Back to index

lightning-sunbird  0.9+nobinonly
Classes | Defines | Typedefs | Functions | Variables
pkcs11.c File Reference
#include "seccomon.h"
#include "secitem.h"
#include "pkcs11.h"
#include "pkcs11i.h"
#include "pkcs11p.h"
#include "softoken.h"
#include "lowkeyi.h"
#include "blapi.h"
#include "secder.h"
#include "secport.h"
#include "pcert.h"
#include "secrng.h"
#include "nss.h"
#include "keydbi.h"
#include "pkcs11f.h"

Go to the source code of this file.

Classes

struct  mechanismList
struct  sftk_DBsStr
struct  sftkCrlDataStr
struct  sftkKeyDataStr
struct  sftkCertDataStr

Defines

#define __PASTE(x, y)   x##y
#define CK_EXTERN   extern
#define CK_PKCS11_FUNCTION_INFO(func)   CK_RV __PASTE(NS,func)
#define CK_NEED_ARG_LIST   1
#define CK_PKCS11_FUNCTION_INFO(func)   __PASTE(NS,func),
#define CKF_EN_DE   CKF_ENCRYPT | CKF_DECRYPT
#define CKF_WR_UN   CKF_WRAP | CKF_UNWRAP
#define CKF_SN_VR   CKF_SIGN | CKF_VERIFY
#define CKF_SN_RE   CKF_SIGN_RECOVER | CKF_VERIFY_RECOVER
#define CKF_EN_DE_WR_UN   CKF_EN_DE | CKF_WR_UN
#define CKF_SN_VR_RE   CKF_SN_VR | CKF_SN_RE
#define CKF_DUZ_IT_ALL   CKF_EN_DE_WR_UN | CKF_SN_VR_RE
#define CKF_EC_PNU   CKF_EC_FP | CKF_EC_NAMEDCURVE | CKF_EC_UNCOMPRESS
#define CKF_EC_BPNU   CKF_EC_F_2M | CKF_EC_PNU
#define CK_MAX   0xffffffff
#define SFTK_KEY_MAX_RETRIES   10 /* don't hang if we are having problems with the rng */
#define SFTK_KEY_ID_SIZE   18 /* don't use either SHA1 or MD5 sizes */
#define NSC_CERT   0x00000001
#define NSC_TRUST   0x00000002
#define NSC_CRL   0x00000004
#define NSC_SMIME   0x00000008
#define NSC_PRIVATE   0x00000010
#define NSC_PUBLIC   0x00000020
#define NSC_KEY   0x00000040

Typedefs

typedef unsigned char desKey [8]
typedef struct sftk_DBsStr sftkDBs
typedef struct sftkCrlDataStr sftkCrlData
typedef struct sftkKeyDataStr sftkKeyData
typedef struct sftkCertDataStr sftkCertData

Functions

static char * sftk_setStringName (const char *inString, char *buffer, int buffer_length)
static CK_RV sftk_configure (const char *man, const char *libdes)
static PRBool sftk_hasNullPassword (NSSLOWKEYDBHandle *keydb, SECItem **pwitem)
CK_RV sftk_defaultAttribute (SFTKObject *object, CK_ATTRIBUTE_TYPE type, void *value, unsigned int len)
static CK_RV sftk_handleDataObject (SFTKSession *session, SFTKObject *object)
static CK_RV sftk_handleCertObject (SFTKSession *session, SFTKObject *object)
unsigned int sftk_MapTrust (CK_TRUST trust, PRBool clientAuth)
static CK_RV sftk_handleTrustObject (SFTKSession *session, SFTKObject *object)
static CK_RV sftk_handleSMimeObject (SFTKSession *session, SFTKObject *object)
static CK_RV sftk_handleCrlObject (SFTKSession *session, SFTKObject *object)
static CK_RV sftk_handlePublicKeyObject (SFTKSession *session, SFTKObject *object, CK_KEY_TYPE key_type)
static NSSLOWKEYPrivateKey * sftk_mkPrivKey (SFTKObject *object, CK_KEY_TYPE key, CK_RV *rvp)
static CK_RV sftk_handlePrivateKeyObject (SFTKSession *session, SFTKObject *object, CK_KEY_TYPE key_type)
void sftk_FormatDESKey (unsigned char *key, int length)
static NSSLOWKEYPrivateKey * sftk_mkSecretKeyRep (SFTKObject *object)
static CK_RV validateSecretKey (SFTKSession *session, SFTKObject *object, CK_KEY_TYPE key_type, PRBool isFIPS)
static CK_RV sftk_GenerateSecretCKA_ID (NSSLOWKEYDBHandle *handle, SECItem *id, char *label)
static CK_RV sftk_handleSecretKeyObject (SFTKSession *session, SFTKObject *object, CK_KEY_TYPE key_type, PRBool isFIPS)
static CK_RV sftk_handleKeyObject (SFTKSession *session, SFTKObject *object)
static CK_RV sftk_handleDSAParameterObject (SFTKSession *session, SFTKObject *object)
static CK_RV sftk_handleKeyParameterObject (SFTKSession *session, SFTKObject *object)
CK_RV sftk_handleObject (SFTKObject *object, SFTKSession *session)
NSSLOWKEYPublicKey * sftk_GetPubKey (SFTKObject *object, CK_KEY_TYPE key_type, CK_RV *crvp)
NSSLOWKEYPrivateKey * sftk_GetPrivKey (SFTKObject *object, CK_KEY_TYPE key_type, CK_RV *crvp)
PRBool sftk_CheckDESKey (unsigned char *key)
PRBool sftk_IsWeakKey (unsigned char *key, CK_KEY_TYPE key_type)
static PRBool isSecretKey (NSSLOWKEYPrivateKey *privKey)
CK_RV NSC_GetFunctionList (CK_FUNCTION_LIST_PTR *pFunctionList)
CK_RV C_GetFunctionList (CK_FUNCTION_LIST_PTR *pFunctionList)
static PLHashNumber sftk_HashNumber (const void *key)
const char * sftk_getDefTokName (CK_SLOT_ID slotID)
const char * sftk_getDefSlotName (CK_SLOT_ID slotID)
static int sftk_GetModuleIndex (CK_SLOT_ID slotID)
SFTKSlot * sftk_SlotFromID (CK_SLOT_ID slotID, PRBool all)
SFTKSlot * sftk_SlotFromSessionHandle (CK_SESSION_HANDLE handle)
static CK_RV sftk_RegisterSlot (SFTKSlot *slot, int moduleIndex)
static SECStatus sftk_set_user (NSSLOWCERTCertificate *cert, SECItem *dummy, void *arg)
static void sftk_DBVerify (NSSLOWCERTCertDBHandle *certHandle, NSSLOWKEYDBHandle *keyHandle)
CK_RV SFTK_SlotReInit (SFTKSlot *slot, char *configdir, sftk_token_parameters *params, int moduleIndex)
CK_RV SFTK_SlotInit (char *configdir, sftk_token_parameters *params, int moduleIndex)
static CK_RV sft_CloseAllSession (SFTKSlot *slot)
static void sftk_DBShutdown (SFTKSlot *slot)
CK_RV SFTK_ShutdownSlot (SFTKSlot *slot)
CK_RV SFTK_DestroySlotData (SFTKSlot *slot)
char ** NSC_ModuleDBFunc (unsigned long function, char *parameters, void *args)
static void nscFreeAllSlots (int moduleIndex)
static void sftk_closePeer (PRBool isFIPS)
SECStatus secoid_Init (void)
CK_RV nsc_CommonInitialize (CK_VOID_PTR pReserved, PRBool isFIPS)
CK_RV NSC_Initialize (CK_VOID_PTR pReserved)
SECStatus SECOID_Shutdown (void)
CK_RV nsc_CommonFinalize (CK_VOID_PTR pReserved, PRBool isFIPS)
CK_RV NSC_Finalize (CK_VOID_PTR pReserved)
CK_RV NSC_GetInfo (CK_INFO_PTR pInfo)
CK_RV nsc_CommonGetSlotList (CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount, int moduleIndex)
CK_RV NSC_GetSlotList (CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount)
CK_RV NSC_GetSlotInfo (CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
static PRBool sftk_checkNeedLogin (SFTKSlot *slot, NSSLOWKEYDBHandle *keyHandle)
CK_RV NSC_GetTokenInfo (CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
CK_RV NSC_GetMechanismList (CK_SLOT_ID slotID, CK_MECHANISM_TYPE_PTR pMechanismList, CK_ULONG_PTR pulCount)
CK_RV NSC_GetMechanismInfo (CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, CK_MECHANISM_INFO_PTR pInfo)
CK_RV sftk_MechAllowsOperation (CK_MECHANISM_TYPE type, CK_ATTRIBUTE_TYPE op)
static SECStatus sftk_TurnOffUser (NSSLOWCERTCertificate *cert, SECItem *k, void *arg)
CK_RV NSC_InitToken (CK_SLOT_ID slotID, CK_CHAR_PTR pPin, CK_ULONG ulPinLen, CK_CHAR_PTR pLabel)
CK_RV NSC_InitPIN (CK_SESSION_HANDLE hSession, CK_CHAR_PTR pPin, CK_ULONG ulPinLen)
CK_RV NSC_SetPIN (CK_SESSION_HANDLE hSession, CK_CHAR_PTR pOldPin, CK_ULONG ulOldLen, CK_CHAR_PTR pNewPin, CK_ULONG ulNewLen)
CK_RV NSC_OpenSession (CK_SLOT_ID slotID, CK_FLAGS flags, CK_VOID_PTR pApplication, CK_NOTIFY Notify, CK_SESSION_HANDLE_PTR phSession)
CK_RV NSC_CloseSession (CK_SESSION_HANDLE hSession)
CK_RV NSC_CloseAllSessions (CK_SLOT_ID slotID)
CK_RV NSC_GetSessionInfo (CK_SESSION_HANDLE hSession, CK_SESSION_INFO_PTR pInfo)
CK_RV NSC_Login (CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, CK_CHAR_PTR pPin, CK_ULONG ulPinLen)
CK_RV NSC_Logout (CK_SESSION_HANDLE hSession)
static CK_RV sftk_CreateNewSlot (SFTKSlot *slot, CK_OBJECT_CLASS class, SFTKObject *object)
CK_RV NSC_CreateObject (CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phObject)
CK_RV NSC_CopyObject (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phNewObject)
CK_RV NSC_GetObjectSize (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize)
CK_RV NSC_GetAttributeValue (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)
CK_RV NSC_SetAttributeValue (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)
static SECStatus sftk_crl_collect (SECItem *data, SECItem *key, certDBEntryType type, void *arg)
static void sftk_searchCrls (SFTKSlot *slot, SECItem *derSubject, PRBool isKrl, unsigned long classFlags, SFTKSearchResults *search, CK_ATTRIBUTE *pTemplate, CK_ULONG ulCount)
static SECStatus sftk_key_collect (DBT *key, DBT *data, void *arg)
static void sftk_searchKeys (SFTKSlot *slot, SECItem *key_id, PRBool isLoggedIn, unsigned long classFlags, SFTKSearchResults *search, PRBool mustStrict, CK_ATTRIBUTE *pTemplate, CK_ULONG ulCount)
static SECStatus sftk_cert_collect (NSSLOWCERTCertificate *cert, void *arg)
static SECStatus sftk_cert_collect2 (NSSLOWCERTCertificate *cert, SECItem *dymmy, void *arg)
static void sftk_searchSingleCert (sftkCertData *certData, NSSLOWCERTCertificate *cert)
static void sftk_CertSetupData (sftkCertData *certData, int count)
static void sftk_searchCertsAndTrust (SFTKSlot *slot, SECItem *derCert, SECItem *name, SECItem *derSubject, NSSLOWCERTIssuerAndSN *issuerSN, SECItem *email, unsigned long classFlags, SFTKSearchResults *handles, CK_ATTRIBUTE *pTemplate, CK_LONG ulCount)
static void sftk_searchSMime (SFTKSlot *slot, SECItem *email, SFTKSearchResults *handles, CK_ATTRIBUTE *pTemplate, CK_LONG ulCount)
static CK_RV sftk_searchTokenList (SFTKSlot *slot, SFTKSearchResults *search, CK_ATTRIBUTE *pTemplate, CK_LONG ulCount, PRBool *tokenOnly, PRBool isLoggedIn)
CK_RV NSC_FindObjectsInit (CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)
CK_RV NSC_FindObjects (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE_PTR phObject, CK_ULONG ulMaxObjectCount, CK_ULONG_PTR pulObjectCount)
CK_RV NSC_FindObjectsFinal (CK_SESSION_HANDLE hSession)
CK_RV NSC_WaitForSlotEvent (CK_FLAGS flags, CK_SLOT_ID_PTR pSlot, CK_VOID_PTR pReserved)

Variables

static char * manufacturerID = "Mozilla Foundation "
static char manufacturerID_space [33]
static char * libraryDescription = "NSS Internal Crypto Services "
static char libraryDescription_space [33]
static PRIntervalTime loginWaitTime
static const CK_FUNCTION_LIST sftk_funcList
static const desKey sftk_desWeakTable []
static const int sftk_desWeakTableSize
static const unsigned char parityTable [256]
static struct mechanismList []
static const CK_ULONG mechanismCount = sizeof(mechanisms)/sizeof(mechanisms[0])
static CK_ULONG nscSlotCount [2] = {0 , 0}
static CK_SLOT_ID_PTR nscSlotList [2] = {NULL, NULL}
static CK_ULONG nscSlotListSize [2] = {0, 0}
static PLHashTablenscSlotHashTable [2] = {NULL, NULL}
static PRBool nsc_init = PR_FALSE
const char __nss_softokn_rcsid []
const char __nss_softokn_sccsid []

Class Documentation

struct mechanismList

Definition at line 224 of file pkcs11.c.

Collaboration diagram for mechanismList:
Class Members
CK_MECHANISM_INFO info
PRBool privkey
CK_MECHANISM_TYPE type
struct sftk_DBsStr

Definition at line 2530 of file pkcs11.c.

Class Members
NSSLOWCERTCertDBHandle * certHandle
NSSLOWKEYDBHandle * keyHandle
struct sftkCrlDataStr

Definition at line 4383 of file pkcs11.c.

Collaboration diagram for sftkCrlDataStr:
Class Members
SFTKSearchResults * searchHandles
SFTKSlot * slot
CK_ULONG templ_count
CK_ATTRIBUTE * template
struct sftkKeyDataStr

Definition at line 4450 of file pkcs11.c.

Collaboration diagram for sftkKeyDataStr:
Class Members
unsigned long classFlags
SECItem * id
PRBool isLoggedIn
NSSLOWKEYDBHandle * keyHandle
SFTKSearchResults * searchHandles
SFTKSlot * slot
PRBool strict
CK_ULONG templ_count
CK_ATTRIBUTE * template
struct sftkCertDataStr

Definition at line 4634 of file pkcs11.c.

Collaboration diagram for sftkCertDataStr:
Class Members
int cert_count
NSSLOWCERTCertificate ** certs
unsigned long classFlags
int max_cert_count
SFTKSlot * slot
PRBool strict
CK_ULONG templ_count
CK_ATTRIBUTE * template

Define Documentation

#define __PASTE (   x,
  y 
)    x##y

Definition at line 90 of file pkcs11.c.

#define CK_EXTERN   extern

Definition at line 99 of file pkcs11.c.

#define CK_MAX   0xffffffff

Definition at line 248 of file pkcs11.c.

Definition at line 102 of file pkcs11.c.

Definition at line 100 of file pkcs11.c.

Definition at line 100 of file pkcs11.c.

Definition at line 242 of file pkcs11.c.

Definition at line 246 of file pkcs11.c.

Definition at line 244 of file pkcs11.c.

Definition at line 235 of file pkcs11.c.

Definition at line 240 of file pkcs11.c.

Definition at line 238 of file pkcs11.c.

Definition at line 237 of file pkcs11.c.

Definition at line 241 of file pkcs11.c.

Definition at line 236 of file pkcs11.c.

#define NSC_CERT   0x00000001

Definition at line 4338 of file pkcs11.c.

#define NSC_CRL   0x00000004

Definition at line 4340 of file pkcs11.c.

#define NSC_KEY   0x00000040

Definition at line 4344 of file pkcs11.c.

#define NSC_PRIVATE   0x00000010

Definition at line 4342 of file pkcs11.c.

#define NSC_PUBLIC   0x00000020

Definition at line 4343 of file pkcs11.c.

#define NSC_SMIME   0x00000008

Definition at line 4341 of file pkcs11.c.

#define NSC_TRUST   0x00000002

Definition at line 4339 of file pkcs11.c.

#define SFTK_KEY_ID_SIZE   18 /* don't use either SHA1 or MD5 sizes */

Definition at line 1501 of file pkcs11.c.

#define SFTK_KEY_MAX_RETRIES   10 /* don't hang if we are having problems with the rng */

Definition at line 1500 of file pkcs11.c.


Typedef Documentation

typedef unsigned char desKey[8]

Definition at line 128 of file pkcs11.c.

typedef struct sftkCertDataStr sftkCertData
typedef struct sftkCrlDataStr sftkCrlData
typedef struct sftk_DBsStr sftkDBs
typedef struct sftkKeyDataStr sftkKeyData

Function Documentation

Definition at line 2340 of file pkcs11.c.

{
    return NSC_GetFunctionList(pFunctionList);
}

Here is the call graph for this function:

static PRBool isSecretKey ( NSSLOWKEYPrivateKey *  privKey) [static]

Definition at line 2315 of file pkcs11.c.

{
  if (privKey->keyType == NSSLOWKEYRSAKey && 
              privKey->u.rsa.publicExponent.len == 1 &&
                            privKey->u.rsa.publicExponent.data[0] == 0)
    return PR_TRUE;

  return PR_FALSE;
}

Here is the caller graph for this function:

Definition at line 3764 of file pkcs11.c.

{
    SFTKSlot *slot;

    slot = sftk_SlotFromID(slotID, PR_FALSE);
    if (slot == NULL) return CKR_SLOT_ID_INVALID;

    return sft_CloseAllSession(slot);
}

Here is the call graph for this function:

Definition at line 3720 of file pkcs11.c.

{
    SFTKSlot *slot;
    SFTKSession *session;
    SECItem *pw = NULL;
    PRBool sessionFound;
    PZLock *lock;

    session = sftk_SessionFromHandle(hSession);
    if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
    slot = sftk_SlotFromSession(session);
    sessionFound = PR_FALSE;

    /* lock */
    lock = SFTK_SESSION_LOCK(slot,hSession);
    PZ_Lock(lock);
    if (sftkqueue_is_queued(session,hSession,slot->head,slot->sessHashSize)) {
       sessionFound = PR_TRUE;
       sftkqueue_delete(session,hSession,slot->head,slot->sessHashSize);
       session->refCount--; /* can't go to zero while we hold the reference */
       PORT_Assert(session->refCount > 0);
    }
    PZ_Unlock(lock);

    if (sessionFound) {
       PZ_Lock(slot->slotLock);
       if (--slot->sessionCount == 0) {
           pw = slot->password;
           slot->isLoggedIn = PR_FALSE;
           slot->password = NULL;
       }
       PZ_Unlock(slot->slotLock);
       if (session->info.flags & CKF_RW_SESSION) {
           PR_AtomicDecrement(&slot->rwSessionCount);
       }
    }

    sftk_FreeSession(session);
    if (pw) SECITEM_ZfreeItem(pw, PR_TRUE);
    return CKR_OK;
}

Here is the call graph for this function:

CK_RV nsc_CommonFinalize ( CK_VOID_PTR  pReserved,
PRBool  isFIPS 
)

Definition at line 3102 of file pkcs11.c.

{
    

    nscFreeAllSlots(isFIPS ? NSC_FIPS_MODULE : NSC_NON_FIPS_MODULE);

    /* don't muck with the globals is our peer is still initialized */
    if (isFIPS && nsc_init) {
       return CKR_OK;
    }
    if (!isFIPS && nsf_init) {
       return CKR_OK;
    }

    sftk_CleanupFreeLists();
    nsslowcert_DestroyFreeLists();
    nsslowcert_DestroyGlobalLocks();

    /* This function does not discard all our previously aquired entropy. */
    RNG_RNGShutdown();

    /* tell freeBL to clean up after itself */
    BL_Cleanup();
    /* unload freeBL shared library from memory */
    BL_Unload();
    /* clean up the default OID table */
    SECOID_Shutdown();
    nsc_init = PR_FALSE;

    return CKR_OK;
}

Here is the call graph for this function:

CK_RV nsc_CommonGetSlotList ( CK_BBOOL  tokenPresent,
CK_SLOT_ID_PTR  pSlotList,
CK_ULONG_PTR  pulCount,
int  moduleIndex 
)

Definition at line 3172 of file pkcs11.c.

{
    *pulCount = nscSlotCount[moduleIndex];
    if (pSlotList != NULL) {
       PORT_Memcpy(pSlotList,nscSlotList[moduleIndex],
                            nscSlotCount[moduleIndex]*sizeof(CK_SLOT_ID));
    }
    return CKR_OK;
}
CK_RV nsc_CommonInitialize ( CK_VOID_PTR  pReserved,
PRBool  isFIPS 
)

Definition at line 2981 of file pkcs11.c.

{
    CK_RV crv = CKR_OK;
    SECStatus rv;
    CK_C_INITIALIZE_ARGS *init_args = (CK_C_INITIALIZE_ARGS *) pReserved;
    int i;
    int moduleIndex = isFIPS? NSC_FIPS_MODULE : NSC_NON_FIPS_MODULE;


    if (isFIPS) {
       loginWaitTime = PR_SecondsToInterval(1);
    }

    rv = secoid_Init();
    if (rv != SECSuccess) {
       crv = CKR_DEVICE_ERROR;
       return crv;
    }

    rv = RNG_RNGInit();         /* initialize random number generator */
    if (rv != SECSuccess) {
       crv = CKR_DEVICE_ERROR;
       return crv;
    }
    RNG_SystemInfoForRNG();

    rv = nsslowcert_InitLocks();
    if (rv != SECSuccess) {
       crv = CKR_DEVICE_ERROR;
       return crv;
    }


    /* NOTE:
     * we should be getting out mutexes from this list, not statically binding
     * them from NSPR. This should happen before we allow the internal to split
     * off from the rest on NSS.
     */

    /* initialize the key and cert db's */
    nsslowkey_SetDefaultKeyDBAlg
                          (SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC);
    if (init_args && (!(init_args->flags & CKF_OS_LOCKING_OK))) {
        if (init_args->CreateMutex && init_args->DestroyMutex &&
            init_args->LockMutex && init_args->UnlockMutex) {
            /* softoken always uses NSPR (ie. OS locking), and doesn't know how
             * to use the lock functions provided by the application.
             */
            crv = CKR_CANT_LOCK;
            return crv;
        }
        if (init_args->CreateMutex || init_args->DestroyMutex ||
            init_args->LockMutex || init_args->UnlockMutex) {
            /* only some of the lock functions were provided by the
             * application. This is invalid per PKCS#11 spec.
             */
            crv = CKR_ARGUMENTS_BAD;
            return crv;
        }
    }
    crv = CKR_ARGUMENTS_BAD;
    if ((init_args && init_args->LibraryParameters)) {
       sftk_parameters paramStrings;
       
       crv = secmod_parseParameters
              ((char *)init_args->LibraryParameters, &paramStrings, isFIPS);
       if (crv != CKR_OK) {
           return crv;
       }
       crv = sftk_configure(paramStrings.man, paramStrings.libdes);
        if (crv != CKR_OK) {
           goto loser;
       }

       /* if we have a peer already open, have him close his DB's so we
        * don't clobber each other. */
       if ((isFIPS && nsc_init) || (!isFIPS && nsf_init)) {
           sftk_closePeer(isFIPS);
           if (sftk_audit_enabled) {
              if (isFIPS && nsc_init) {
                  sftk_LogAuditMessage(NSS_AUDIT_INFO, "enabled FIPS mode");
              } else {
                  sftk_LogAuditMessage(NSS_AUDIT_INFO, "disabled FIPS mode");
              }
           }
       }

       for (i=0; i < paramStrings.token_count; i++) {
           crv = SFTK_SlotInit(paramStrings.configdir, 
                     &paramStrings.tokens[i],
                     moduleIndex);
           if (crv != CKR_OK) {
                nscFreeAllSlots(moduleIndex);
                break;
            }
       }
loser:
       secmod_freeParams(&paramStrings);
    }
    if (CKR_OK == crv) {
        sftk_InitFreeLists();
    }

    return crv;
}

Here is the call graph for this function:

CK_RV NSC_CopyObject ( CK_SESSION_HANDLE  hSession,
CK_OBJECT_HANDLE  hObject,
CK_ATTRIBUTE_PTR  pTemplate,
CK_ULONG  ulCount,
CK_OBJECT_HANDLE_PTR  phNewObject 
)

Definition at line 4100 of file pkcs11.c.

