Back to index

lightning-sunbird  0.9+nobinonly
Functions
pk11priv.h File Reference
#include "plarena.h"
#include "seccomon.h"
#include "secoidt.h"
#include "secdert.h"
#include "keyt.h"
#include "certt.h"
#include "pkcs11t.h"
#include "secmodt.h"
#include "pkcs7t.h"
#include "cmsreclist.h"
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

SEC_BEGIN_PROTOS PK11SlotList * PK11_NewSlotList (void)
PK11SlotList * PK11_GetPrivateKeyTokens (CK_MECHANISM_TYPE type, PRBool needRW, void *wincx)
SECStatus PK11_AddSlotToList (PK11SlotList *list, PK11SlotInfo *slot)
SECStatus PK11_DeleteSlotFromList (PK11SlotList *list, PK11SlotListElement *le)
PK11SlotListElement * PK11_FindSlotElement (PK11SlotList *list, PK11SlotInfo *slot)
PK11SlotInfo * PK11_FindSlotBySerial (char *serial)
CK_OBJECT_HANDLE PK11_CopyKey (PK11SlotInfo *slot, CK_OBJECT_HANDLE srcObject)
SECStatus PK11_ReadAttribute (PK11SlotInfo *slot, CK_OBJECT_HANDLE id, CK_ATTRIBUTE_TYPE type, PRArenaPool *arena, SECItem *result)
CK_ULONG PK11_ReadULongAttribute (PK11SlotInfo *slot, CK_OBJECT_HANDLE id, CK_ATTRIBUTE_TYPE type)
char * PK11_MakeString (PRArenaPool *arena, char *space, char *staticSring, int stringLen)
int PK11_MapError (CK_RV error)
CK_SESSION_HANDLE PK11_GetRWSession (PK11SlotInfo *slot)
void PK11_RestoreROSession (PK11SlotInfo *slot, CK_SESSION_HANDLE rwsession)
PRBool PK11_RWSessionHasLock (PK11SlotInfo *slot, CK_SESSION_HANDLE session_handle)
PK11SlotInfo * PK11_NewSlotInfo (SECMODModule *mod)
void PK11_EnterSlotMonitor (PK11SlotInfo *)
void PK11_ExitSlotMonitor (PK11SlotInfo *)
void PK11_CleanKeyList (PK11SlotInfo *slot)
SECStatus PK11_DoPassword (PK11SlotInfo *slot, PRBool loadCerts, void *wincx)
SECStatus PK11_VerifyPW (PK11SlotInfo *slot, char *pw)
void PK11_HandlePasswordCheck (PK11SlotInfo *slot, void *wincx)
void PK11_SetVerifyPasswordFunc (PK11VerifyPasswordFunc func)
void PK11_SetIsLoggedInFunc (PK11IsLoggedInFunc func)
SECStatus PK11_InitSlotLists (void)
void PK11_DestroySlotLists (void)
PK11SlotList * PK11_GetSlotList (CK_MECHANISM_TYPE type)
void PK11_LoadSlotList (PK11SlotInfo *slot, PK11PreSlotInfo *psi, int count)
void PK11_ClearSlotList (PK11SlotInfo *slot)
PRBool PK11_VerifyMechanism (PK11SlotInfo *slot, PK11SlotInfo *intern, CK_MECHANISM_TYPE mech, SECItem *data, SECItem *iv)
PRBool PK11_VerifySlotMechanisms (PK11SlotInfo *slot)
SECStatus pk11_CheckVerifyTest (PK11SlotInfo *slot)
SECStatus PK11_InitToken (PK11SlotInfo *slot, PRBool loadCerts)
void PK11_InitSlot (SECMODModule *mod, CK_SLOT_ID slotID, PK11SlotInfo *slot)
PRBool PK11_NeedPWInitForSlot (PK11SlotInfo *slot)
SECStatus PK11_ReadSlotCerts (PK11SlotInfo *slot)
void PK11_AddMechanismEntry (CK_MECHANISM_TYPE type, CK_KEY_TYPE key, CK_MECHANISM_TYPE keygen, int ivLen, int blocksize)
CK_MECHANISM_TYPE PK11_GetKeyMechanism (CK_KEY_TYPE type)
CK_MECHANISM_TYPE PK11_GetKeyGenWithSize (CK_MECHANISM_TYPE type, int size)
PK11SymKey * PK11_GenDES3TokenKey (PK11SlotInfo *slot, SECItem *keyid, void *cx)
