
       SECITEM_FreeItem(context->param, PR_TRUE);
    if (context->sessionLock) PZ_DestroyLock(context->sessionLock);
    PK11_FreeSlot(context->slot);
    if (freeit) PORT_Free(context);
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus PK11_DestroyGenericObject ( PK11GenericObject *  object)

Definition at line 1271 of file pk11obj.c.

{
    if (object == NULL) {
       return SECSuccess;
    }

    PK11_UnlinkGenericObject(object);
    if (object->slot) {
       PK11_FreeSlot(object->slot);
    }
    PORT_Free(object);
    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus PK11_DestroyGenericObjects ( PK11GenericObject *  object)

Definition at line 1291 of file pk11obj.c.

{
    PK11GenericObject *nextObject;
    PK11GenericObject *prevObject = objects->prev;
 
    if (objects == NULL) {
       return SECSuccess;
    }

    nextObject = objects->next;
    prevObject = objects->prev;

    /* delete all the objects after it in the list */
    for (; objects;  objects = nextObject) {
       nextObject = objects->next;
       PK11_DestroyGenericObject(objects);
    }
    /* delete all the objects before it in the list */
    for (objects = prevObject; objects;  objects = nextObject) {
       prevObject = objects->prev;
       PK11_DestroyGenericObject(objects);
    }
    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus PK11_DestroyObject ( PK11SlotInfo *  slot,
CK_OBJECT_HANDLE  object 
)

Definition at line 80 of file pk11obj.c.

                                                               {
    CK_RV crv;

    PK11_EnterSlotMonitor(slot);
    crv = PK11_GETTAB(slot)->C_DestroyObject(slot->session,object);
    PK11_ExitSlotMonitor(slot);
    if (crv != CKR_OK) {
       return SECFailure;
    }
    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

void PK11_DestroyPBEParams ( SECItem *  params)

Definition at line 754 of file pk11pbe.c.

{
    if (pItem) {
       CK_PBE_PARAMS * params = (CK_PBE_PARAMS *)(pItem->data);
       if (params)
           pk11_destroy_ck_pbe_params(params);
       PORT_ZFree(pItem, sizeof(SECItem));
    }
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus PK11_DestroyTokenObject ( PK11SlotInfo *  slot,
CK_OBJECT_HANDLE  object 
)

Definition at line 93 of file pk11obj.c.

                                                                    {
    CK_RV crv;
    SECStatus rv = SECSuccess;
    CK_SESSION_HANDLE rwsession;

    
    rwsession = PK11_GetRWSession(slot);
    if (rwsession == CK_INVALID_SESSION) {
       PORT_SetError(SEC_ERROR_BAD_DATA);
       return SECFailure;
    }

    crv = PK11_GETTAB(slot)->C_DestroyObject(rwsession,object);
    if (crv != CKR_OK) {
       rv = SECFailure;
       PORT_SetError(PK11_MapError(crv));
    }
    PK11_RestoreROSession(slot,rwsession);
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus PK11_DigestBegin ( PK11Context *  cx)

Definition at line 596 of file pk11cxt.c.

{
    CK_MECHANISM mech_info;
    SECStatus rv;

    if (cx->init == PR_TRUE) {
       return SECSuccess;
    }

    /*
     * make sure the old context is clear first
     */
    PK11_EnterContextMonitor(cx);
    pk11_Finalize(cx);

    mech_info.mechanism = cx->type;
    mech_info.pParameter = cx->param->data;
    mech_info.ulParameterLen = cx->param->len;
    rv = pk11_context_init(cx,&mech_info);
    PK11_ExitContextMonitor(cx);

    if (rv != SECSuccess) {
       return SECFailure;
    }
    cx->init = PR_TRUE;
    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus PK11_DigestFinal ( PK11Context *  context,
unsigned char *  data,
unsigned int outLen,
unsigned int  length 
)

Definition at line 1008 of file pk11cxt.c.

{
    CK_ULONG len;
    CK_RV crv;
    SECStatus rv;


    /* if we ran out of session, we need to restore our previously stored
     * state.
     */
    PK11_EnterContextMonitor(context);
    if (!context->ownSession) {
        rv = pk11_restoreContext(context,context->savedData,
                                                 context->savedLength);
       if (rv != SECSuccess) {
           PK11_ExitContextMonitor(context);
           return rv;
       }
    }

    len = length;
    switch (context->operation) {
    case CKA_SIGN:
       crv=PK11_GETTAB(context->slot)->C_SignFinal(context->session,
                            data,&len);
       break;
    case CKA_VERIFY:
       crv=PK11_GETTAB(context->slot)->C_VerifyFinal(context->session,
                            data,len);
       break;
    case CKA_DIGEST:
       crv=PK11_GETTAB(context->slot)->C_DigestFinal(context->session,
                            data,&len);
       break;
    case CKA_ENCRYPT:
       crv=PK11_GETTAB(context->slot)->C_EncryptFinal(context->session,
                            data, &len);
       break;
    case CKA_DECRYPT:
       crv = PK11_GETTAB(context->slot)->C_DecryptFinal(context->session,
                            data, &len);
       break;
    default:
       crv = CKR_OPERATION_NOT_INITIALIZED;
       break;
    }
    PK11_ExitContextMonitor(context);

    *outLen = (unsigned int) len;
    context->init = PR_FALSE; /* allow Begin to start up again */


    if (crv != CKR_OK) {
        PORT_SetError( PK11_MapError(crv) );
       return SECFailure;
    }
    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus PK11_DigestKey ( PK11Context *  context,
PK11SymKey *  key 
)

Definition at line 850 of file pk11cxt.c.

{
    CK_RV crv = CKR_OK;
    SECStatus rv = SECSuccess;
    PK11SymKey *newKey = NULL;

    if (!context || !key) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return SECFailure;
    }

    /* if we ran out of session, we need to restore our previously stored
     * state.
     */
    if (context->slot != key->slot) {
       newKey = pk11_CopyToSlot(context->slot,CKM_SSL3_SHA1_MAC,CKA_SIGN,key);
    } else {
       newKey = PK11_ReferenceSymKey(key);
    }

    context->init = PR_FALSE;
    PK11_EnterContextMonitor(context);
    if (!context->ownSession) {
        rv = pk11_restoreContext(context,context->savedData,
                                                 context->savedLength);
       if (rv != SECSuccess) {
           PK11_ExitContextMonitor(context);
            PK11_FreeSymKey(newKey);
           return rv;
       }
    }


    if (newKey == NULL) {
       crv = CKR_KEY_TYPE_INCONSISTENT;
       if (key->data.data) {
           crv=PK11_GETTAB(context->slot)->C_DigestUpdate(context->session,
                                   key->data.data,key->data.len);
       }
    } else {
       crv=PK11_GETTAB(context->slot)->C_DigestKey(context->session,
                                                 newKey->objectID);
    }

    if (crv != CKR_OK) {
        PORT_SetError( PK11_MapError(crv) );
        rv = SECFailure;
    }

    /*
     * handle session starvation case.. use our last session to multiplex
     */
    if (!context->ownSession) {
       context->savedData = pk11_saveContext(context,context->savedData,
                            &context->savedLength);
       if (context->savedData == NULL) rv = SECFailure;
       
       /* clear out out session for others to use */
       pk11_Finalize(context);
    }
    PK11_ExitContextMonitor(context);
    if (newKey) PK11_FreeSymKey(newKey);
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus PK11_DigestOp ( PK11Context *  context,
const unsigned char *  in,
unsigned  len 
)

Definition at line 780 of file pk11cxt.c.

{
    CK_RV crv = CKR_OK;
    SECStatus rv = SECSuccess;

    if (!in) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return SECFailure;
    }

    /* if we ran out of session, we need to restore our previously stored
     * state.
     */
    context->init = PR_FALSE;
    PK11_EnterContextMonitor(context);
    if (!context->ownSession) {
        rv = pk11_restoreContext(context,context->savedData,
                                                 context->savedLength);
       if (rv != SECSuccess) {
           PK11_ExitContextMonitor(context);
           return rv;
       }
    }

    switch (context->operation) {
    /* also for MAC'ing */
    case CKA_SIGN:
       crv=PK11_GETTAB(context->slot)->C_SignUpdate(context->session,
                                               (unsigned char *)in, 
                                               inLen);
       break;
    case CKA_VERIFY:
       crv=PK11_GETTAB(context->slot)->C_VerifyUpdate(context->session,
                                                 (unsigned char *)in, 
                                                 inLen);
       break;
    case CKA_DIGEST:
       crv=PK11_GETTAB(context->slot)->C_DigestUpdate(context->session,
                                                 (unsigned char *)in, 
                                                 inLen);
       break;
    default:
       crv = CKR_OPERATION_NOT_INITIALIZED;
       break;
    }

    if (crv != CKR_OK) {
        PORT_SetError( PK11_MapError(crv) );
        rv = SECFailure;
    }

    /*
     * handle session starvation case.. use our last session to multiplex
     */
    if (!context->ownSession) {
       context->savedData = pk11_saveContext(context,context->savedData,
                            &context->savedLength);
       if (context->savedData == NULL) rv = SECFailure;
       
       /* clear out out session for others to use */
       pk11_Finalize(context);
    }
    PK11_ExitContextMonitor(context);
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

PRBool PK11_DoesMechanism ( PK11SlotInfo *  slot,
CK_MECHANISM_TYPE  type 
)

Definition at line 1856 of file pk11slot.c.

{
    int i;

    /* CKM_FAKE_RANDOM is not a real PKCS mechanism. It's a marker to
     * tell us we're looking form someone that has implemented get
     * random bits */
    if (type == CKM_FAKE_RANDOM) {
       return slot->hasRandom;
    }

    /* for most mechanism, bypass the linear lookup */
    if (type < 0x7ff) {
       return (slot->mechanismBits[type & 0xff] & (1 << (type >> 8)))  ?
              PR_TRUE : PR_FALSE;
    }
          
    for (i=0; i < (int) slot->mechanismCount; i++) {
       if (slot->mechanismList[i] == type) return PR_TRUE;
    }
    return PR_FALSE;
}
SECKEYEncryptedPrivateKeyInfo* PK11_ExportEncryptedPrivateKeyInfo ( PK11SlotInfo *  slot,
SECOidTag  algTag,
SECItem *  pwitem,
CERTCertificate *  cert,
int  iteration,
void wincx 
)

Definition at line 1489 of file pk11akey.c.

{
    SECKEYEncryptedPrivateKeyInfo *epki = NULL;
    SECKEYPrivateKey              *pk   = PK11_FindKeyByAnyCert(cert, wincx);
    if (pk != NULL) {
       epki = PK11_ExportEncryptedPrivKeyInfo(slot, algTag, pwitem, pk, 
                                              iteration, wincx);
       SECKEY_DestroyPrivateKey(pk);
    }
    return epki;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECKEYEncryptedPrivateKeyInfo* PK11_ExportEncryptedPrivKeyInfo ( PK11SlotInfo *  slot,
SECOidTag  algTag,
SECItem *  pwitem,
SECKEYPrivateKey *  pk,
int  iteration,
void wincx 
)

Definition at line 1317 of file pk11akey.c.

{
    SECKEYEncryptedPrivateKeyInfo *epki      = NULL;
    PRArenaPool                   *arena     = NULL;
    SECAlgorithmID                *algid;
    SECItem                       *pbe_param = NULL;
    PK11SymKey                    *key       = NULL;
    SECKEYPrivateKey          *tmpPK = NULL;
    SECStatus                      rv        = SECSuccess;
    CK_RV                          crv;
    CK_ULONG                       encBufLen;
    CK_MECHANISM_TYPE              mechanism;
    CK_MECHANISM                   pbeMech;
    CK_MECHANISM                   cryptoMech;
    SECItem                        crypto_param;

    if (!pwitem || !pk) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       return NULL;
    }

    algid = SEC_PKCS5CreateAlgorithmID(algTag, NULL, iteration);
    if (algid == NULL) {
       return NULL;
    }

    crypto_param.data = NULL;

    arena = PORT_NewArena(2048);
    if (arena)
       epki = PORT_ArenaZNew(arena, SECKEYEncryptedPrivateKeyInfo);
    if(epki == NULL) {
       rv = SECFailure;
       goto loser;
    }
    epki->arena = arena;

    mechanism = PK11_AlgtagToMechanism(algTag);
    pbe_param = PK11_ParamFromAlgid(algid);
    if (!pbe_param || mechanism == CKM_INVALID_MECHANISM) {
       rv = SECFailure;
       goto loser;
    }
    pbeMech.mechanism = mechanism;
    pbeMech.pParameter = pbe_param->data;
    pbeMech.ulParameterLen = pbe_param->len;

    /* if we didn't specify a slot, use the slot the private key was in */
    if (!slot) {
       slot = pk->pkcs11Slot;
    }

    /* if we specified a different slot, and the private key slot can do the
     * pbe key gen, generate the key in the private key slot so we don't have 
     * to move it later */
    if (slot != pk->pkcs11Slot) {
       if (PK11_DoesMechanism(pk->pkcs11Slot,mechanism)) {
           slot = pk->pkcs11Slot;
       }
    }
    key = PK11_RawPBEKeyGen(slot, mechanism, pbe_param, pwitem, 
                                                 PR_FALSE, wincx);

    if((key == NULL) || (pbe_param == NULL)) {
       rv = SECFailure;
       goto loser;
    }

    crv = PK11_MapPBEMechanismToCryptoMechanism(&pbeMech, &cryptoMech, 
                                          pwitem, PR_FALSE);
    if(crv != CKR_OK) {
       rv = SECFailure;
       goto loser;
    }
    cryptoMech.mechanism = PK11_GetPadMechanism(cryptoMech.mechanism);
    crypto_param.data = (unsigned char *)cryptoMech.pParameter;
    crypto_param.len = cryptoMech.ulParameterLen;

    /* If the key isn't in the private key slot, move it */
    if (key->slot != pk->pkcs11Slot) {
       PK11SymKey *newkey = pk11_CopyToSlot(pk->pkcs11Slot,
                                          key->type, CKA_WRAP, key);
       if (newkey == NULL) {
           tmpPK = pk11_loadPrivKey(key->slot, pk, NULL, PR_FALSE, PR_TRUE);
           if (tmpPK == NULL) {
              /* couldn't import the wrapping key, couldn't export the
               * private key, we are done */
              rv = SECFailure;
              goto loser;
           }
           pk = tmpPK;
       } else {
           /* free the old key and use the new key */
           PK11_FreeSymKey(key);
           key = newkey;
       }
    }
       