{
    SFTKObject *destObject,*srcObject;
    SFTKSession *session;
    CK_RV crv = CKR_OK;
    SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession);
    int i;

    /* Get srcObject so we can find the class */
    session = sftk_SessionFromHandle(hSession);
    if (session == NULL) {
        return CKR_SESSION_HANDLE_INVALID;
    }
    srcObject = sftk_ObjectFromHandle(hObject,session);
    if (srcObject == NULL) {
       sftk_FreeSession(session);
       return CKR_OBJECT_HANDLE_INVALID;
    }
    /*
     * create an object to hang the attributes off of
     */
    destObject = sftk_NewObject(slot); /* fill in the handle later */
    if (destObject == NULL) {
       sftk_FreeSession(session);
        sftk_FreeObject(srcObject);
       return CKR_HOST_MEMORY;
    }

    /*
     * load the template values into the object
     */
    for (i=0; i < (int) ulCount; i++) {
       if (sftk_modifyType(pTemplate[i].type,srcObject->objclass) == SFTK_NEVER) {
           crv = CKR_ATTRIBUTE_READ_ONLY;
           break;
       }
       crv = sftk_AddAttributeType(destObject,sftk_attr_expand(&pTemplate[i]));
       if (crv != CKR_OK) { break; }
    }
    if (crv != CKR_OK) {
       sftk_FreeSession(session);
        sftk_FreeObject(srcObject);
       sftk_FreeObject(destObject);
       return crv;
    }

    /* sensitive can only be changed to CK_TRUE */
    if (sftk_hasAttribute(destObject,CKA_SENSITIVE)) {
       if (!sftk_isTrue(destObject,CKA_SENSITIVE)) {
           sftk_FreeSession(session);
            sftk_FreeObject(srcObject);
           sftk_FreeObject(destObject);
           return CKR_ATTRIBUTE_READ_ONLY;
       }
    }

    /*
     * now copy the old attributes from the new attributes
     */
    /* don't create a token object if we aren't in a rw session */
    /* we need to hold the lock to copy a consistant version of
     * the object. */
    crv = sftk_CopyObject(destObject,srcObject);

    destObject->objclass = srcObject->objclass;
    sftk_FreeObject(srcObject);
    if (crv != CKR_OK) {
       sftk_FreeObject(destObject);
       sftk_FreeSession(session);
        return crv;
    }

    crv = sftk_handleObject(destObject,session);
    *phNewObject = destObject->handle;
    sftk_FreeSession(session);
    sftk_FreeObject(destObject);
    
    return crv;
}

Here is the call graph for this function:

CK_RV NSC_CreateObject ( CK_SESSION_HANDLE  hSession,
CK_ATTRIBUTE_PTR  pTemplate,
CK_ULONG  ulCount,
CK_OBJECT_HANDLE_PTR  phObject 
)

Definition at line 4033 of file pkcs11.c.

{
    SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession);
    SFTKSession *session;
    SFTKObject *object;
    /* make sure class isn't randomly CKO_NETSCAPE_NEWSLOT or
     * CKO_NETSCPE_DELSLOT. */
    CK_OBJECT_CLASS class = CKO_VENDOR_DEFINED;
    CK_RV crv;
    int i;

    *phObject = CK_INVALID_HANDLE;

    /*
     * now lets create an object to hang the attributes off of
     */
    object = sftk_NewObject(slot); /* fill in the handle later */
    if (object == NULL) {
       return CKR_HOST_MEMORY;
    }

    /*
     * load the template values into the object
     */
    for (i=0; i < (int) ulCount; i++) {
       crv = sftk_AddAttributeType(object,sftk_attr_expand(&pTemplate[i]));
       if (crv != CKR_OK) {
           sftk_FreeObject(object);
           return crv;
       }
       if ((pTemplate[i].type == CKA_CLASS) && pTemplate[i].pValue) {
           class = *(CK_OBJECT_CLASS *)pTemplate[i].pValue;
       }
    }

    /* get the session */
    session = sftk_SessionFromHandle(hSession);
    if (session == NULL) {
       sftk_FreeObject(object);
        return CKR_SESSION_HANDLE_INVALID;
    }

    /*
     * handle pseudo objects (CKO_NEWSLOT)
     */
    if ((class == CKO_NETSCAPE_NEWSLOT)  || (class == CKO_NETSCAPE_DELSLOT)) {
       crv = sftk_CreateNewSlot(slot, class, object);
       goto done;
    } 

    /*
     * handle the base object stuff
     */
    crv = sftk_handleObject(object,session);
    *phObject = object->handle;
done:
    sftk_FreeSession(session);
    sftk_FreeObject(object);

    return crv;
}

Here is the call graph for this function:

CK_RV NSC_Finalize ( CK_VOID_PTR  pReserved)

Definition at line 3136 of file pkcs11.c.

{
    CK_RV crv;

    if (!nsc_init) {
       return CKR_OK;
    }

    crv = nsc_CommonFinalize (pReserved, PR_FALSE);

    nsc_init = (PRBool) !(crv == CKR_OK);

    return crv;
}

Here is the call graph for this function:

CK_RV NSC_FindObjects ( CK_SESSION_HANDLE  hSession,
CK_OBJECT_HANDLE_PTR  phObject,
CK_ULONG  ulMaxObjectCount,
CK_ULONG_PTR  pulObjectCount 
)

Definition at line 5147 of file pkcs11.c.

{
    SFTKSession *session;
    SFTKSearchResults *search;
    int       transfer;
    int left;

    *pulObjectCount = 0;
    session = sftk_SessionFromHandle(hSession);
    if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
    if (session->search == NULL) {
       sftk_FreeSession(session);
       return CKR_OK;
    }
    search = session->search;
    left = session->search->size - session->search->index;
    transfer = ((int)ulMaxObjectCount > left) ? left : ulMaxObjectCount;
    if (transfer > 0) {
       PORT_Memcpy(phObject,&search->handles[search->index],
                                        transfer*sizeof(CK_OBJECT_HANDLE_PTR));
    } else {
       *phObject = CK_INVALID_HANDLE;
    }

    search->index += transfer;
    if (search->index == search->size) {
       session->search = NULL;
       sftk_FreeSearch(search);
    }
    *pulObjectCount = transfer;
    sftk_FreeSession(session);
    return CKR_OK;
}

Here is the call graph for this function:

Definition at line 5184 of file pkcs11.c.

{
    SFTKSession *session;
    SFTKSearchResults *search;

    session = sftk_SessionFromHandle(hSession);
    if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
    search = session->search;
    session->search = NULL;
    sftk_FreeSession(session);
    if (search != NULL) {
       sftk_FreeSearch(search);
    }
    return CKR_OK;
}

Here is the call graph for this function:

CK_RV NSC_FindObjectsInit ( CK_SESSION_HANDLE  hSession,
CK_ATTRIBUTE_PTR  pTemplate,
CK_ULONG  ulCount 
)

Definition at line 5078 of file pkcs11.c.

{
    SFTKSearchResults *search = NULL, *freeSearch = NULL;
    SFTKSession *session = NULL;
    SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession);
    PRBool tokenOnly = PR_FALSE;
    CK_RV crv = CKR_OK;
    PRBool isLoggedIn;
    
    session = sftk_SessionFromHandle(hSession);
    if (session == NULL) {
       crv = CKR_SESSION_HANDLE_INVALID;
       goto loser;
    }
   
    search = (SFTKSearchResults *)PORT_Alloc(sizeof(SFTKSearchResults));
    if (search == NULL) {
       crv = CKR_HOST_MEMORY;
       goto loser;
    }
    search->handles = (CK_OBJECT_HANDLE *)
              PORT_Alloc(sizeof(CK_OBJECT_HANDLE) * NSC_SEARCH_BLOCK_SIZE);
    if (search->handles == NULL) {
       crv = CKR_HOST_MEMORY;
       goto loser;
    }
    search->index = 0;
    search->size = 0;
    search->array_size = NSC_SEARCH_BLOCK_SIZE;
    isLoggedIn = (PRBool)((!slot->needLogin) || slot->isLoggedIn);

    crv = sftk_searchTokenList(slot, search, pTemplate, ulCount, &tokenOnly,
                                                        isLoggedIn);
    if (crv != CKR_OK) {
       goto loser;
    }
    
    /* build list of found objects in the session */
    if (!tokenOnly) {
       crv = sftk_searchObjectList(search, slot->tokObjects, 
                            slot->tokObjHashSize, slot->objectLock, 
                                   pTemplate, ulCount, isLoggedIn);
    }
    if (crv != CKR_OK) {
       goto loser;
    }

    if ((freeSearch = session->search) != NULL) {
       session->search = NULL;
       sftk_FreeSearch(freeSearch);
    }
    session->search = search;
    sftk_FreeSession(session);
    return CKR_OK;

loser:
    if (search) {
       sftk_FreeSearch(search);
    }
    if (session) {
       sftk_FreeSession(session);
    }
    return crv;
}

Here is the call graph for this function:

CK_RV NSC_GetAttributeValue ( CK_SESSION_HANDLE  hSession,
CK_OBJECT_HANDLE  hObject,
CK_ATTRIBUTE_PTR  pTemplate,
CK_ULONG  ulCount 
)

Definition at line 4192 of file pkcs11.c.

                                                                          {
    SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession);
    SFTKSession *session;
    SFTKObject *object;
    SFTKAttribute *attribute;
    PRBool sensitive;
    CK_RV crv;
    int i;

    /*
     * make sure we're allowed
     */
    session = sftk_SessionFromHandle(hSession);
    if (session == NULL) {
        return CKR_SESSION_HANDLE_INVALID;
    }

    object = sftk_ObjectFromHandle(hObject,session);
    sftk_FreeSession(session);
    if (object == NULL) {
       return CKR_OBJECT_HANDLE_INVALID;
    }

    /* don't read a private object if we aren't logged in */
    if ((!slot->isLoggedIn) && (slot->needLogin) &&
                            (sftk_isTrue(object,CKA_PRIVATE))) {
       sftk_FreeObject(object);
       return CKR_USER_NOT_LOGGED_IN;
    }

    crv = CKR_OK;
    sensitive = sftk_isTrue(object,CKA_SENSITIVE);
    for (i=0; i < (int) ulCount; i++) {
       /* Make sure that this attribute is retrievable */
       if (sensitive && sftk_isSensitive(pTemplate[i].type,object->objclass)) {
           crv = CKR_ATTRIBUTE_SENSITIVE;
           pTemplate[i].ulValueLen = -1;
           continue;
       }
       attribute = sftk_FindAttribute(object,pTemplate[i].type);
       if (attribute == NULL) {
           crv = CKR_ATTRIBUTE_TYPE_INVALID;
           pTemplate[i].ulValueLen = -1;
           continue;
       }
       if (pTemplate[i].pValue != NULL) {
           PORT_Memcpy(pTemplate[i].pValue,attribute->attrib.pValue,
                                          attribute->attrib.ulValueLen);
       }
       pTemplate[i].ulValueLen = attribute->attrib.ulValueLen;
       sftk_FreeAttribute(attribute);
    }

    sftk_FreeObject(object);
    return crv;
}

Here is the call graph for this function:

Definition at line 2333 of file pkcs11.c.

{
    *pFunctionList = (CK_FUNCTION_LIST_PTR) &sftk_funcList;
    return CKR_OK;
}

Definition at line 3155 of file pkcs11.c.

{
    volatile char c; /* force a reference that won't get optimized away */

    c = __nss_softokn_rcsid[0] + __nss_softokn_sccsid[0]; 
    pInfo->cryptokiVersion.major = 2;
    pInfo->cryptokiVersion.minor = 20;
    PORT_Memcpy(pInfo->manufacturerID,manufacturerID,32);
    pInfo->libraryVersion.major = NSS_VMAJOR;
    pInfo->libraryVersion.minor = NSS_VMINOR;
    PORT_Memcpy(pInfo->libraryDescription,libraryDescription,32);
    pInfo->flags = 0;
    return CKR_OK;
}

Definition at line 3348 of file pkcs11.c.

{
    PRBool isPrivateKey;
    CK_ULONG i;

    switch (slotID) {
    case NETSCAPE_SLOT_ID:
       isPrivateKey = PR_FALSE;
       break;
    default:
       isPrivateKey = PR_TRUE;
       break;
    }
    for (i=0; i < mechanismCount; i++) {
        if (type == mechanisms[i].type) {
           if (isPrivateKey && !mechanisms[i].privkey) {
              return CKR_MECHANISM_INVALID;
           }
           PORT_Memcpy(pInfo,&mechanisms[i].info, sizeof(CK_MECHANISM_INFO));
           return CKR_OK;
       }
    }
    return CKR_MECHANISM_INVALID;
}
CK_RV NSC_GetMechanismList ( CK_SLOT_ID  slotID,
CK_MECHANISM_TYPE_PTR  pMechanismList,
CK_ULONG_PTR  pulCount 
)

Definition at line 3315 of file pkcs11.c.

{
    CK_ULONG i;

    switch (slotID) {
    /* default: */
    case NETSCAPE_SLOT_ID:
       *pulCount = mechanismCount;
       if (pMechanismList != NULL) {
           for (i=0; i < mechanismCount; i++) {
              pMechanismList[i] = mechanisms[i].type;
           }
       }
       break;
     default:
       *pulCount = 0;
       for (i=0; i < mechanismCount; i++) {
           if (mechanisms[i].privkey) {
              (*pulCount)++;
              if (pMechanismList != NULL) {
                  *pMechanismList++ = mechanisms[i].type;
              }
           }
       }
       break;
    }
    return CKR_OK;
}
CK_RV NSC_GetObjectSize ( CK_SESSION_HANDLE  hSession,
CK_OBJECT_HANDLE  hObject,
CK_ULONG_PTR  pulSize 
)

Definition at line 4184 of file pkcs11.c.

                                                                     {
    *pulSize = 0;
    return CKR_OK;
}

Definition at line 3777 of file pkcs11.c.

{
    SFTKSession *session;

    session = sftk_SessionFromHandle(hSession);
    if (session == NULL) return CKR_SESSION_HANDLE_INVALID;

    PORT_Memcpy(pInfo,&session->info,sizeof(CK_SESSION_INFO));
    sftk_FreeSession(session);
    return CKR_OK;
}

Here is the call graph for this function:

Definition at line 3192 of file pkcs11.c.

{
    SFTKSlot *slot = sftk_SlotFromID(slotID, PR_TRUE);
    if (slot == NULL) return CKR_SLOT_ID_INVALID;

    pInfo->firmwareVersion.major = 0;
    pInfo->firmwareVersion.minor = 0;

    PORT_Memcpy(pInfo->manufacturerID,manufacturerID,32);
    PORT_Memcpy(pInfo->slotDescription,slot->slotDescription,64);
    pInfo->flags = (slot->present) ? CKF_TOKEN_PRESENT : 0;
    /* all user defined slots are defined as removable */
    if (slotID >= SFTK_MIN_USER_SLOT_ID) {
       pInfo->flags |= CKF_REMOVABLE_DEVICE;
    }
    /* ok we really should read it out of the keydb file. */
    /* pInfo->hardwareVersion.major = NSSLOWKEY_DB_FILE_VERSION; */
    pInfo->hardwareVersion.major = NSS_VMAJOR;
    pInfo->hardwareVersion.minor = NSS_VMINOR;
    return CKR_OK;
}

Here is the call graph for this function:

CK_RV NSC_GetSlotList ( CK_BBOOL  tokenPresent,
CK_SLOT_ID_PTR  pSlotList,
CK_ULONG_PTR  pulCount 
)

Definition at line 3184 of file pkcs11.c.

{
    return nsc_CommonGetSlotList(tokenPresent, pSlotList, pulCount, 
                                                 NSC_NON_FIPS_MODULE);
}

Here is the call graph for this function:

Definition at line 3239 of file pkcs11.c.

{
    SFTKSlot *slot; 
    NSSLOWKEYDBHandle *handle;

    if (!nsc_init && !nsf_init) return CKR_CRYPTOKI_NOT_INITIALIZED;
    slot = sftk_SlotFromID(slotID, PR_FALSE);
    if (slot == NULL) return CKR_SLOT_ID_INVALID;

    PORT_Memcpy(pInfo->manufacturerID,manufacturerID,32);
    PORT_Memcpy(pInfo->model,"NSS 3           ",16);
    PORT_Memcpy(pInfo->serialNumber,"0000000000000000",16);
    PORT_Memcpy(pInfo->utcTime,"0000000000000000",16);
    pInfo->ulMaxSessionCount = 0; /* arbitrarily large */
    pInfo->ulSessionCount = slot->sessionCount;
    pInfo->ulMaxRwSessionCount = 0; /* arbitarily large */
    pInfo->ulRwSessionCount = slot->rwSessionCount;
    pInfo->firmwareVersion.major = 0;
    pInfo->firmwareVersion.minor = 0;
    PORT_Memcpy(pInfo->label,slot->tokDescription,32);
    handle = sftk_getKeyDB(slot);
    pInfo->flags = CKF_RNG | CKF_DUAL_CRYPTO_OPERATIONS;
    if (handle == NULL) {
       pInfo->flags |= CKF_WRITE_PROTECTED;
       pInfo->ulMaxPinLen = 0;
       pInfo->ulMinPinLen = 0;
       pInfo->ulTotalPublicMemory = 0;
       pInfo->ulFreePublicMemory = 0;
       pInfo->ulTotalPrivateMemory = 0;
       pInfo->ulFreePrivateMemory = 0;
       pInfo->hardwareVersion.major = 4;
       pInfo->hardwareVersion.minor = 0;
    } else {
       /*
        * we have three possible states which we may be in:
        *   (1) No DB password has been initialized. This also means we
        *   have no keys in the key db.
        *   (2) Password initialized to NULL. This means we have keys, but
        *   the user has chosen not use a password.
        *   (3) Finally we have an initialized password whicn is not NULL, and
        *   we will need to prompt for it.
        */
       if (nsslowkey_HasKeyDBPassword(handle) == SECFailure) {
           pInfo->flags |= CKF_LOGIN_REQUIRED;
       } else if (!sftk_checkNeedLogin(slot,handle)) {
           pInfo->flags |= CKF_USER_PIN_INITIALIZED;
       } else {
           pInfo->flags |= CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED;
       }
       pInfo->ulMaxPinLen = SFTK_MAX_PIN;
       pInfo->ulMinPinLen = (CK_ULONG)slot->minimumPinLen;
       pInfo->ulTotalPublicMemory = 1;
       pInfo->ulFreePublicMemory = 1;
       pInfo->ulTotalPrivateMemory = 1;
       pInfo->ulFreePrivateMemory = 1;
       pInfo->hardwareVersion.major = CERT_DB_FILE_VERSION;
       pInfo->hardwareVersion.minor = handle->version;
        sftk_freeKeyDB(handle);
    }
    /*
     * CKF_LOGIN_REQUIRED CKF_USER_PIN_INITIALIZED  how CKF_TOKEN_INITIALIZED
     *                                              should be set
     *         0                   0                           1
     *         1                   0                           0
     *         0                   1                           1
     *         1                   1                           1
     */
    if (!(pInfo->flags & CKF_LOGIN_REQUIRED) ||
       (pInfo->flags & CKF_USER_PIN_INITIALIZED)) {
       pInfo->flags |= CKF_TOKEN_INITIALIZED;
    }
    return CKR_OK;
}

Here is the call graph for this function:

Definition at line 3087 of file pkcs11.c.

{
    CK_RV crv;
    if (nsc_init) {
       return CKR_CRYPTOKI_ALREADY_INITIALIZED;
    }
    crv = nsc_CommonInitialize(pReserved,PR_FALSE);
    nsc_init = (PRBool) (crv == CKR_OK);
    return crv;
}

Here is the call graph for this function:

CK_RV NSC_InitPIN ( CK_SESSION_HANDLE  hSession,
CK_CHAR_PTR  pPin,
CK_ULONG  ulPinLen 
)

Definition at line 3485 of file pkcs11.c.

{
    SFTKSession *sp = NULL;
    SFTKSlot *slot;
    NSSLOWKEYDBHandle *handle = NULL;
    SECItem *newPin;
    char newPinStr[SFTK_MAX_PIN+1];
    SECStatus rv;
    CK_RV crv = CKR_SESSION_HANDLE_INVALID;

    
    sp = sftk_SessionFromHandle(hSession);
    if (sp == NULL) {
       goto loser;
    }

    slot = sftk_SlotFromSession(sp);
    if (slot == NULL) {
       goto loser;
    }

    handle = sftk_getKeyDB(slot);
    if (handle == NULL) {
       crv = CKR_PIN_LEN_RANGE;
       goto loser;
    }


    if (sp->info.state != CKS_RW_SO_FUNCTIONS) {
       crv = CKR_USER_NOT_LOGGED_IN;
       goto loser;
    }

    sftk_FreeSession(sp);
    sp = NULL;

    /* make sure the pins aren't too long */
    if (ulPinLen > SFTK_MAX_PIN) {
       crv = CKR_PIN_LEN_RANGE;
       goto loser;
    }
    if (ulPinLen < (CK_ULONG)slot->minimumPinLen) {
       crv = CKR_PIN_LEN_RANGE;
       goto loser;
    }

    if (nsslowkey_HasKeyDBPassword(handle) != SECFailure) {
       crv = CKR_DEVICE_ERROR;
       goto loser;
    }

    /* convert to null terminated string */
    PORT_Memcpy(newPinStr,pPin,ulPinLen);
    newPinStr[ulPinLen] = 0; 

    /* build the hashed pins which we pass around */
    newPin = nsslowkey_HashPassword(newPinStr,handle->global_salt);
    PORT_Memset(newPinStr,0,sizeof(newPinStr));

    /* change the data base */
    rv = nsslowkey_SetKeyDBPassword(handle,newPin);
    sftk_freeKeyDB(handle);
    handle = NULL;

    /* Now update our local copy of the pin */
    if (rv == SECSuccess) {
       if (slot->password) {
           SECITEM_ZfreeItem(slot->password, PR_TRUE);
       }
       slot->password = newPin;
       if (ulPinLen == 0) slot->needLogin = PR_FALSE;
       return CKR_OK;
    }
    SECITEM_ZfreeItem(newPin, PR_TRUE);
    crv = CKR_PIN_INCORRECT;

loser:
    if (sp) {
       sftk_FreeSession(sp);
    }
    if (handle) {
       sftk_freeKeyDB(handle);
    }
    return crv;
}

Here is the call graph for this function:

CK_RV NSC_InitToken ( CK_SLOT_ID  slotID,
CK_CHAR_PTR  pPin,
CK_ULONG  ulPinLen,
CK_CHAR_PTR  pLabel 
)

Definition at line 3421 of file pkcs11.c.

                                                                  {
    SFTKSlot *slot = sftk_SlotFromID(slotID, PR_FALSE);
    NSSLOWKEYDBHandle *handle;
    NSSLOWCERTCertDBHandle *certHandle;
    SECStatus rv;
    unsigned int i;
    SFTKObject *object;

    if (slot == NULL) return CKR_SLOT_ID_INVALID;

    /* don't initialize the database if we aren't talking to a token
     * that uses the key database.
     */
    if (slotID == NETSCAPE_SLOT_ID) {
       return CKR_TOKEN_WRITE_PROTECTED;
    }

    /* first, delete all our loaded key and cert objects from our 
     * internal list. */
    PZ_Lock(slot->objectLock);
    for (i=0; i < slot->tokObjHashSize; i++) {
       do {
           object = slot->tokObjects[i];
           /* hand deque */
           /* this duplicates function of NSC_close session functions, but 
            * because we know that we are freeing all the sessions, we can
            * do more efficient processing */
           if (object) {
              slot->tokObjects[i] = object->next;

              if (object->next) object->next->prev = NULL;
              object->next = object->prev = NULL;
           }
           if (object) sftk_FreeObject(object);
       } while (object != NULL);
    }
    slot->DB_loaded = PR_FALSE;
    PZ_Unlock(slot->objectLock);

    /* then clear out the key database */
    handle = sftk_getKeyDB(slot);
    if (handle == NULL) {
       return CKR_TOKEN_WRITE_PROTECTED;
    }

    rv = nsslowkey_ResetKeyDB(handle);
    sftk_freeKeyDB(handle);
    if (rv != SECSuccess) {
       return CKR_DEVICE_ERROR;
    }

    /* finally  mark all the user certs as non-user certs */
    certHandle = sftk_getCertDB(slot);
    if (certHandle == NULL) return CKR_OK;

    nsslowcert_TraversePermCerts(certHandle,sftk_TurnOffUser, NULL);
    sftk_freeCertDB(certHandle);

    return CKR_OK; /*is this the right function for not implemented*/
}

Here is the call graph for this function:

CK_RV NSC_Login ( CK_SESSION_HANDLE  hSession,
CK_USER_TYPE  userType,
CK_CHAR_PTR  pPin,
CK_ULONG  ulPinLen 
)

Definition at line 3791 of file pkcs11.c.