SECKEYPublicKey * PK11_ExtractPublicKey (PK11SlotInfo *slot, KeyType keyType, CK_OBJECT_HANDLE id)
CK_OBJECT_HANDLE PK11_FindObjectForCert (CERTCertificate *cert, void *wincx, PK11SlotInfo **pSlot)
PK11SymKey * pk11_CopyToSlot (PK11SlotInfo *slot, CK_MECHANISM_TYPE type, CK_ATTRIBUTE_TYPE operation, PK11SymKey *symKey)
SECStatus PK11_TraversePrivateKeysInSlot (PK11SlotInfo *slot, SECStatus(*callback)(SECKEYPrivateKey *, void *), void *arg)
SECKEYPrivateKey * PK11_FindPrivateKeyFromNickname (char *nickname, void *wincx)
CK_OBJECT_HANDLEPK11_FindObjectsFromNickname (char *nickname, PK11SlotInfo **slotptr, CK_OBJECT_CLASS objclass, int *returnCount, void *wincx)
CK_OBJECT_HANDLE PK11_MatchItem (PK11SlotInfo *slot, CK_OBJECT_HANDLE peer, CK_OBJECT_CLASS o_class)
CK_BBOOL PK11_HasAttributeSet (PK11SlotInfo *slot, CK_OBJECT_HANDLE id, CK_ATTRIBUTE_TYPE type)
CK_RV PK11_GetAttributes (PRArenaPool *arena, PK11SlotInfo *slot, CK_OBJECT_HANDLE obj, CK_ATTRIBUTE *attr, int count)
int PK11_NumberCertsForCertSubject (CERTCertificate *cert)
SECStatus PK11_TraverseCertsForSubject (CERTCertificate *cert, SECStatus(*callback)(CERTCertificate *, void *), void *arg)
CERTCertificate * PK11_FindCertFromDERCertItem (PK11SlotInfo *slot, SECItem *derCert, void *wincx)
CERTCertificate * PK11_FindCertFromDERSubjectAndNickname (PK11SlotInfo *slot, CERTCertificate *cert, char *nickname, void *wincx)
SECStatus PK11_GetKEAMatchedCerts (PK11SlotInfo *slot1, PK11SlotInfo *slot2, CERTCertificate **cert1, CERTCertificate **cert2)
SECStatus PK11_TraverseCertsInSlot (PK11SlotInfo *slot, SECStatus(*callback)(CERTCertificate *, void *), void *arg)
SECStatus PK11_LookupCrls (CERTCrlHeadNode *nodes, int type, void *wincx)
PK11Context * PK11_CreateContextByRawKey (PK11SlotInfo *slot, CK_MECHANISM_TYPE type, PK11Origin origin, CK_ATTRIBUTE_TYPE operation, SECItem *key, SECItem *param, void *wincx)
PRBool PK11_HashOK (SECOidTag hashAlg)
SECItem * PK11_FindCrlByName (PK11SlotInfo **slot, CK_OBJECT_HANDLE *handle, SECItem *derName, int type, char **url)
CK_OBJECT_HANDLE PK11_PutCrl (PK11SlotInfo *slot, SECItem *crl, SECItem *name, char *url, int type)
SECItem * PK11_FindSMimeProfile (PK11SlotInfo **slotp, char *emailAddr, SECItem *derSubj, SECItem **profileTime)
SECStatus PK11_SaveSMimeProfile (PK11SlotInfo *slot, char *emailAddr, SECItem *derSubj, SECItem *emailProfile, SECItem *profileTime)
PRBool PK11_IsPermObject (PK11SlotInfo *slot, CK_OBJECT_HANDLE handle)
char * PK11_GetObjectNickname (PK11SlotInfo *slot, CK_OBJECT_HANDLE id)
SECStatus PK11_SetObjectNickname (PK11SlotInfo *slot, CK_OBJECT_HANDLE id, const char *nickname)
SECStatus pk11_TraverseAllSlots (SECStatus(*callback)(PK11SlotInfo *, void *), void *cbArg, PRBool forceLogin, void *pwArg)
SECStatus pk11_RetrieveCrls (CERTCrlHeadNode *nodes, SECItem *issuer, void *wincx)
SECStatus pk11_setGlobalOptions (PRBool noSingleThreadedModules, PRBool allowAlreadyInitializedModules, PRBool dontFinalizeModules)
PRBool pk11_getFinalizeModulesOption (void)