    /* we are extracting an encrypted privateKey structure.
     * which needs to be freed along with the buffer into which it is
     * returned.  eventually, we should retrieve an encrypted key using
     * pkcs8/pkcs5.
     */
    encBufLen = 0;
    PK11_EnterSlotMonitor(pk->pkcs11Slot);
    crv = PK11_GETTAB(pk->pkcs11Slot)->C_WrapKey(pk->pkcs11Slot->session, 
              &cryptoMech, key->objectID, pk->pkcs11ID, NULL, 
              &encBufLen); 
    PK11_ExitSlotMonitor(pk->pkcs11Slot);
    if (crv != CKR_OK) {
       rv = SECFailure;
       goto loser;
    }
    epki->encryptedData.data = PORT_ArenaAlloc(arena, encBufLen);
    if (!epki->encryptedData.data) {
       rv = SECFailure;
       goto loser;
    }
    PK11_EnterSlotMonitor(pk->pkcs11Slot);
    crv = PK11_GETTAB(pk->pkcs11Slot)->C_WrapKey(pk->pkcs11Slot->session, 
              &cryptoMech, key->objectID, pk->pkcs11ID, 
              epki->encryptedData.data, &encBufLen); 
    PK11_ExitSlotMonitor(pk->pkcs11Slot);
    epki->encryptedData.len = (unsigned int) encBufLen;
    if(crv != CKR_OK) {
       rv = SECFailure;
       goto loser;
    }

    if(!epki->encryptedData.len) {
       rv = SECFailure;
       goto loser;
    }

    rv = SECOID_CopyAlgorithmID(arena, &epki->algorithm, algid);

loser:
    if(pbe_param != NULL) {
       SECITEM_ZfreeItem(pbe_param, PR_TRUE);
       pbe_param = NULL;
    }

    if(crypto_param.data != NULL) {
       SECITEM_ZfreeItem(&crypto_param, PR_FALSE);
       crypto_param.data = NULL;
    }

    if(key != NULL) {
       PK11_FreeSymKey(key);
    }
    if (tmpPK != NULL) {
       SECKEY_DestroyPrivateKey(tmpPK);
    }
    SECOID_DestroyAlgorithmID(algid, PR_TRUE);

    if(rv == SECFailure) {
       if(arena != NULL) {
           PORT_FreeArena(arena, PR_TRUE);
       }
       epki = NULL;
    }

    return epki;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECKEYPrivateKeyInfo* PK11_ExportPrivateKeyInfo ( CERTCertificate *  cert,
void wincx 
)

Definition at line 1311 of file pk11akey.c.

{
    return NULL;
}

Here is the caller graph for this function:

SECStatus PK11_ExtractKeyValue ( PK11SymKey *  symKey)

Definition at line 633 of file pk11skey.c.

{
    SECStatus rv;

    if (symKey->data.data != NULL) {
       if (symKey->size == 0) {
          symKey->size = symKey->data.len;
       }
       return SECSuccess;
    }

    if (symKey->slot == NULL) {
       PORT_SetError( SEC_ERROR_INVALID_KEY );
       return SECFailure;
    }

    rv = PK11_ReadAttribute(symKey->slot,symKey->objectID,CKA_VALUE,NULL,
                            &symKey->data);
    if (rv == SECSuccess) {
       symKey->size = symKey->data.len;
    }
    return rv;
}

Here is the call graph for this function:

SECStatus PK11_Finalize ( PK11Context *  context)

Definition at line 919 of file pk11cxt.c.

Here is the call graph for this function:

Here is the caller graph for this function:

CERTCertificate* PK11_FindBestKEAMatch ( CERTCertificate *  serverCert,
void wincx 
)

Definition at line 2148 of file pk11cert.c.

{
    PK11SlotList *keaList = PK11_GetAllTokens(CKM_KEA_KEY_DERIVE,
                                                 PR_FALSE,PR_TRUE,wincx);
    PK11SlotListElement *le;
    CERTCertificate *returnedCert = NULL;
    SECStatus rv;

    /* loop through all the fortezza tokens */
    for (le = keaList->head; le; le = le->next) {
        rv = PK11_Authenticate(le->slot, PR_TRUE, wincx);
        if (rv != SECSuccess) continue;
       if (le->slot->session == CK_INVALID_SESSION) {
           continue;
       }
       returnedCert = pk11_GetKEAMate(le->slot,server);
       if (returnedCert) break;
    }
    PK11_FreeSlotList(keaList);

    return returnedCert;
}

Here is the call graph for this function:

Here is the caller graph for this function:

CERTCertificate* PK11_FindCertAndKeyByRecipientList ( PK11SlotInfo **  slot,
SEC_PKCS7RecipientInfo **  array,
SEC_PKCS7RecipientInfo **  rip,
SECKEYPrivateKey **  privKey,
void wincx 
)

Definition at line 1409 of file pk11cert.c.

{
    CERTCertificate *cert = NULL;

    *privKey = NULL;
    *slotPtr = NULL;
    cert = pk11_AllFindCertObjectByRecipient(slotPtr,array,rip,wincx);
    if (!cert) {
       return NULL;
    }

    *privKey = PK11_FindKeyByAnyCert(cert, wincx);
    if (*privKey == NULL) {
       goto loser;
    }

    return cert;
loser:
    if (cert) CERT_DestroyCertificate(cert);
    if (*slotPtr) PK11_FreeSlot(*slotPtr);
    *slotPtr = NULL;
    return NULL;
}

Here is the call graph for this function:

Here is the caller graph for this function:

int PK11_FindCertAndKeyByRecipientListNew ( NSSCMSRecipient **  recipientlist,
void wincx 
)

Definition at line 1469 of file pk11cert.c.

{
    CERTCertificate *cert;
    NSSCMSRecipient *rl;
    PRStatus rv;
    int rlIndex;

    rv = PR_CallOnceWithArg(&keyIDHashCallOnce, pk11_keyIDHash_populate, wincx);
    if (rv != PR_SUCCESS)
       return -1;

    cert = pk11_AllFindCertObjectByRecipientNew(recipientlist, wincx, &rlIndex);
    if (!cert) {
       return -1;
    }

    rl = recipientlist[rlIndex];

    /* at this point, rl->slot is set */

    rl->privkey = PK11_FindKeyByAnyCert(cert, wincx);
    if (rl->privkey == NULL) {
       goto loser;
    }

    /* make a cert from the cert handle */
    rl->cert = cert;
    return rlIndex;

loser:
    if (cert) CERT_DestroyCertificate(cert);
    if (rl->slot) PK11_FreeSlot(rl->slot);
    rl->slot = NULL;
    return -1;
}

Here is the call graph for this function:

Here is the caller graph for this function:

CERTCertificate* PK11_FindCertByIssuerAndSN ( PK11SlotInfo **  slot,
CERTIssuerAndSN *  sn,
void wincx 
)

Definition at line 1506 of file pk11cert.c.

{
    CERTCertificate *rvCert = NULL;
    NSSCertificate *cert;
    NSSDER issuer, serial;
    NSSCryptoContext *cc;
    SECItem *derSerial;

    if (!issuerSN || !issuerSN->derIssuer.data || !issuerSN->derIssuer.len ||
        !issuerSN->serialNumber.data || !issuerSN->serialNumber.len || 
       issuerSN->derIssuer.len    > CERT_MAX_DN_BYTES ||
       issuerSN->serialNumber.len > CERT_MAX_SERIAL_NUMBER_BYTES ) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       return NULL;
    }

    if (slotPtr) *slotPtr = NULL;

    /* PKCS#11 needs to use DER-encoded serial numbers.  Create a
     * CERTIssuerAndSN that actually has the encoded value and pass that
     * to PKCS#11 (and the crypto context).
     */
    derSerial = SEC_ASN1EncodeItem(NULL, NULL,
                                   &issuerSN->serialNumber,
                                   SEC_IntegerTemplate);
    if (!derSerial) {
       return NULL;
    }

    NSSITEM_FROM_SECITEM(&issuer, &issuerSN->derIssuer);
    NSSITEM_FROM_SECITEM(&serial, derSerial);

    cc = STAN_GetDefaultCryptoContext();
    cert = NSSCryptoContext_FindCertificateByIssuerAndSerialNumber(cc, 
                                                                &issuer, 
                                                                &serial);
    if (cert) {
       SECITEM_FreeItem(derSerial, PR_TRUE);
       return STAN_GetCERTCertificateOrRelease(cert);
    }

    do {
       /* free the old cert on retry. Associated slot was not present */
       if (rvCert) {
           CERT_DestroyCertificate(rvCert);
           rvCert = NULL;
       }

       cert = NSSTrustDomain_FindCertificateByIssuerAndSerialNumber(
                                                  STAN_GetDefaultTrustDomain(),
                                                  &issuer,
                                                  &serial);
       if (!cert) {
           break;
       }

       rvCert = STAN_GetCERTCertificateOrRelease(cert);
       if (rvCert == NULL) {
          break;
       }

       /* Check to see if the cert's token is still there */
    } while (!PK11_IsPresent(rvCert->slot));

    if (rvCert && slotPtr) *slotPtr = PK11_ReferenceSlot(rvCert->slot);

    SECITEM_FreeItem(derSerial, PR_TRUE);
    return rvCert;
}

Here is the call graph for this function:

Here is the caller graph for this function:

CERTCertificate* PK11_FindCertFromDERCert ( PK11SlotInfo *  slot,
CERTCertificate *  cert,
void wincx 
)

Definition at line 1921 of file pk11cert.c.

{
    return PK11_FindCertFromDERCertItem(slot, &cert->derCert, wincx);
}

Here is the call graph for this function:

CERTCertificate* PK11_FindCertFromNickname ( char *  nickname,
void wincx 
)

Definition at line 524 of file pk11cert.c.

{
    PRStatus status;
    CERTCertificate *rvCert = NULL;
    NSSCertificate *cert = NULL;
    NSSCertificate **certs = NULL;
    static const NSSUsage usage = {PR_TRUE /* ... */ };
    NSSToken *token;
    NSSTrustDomain *defaultTD = STAN_GetDefaultTrustDomain();
    PK11SlotInfo *slot = NULL;
    SECStatus rv;
    char *nickCopy;
    char *delimit = NULL;
    char *tokenName;

    nickCopy = PORT_Strdup(nickname);
    if ((delimit = PORT_Strchr(nickCopy,':')) != NULL) {
       tokenName = nickCopy;
       nickname = delimit + 1;
       *delimit = '\0';
       /* find token by name */
       token = NSSTrustDomain_FindTokenByName(defaultTD, (NSSUTF8 *)tokenName);
       if (token) {
           slot = PK11_ReferenceSlot(token->pk11slot);
       } else {
           PORT_SetError(SEC_ERROR_NO_TOKEN);
       }
       *delimit = ':';
    } else {
       slot = PK11_GetInternalKeySlot();
       token = PK11Slot_GetNSSToken(slot);
    }
    if (token) {
       nssList *certList;
       nssCryptokiObject **instances;
       nssPKIObjectCollection *collection;
       nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
       if (!PK11_IsPresent(slot)) {
           goto loser;
       }
       rv = pk11_AuthenticateUnfriendly(slot, PR_TRUE, wincx);
       if (rv != SECSuccess) {
           goto loser;
       }
       collection = nssCertificateCollection_Create(defaultTD, NULL);
       if (!collection) {
           goto loser;
       }
       certList = nssList_Create(NULL, PR_FALSE);
       if (!certList) {
           nssPKIObjectCollection_Destroy(collection);
           goto loser;
       }
       (void)nssTrustDomain_GetCertsForNicknameFromCache(defaultTD, 
                                                         nickname, 
                                                         certList);
       transfer_token_certs_to_collection(certList, token, collection);
       instances = nssToken_FindCertificatesByNickname(token,
                                                       NULL,
                                                       nickname,
                                                       tokenOnly,
                                                       0,
                                                       &status);
       nssPKIObjectCollection_AddInstances(collection, instances, 0);
       nss_ZFreeIf(instances);
       /* if it wasn't found, repeat the process for email address */
       if (nssPKIObjectCollection_Count(collection) == 0 &&
           PORT_Strchr(nickname, '@') != NULL) 
       {
           char* lowercaseName = CERT_FixupEmailAddr(nickname);
           if (lowercaseName) {
              (void)nssTrustDomain_GetCertsForEmailAddressFromCache(defaultTD, 
                                                              lowercaseName, 
                                                              certList);
              transfer_token_certs_to_collection(certList, token, collection);
              instances = nssToken_FindCertificatesByEmail(token,
                                                      NULL,
                                                      lowercaseName,
                                                      tokenOnly,
                                                      0,
                                                      &status);
              nssPKIObjectCollection_AddInstances(collection, instances, 0);
              nss_ZFreeIf(instances);
              PORT_Free(lowercaseName);
           }
       }
       certs = nssPKIObjectCollection_GetCertificates(collection, 
                                                      NULL, 0, NULL);
       nssPKIObjectCollection_Destroy(collection);
       if (certs) {
           cert = nssCertificateArray_FindBestCertificate(certs, NULL, 
                                                          &usage, NULL);
           if (cert) {
              rvCert = STAN_GetCERTCertificateOrRelease(cert);
           }
           nssCertificateArray_Destroy(certs);
       }
       nssList_Destroy(certList);
    }
    if (slot) {
       PK11_FreeSlot(slot);
    }
    if (nickCopy) PORT_Free(nickCopy);
    return rvCert;
loser:
    if (slot) {
       PK11_FreeSlot(slot);
    }
    if (nickCopy) PORT_Free(nickCopy);
    return NULL;
}

Here is the call graph for this function:

Here is the caller graph for this function:

CK_OBJECT_HANDLE PK11_FindCertInSlot ( PK11SlotInfo *  slot,
CERTCertificate *  cert,
void wincx 
)

Definition at line 2201 of file pk11cert.c.

{
    CK_OBJECT_CLASS certClass = CKO_CERTIFICATE;
    CK_ATTRIBUTE theTemplate[] = {
       { CKA_VALUE, NULL, 0 },
       { CKA_CLASS, NULL, 0 }
    };
    /* if you change the array, change the variable below as well */
    int tsize = sizeof(theTemplate)/sizeof(theTemplate[0]);
    CK_ATTRIBUTE *attrs = theTemplate;
    SECStatus rv;

    PK11_SETATTRS(attrs, CKA_VALUE, cert->derCert.data,
                                          cert->derCert.len); attrs++;
    PK11_SETATTRS(attrs, CKA_CLASS, &certClass, sizeof(certClass));

    /*
     * issue the find
     */
    rv = pk11_AuthenticateUnfriendly(slot, PR_TRUE, wincx);
    if (rv != SECSuccess) {
       return CK_INVALID_HANDLE;
    }

    return pk11_getcerthandle(slot,cert,theTemplate,tsize);
}

Here is the call graph for this function:

CERTCertList* PK11_FindCertsFromNickname ( char *  nickname,
void wincx 
)

Definition at line 637 of file pk11cert.c.