{
    SFTKSlot *slot;
    SFTKSession *session;
    NSSLOWKEYDBHandle *handle;
    CK_FLAGS sessionFlags;
    SECStatus rv;
    CK_RV crv;
    SECItem *pin;
    char pinStr[SFTK_MAX_PIN+1];


    /* get the slot */
    slot = sftk_SlotFromSessionHandle(hSession);

    /* make sure the session is valid */
    session = sftk_SessionFromHandle(hSession);
    if (session == NULL) {
       return CKR_SESSION_HANDLE_INVALID;
    }
    sessionFlags = session->info.flags;
    sftk_FreeSession(session);
    session = NULL;

    /* can't log into the Netscape Slot */
    if (slot->slotID == NETSCAPE_SLOT_ID) {
        return CKR_USER_TYPE_INVALID;
    }

    if (slot->isLoggedIn) return CKR_USER_ALREADY_LOGGED_IN;
    slot->ssoLoggedIn = PR_FALSE;

    if (ulPinLen > SFTK_MAX_PIN) return CKR_PIN_LEN_RANGE;

    /* convert to null terminated string */
    PORT_Memcpy(pinStr,pPin,ulPinLen);
    pinStr[ulPinLen] = 0; 

    handle = sftk_getKeyDB(slot);
    if (handle == NULL) {
        return CKR_USER_TYPE_INVALID;
    }

    /*
     * Deal with bootstrap. We allow the SSO to login in with a NULL
     * password if and only if we haven't initialized the KEY DB yet.
     * We only allow this on a RW session.
     */
    rv = nsslowkey_HasKeyDBPassword(handle);
    if (rv == SECFailure) {
       /* allow SSO's to log in only if there is not password on the
        * key database */
       if (((userType == CKU_SO) && (sessionFlags & CKF_RW_SESSION))
           /* fips always needs to authenticate, even if there isn't a db */
                                   || (slot->slotID == FIPS_SLOT_ID)) {
           /* should this be a fixed password? */
           if (ulPinLen == 0) {
              SECItem *pw;
              PZ_Lock(slot->slotLock);
              pw = slot->password;
              slot->password = NULL;
              slot->isLoggedIn = PR_TRUE;
              slot->ssoLoggedIn = (PRBool)(userType == CKU_SO);
              PZ_Unlock(slot->slotLock);
              sftk_update_all_states(slot);
              SECITEM_ZfreeItem(pw,PR_TRUE);
              crv = CKR_OK;
              goto done;
           }
           crv = CKR_PIN_INCORRECT;
           goto done;
       } 
       crv = CKR_USER_TYPE_INVALID;
       goto done;
    } 

    /* don't allow the SSO to log in if the user is already initialized */
    if (userType != CKU_USER) { 
       crv = CKR_USER_TYPE_INVALID; 
       goto done;
    }


    /* build the hashed pins which we pass around */
    pin = nsslowkey_HashPassword(pinStr,handle->global_salt);
    if (pin == NULL) {
       crv = CKR_HOST_MEMORY;
       goto done;
    }

    PR_Lock(slot->pwCheckLock);
    rv = nsslowkey_CheckKeyDBPassword(handle,pin);
    sftk_freeKeyDB(handle);
    handle = NULL;
    if ((rv != SECSuccess) && (slot->slotID == FIPS_SLOT_ID)) {
       PR_Sleep(loginWaitTime);
    }
    PR_Unlock(slot->pwCheckLock);
    if (rv == SECSuccess) {
       SECItem *tmp;
       PZ_Lock(slot->slotLock);
       tmp = slot->password;
       slot->isLoggedIn = PR_TRUE;
       slot->password = pin;
       PZ_Unlock(slot->slotLock);
        if (tmp) SECITEM_ZfreeItem(tmp, PR_TRUE);

       /* update all sessions */
       sftk_update_all_states(slot);
       return CKR_OK;
    }

    SECITEM_ZfreeItem(pin, PR_TRUE);
    crv = CKR_PIN_INCORRECT;
done:
    if (handle) {
       sftk_freeKeyDB(handle);
    }
    return crv;
}

Here is the call graph for this function:

Definition at line 3914 of file pkcs11.c.

{
    SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession);
    SFTKSession *session;
    SECItem *pw = NULL;

    session = sftk_SessionFromHandle(hSession);
    if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
    sftk_FreeSession(session);
    session = NULL;

    if (!slot->isLoggedIn) return CKR_USER_NOT_LOGGED_IN;

    PZ_Lock(slot->slotLock);
    pw = slot->password;
    slot->isLoggedIn = PR_FALSE;
    slot->ssoLoggedIn = PR_FALSE;
    slot->password = NULL;
    PZ_Unlock(slot->slotLock);
    if (pw) SECITEM_ZfreeItem(pw, PR_TRUE);

    sftk_update_all_states(slot);
    return CKR_OK;
}

Here is the call graph for this function:

char** NSC_ModuleDBFunc ( unsigned long  function,
char *  parameters,
void args 
)

Definition at line 2889 of file pkcs11.c.

{
    char *secmod = NULL;
    char *appName = NULL;
    char *filename = NULL;
    PRBool rw;
    static char *success="Success";
    char **rvstr = NULL;

    secmod = secmod_getSecmodName(parameters,&appName,&filename, &rw);

    switch (function) {
    case SECMOD_MODULE_DB_FUNCTION_FIND:
       rvstr = secmod_ReadPermDB(appName,filename,secmod,(char *)parameters,rw);
       break;
    case SECMOD_MODULE_DB_FUNCTION_ADD:
       rvstr = (secmod_AddPermDB(appName,filename,secmod,(char *)args,rw) 
                            == SECSuccess) ? &success: NULL;
       break;
    case SECMOD_MODULE_DB_FUNCTION_DEL:
       rvstr = (secmod_DeletePermDB(appName,filename,secmod,(char *)args,rw)
                             == SECSuccess) ? &success: NULL;
       break;
    case SECMOD_MODULE_DB_FUNCTION_RELEASE:
       rvstr = (secmod_ReleasePermDBData(appName,filename,secmod,
                     (char **)args,rw) == SECSuccess) ? &success: NULL;
       break;
    }
    if (secmod) PR_smprintf_free(secmod);
    if (appName) PORT_Free(appName);
    if (filename) PORT_Free(filename);
    return rvstr;
}

Here is the call graph for this function:

CK_RV NSC_OpenSession ( CK_SLOT_ID  slotID,
CK_FLAGS  flags,
CK_VOID_PTR  pApplication,
CK_NOTIFY  Notify,
CK_SESSION_HANDLE_PTR  phSession 
)

Definition at line 3668 of file pkcs11.c.

{
    SFTKSlot *slot;
    CK_SESSION_HANDLE sessionID;
    SFTKSession *session;
    SFTKSession *sameID;

    slot = sftk_SlotFromID(slotID, PR_FALSE);
    if (slot == NULL) return CKR_SLOT_ID_INVALID;

    /* new session (we only have serial sessions) */
    session = sftk_NewSession(slotID, Notify, pApplication,
                                           flags | CKF_SERIAL_SESSION);
    if (session == NULL) return CKR_HOST_MEMORY;

    if (slot->readOnly && (flags & CKF_RW_SESSION)) {
       /* NETSCAPE_SLOT_ID is Read ONLY */
       session->info.flags &= ~CKF_RW_SESSION;
    }
    PZ_Lock(slot->slotLock);
    ++slot->sessionCount;
    PZ_Unlock(slot->slotLock);
    if (session->info.flags & CKF_RW_SESSION) {
       PR_AtomicIncrement(&slot->rwSessionCount);
    }

    do {
        PZLock *lock;
        do {
            sessionID = (PR_AtomicIncrement(&slot->sessionIDCount) & 0xffffff)
                        | (slot->index << 24);
        } while (sessionID == CK_INVALID_HANDLE);
        lock = SFTK_SESSION_LOCK(slot,sessionID);
        PZ_Lock(lock);
        sftkqueue_find(sameID, sessionID, slot->head, slot->sessHashSize);
        if (sameID == NULL) {
            session->handle = sessionID;
            sftk_update_state(slot, session);
            sftkqueue_add(session, sessionID, slot->head,slot->sessHashSize);
        } else {
            slot->sessionIDConflict++;  /* for debugging */
        }
        PZ_Unlock(lock);
    } while (sameID != NULL);

    *phSession = sessionID;
    return CKR_OK;
}

Here is the call graph for this function:

CK_RV NSC_SetAttributeValue ( CK_SESSION_HANDLE  hSession,
CK_OBJECT_HANDLE  hObject,
CK_ATTRIBUTE_PTR  pTemplate,
CK_ULONG  ulCount 
)

Definition at line 4251 of file pkcs11.c.

                                                                       {
    SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession);
    SFTKSession *session;
    SFTKAttribute *attribute;
    SFTKObject *object;
    PRBool isToken;
    CK_RV crv = CKR_OK;
    CK_BBOOL legal;
    int i;

    /*
     * make sure we're allowed
     */
    session = sftk_SessionFromHandle(hSession);
    if (session == NULL) {
        return CKR_SESSION_HANDLE_INVALID;
    }

    object = sftk_ObjectFromHandle(hObject,session);
    if (object == NULL) {
        sftk_FreeSession(session);
       return CKR_OBJECT_HANDLE_INVALID;
    }

    /* don't modify a private object if we aren't logged in */
    if ((!slot->isLoggedIn) && (slot->needLogin) &&
                            (sftk_isTrue(object,CKA_PRIVATE))) {
       sftk_FreeSession(session);
       sftk_FreeObject(object);
       return CKR_USER_NOT_LOGGED_IN;
    }

    /* don't modify a token object if we aren't in a rw session */
    isToken = sftk_isTrue(object,CKA_TOKEN);
    if (((session->info.flags & CKF_RW_SESSION) == 0) && isToken) {
       sftk_FreeSession(session);
       sftk_FreeObject(object);
       return CKR_SESSION_READ_ONLY;
    }
    sftk_FreeSession(session);

    /* only change modifiable objects */
    if (!sftk_isTrue(object,CKA_MODIFIABLE)) {
       sftk_FreeObject(object);
       return CKR_ATTRIBUTE_READ_ONLY;
    }

    for (i=0; i < (int) ulCount; i++) {
       /* Make sure that this attribute is changeable */
       switch (sftk_modifyType(pTemplate[i].type,object->objclass)) {
       case SFTK_NEVER:
       case SFTK_ONCOPY:
        default:
           crv = CKR_ATTRIBUTE_READ_ONLY;
           break;

        case SFTK_SENSITIVE:
           legal = (pTemplate[i].type == CKA_EXTRACTABLE) ? CK_FALSE : CK_TRUE;
           if ((*(CK_BBOOL *)pTemplate[i].pValue) != legal) {
               crv = CKR_ATTRIBUTE_READ_ONLY;
           }
           break;
        case SFTK_ALWAYS:
           break;
       }
       if (crv != CKR_OK) break;

       /* find the old attribute */
       attribute = sftk_FindAttribute(object,pTemplate[i].type);
       if (attribute == NULL) {
           crv =CKR_ATTRIBUTE_TYPE_INVALID;
           break;
       }
       sftk_FreeAttribute(attribute);
       crv = sftk_forceAttribute(object,sftk_attr_expand(&pTemplate[i]));
       if (crv != CKR_OK) break;

    }

    sftk_FreeObject(object);
    return crv;
}

Here is the call graph for this function:

CK_RV NSC_SetPIN ( CK_SESSION_HANDLE  hSession,
CK_CHAR_PTR  pOldPin,
CK_ULONG  ulOldLen,
CK_CHAR_PTR  pNewPin,
CK_ULONG  ulNewLen 
)

Definition at line 3575 of file pkcs11.c.

{
    SFTKSession *sp = NULL;
    SFTKSlot *slot;
    NSSLOWKEYDBHandle *handle = NULL;
    SECItem *newPin;
    SECItem *oldPin;
    char newPinStr[SFTK_MAX_PIN+1],oldPinStr[SFTK_MAX_PIN+1];
    SECStatus rv;
    CK_RV crv = CKR_SESSION_HANDLE_INVALID;

    
    sp = sftk_SessionFromHandle(hSession);
    if (sp == NULL) {
       goto loser;
    }

    slot = sftk_SlotFromSession(sp);
    if (!slot) {
       goto loser;
    }

    handle = sftk_getKeyDB(slot);
    if (handle == NULL) {
       sftk_FreeSession(sp);
       return CKR_PIN_LEN_RANGE; /* XXX FIXME wrong return value */
    }

    if (slot->needLogin && sp->info.state != CKS_RW_USER_FUNCTIONS) {
       crv = CKR_USER_NOT_LOGGED_IN;
       goto loser;
    }

    sftk_FreeSession(sp);
    sp = NULL;

    /* make sure the pins aren't too long */
    if ((ulNewLen > SFTK_MAX_PIN) || (ulOldLen > SFTK_MAX_PIN)) {
       crv = CKR_PIN_LEN_RANGE;
       goto loser;
    }
    if (ulNewLen < (CK_ULONG)slot->minimumPinLen) {
       crv = CKR_PIN_LEN_RANGE;
       goto loser;
    }


    /* convert to null terminated string */
    PORT_Memcpy(newPinStr,pNewPin,ulNewLen);
    newPinStr[ulNewLen] = 0; 
    PORT_Memcpy(oldPinStr,pOldPin,ulOldLen);
    oldPinStr[ulOldLen] = 0; 

    /* build the hashed pins which we pass around */
    newPin = nsslowkey_HashPassword(newPinStr,handle->global_salt);
    oldPin = nsslowkey_HashPassword(oldPinStr,handle->global_salt);
    PORT_Memset(newPinStr,0,sizeof(newPinStr));
    PORT_Memset(oldPinStr,0,sizeof(oldPinStr));

    /* change the data base password */
    PR_Lock(slot->pwCheckLock);
    rv = nsslowkey_ChangeKeyDBPassword(handle,oldPin,newPin);
    sftk_freeKeyDB(handle);
    handle = NULL;
    if ((rv != SECSuccess) && (slot->slotID == FIPS_SLOT_ID)) {
       PR_Sleep(loginWaitTime);
    }
    PR_Unlock(slot->pwCheckLock);

    /* Now update our local copy of the pin */
    SECITEM_ZfreeItem(oldPin, PR_TRUE);
    if (rv == SECSuccess) {
       if (slot->password) {
           SECITEM_ZfreeItem(slot->password, PR_TRUE);
       }
       slot->password = newPin;
       slot->needLogin = (PRBool)(ulNewLen != 0);
       return CKR_OK;
    }
    SECITEM_ZfreeItem(newPin, PR_TRUE);
    crv = CKR_PIN_INCORRECT;
loser:
    if (sp) {
       sftk_FreeSession(sp);
    }
    if (handle) {
       sftk_freeKeyDB(handle);
    }
    return crv;
}

Here is the call graph for this function:

CK_RV NSC_WaitForSlotEvent ( CK_FLAGS  flags,
CK_SLOT_ID_PTR  pSlot,
CK_VOID_PTR  pReserved 
)

Definition at line 5202 of file pkcs11.c.

static void nscFreeAllSlots ( int  moduleIndex) [static]

Definition at line 2923 of file pkcs11.c.

{
    /* free all the slots */
    SFTKSlot *slot = NULL;
    CK_SLOT_ID slotID;
    int i;

    if (nscSlotList[moduleIndex]) {
       CK_ULONG tmpSlotCount = nscSlotCount[moduleIndex];
       CK_SLOT_ID_PTR tmpSlotList = nscSlotList[moduleIndex];
       PLHashTable *tmpSlotHashTable = nscSlotHashTable[moduleIndex];

       /* first close all the session */
       for (i=0; i < (int) tmpSlotCount; i++) {
           slotID = tmpSlotList[i];
           (void) NSC_CloseAllSessions(slotID);
       }

       /* now clear out the statics */
       nscSlotList[moduleIndex] = NULL;
       nscSlotCount[moduleIndex] = 0;
       nscSlotHashTable[moduleIndex] = NULL;
       nscSlotListSize[moduleIndex] = 0;

       for (i=0; i < (int) tmpSlotCount; i++) {
           slotID = tmpSlotList[i];
           slot = (SFTKSlot *)
                     PL_HashTableLookup(tmpSlotHashTable, (void *)slotID);
           PORT_Assert(slot);
           if (!slot) continue;
           SFTK_DestroySlotData(slot);
           PL_HashTableRemove(tmpSlotHashTable, (void *)slotID);
       }
       PORT_Free(tmpSlotList);
       PL_HashTableDestroy(tmpSlotHashTable);
    }
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 1738 of file secoid.c.

{
    PLHashEntry *entry;
    const SECOidData *oid;
    int i;

    if (!dynOidPool && secoid_InitDynOidData() != SECSuccess) {
       return SECFailure;
    }

    if (oidhash) {
       return SECSuccess;
    }
    
    oidhash = PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare,
                     PL_CompareValues, NULL, NULL);
    oidmechhash = PL_NewHashTable(0, secoid_HashNumber, PL_CompareValues,
                     PL_CompareValues, NULL, NULL);

    if ( !oidhash || !oidmechhash) {
       PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
       PORT_Assert(0); /*This function should never fail. */
       return(SECFailure);
    }

    for ( i = 0; i < ( sizeof(oids) / sizeof(SECOidData) ); i++ ) {
       oid = &oids[i];

       PORT_Assert ( oid->offset == i );

       entry = PL_HashTableAdd( oidhash, &oid->oid, (void *)oid );
       if ( entry == NULL ) {
           PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
            PORT_Assert(0); /*This function should never fail. */
           return(SECFailure);
       }

       if ( oid->mechanism != CKM_INVALID_MECHANISM ) {
           entry = PL_HashTableAdd( oidmechhash, 
                                   (void *)oid->mechanism, (void *)oid );
           if ( entry == NULL ) {
               PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
                PORT_Assert(0); /* This function should never fail. */
              return(SECFailure);
           }
       }
    }

    PORT_Assert (i == SEC_OID_TOTAL);

    return(SECSuccess);
}

Here is the call graph for this function:

Definition at line 1872 of file secoid.c.

{
    if (oidhash) {
       PL_HashTableDestroy(oidhash);
       oidhash = NULL;
    }
    if (oidmechhash) {
       PL_HashTableDestroy(oidmechhash);
       oidmechhash = NULL;
    }
    /* Have to handle the case where the lock was created, but
    ** the pool wasn't. 
    ** I'm not going to attempt to create the lock, just to protect
    ** the destruction of data that probably isn't initialized anyway.
    */
    if (dynOidLock) {
       NSSRWLock_LockWrite(dynOidLock);
       if (dynOidHash) {
           PL_HashTableDestroy(dynOidHash);
           dynOidHash = NULL;
       }
       if (dynOidPool) {
           PORT_FreeArena(dynOidPool, PR_FALSE);
           dynOidPool = NULL;
       }
       if (dynOidTable) {
           PORT_Free(dynOidTable);
           dynOidTable = NULL;
       }
       dynOidEntriesAllocated = 0;
       dynOidEntriesUsed = 0;

       NSSRWLock_UnlockWrite(dynOidLock);
       NSSRWLock_Destroy(dynOidLock);
       dynOidLock = NULL;
    } else {
       /* Since dynOidLock doesn't exist, then all the data it protects
       ** should be uninitialized.  We'll check that (in DEBUG builds),
       ** and then make sure it is so, in case NSS is reinitialized.
       */
       PORT_Assert(!dynOidHash && !dynOidPool && !dynOidTable && \
                   !dynOidEntriesAllocated && !dynOidEntriesUsed);
       dynOidHash = NULL;
       dynOidPool = NULL;
       dynOidTable = NULL;
       dynOidEntriesAllocated = 0;
       dynOidEntriesUsed = 0;
    }
    return SECSuccess;
}
static CK_RV sft_CloseAllSession ( SFTKSlot *  slot) [static]

Definition at line 2723 of file pkcs11.c.

{
    SECItem *pw = NULL;
    SFTKSession *session;
    unsigned int i;
    /* first log out the card */
    PZ_Lock(slot->slotLock);
    pw = slot->password;
    slot->isLoggedIn = PR_FALSE;
    slot->password = NULL;
    PZ_Unlock(slot->slotLock);
    if (pw) SECITEM_ZfreeItem(pw, PR_TRUE);

    /* now close all the current sessions */
    /* NOTE: If you try to open new sessions before NSC_CloseAllSessions
     * completes, some of those new sessions may or may not be closed by
     * NSC_CloseAllSessions... but any session running when this code starts
     * will guarrenteed be close, and no session will be partially closed */
    for (i=0; i < slot->sessHashSize; i++) {
       PZLock *lock = SFTK_SESSION_LOCK(slot,i);
       do {
           PZ_Lock(lock);
           session = slot->head[i];
           /* hand deque */
           /* this duplicates function of NSC_close session functions, but 
            * because we know that we are freeing all the sessions, we can
            * do more efficient processing */
           if (session) {
              slot->head[i] = session->next;
              if (session->next) session->next->prev = NULL;
              session->next = session->prev = NULL;
              PZ_Unlock(lock);
              PZ_Lock(slot->slotLock);
              --slot->sessionCount;
              PZ_Unlock(slot->slotLock);
              if (session->info.flags & CKF_RW_SESSION) {
                  PR_AtomicDecrement(&slot->rwSessionCount);
              }
           } else {
              PZ_Unlock(lock);
           }
           if (session) sftk_FreeSession(session);
       } while (session != NULL);
    }
    return CKR_OK;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus sftk_cert_collect ( NSSLOWCERTCertificate *  cert,
void arg 
) [static]

Definition at line 4615 of file pkcs11.c.

{
    sftkCertData *cd = (sftkCertData *)arg;

    if (cert == NULL) {
       return SECSuccess;
    }

    if (cd->certs == NULL) {
       return SECFailure;
    }

    if (cd->strict) {
       if ((cd->classFlags & NSC_CERT) && !sftk_tokenMatch(cd->slot,
         &cert->certKey, SFTK_TOKEN_TYPE_CERT, cd->template,cd->templ_count)) {
           return SECSuccess;
       }
       if ((cd->classFlags & NSC_TRUST) && !sftk_tokenMatch(cd->slot,
         &cert->certKey, SFTK_TOKEN_TYPE_TRUST, 
                                        cd->template, cd->templ_count)) {
           return SECSuccess;
       }
    }

    /* allocate more space if we need it. This should only happen in
     * the general traversal case */
    if (cd->cert_count >= cd->max_cert_count) {
       int size;
       cd->max_cert_count += NSC_CERT_BLOCK_SIZE;
       size = cd->max_cert_count * sizeof (NSSLOWCERTCertificate *);
       cd->certs = (NSSLOWCERTCertificate **)PORT_Realloc(cd->certs,size);
       if (cd->certs == NULL) {
           return SECFailure;
       }
    }

    cd->certs[cd->cert_count++] = nsslowcert_DupCertificate(cert);
    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus sftk_cert_collect2 ( NSSLOWCERTCertificate *  cert,
SECItem *  dymmy,
void arg 
) [static]

Definition at line 4657 of file pkcs11.c.

{
    return sftk_cert_collect(cert, arg);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static void sftk_CertSetupData ( sftkCertData certData,
int  count 
) [static]

Definition at line 4685 of file pkcs11.c.