Function Documentation

void PK11_AddMechanismEntry ( CK_MECHANISM_TYPE  type,
CK_KEY_TYPE  key,
CK_MECHANISM_TYPE  keygen,
int  ivLen,
int  blocksize 
)

Definition at line 140 of file pk11mech.c.

{
    int tableSize = pk11_MechTableSize;
    int size = pk11_MechEntrySize;
    int entry = size++;
    pk11MechanismData *old = pk11_MechanismTable;
    pk11MechanismData *newt = pk11_MechanismTable;

       
    if (size > tableSize) {
       int oldTableSize = tableSize;
       tableSize += 10;
       newt = PORT_NewArray(pk11MechanismData, tableSize);
       if (newt == NULL) return;

       if (old) PORT_Memcpy(newt, old, oldTableSize*sizeof(*newt));
    } else old = NULL;

    newt[entry].type = type;
    newt[entry].keyType = key;
    newt[entry].keyGen = keyGen;
    newt[entry].iv = ivLen;
    newt[entry].blockSize = blockSize;

    pk11_MechanismTable = newt;
    pk11_MechTableSize = tableSize;
    pk11_MechEntrySize = size;
    if (old) PORT_Free(old);
}
SECStatus PK11_AddSlotToList ( PK11SlotList *  list,
PK11SlotInfo *  slot 
)

Definition at line 202 of file pk11slot.c.

{
    PK11SlotListElement *le;

    le = (PK11SlotListElement *) PORT_Alloc(sizeof(PK11SlotListElement));
    if (le == NULL) return SECFailure;

    le->slot = PK11_ReferenceSlot(slot);
    le->prev = NULL;
    le->refCount = 1;
    PZ_Lock(list->lock);
    if (list->head) list->head->prev = le; else list->tail = le;
    le->next = list->head;
    list->head = le;
    PZ_Unlock(list->lock);

    return SECSuccess;
}

Here is the caller graph for this function:

SECStatus pk11_CheckVerifyTest ( PK11SlotInfo *  slot)

Definition at line 1172 of file pk11slot.c.

Here is the caller graph for this function:

void PK11_CleanKeyList ( PK11SlotInfo *  slot)

Definition at line 144 of file pk11skey.c.

{
    PK11SymKey *symKey = NULL;

    while (slot->freeSymKeysWithSessionHead) {
       symKey = slot->freeSymKeysWithSessionHead;
       slot->freeSymKeysWithSessionHead = symKey->next;
       pk11_CloseSession(slot, symKey->session, symKey->sessionOwner);
       PORT_Free(symKey);
    }
    while (slot->freeSymKeysHead) {
       symKey = slot->freeSymKeysHead;
       slot->freeSymKeysHead = symKey->next;
       pk11_CloseSession(slot, symKey->session, symKey->sessionOwner);
       PORT_Free(symKey);
    }
    return;
}

Here is the caller graph for this function:

void PK11_ClearSlotList ( PK11SlotInfo *  slot)

Definition at line 957 of file pk11slot.c.