{
    char *nickCopy;
    char *delimit = NULL;
    char *tokenName;
    int i;
    CERTCertList *certList = NULL;
    nssPKIObjectCollection *collection = NULL;
    NSSCertificate **foundCerts = NULL;
    NSSTrustDomain *defaultTD = STAN_GetDefaultTrustDomain();
    NSSCertificate *c;
    NSSToken *token;
    PK11SlotInfo *slot;
    SECStatus rv;

    nickCopy = PORT_Strdup(nickname);
    if ((delimit = PORT_Strchr(nickCopy,':')) != NULL) {
       tokenName = nickCopy;
       nickname = delimit + 1;
       *delimit = '\0';
       /* find token by name */
       token = NSSTrustDomain_FindTokenByName(defaultTD, (NSSUTF8 *)tokenName);
       if (token) {
           slot = PK11_ReferenceSlot(token->pk11slot);
       } else {
           PORT_SetError(SEC_ERROR_NO_TOKEN);
           slot = NULL;
       }
       *delimit = ':';
    } else {
       slot = PK11_GetInternalKeySlot();
       token = PK11Slot_GetNSSToken(slot);
    }
    if (token) {
       PRStatus status;
       nssList *nameList;
       nssCryptokiObject **instances;
       nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
       rv = pk11_AuthenticateUnfriendly(slot, PR_TRUE, wincx);
       if (rv != SECSuccess) {
           PK11_FreeSlot(slot);
           if (nickCopy) PORT_Free(nickCopy);
           return NULL;
       }
       collection = nssCertificateCollection_Create(defaultTD, NULL);
       if (!collection) {
           PK11_FreeSlot(slot);
           if (nickCopy) PORT_Free(nickCopy);
           return NULL;
       }
       nameList = nssList_Create(NULL, PR_FALSE);
       if (!nameList) {
           PK11_FreeSlot(slot);
           if (nickCopy) PORT_Free(nickCopy);
           return NULL;
       }
       (void)nssTrustDomain_GetCertsForNicknameFromCache(defaultTD,
                                                         nickname, 
                                                         nameList);
       transfer_token_certs_to_collection(nameList, token, collection);
       instances = nssToken_FindCertificatesByNickname(token,
                                                       NULL,
                                                       nickname,
                                                       tokenOnly,
                                                       0,
                                                       &status);
       nssPKIObjectCollection_AddInstances(collection, instances, 0);
       nss_ZFreeIf(instances);

        /* if it wasn't found, repeat the process for email address */
        if (nssPKIObjectCollection_Count(collection) == 0 &&
            PORT_Strchr(nickname, '@') != NULL) 
        {
            char* lowercaseName = CERT_FixupEmailAddr(nickname);
            if (lowercaseName) {
                (void)nssTrustDomain_GetCertsForEmailAddressFromCache(defaultTD, 
                                                                      lowercaseName, 
                                                                      nameList);
                transfer_token_certs_to_collection(nameList, token, collection);
                instances = nssToken_FindCertificatesByEmail(token,
                                                             NULL,
                                                             lowercaseName,
                                                             tokenOnly,
                                                             0,
                                                             &status);
                nssPKIObjectCollection_AddInstances(collection, instances, 0);
                nss_ZFreeIf(instances);
                PORT_Free(lowercaseName);
            }
        }

        nssList_Destroy(nameList);
       foundCerts = nssPKIObjectCollection_GetCertificates(collection,
                                                           NULL, 0, NULL);
       nssPKIObjectCollection_Destroy(collection);
    }
    if (slot) {
       PK11_FreeSlot(slot);
    }
    if (nickCopy) PORT_Free(nickCopy);
    if (foundCerts) {
       PRTime now = PR_Now();
       certList = CERT_NewCertList();
       for (i=0, c = *foundCerts; c; c = foundCerts[++i]) {
           CERTCertificate *certCert = STAN_GetCERTCertificateOrRelease(c);
           /* c may be invalid after this, don't reference it */
           if (certCert) {
               /* CERT_AddCertToListSorted adopts certCert  */
              CERT_AddCertToListSorted(certList, certCert,
                     CERT_SortCBValidity, &now);
           }
       }
       if (CERT_LIST_HEAD(certList) == NULL) {
           CERT_DestroyCertList(certList);
           certList = NULL;
       }
       /* all the certs have been adopted or freed, free the  raw array */
       nss_ZFreeIf(foundCerts);
    }
    return certList;
}

Here is the call graph for this function:

Here is the caller graph for this function:

PK11SymKey* PK11_FindFixedKey ( PK11SlotInfo *  slot,
CK_MECHANISM_TYPE  type,
SECItem *  keyID,
void wincx 
)

Definition at line 543 of file pk11skey.c.

{
    CK_ATTRIBUTE findTemp[4];
    CK_ATTRIBUTE *attrs;
    CK_BBOOL ckTrue = CK_TRUE;
    CK_OBJECT_CLASS keyclass = CKO_SECRET_KEY;
    int tsize = 0;
    CK_OBJECT_HANDLE key_id;

    attrs = findTemp;
    PK11_SETATTRS(attrs, CKA_CLASS, &keyclass, sizeof(keyclass)); attrs++;
    PK11_SETATTRS(attrs, CKA_TOKEN, &ckTrue, sizeof(ckTrue)); attrs++;
    if (keyID) {
        PK11_SETATTRS(attrs, CKA_ID, keyID->data, keyID->len); attrs++;
    }
    tsize = attrs - findTemp;
    PORT_Assert(tsize <= sizeof(findTemp)/sizeof(CK_ATTRIBUTE));

    key_id = pk11_FindObjectByTemplate(slot,findTemp,tsize);
    if (key_id == CK_INVALID_HANDLE) {
       return NULL;
    }
    return PK11_SymKeyFromHandle(slot, NULL, PK11_OriginDerive, type, key_id,
                                          PR_FALSE, wincx);
}

Here is the call graph for this function:

PK11GenericObject* PK11_FindGenericObjects ( PK11SlotInfo *  slot,
CK_OBJECT_CLASS  objClass 
)

Definition at line 1171 of file pk11obj.c.

{
    CK_ATTRIBUTE template[1];
    CK_ATTRIBUTE *attrs = template;
    CK_OBJECT_HANDLE *objectIDs = NULL;
    PK11GenericObject *lastObj = NULL, *obj;
    PK11GenericObject *firstObj = NULL;
    int i, count = 0;


    PK11_SETATTRS(attrs, CKA_CLASS, &objClass, sizeof(objClass)); attrs++;

    objectIDs = pk11_FindObjectsByTemplate(slot,template,1,&count);
    if (objectIDs == NULL) {
       return NULL;
    }

    /* where we connect our object once we've created it.. */
    for (i=0; i < count; i++) {
       obj = PORT_New(PK11GenericObject);
       if ( !obj ) {
           PK11_DestroyGenericObjects(firstObj);
           PORT_Free(objectIDs);
           return NULL;
       }
       /* initialize it */  
       obj->slot = PK11_ReferenceSlot(slot);
       obj->objectID = objectIDs[i];
       obj->next = NULL;
       obj->prev = NULL;

       /* link it in */
       if (firstObj == NULL) {
           firstObj = obj;
       } else {
           PK11_LinkGenericObject(lastObj, obj);
       }
       lastObj = obj;
    }
    PORT_Free(objectIDs);
    return firstObj;
}

Here is the call graph for this function:

SECKEYPrivateKey* PK11_FindKeyByAnyCert ( CERTCertificate *  cert,
void wincx 
)

Definition at line 1608 of file pk11cert.c.

{
    CK_OBJECT_HANDLE certHandle;
    CK_OBJECT_HANDLE keyHandle;
    PK11SlotInfo *slot = NULL;
    SECKEYPrivateKey *privKey = NULL;
    PRBool needLogin;
    SECStatus rv;
    int err;

    certHandle = PK11_FindObjectForCert(cert, wincx, &slot);
    if (certHandle == CK_INVALID_HANDLE) {
        return NULL;
    }
    /*
     * prevent a login race condition. If slot is logged in between
     * our call to pk11_LoginStillRequired and the 
     * PK11_MatchItem. The matchItem call will either succeed, or
     * we will call it one more time after calling PK11_Authenticate 
     * (which is a noop on an authenticated token).
     */
    needLogin = pk11_LoginStillRequired(slot,wincx);
    keyHandle = PK11_MatchItem(slot,certHandle,CKO_PRIVATE_KEY);
    if ((keyHandle == CK_INVALID_HANDLE) &&  needLogin &&
                     (SSL_ERROR_NO_CERTIFICATE == (err = PORT_GetError()) ||
                      SEC_ERROR_TOKEN_NOT_LOGGED_IN == err ) ) {
       /* authenticate and try again */
       rv = PK11_Authenticate(slot, PR_TRUE, wincx);
       if (rv == SECSuccess) {
            keyHandle = PK11_MatchItem(slot,certHandle,CKO_PRIVATE_KEY);
       }
    }
    if (keyHandle != CK_INVALID_HANDLE) { 
        privKey =  PK11_MakePrivKey(slot, nullKey, PR_TRUE, keyHandle, wincx);
    }
    if (slot) {
       PK11_FreeSlot(slot);
    }
    return privKey;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECKEYPrivateKey* PK11_FindKeyByDERCert ( PK11SlotInfo *  slot,
CERTCertificate *  cert,
void wincx 
)

Definition at line 2054 of file pk11cert.c.

{
    CK_OBJECT_HANDLE keyHandle;

    if((slot == NULL) || (cert == NULL)) {
       return NULL;
    }

    keyHandle = pk11_findKeyObjectByDERCert(slot, cert, wincx);
    if (keyHandle == CK_INVALID_HANDLE) {
       return NULL;
    }

    return PK11_MakePrivKey(slot,nullKey,PR_TRUE,keyHandle,wincx);
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECKEYPrivateKey* PK11_FindKeyByKeyID ( PK11SlotInfo *  slot,
SECItem *  keyID,
void wincx 
)

Definition at line 1818 of file pk11akey.c.

{
    CK_OBJECT_HANDLE keyHandle;
    SECKEYPrivateKey *privKey;

    keyHandle = pk11_FindPrivateKeyFromCertID(slot, keyID);
    if (keyHandle == CK_INVALID_HANDLE) { 
       return NULL;
    }
    privKey =  PK11_MakePrivKey(slot, nullKey, PR_TRUE, keyHandle, wincx);
    return privKey;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECKEYPrivateKey* PK11_FindPrivateKeyFromCert ( PK11SlotInfo *  slot,
CERTCertificate *  cert,
void wincx 
)

Definition at line 952 of file pk11cert.c.

                                                                      {
    int err;
    CK_OBJECT_CLASS certClass = CKO_CERTIFICATE;
    CK_ATTRIBUTE theTemplate[] = {
       { CKA_VALUE, NULL, 0 },
       { CKA_CLASS, NULL, 0 }
    };
    /* if you change the array, change the variable below as well */
    int tsize = sizeof(theTemplate)/sizeof(theTemplate[0]);
    CK_OBJECT_HANDLE certh;
    CK_OBJECT_HANDLE keyh;
    CK_ATTRIBUTE *attrs = theTemplate;
    PRBool needLogin;
    SECStatus rv;

    PK11_SETATTRS(attrs, CKA_VALUE, cert->derCert.data, 
                                          cert->derCert.len); attrs++;
    PK11_SETATTRS(attrs, CKA_CLASS, &certClass, sizeof(certClass));

    /*
     * issue the find
     */
    rv = pk11_AuthenticateUnfriendly(slot, PR_TRUE, wincx);
    if (rv != SECSuccess) {
       return NULL;
    }

    certh = pk11_getcerthandle(slot,cert,theTemplate,tsize);
    if (certh == CK_INVALID_HANDLE) {
       return NULL;
    }
    /*
     * prevent a login race condition. If slot is logged in between
     * our call to pk11_LoginStillRequired and the 
     * PK11_MatchItem. The matchItem call will either succeed, or
     * we will call it one more time after calling PK11_Authenticate 
     * (which is a noop on an authenticated token).
     */
    needLogin = pk11_LoginStillRequired(slot,wincx);
    keyh = PK11_MatchItem(slot,certh,CKO_PRIVATE_KEY);
    if ((keyh == CK_INVALID_HANDLE) && needLogin &&
                        (SSL_ERROR_NO_CERTIFICATE == (err = PORT_GetError()) ||
                      SEC_ERROR_TOKEN_NOT_LOGGED_IN == err )) {
       /* try it again authenticated */
       rv = PK11_Authenticate(slot, PR_TRUE, wincx);
       if (rv != SECSuccess) {
           return NULL;
       }
       keyh = PK11_MatchItem(slot,certh,CKO_PRIVATE_KEY);
    }
    if (keyh == CK_INVALID_HANDLE) { 
       return NULL; 
    }
    return PK11_MakePrivKey(slot, nullKey, PR_TRUE, keyh, wincx);
} 

Here is the call graph for this function:

Here is the caller graph for this function:

PK11SlotInfo* PK11_FindSlotByName ( const char *  name)

Definition at line 580 of file pk11slot.c.

{
   SECMODModuleList *mlp;
   SECMODModuleList *modules = SECMOD_GetDefaultModuleList();
   SECMODListLock *moduleLock = SECMOD_GetDefaultModuleListLock();
   int i;
   PK11SlotInfo *slot = NULL;

   if ((name == NULL) || (*name == 0)) {
       return PK11_GetInternalKeySlot();
   }

   /* work through all the slots */
   SECMOD_GetReadLock(moduleLock);
   for(mlp = modules; mlp != NULL; mlp = mlp->next) {
       for (i=0; i < mlp->module->slotCount; i++) {
           PK11SlotInfo *tmpSlot = mlp->module->slots[i];
           if (PK11_IsPresent(tmpSlot)) {
              if (PORT_Strcmp(tmpSlot->token_name,name) == 0) {
                  slot = PK11_ReferenceSlot(tmpSlot);
                  break;
              }
           }
       }
       if (slot != NULL) break;
    }
    SECMOD_ReleaseReadLock(moduleLock);

    if (slot == NULL) {
       PORT_SetError(SEC_ERROR_NO_TOKEN);
    }

    return slot;
}

Here is the call graph for this function:

PK11SlotList* PK11_FindSlotsByNames ( const char *  dllName,
const char *  slotName,
const char *  tokenName,
PRBool  presentOnly 
)

Definition at line 508 of file pk11slot.c.