{
    certData->max_cert_count = count;

    if (certData->max_cert_count <= 0) {
       return;
    }
    certData->certs = (NSSLOWCERTCertificate **)
                      PORT_Alloc( count * sizeof(NSSLOWCERTCertificate *));
    return;
}

Here is the call graph for this function:

Here is the caller graph for this function:

PRBool sftk_CheckDESKey ( unsigned char *  key)

Definition at line 2188 of file pkcs11.c.

{
    int i;

    /* format the des key with parity  */
    sftk_FormatDESKey(key, 8);

    for (i=0; i < sftk_desWeakTableSize; i++) {
       if (PORT_Memcmp(key,sftk_desWeakTable[i],8) == 0) {
           return PR_TRUE;
       }
    }
    return PR_FALSE;
}

Here is the call graph for this function:

static PRBool sftk_checkNeedLogin ( SFTKSlot *  slot,
NSSLOWKEYDBHandle *  keyHandle 
) [static]

Definition at line 3219 of file pkcs11.c.

{
    if (slot->password) {
       SECStatus rv;
       rv = nsslowkey_CheckKeyDBPassword(keyHandle,slot->password);
       if ( rv == SECSuccess) {
           return slot->needLogin;
       } else {
           SECITEM_FreeItem(slot->password, PR_TRUE);
           slot->password = NULL;
           slot->isLoggedIn = PR_FALSE;
       }
    }
    slot->needLogin = 
              (PRBool)!sftk_hasNullPassword(keyHandle,&slot->password);
    return (slot->needLogin);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static void sftk_closePeer ( PRBool  isFIPS) [static]

Definition at line 2962 of file pkcs11.c.

{
    CK_SLOT_ID slotID = isFIPS ? PRIVATE_KEY_SLOT_ID: FIPS_SLOT_ID;
    SFTKSlot *slot;
    int moduleIndex = isFIPS? NSC_NON_FIPS_MODULE : NSC_FIPS_MODULE;
    PLHashTable *tmpSlotHashTable = nscSlotHashTable[moduleIndex];

    slot = (SFTKSlot *) PL_HashTableLookup(tmpSlotHashTable, (void *)slotID);
    if (slot == NULL) {
       return;
    }
    sftk_DBShutdown(slot);
    return;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static CK_RV sftk_configure ( const char *  man,
const char *  libdes 
) [static]

Definition at line 509 of file pkcs11.c.

{

    /* make sure the internationalization was done correctly... */
    if (man) {
       manufacturerID = sftk_setStringName(man,manufacturerID_space,
                                          sizeof(manufacturerID_space));
    }
    if (libdes) {
       libraryDescription = sftk_setStringName(libdes,
              libraryDescription_space, sizeof(libraryDescription_space));
    }

    return CKR_OK;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static CK_RV sftk_CreateNewSlot ( SFTKSlot *  slot,
CK_OBJECT_CLASS  class,
SFTKObject *  object 
) [static]

Definition at line 3946 of file pkcs11.c.

{
    CK_SLOT_ID idMin, idMax;
    PRBool isFIPS = PR_FALSE;
    unsigned long moduleIndex;
    SFTKAttribute *attribute;
    sftk_parameters paramStrings;
    char *paramString;
    CK_SLOT_ID slotID = 0;
    SFTKSlot *newSlot = NULL;
    CK_RV crv = CKR_OK;

    /* only the crypto or FIPS slots can create new slot objects */
    if (slot->slotID == NETSCAPE_SLOT_ID) {
       idMin = SFTK_MIN_USER_SLOT_ID;
       idMax = SFTK_MAX_USER_SLOT_ID;
       moduleIndex = NSC_NON_FIPS_MODULE;
       isFIPS = PR_FALSE;
    } else if (slot->slotID == FIPS_SLOT_ID) {
       idMin = SFTK_MIN_FIPS_USER_SLOT_ID;
       idMax = SFTK_MAX_FIPS_USER_SLOT_ID;
       moduleIndex = NSC_FIPS_MODULE;
       isFIPS = PR_TRUE;
    } else {
       return CKR_ATTRIBUTE_VALUE_INVALID;
    }
    attribute = sftk_FindAttribute(object,CKA_NETSCAPE_MODULE_SPEC);
    if (attribute == NULL) {
       return CKR_TEMPLATE_INCOMPLETE;
    }
    paramString = (char *)attribute->attrib.pValue;
    crv = secmod_parseParameters(paramString, &paramStrings, isFIPS);
    if (crv != CKR_OK) {
       goto loser;
    }

    /* enforce only one at a time */
    if (paramStrings.token_count != 1) {
       crv = CKR_ATTRIBUTE_VALUE_INVALID;
       goto loser;
    }

    slotID = paramStrings.tokens[0].slotID;

    /* stay within the valid ID space */
    if ((slotID < idMin) || (slotID > idMax)) {
       crv = CKR_ATTRIBUTE_VALUE_INVALID;
       goto loser;
    }

    /* unload any existing slot at this id */
    newSlot = sftk_SlotFromID(slotID, PR_TRUE);
    if (newSlot && newSlot->present) {
       crv = SFTK_ShutdownSlot(newSlot);
       if (crv != CKR_OK) {
           goto loser;
       }
    }

    /* if we were just planning on deleting the slot, then do so now */
    if (class == CKO_NETSCAPE_DELSLOT) {
       /* sort of a unconventional use of this error code, be we are
         * overusing CKR_ATTRIBUTE_VALUE_INVALID, and it does apply */
       crv = newSlot ? CKR_OK : CKR_SLOT_ID_INVALID;
       goto loser; /* really exit */
    }

    if (newSlot) {
       crv = SFTK_SlotReInit(newSlot, paramStrings.configdir, 
                     &paramStrings.tokens[0], moduleIndex);
    } else {
       crv = SFTK_SlotInit(paramStrings.configdir, 
                     &paramStrings.tokens[0], moduleIndex);
    }
    if (crv != CKR_OK) {
       goto loser;
    }
loser:
    secmod_freeParams(&paramStrings);
    sftk_FreeAttribute(attribute);

    return crv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus sftk_crl_collect ( SECItem *  data,
SECItem *  key,
certDBEntryType  type,
void arg 
) [static]

Definition at line 4358 of file pkcs11.c.

{
    sftkCrlData *crlData;
    CK_OBJECT_HANDLE class_handle;
    SFTKSlot *slot;
    
    crlData = (sftkCrlData *)arg;
    slot = crlData->slot;

    class_handle = (type == certDBEntryTypeRevocation) ? SFTK_TOKEN_TYPE_CRL :
                                                 SFTK_TOKEN_KRL_HANDLE;
    if (sftk_tokenMatch(slot, key, class_handle,
                     crlData->template, crlData->templ_count)) {
       sftk_addHandle(crlData->searchHandles,
                             sftk_mkHandle(slot,key,class_handle));
    }
    return(SECSuccess);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static void sftk_DBShutdown ( SFTKSlot *  slot) [static]

Definition at line 2781 of file pkcs11.c.

{
    NSSLOWCERTCertDBHandle *certHandle;
    NSSLOWKEYDBHandle      *keyHandle;
    PZ_Lock(slot->slotLock);
    certHandle = slot->certDB;
    slot->certDB = NULL;
    keyHandle = slot->keyDB;
    slot->keyDB = NULL;
    PZ_Unlock(slot->slotLock);
    if (certHandle) {
       PORT_Assert(certHandle->ref == 1 || slot->slotID > FIPS_SLOT_ID);
       sftk_freeCertDB(certHandle);
    }
    if (keyHandle) {
       PORT_Assert(keyHandle->ref == 1 || slot->slotID > FIPS_SLOT_ID);
       sftk_freeKeyDB(keyHandle);
    }
}

Here is the call graph for this function:

Here is the caller graph for this function:

static void sftk_DBVerify ( NSSLOWCERTCertDBHandle *  certHandle,
NSSLOWKEYDBHandle *  keyHandle 
) [static]

Definition at line 2532 of file pkcs11.c.

{
    /* walk through all the certs and check to see if there are any 
     * user certs, and make sure there are s/mime profiles for all certs with
     * email addresses */
    sftkDBs param;
    param.certHandle = certHandle;
    param.keyHandle = keyHandle;

    nsslowcert_TraversePermCerts(certHandle, sftk_set_user, &param);

    return;
}

Here is the call graph for this function:

Here is the caller graph for this function:

CK_RV sftk_defaultAttribute ( SFTKObject *  object,
CK_ATTRIBUTE_TYPE  type,
void value,
unsigned int  len 
)

Definition at line 563 of file pkcs11.c.

{
    if ( !sftk_hasAttribute(object, type)) {
       return sftk_AddAttributeType(object,type,value,len);
    }
    return CKR_OK;
}

Here is the call graph for this function:

CK_RV SFTK_DestroySlotData ( SFTKSlot *  slot)

Definition at line 2834 of file pkcs11.c.

{
    unsigned int i;

    SFTK_ShutdownSlot(slot);

    if (slot->tokenHashTable) {
       PL_HashTableDestroy(slot->tokenHashTable);
       slot->tokenHashTable = NULL;
    }

    if (slot->tokObjects) {
       PORT_Free(slot->tokObjects);
       slot->tokObjects = NULL;
    }
    slot->tokObjHashSize = 0;

    if (slot->head) {
       PORT_Free(slot->head);
       slot->head = NULL;
    }
    slot->sessHashSize = 0;

    /* OK everything has been disassembled, now we can finally get rid
     * of the locks */
    if (slot->slotLock) {
       PZ_DestroyLock(slot->slotLock);
       slot->slotLock = NULL;
    }
    if (slot->sessionLock) {
       for (i=0; i < slot->numSessionLocks; i++) {
           if (slot->sessionLock[i]) {
              PZ_DestroyLock(slot->sessionLock[i]);
              slot->sessionLock[i] = NULL;
           }
       }
       PORT_Free(slot->sessionLock);
       slot->sessionLock = NULL;
    }
    if (slot->objectLock) {
       PZ_DestroyLock(slot->objectLock);
       slot->objectLock = NULL;
    }
    if (slot->pwCheckLock) {
       PR_DestroyLock(slot->pwCheckLock);
       slot->pwCheckLock = NULL;
    }
    PORT_Free(slot);
    return CKR_OK;
}

Here is the call graph for this function:

void sftk_FormatDESKey ( unsigned char *  key,
int  length 
)

Definition at line 2208 of file pkcs11.c.

{
    int i;

    /* format the des key */
    for (i=0; i < length; i++) {
       key[i] = parityTable[key[i]>>1];
    }
}
static CK_RV sftk_GenerateSecretCKA_ID ( NSSLOWKEYDBHandle *  handle,
SECItem *  id,
char *  label 
) [static]

Definition at line 1507 of file pkcs11.c.

{
    unsigned int retries;
    SECStatus rv = SECSuccess;
    CK_RV crv = CKR_OK;

    id->data = NULL;
    if (label) {
       id->data = (unsigned char *)PORT_Strdup(label);
       if (id->data == NULL) {
           return CKR_HOST_MEMORY;
       }
       id->len = PORT_Strlen(label)+1;
       if (!nsslowkey_KeyForIDExists(handle,id)) { 
           return CKR_OK;
       }
       PORT_Free(id->data);
       id->data = NULL;
       id->len = 0;
    }
    id->data = (unsigned char *)PORT_Alloc(SFTK_KEY_ID_SIZE);
    if (id->data == NULL) {
       return CKR_HOST_MEMORY;
    }
    id->len = SFTK_KEY_ID_SIZE;

    retries = 0;
    do {
       rv = RNG_GenerateGlobalRandomBytes(id->data,id->len);
    } while (rv == SECSuccess && nsslowkey_KeyForIDExists(handle,id) && 
                            (++retries <= SFTK_KEY_MAX_RETRIES));

    if ((rv != SECSuccess) || (retries > SFTK_KEY_MAX_RETRIES)) {
       if (rv != SECSuccess) {
           sftk_fatalError = PR_TRUE;
       }
       crv = CKR_DEVICE_ERROR; /* random number generator is bad */
       PORT_Free(id->data);
       id->data = NULL;
       id->len = 0;
    }
    return crv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 2376 of file pkcs11.c.

{
    static char buf[65];

    switch (slotID) {
    case NETSCAPE_SLOT_ID:
       return 
        "NSS Internal Cryptographic Services                             ";
    case PRIVATE_KEY_SLOT_ID:
       return 
        "NSS User Private Key and Certificate Services                   ";
    case FIPS_SLOT_ID:
        return 
         "NSS FIPS 140-2 User Private Key Services                        ";
    default:
       break;
    }
    sprintf(buf,
     "NSS Application Slot %08x                                   ",
                                                 (unsigned int) slotID);
    return buf;
}
const char* sftk_getDefTokName ( CK_SLOT_ID  slotID)

Definition at line 2357 of file pkcs11.c.

{
    static char buf[33];

    switch (slotID) {
    case NETSCAPE_SLOT_ID:
       return "NSS Generic Crypto Services     ";
    case PRIVATE_KEY_SLOT_ID:
       return "NSS Certificate DB              ";
    case FIPS_SLOT_ID:
        return "NSS FIPS 140-2 Certificate DB   ";
    default:
       break;
    }
    sprintf(buf,"NSS Application Token %08x  ",(unsigned int) slotID);
    return buf;
}
static int sftk_GetModuleIndex ( CK_SLOT_ID  slotID) [static]

Definition at line 2405 of file pkcs11.c.

{
    if ((slotID == FIPS_SLOT_ID) || (slotID >= SFTK_MIN_FIPS_USER_SLOT_ID)) {
       return NSC_FIPS_MODULE;
    }
    return NSC_NON_FIPS_MODULE;
}

Here is the caller graph for this function:

NSSLOWKEYPrivateKey* sftk_GetPrivKey ( SFTKObject *  object,
CK_KEY_TYPE  key_type,
CK_RV crvp 
)

Definition at line 2139 of file pkcs11.c.

{
    NSSLOWKEYPrivateKey *priv = NULL;

    if (object->objclass != CKO_PRIVATE_KEY) {
       *crvp = CKR_KEY_TYPE_INCONSISTENT;
       return NULL;
    }
    if (object->objectInfo) {
       *crvp = CKR_OK;
       return (NSSLOWKEYPrivateKey *)object->objectInfo;
    }

    if (sftk_isToken(object->handle)) {
       /* grab it from the data base */
       SFTKTokenObject *to = sftk_narrowToTokenObject(object);

       PORT_Assert(to);
       priv = sftk_FindKeyByPublicKey(object->slot, &to->dbKey);
       *crvp = (priv == NULL) ? CKR_DEVICE_ERROR : CKR_OK;
    } else {
       priv = sftk_mkPrivKey(object, key_type, crvp);
    }
    object->objectInfo = priv;
    object->infoFree = (SFTKFree) nsslowkey_DestroyPrivateKey;
    return priv;
}

Here is the call graph for this function:

NSSLOWKEYPublicKey* sftk_GetPubKey ( SFTKObject *  object,
CK_KEY_TYPE  key_type,
CK_RV crvp 
)

Definition at line 1884 of file pkcs11.c.

{
    NSSLOWKEYPublicKey *pubKey;
    PLArenaPool *arena;
    CK_RV crv;

    if (object->objclass != CKO_PUBLIC_KEY) {
       *crvp = CKR_KEY_TYPE_INCONSISTENT;
       return NULL;
    }

    if (sftk_isToken(object->handle)) {
/* ferret out the token object handle */
    }

    /* If we already have a key, use it */
    if (object->objectInfo) {
       *crvp = CKR_OK;
       return (NSSLOWKEYPublicKey *)object->objectInfo;
    }

    /* allocate the structure */
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if (arena == NULL) {
       *crvp = CKR_HOST_MEMORY;
       return NULL;
    }

    pubKey = (NSSLOWKEYPublicKey *)
                     PORT_ArenaAlloc(arena,sizeof(NSSLOWKEYPublicKey));
    if (pubKey == NULL) {
       PORT_FreeArena(arena,PR_FALSE);
       *crvp = CKR_HOST_MEMORY;
       return NULL;
    }

    /* fill in the structure */
    pubKey->arena = arena;
    switch (key_type) {
    case CKK_RSA:
       pubKey->keyType = NSSLOWKEYRSAKey;
       crv = sftk_Attribute2SSecItem(arena,&pubKey->u.rsa.modulus,
                                                 object,CKA_MODULUS);
       if (crv != CKR_OK) break;
       crv = sftk_Attribute2SSecItem(arena,&pubKey->u.rsa.publicExponent,
                                          object,CKA_PUBLIC_EXPONENT);
       break;
    case CKK_DSA:
       pubKey->keyType = NSSLOWKEYDSAKey;
       crv = sftk_Attribute2SSecItem(arena,&pubKey->u.dsa.params.prime,
                                                 object,CKA_PRIME);
       if (crv != CKR_OK) break;
       crv = sftk_Attribute2SSecItem(arena,&pubKey->u.dsa.params.subPrime,
                                                 object,CKA_SUBPRIME);
       if (crv != CKR_OK) break;
       crv = sftk_Attribute2SSecItem(arena,&pubKey->u.dsa.params.base,
                                                 object,CKA_BASE);
       if (crv != CKR_OK) break;
       crv = sftk_Attribute2SSecItem(arena,&pubKey->u.dsa.publicValue,
                                                 object,CKA_VALUE);
       break;
    case CKK_DH:
       pubKey->keyType = NSSLOWKEYDHKey;
       crv = sftk_Attribute2SSecItem(arena,&pubKey->u.dh.prime,
                                                 object,CKA_PRIME);
       if (crv != CKR_OK) break;
       crv = sftk_Attribute2SSecItem(arena,&pubKey->u.dh.base,
                                                 object,CKA_BASE);
       if (crv != CKR_OK) break;
       crv = sftk_Attribute2SSecItem(arena,&pubKey->u.dh.publicValue,
                                                 object,CKA_VALUE);
       break;
#ifdef NSS_ENABLE_ECC
    case CKK_EC:
       pubKey->keyType = NSSLOWKEYECKey;
       crv = sftk_Attribute2SSecItem(arena,
                                     &pubKey->u.ec.ecParams.DEREncoding,
                                     object,CKA_EC_PARAMS);
       if (crv != CKR_OK) break;

       /* Fill out the rest of the ecParams structure 
        * based on the encoded params
        */
       if (EC_FillParams(arena, &pubKey->u.ec.ecParams.DEREncoding,
                  &pubKey->u.ec.ecParams) != SECSuccess) {
           crv = CKR_DOMAIN_PARAMS_INVALID;
           break;
       }
           
       crv = sftk_Attribute2SSecItem(arena,&pubKey->u.ec.publicValue,
                                     object,CKA_EC_POINT);
       break;
#endif /* NSS_ENABLE_ECC */
    default:
       crv = CKR_KEY_TYPE_INCONSISTENT;
       break;
    }
    *crvp = crv;
    if (crv != CKR_OK) {
       PORT_FreeArena(arena,PR_FALSE);
       return NULL;
    }

    object->objectInfo = pubKey;
    object->infoFree = (SFTKFree) nsslowkey_DestroyPublicKey;
    return pubKey;
}

Here is the call graph for this function:

static CK_RV sftk_handleCertObject ( SFTKSession *  session,
SFTKObject *  object 
) [static]

Definition at line 598 of file pkcs11.c.

{
    CK_CERTIFICATE_TYPE type;
    SFTKAttribute *attribute;
    CK_RV crv;

    /* certificates must have a type */
    if ( !sftk_hasAttribute(object,CKA_CERTIFICATE_TYPE) ) {
       return CKR_TEMPLATE_INCOMPLETE;
    }

    /* we can't store any certs private */
    if (sftk_isTrue(object,CKA_PRIVATE)) {
       return CKR_ATTRIBUTE_VALUE_INVALID;
    }
       
    /* We only support X.509 Certs for now */
    attribute = sftk_FindAttribute(object,CKA_CERTIFICATE_TYPE);
    if (attribute == NULL) return CKR_TEMPLATE_INCOMPLETE;
    type = *(CK_CERTIFICATE_TYPE *)attribute->attrib.pValue;
    sftk_FreeAttribute(attribute);

    if (type != CKC_X_509) {
       return CKR_ATTRIBUTE_VALUE_INVALID;
    }

    /* X.509 Certificate */

    /* make sure we have a cert */
    if ( !sftk_hasAttribute(object,CKA_VALUE) ) {
       return CKR_TEMPLATE_INCOMPLETE;
    }

    /* in PKCS #11, Subject is a required field */
    if ( !sftk_hasAttribute(object,CKA_SUBJECT) ) {
       return CKR_TEMPLATE_INCOMPLETE;
    }

    /* in PKCS #11, Issuer is a required field */
    if ( !sftk_hasAttribute(object,CKA_ISSUER) ) {
       return CKR_TEMPLATE_INCOMPLETE;
    }

    /* in PKCS #11, Serial is a required field */
    if ( !sftk_hasAttribute(object,CKA_SERIAL_NUMBER) ) {
       return CKR_TEMPLATE_INCOMPLETE;
    }

    /* add it to the object */
    object->objectInfo = NULL;
    object->infoFree = (SFTKFree) NULL;
    
    /* now just verify the required date fields */
    crv = sftk_defaultAttribute(object, CKA_ID, NULL, 0);
    if (crv != CKR_OK) { return crv; }

    if (sftk_isTrue(object,CKA_TOKEN)) {
       SFTKSlot *slot = session->slot;
       SECItem derCert;
       NSSLOWCERTCertificate *cert;
       NSSLOWCERTCertTrust *trust = NULL;
       NSSLOWCERTCertTrust userTrust = 
              { CERTDB_USER, CERTDB_USER, CERTDB_USER };
       NSSLOWCERTCertTrust defTrust = 
              { CERTDB_TRUSTED_UNKNOWN, 
                     CERTDB_TRUSTED_UNKNOWN, CERTDB_TRUSTED_UNKNOWN };
       char *label = NULL;
       char *email = NULL;
       SECStatus rv;
       PRBool inDB = PR_TRUE;
       NSSLOWCERTCertDBHandle *certHandle = sftk_getCertDB(slot);
       NSSLOWKEYDBHandle *keyHandle = NULL;

       if (certHandle == NULL) {
           return CKR_TOKEN_WRITE_PROTECTED;
       }

       /* get the der cert */ 
       attribute = sftk_FindAttribute(object,CKA_VALUE);
       PORT_Assert(attribute);

       derCert.type = 0;
       derCert.data = (unsigned char *)attribute->attrib.pValue;
       derCert.len = attribute->attrib.ulValueLen ;

       label = sftk_getString(object,CKA_LABEL);

       cert =  nsslowcert_FindCertByDERCert(certHandle, &derCert);
       if (cert == NULL) {
           cert = nsslowcert_DecodeDERCertificate(&derCert, label);
           inDB = PR_FALSE;
       }
       if (cert == NULL) {
           if (label) PORT_Free(label);
           sftk_FreeAttribute(attribute);
           sftk_freeCertDB(certHandle);
           return CKR_ATTRIBUTE_VALUE_INVALID;
       }

       keyHandle = sftk_getKeyDB(slot);
       if (keyHandle) {
           if (nsslowkey_KeyForCertExists(keyHandle,cert)) {
              trust = &userTrust;
           }
           sftk_freeKeyDB(keyHandle);
       }

       if (!inDB) {
           if (!trust) trust = &defTrust;
           rv = nsslowcert_AddPermCert(certHandle, cert, label, trust);
       } else {
           rv = trust ? nsslowcert_ChangeCertTrust(certHandle,cert,trust) :
                            SECSuccess;
       }

       if (label) PORT_Free(label);
       sftk_FreeAttribute(attribute);

       if (rv != SECSuccess) {
           sftk_freeCertDB(certHandle);
           nsslowcert_DestroyCertificate(cert);
           return CKR_DEVICE_ERROR;
       }

       /*
        * Add a NULL S/MIME profile if necessary.
        */
       email = sftk_getString(object,CKA_NETSCAPE_EMAIL);
       if (email) {
           certDBEntrySMime *entry;

           entry = nsslowcert_ReadDBSMimeEntry(certHandle,email);
           if (!entry) {
              nsslowcert_SaveSMimeProfile(certHandle, email, 
                                          &cert->derSubject, NULL, NULL);
           } else {
               nsslowcert_DestroyDBEntry((certDBEntry *)entry);
           }
           PORT_Free(email);
       }
       sftk_freeCertDB(certHandle);
       object->handle=sftk_mkHandle(slot,&cert->certKey,SFTK_TOKEN_TYPE_CERT);
       nsslowcert_DestroyCertificate(cert);
    }

    return CKR_OK;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static CK_RV sftk_handleCrlObject ( SFTKSession *  session,
SFTKObject *  object 
) [static]

Definition at line 996 of file pkcs11.c.