{
    int i;

    if (slot->disabled) return;
    if (slot->defaultFlags == 0) return;

    for (i=0; i < num_pk11_default_mechanisms; i++) {
       if (slot->defaultFlags & PK11_DefaultArray[i].flag) {
           CK_MECHANISM_TYPE mechanism = PK11_DefaultArray[i].mechanism;
           PK11SlotList *slotList = PK11_GetSlotList(mechanism);
           PK11SlotListElement *le = NULL;

           if (slotList) le = PK11_FindSlotElement(slotList,slot);

           if (le) {
              PK11_DeleteSlotFromList(slotList,le);
              PK11_FreeSlotListElement(slotList,le);
           }
       }
    }
}

Here is the caller graph for this function:

CK_OBJECT_HANDLE PK11_CopyKey ( PK11SlotInfo *  slot,
CK_OBJECT_HANDLE  srcObject 
)

Definition at line 595 of file pk11obj.c.

{
    CK_OBJECT_HANDLE destObject;
    CK_RV crv;

    PK11_EnterSlotMonitor(slot);
    crv = PK11_GETTAB(slot)->C_CopyObject(slot->session,srcObject,NULL,0,
                            &destObject);
    PK11_ExitSlotMonitor(slot);
    if (crv == CKR_OK) return destObject;
    PORT_SetError( PK11_MapError(crv) );
    return CK_INVALID_HANDLE;
}
PK11SymKey* pk11_CopyToSlot ( PK11SlotInfo *  slot,
CK_MECHANISM_TYPE  type,
CK_ATTRIBUTE_TYPE  operation,
PK11SymKey *  symKey 
)

Definition at line 835 of file pk11skey.c.

{
   return pk11_CopyToSlotPerm(slot, type, operation, 0, PR_FALSE, symKey);
}

Here is the caller graph for this function:

PK11Context* PK11_CreateContextByRawKey ( PK11SlotInfo *  slot,
CK_MECHANISM_TYPE  type,
PK11Origin  origin,
CK_ATTRIBUTE_TYPE  operation,
SECItem *  key,
SECItem *  param,
void wincx 
)

Definition at line 360 of file pk11cxt.c.

{
    return __PK11_CreateContextByRawKey(slot, type, origin, operation,
                                        key, param, wincx);
}
SECStatus PK11_DeleteSlotFromList ( PK11SlotList *  list,
PK11SlotListElement *  le 
)

Definition at line 225 of file pk11slot.c.

{
    PZ_Lock(list->lock);
    if (le->prev) le->prev->next = le->next; else list->head = le->next;
    if (le->next) le->next->prev = le->prev; else list->tail = le->prev;
    le->next = le->prev = NULL;
    PZ_Unlock(list->lock);
    PK11_FreeSlotListElement(list,le);
    return SECSuccess;
}

Here is the caller graph for this function:

SECStatus PK11_DoPassword ( PK11SlotInfo *  slot,
PRBool  loadCerts,
void wincx 
)

Definition at line 522 of file pk11auth.c.

{
    SECStatus rv = SECFailure;
    char * password;
    PRBool attempt = PR_FALSE;

    if (PK11_NeedUserInit(slot)) {
       PORT_SetError(SEC_ERROR_IO);
       return SECFailure;
    }


    /*
     * Central server type applications which control access to multiple
     * slave applications to single crypto devices need to virtuallize the
     * login state. This is done by a callback out of PK11_IsLoggedIn and
     * here. If we are actually logged in, then we got here because the
     * higher level code told us that the particular client application may
     * still need to be logged in. If that is the case, we simply tell the
     * server code that it should now verify the clients password and tell us
     * the results.
     */
    if (PK11_IsLoggedIn(slot,NULL) && 
                     (PK11_Global.verifyPass != NULL)) {
       if (!PK11_Global.verifyPass(slot,wincx)) {
           PORT_SetError(SEC_ERROR_BAD_PASSWORD);
           return SECFailure;
       }
       return SECSuccess;
    }