{
    SECMODModuleList *mlp;
    SECMODModuleList *modules = SECMOD_GetDefaultModuleList();
    SECMODListLock *moduleLock = SECMOD_GetDefaultModuleListLock();
    int i;
    PK11SlotList* slotList = NULL;
    PRUint32 slotcount = 0;
    SECStatus rv = SECSuccess;

    slotList = PK11_NewSlotList();
    if (!slotList) {
        PORT_SetError(SEC_ERROR_NO_MEMORY);
        return NULL;
    }

    if ( ((NULL == dllName) || (0 == *dllName)) &&
        ((NULL == slotName) || (0 == *slotName)) &&
        ((NULL == tokenName) || (0 == *tokenName)) ) {
        /* default to softoken */
        PK11_AddSlotToList(slotList, PK11_GetInternalKeySlot());
        return slotList;
    }

    /* work through all the slots */
    SECMOD_GetReadLock(moduleLock);
    for (mlp = modules; mlp != NULL; mlp = mlp->next) {
        PORT_Assert(mlp->module);
        if (!mlp->module) {
            rv = SECFailure;
            break;
        }
        if ((!dllName) || (mlp->module->dllName &&
            (0 == PORT_Strcmp(mlp->module->dllName, dllName)))) {
            for (i=0; i < mlp->module->slotCount; i++) {
                PK11SlotInfo *tmpSlot = (mlp->module->slots?mlp->module->slots[i]:NULL);
                PORT_Assert(tmpSlot);
                if (!tmpSlot) {
                    rv = SECFailure;
                    break;
                }
                if ((PR_FALSE == presentOnly || PK11_IsPresent(tmpSlot)) &&
                    ( (!tokenName) || (tmpSlot->token_name &&
                    (0==PORT_Strcmp(tmpSlot->token_name, tokenName)))) &&
                    ( (!slotName) || (tmpSlot->slot_name &&
                    (0==PORT_Strcmp(tmpSlot->slot_name, slotName)))) ) {
                    PK11SlotInfo* slot = PK11_ReferenceSlot(tmpSlot);
                    if (slot) {
                        PK11_AddSlotToList(slotList, slot);
                        slotcount++;
                    }
                }
            }
        }
    }
    SECMOD_ReleaseReadLock(moduleLock);

    if ( (0 == slotcount) || (SECFailure == rv) ) {
        PORT_SetError(SEC_ERROR_NO_TOKEN);
        PK11_FreeSlotList(slotList);
        slotList = NULL;
    }

    if (SECFailure == rv) {
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
    }

    return slotList;
}

Here is the call graph for this function:

PRBool PK11_FortezzaHasKEA ( CERTCertificate *  cert)

Definition at line 2104 of file pk11cert.c.

                                           {
   /* look at the subject and see if it is a KEA for MISSI key */
   SECOidData *oid;

   if ((cert->trust == NULL) ||
       ((cert->trust->sslFlags & CERTDB_USER) != CERTDB_USER)) {
       return PR_FALSE;
   }

   oid = SECOID_FindOID(&cert->subjectPublicKeyInfo.algorithm.algorithm);


   return (PRBool)((oid->offset == SEC_OID_MISSI_KEA_DSS_OLD) || 
              (oid->offset == SEC_OID_MISSI_KEA_DSS) ||
                            (oid->offset == SEC_OID_MISSI_KEA)) ;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 1775 of file pk11mech.c.

Here is the caller graph for this function:

void PK11_FreeSlot ( PK11SlotInfo *  slot)

Definition at line 456 of file pk11slot.c.

{
    if (PR_AtomicDecrement(&slot->refCount) == 0) {
       PK11_DestroySlot(slot);
    }
}

Here is the call graph for this function:

SEC_BEGIN_PROTOS void PK11_FreeSlotList ( PK11SlotList *  list)

Definition at line 192 of file pk11slot.c.

Here is the call graph for this function:

SECStatus PK11_FreeSlotListElement ( PK11SlotList *  list,
PK11SlotListElement *  le 
)

Definition at line 149 of file pk11slot.c.

{
    PRBool freeit = PR_FALSE;

    if (list == NULL || le == NULL) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       return SECFailure;
    }

    PZ_Lock(list->lock);
    if (le->refCount-- == 1) {
       freeit = PR_TRUE;
    }
    PZ_Unlock(list->lock);
    if (freeit) {
       PK11_FreeSlot(le->slot);
       PORT_Free(le);
    }
    return SECSuccess;
}

Here is the call graph for this function:

void PK11_FreeSymKey ( PK11SymKey *  key)

Definition at line 214 of file pk11skey.c.

{
    PK11SlotInfo *slot;
    PRBool freeit = PR_TRUE;

    if (PR_AtomicDecrement(&symKey->refCount) == 0) {
       PK11SymKey *parent = symKey->parent;

       symKey->parent = NULL;
       if ((symKey->owner) && symKey->objectID != CK_INVALID_HANDLE) {
           pk11_EnterKeyMonitor(symKey);
           (void) PK11_GETTAB(symKey->slot)->
              C_DestroyObject(symKey->session, symKey->objectID);
           pk11_ExitKeyMonitor(symKey);
       }
       if (symKey->data.data) {
           PORT_Memset(symKey->data.data, 0, symKey->data.len);
           PORT_Free(symKey->data.data);
       }
       /* free any existing data */
       if (symKey->userData && symKey->freeFunc) {
           (*symKey->freeFunc)(symKey->userData);
       }
        slot = symKey->slot;
        PZ_Lock(slot->freeListLock);
       if (slot->keyCount < slot->maxKeyCount) {
           /* 
             * freeSymkeysWithSessionHead contain a list of reusable
            *  SymKey structures with valid sessions.
            *    sessionOwner must be true.
             *    session must be valid.
             * freeSymKeysHead contain a list of SymKey structures without
             *  valid session.
             *    session must be CK_INVALID_SESSION.
            *    though sessionOwner is false, callers should not depend on
            *    this fact.
            */
           if (symKey->sessionOwner) {
              PORT_Assert (symKey->session != CK_INVALID_SESSION);
              symKey->next = slot->freeSymKeysWithSessionHead;
              slot->freeSymKeysWithSessionHead = symKey;
           } else {
              symKey->session = CK_INVALID_SESSION;
              symKey->next = slot->freeSymKeysHead;
              slot->freeSymKeysHead = symKey;
           }
           slot->keyCount++;
           symKey->slot = NULL;
           freeit = PR_FALSE;
        }
       PZ_Unlock(slot->freeListLock);
        if (freeit) {
           pk11_CloseSession(symKey->slot, symKey->session,
                                                 symKey->sessionOwner);
           PORT_Free(symKey);
       }
       PK11_FreeSlot(slot);

       if (parent) {
           PK11_FreeSymKey(parent);
       }
    }
}

Here is the call graph for this function:

SECStatus PK11_GenerateFortezzaIV ( PK11SymKey *  symKey,
unsigned char *  iv,
int  len 
)

Definition at line 2160 of file pk11skey.c.

{
    CK_MECHANISM mech_info;
    CK_ULONG count = 0;
    CK_RV crv;
    SECStatus rv = SECFailure;

    mech_info.mechanism = CKM_SKIPJACK_CBC64;
    mech_info.pParameter = iv;
    mech_info.ulParameterLen = len;

    /* generate the IV for fortezza */
    PK11_EnterSlotMonitor(symKey->slot);
    crv=PK11_GETTAB(symKey->slot)->C_EncryptInit(symKey->slot->session,
                            &mech_info, symKey->objectID);
    if (crv == CKR_OK) {
       PK11_GETTAB(symKey->slot)->C_EncryptFinal(symKey->slot->session, 
                                                        NULL, &count);
       rv = SECSuccess;
    }
    PK11_ExitSlotMonitor(symKey->slot);
    return rv;
}

Here is the call graph for this function:

SECKEYPrivateKey* PK11_GenerateKeyPair ( PK11SlotInfo *  slot,
CK_MECHANISM_TYPE  type,
void param,
SECKEYPublicKey **  pubk,
PRBool  isPerm,
PRBool  isSensitive,
void wincx 
)

Definition at line 1089 of file pk11akey.c.

{
    PK11AttrFlags attrFlags = 0;

    if (token) {
       attrFlags |= PK11_ATTR_TOKEN;
    } else {
       attrFlags |= PK11_ATTR_SESSION;
    }
    if (sensitive) {
       attrFlags |= (PK11_ATTR_SENSITIVE | PK11_ATTR_PRIVATE);
    } else {
       attrFlags |= (PK11_ATTR_INSENSITIVE | PK11_ATTR_PUBLIC);
    }
    return PK11_GenerateKeyPairWithFlags(slot, type, param, pubKey,
                                          attrFlags, wincx);
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECKEYPrivateKey* PK11_GenerateKeyPairWithFlags ( PK11SlotInfo *  slot,
CK_MECHANISM_TYPE  type,
void param,
SECKEYPublicKey **  pubk,
PK11AttrFlags  attrFlags,
void wincx 
)

Definition at line 677 of file pk11akey.c.

{
    /* we have to use these native types because when we call PKCS 11 modules
     * we have to make sure that we are using the correct sizes for all the
     * parameters. */
    CK_BBOOL ckfalse = CK_FALSE;
    CK_BBOOL cktrue = CK_TRUE;
    CK_ULONG modulusBits;
    CK_BYTE publicExponent[4];
    CK_ATTRIBUTE privTemplate[] = {
       { CKA_SENSITIVE, NULL, 0},
       { CKA_TOKEN,  NULL, 0},
       { CKA_PRIVATE,  NULL, 0},
       { CKA_DERIVE,  NULL, 0},
       { CKA_UNWRAP,  NULL, 0},
       { CKA_SIGN,  NULL, 0},
       { CKA_DECRYPT,  NULL, 0},
       { CKA_EXTRACTABLE, NULL, 0},
       { CKA_MODIFIABLE,  NULL, 0},
    };
    CK_ATTRIBUTE rsaPubTemplate[] = {
       { CKA_MODULUS_BITS, NULL, 0},
       { CKA_PUBLIC_EXPONENT, NULL, 0},
       { CKA_TOKEN,  NULL, 0},
       { CKA_DERIVE,  NULL, 0},
       { CKA_WRAP,  NULL, 0},
       { CKA_VERIFY,  NULL, 0},
       { CKA_VERIFY_RECOVER,  NULL, 0},
       { CKA_ENCRYPT,  NULL, 0},
       { CKA_MODIFIABLE,  NULL, 0},
    };
    CK_ATTRIBUTE dsaPubTemplate[] = {
       { CKA_PRIME, NULL, 0 },
       { CKA_SUBPRIME, NULL, 0 },
       { CKA_BASE, NULL, 0 },
       { CKA_TOKEN,  NULL, 0},
       { CKA_DERIVE,  NULL, 0},
       { CKA_WRAP,  NULL, 0},
       { CKA_VERIFY,  NULL, 0},
       { CKA_VERIFY_RECOVER,  NULL, 0},
       { CKA_ENCRYPT,  NULL, 0},
       { CKA_MODIFIABLE,  NULL, 0},
    };
    CK_ATTRIBUTE dhPubTemplate[] = {
      { CKA_PRIME, NULL, 0 }, 
      { CKA_BASE, NULL, 0 }, 
      { CKA_TOKEN,  NULL, 0},
      { CKA_DERIVE,  NULL, 0},
      { CKA_WRAP,  NULL, 0},
      { CKA_VERIFY,  NULL, 0},
      { CKA_VERIFY_RECOVER,  NULL, 0},
      { CKA_ENCRYPT,  NULL, 0},
      { CKA_MODIFIABLE,  NULL, 0},
    };
    CK_ATTRIBUTE ecPubTemplate[] = {
      { CKA_EC_PARAMS, NULL, 0 }, 
      { CKA_TOKEN,  NULL, 0},
      { CKA_DERIVE,  NULL, 0},
      { CKA_WRAP,  NULL, 0},
      { CKA_VERIFY,  NULL, 0},
      { CKA_VERIFY_RECOVER,  NULL, 0},
      { CKA_ENCRYPT,  NULL, 0},
      { CKA_MODIFIABLE,  NULL, 0},
    };
    SECKEYECParams * ecParams;

    /*CK_ULONG key_size = 0;*/
    CK_ATTRIBUTE *pubTemplate;
    int privCount = 0;
    int pubCount = 0;
    PK11RSAGenParams *rsaParams;
    SECKEYPQGParams *dsaParams;
    SECKEYDHParams * dhParams;
    CK_MECHANISM mechanism;
    CK_MECHANISM test_mech;
    CK_SESSION_HANDLE session_handle;
    CK_RV crv;
    CK_OBJECT_HANDLE privID,pubID;
    SECKEYPrivateKey *privKey;
    KeyType keyType;
    PRBool restore;
    int peCount,i;
    CK_ATTRIBUTE *attrs;
    CK_ATTRIBUTE *privattrs;
    SECItem *pubKeyIndex;
    CK_ATTRIBUTE setTemplate;
    CK_MECHANISM_INFO mechanism_info;
    CK_OBJECT_CLASS keyClass;
    SECItem *cka_id;
    PRBool haslock = PR_FALSE;
    PRBool pubIsToken = PR_FALSE;
    PRBool token = ((attrFlags & PK11_ATTR_TOKEN) != 0);
    /* subset of attrFlags applicable to the public key */
    PK11AttrFlags pubKeyAttrFlags = attrFlags &
       (PK11_ATTR_TOKEN | PK11_ATTR_SESSION
       | PK11_ATTR_MODIFIABLE | PK11_ATTR_UNMODIFIABLE);

    if (pk11_BadAttrFlags(attrFlags)) {
       PORT_SetError( SEC_ERROR_INVALID_ARGS );
       return NULL;
    }

    PORT_Assert(slot != NULL);
    if (slot == NULL) {
       PORT_SetError( SEC_ERROR_NO_MODULE);
       return NULL;
    }

    /* if our slot really doesn't do this mechanism, Generate the key
     * in our internal token and write it out */
    if (!PK11_DoesMechanism(slot,type)) {
       PK11SlotInfo *int_slot = PK11_GetInternalSlot();

       /* don't loop forever looking for a slot */
       if (slot == int_slot) {
           PK11_FreeSlot(int_slot);
           PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
           return NULL;
       }

       /* if there isn't a suitable slot, then we can't do the keygen */
       if (int_slot == NULL) {
           PORT_SetError( SEC_ERROR_NO_MODULE );
           return NULL;
       }

       /* generate the temporary key to load */
       privKey = PK11_GenerateKeyPair(int_slot,type, param, pubKey, PR_FALSE, 
                                                 PR_FALSE, wincx);
       PK11_FreeSlot(int_slot);

       /* if successful, load the temp key into the new token */
       if (privKey != NULL) {
           SECKEYPrivateKey *newPrivKey = pk11_loadPrivKeyWithFlags(slot,
                                          privKey,*pubKey,attrFlags);
           SECKEY_DestroyPrivateKey(privKey);
           if (newPrivKey == NULL) {
              SECKEY_DestroyPublicKey(*pubKey);
              *pubKey = NULL;
           }
           return newPrivKey;
       }
       return NULL;
   }


    mechanism.mechanism = type;
    mechanism.pParameter = NULL;
    mechanism.ulParameterLen = 0;
    test_mech.pParameter = NULL;
    test_mech.ulParameterLen = 0;