{

    /* we can't store any certs private */
    if (sftk_isTrue(object,CKA_PRIVATE)) {
       return CKR_ATTRIBUTE_VALUE_INVALID;
    }

    /* certificates must have a type */
    if ( !sftk_hasAttribute(object,CKA_SUBJECT) ) {
       return CKR_TEMPLATE_INCOMPLETE;
    }
    if ( !sftk_hasAttribute(object,CKA_VALUE) ) {
       return CKR_TEMPLATE_INCOMPLETE;
    }

    if (sftk_isTrue(object,CKA_TOKEN)) {
       SFTKSlot *slot = session->slot;
       PRBool isKRL = PR_FALSE;
       SECItem derSubj,derCrl;
       char *url = NULL;
       SFTKAttribute *subject,*crl;
       SECStatus rv;
       NSSLOWCERTCertDBHandle *certHandle;

       PORT_Assert(slot);
       certHandle = sftk_getCertDB(slot);

       if (certHandle == NULL) {
           return CKR_TOKEN_WRITE_PROTECTED;
       }

       /* lookup SUBJECT */
       subject = sftk_FindAttribute(object,CKA_SUBJECT);
       PORT_Assert(subject);
       derSubj.data = (unsigned char *)subject->attrib.pValue;
       derSubj.len = subject->attrib.ulValueLen ;

       /* lookup VALUE */
       crl = sftk_FindAttribute(object,CKA_VALUE);
       PORT_Assert(crl);
       derCrl.data = (unsigned char *)crl->attrib.pValue;
       derCrl.len = crl->attrib.ulValueLen ;


       url = sftk_getString(object,CKA_NETSCAPE_URL);
       isKRL = sftk_isTrue(object,CKA_NETSCAPE_KRL);

       /* Store CRL by SUBJECT */
       rv = nsslowcert_AddCrl(certHandle, &derCrl, &derSubj, url, isKRL);
       sftk_freeCertDB(certHandle);

       if (url) {
           PORT_Free(url);
       }
       sftk_FreeAttribute(crl);
       if (rv != SECSuccess) {
           sftk_FreeAttribute(subject);
           return CKR_DEVICE_ERROR;
       }

       /* if we overwrote the existing CRL, poison the handle entry so we get
        * a new object handle */
       (void) sftk_poisonHandle(slot, &derSubj,
                     isKRL ? SFTK_TOKEN_KRL_HANDLE : SFTK_TOKEN_TYPE_CRL);
       object->handle = sftk_mkHandle(slot, &derSubj,
                     isKRL ? SFTK_TOKEN_KRL_HANDLE : SFTK_TOKEN_TYPE_CRL);
       sftk_FreeAttribute(subject);
    }

    return CKR_OK;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static CK_RV sftk_handleDataObject ( SFTKSession *  session,
SFTKObject *  object 
) [static]

Definition at line 576 of file pkcs11.c.

{
    CK_RV crv;

    /* first reject private and token data objects */
    if (sftk_isTrue(object,CKA_PRIVATE) || sftk_isTrue(object,CKA_TOKEN)) {
       return CKR_ATTRIBUTE_VALUE_INVALID;
    }

    /* now just verify the required date fields */
    crv = sftk_defaultAttribute(object,CKA_APPLICATION,NULL,0);
    if (crv != CKR_OK) return crv;
    crv = sftk_defaultAttribute(object,CKA_VALUE,NULL,0);
    if (crv != CKR_OK) return crv;

    return CKR_OK;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static CK_RV sftk_handleDSAParameterObject ( SFTKSession *  session,
SFTKObject *  object 
) [static]

Definition at line 1680 of file pkcs11.c.

{
    SFTKAttribute *primeAttr = NULL;
    SFTKAttribute *subPrimeAttr = NULL;
    SFTKAttribute *baseAttr = NULL;
    SFTKAttribute *seedAttr = NULL;
    SFTKAttribute *hAttr = NULL;
    SFTKAttribute *attribute;
    CK_RV crv = CKR_TEMPLATE_INCOMPLETE;
    PQGParams params;
    PQGVerify vfy, *verify = NULL;
    SECStatus result,rv;

    primeAttr = sftk_FindAttribute(object,CKA_PRIME);
    if (primeAttr == NULL) goto loser;
    params.prime.data = primeAttr->attrib.pValue;
    params.prime.len = primeAttr->attrib.ulValueLen;

    subPrimeAttr = sftk_FindAttribute(object,CKA_SUBPRIME);
    if (subPrimeAttr == NULL) goto loser;
    params.subPrime.data = subPrimeAttr->attrib.pValue;
    params.subPrime.len = subPrimeAttr->attrib.ulValueLen;

    baseAttr = sftk_FindAttribute(object,CKA_BASE);
    if (baseAttr == NULL) goto loser;
    params.base.data = baseAttr->attrib.pValue;
    params.base.len = baseAttr->attrib.ulValueLen;

    attribute = sftk_FindAttribute(object, CKA_NETSCAPE_PQG_COUNTER);
    if (attribute != NULL) {
       vfy.counter = *(CK_ULONG *) attribute->attrib.pValue;
       sftk_FreeAttribute(attribute);

       seedAttr = sftk_FindAttribute(object, CKA_NETSCAPE_PQG_SEED);
       if (seedAttr == NULL) goto loser;
       vfy.seed.data = seedAttr->attrib.pValue;
       vfy.seed.len = seedAttr->attrib.ulValueLen;

       hAttr = sftk_FindAttribute(object, CKA_NETSCAPE_PQG_H);
       if (hAttr == NULL) goto loser;
       vfy.h.data = hAttr->attrib.pValue;
       vfy.h.len = hAttr->attrib.ulValueLen;

       verify = &vfy;
    }

    crv = CKR_FUNCTION_FAILED;
    rv = PQG_VerifyParams(&params,verify,&result);
    if (rv == SECSuccess) {
       crv = (result== SECSuccess) ? CKR_OK : CKR_ATTRIBUTE_VALUE_INVALID;
    }

loser:
    if (hAttr) sftk_FreeAttribute(hAttr);
    if (seedAttr) sftk_FreeAttribute(seedAttr);
    if (baseAttr) sftk_FreeAttribute(baseAttr);
    if (subPrimeAttr) sftk_FreeAttribute(subPrimeAttr);
    if (primeAttr) sftk_FreeAttribute(primeAttr);

    return crv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static CK_RV sftk_handleKeyObject ( SFTKSession *  session,
SFTKObject *  object 
) [static]

Definition at line 1628 of file pkcs11.c.

{
    SFTKAttribute *attribute;
    CK_KEY_TYPE key_type;
    CK_BBOOL cktrue = CK_TRUE;
    CK_BBOOL ckfalse = CK_FALSE;
    CK_RV crv;

    /* verify the required fields */
    if ( !sftk_hasAttribute(object,CKA_KEY_TYPE) ) {
       return CKR_TEMPLATE_INCOMPLETE;
    }

    /* now verify the common fields */
    crv = sftk_defaultAttribute(object,CKA_ID,NULL,0);
    if (crv != CKR_OK)  return crv; 
    crv = sftk_defaultAttribute(object,CKA_START_DATE,NULL,0);
    if (crv != CKR_OK)  return crv; 
    crv = sftk_defaultAttribute(object,CKA_END_DATE,NULL,0);
    if (crv != CKR_OK)  return crv; 
    crv = sftk_defaultAttribute(object,CKA_DERIVE,&cktrue,sizeof(CK_BBOOL));
    if (crv != CKR_OK)  return crv; 
    crv = sftk_defaultAttribute(object,CKA_LOCAL,&ckfalse,sizeof(CK_BBOOL));
    if (crv != CKR_OK)  return crv; 

    /* get the key type */
    attribute = sftk_FindAttribute(object,CKA_KEY_TYPE);
    if (!attribute) {
        return CKR_ATTRIBUTE_VALUE_INVALID;
    }
    key_type = *(CK_KEY_TYPE *)attribute->attrib.pValue;
    sftk_FreeAttribute(attribute);

    switch (object->objclass) {
    case CKO_PUBLIC_KEY:
       return sftk_handlePublicKeyObject(session,object,key_type);
    case CKO_PRIVATE_KEY:
       return sftk_handlePrivateKeyObject(session,object,key_type);
    case CKO_SECRET_KEY:
       /* make sure the required fields exist */
       return sftk_handleSecretKeyObject(session,object,key_type,
                          (PRBool)(session->slot->slotID == FIPS_SLOT_ID));
    default:
       break;
    }
    return CKR_ATTRIBUTE_VALUE_INVALID;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static CK_RV sftk_handleKeyParameterObject ( SFTKSession *  session,
SFTKObject *  object 
) [static]

Definition at line 1746 of file pkcs11.c.

{
    SFTKAttribute *attribute;
    CK_KEY_TYPE key_type;
    CK_BBOOL ckfalse = CK_FALSE;
    CK_RV crv;

    /* verify the required fields */
    if ( !sftk_hasAttribute(object,CKA_KEY_TYPE) ) {
       return CKR_TEMPLATE_INCOMPLETE;
    }

    /* now verify the common fields */
    crv = sftk_defaultAttribute(object,CKA_LOCAL,&ckfalse,sizeof(CK_BBOOL));
    if (crv != CKR_OK)  return crv; 

    /* get the key type */
    attribute = sftk_FindAttribute(object,CKA_KEY_TYPE);
    if (!attribute) {
        return CKR_ATTRIBUTE_VALUE_INVALID;
    }
    key_type = *(CK_KEY_TYPE *)attribute->attrib.pValue;
    sftk_FreeAttribute(attribute);

    switch (key_type) {
    case CKK_DSA:
       return sftk_handleDSAParameterObject(session,object);
       
    default:
       break;
    }
    return CKR_KEY_TYPE_INCONSISTENT;
}

Here is the call graph for this function:

Here is the caller graph for this function:

CK_RV sftk_handleObject ( SFTKObject *  object,
SFTKSession *  session 
)

Definition at line 1787 of file pkcs11.c.

{
    SFTKSlot *slot = session->slot;
    CK_BBOOL ckfalse = CK_FALSE;
    CK_BBOOL cktrue = CK_TRUE;
    SFTKAttribute *attribute;
    CK_RV crv;

    /* make sure all the base object types are defined. If not set the
     * defaults */
    crv = sftk_defaultAttribute(object,CKA_TOKEN,&ckfalse,sizeof(CK_BBOOL));
    if (crv != CKR_OK) return crv;
    crv = sftk_defaultAttribute(object,CKA_PRIVATE,&ckfalse,sizeof(CK_BBOOL));
    if (crv != CKR_OK) return crv;
    crv = sftk_defaultAttribute(object,CKA_LABEL,NULL,0);
    if (crv != CKR_OK) return crv;
    crv = sftk_defaultAttribute(object,CKA_MODIFIABLE,&cktrue,sizeof(CK_BBOOL));
    if (crv != CKR_OK) return crv;

    /* don't create a private object if we aren't logged in */
    if ((!slot->isLoggedIn) && (slot->needLogin) &&
                            (sftk_isTrue(object,CKA_PRIVATE))) {
       return CKR_USER_NOT_LOGGED_IN;
    }


    if (((session->info.flags & CKF_RW_SESSION) == 0) &&
                            (sftk_isTrue(object,CKA_TOKEN))) {
       return CKR_SESSION_READ_ONLY;
    }
       
    /* PKCS #11 object ID's are unique for all objects on a
     * token */
    PZ_Lock(slot->objectLock);
    object->handle = slot->tokenIDCount++;
    PZ_Unlock(slot->objectLock);

    /* get the object class */
    attribute = sftk_FindAttribute(object,CKA_CLASS);
    if (attribute == NULL) {
       return CKR_TEMPLATE_INCOMPLETE;
    }
    object->objclass = *(CK_OBJECT_CLASS *)attribute->attrib.pValue;
    sftk_FreeAttribute(attribute);

    /* now handle the specific. Get a session handle for these functions
     * to use */
    switch (object->objclass) {
    case CKO_DATA:
       crv = sftk_handleDataObject(session,object);
       break;
    case CKO_CERTIFICATE:
       crv = sftk_handleCertObject(session,object);
       break;
    case CKO_NETSCAPE_TRUST:
       crv = sftk_handleTrustObject(session,object);
       break;
    case CKO_NETSCAPE_CRL:
       crv = sftk_handleCrlObject(session,object);
       break;
    case CKO_NETSCAPE_SMIME:
       crv = sftk_handleSMimeObject(session,object);
       break;
    case CKO_PRIVATE_KEY:
    case CKO_PUBLIC_KEY:
    case CKO_SECRET_KEY:
       crv = sftk_handleKeyObject(session,object);
       break;
    case CKO_KG_PARAMETERS:
       crv = sftk_handleKeyParameterObject(session,object);
       break;
    default:
       crv = CKR_ATTRIBUTE_VALUE_INVALID;
       break;
    }

    /* can't fail from here on out unless the pk_handlXXX functions have
     * failed the request */
    if (crv != CKR_OK) {
       return crv;
    }

    /* now link the object into the slot and session structures */
    if (sftk_isToken(object->handle)) {
       sftk_convertSessionToToken(object);
    } else {
       object->slot = slot;
       sftk_AddObject(session,object);
    }

    return CKR_OK;
}

Here is the call graph for this function:

static CK_RV sftk_handlePrivateKeyObject ( SFTKSession *  session,
SFTKObject *  object,
CK_KEY_TYPE  key_type 
) [static]

Definition at line 1226 of file pkcs11.c.

{
    CK_BBOOL cktrue = CK_TRUE;
    CK_BBOOL encrypt = CK_TRUE;
    CK_BBOOL sign = CK_FALSE;
    CK_BBOOL recover = CK_TRUE;
    CK_BBOOL wrap = CK_TRUE;
    CK_BBOOL derive = CK_FALSE;
    CK_BBOOL ckfalse = CK_FALSE;
    SECItem mod;
    CK_RV crv;

    switch (key_type) {
    case CKK_RSA:
       if ( !sftk_hasAttribute(object, CKA_MODULUS)) {
           return CKR_TEMPLATE_INCOMPLETE;
       }
       if ( !sftk_hasAttribute(object, CKA_PUBLIC_EXPONENT)) {
           return CKR_TEMPLATE_INCOMPLETE;
       }
       if ( !sftk_hasAttribute(object, CKA_PRIVATE_EXPONENT)) {
           return CKR_TEMPLATE_INCOMPLETE;
       }
       if ( !sftk_hasAttribute(object, CKA_PRIME_1)) {
           return CKR_TEMPLATE_INCOMPLETE;
       }
       if ( !sftk_hasAttribute(object, CKA_PRIME_2)) {
           return CKR_TEMPLATE_INCOMPLETE;
       }
       if ( !sftk_hasAttribute(object, CKA_EXPONENT_1)) {
           return CKR_TEMPLATE_INCOMPLETE;
       }
       if ( !sftk_hasAttribute(object, CKA_EXPONENT_2)) {
           return CKR_TEMPLATE_INCOMPLETE;
       }
       if ( !sftk_hasAttribute(object, CKA_COEFFICIENT)) {
           return CKR_TEMPLATE_INCOMPLETE;
       }
       /* make sure Netscape DB attribute is set correctly */
       crv = sftk_Attribute2SSecItem(NULL, &mod, object, CKA_MODULUS);
       if (crv != CKR_OK) return crv;
       crv = sftk_forceAttribute(object, CKA_NETSCAPE_DB, 
                                          sftk_item_expand(&mod));
       if (mod.data) PORT_Free(mod.data);
       if (crv != CKR_OK) return crv;

       sign = CK_TRUE;
       break;
    case CKK_DSA:
       if ( !sftk_hasAttribute(object, CKA_SUBPRIME)) {
           return CKR_TEMPLATE_INCOMPLETE;
       }
       if (sftk_isTrue(object,CKA_TOKEN) &&
              !sftk_hasAttribute(object, CKA_NETSCAPE_DB)) {
           return CKR_TEMPLATE_INCOMPLETE;
       }
       sign = CK_TRUE;
       /* fall through */
    case CKK_DH:
       if ( !sftk_hasAttribute(object, CKA_PRIME)) {
           return CKR_TEMPLATE_INCOMPLETE;
       }
       if ( !sftk_hasAttribute(object, CKA_BASE)) {
           return CKR_TEMPLATE_INCOMPLETE;
       }
       if ( !sftk_hasAttribute(object, CKA_VALUE)) {
           return CKR_TEMPLATE_INCOMPLETE;
       }
       encrypt = CK_FALSE;
       recover = CK_FALSE;
       wrap = CK_FALSE;
       break;
#ifdef NSS_ENABLE_ECC
    case CKK_EC:
       if ( !sftk_hasAttribute(object, CKA_EC_PARAMS)) {
           return CKR_TEMPLATE_INCOMPLETE;
       }
       if ( !sftk_hasAttribute(object, CKA_VALUE)) {
           return CKR_TEMPLATE_INCOMPLETE;
       }
       if (sftk_isTrue(object,CKA_TOKEN) &&
              !sftk_hasAttribute(object, CKA_NETSCAPE_DB)) {
           return CKR_TEMPLATE_INCOMPLETE;
       }
       encrypt = CK_FALSE;
       sign = CK_TRUE;
       recover = CK_FALSE;
       wrap = CK_FALSE;
       derive = CK_TRUE;
       break;
#endif /* NSS_ENABLE_ECC */
    default:
       return CKR_ATTRIBUTE_VALUE_INVALID;
    }
    crv = sftk_defaultAttribute(object,CKA_SUBJECT,NULL,0);
    if (crv != CKR_OK)  return crv; 
    crv = sftk_defaultAttribute(object,CKA_SENSITIVE,&cktrue,sizeof(CK_BBOOL));
    if (crv != CKR_OK)  return crv; 
    crv = sftk_defaultAttribute(object,CKA_EXTRACTABLE,&cktrue,sizeof(CK_BBOOL));
    if (crv != CKR_OK)  return crv; 
    crv = sftk_defaultAttribute(object,CKA_DECRYPT,&encrypt,sizeof(CK_BBOOL));
    if (crv != CKR_OK)  return crv; 
    crv = sftk_defaultAttribute(object,CKA_SIGN,&sign,sizeof(CK_BBOOL));
    if (crv != CKR_OK)  return crv; 
    crv = sftk_defaultAttribute(object,CKA_SIGN_RECOVER,&recover,
                                                      sizeof(CK_BBOOL));
    if (crv != CKR_OK)  return crv; 
    crv = sftk_defaultAttribute(object,CKA_UNWRAP,&wrap,sizeof(CK_BBOOL));
    if (crv != CKR_OK)  return crv; 
    crv = sftk_defaultAttribute(object,CKA_DERIVE,&derive,sizeof(CK_BBOOL));
    if (crv != CKR_OK)  return crv; 
    /* the next two bits get modified only in the key gen and token cases */
    crv = sftk_forceAttribute(object,CKA_ALWAYS_SENSITIVE,
                                          &ckfalse,sizeof(CK_BBOOL));
    if (crv != CKR_OK)  return crv; 
    crv = sftk_forceAttribute(object,CKA_NEVER_EXTRACTABLE,
                                          &ckfalse,sizeof(CK_BBOOL));
    if (crv != CKR_OK)  return crv; 

    /* should we check the non-token RSA private keys? */

    if (sftk_isTrue(object,CKA_TOKEN)) {
       SFTKSlot *slot = session->slot;
       NSSLOWKEYPrivateKey *privKey;
       char *label;
       SECStatus rv = SECSuccess;
       CK_RV crv = CKR_DEVICE_ERROR;
       SECItem pubKey;
       NSSLOWKEYDBHandle *keyHandle = sftk_getKeyDB(slot);

       if (keyHandle == NULL) {
           return CKR_TOKEN_WRITE_PROTECTED;
       }

       privKey=sftk_mkPrivKey(object,key_type,&crv);
       if (privKey == NULL) return crv;
       label = sftk_getString(object,CKA_LABEL);

       crv = sftk_Attribute2SSecItem(NULL,&pubKey,object,CKA_NETSCAPE_DB);
       if (crv != CKR_OK) {
           crv = CKR_TEMPLATE_INCOMPLETE;
           rv = SECFailure;
           goto fail;
       }
       if (keyHandle->version != 3) {
           unsigned char buf[SHA1_LENGTH];
           SHA1_HashBuf(buf,pubKey.data,pubKey.len);
           PORT_Memcpy(pubKey.data,buf,sizeof(buf));
           pubKey.len = sizeof(buf);
       }

        if (key_type == CKK_RSA) {
           rv = RSA_PrivateKeyCheck(&privKey->u.rsa);
           if (rv == SECFailure) {
              goto fail;
           }
       }
       rv = nsslowkey_StoreKeyByPublicKey(keyHandle, privKey, &pubKey, 
                                      label, slot->password);

fail:
       sftk_freeKeyDB(keyHandle);
       if (label) PORT_Free(label);
       object->handle = sftk_mkHandle(slot,&pubKey,SFTK_TOKEN_TYPE_PRIV);
       if (pubKey.data) PORT_Free(pubKey.data);
       nsslowkey_DestroyPrivateKey(privKey);
       if (rv != SECSuccess) return crv;
    } else {
       object->objectInfo = sftk_mkPrivKey(object,key_type,&crv);
       if (object->objectInfo == NULL) return crv;
       object->infoFree = (SFTKFree) nsslowkey_DestroyPrivateKey;
       /* now NULL out the sensitive attributes */
       /* remove nulled out attributes for session objects. these only
        * applied to rsa private keys anyway (other private keys did not
        * get their attributes NULL'ed out */
    }
    return CKR_OK;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static CK_RV sftk_handlePublicKeyObject ( SFTKSession *  session,
SFTKObject *  object,
CK_KEY_TYPE  key_type 
) [static]

Definition at line 1073 of file pkcs11.c.