    /* get the password. This can drop out of the while loop
     * for the following reasons:
     *        (1) the user refused to enter a password. 
     *               (return error to caller)
     * (2) the token user password is disabled [usually due to
     *    too many failed authentication attempts].
     *               (return error to caller)
     * (3) the password was successful.
     */
    while ((password = pk11_GetPassword(slot, attempt, wincx)) != NULL) {
       /* if the token has a protectedAuthPath, the application may have
         * already issued the C_Login as part of it's pk11_GetPassword call.
         * In this case the application will tell us what the results were in 
         * the password value (retry or the authentication was successful) so
        * we can skip our own C_Login call (which would force the token to
        * try to login again).
        * 
        * Applications that don't know about protectedAuthPath will return a 
        * password, which we will ignore and trigger the token to 
        * 'authenticate' itself anyway. Hopefully the blinking display on 
        * the reader, or the flashing light under the thumbprint reader will 
        * attract the user's attention */
       attempt = PR_TRUE;
       if (slot->protectedAuthPath) {
           /* application tried to authenticate and failed. it wants to try
            * again, continue looping */
           if (strcmp(password, PK11_PW_RETRY) == 0) {
              rv = SECWouldBlock;
              PORT_Free(password);
              continue;
           }
           /* applicaton tried to authenticate and succeeded we're done */
           if (strcmp(password, PK11_PW_AUTHENTICATED) == 0) {
              rv = SECSuccess;
              PORT_Free(password);
              break;
           }
       }
       rv = pk11_CheckPassword(slot,password);
       PORT_Memset(password, 0, PORT_Strlen(password));
       PORT_Free(password);
       if (rv != SECWouldBlock) break;
    }
    if (rv == SECSuccess) {
       rv = pk11_CheckVerifyTest(slot);
       if (!PK11_IsFriendly(slot)) {
           nssTrustDomain_UpdateCachedTokenCerts(slot->nssToken->trustDomain,
                                             slot->nssToken);
       }
    } else if (!attempt) PORT_SetError(SEC_ERROR_BAD_PASSWORD);
    return rv;
}
void PK11_EnterSlotMonitor ( PK11SlotInfo *  )

Definition at line 464 of file pk11slot.c.

                                          {
    PZ_Lock(slot->sessionLock);
}
void PK11_ExitSlotMonitor ( PK11SlotInfo *  )

Definition at line 469 of file pk11slot.c.

                                         {
    PZ_Unlock(slot->sessionLock);
}
SECKEYPublicKey* PK11_ExtractPublicKey ( PK11SlotInfo *  slot,
KeyType  keyType,
CK_OBJECT_HANDLE  id 
)

Definition at line 210 of file pk11akey.c.

{
    CK_OBJECT_CLASS keyClass = CKO_PUBLIC_KEY;
    PRArenaPool *arena;
    PRArenaPool *tmp_arena;
    SECKEYPublicKey *pubKey;
    int templateCount = 0;
    CK_KEY_TYPE pk11KeyType;
    CK_RV crv;
    CK_ATTRIBUTE template[8];
    CK_ATTRIBUTE *attrs= template;
    CK_ATTRIBUTE *modulus,*exponent,*base,*prime,*subprime,*value;
    CK_ATTRIBUTE *ecparams;

    /* if we didn't know the key type, get it */
    if (keyType== nullKey) {

        pk11KeyType = PK11_ReadULongAttribute(slot,id,CKA_KEY_TYPE);
       if (pk11KeyType ==  CK_UNAVAILABLE_INFORMATION) {
           return NULL;
       }
       switch (pk11KeyType) {
       case CKK_RSA:
           keyType = rsaKey;
           break;
       case CKK_DSA:
           keyType = dsaKey;
           break;
       case CKK_DH:
           keyType = dhKey;
           break;
       case CKK_EC:
           keyType = ecKey;
           break;
       default:
           PORT_SetError( SEC_ERROR_BAD_KEY );
           return NULL;
       }
    }