    /* set up the private key template */
    privattrs = privTemplate;
    privattrs += pk11_AttrFlagsToAttributes(attrFlags, privattrs,
                                          &cktrue, &ckfalse);

    /* set up the mechanism specific info */
    switch (type) {
    case CKM_RSA_PKCS_KEY_PAIR_GEN:
    case CKM_RSA_X9_31_KEY_PAIR_GEN:
       rsaParams = (PK11RSAGenParams *)param;
       if (rsaParams->pe == 0) {
           PORT_SetError(SEC_ERROR_INVALID_ARGS);
           return NULL;
       }
       modulusBits = rsaParams->keySizeInBits;
       peCount = 0;

       /* convert pe to a PKCS #11 string */
       for (i=0; i < 4; i++) {
           if (peCount || (rsaParams->pe & 
                            ((unsigned long)0xff000000L >> (i*8)))) {
              publicExponent[peCount] = 
                            (CK_BYTE)((rsaParams->pe >> (3-i)*8) & 0xff);
              peCount++;
           }
       }
       PORT_Assert(peCount != 0);
       attrs = rsaPubTemplate;
       PK11_SETATTRS(attrs, CKA_MODULUS_BITS, 
                            &modulusBits, sizeof(modulusBits)); attrs++;
       PK11_SETATTRS(attrs, CKA_PUBLIC_EXPONENT, 
                            publicExponent, peCount);attrs++;
       pubTemplate = rsaPubTemplate;
       keyType = rsaKey;
       test_mech.mechanism = CKM_RSA_PKCS;
       break;
    case CKM_DSA_KEY_PAIR_GEN:
       dsaParams = (SECKEYPQGParams *)param;
       attrs = dsaPubTemplate;
       PK11_SETATTRS(attrs, CKA_PRIME, dsaParams->prime.data,
                            dsaParams->prime.len); attrs++;
       PK11_SETATTRS(attrs, CKA_SUBPRIME, dsaParams->subPrime.data,
                                   dsaParams->subPrime.len); attrs++;
       PK11_SETATTRS(attrs, CKA_BASE, dsaParams->base.data,
                                          dsaParams->base.len); attrs++;
       pubTemplate = dsaPubTemplate;
       keyType = dsaKey;
       test_mech.mechanism = CKM_DSA;
       break;
    case CKM_DH_PKCS_KEY_PAIR_GEN:
        dhParams = (SECKEYDHParams *)param;
        attrs = dhPubTemplate;
        PK11_SETATTRS(attrs, CKA_PRIME, dhParams->prime.data,
                      dhParams->prime.len);   attrs++;
        PK11_SETATTRS(attrs, CKA_BASE, dhParams->base.data,
                      dhParams->base.len);    attrs++;
        pubTemplate = dhPubTemplate;
        keyType = dhKey;
        test_mech.mechanism = CKM_DH_PKCS_DERIVE;
       break;
    case CKM_EC_KEY_PAIR_GEN:
        ecParams = (SECKEYECParams *)param;
        attrs = ecPubTemplate;
        PK11_SETATTRS(attrs, CKA_EC_PARAMS, ecParams->data, 
                     ecParams->len);   attrs++;
        pubTemplate = ecPubTemplate;
        keyType = ecKey;
       /* XXX An EC key can be used for other mechanisms too such
        * as CKM_ECDSA and CKM_ECDSA_SHA1. How can we reflect
        * that in test_mech.mechanism so the CKA_SIGN, CKA_VERIFY
        * attributes are set correctly? 
        */
        test_mech.mechanism = CKM_ECDH1_DERIVE;
        break;
    default:
       PORT_SetError( SEC_ERROR_BAD_KEY );
       return NULL;
    }

    /* now query the slot to find out how "good" a key we can generate */
    if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);
    crv = PK11_GETTAB(slot)->C_GetMechanismInfo(slot->slotID,
                            test_mech.mechanism,&mechanism_info);
    if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
    if ((crv != CKR_OK) || (mechanism_info.flags == 0)) {
       /* must be old module... guess what it should be... */
       switch (test_mech.mechanism) {
       case CKM_RSA_PKCS:
              mechanism_info.flags = (CKF_SIGN | CKF_DECRYPT | 
                     CKF_WRAP | CKF_VERIFY_RECOVER | CKF_ENCRYPT | CKF_WRAP);;
              break;
       case CKM_DSA:
              mechanism_info.flags = CKF_SIGN | CKF_VERIFY;
              break;
       case CKM_DH_PKCS_DERIVE:
              mechanism_info.flags = CKF_DERIVE;
              break;
       case CKM_ECDH1_DERIVE:
              mechanism_info.flags = CKF_DERIVE;
              break;
       case CKM_ECDSA:
       case CKM_ECDSA_SHA1:
              mechanism_info.flags = CKF_SIGN | CKF_VERIFY;
              break;
       default:
              break;
       }
    }
    /* set the public key attributes */
    attrs += pk11_AttrFlagsToAttributes(pubKeyAttrFlags, attrs,
                                          &cktrue, &ckfalse);
    PK11_SETATTRS(attrs, CKA_DERIVE, 
              mechanism_info.flags & CKF_DERIVE ? &cktrue : &ckfalse,
                                    sizeof(CK_BBOOL)); attrs++;
    PK11_SETATTRS(attrs, CKA_WRAP, 
              mechanism_info.flags & CKF_WRAP ? &cktrue : &ckfalse,
                                    sizeof(CK_BBOOL)); attrs++;
    PK11_SETATTRS(attrs, CKA_VERIFY, 
              mechanism_info.flags & CKF_VERIFY ? &cktrue : &ckfalse,
                                    sizeof(CK_BBOOL)); attrs++;
    PK11_SETATTRS(attrs, CKA_VERIFY_RECOVER, 
              mechanism_info.flags & CKF_VERIFY_RECOVER ? &cktrue : &ckfalse,
                                    sizeof(CK_BBOOL)); attrs++;
    PK11_SETATTRS(attrs, CKA_ENCRYPT, 
              mechanism_info.flags & CKF_ENCRYPT? &cktrue : &ckfalse,
                                    sizeof(CK_BBOOL)); attrs++;
    /* set the private key attributes */
    PK11_SETATTRS(privattrs, CKA_DERIVE, 
              mechanism_info.flags & CKF_DERIVE ? &cktrue : &ckfalse,
                                    sizeof(CK_BBOOL)); privattrs++;
    PK11_SETATTRS(privattrs, CKA_UNWRAP, 
              mechanism_info.flags & CKF_UNWRAP ? &cktrue : &ckfalse,
                                    sizeof(CK_BBOOL)); privattrs++;
    PK11_SETATTRS(privattrs, CKA_SIGN, 
              mechanism_info.flags & CKF_SIGN ? &cktrue : &ckfalse,
                                    sizeof(CK_BBOOL)); privattrs++;
    PK11_SETATTRS(privattrs, CKA_DECRYPT, 
              mechanism_info.flags & CKF_DECRYPT ? &cktrue : &ckfalse,
                                    sizeof(CK_BBOOL)); privattrs++;

    if (token) {
       session_handle = PK11_GetRWSession(slot);
       haslock = PK11_RWSessionHasLock(slot,session_handle);
       restore = PR_TRUE;
    } else {
       session_handle = slot->session;
       if (session_handle != CK_INVALID_SESSION)
           PK11_EnterSlotMonitor(slot);
       restore = PR_FALSE;
       haslock = PR_TRUE;
    }

    if (session_handle == CK_INVALID_SESSION) {
       PORT_SetError(SEC_ERROR_BAD_DATA);
       return NULL;
    }
    privCount = privattrs - privTemplate;
    pubCount = attrs - pubTemplate;
    crv = PK11_GETTAB(slot)->C_GenerateKeyPair(session_handle, &mechanism,
       pubTemplate,pubCount,privTemplate,privCount,&pubID,&privID);

    if (crv != CKR_OK) {
       if (restore)  {
           PK11_RestoreROSession(slot,session_handle);
       } else PK11_ExitSlotMonitor(slot);
       PORT_SetError( PK11_MapError(crv) );
       return NULL;
    }
    /* This locking code is dangerous and needs to be more thought
     * out... the real problem is that we're holding the mutex open this long
     */
    if (haslock) { PK11_ExitSlotMonitor(slot); }

    /* swap around the ID's for older PKCS #11 modules */
    keyClass = PK11_ReadULongAttribute(slot,pubID,CKA_CLASS);
    if (keyClass != CKO_PUBLIC_KEY) {
       CK_OBJECT_HANDLE tmp = pubID;
       pubID = privID;
       privID = tmp;
    }

    *pubKey = PK11_ExtractPublicKey(slot, keyType, pubID);
    if (*pubKey == NULL) {
       if (restore)  {
           /* we may have to restore the mutex so it get's exited properly
            * in RestoreROSession */
            if (haslock)  PK11_EnterSlotMonitor(slot); 
           PK11_RestoreROSession(slot,session_handle);
       } 
       PK11_DestroyObject(slot,pubID);
       PK11_DestroyObject(slot,privID);
       return NULL;
    }

    /* set the ID to the public key so we can find it again */
    pubKeyIndex =  NULL;
    switch (type) {
    case CKM_RSA_PKCS_KEY_PAIR_GEN:
    case CKM_RSA_X9_31_KEY_PAIR_GEN:
      pubKeyIndex = &(*pubKey)->u.rsa.modulus;
      break;
    case CKM_DSA_KEY_PAIR_GEN:
      pubKeyIndex = &(*pubKey)->u.dsa.publicValue;
      break;
    case CKM_DH_PKCS_KEY_PAIR_GEN:
      pubKeyIndex = &(*pubKey)->u.dh.publicValue;
      break;      
    case CKM_EC_KEY_PAIR_GEN:
      pubKeyIndex = &(*pubKey)->u.ec.publicValue;
      break;      
    }
    PORT_Assert(pubKeyIndex != NULL);

    cka_id = PK11_MakeIDFromPubKey(pubKeyIndex);
    pubIsToken = (PRBool)PK11_HasAttributeSet(slot,pubID, CKA_TOKEN);

    PK11_SETATTRS(&setTemplate, CKA_ID, cka_id->data, cka_id->len);

    if (haslock) { PK11_EnterSlotMonitor(slot); }
    crv = PK11_GETTAB(slot)->C_SetAttributeValue(session_handle, privID,
              &setTemplate, 1);
   
    if (crv == CKR_OK && pubIsToken) {
       crv = PK11_GETTAB(slot)->C_SetAttributeValue(session_handle, pubID,
              &setTemplate, 1);
    }


    if (restore) {
       PK11_RestoreROSession(slot,session_handle);
    } else {
       PK11_ExitSlotMonitor(slot);
    }
    SECITEM_FreeItem(cka_id,PR_TRUE);


    if (crv != CKR_OK) {
       PK11_DestroyObject(slot,pubID);
       PK11_DestroyObject(slot,privID);
       PORT_SetError( PK11_MapError(crv) );
       *pubKey = NULL;
       return NULL;
    }

    privKey = PK11_MakePrivKey(slot,keyType,!token,privID,wincx);
    if (privKey == NULL) {
       SECKEY_DestroyPublicKey(*pubKey);
       PK11_DestroyObject(slot,privID);
       *pubKey = NULL;
       return NULL;
    }

    return privKey;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECItem* PK11_GenerateNewParam ( CK_MECHANISM_TYPE  ,
PK11SymKey *   
)

Definition at line 1305 of file pk11mech.c.

                                                               { 
    CK_RC2_CBC_PARAMS *rc2_params;
    CK_RC2_PARAMS *rc2_ecb_params;
    SECItem *mech;
    SECItem iv;
    SECStatus rv;


    mech = (SECItem *) PORT_Alloc(sizeof(SECItem));
    if (mech == NULL) return NULL;

    rv = SECSuccess;
    mech->type = siBuffer;
    switch (type) {
    case CKM_RC4:
    case CKM_AES_ECB:
    case CKM_DES_ECB:
    case CKM_DES3_ECB:
    case CKM_IDEA_ECB:
    case CKM_CDMF_ECB:
    case CKM_CAST_ECB:
    case CKM_CAST3_ECB:
    case CKM_CAST5_ECB:
       mech->data = NULL;
       mech->len = 0;
       break;
    case CKM_RC2_ECB:
       rc2_ecb_params = (CK_RC2_PARAMS *)PORT_Alloc(sizeof(CK_RC2_PARAMS));
       if (rc2_ecb_params == NULL) {
           rv = SECFailure;
           break;
       }
       /* NOTE PK11_GetKeyLength can return -1 if the key isn't and RC2, RC5,
        *   or RC4 key. Of course that wouldn't happen here doing RC2:).*/
       *rc2_ecb_params = PK11_GetKeyLength(key)*8;
       mech->data = (unsigned char *) rc2_ecb_params;
       mech->len = sizeof(CK_RC2_PARAMS);
       break;
    case CKM_RC2_CBC:
    case CKM_RC2_CBC_PAD:
       rv = pk11_GenIV(type,&iv);
       if (rv != SECSuccess) {
           break;
       }
       rc2_params = (CK_RC2_CBC_PARAMS *)PORT_Alloc(sizeof(CK_RC2_CBC_PARAMS));
       if (rc2_params == NULL) {
           PORT_Free(iv.data);
           rv = SECFailure;
           break;
       }
       /* NOTE PK11_GetKeyLength can return -1 if the key isn't and RC2, RC5,
        *   or RC4 key. Of course that wouldn't happen here doing RC2:).*/
       rc2_params->ulEffectiveBits = PK11_GetKeyLength(key)*8;
       if (iv.data)
           PORT_Memcpy(rc2_params->iv,iv.data,sizeof(rc2_params->iv));
       mech->data = (unsigned char *) rc2_params;
       mech->len = sizeof(CK_RC2_CBC_PARAMS);
       PORT_Free(iv.data);
       break;
    case CKM_RC5_ECB:
        PORT_Free(mech);
       return PK11_ParamFromIV(type,NULL);
    case CKM_RC5_CBC:
    case CKM_RC5_CBC_PAD:
       rv = pk11_GenIV(type,&iv);
       if (rv != SECSuccess) {
           break;
       }
        PORT_Free(mech);
       return PK11_ParamFromIV(type,&iv);
    default:
       if (pk11_lookup(type)->iv == 0) {
           mech->data = NULL;
           mech->len = 0;
           break;
       }
    case CKM_AES_CBC:
    case CKM_DES_CBC:
    case CKM_DES3_CBC:
    case CKM_IDEA_CBC:
    case CKM_CDMF_CBC:
    case CKM_CAST_CBC:
    case CKM_CAST3_CBC:
    case CKM_CAST5_CBC:
    case CKM_DES_CBC_PAD:
    case CKM_DES3_CBC_PAD:
    case CKM_IDEA_CBC_PAD:
    case CKM_CDMF_CBC_PAD:
    case CKM_CAST_CBC_PAD:
    case CKM_CAST3_CBC_PAD:
    case CKM_CAST5_CBC_PAD:
    case CKM_SKIPJACK_CBC64:
    case CKM_SKIPJACK_ECB64:
    case CKM_SKIPJACK_OFB64:
    case CKM_SKIPJACK_CFB64:
    case CKM_SKIPJACK_CFB32:
    case CKM_SKIPJACK_CFB16:
    case CKM_SKIPJACK_CFB8:
    case CKM_BATON_ECB128:
    case CKM_BATON_ECB96:
    case CKM_BATON_CBC128:
    case CKM_BATON_COUNTER:
    case CKM_BATON_SHUFFLE:
    case CKM_JUNIPER_ECB128:
    case CKM_JUNIPER_CBC128:
    case CKM_JUNIPER_COUNTER:
    case CKM_JUNIPER_SHUFFLE:
       rv = pk11_GenIV(type,&iv);
       if (rv != SECSuccess) {
           break;
       }
       mech->data = (unsigned char*)PORT_Alloc(iv.len);
       if (mech->data == NULL) {
           PORT_Free(iv.data);
           rv = SECFailure;
           break;
       }
       PORT_Memcpy(mech->data,iv.data,iv.len);
       mech->len = iv.len;
        PORT_Free(iv.data);
       break;
    }
    if (rv !=  SECSuccess) {
       SECITEM_FreeItem(mech,PR_TRUE);
       return NULL;
    }
    return mech;

}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus PK11_GenerateRandom ( unsigned char *  data,
int  len 
)

Definition at line 2184 of file pk11slot.c.