{
    CK_BBOOL encrypt = CK_TRUE;
    CK_BBOOL recover = CK_TRUE;
    CK_BBOOL wrap = CK_TRUE;
    CK_BBOOL derive = CK_FALSE;
    CK_BBOOL verify = CK_TRUE;
    CK_ATTRIBUTE_TYPE pubKeyAttr = CKA_VALUE;
    CK_RV crv;

    switch (key_type) {
    case CKK_RSA:
       crv = sftk_ConstrainAttribute(object, CKA_MODULUS,
                                           RSA_MIN_MODULUS_BITS, 0, 0);
       if (crv != CKR_OK) {
           return crv;
       }
       crv = sftk_ConstrainAttribute(object, CKA_PUBLIC_EXPONENT, 2, 0, 0);
       if (crv != CKR_OK) {
           return crv;
       }
       pubKeyAttr = CKA_MODULUS;
       break;
    case CKK_DSA:
       crv = sftk_ConstrainAttribute(object, CKA_SUBPRIME, 
                                          DSA_Q_BITS, DSA_Q_BITS, 0);
       if (crv != CKR_OK) {
           return crv;
       }
       crv = sftk_ConstrainAttribute(object, CKA_PRIME, 
                                   DSA_MIN_P_BITS, DSA_MAX_P_BITS, 64);
       if (crv != CKR_OK) {
           return crv;
       }
       crv = sftk_ConstrainAttribute(object, CKA_BASE, 1, DSA_MAX_P_BITS, 0);
       if (crv != CKR_OK) {
           return crv;
       }
       crv = sftk_ConstrainAttribute(object, CKA_VALUE, 1, DSA_MAX_P_BITS, 0);
       if (crv != CKR_OK) {
           return crv;
       }
       encrypt = CK_FALSE;
       recover = CK_FALSE;
       wrap = CK_FALSE;
       break;
    case CKK_DH:
       crv = sftk_ConstrainAttribute(object, CKA_PRIME, 
                                   DH_MIN_P_BITS, DH_MAX_P_BITS, 0);
       if (crv != CKR_OK) {
           return crv;
       }
       crv = sftk_ConstrainAttribute(object, CKA_BASE, 1, DH_MAX_P_BITS, 0);
       if (crv != CKR_OK) {
           return crv;
       }
       crv = sftk_ConstrainAttribute(object, CKA_VALUE, 1, DH_MAX_P_BITS, 0);
       if (crv != CKR_OK) {
           return crv;
       }
       verify = CK_FALSE;
       derive = CK_TRUE;
       encrypt = CK_FALSE;
       recover = CK_FALSE;
       wrap = CK_FALSE;
       break;
#ifdef NSS_ENABLE_ECC
    case CKK_EC:
       if ( !sftk_hasAttribute(object, CKA_EC_PARAMS)) {
           return CKR_TEMPLATE_INCOMPLETE;
       }
       if ( !sftk_hasAttribute(object, CKA_EC_POINT)) {
           return CKR_TEMPLATE_INCOMPLETE;
       }
       pubKeyAttr = CKA_EC_POINT;
       derive = CK_TRUE;    /* for ECDH */
       verify = CK_TRUE;    /* for ECDSA */
       encrypt = CK_FALSE;
       recover = CK_FALSE;
       wrap = CK_FALSE;
       break;
#endif /* NSS_ENABLE_ECC */
    default:
       return CKR_ATTRIBUTE_VALUE_INVALID;
    }

    /* make sure the required fields exist */
    crv = sftk_defaultAttribute(object,CKA_SUBJECT,NULL,0);
    if (crv != CKR_OK)  return crv; 
    crv = sftk_defaultAttribute(object,CKA_ENCRYPT,&encrypt,sizeof(CK_BBOOL));
    if (crv != CKR_OK)  return crv; 
    crv = sftk_defaultAttribute(object,CKA_VERIFY,&verify,sizeof(CK_BBOOL));
    if (crv != CKR_OK)  return crv; 
    crv = sftk_defaultAttribute(object,CKA_VERIFY_RECOVER,
                                          &recover,sizeof(CK_BBOOL));
    if (crv != CKR_OK)  return crv; 
    crv = sftk_defaultAttribute(object,CKA_WRAP,&wrap,sizeof(CK_BBOOL));
    if (crv != CKR_OK)  return crv; 
    crv = sftk_defaultAttribute(object,CKA_DERIVE,&derive,sizeof(CK_BBOOL));
    if (crv != CKR_OK)  return crv; 

    object->objectInfo = sftk_GetPubKey(object,key_type, &crv);
    if (object->objectInfo == NULL) {
       return crv;
    }
    object->infoFree = (SFTKFree) nsslowkey_DestroyPublicKey;

    if (sftk_isTrue(object,CKA_TOKEN)) {
       SFTKSlot *slot = session->slot;
       NSSLOWKEYPrivateKey *priv;
       SECItem pubKey;
       NSSLOWKEYDBHandle *keyHandle = NULL;

       crv = sftk_Attribute2SSecItem(NULL,&pubKey,object,pubKeyAttr);
       if (crv != CKR_OK) return crv;

       PORT_Assert(pubKey.data);
       keyHandle = sftk_getKeyDB(slot);
       if (keyHandle == NULL) {
           PORT_Free(pubKey.data);
           return CKR_TOKEN_WRITE_PROTECTED;
       }
       if (keyHandle->version != 3) {
           unsigned char buf[SHA1_LENGTH];
           SHA1_HashBuf(buf,pubKey.data,pubKey.len);
           PORT_Memcpy(pubKey.data,buf,sizeof(buf));
           pubKey.len = sizeof(buf);
       }
       /* make sure the associated private key already exists */
       /* only works if we are logged in */
       priv = nsslowkey_FindKeyByPublicKey(keyHandle, &pubKey, slot->password);
       sftk_freeKeyDB(keyHandle);
       if (priv == NULL) {
           PORT_Free(pubKey.data);
           return crv;
       }
       nsslowkey_DestroyPrivateKey(priv);

       object->handle = sftk_mkHandle(slot, &pubKey, SFTK_TOKEN_TYPE_PUB);
       PORT_Free(pubKey.data);
    }

    return CKR_OK;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static CK_RV sftk_handleSecretKeyObject ( SFTKSession *  session,
SFTKObject *  object,
CK_KEY_TYPE  key_type,
PRBool  isFIPS 
) [static]

Definition at line 1555 of file pkcs11.c.

{
    CK_RV crv;
    NSSLOWKEYPrivateKey *privKey   = NULL;
    NSSLOWKEYDBHandle   *keyHandle = NULL;
    SECItem pubKey;
    char *label = NULL;

    pubKey.data = 0;

    /* First validate and set defaults */
    crv = validateSecretKey(session, object, key_type, isFIPS);
    if (crv != CKR_OK) goto loser;

    /* If the object is a TOKEN object, store in the database */
    if (sftk_isTrue(object,CKA_TOKEN)) {
       SFTKSlot *slot = session->slot;
       SECStatus rv = SECSuccess;
       keyHandle = sftk_getKeyDB(slot);

       if (keyHandle == NULL) {
           return CKR_TOKEN_WRITE_PROTECTED;
       }

       label = sftk_getString(object,CKA_LABEL);

       crv = sftk_Attribute2SecItem(NULL, &pubKey, object, CKA_ID);  
                                          /* Should this be ID? */
       if (crv != CKR_OK) goto loser;

       /* if we don't have an ID, generate one */
       if (pubKey.len == 0) {
           if (pubKey.data) { 
              PORT_Free(pubKey.data);
              pubKey.data = NULL;
           }
           crv = sftk_GenerateSecretCKA_ID(keyHandle, &pubKey, label);
           if (crv != CKR_OK) goto loser;

           crv = sftk_forceAttribute(object, CKA_ID, pubKey.data, pubKey.len);
           if (crv != CKR_OK) goto loser;
       }

       privKey = sftk_mkSecretKeyRep(object);
       if (privKey == NULL) {
           crv = CKR_HOST_MEMORY;
           goto loser;
       }

       rv = nsslowkey_StoreKeyByPublicKey(keyHandle,
                     privKey, &pubKey, label, slot->password);
       if (rv != SECSuccess) {
           crv = CKR_DEVICE_ERROR;
           goto loser;
       }

       object->handle = sftk_mkHandle(slot,&pubKey,SFTK_TOKEN_TYPE_KEY);
    }

loser:
    if (keyHandle) sftk_freeKeyDB(keyHandle);
    if (label) PORT_Free(label);
    if (privKey) nsslowkey_DestroyPrivateKey(privKey);
    if (pubKey.data) PORT_Free(pubKey.data);

    return crv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static CK_RV sftk_handleSMimeObject ( SFTKSession *  session,
SFTKObject *  object 
) [static]

Definition at line 910 of file pkcs11.c.

{

    /* we can't store any certs private */
    if (sftk_isTrue(object,CKA_PRIVATE)) {
       return CKR_ATTRIBUTE_VALUE_INVALID;
    }

    /* certificates must have a type */
    if ( !sftk_hasAttribute(object,CKA_SUBJECT) ) {
       return CKR_TEMPLATE_INCOMPLETE;
    }
    if ( !sftk_hasAttribute(object,CKA_NETSCAPE_EMAIL) ) {
       return CKR_TEMPLATE_INCOMPLETE;
    }

    if (sftk_isTrue(object,CKA_TOKEN)) {
       SFTKSlot *slot = session->slot;
       SECItem derSubj,rawProfile,rawTime,emailKey;
       SECItem *pRawProfile = NULL;
       SECItem *pRawTime = NULL;
       char *email = NULL;
       SFTKAttribute *subject,*profile,*time;
       SECStatus rv;
       NSSLOWCERTCertDBHandle *certHandle;

       PORT_Assert(slot);
       certHandle = sftk_getCertDB(slot);

       if (certHandle == NULL) {
           return CKR_TOKEN_WRITE_PROTECTED;
       }

       /* lookup SUBJECT */
       subject = sftk_FindAttribute(object,CKA_SUBJECT);
       PORT_Assert(subject);
       derSubj.data = (unsigned char *)subject->attrib.pValue;
       derSubj.len = subject->attrib.ulValueLen ;
       derSubj.type = 0;

       /* lookup VALUE */
       profile = sftk_FindAttribute(object,CKA_VALUE);
       if (profile) {
           rawProfile.data = (unsigned char *)profile->attrib.pValue;
           rawProfile.len = profile->attrib.ulValueLen ;
           rawProfile.type = siBuffer;
           pRawProfile = &rawProfile;
       }

       /* lookup Time */
       time = sftk_FindAttribute(object,CKA_NETSCAPE_SMIME_TIMESTAMP);
       if (time) {
           rawTime.data = (unsigned char *)time->attrib.pValue;
           rawTime.len = time->attrib.ulValueLen ;
           rawTime.type = siBuffer;
           pRawTime = &rawTime;
       }


       email = sftk_getString(object,CKA_NETSCAPE_EMAIL);

       /* Store CRL by SUBJECT */
       rv = nsslowcert_SaveSMimeProfile(certHandle, email, &derSubj, 
                            pRawProfile,pRawTime);
       sftk_freeCertDB(certHandle);
       sftk_FreeAttribute(subject);
       if (profile) sftk_FreeAttribute(profile);
       if (time) sftk_FreeAttribute(time);
       if (rv != SECSuccess) {
           PORT_Free(email);
           return CKR_DEVICE_ERROR;
       }
       emailKey.data = (unsigned char *)email;
       emailKey.len = PORT_Strlen(email)+1;

       object->handle = sftk_mkHandle(slot, &emailKey, SFTK_TOKEN_TYPE_SMIME);
       PORT_Free(email);
    }

    return CKR_OK;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static CK_RV sftk_handleTrustObject ( SFTKSession *  session,
SFTKObject *  object 
) [static]

Definition at line 775 of file pkcs11.c.

{
    NSSLOWCERTIssuerAndSN issuerSN;

    /* we can't store any certs private */
    if (sftk_isTrue(object,CKA_PRIVATE)) {
       return CKR_ATTRIBUTE_VALUE_INVALID;
    }

    /* certificates must have a type */
    if ( !sftk_hasAttribute(object,CKA_ISSUER) ) {
       return CKR_TEMPLATE_INCOMPLETE;
    }
    if ( !sftk_hasAttribute(object,CKA_SERIAL_NUMBER) ) {
       return CKR_TEMPLATE_INCOMPLETE;
    }
    if ( !sftk_hasAttribute(object,CKA_CERT_SHA1_HASH) ) {
       return CKR_TEMPLATE_INCOMPLETE;
    }
    if ( !sftk_hasAttribute(object,CKA_CERT_MD5_HASH) ) {
       return CKR_TEMPLATE_INCOMPLETE;
    }

    if (sftk_isTrue(object,CKA_TOKEN)) {
       SFTKSlot *slot = session->slot;
       SFTKAttribute *issuer = NULL;
       SFTKAttribute *serial = NULL;
       NSSLOWCERTCertificate *cert = NULL;
       SFTKAttribute *trust;
        CK_TRUST sslTrust = CKT_NETSCAPE_TRUST_UNKNOWN;
        CK_TRUST clientTrust = CKT_NETSCAPE_TRUST_UNKNOWN;
        CK_TRUST emailTrust = CKT_NETSCAPE_TRUST_UNKNOWN;
        CK_TRUST signTrust = CKT_NETSCAPE_TRUST_UNKNOWN;
       CK_BBOOL stepUp;
       NSSLOWCERTCertTrust dbTrust = { 0 };
       SECStatus rv;
       NSSLOWCERTCertDBHandle *certHandle = sftk_getCertDB(slot);

       if (certHandle == NULL) {
           return CKR_TOKEN_WRITE_PROTECTED;
       }

       issuer = sftk_FindAttribute(object,CKA_ISSUER);
       PORT_Assert(issuer);
       issuerSN.derIssuer.data = (unsigned char *)issuer->attrib.pValue;
       issuerSN.derIssuer.len = issuer->attrib.ulValueLen ;

       serial = sftk_FindAttribute(object,CKA_SERIAL_NUMBER);
       PORT_Assert(serial);
       issuerSN.serialNumber.data = (unsigned char *)serial->attrib.pValue;
       issuerSN.serialNumber.len = serial->attrib.ulValueLen ;

       cert = nsslowcert_FindCertByIssuerAndSN(certHandle,&issuerSN);
       sftk_FreeAttribute(serial);
       sftk_FreeAttribute(issuer);

       if (cert == NULL) {
           sftk_freeCertDB(certHandle);
           return CKR_ATTRIBUTE_VALUE_INVALID;
       }
       
       trust = sftk_FindAttribute(object,CKA_TRUST_SERVER_AUTH);
       if (trust) {
           if (trust->attrib.ulValueLen == sizeof(CK_TRUST)) {
              PORT_Memcpy(&sslTrust,trust->attrib.pValue, sizeof(sslTrust));
           }
           sftk_FreeAttribute(trust);
       }
       trust = sftk_FindAttribute(object,CKA_TRUST_CLIENT_AUTH);
       if (trust) {
           if (trust->attrib.ulValueLen == sizeof(CK_TRUST)) {
              PORT_Memcpy(&clientTrust,trust->attrib.pValue,
                                                  sizeof(clientTrust));
           }
           sftk_FreeAttribute(trust);
       }
       trust = sftk_FindAttribute(object,CKA_TRUST_EMAIL_PROTECTION);
       if (trust) {
           if (trust->attrib.ulValueLen == sizeof(CK_TRUST)) {
              PORT_Memcpy(&emailTrust,trust->attrib.pValue,
                                                 sizeof(emailTrust));
           }
           sftk_FreeAttribute(trust);
       }
       trust = sftk_FindAttribute(object,CKA_TRUST_CODE_SIGNING);
       if (trust) {
           if (trust->attrib.ulValueLen == sizeof(CK_TRUST)) {
              PORT_Memcpy(&signTrust,trust->attrib.pValue,
                                                 sizeof(signTrust));
           }
           sftk_FreeAttribute(trust);
       }
       stepUp = CK_FALSE;
       trust = sftk_FindAttribute(object,CKA_TRUST_STEP_UP_APPROVED);
       if (trust) {
           if (trust->attrib.ulValueLen == sizeof(CK_BBOOL)) {
              stepUp = *(CK_BBOOL*)trust->attrib.pValue;
           }
           sftk_FreeAttribute(trust);
       }

       /* preserve certain old fields */
       if (cert->trust) {
           dbTrust.sslFlags =
                       cert->trust->sslFlags & CERTDB_PRESERVE_TRUST_BITS;
           dbTrust.emailFlags=
                     cert->trust->emailFlags & CERTDB_PRESERVE_TRUST_BITS;
           dbTrust.objectSigningFlags = 
              cert->trust->objectSigningFlags & CERTDB_PRESERVE_TRUST_BITS;
       }

       dbTrust.sslFlags |= sftk_MapTrust(sslTrust,PR_FALSE);
       dbTrust.sslFlags |= sftk_MapTrust(clientTrust,PR_TRUE);
       dbTrust.emailFlags |= sftk_MapTrust(emailTrust,PR_FALSE);
       dbTrust.objectSigningFlags |= sftk_MapTrust(signTrust,PR_FALSE);
       if (stepUp) {
           dbTrust.sslFlags |= CERTDB_GOVT_APPROVED_CA;
       }

       rv = nsslowcert_ChangeCertTrust(certHandle,cert,&dbTrust);
       object->handle=sftk_mkHandle(slot,&cert->certKey,SFTK_TOKEN_TYPE_TRUST);
       nsslowcert_DestroyCertificate(cert);
       sftk_freeCertDB(certHandle);
       if (rv != SECSuccess) {
          return CKR_DEVICE_ERROR;
       }
    }

    return CKR_OK;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static PLHashNumber sftk_HashNumber ( const void key) [static]

Definition at line 2346 of file pkcs11.c.

{
    return (PLHashNumber) key;
}

Here is the caller graph for this function:

static PRBool sftk_hasNullPassword ( NSSLOWKEYDBHandle *  keydb,
SECItem **  pwitem 
) [static]

Definition at line 533 of file pkcs11.c.

{
    PRBool pwenabled;
    
    pwenabled = PR_FALSE;
    *pwitem = NULL;
    if (nsslowkey_HasKeyDBPassword (keydb) == SECSuccess) {
       *pwitem = nsslowkey_HashPassword("", keydb->global_salt);
       if ( *pwitem ) {
           if (nsslowkey_CheckKeyDBPassword (keydb, *pwitem) == SECSuccess) {
              pwenabled = PR_TRUE;
           } else {
              SECITEM_ZfreeItem(*pwitem, PR_TRUE);
              *pwitem = NULL;
           }
       }
    }

    return pwenabled;
}

Here is the call graph for this function:

Here is the caller graph for this function:

PRBool sftk_IsWeakKey ( unsigned char *  key,
CK_KEY_TYPE  key_type 
)

Definition at line 2207 of file pkcs11.c.

{

    switch(key_type) {
    case CKK_DES:
       return sftk_CheckDESKey(key);
    case CKM_DES2_KEY_GEN:
       if (sftk_CheckDESKey(key)) return PR_TRUE;
       return sftk_CheckDESKey(&key[8]);
    case CKM_DES3_KEY_GEN:
       if (sftk_CheckDESKey(key)) return PR_TRUE;
       if (sftk_CheckDESKey(&key[8])) return PR_TRUE;
       return sftk_CheckDESKey(&key[16]);
    default:
       break;
    }
    return PR_FALSE;
}

Here is the call graph for this function:

static SECStatus sftk_key_collect ( DBT key,
DBT data,
void arg 
) [static]

Definition at line 4430 of file pkcs11.c.

{
    sftkKeyData *keyData;
    NSSLOWKEYPrivateKey *privKey = NULL;
    SECItem tmpDBKey;
    SFTKSlot *slot;
    
    keyData = (sftkKeyData *)arg;
    slot = keyData->slot;

    tmpDBKey.data = key->data;
    tmpDBKey.len = key->size;
    tmpDBKey.type = siBuffer;

    PORT_Assert(keyData->keyHandle);
    if (!keyData->strict && keyData->id) {
       SECItem result;
       PRBool haveMatch= PR_FALSE;
       unsigned char hashKey[SHA1_LENGTH];
       result.data = hashKey;
       result.len = sizeof(hashKey);

       if (keyData->id->len == 0) {
           /* Make sure this isn't a NSC_KEY */
           privKey = nsslowkey_FindKeyByPublicKey(keyData->keyHandle, 
                                   &tmpDBKey, keyData->slot->password);
           if (privKey) {
              haveMatch = isSecretKey(privKey) ?
                            (PRBool)(keyData->classFlags & NSC_KEY) != 0:
                            (PRBool)(keyData->classFlags & 
                                         (NSC_PRIVATE|NSC_PUBLIC)) != 0;
              nsslowkey_DestroyPrivateKey(privKey);
           }
       } else {
           SHA1_HashBuf( hashKey, key->data, key->size ); /* match id */
           haveMatch = SECITEM_ItemsAreEqual(keyData->id,&result);
           if (!haveMatch && ((unsigned char *)key->data)[0] == 0) {
              /* This is a fix for backwards compatibility.  The key
               * database indexes private keys by the public key, and
               * versions of NSS prior to 3.4 stored the public key as
               * a signed integer.  The public key is now treated as an
               * unsigned integer, with no leading zero.  In order to
               * correctly compute the hash of an old key, it is necessary
               * to fallback and detect the leading zero.
               */
              SHA1_HashBuf(hashKey, 
                           (unsigned char *)key->data + 1, key->size - 1);
              haveMatch = SECITEM_ItemsAreEqual(keyData->id,&result);
           }
       }
       if (haveMatch) {
           if (keyData->classFlags & NSC_PRIVATE)  {
              sftk_addHandle(keyData->searchHandles,
                     sftk_mkHandle(slot,&tmpDBKey,SFTK_TOKEN_TYPE_PRIV));
           }
           if (keyData->classFlags & NSC_PUBLIC) {
              sftk_addHandle(keyData->searchHandles,
                     sftk_mkHandle(slot,&tmpDBKey,SFTK_TOKEN_TYPE_PUB));
           }
           if (keyData->classFlags & NSC_KEY) {
              sftk_addHandle(keyData->searchHandles,
                     sftk_mkHandle(slot,&tmpDBKey,SFTK_TOKEN_TYPE_KEY));
           }
       }
       return SECSuccess;
    }

    privKey = nsslowkey_FindKeyByPublicKey(keyData->keyHandle, &tmpDBKey, 
                                           keyData->slot->password);
    if ( privKey == NULL ) {
       goto loser;
    }

    if (isSecretKey(privKey)) {
       if ((keyData->classFlags & NSC_KEY) && 
              sftk_tokenMatch(keyData->slot, &tmpDBKey, SFTK_TOKEN_TYPE_KEY,
                     keyData->template, keyData->templ_count)) {
           sftk_addHandle(keyData->searchHandles,
              sftk_mkHandle(keyData->slot, &tmpDBKey, SFTK_TOKEN_TYPE_KEY));
       }
    } else {
       if ((keyData->classFlags & NSC_PRIVATE) && 
              sftk_tokenMatch(keyData->slot, &tmpDBKey, SFTK_TOKEN_TYPE_PRIV,
                     keyData->template, keyData->templ_count)) {
           sftk_addHandle(keyData->searchHandles,
              sftk_mkHandle(keyData->slot,&tmpDBKey,SFTK_TOKEN_TYPE_PRIV));
       }
       if ((keyData->classFlags & NSC_PUBLIC) && 
              sftk_tokenMatch(keyData->slot, &tmpDBKey, SFTK_TOKEN_TYPE_PUB,
                     keyData->template, keyData->templ_count)) {
           sftk_addHandle(keyData->searchHandles,
              sftk_mkHandle(keyData->slot, &tmpDBKey,SFTK_TOKEN_TYPE_PUB));
       }
    }

loser:
    if ( privKey ) {
       nsslowkey_DestroyPrivateKey(privKey);
    }
    return(SECSuccess);
}

Here is the call graph for this function:

Here is the caller graph for this function:

unsigned int sftk_MapTrust ( CK_TRUST  trust,
PRBool  clientAuth 
)

Definition at line 747 of file pkcs11.c.

{
    unsigned int trustCA = clientAuth ? CERTDB_TRUSTED_CLIENT_CA :
                                                 CERTDB_TRUSTED_CA;
    switch (trust) {
    case CKT_NETSCAPE_TRUSTED:
       return CERTDB_VALID_PEER|CERTDB_TRUSTED;
    case CKT_NETSCAPE_TRUSTED_DELEGATOR:
       return CERTDB_VALID_CA|trustCA;
    case CKT_NETSCAPE_UNTRUSTED:
       return CERTDB_NOT_TRUSTED;
    case CKT_NETSCAPE_MUST_VERIFY:
       return 0;
    case CKT_NETSCAPE_VALID: /* implies must verify */
       return CERTDB_VALID_PEER;
    case CKT_NETSCAPE_VALID_DELEGATOR: /* implies must verify */
       return CERTDB_VALID_CA;
    default:
       break;
    }
    return CERTDB_TRUSTED_UNKNOWN;
}

Definition at line 3374 of file pkcs11.c.

{
    CK_ULONG i;
    CK_FLAGS flags;

    switch (op) {
    case CKA_ENCRYPT:         flags = CKF_ENCRYPT;         break;
    case CKA_DECRYPT:         flags = CKF_DECRYPT;         break;
    case CKA_WRAP:            flags = CKF_WRAP;            break;
    case CKA_UNWRAP:          flags = CKF_UNWRAP;          break;
    case CKA_SIGN:            flags = CKF_SIGN;            break;
    case CKA_SIGN_RECOVER:    flags = CKF_SIGN_RECOVER;    break;
    case CKA_VERIFY:          flags = CKF_VERIFY;          break;
    case CKA_VERIFY_RECOVER:  flags = CKF_VERIFY_RECOVER;  break;
    case CKA_DERIVE:          flags = CKF_DERIVE;          break;
    default:
       return CKR_ARGUMENTS_BAD;
    }
    for (i=0; i < mechanismCount; i++) {
        if (type == mechanisms[i].type) {
           return (flags & mechanisms[i].info.flags) ? CKR_OK 
                                                     : CKR_MECHANISM_INVALID;
       }
    }
    return CKR_MECHANISM_INVALID;
}
static NSSLOWKEYPrivateKey * sftk_mkPrivKey ( SFTKObject *  object,
CK_KEY_TYPE  key,
CK_RV rvp 
) [static]

Definition at line 1995 of file pkcs11.c.