    /* now we need to create space for the public key */
    arena = PORT_NewArena( DER_DEFAULT_CHUNKSIZE);
    if (arena == NULL) return NULL;
    tmp_arena = PORT_NewArena( DER_DEFAULT_CHUNKSIZE);
    if (tmp_arena == NULL) {
       PORT_FreeArena (arena, PR_FALSE);
       return NULL;
    }


    pubKey = (SECKEYPublicKey *) 
                     PORT_ArenaZAlloc(arena, sizeof(SECKEYPublicKey));
    if (pubKey == NULL) {
       PORT_FreeArena (arena, PR_FALSE);
       PORT_FreeArena (tmp_arena, PR_FALSE);
       return NULL;
    }

    pubKey->arena = arena;
    pubKey->keyType = keyType;
    pubKey->pkcs11Slot = PK11_ReferenceSlot(slot);
    pubKey->pkcs11ID = id;
    PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, 
                                          sizeof(keyClass)); attrs++;
    PK11_SETATTRS(attrs, CKA_KEY_TYPE, &pk11KeyType, 
                                          sizeof(pk11KeyType) ); attrs++;
    switch (pubKey->keyType) {
    case rsaKey:
       modulus = attrs;
       PK11_SETATTRS(attrs, CKA_MODULUS, NULL, 0); attrs++; 
       exponent = attrs;
       PK11_SETATTRS(attrs, CKA_PUBLIC_EXPONENT, NULL, 0); attrs++; 

       templateCount = attrs - template;
       PR_ASSERT(templateCount <= sizeof(template)/sizeof(CK_ATTRIBUTE));
       crv = PK11_GetAttributes(tmp_arena,slot,id,template,templateCount);
       if (crv != CKR_OK) break;

       if ((keyClass != CKO_PUBLIC_KEY) || (pk11KeyType != CKK_RSA)) {
           crv = CKR_OBJECT_HANDLE_INVALID;
           break;
       } 
       crv = pk11_Attr2SecItem(arena,modulus,&pubKey->u.rsa.modulus);
       if (crv != CKR_OK) break;
       crv = pk11_Attr2SecItem(arena,exponent,&pubKey->u.rsa.publicExponent);
       if (crv != CKR_OK) break;
       break;
    case dsaKey:
       prime = attrs;
       PK11_SETATTRS(attrs, CKA_PRIME, NULL, 0); attrs++; 
       subprime = attrs;
       PK11_SETATTRS(attrs, CKA_SUBPRIME, NULL, 0); attrs++; 
       base = attrs;
       PK11_SETATTRS(attrs, CKA_BASE, NULL, 0); attrs++; 
       value = attrs;
       PK11_SETATTRS(attrs, CKA_VALUE, NULL, 0); attrs++; 
       templateCount = attrs - template;
       PR_ASSERT(templateCount <= sizeof(template)/sizeof(CK_ATTRIBUTE));
       crv = PK11_GetAttributes(tmp_arena,slot,id,template,templateCount);
       if (crv != CKR_OK) break;