                                                 {
    PK11SlotInfo *slot;
    SECStatus rv;

    slot = PK11_GetBestSlot(CKM_FAKE_RANDOM,NULL);
    if (slot == NULL) return SECFailure;

    rv = PK11_GenerateRandomOnSlot(slot, data, len);
    PK11_FreeSlot(slot);
    return rv;
}

Here is the call graph for this function:

SECStatus PK11_GenerateRandomOnSlot ( PK11SlotInfo *  ,
unsigned char *  data,
int  len 
)

Definition at line 2136 of file pk11slot.c.

                                                                            {
    CK_RV crv;

    if (!slot->isInternal) PK11_EnterSlotMonitor(slot);
    crv = PK11_GETTAB(slot)->C_GenerateRandom(slot->session,data, 
                                                 (CK_ULONG)len);
    if (!slot->isInternal) PK11_ExitSlotMonitor(slot);
    if (crv != CKR_OK) {
       PORT_SetError(PK11_MapError(crv));
       return  SECFailure;
    }
    return SECSuccess;
}

Here is the call graph for this function:

PK11SlotList* PK11_GetAllTokens ( CK_MECHANISM_TYPE  type,
PRBool  needRW,
PRBool  loadCerts,
void wincx 
)

Definition at line 1927 of file pk11slot.c.

{
    PK11SlotList *     list         = PK11_NewSlotList();
    PK11SlotList *     loginList    = PK11_NewSlotList();
    PK11SlotList *     friendlyList = PK11_NewSlotList();
    SECMODModuleList * mlp;
    SECMODModuleList * modules      = SECMOD_GetDefaultModuleList();
    SECMODListLock *   moduleLock   = SECMOD_GetDefaultModuleListLock();
    int                i;
#if defined( XP_WIN32 ) 
    int                j            = 0;
    PRInt32            waste[16];
#endif

    if ((list == NULL)  || (loginList == NULL) || (friendlyList == NULL)) {
       if (list) PK11_FreeSlotList(list);
       if (loginList) PK11_FreeSlotList(loginList);
       if (friendlyList) PK11_FreeSlotList(friendlyList);
       return NULL;
    }

    SECMOD_GetReadLock(moduleLock);
    for(mlp = modules; mlp != NULL; mlp = mlp->next) {

#if defined( XP_WIN32 ) 
       /* This is works around some horrible cache/page thrashing problems 
       ** on Win32.  Without this, this loop can take up to 6 seconds at 
       ** 100% CPU on a Pentium-Pro 200.  The thing this changes is to 
       ** increase the size of the stack frame and modify it.  
       ** Moving the loop code itself seems to have no effect.
       ** Dunno why this combination makes a difference, but it does.
       */
       waste[ j & 0xf] = j++; 
#endif

       for (i = 0; i < mlp->module->slotCount; i++) {
           PK11SlotInfo *slot = mlp->module->slots[i];

           if (pk11_IsPresentCertLoad(slot, loadCerts)) {
              if (needRW &&  slot->readOnly) continue;
              if ((type == CKM_INVALID_MECHANISM) 
                                   || PK11_DoesMechanism(slot, type)) {
                  if (pk11_LoginStillRequired(slot,wincx)) {
                     if (PK11_IsFriendly(slot)) {
                         PK11_AddSlotToList(friendlyList, slot);
                     } else {
                         PK11_AddSlotToList(loginList, slot);
                     }
                  } else {
                     PK11_AddSlotToList(list, slot);
                  }
              }
           }
       }
    }
    SECMOD_ReleaseReadLock(moduleLock);

    PK11_MoveListToList(list,friendlyList);
    PK11_FreeSlotList(friendlyList);
    PK11_MoveListToList(list,loginList);
    PK11_FreeSlotList(loginList);

    return list;
}

Here is the call graph for this function:

int PK11_GetBestKeyLength ( PK11SlotInfo *  slot,
CK_MECHANISM_TYPE  type 
)

Definition at line 2104 of file pk11slot.c.

{
    CK_MECHANISM_INFO mechanism_info;
    CK_RV crv;

    if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);
    crv = PK11_GETTAB(slot)->C_GetMechanismInfo(slot->slotID,
                               mechanism,&mechanism_info);
    if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
    if (crv != CKR_OK) return 0;

    if (mechanism_info.ulMinKeySize == mechanism_info.ulMaxKeySize) 
              return 0;
    return mechanism_info.ulMaxKeySize;
}

Here is the call graph for this function:

PK11SlotInfo* PK11_GetBestSlot ( CK_MECHANISM_TYPE  type,
void wincx 
)

Definition at line 2098 of file pk11slot.c.

{
    return PK11_GetBestSlotMultiple(&type, 1, wincx);
}

Here is the call graph for this function:

PK11SlotInfo* PK11_GetBestSlotMultiple ( CK_MECHANISM_TYPE type,
int  count,
void wincx 
)

Definition at line 2025 of file pk11slot.c.

{
    PK11SlotList *list = NULL;
    PK11SlotListElement *le ;
    PK11SlotInfo *slot = NULL;
    PRBool freeit = PR_FALSE;
    PRBool listNeedLogin = PR_FALSE;
    int i;
    SECStatus rv;

    list = PK11_GetSlotList(type[0]);

    if ((list == NULL) || (list->head == NULL)) {
       /* We need to look up all the tokens for the mechanism */
       list = PK11_GetAllTokens(type[0],PR_FALSE,PR_TRUE,wincx);
       freeit = PR_TRUE;
    }

    /* no one can do it! */
    if (list == NULL) {
       PORT_SetError(SEC_ERROR_NO_TOKEN);
       return NULL;
    }

    PORT_SetError(0);


    listNeedLogin = PR_FALSE;
    for (i=0; i < mech_count; i++) {
       if ((type[i] != CKM_FAKE_RANDOM) && 
           (type[i] != CKM_SHA_1) &&
           (type[i] != CKM_SHA256) &&
           (type[i] != CKM_SHA384) &&
           (type[i] != CKM_SHA512) &&
           (type[i] != CKM_MD5) && 
           (type[i] != CKM_MD2)) {
           listNeedLogin = PR_TRUE;
           break;
       }
    }

    for (le = PK11_GetFirstSafe(list); le;
                            le = PK11_GetNextSafe(list,le,PR_TRUE)) {
       if (PK11_IsPresent(le->slot)) {
           PRBool doExit = PR_FALSE;
           for (i=0; i < mech_count; i++) {
              if (!PK11_DoesMechanism(le->slot,type[i])) {
                  doExit = PR_TRUE;
                  break;
              }
           }
           if (doExit) continue;
             
           if (listNeedLogin && le->slot->needLogin) {
              rv = PK11_Authenticate(le->slot,PR_TRUE,wincx);
              if (rv != SECSuccess) continue;
           }
           slot = le->slot;
           PK11_ReferenceSlot(slot);
           PK11_FreeSlotListElement(list,le);
           if (freeit) { PK11_FreeSlotList(list); }
           return slot;
       }
    }
    if (freeit) { PK11_FreeSlotList(list); }
    if (PORT_GetError() == 0) {
       PORT_SetError(SEC_ERROR_NO_TOKEN);
    }
    return NULL;
}

Here is the call graph for this function:

CK_MECHANISM_TYPE PK11_GetBestWrapMechanism ( PK11SlotInfo *  slot)

Definition at line 120 of file pk11mech.c.

{
    int i;
    for (i=0; i < wrapMechanismCount; i++) {
       if (PK11_DoesMechanism(slot,wrapMechanismList[i])) {
           return wrapMechanismList[i];
       }
    }
    return CKM_INVALID_MECHANISM;
}

Here is the call graph for this function:

Here is the caller graph for this function:

int PK11_GetBlockSize ( CK_MECHANISM_TYPE  type,
SECItem *  params 
)

Definition at line 599 of file pk11mech.c.

{
    CK_RC5_PARAMS *rc5_params;
    CK_RC5_CBC_PARAMS *rc5_cbc_params;
    switch (type) {
    case CKM_RC5_ECB:
       if ((params) && (params->data)) {
           rc5_params = (CK_RC5_PARAMS *) params->data;
           return (rc5_params->ulWordsize)*2;
       }
       return 8;
    case CKM_RC5_CBC:
    case CKM_RC5_CBC_PAD:
       if ((params) && (params->data)) {
           rc5_cbc_params = (CK_RC5_CBC_PARAMS *) params->data;
           return (rc5_cbc_params->ulWordsize)*2;
       }
       return 8;
    case CKM_DES_ECB:
    case CKM_DES3_ECB:
    case CKM_RC2_ECB:
    case CKM_IDEA_ECB:
    case CKM_CAST_ECB:
    case CKM_CAST3_ECB:
    case CKM_CAST5_ECB:
    case CKM_RC2_CBC:
    case CKM_SKIPJACK_CBC64:
    case CKM_SKIPJACK_ECB64:
    case CKM_SKIPJACK_OFB64:
    case CKM_SKIPJACK_CFB64:
    case CKM_DES_CBC:
    case CKM_DES3_CBC:
    case CKM_IDEA_CBC:
    case CKM_CAST_CBC:
    case CKM_CAST3_CBC:
    case CKM_CAST5_CBC:
    case CKM_DES_CBC_PAD:
    case CKM_DES3_CBC_PAD:
    case CKM_RC2_CBC_PAD:
    case CKM_IDEA_CBC_PAD:
    case CKM_CAST_CBC_PAD:
    case CKM_CAST3_CBC_PAD:
    case CKM_CAST5_CBC_PAD:
    case CKM_PBE_MD2_DES_CBC:
    case CKM_PBE_MD5_DES_CBC:
    case CKM_NETSCAPE_PBE_SHA1_DES_CBC:
    case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC:
    case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC:
    case CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC:
    case CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC:
    case CKM_PBE_SHA1_RC2_40_CBC:
    case CKM_PBE_SHA1_RC2_128_CBC:
    case CKM_PBE_SHA1_DES3_EDE_CBC:
    case CKM_PBE_SHA1_DES2_EDE_CBC:
       return 8;
    case CKM_SKIPJACK_CFB32:
    case CKM_SKIPJACK_CFB16:
    case CKM_SKIPJACK_CFB8:
       return 4;
    case CKM_AES_ECB:
    case CKM_AES_CBC:
    case CKM_AES_CBC_PAD:
    case CKM_BATON_ECB128:
    case CKM_BATON_CBC128:
    case CKM_BATON_COUNTER:
    case CKM_BATON_SHUFFLE:
    case CKM_JUNIPER_ECB128:
    case CKM_JUNIPER_CBC128:
    case CKM_JUNIPER_COUNTER:
    case CKM_JUNIPER_SHUFFLE:
       return 16;
    case CKM_BATON_ECB96:
       return 12;
    case CKM_RC4:
    case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4:
    case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4:
    case CKM_PBE_SHA1_RC4_40:
    case CKM_PBE_SHA1_RC4_128:
       return 0;
    case CKM_RSA_PKCS:
    case CKM_RSA_9796:
    case CKM_RSA_X_509:
       /*actually it's the modulus length of the key!*/
       return -1;    /* failure */
    default:
       return pk11_lookup(type)->blockSize;
    }
}

Here is the call graph for this function:

Here is the caller graph for this function:

CERTCertificate* PK11_GetCertFromPrivateKey ( SECKEYPrivateKey *  privKey)

Definition at line 400 of file pk11cert.c.

{
    PK11SlotInfo *slot = privKey->pkcs11Slot;
    CK_OBJECT_HANDLE handle = privKey->pkcs11ID;
    CK_OBJECT_HANDLE certID = 
              PK11_MatchItem(slot,handle,CKO_CERTIFICATE);
    CERTCertificate *cert;

    if (certID == CK_INVALID_HANDLE) {
       PORT_SetError(SSL_ERROR_NO_CERTIFICATE);
       return NULL;
    }
    cert = PK11_MakeCertFromHandle(slot,certID,NULL);
    return (cert);

}

Here is the call graph for this function:

Here is the caller graph for this function:

int PK11_GetCurrentWrapIndex ( PK11SlotInfo *  slot)

Definition at line 1716 of file pk11slot.c.

{
    return slot->wrapKey;
}
PK11DefaultArrayEntry* PK11_GetDefaultArray ( int )

Definition at line 89 of file pk11slot.c.

unsigned long PK11_GetDefaultFlags ( PK11SlotInfo *  slot)

Definition at line 1656 of file pk11slot.c.

{
       return slot->defaultFlags;
}
PK11DisableReasons PK11_GetDisabledReason ( PK11SlotInfo *  slot)

Definition at line 1619 of file pk11slot.c.

{
    return slot->reason;
}
PK11SlotListElement* PK11_GetFirstSafe ( PK11SlotList *  list)

Definition at line 287 of file pk11slot.c.

{
    PK11SlotListElement *le;

    PZ_Lock(list->lock);
    le = list->head;
    if (le != NULL) (le)->refCount++;
    PZ_Unlock(list->lock);
    return le;
}
PK11SlotInfo* PK11_GetInternalKeySlot ( void  )

Definition at line 1828 of file pk11slot.c.