{
    NSSLOWKEYPrivateKey *privKey;
    PLArenaPool *arena;
    CK_RV crv = CKR_OK;
    SECStatus rv;

    PORT_Assert(!sftk_isToken(object->handle));
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if (arena == NULL) {
       *crvp = CKR_HOST_MEMORY;
       return NULL;
    }

    privKey = (NSSLOWKEYPrivateKey *)
                     PORT_ArenaZAlloc(arena,sizeof(NSSLOWKEYPrivateKey));
    if (privKey == NULL)  {
       PORT_FreeArena(arena,PR_FALSE);
       *crvp = CKR_HOST_MEMORY;
       return NULL;
    }

    /* in future this would be a switch on key_type */
    privKey->arena = arena;
    switch (key_type) {
    case CKK_RSA:
       privKey->keyType = NSSLOWKEYRSAKey;
       crv=sftk_Attribute2SSecItem(arena,&privKey->u.rsa.modulus,
                                                 object,CKA_MODULUS);
       if (crv != CKR_OK) break;
       crv=sftk_Attribute2SSecItem(arena,&privKey->u.rsa.publicExponent,object,
                                                 CKA_PUBLIC_EXPONENT);
       if (crv != CKR_OK) break;
       crv=sftk_Attribute2SSecItem(arena,&privKey->u.rsa.privateExponent,object,
                                                 CKA_PRIVATE_EXPONENT);
       if (crv != CKR_OK) break;
       crv=sftk_Attribute2SSecItem(arena,&privKey->u.rsa.prime1,object,
                                                        CKA_PRIME_1);
       if (crv != CKR_OK) break;
       crv=sftk_Attribute2SSecItem(arena,&privKey->u.rsa.prime2,object,
                                                        CKA_PRIME_2);
       if (crv != CKR_OK) break;
       crv=sftk_Attribute2SSecItem(arena,&privKey->u.rsa.exponent1,
                                          object, CKA_EXPONENT_1);
       if (crv != CKR_OK) break;
       crv=sftk_Attribute2SSecItem(arena,&privKey->u.rsa.exponent2,
                                                 object, CKA_EXPONENT_2);
       if (crv != CKR_OK) break;
       crv=sftk_Attribute2SSecItem(arena,&privKey->u.rsa.coefficient,object,
                                                       CKA_COEFFICIENT);
       if (crv != CKR_OK) break;
        rv = DER_SetUInteger(privKey->arena, &privKey->u.rsa.version,
                          NSSLOWKEY_VERSION);
       if (rv != SECSuccess) crv = CKR_HOST_MEMORY;
       break;

    case CKK_DSA:
       privKey->keyType = NSSLOWKEYDSAKey;
       crv = sftk_Attribute2SSecItem(arena,&privKey->u.dsa.params.prime,
                                                 object,CKA_PRIME);
       if (crv != CKR_OK) break;
       crv = sftk_Attribute2SSecItem(arena,&privKey->u.dsa.params.subPrime,
                                                 object,CKA_SUBPRIME);
       if (crv != CKR_OK) break;
       crv = sftk_Attribute2SSecItem(arena,&privKey->u.dsa.params.base,
                                                 object,CKA_BASE);
       if (crv != CKR_OK) break;
       crv = sftk_Attribute2SSecItem(arena,&privKey->u.dsa.privateValue,
                                                 object,CKA_VALUE);
       if (crv != CKR_OK) break;
       if (sftk_hasAttribute(object,CKA_NETSCAPE_DB)) {
           crv = sftk_Attribute2SSecItem(arena, &privKey->u.dsa.publicValue,
                                  object,CKA_NETSCAPE_DB);
           /* privKey was zero'd so public value is already set to NULL, 0
            * if we don't set it explicitly */
       }
       break;

    case CKK_DH:
       privKey->keyType = NSSLOWKEYDHKey;
       crv = sftk_Attribute2SSecItem(arena,&privKey->u.dh.prime,
                                                 object,CKA_PRIME);
       if (crv != CKR_OK) break;
       crv = sftk_Attribute2SSecItem(arena,&privKey->u.dh.base,
                                                 object,CKA_BASE);
       if (crv != CKR_OK) break;
       crv = sftk_Attribute2SSecItem(arena,&privKey->u.dh.privateValue,
                                                 object,CKA_VALUE);
       if (crv != CKR_OK) break;
       if (sftk_hasAttribute(object,CKA_NETSCAPE_DB)) {
           crv = sftk_Attribute2SSecItem(arena, &privKey->u.dh.publicValue,
                                  object,CKA_NETSCAPE_DB);
           /* privKey was zero'd so public value is already set to NULL, 0
            * if we don't set it explicitly */
       }
       break;

#ifdef NSS_ENABLE_ECC
    case CKK_EC:
       privKey->keyType = NSSLOWKEYECKey;
       crv = sftk_Attribute2SSecItem(arena, 
                                     &privKey->u.ec.ecParams.DEREncoding,
                                     object,CKA_EC_PARAMS);
       if (crv != CKR_OK) break;

       /* Fill out the rest of the ecParams structure
        * based on the encoded params
        */
       if (EC_FillParams(arena, &privKey->u.ec.ecParams.DEREncoding,
                  &privKey->u.ec.ecParams) != SECSuccess) {
           crv = CKR_DOMAIN_PARAMS_INVALID;
           break;
       }
       crv = sftk_Attribute2SSecItem(arena,&privKey->u.ec.privateValue,
                                                 object,CKA_VALUE);
       if (crv != CKR_OK) break;
       if (sftk_hasAttribute(object,CKA_NETSCAPE_DB)) {
           crv = sftk_Attribute2SSecItem(arena, &privKey->u.ec.publicValue,
                                  object,CKA_NETSCAPE_DB);
           if (crv != CKR_OK) break;
           /* privKey was zero'd so public value is already set to NULL, 0
            * if we don't set it explicitly */
       }
        rv = DER_SetUInteger(privKey->arena, &privKey->u.ec.version,
                          NSSLOWKEY_EC_PRIVATE_KEY_VERSION);
       if (rv != SECSuccess) crv = CKR_HOST_MEMORY;
       break;
#endif /* NSS_ENABLE_ECC */

    default:
       crv = CKR_KEY_TYPE_INCONSISTENT;
       break;
    }
    *crvp = crv;
    if (crv != CKR_OK) {
       PORT_FreeArena(arena,PR_FALSE);
       return NULL;
    }
    return privKey;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static NSSLOWKEYPrivateKey * sftk_mkSecretKeyRep ( SFTKObject *  object) [static]

Definition at line 2229 of file pkcs11.c.

{
    NSSLOWKEYPrivateKey *privKey = 0;
    PLArenaPool *arena = 0;
    CK_KEY_TYPE keyType;
    PRUint32 keyTypeStorage;
    SECItem keyTypeItem;
    CK_RV crv;
    SECStatus rv;
    static unsigned char derZero[1] = { 0 };

    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if (arena == NULL) { crv = CKR_HOST_MEMORY; goto loser; }

    privKey = (NSSLOWKEYPrivateKey *)
                     PORT_ArenaZAlloc(arena,sizeof(NSSLOWKEYPrivateKey));
    if (privKey == NULL) { crv = CKR_HOST_MEMORY; goto loser; }

    privKey->arena = arena;

    /* Secret keys are represented in the database as "fake" RSA keys.  The RSA key
     * is marked as a secret key representation by setting the public exponent field
     * to 0, which is an invalid RSA exponent.  The other fields are set as follows:
     *   modulus - CKA_ID value for the secret key
     *   private exponent - CKA_VALUE (the key itself)
     *   coefficient - CKA_KEY_TYPE, which indicates what encryption algorithm
     *      is used for the key.
     *   all others - set to integer 0
     */
    privKey->keyType = NSSLOWKEYRSAKey;

    /* The modulus is set to the key id of the symmetric key */
    crv=sftk_Attribute2SecItem(arena,&privKey->u.rsa.modulus,object,CKA_ID);
    if (crv != CKR_OK) goto loser;

    /* The public exponent is set to 0 length to indicate a special key */
    privKey->u.rsa.publicExponent.len = sizeof derZero;
    privKey->u.rsa.publicExponent.data = derZero;

    /* The private exponent is the actual key value */
    crv=sftk_Attribute2SecItem(arena,&privKey->u.rsa.privateExponent,object,CKA_VALUE);
    if (crv != CKR_OK) goto loser;

    /* All other fields empty - needs testing */
    privKey->u.rsa.prime1.len = sizeof derZero;
    privKey->u.rsa.prime1.data = derZero;

    privKey->u.rsa.prime2.len = sizeof derZero;
    privKey->u.rsa.prime2.data = derZero;

    privKey->u.rsa.exponent1.len = sizeof derZero;
    privKey->u.rsa.exponent1.data = derZero;

    privKey->u.rsa.exponent2.len = sizeof derZero;
    privKey->u.rsa.exponent2.data = derZero;

    /* Coeficient set to KEY_TYPE */
    crv = sftk_GetULongAttribute(object, CKA_KEY_TYPE, &keyType);
    if (crv != CKR_OK) goto loser; 
    /* on 64 bit platforms, we still want to store 32 bits of keyType (This is
     * safe since the PKCS #11 defines for all types are 32 bits or less). */
    keyTypeStorage = (PRUint32) keyType;
    keyTypeStorage = PR_htonl(keyTypeStorage);
    keyTypeItem.data = (unsigned char *)&keyTypeStorage;
    keyTypeItem.len = sizeof (keyTypeStorage);
    rv = SECITEM_CopyItem(arena, &privKey->u.rsa.coefficient, &keyTypeItem);
    if (rv != SECSuccess) {
       crv = CKR_HOST_MEMORY;
       goto loser;
    }
    
    /* Private key version field set normally for compatibility */
    rv = DER_SetUInteger(privKey->arena, 
                     &privKey->u.rsa.version, NSSLOWKEY_VERSION);
    if (rv != SECSuccess) { crv = CKR_HOST_MEMORY; goto loser; }

loser:
    if (crv != CKR_OK) {
       PORT_FreeArena(arena,PR_FALSE);
       privKey = 0;
    }

    return privKey;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static CK_RV sftk_RegisterSlot ( SFTKSlot *  slot,
int  moduleIndex 
) [static]

Definition at line 2445 of file pkcs11.c.

{
    PLHashEntry *entry;
    int index;

    index = sftk_GetModuleIndex(slot->slotID);

    /* make sure the slotID for this module is valid */
    if (moduleIndex != index) {
       return CKR_SLOT_ID_INVALID;
    }

    if (nscSlotList[index] == NULL) {
       nscSlotListSize[index] = NSC_SLOT_LIST_BLOCK_SIZE;
       nscSlotList[index] = (CK_SLOT_ID *)
              PORT_ZAlloc(nscSlotListSize[index]*sizeof(CK_SLOT_ID));
       if (nscSlotList[index] == NULL) {
           return CKR_HOST_MEMORY;
       }
    }
    if (nscSlotCount[index] >= nscSlotListSize[index]) {
       CK_SLOT_ID* oldNscSlotList = nscSlotList[index];
       CK_ULONG oldNscSlotListSize = nscSlotListSize[index];
       nscSlotListSize[index] += NSC_SLOT_LIST_BLOCK_SIZE;
       nscSlotList[index] = (CK_SLOT_ID *) PORT_Realloc(oldNscSlotList,
                            nscSlotListSize[index]*sizeof(CK_SLOT_ID));
       if (nscSlotList[index] == NULL) {
            nscSlotList[index] = oldNscSlotList;
            nscSlotListSize[index] = oldNscSlotListSize;
            return CKR_HOST_MEMORY;
       }
    }

    if (nscSlotHashTable[index] == NULL) {
       nscSlotHashTable[index] = PL_NewHashTable(64,sftk_HashNumber,
                            PL_CompareValues, PL_CompareValues, NULL, 0);
       if (nscSlotHashTable[index] == NULL) {
           return CKR_HOST_MEMORY;
       }
    }

    entry = PL_HashTableAdd(nscSlotHashTable[index],(void *)slot->slotID,slot);
    if (entry == NULL) {
       return CKR_HOST_MEMORY;
    }
    slot->index = (nscSlotCount[index] & 0x7f) | ((index << 7) & 0x80);
    nscSlotList[index][nscSlotCount[index]++] = slot->slotID;

    return CKR_OK;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static void sftk_searchCertsAndTrust ( SFTKSlot *  slot,
SECItem *  derCert,
SECItem *  name,
SECItem *  derSubject,
NSSLOWCERTIssuerAndSN *  issuerSN,
SECItem *  email,
unsigned long  classFlags,
SFTKSearchResults *  handles,
CK_ATTRIBUTE pTemplate,
CK_LONG  ulCount 
) [static]

Definition at line 4698 of file pkcs11.c.

{
    NSSLOWCERTCertDBHandle *certHandle = NULL;
    sftkCertData certData;
    int i;

    certHandle = sftk_getCertDB(slot);
    if (certHandle == NULL) return;

    certData.slot = slot;
    certData.max_cert_count = 0;
    certData.certs = NULL;
    certData.cert_count = 0;
    certData.template = pTemplate;
    certData.templ_count = ulCount;
    certData.classFlags = classFlags; 
    certData.strict = NSC_STRICT; 


    /*
     * Find the Cert.
     */
    if (derCert->data != NULL) {
       NSSLOWCERTCertificate *cert = 
                     nsslowcert_FindCertByDERCert(certHandle,derCert);
       sftk_searchSingleCert(&certData,cert);
    } else if (name->data != NULL) {
       char *tmp_name = (char*)PORT_Alloc(name->len+1);
       int count;

       if (tmp_name == NULL) {
           return;
       }
       PORT_Memcpy(tmp_name,name->data,name->len);
       tmp_name[name->len] = 0;

       count= nsslowcert_NumPermCertsForNickname(certHandle,tmp_name);
       sftk_CertSetupData(&certData,count);
       nsslowcert_TraversePermCertsForNickname(certHandle,tmp_name,
                            sftk_cert_collect, &certData);
       PORT_Free(tmp_name);
    } else if (derSubject->data != NULL) {
       int count;

       count = nsslowcert_NumPermCertsForSubject(certHandle,derSubject);
       sftk_CertSetupData(&certData,count);
       nsslowcert_TraversePermCertsForSubject(certHandle,derSubject,
                            sftk_cert_collect, &certData);
    } else if ((issuerSN->derIssuer.data != NULL) && 
                     (issuerSN->serialNumber.data != NULL)) {
        if (classFlags & NSC_CERT) {
           NSSLOWCERTCertificate *cert = 
              nsslowcert_FindCertByIssuerAndSN(certHandle,issuerSN);

           sftk_searchSingleCert(&certData,cert);
       }
       if (classFlags & NSC_TRUST) {
           NSSLOWCERTTrust *trust = 
              nsslowcert_FindTrustByIssuerAndSN(certHandle, issuerSN);

           if (trust) {
              sftk_addHandle(handles,
                  sftk_mkHandle(slot,&trust->dbKey,SFTK_TOKEN_TYPE_TRUST));
              nsslowcert_DestroyTrust(trust);
           }
       }
    } else if (email->data != NULL) {
       char *tmp_name = (char*)PORT_Alloc(email->len+1);
       certDBEntrySMime *entry = NULL;

       if (tmp_name == NULL) {
           return;
       }
       PORT_Memcpy(tmp_name,email->data,email->len);
       tmp_name[email->len] = 0;

       entry = nsslowcert_ReadDBSMimeEntry(certHandle,tmp_name);
       if (entry) {
           int count;
           SECItem *subjectName = &entry->subjectName;

           count = nsslowcert_NumPermCertsForSubject(certHandle, subjectName);
           sftk_CertSetupData(&certData,count);
           nsslowcert_TraversePermCertsForSubject(certHandle, subjectName, 
                                          sftk_cert_collect, &certData);

           nsslowcert_DestroyDBEntry((certDBEntry *)entry);
       }
       PORT_Free(tmp_name);
    } else {
       /* we aren't filtering the certs, we are working on all, so turn
        * on the strict filters. */
       certData.strict = PR_TRUE;
       sftk_CertSetupData(&certData,NSC_CERT_BLOCK_SIZE);
       nsslowcert_TraversePermCerts(certHandle, sftk_cert_collect2, &certData);
    }
    sftk_freeCertDB(certHandle);

    /*
     * build the handles
     */       
    for (i=0 ; i < certData.cert_count ; i++) {
       NSSLOWCERTCertificate *cert = certData.certs[i];

       /* if we filtered it would have been on the stuff above */
       if (classFlags & NSC_CERT) {
           sftk_addHandle(handles,
              sftk_mkHandle(slot,&cert->certKey,SFTK_TOKEN_TYPE_CERT));
       }
       if ((classFlags & NSC_TRUST) && nsslowcert_hasTrust(cert->trust)) {
           sftk_addHandle(handles,
              sftk_mkHandle(slot,&cert->certKey,SFTK_TOKEN_TYPE_TRUST));
       }
       nsslowcert_DestroyCertificate(cert);
    }

    if (certData.certs) PORT_Free(certData.certs);
    return;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static void sftk_searchCrls ( SFTKSlot *  slot,
SECItem *  derSubject,
PRBool  isKrl,
unsigned long  classFlags,
SFTKSearchResults *  search,
CK_ATTRIBUTE pTemplate,
CK_ULONG  ulCount 
) [static]

Definition at line 4378 of file pkcs11.c.

{
    NSSLOWCERTCertDBHandle *certHandle = NULL;

    certHandle = sftk_getCertDB(slot);
    if (certHandle == NULL) {
       return;
    }
    if (derSubject->data != NULL)  {
       certDBEntryRevocation *crl = 
           nsslowcert_FindCrlByKey(certHandle, derSubject, isKrl);

       if (crl != NULL) {
           sftk_addHandle(search, sftk_mkHandle(slot, derSubject,
              isKrl ? SFTK_TOKEN_KRL_HANDLE : SFTK_TOKEN_TYPE_CRL));
           nsslowcert_DestroyDBEntry((certDBEntry *)crl);
       }
    } else {
       sftkCrlData crlData;

       /* traverse */
       crlData.slot = slot;
       crlData.searchHandles = search;
       crlData.template = pTemplate;
       crlData.templ_count = ulCount;
       nsslowcert_TraverseDBEntries(certHandle, certDBEntryTypeRevocation,
              sftk_crl_collect, (void *)&crlData);
       nsslowcert_TraverseDBEntries(certHandle, certDBEntryTypeKeyRevocation,
              sftk_crl_collect, (void *)&crlData);
    } 
    sftk_freeCertDB(certHandle);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static void sftk_searchKeys ( SFTKSlot *  slot,
SECItem *  key_id,
PRBool  isLoggedIn,
unsigned long  classFlags,
SFTKSearchResults *  search,
PRBool  mustStrict,
CK_ATTRIBUTE pTemplate,
CK_ULONG  ulCount 
) [static]

Definition at line 4533 of file pkcs11.c.

{
    NSSLOWKEYDBHandle *keyHandle = NULL;
    NSSLOWKEYPrivateKey *privKey;
    sftkKeyData keyData;
    PRBool found = PR_FALSE;

    keyHandle = sftk_getKeyDB(slot);
    if (keyHandle == NULL) {
       return;
    }

    if (key_id->data) {
       privKey = nsslowkey_FindKeyByPublicKey(keyHandle, key_id, slot->password);
       if (privKey) {
           if ((classFlags & NSC_KEY) && isSecretKey(privKey)) {
               sftk_addHandle(search,
                     sftk_mkHandle(slot,key_id,SFTK_TOKEN_TYPE_KEY));
              found = PR_TRUE;
           }
           if ((classFlags & NSC_PRIVATE) && !isSecretKey(privKey)) {
               sftk_addHandle(search,
                     sftk_mkHandle(slot,key_id,SFTK_TOKEN_TYPE_PRIV));
              found = PR_TRUE;
           }
           if ((classFlags & NSC_PUBLIC) && !isSecretKey(privKey)) {
               sftk_addHandle(search,
                     sftk_mkHandle(slot,key_id,SFTK_TOKEN_TYPE_PUB));
              found = PR_TRUE;
           }
           nsslowkey_DestroyPrivateKey(privKey);
       }
       /* don't do the traversal if we have an up to date db */
       if (keyHandle->version != 3) {
           goto loser;
       }
       /* don't do the traversal if it can't possibly be the correct id */
       /* all soft token id's are SHA1_HASH_LEN's */
       if (key_id->len != SHA1_LENGTH) {
           goto loser;
       }
       if (found) {
          /* if we already found some keys, don't do the traversal */
          goto loser;
       }
    }
    keyData.slot = slot;
    keyData.keyHandle = keyHandle;
    keyData.searchHandles = search;
    keyData.id = key_id;
    keyData.template = pTemplate;
    keyData.templ_count = ulCount;
    keyData.isLoggedIn = isLoggedIn;
    keyData.classFlags = classFlags;
    keyData.strict = mustStrict ? mustStrict : NSC_STRICT;

    nsslowkey_TraverseKeys(keyHandle, sftk_key_collect, &keyData);
loser:
    sftk_freeKeyDB(keyHandle);
       
}

Here is the call graph for this function:

Here is the caller graph for this function:

static void sftk_searchSingleCert ( sftkCertData certData,
NSSLOWCERTCertificate *  cert 
) [static]

Definition at line 4663 of file pkcs11.c.

{
    if (cert == NULL) {
           return;
    }
    if (certData->strict && 
       !sftk_tokenMatch(certData->slot, &cert->certKey, SFTK_TOKEN_TYPE_CERT, 
                            certData->template,certData->templ_count)) {
       nsslowcert_DestroyCertificate(cert);
       return;
    }
    certData->certs = (NSSLOWCERTCertificate **) 
                            PORT_Alloc(sizeof (NSSLOWCERTCertificate *));
    if (certData->certs == NULL) {
       nsslowcert_DestroyCertificate(cert);
       return;
    }
    certData->certs[0] = cert;
    certData->cert_count = 1;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static void sftk_searchSMime ( SFTKSlot *  slot,
SECItem *  email,
SFTKSearchResults *  handles,
CK_ATTRIBUTE pTemplate,
CK_LONG  ulCount 
) [static]

Definition at line 4823 of file pkcs11.c.

{
    NSSLOWCERTCertDBHandle *certHandle = NULL;
    certDBEntrySMime *entry;

    certHandle = sftk_getCertDB(slot);
    if (certHandle == NULL) return;

    if (email->data != NULL) {
       char *tmp_name = (char*)PORT_Alloc(email->len+1);

       if (tmp_name == NULL) {
           sftk_freeCertDB(certHandle);
           return;
       }
       PORT_Memcpy(tmp_name,email->data,email->len);
       tmp_name[email->len] = 0;

       entry = nsslowcert_ReadDBSMimeEntry(certHandle,tmp_name);
       if (entry) {
           SECItem emailKey;

           emailKey.data = (unsigned char *)tmp_name;
           emailKey.len = PORT_Strlen(tmp_name)+1;
           emailKey.type = 0;
           sftk_addHandle(handles,
              sftk_mkHandle(slot,&emailKey,SFTK_TOKEN_TYPE_SMIME));
           nsslowcert_DestroyDBEntry((certDBEntry *)entry);
       }
       PORT_Free(tmp_name);
    }
    sftk_freeCertDB(certHandle);
    return;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static CK_RV sftk_searchTokenList ( SFTKSlot *  slot,
SFTKSearchResults *  search,
CK_ATTRIBUTE pTemplate,
CK_LONG  ulCount,
PRBool tokenOnly,
PRBool  isLoggedIn 
) [static]

Definition at line 4860 of file pkcs11.c.