{
    SECMODModule *mod = SECMOD_GetInternalModule();
    PORT_Assert(mod != NULL);
    if (!mod) {
       PORT_SetError( SEC_ERROR_NO_MODULE );
       return NULL;
    }
    return PK11_ReferenceSlot(mod->isFIPS ? mod->slots[0] : mod->slots[1]);
}

Here is the call graph for this function:

PK11SlotInfo* PK11_GetInternalSlot ( void  )

Definition at line 1841 of file pk11slot.c.

{
    SECMODModule * mod = SECMOD_GetInternalModule();
    PORT_Assert(mod != NULL);
    if (!mod) {
       PORT_SetError( SEC_ERROR_NO_MODULE );
       return NULL;
    }
    return PK11_ReferenceSlot(mod->slots[0]);
}

Here is the call graph for this function:

Definition at line 692 of file pk11mech.c.

{
    switch (type) {
    case CKM_AES_ECB:
    case CKM_DES_ECB:
    case CKM_DES3_ECB:
    case CKM_RC2_ECB:
    case CKM_IDEA_ECB:
    case CKM_SKIPJACK_WRAP:
    case CKM_BATON_WRAP:
    case CKM_RC5_ECB:
    case CKM_CAST_ECB:
    case CKM_CAST3_ECB:
    case CKM_CAST5_ECB:
       return 0;
    case CKM_RC2_CBC:
    case CKM_DES_CBC:
    case CKM_DES3_CBC:
    case CKM_IDEA_CBC:
    case CKM_PBE_MD2_DES_CBC:
    case CKM_PBE_MD5_DES_CBC:
    case CKM_NETSCAPE_PBE_SHA1_DES_CBC:
    case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC:
    case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC:
    case CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC:
    case CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC:
    case CKM_PBE_SHA1_RC2_40_CBC:
    case CKM_PBE_SHA1_RC2_128_CBC:
    case CKM_PBE_SHA1_DES3_EDE_CBC:
    case CKM_PBE_SHA1_DES2_EDE_CBC:
    case CKM_RC5_CBC:
    case CKM_CAST_CBC:
    case CKM_CAST3_CBC:
    case CKM_CAST5_CBC:
    case CKM_RC2_CBC_PAD:
    case CKM_DES_CBC_PAD:
    case CKM_DES3_CBC_PAD:
    case CKM_IDEA_CBC_PAD:
    case CKM_RC5_CBC_PAD:
    case CKM_CAST_CBC_PAD:
    case CKM_CAST3_CBC_PAD:
    case CKM_CAST5_CBC_PAD:
       return 8;
    case CKM_AES_CBC:
    case CKM_AES_CBC_PAD:
       return 16;
    case CKM_SKIPJACK_CBC64:
    case CKM_SKIPJACK_ECB64:
    case CKM_SKIPJACK_OFB64:
    case CKM_SKIPJACK_CFB64:
    case CKM_SKIPJACK_CFB32:
    case CKM_SKIPJACK_CFB16:
    case CKM_SKIPJACK_CFB8:
    case CKM_BATON_ECB128:
    case CKM_BATON_ECB96:
    case CKM_BATON_CBC128:
    case CKM_BATON_COUNTER:
    case CKM_BATON_SHUFFLE:
    case CKM_JUNIPER_ECB128:
    case CKM_JUNIPER_CBC128:
    case CKM_JUNIPER_COUNTER:
    case CKM_JUNIPER_SHUFFLE:
       return 24;
    case CKM_RC4:
    case CKM_RSA_PKCS:
    case CKM_RSA_9796:
    case CKM_RSA_X_509:
    case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4:
    case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4:
    case CKM_PBE_SHA1_RC4_40:
    case CKM_PBE_SHA1_RC4_128:
       return 0;
    default:
       return pk11_lookup(type)->iv;
    }
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECItem* PK11_GetKeyData ( PK11SymKey *  symKey)

Definition at line 675 of file pk11skey.c.

{
    return __PK11_GetKeyData(symKey);
}

Here is the call graph for this function:

Definition at line 407 of file pk11mech.c.

{
    return PK11_GetKeyGenWithSize(type, 0);
}

Here is the call graph for this function:

Here is the caller graph for this function:

unsigned int PK11_GetKeyLength ( PK11SymKey *  key)

Definition at line 682 of file pk11skey.c.

{
    CK_KEY_TYPE keyType;

    if (key->size != 0) return key->size;

    /* First try to figure out the key length from its type */
    keyType = PK11_ReadULongAttribute(key->slot,key->objectID,CKA_KEY_TYPE);
    switch (keyType) {
      case CKK_DES: key->size = 8; break;
      case CKK_DES2: key->size = 16; break;
      case CKK_DES3: key->size = 24; break;
      case CKK_SKIPJACK: key->size = 10; break;
      case CKK_BATON: key->size = 20; break;
      case CKK_JUNIPER: key->size = 20; break;
      case CKK_GENERIC_SECRET:
       if (key->type == CKM_SSL3_PRE_MASTER_KEY_GEN)  {
           key->size=48;
       }
       break;
      default: break;
    }
   if( key->size != 0 ) return key->size;

   if (key->data.data == NULL) {
       PK11_ExtractKeyValue(key);
   }
   /* key is probably secret. Look up its length */
   /*  this is new PKCS #11 version 2.0 functionality. */
   if (key->size == 0) {
       CK_ULONG keyLength;

       keyLength = PK11_ReadULongAttribute(key->slot,key->objectID,CKA_VALUE_LEN);
       if (keyLength != CK_UNAVAILABLE_INFORMATION) {
           key->size = (unsigned int)keyLength;
       }
    }

   return key->size;
}

Here is the call graph for this function:

unsigned int PK11_GetKeyStrength ( PK11SymKey *  key,
SECAlgorithmID *  algid 
)

Definition at line 728 of file pk11skey.c.

{
     int size=0;
     CK_MECHANISM_TYPE mechanism= CKM_INVALID_MECHANISM; /* RC2 only */
     SECItem *param = NULL; /* RC2 only */
     CK_RC2_CBC_PARAMS *rc2_params = NULL; /* RC2 ONLY */
     unsigned int effectiveBits = 0; /* RC2 ONLY */

     switch (PK11_GetKeyType(key->type,0)) {
     case CKK_CDMF:
       return 40;
     case CKK_DES:
       return 56;
     case CKK_DES3:
     case CKK_DES2:
       size = PK11_GetKeyLength(key);
       if (size == 16) {
          /* double des */
          return 112; /* 16*7 */
       }
       return 168;
    /*
     * RC2 has is different than other ciphers in that it allows the user
     * to deprecating keysize while still requiring all the bits for the 
     * original key. The info
     * on what the effective key strength is in the parameter for the key.
     * In S/MIME this parameter is stored in the DER encoded algid. In Our 
     * other uses of RC2, effectiveBits == keyBits, so this code functions
     * correctly without an algid.
     */
    case CKK_RC2:
       /* if no algid was provided, fall through to default */
        if (!algid) {
           break; 
       }
       /* verify that the algid is for RC2 */
       mechanism = PK11_AlgtagToMechanism(SECOID_GetAlgorithmTag(algid));
       if ((mechanism != CKM_RC2_CBC) && (mechanism != CKM_RC2_ECB)) {
           break;
       }

       /* now get effective bits from the algorithm ID. */
       param = PK11_ParamFromAlgid(algid);
       /* if we couldn't get memory just use key length */
       if (param == NULL) {
           break;
       }

       rc2_params = (CK_RC2_CBC_PARAMS *) param->data;
       /* paranoia... shouldn't happen */
       PORT_Assert(param->data != NULL);
       if (param->data == NULL) {
           SECITEM_FreeItem(param,PR_TRUE);
           break;
       }
       effectiveBits = (unsigned int)rc2_params->ulEffectiveBits;
       SECITEM_FreeItem(param,PR_TRUE);
       param = NULL; rc2_params=NULL; /* paranoia */

       /* we have effective bits, is and allocated memory is free, now
        * we need to return the smaller of effective bits and keysize */
       size = PK11_GetKeyLength(key);
       if ((unsigned int)size*8 > effectiveBits) {
           return effectiveBits;
       }

       return size*8; /* the actual key is smaller, the strength can't be
                     * greater than the actual key size */
       
    default:
       break;
    }
    return PK11_GetKeyLength(key) * 8;
}

Here is the call graph for this function:

Definition at line 228 of file pk11mech.c.

{
    switch (type) {
    case CKM_AES_ECB:
    case CKM_AES_CBC:
    case CKM_AES_MAC:
    case CKM_AES_MAC_GENERAL:
    case CKM_AES_CBC_PAD:
    case CKM_AES_KEY_GEN:
    case CKM_NETSCAPE_AES_KEY_WRAP:
    case CKM_NETSCAPE_AES_KEY_WRAP_PAD:
       return CKK_AES;
    case CKM_DES_ECB:
    case CKM_DES_CBC:
    case CKM_DES_MAC:
    case CKM_DES_MAC_GENERAL:
    case CKM_DES_CBC_PAD:
    case CKM_DES_KEY_GEN:
    case CKM_KEY_WRAP_LYNKS:
    case CKM_PBE_MD2_DES_CBC:
    case CKM_PBE_MD5_DES_CBC:
       return CKK_DES;
    case CKM_DES3_ECB:
    case CKM_DES3_CBC:
    case CKM_DES3_MAC:
    case CKM_DES3_MAC_GENERAL:
    case CKM_DES3_CBC_PAD:
       return (len == 16) ? CKK_DES2 : CKK_DES3;
    case CKM_DES2_KEY_GEN:
    case CKM_PBE_SHA1_DES2_EDE_CBC:
       return CKK_DES2;
    case CKM_PBE_SHA1_DES3_EDE_CBC:
    case CKM_DES3_KEY_GEN:
       return CKK_DES3;
    case CKM_CDMF_ECB:
    case CKM_CDMF_CBC:
    case CKM_CDMF_MAC:
    case CKM_CDMF_MAC_GENERAL:
    case CKM_CDMF_CBC_PAD:
    case CKM_CDMF_KEY_GEN:
       return CKK_CDMF;
    case CKM_RC2_ECB:
    case CKM_RC2_CBC:
    case CKM_RC2_MAC:
    case CKM_RC2_MAC_GENERAL:
    case CKM_RC2_CBC_PAD:
    case CKM_RC2_KEY_GEN:
    case CKM_PBE_SHA1_RC2_128_CBC:
    case CKM_PBE_SHA1_RC2_40_CBC:
       return CKK_RC2;
    case CKM_RC4:
    case CKM_RC4_KEY_GEN:
       return CKK_RC4;
    case CKM_RC5_ECB:
    case CKM_RC5_CBC:
    case CKM_RC5_MAC:
    case CKM_RC5_MAC_GENERAL:
    case CKM_RC5_CBC_PAD:
    case CKM_RC5_KEY_GEN:
       return CKK_RC5;
    case CKM_SKIPJACK_CBC64:
    case CKM_SKIPJACK_ECB64:
    case CKM_SKIPJACK_OFB64:
    case CKM_SKIPJACK_CFB64:
    case CKM_SKIPJACK_CFB32:
    case CKM_SKIPJACK_CFB16:
    case CKM_SKIPJACK_CFB8:
    case CKM_SKIPJACK_KEY_GEN:
    case CKM_SKIPJACK_WRAP:
    case CKM_SKIPJACK_PRIVATE_WRAP:
       return CKK_SKIPJACK;
    case CKM_BATON_ECB128:
    case CKM_BATON_ECB96:
    case CKM_BATON_CBC128:
    case CKM_BATON_COUNTER:
    case CKM_BATON_SHUFFLE:
    case CKM_BATON_WRAP:
    case CKM_BATON_KEY_GEN:
       return CKK_BATON;
    case CKM_JUNIPER_ECB128:
    case CKM_JUNIPER_CBC128:
    case CKM_JUNIPER_COUNTER:
    case CKM_JUNIPER_SHUFFLE:
    case CKM_JUNIPER_WRAP:
    case CKM_JUNIPER_KEY_GEN:
       return CKK_JUNIPER;
    case CKM_IDEA_CBC:
    case CKM_IDEA_ECB:
    case CKM_IDEA_MAC:
    case CKM_IDEA_MAC_GENERAL:
    case CKM_IDEA_CBC_PAD:
    case CKM_IDEA_KEY_GEN:
       return CKK_IDEA;
    case CKM_CAST_ECB:
    case CKM_CAST_CBC:
    case CKM_CAST_MAC:
    case CKM_CAST_MAC_GENERAL:
    case CKM_CAST_CBC_PAD:
    case CKM_CAST_KEY_GEN:
    case CKM_PBE_MD5_CAST_CBC:
       return CKK_CAST;
    case CKM_CAST3_ECB:
    case CKM_CAST3_CBC:
    case CKM_CAST3_MAC:
    case CKM_CAST3_MAC_GENERAL:
    case CKM_CAST3_CBC_PAD:
    case CKM_CAST3_KEY_GEN:
    case CKM_PBE_MD5_CAST3_CBC:
       return CKK_CAST3;
    case CKM_CAST5_ECB:
    case CKM_CAST5_CBC:
    case CKM_CAST5_MAC:
    case CKM_CAST5_MAC_GENERAL:
    case CKM_CAST5_CBC_PAD:
    case CKM_CAST5_KEY_GEN:
    case CKM_PBE_MD5_CAST5_CBC:
       return CKK_CAST5;
    case CKM_RSA_PKCS:
    case CKM_RSA_9796:
    case CKM_RSA_X_509:
    case CKM_MD2_RSA_PKCS:
    case CKM_MD5_RSA_PKCS:
    case CKM_SHA1_RSA_PKCS:
    case CKM_SHA256_RSA_PKCS:
    case CKM_SHA384_RSA_PKCS:
    case CKM_SHA512_RSA_PKCS:
    case CKM_KEY_WRAP_SET_OAEP:
    case CKM_RSA_PKCS_KEY_PAIR_GEN:
    case CKM_RSA_X9_31_KEY_PAIR_GEN:
       return CKK_RSA;
    case CKM_DSA:
    case CKM_DSA_SHA1:
    case CKM_DSA_KEY_PAIR_GEN:
       return CKK_DSA;
    case CKM_DH_PKCS_DERIVE:
    case CKM_DH_PKCS_KEY_PAIR_GEN:
       return CKK_DH;
    case CKM_KEA_KEY_DERIVE:
    case CKM_KEA_KEY_PAIR_GEN:
       return CKK_KEA;
    case CKM_ECDSA:
    case CKM_ECDSA_SHA1:
    case CKM_EC_KEY_PAIR_GEN: /* aka CKM_ECDSA_KEY_PAIR_GEN */
    case CKM_ECDH1_DERIVE:
       return CKK_EC;  /* CKK_ECDSA is deprecated */
    case CKM_SSL3_PRE_MASTER_KEY_GEN:
    case CKM_GENERIC_SECRET_KEY_GEN:
    case CKM_SSL3_MASTER_KEY_DERIVE:
    case CKM_SSL3_MASTER_KEY_DERIVE_DH:
    case CKM_SSL3_KEY_AND_MAC_DERIVE:
    case CKM_SSL3_SHA1_MAC:
    case CKM_SSL3_MD5_MAC:
    case CKM_TLS_MASTER_KEY_DERIVE:
    case CKM_TLS_MASTER_KEY_DERIVE_DH:
    case CKM_TLS_KEY_AND_MAC_DERIVE:
    case CKM_SHA_1_HMAC:
    case CKM_SHA_1_HMAC_GENERAL:
    case CKM_SHA256_HMAC:
    case CKM_SHA256_HMAC_GENERAL:
    case CKM_SHA384_HMAC:
    case CKM_SHA384_HMAC_GENERAL:
    case CKM_SHA512_HMAC:
    case CKM_SHA512_HMAC_GENERAL:
    case CKM_MD2_HMAC:
    case CKM_MD2_HMAC_GENERAL:
    case CKM_MD5_HMAC:
    case CKM_MD5_HMAC_GENERAL:
    case CKM_TLS_PRF_GENERAL:
       return CKK_GENERIC_SECRET;
    default:
       return pk11_lookup(type)->keyType;
    }
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECItem* PK11_GetLowLevelKeyIDForCert ( PK11SlotInfo *  slot,
CERTCertificate *  cert,
void pwarg 
)

Definition at line 2372 of file pk11cert.c.