{
    int i;
    PRBool isKrl = PR_FALSE;
    SECItem derCert = { siBuffer, NULL, 0 };
    SECItem derSubject = { siBuffer, NULL, 0 };
    SECItem name = { siBuffer, NULL, 0 };
    SECItem email = { siBuffer, NULL, 0 };
    SECItem key_id = { siBuffer, NULL, 0 };
    SECItem cert_sha1_hash = { siBuffer, NULL, 0 };
    SECItem cert_md5_hash  = { siBuffer, NULL, 0 };
    NSSLOWCERTIssuerAndSN issuerSN = {
       { siBuffer, NULL, 0 },
       { siBuffer, NULL, 0 }
    };
    SECItem *copy = NULL;
    unsigned long classFlags = 
       NSC_CERT|NSC_TRUST|NSC_PRIVATE|NSC_PUBLIC|NSC_KEY|NSC_SMIME|NSC_CRL;

    /* if we aren't logged in, don't look for private or secret keys */
    if (!isLoggedIn) {
       classFlags &= ~(NSC_PRIVATE|NSC_KEY);
    }

    /*
     * look for things to search on token objects for. If the right options
     * are specified, we can use them as direct indeces into the database
     * (rather than using linear searches. We can also use the attributes to
     * limit the kinds of objects we are searching for. Later we can use this
     * array to filter the remaining objects more finely.
     */
    for (i=0 ;classFlags && i < (int)ulCount; i++) {

       switch (pTemplate[i].type) {
       case CKA_SUBJECT:
           copy = &derSubject;
           classFlags &= (NSC_CERT|NSC_PRIVATE|NSC_PUBLIC|NSC_SMIME|NSC_CRL);
           break;
       case CKA_ISSUER: 
           copy = &issuerSN.derIssuer;
           classFlags &= (NSC_CERT|NSC_TRUST);
           break;
       case CKA_SERIAL_NUMBER: 
           copy = &issuerSN.serialNumber;
           classFlags &= (NSC_CERT|NSC_TRUST);
           break;
       case CKA_VALUE:
           copy = &derCert;
           classFlags &= (NSC_CERT|NSC_CRL|NSC_SMIME);
           break;
       case CKA_LABEL:
           copy = &name;
           break;
       case CKA_NETSCAPE_EMAIL:
           copy = &email;
           classFlags &= NSC_SMIME|NSC_CERT;
           break;
       case CKA_NETSCAPE_SMIME_TIMESTAMP:
           classFlags &= NSC_SMIME;
           break;
       case CKA_CLASS:
           if (pTemplate[i].ulValueLen != sizeof(CK_OBJECT_CLASS)) {
              classFlags = 0;
              break;;
           }
           switch (*((CK_OBJECT_CLASS *)pTemplate[i].pValue)) {
           case CKO_CERTIFICATE:
              classFlags &= NSC_CERT;
              break;
           case CKO_NETSCAPE_TRUST:
              classFlags &= NSC_TRUST;
              break;
           case CKO_NETSCAPE_CRL:
              classFlags &= NSC_CRL;
              break;
           case CKO_NETSCAPE_SMIME:
              classFlags &= NSC_SMIME;
              break;
           case CKO_PRIVATE_KEY:
              classFlags &= NSC_PRIVATE;
              break;
           case CKO_PUBLIC_KEY:
              classFlags &= NSC_PUBLIC;
              break;
           case CKO_SECRET_KEY:
              classFlags &= NSC_KEY;
              break;
           default:
              classFlags = 0;
              break;
           }
           break;
       case CKA_PRIVATE:
           if (pTemplate[i].ulValueLen != sizeof(CK_BBOOL)) {
              classFlags = 0;
           }
           if (*((CK_BBOOL *)pTemplate[i].pValue) == CK_TRUE) {
              classFlags &= (NSC_PRIVATE|NSC_KEY);
           } else {
              classFlags &= ~(NSC_PRIVATE|NSC_KEY);
           }
           break;
       case CKA_SENSITIVE:
           if (pTemplate[i].ulValueLen != sizeof(CK_BBOOL)) {
              classFlags = 0;
           }
           if (*((CK_BBOOL *)pTemplate[i].pValue) == CK_TRUE) {
              classFlags &= (NSC_PRIVATE|NSC_KEY);
           } else {
              classFlags = 0;
           }
           break;
       case CKA_TOKEN:
           if (pTemplate[i].ulValueLen != sizeof(CK_BBOOL)) {
              classFlags = 0;
           }
           if (*((CK_BBOOL *)pTemplate[i].pValue) == CK_TRUE) {
              *tokenOnly = PR_TRUE;
           } else {
              classFlags = 0;
           }
           break;
       case CKA_CERT_SHA1_HASH:
           classFlags &= NSC_TRUST;
           copy = &cert_sha1_hash; break;
       case CKA_CERT_MD5_HASH:
           classFlags &= NSC_TRUST;
           copy = &cert_md5_hash; break;
       case CKA_CERTIFICATE_TYPE:
           if (pTemplate[i].ulValueLen != sizeof(CK_CERTIFICATE_TYPE)) {
              classFlags = 0;
           }
           classFlags &= NSC_CERT;
           if (*((CK_CERTIFICATE_TYPE *)pTemplate[i].pValue) != CKC_X_509) {
              classFlags = 0;
           }
           break;
       case CKA_ID:
           copy = &key_id;
           classFlags &= (NSC_CERT|NSC_PRIVATE|NSC_KEY|NSC_PUBLIC);
           break;
       case CKA_NETSCAPE_KRL:
           if (pTemplate[i].ulValueLen != sizeof(CK_BBOOL)) {
              classFlags = 0;
           }
           classFlags &= NSC_CRL;
           isKrl = (PRBool)(*((CK_BBOOL *)pTemplate[i].pValue) == CK_TRUE);
           break;
       case CKA_MODIFIABLE:
            break;
       case CKA_KEY_TYPE:
       case CKA_DERIVE:
           classFlags &= NSC_PUBLIC|NSC_PRIVATE|NSC_KEY;
           break;
       case CKA_VERIFY_RECOVER:
           classFlags &= NSC_PUBLIC;
           break;
       case CKA_SIGN_RECOVER:
           classFlags &= NSC_PRIVATE;
           break;
       case CKA_ENCRYPT:
       case CKA_VERIFY:
       case CKA_WRAP:
           classFlags &= NSC_PUBLIC|NSC_KEY;
           break;
       case CKA_DECRYPT:
       case CKA_SIGN:
       case CKA_UNWRAP:
       case CKA_ALWAYS_SENSITIVE:
       case CKA_EXTRACTABLE:
       case CKA_NEVER_EXTRACTABLE:
           classFlags &= NSC_PRIVATE|NSC_KEY;
           break;
       /* can't be a certificate if it doesn't match one of the above 
        * attributes */
       default: 
            classFlags  = 0;
            break;
       }
       if (copy) {
           copy->data = (unsigned char*)pTemplate[i].pValue;
           copy->len = pTemplate[i].ulValueLen;
       }
       copy = NULL;
    }


    /* certs */
    if (classFlags & (NSC_CERT|NSC_TRUST)) {
       sftk_searchCertsAndTrust(slot,&derCert,&name,&derSubject,
                             &issuerSN, &email,classFlags,search, 
                            pTemplate, ulCount);
    }

    /* keys */
    if (classFlags & (NSC_PRIVATE|NSC_PUBLIC|NSC_KEY)) {
       PRBool mustStrict = ((classFlags & NSC_KEY) != 0) && (name.len != 0);
       sftk_searchKeys(slot, &key_id, isLoggedIn, classFlags, search,
                      mustStrict, pTemplate, ulCount);
    }

    /* crl's */
    if (classFlags & NSC_CRL) {
       sftk_searchCrls(slot, &derSubject, isKrl, classFlags, search,
                     pTemplate, ulCount);
    }
    /* Add S/MIME entry stuff */
    if (classFlags & NSC_SMIME) {
       sftk_searchSMime(slot, &email, search, pTemplate, ulCount);
    }
    return CKR_OK;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus sftk_set_user ( NSSLOWCERTCertificate *  cert,
SECItem *  dummy,
void arg 
) [static]

Definition at line 2502 of file pkcs11.c.

{
    sftkDBs *param = (sftkDBs *)arg;
    NSSLOWCERTCertTrust trust = *cert->trust;

    if (param->keyHandle && 
                nsslowkey_KeyForCertExists(param->keyHandle,cert)) {
       trust.sslFlags |= CERTDB_USER;
       trust.emailFlags |= CERTDB_USER;
       trust.objectSigningFlags |= CERTDB_USER;
    } else {
       trust.sslFlags &= ~CERTDB_USER;
       trust.emailFlags &= ~CERTDB_USER;
       trust.objectSigningFlags &= ~CERTDB_USER;
    }

    if (PORT_Memcmp(&trust,cert->trust, sizeof (trust)) != 0) {
       nsslowcert_ChangeCertTrust(param->certHandle, cert, &trust);
    }

    /* should check for email address and make sure we have an s/mime profile */
    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static char* sftk_setStringName ( const char *  inString,
char *  buffer,
int  buffer_length 
) [static]

Definition at line 457 of file pkcs11.c.

{
    int full_length, string_length;

    full_length = buffer_length -1;
    string_length = PORT_Strlen(inString);
    /* 
     *  shorten the string, respecting utf8 encoding
     *  to do so, we work backward from the end 
     *  bytes looking from the end are either:
     *    - ascii [0x00,0x7f]
     *    - the [2-n]th byte of a multibyte sequence 
     *        [0x3F,0xBF], i.e, most significant 2 bits are '10'
     *    - the first byte of a multibyte sequence [0xC0,0xFD],
     *        i.e, most significant 2 bits are '11'
     *
     *    When the string is too long, we lop off any trailing '10' bytes,
     *  if any. When these are all eliminated we lop off
     *  one additional byte. Thus if we lopped any '10'
     *  we'll be lopping a '11' byte (the first byte of the multibyte sequence),
     *  otherwise we're lopping off an ascii character.
     *
     *    To test for '10' bytes, we first AND it with 
     *  11000000 (0xc0) so that we get 10000000 (0x80) if and only if
     *  the byte starts with 10. We test for equality.
     */
    while ( string_length > full_length ) {
       /* need to shorten */
       while ( string_length > 0 && 
             ((inString[string_length-1]&(char)0xc0) == (char)0x80)) {
           /* lop off '10' byte */
           string_length--;
       }
       /* 
        * test string_length in case bad data is received
        * and string consisted of all '10' bytes,
        * avoiding any infinite loop
         */
       if ( string_length ) {
           /* remove either '11' byte or an asci byte */
           string_length--;
       }
    }
    PORT_Memset(buffer,' ',full_length);
    buffer[full_length] = 0;
    PORT_Memcpy(buffer,inString,string_length);
    return buffer;
}

Here is the caller graph for this function:

CK_RV SFTK_ShutdownSlot ( SFTKSlot *  slot)

Definition at line 2802 of file pkcs11.c.

{
    /* make sure no new PK11 calls work except C_GetSlotInfo */
    slot->present = PR_FALSE;

    /* close all outstanding sessions
     * the sessHashSize variable guarentees we have all the session
     * mechanism set up */
    if (slot->head) {
       sft_CloseAllSession(slot);
     }

    /* clear all objects.. session objects are cleared as a result of
     * closing all the sessions. We just need to clear the token object
     * cache. slot->tokenHashTable guarentees we have the token 
     * infrastructure set up. */
    if (slot->tokenHashTable) {
       SFTK_ClearTokenKeyHashTable(slot);
    }

    /* clear the slot description for the next guy */
    PORT_Memset(slot->tokDescription, 0, sizeof(slot->tokDescription));

    /* now shut down the databases. */
    sftk_DBShutdown(slot);
    return CKR_OK;
}

Here is the call graph for this function:

SFTKSlot* sftk_SlotFromID ( CK_SLOT_ID  slotID,
PRBool  all 
)

Definition at line 2418 of file pkcs11.c.

{
    SFTKSlot *slot;
    int index = sftk_GetModuleIndex(slotID);
    
    if (nscSlotHashTable[index] == NULL) return NULL;
    slot = (SFTKSlot *)PL_HashTableLookupConst(nscSlotHashTable[index], 
                                                 (void *)slotID);
    /* cleared slots shouldn't 'show up' */
    if (slot && !all && !slot->present) slot = NULL;
    return slot;
}

Here is the call graph for this function:

Definition at line 2432 of file pkcs11.c.

{
    CK_ULONG slotIDIndex = (handle >> 24) & 0x7f;
    CK_ULONG moduleIndex = (handle >> 31) & 1;

    if (slotIDIndex >= nscSlotCount[moduleIndex]) {
       return NULL;
    }

    return sftk_SlotFromID(nscSlotList[moduleIndex][slotIDIndex], PR_FALSE);
}

Here is the call graph for this function:

CK_RV SFTK_SlotInit ( char *  configdir,
sftk_token_parameters params,
int  moduleIndex 
)

Definition at line 2638 of file pkcs11.c.

{
    unsigned int i;
    CK_SLOT_ID slotID = params->slotID;
    SFTKSlot *slot;
    CK_RV crv = CKR_HOST_MEMORY;

    /*
     * first we initialize everything that is 'permanent' with this slot.
     * that is everything we aren't going to shutdown if we close this slot
     * and open it up again with different databases */

    slot = PORT_ZNew(SFTKSlot);

    if (slot == NULL) {
       return CKR_HOST_MEMORY;
    }

    slot->optimizeSpace = params->optimizeSpace;
    if (slot->optimizeSpace) {
       slot->tokObjHashSize = SPACE_TOKEN_OBJECT_HASH_SIZE;
       slot->sessHashSize = SPACE_SESSION_HASH_SIZE;
       slot->numSessionLocks = 1;
    } else {
       slot->tokObjHashSize = TIME_TOKEN_OBJECT_HASH_SIZE;
       slot->sessHashSize = TIME_SESSION_HASH_SIZE;
       slot->numSessionLocks = slot->sessHashSize/BUCKETS_PER_SESSION_LOCK;
    }
    slot->sessionLockMask = slot->numSessionLocks-1;

    slot->slotLock = PZ_NewLock(nssILockSession);
    if (slot->slotLock == NULL)
       goto mem_loser;
    slot->sessionLock = PORT_ZNewArray(PZLock *, slot->numSessionLocks);
    if (slot->sessionLock == NULL)
       goto mem_loser;
    for (i=0; i < slot->numSessionLocks; i++) {
        slot->sessionLock[i] = PZ_NewLock(nssILockSession);
        if (slot->sessionLock[i] == NULL) 
           goto mem_loser;
    }
    slot->objectLock = PZ_NewLock(nssILockObject);
    if (slot->objectLock == NULL) 
       goto mem_loser;
    slot->pwCheckLock = PR_NewLock();
    if (slot->pwCheckLock == NULL) 
       goto mem_loser;
    slot->head = PORT_ZNewArray(SFTKSession *, slot->sessHashSize);
    if (slot->head == NULL) 
       goto mem_loser;
    slot->tokObjects = PORT_ZNewArray(SFTKObject *, slot->tokObjHashSize);
    if (slot->tokObjects == NULL) 
       goto mem_loser;
    slot->tokenHashTable = PL_NewHashTable(64,sftk_HashNumber,PL_CompareValues,
                                   SECITEM_HashCompare, NULL, 0);
    if (slot->tokenHashTable == NULL) 
       goto mem_loser;

    slot->sessionIDCount = 0;
    slot->tokenIDCount = 1;
    slot->slotID = slotID;
    sftk_setStringName(params->slotdes ? params->slotdes : 
             sftk_getDefSlotName(slotID), slot->slotDescription, 
                                          sizeof(slot->slotDescription));

    /* call the reinit code to set everything that changes between token
     * init calls */
    crv = SFTK_SlotReInit(slot, configdir, params, moduleIndex);
    if (crv != CKR_OK) {
       goto loser;
    }
    crv = sftk_RegisterSlot(slot, moduleIndex);
    if (crv != CKR_OK) {
       goto loser;
    }
    return CKR_OK;

mem_loser:
    crv = CKR_HOST_MEMORY;
loser:
   SFTK_DestroySlotData(slot);
    return crv;
}

Here is the call graph for this function:

CK_RV SFTK_SlotReInit ( SFTKSlot *  slot,
char *  configdir,
sftk_token_parameters params,
int  moduleIndex 
)

Definition at line 2571 of file pkcs11.c.

{
    PRBool needLogin = !params->noKeyDB;
    CK_RV crv;

    slot->hasTokens = PR_FALSE;
    slot->sessionIDConflict = 0;
    slot->sessionCount = 0;
    slot->rwSessionCount = 0;
    slot->needLogin = PR_FALSE;
    slot->isLoggedIn = PR_FALSE;
    slot->ssoLoggedIn = PR_FALSE;
    slot->DB_loaded = PR_FALSE;
    slot->certDB = NULL;
    slot->keyDB = NULL;
    slot->minimumPinLen = 0;
    slot->readOnly = params->readOnly;
    sftk_setStringName(params->tokdes ? params->tokdes : 
       sftk_getDefTokName(slot->slotID), slot->tokDescription, 
                                          sizeof(slot->tokDescription));

    if ((!params->noCertDB) || (!params->noKeyDB)) {
       NSSLOWCERTCertDBHandle * certHandle = NULL;
       NSSLOWKEYDBHandle *keyHandle = NULL;
       crv = sftk_DBInit(params->configdir ? params->configdir : configdir,
              params->certPrefix, params->keyPrefix, params->readOnly,
              params->noCertDB, params->noKeyDB, params->forceOpen, 
                                          &certHandle, &keyHandle);
       if (crv != CKR_OK) {
           goto loser;
       }

       if (nsslowcert_needDBVerify(certHandle)) {
           sftk_DBVerify(certHandle, keyHandle);
       }
       slot->certDB = certHandle;
       slot->keyDB = keyHandle;
    }
    if (needLogin) {
       /* if the data base is initialized with a null password,remember that */
       slot->needLogin = 
              (PRBool)!sftk_hasNullPassword(slot->keyDB,&slot->password);
       if ((params->minPW >= 0) && (params->minPW <= SFTK_MAX_PIN)) {
           slot->minimumPinLen = params->minPW;
       }
       if ((slot->minimumPinLen == 0) && (params->pwRequired)) {
           slot->minimumPinLen = 1;
       }
       if ((moduleIndex == NSC_FIPS_MODULE) &&
              (slot->minimumPinLen < FIPS_MIN_PIN)) {
           slot->minimumPinLen = FIPS_MIN_PIN;
       }
    }

    slot->present = PR_TRUE;
    return CKR_OK;

loser:
    SFTK_ShutdownSlot(slot);
    return crv;
}

Here is the call graph for this function:

static SECStatus sftk_TurnOffUser ( NSSLOWCERTCertificate *  cert,
SECItem *  k,
void arg 
) [static]

Definition at line 3403 of file pkcs11.c.

{
   NSSLOWCERTCertTrust trust;
   SECStatus rv;

   rv = nsslowcert_GetCertTrust(cert,&trust);
   if (rv == SECSuccess && ((trust.emailFlags & CERTDB_USER) ||
                         (trust.sslFlags & CERTDB_USER) ||
                         (trust.objectSigningFlags & CERTDB_USER))) {
       trust.emailFlags &= ~CERTDB_USER;
       trust.sslFlags &= ~CERTDB_USER;
       trust.objectSigningFlags &= ~CERTDB_USER;
       nsslowcert_ChangeCertTrust(cert->dbhandle,cert,&trust);
   }
   return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static CK_RV validateSecretKey ( SFTKSession *  session,
SFTKObject *  object,
CK_KEY_TYPE  key_type,
PRBool  isFIPS 
) [static]

Definition at line 1411 of file pkcs11.c.

{
    CK_RV crv;
    CK_BBOOL cktrue = CK_TRUE;
    CK_BBOOL ckfalse = CK_FALSE;
    SFTKAttribute *attribute = NULL;
    unsigned long requiredLen;

    crv = sftk_defaultAttribute(object,CKA_SENSITIVE,
                            isFIPS?&cktrue:&ckfalse,sizeof(CK_BBOOL));
    if (crv != CKR_OK)  return crv; 
    crv = sftk_defaultAttribute(object,CKA_EXTRACTABLE,
                                          &cktrue,sizeof(CK_BBOOL));
    if (crv != CKR_OK)  return crv; 
    crv = sftk_defaultAttribute(object,CKA_ENCRYPT,&cktrue,sizeof(CK_BBOOL));
    if (crv != CKR_OK)  return crv; 
    crv = sftk_defaultAttribute(object,CKA_DECRYPT,&cktrue,sizeof(CK_BBOOL));
    if (crv != CKR_OK)  return crv; 
    crv = sftk_defaultAttribute(object,CKA_SIGN,&ckfalse,sizeof(CK_BBOOL));
    if (crv != CKR_OK)  return crv; 
    crv = sftk_defaultAttribute(object,CKA_VERIFY,&ckfalse,sizeof(CK_BBOOL));
    if (crv != CKR_OK)  return crv; 
    crv = sftk_defaultAttribute(object,CKA_WRAP,&cktrue,sizeof(CK_BBOOL));
    if (crv != CKR_OK)  return crv; 
    crv = sftk_defaultAttribute(object,CKA_UNWRAP,&cktrue,sizeof(CK_BBOOL));
    if (crv != CKR_OK)  return crv; 

    if ( !sftk_hasAttribute(object, CKA_VALUE)) {
       return CKR_TEMPLATE_INCOMPLETE;
    }
    /* the next two bits get modified only in the key gen and token cases */
    crv = sftk_forceAttribute(object,CKA_ALWAYS_SENSITIVE,
                                          &ckfalse,sizeof(CK_BBOOL));
    if (crv != CKR_OK)  return crv; 
    crv = sftk_forceAttribute(object,CKA_NEVER_EXTRACTABLE,
                                          &ckfalse,sizeof(CK_BBOOL));
    if (crv != CKR_OK)  return crv; 

    /* some types of keys have a value length */
    crv = CKR_OK;
    switch (key_type) {
    /* force CKA_VALUE_LEN to be set */
    case CKK_GENERIC_SECRET:
    case CKK_RC2:
    case CKK_RC4:
#if NSS_SOFTOKEN_DOES_RC5
    case CKK_RC5:
#endif
#ifdef NSS_SOFTOKEN_DOES_CAST
    case CKK_CAST:
    case CKK_CAST3:
    case CKK_CAST5:
#endif
#if NSS_SOFTOKEN_DOES_IDEA
    case CKK_IDEA:
#endif
       attribute = sftk_FindAttribute(object,CKA_VALUE);
       /* shouldn't happen */
       if (attribute == NULL) return CKR_TEMPLATE_INCOMPLETE;
       crv = sftk_forceAttribute(object, CKA_VALUE_LEN, 
                     &attribute->attrib.ulValueLen, sizeof(CK_ULONG));
       sftk_FreeAttribute(attribute);
       break;
    /* force the value to have the correct parity */
    case CKK_DES:
    case CKK_DES2:
    case CKK_DES3:
    case CKK_CDMF:
       attribute = sftk_FindAttribute(object,CKA_VALUE);
       /* shouldn't happen */
       if (attribute == NULL) 
           return CKR_TEMPLATE_INCOMPLETE;
       requiredLen = sftk_MapKeySize(key_type);
       if (attribute->attrib.ulValueLen != requiredLen) {
           sftk_FreeAttribute(attribute);
           return CKR_KEY_SIZE_RANGE;
       }
       sftk_FormatDESKey((unsigned char*)attribute->attrib.pValue,
                                           attribute->attrib.ulValueLen);
       sftk_FreeAttribute(attribute);
       break;
    default:
       break;
    }

    return crv;
}

Here is the call graph for this function:

Here is the caller graph for this function:


Variable Documentation

Definition at line 53 of file softkver.c.

Definition at line 55 of file softkver.c.

char* libraryDescription = "NSS Internal Crypto Services " [static]

Definition at line 81 of file pkcs11.c.

char libraryDescription_space[33] [static]

Definition at line 82 of file pkcs11.c.

Definition at line 88 of file pkcs11.c.

char* manufacturerID = "Mozilla Foundation " [static]

Definition at line 79 of file pkcs11.c.

char manufacturerID_space[33] [static]

Definition at line 80 of file pkcs11.c.

const CK_ULONG mechanismCount = sizeof(mechanisms)/sizeof(mechanisms[0]) [static]

Definition at line 454 of file pkcs11.c.

struct mechanismList[] [static]

Definition at line 250 of file pkcs11.c.

PRBool nsc_init = PR_FALSE [static]

Definition at line 2977 of file pkcs11.c.

CK_ULONG nscSlotCount[2] = {0 , 0} [static]

Definition at line 2399 of file pkcs11.c.

Definition at line 2402 of file pkcs11.c.

CK_SLOT_ID_PTR nscSlotList[2] = {NULL, NULL} [static]

Definition at line 2400 of file pkcs11.c.

CK_ULONG nscSlotListSize[2] = {0, 0} [static]

Definition at line 2401 of file pkcs11.c.

const unsigned char parityTable[256] [static]

Definition at line 188 of file pkcs11.c.

Definition at line 129 of file pkcs11.c.

Initial value:
 sizeof(sftk_desWeakTable)/
                                          sizeof(sftk_desWeakTable[0])

Definition at line 183 of file pkcs11.c.

Definition at line 109 of file pkcs11.c.