{
    CK_ATTRIBUTE theTemplate[] = {
       { CKA_VALUE, NULL, 0 },
       { CKA_CLASS, NULL, 0 }
    };
    /* if you change the array, change the variable below as well */
    int tsize = sizeof(theTemplate)/sizeof(theTemplate[0]);
    CK_OBJECT_HANDLE certHandle;
    CK_ATTRIBUTE *attrs = theTemplate;
    PK11SlotInfo *slotRef = NULL;
    SECItem *item;
    SECStatus rv;

    if (slot) {
       PK11_SETATTRS(attrs, CKA_VALUE, cert->derCert.data, 
                                          cert->derCert.len); attrs++;
 
       rv = pk11_AuthenticateUnfriendly(slot, PR_TRUE, wincx);
       if (rv != SECSuccess) {
           return NULL;
       }
        certHandle = pk11_getcerthandle(slot,cert,theTemplate,tsize);
    } else {
       certHandle = PK11_FindObjectForCert(cert, wincx, &slotRef);
       if (certHandle == CK_INVALID_HANDLE) {
          return pk11_mkcertKeyID(cert);
       }
       slot = slotRef;
    }

    if (certHandle == CK_INVALID_HANDLE) {
        return NULL;
    }

    item = pk11_GetLowLevelKeyFromHandle(slot,certHandle);
    if (slotRef) PK11_FreeSlot(slotRef);
    return item;
}

Here is the call graph for this function:

SECItem* PK11_GetLowLevelKeyIDForPrivateKey ( SECKEYPrivateKey *  key)

Definition at line 1910 of file pk11akey.c.

{
    return pk11_GetLowLevelKeyFromHandle(privKey->pkcs11Slot,privKey->pkcs11ID);
}

Here is the call graph for this function:

CK_MECHANISM_TYPE PK11_GetMechanism ( PK11SymKey *  symKey)

Definition at line 289 of file pk11skey.c.

{
    return symKey->type;
}
int PK11_GetMinimumPwdLength ( PK11SlotInfo *  slot)

Definition at line 630 of file pk11auth.c.

{
    return ((int)slot->minPassword);
}
SECStatus PK11_GetModInfo ( SECMODModule *  mod,
CK_INFO info 
)

Definition at line 534 of file pk11util.c.

{
    CK_RV crv;

    if (mod->functionList == NULL) return SECFailure;
    crv = PK11_GETTAB(mod)->C_GetInfo(info);
    if (crv != CKR_OK) {
       PORT_SetError(PK11_MapError(crv));
    }  
    return (crv == CKR_OK) ? SECSuccess : SECFailure;
}

Here is the call graph for this function:

SECMODModule* PK11_GetModule ( PK11SlotInfo *  slot)

Definition at line 1649 of file pk11slot.c.

{
       return slot->module;
}
SECMODModuleID PK11_GetModuleID ( PK11SlotInfo *  slot)

Definition at line 1728 of file pk11slot.c.

{
    return slot->module->moduleID;
}
PK11GenericObject* PK11_GetNextGenericObject ( PK11GenericObject *  object)

Definition at line 1218 of file pk11obj.c.

{
    return object->next;
}
PK11SlotListElement* PK11_GetNextSafe ( PK11SlotList *  list,
PK11SlotListElement *  le,
PRBool  restart 
)

Definition at line 304 of file pk11slot.c.

{
    PK11SlotListElement *new_le;
    PZ_Lock(list->lock);
    new_le = le->next;
    if (le->next == NULL) {
       /* if the prev and next fields are NULL then either this element
        * has been removed and we need to walk the list again (if restart
        * is true) or this was the only element on the list */
       if ((le->prev == NULL) && restart &&  (list->head != le)) {
           new_le = list->head;
       }
    }
    if (new_le) new_le->refCount++;
    PZ_Unlock(list->lock);
    PK11_FreeSlotListElement(list,le);
    return new_le;
}

Here is the call graph for this function:

PK11SymKey* PK11_GetNextSymKey ( PK11SymKey *  symKey)

Definition at line 309 of file pk11skey.c.

{
    return symKey ? symKey->next : NULL;
}

Definition at line 1606 of file pk11mech.c.

                                             {
    switch(type) {
       case CKM_AES_CBC:
           return CKM_AES_CBC_PAD;
       case CKM_DES_CBC:
           return CKM_DES_CBC_PAD;
       case CKM_DES3_CBC:
           return CKM_DES3_CBC_PAD;
       case CKM_RC2_CBC:
           return CKM_RC2_CBC_PAD;
       case CKM_CDMF_CBC:
           return CKM_CDMF_CBC_PAD;
       case CKM_CAST_CBC:
           return CKM_CAST_CBC_PAD;
       case CKM_CAST3_CBC:
           return CKM_CAST3_CBC_PAD;
       case CKM_CAST5_CBC:
           return CKM_CAST5_CBC_PAD;
       case CKM_RC5_CBC:
           return CKM_RC5_CBC_PAD; 
       case CKM_IDEA_CBC:
           return CKM_IDEA_CBC_PAD; 
       default:
           break;
    }

    return type;
}

Here is the caller graph for this function:

SECItem* PK11_GetPBEIV ( SECAlgorithmID *  algid,
SECItem *  pwitem 
)

Definition at line 833 of file pk11pbe.c.

{
    /* pbe stuff */
    CK_MECHANISM_TYPE type;
    SECItem *mech;
    PK11SymKey *symKey;
    PK11SlotInfo *slot = PK11_GetInternalSlot();
    int iv_len = 0;
    CK_PBE_PARAMS_PTR pPBEparams;
    SECItem src;
    SECItem *iv;


    mech = PK11_ParamFromAlgid(algid);
    type = PK11_AlgtagToMechanism(SECOID_FindOIDTag(&algid->algorithm));
    if(mech == NULL) {
       return NULL;
    }
    symKey = PK11_RawPBEKeyGen(slot, type, mech, pwitem, PR_FALSE, NULL);
    PK11_FreeSlot(slot);
    if (symKey == NULL) {
       SECITEM_ZfreeItem(mech, PR_TRUE);
       return NULL;
    }
    PK11_FreeSymKey(symKey);
    pPBEparams = (CK_PBE_PARAMS_PTR)mech->data;
    iv_len = PK11_GetIVLength(type);

    src.data = (unsigned char *)pPBEparams->pInitVector;
    src.len = iv_len;
    iv = SECITEM_DupItem(&src);

    SECITEM_ZfreeItem(mech, PR_TRUE);
    return iv;
}

Here is the call graph for this function:

SECKEYPQGParams* PK11_GetPQGParamsFromPrivateKey ( SECKEYPrivateKey *  privKey)

Definition at line 1558 of file pk11akey.c.

{
    CK_ATTRIBUTE pTemplate[] = {
       { CKA_PRIME, NULL, 0 },
       { CKA_SUBPRIME, NULL, 0 },
       { CKA_BASE, NULL, 0 },
    };
    int pTemplateLen = sizeof(pTemplate)/sizeof(pTemplate[0]);
    PRArenaPool *arena = NULL;
    SECKEYPQGParams *params;
    CK_RV crv;


    arena = PORT_NewArena(2048);
    if (arena == NULL) {
       goto loser;
    }
    params=(SECKEYPQGParams *)PORT_ArenaZAlloc(arena,sizeof(SECKEYPQGParams));
    if (params == NULL) {
       goto loser;
    }

    crv = PK11_GetAttributes(arena, privKey->pkcs11Slot, privKey->pkcs11ID, 
                                          pTemplate, pTemplateLen);
    if (crv != CKR_OK) {
        PORT_SetError( PK11_MapError(crv) );
       goto loser;
    }

    params->arena = arena;
    params->prime.data = pTemplate[0].pValue;
    params->prime.len = pTemplate[0].ulValueLen;
    params->subPrime.data = pTemplate[1].pValue;
    params->subPrime.len = pTemplate[1].ulValueLen;
    params->base.data = pTemplate[2].pValue;
    params->base.len = pTemplate[2].ulValueLen;

    return params;

loser:
    if (arena != NULL) {
       PORT_FreeArena(arena,PR_FALSE);
    }
    return NULL;
}

Here is the call graph for this function:

PK11GenericObject* PK11_GetPrevGenericObject ( PK11GenericObject *  object)

Definition at line 1224 of file pk11obj.c.

{
    return object->prev;
}
char* PK11_GetPrivateKeyNickname ( SECKEYPrivateKey *  privKey)

Definition at line 1532 of file pk11akey.c.

{
    return PK11_GetObjectNickname(privKey->pkcs11Slot,privKey->pkcs11ID);
}

Here is the call graph for this function:

Here is the caller graph for this function:

int PK11_GetPrivateModulusLen ( SECKEYPrivateKey *  key)

Definition at line 462 of file pk11akey.c.

{
    CK_ATTRIBUTE theTemplate = { CKA_MODULUS, NULL, 0 };
    PK11SlotInfo *slot = key->pkcs11Slot;
    CK_RV crv;
    int length;

    switch (key->keyType) {
    case rsaKey:
       crv = PK11_GetAttributes(NULL, slot, key->pkcs11ID, &theTemplate, 1);
       if (crv != CKR_OK) {
           PORT_SetError( PK11_MapError(crv) );
           return -1;
       }
       length = theTemplate.ulValueLen;
       if ( *(unsigned char *)theTemplate.pValue == 0) {
           length--;
       }
       if (theTemplate.pValue != NULL)
           PORT_Free(theTemplate.pValue);
       return (int) length;
       
    case fortezzaKey:
    case dsaKey:
    case dhKey:
    default:
       break;
    }
    if (theTemplate.pValue != NULL)
       PORT_Free(theTemplate.pValue);
    PORT_SetError( SEC_ERROR_INVALID_KEY );
    return -1;
}

Here is the call graph for this function:

Here is the caller graph for this function:

char* PK11_GetPublicKeyNickname ( SECKEYPublicKey *  pubKey)

Definition at line 1538 of file pk11akey.c.

{
    return PK11_GetObjectNickname(pubKey->pkcs11Slot,pubKey->pkcs11ID);
}

Here is the call graph for this function:

PK11SlotInfo* PK11_GetSlotFromKey ( PK11SymKey *  symKey)

Definition at line 298 of file pk11skey.c.

{
    return PK11_ReferenceSlot(symKey->slot);
}

Here is the call graph for this function:

PK11SlotInfo* PK11_GetSlotFromPrivateKey ( SECKEYPrivateKey *  key)

Definition at line 451 of file pk11akey.c.

{
    PK11SlotInfo *slot = key->pkcs11Slot;
    slot = PK11_ReferenceSlot(slot);
    return slot;
}

Here is the call graph for this function:

Here is the caller graph for this function:

CK_SLOT_ID PK11_GetSlotID ( PK11SlotInfo *  slot)

Definition at line 1722 of file pk11slot.c.

{
    return slot->slotID;
}
SECStatus PK11_GetSlotInfo ( PK11SlotInfo *  slot,
CK_SLOT_INFO info 
)

Definition at line 1752 of file pk11slot.c.

{
    CK_RV crv;

    if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);
    /*
     * some buggy drivers do not fill the buffer completely, 
     * erase the buffer first
     */
    PORT_Memset(info->slotDescription,' ',sizeof(info->slotDescription));
    PORT_Memset(info->manufacturerID,' ',sizeof(info->manufacturerID));
    crv = PK11_GETTAB(slot)->C_GetSlotInfo(slot->slotID,info);
    pk11_zeroTerminatedToBlankPadded(info->slotDescription,
                                   sizeof(info->slotDescription));
    pk11_zeroTerminatedToBlankPadded(info->manufacturerID,
                                   sizeof(info->manufacturerID));
    if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
    if (crv != CKR_OK) {
       PORT_SetError(PK11_MapError(crv));
       return SECFailure;
    }
    return SECSuccess;
}

Here is the call graph for this function:

char* PK11_GetSlotName ( PK11SlotInfo *  slot)

Definition at line 1704 of file pk11slot.c.

{
     return slot->slot_name;
}
void PK11_GetSlotPWValues ( PK11SlotInfo *  slot,
int askpw,
int timeout 
)

Definition at line 262 of file pk11auth.c.

{
    *askpw = slot->askpw;
    *timeout = slot->timeout;

    if ((slot->defaultFlags & PK11_OWN_PW_DEFAULTS) == 0) {
       PK11SlotInfo *def_slot = PK11_GetInternalKeySlot();

       if (def_slot) {
           *askpw = def_slot->askpw;
           *timeout = def_slot->timeout;
           PK11_FreeSlot(def_slot);
       }
    }
}

Here is the call graph for this function:

int PK11_GetSlotSeries ( PK11SlotInfo *  slot)

Definition at line 1710 of file pk11slot.c.

{
    return slot->series;
}
char* PK11_GetSymKeyNickname ( PK11SymKey *  symKey)

Definition at line 315 of file pk11skey.c.

{
    return PK11_GetObjectNickname(symKey->slot,symKey->objectID);
}

Here is the call graph for this function:

CK_KEY_TYPE PK11_GetSymKeyType ( PK11SymKey *  key)

Definition at line 303 of file pk11skey.c.

{
    return PK11_GetKeyType(symKey->type,symKey->size);
}

Here is the call graph for this function:

void*