       if ((keyClass != CKO_PUBLIC_KEY) || (pk11KeyType != CKK_DSA)) {
           crv = CKR_OBJECT_HANDLE_INVALID;
           break;
       } 
       crv = pk11_Attr2SecItem(arena,prime,&pubKey->u.dsa.params.prime);
       if (crv != CKR_OK) break;
       crv = pk11_Attr2SecItem(arena,subprime,&pubKey->u.dsa.params.subPrime);
       if (crv != CKR_OK) break;
       crv = pk11_Attr2SecItem(arena,base,&pubKey->u.dsa.params.base);
       if (crv != CKR_OK) break;
       crv = pk11_Attr2SecItem(arena,value,&pubKey->u.dsa.publicValue);
       if (crv != CKR_OK) break;
       break;
    case dhKey:
       prime = attrs;
       PK11_SETATTRS(attrs, CKA_PRIME, NULL, 0); attrs++; 
       base = attrs;
       PK11_SETATTRS(attrs, CKA_BASE, NULL, 0); attrs++; 
       value =attrs;
       PK11_SETATTRS(attrs, CKA_VALUE, NULL, 0); attrs++; 
       templateCount = attrs - template;
       PR_ASSERT(templateCount <= sizeof(template)/sizeof(CK_ATTRIBUTE));
       crv = PK11_GetAttributes(tmp_arena,slot,id,template,templateCount);
       if (crv != CKR_OK) break;

       if ((keyClass != CKO_PUBLIC_KEY) || (pk11KeyType != CKK_DH)) {
           crv = CKR_OBJECT_HANDLE_INVALID;
           break;
       } 
       crv = pk11_Attr2SecItem(arena,prime,&pubKey->u.dh.prime);
       if (crv != CKR_OK) break;
       crv = pk11_Attr2SecItem(arena,base,&pubKey->u.dh.base);
       if (crv != CKR_OK) break;
       crv = pk11_Attr2SecItem(arena,value,&pubKey->u.dh.publicValue);
       if (crv != CKR_OK) break;
       break;
    case ecKey:
       pubKey->u.ec.size = 0;
       ecparams = attrs;
       PK11_SETATTRS(attrs, CKA_EC_PARAMS, NULL, 0); attrs++; 
       value =attrs;
       PK11_SETATTRS(attrs, CKA_EC_POINT, NULL, 0); attrs++; 
       templateCount = attrs - template;
       PR_ASSERT(templateCount <= sizeof(template)/sizeof(CK_ATTRIBUTE));
       crv = PK11_GetAttributes(tmp_arena,slot,id,template,templateCount);
       if (crv != CKR_OK) break;

       if ((keyClass != CKO_PUBLIC_KEY) || (pk11KeyType != CKK_EC)) {
           crv = CKR_OBJECT_HANDLE_INVALID;
           break;
       } 

       crv = pk11_Attr2SecItem(arena,ecparams,
                               &pubKey->u.ec.DEREncodedParams);
       if (crv != CKR_OK) break;
       crv = pk11_Attr2SecItem(arena,value,&pubKey->u.ec.publicValue);
       if (crv != CKR_OK) break;
       break;
    case fortezzaKey:
    case nullKey:
    default:
       crv = CKR_OBJECT_HANDLE_INVALID;
       break;
    }

    PORT_FreeArena(tmp_arena,PR_FALSE);

    if (crv != CKR_OK) {
       PORT_FreeArena(arena,PR_FALSE);
       PK11_FreeSlot(slot);
       PORT_SetError( PK11_MapError(crv) );
       return NULL;
    }

    return pubKey;
}
CERTCertificate* PK11_FindCertFromDERCertItem ( PK11SlotInfo *  slot,
SECItem *  derCert,
void wincx 
)

Definition at line 1928 of file pk11cert.c.

{
    NSSCertificate *c;
    NSSDER derCert;
    NSSToken *tok;
    NSSTrustDomain *td = STAN_GetDefaultTrustDomain();
    SECStatus rv;

    tok = PK11Slot_GetNSSToken(slot);
    NSSITEM_FROM_SECITEM(&derCert, inDerCert);
    rv = pk11_AuthenticateUnfriendly(slot, PR_TRUE, wincx);
    if (rv != SECSuccess) {
       PK11_FreeSlot(slot);
       return NULL;
    }
    c = NSSTrustDomain_FindCertificateByEncodedCertificate(td, &derCert);
    if (c) {
       PRBool isToken = PR_FALSE;
       NSSToken **tp;
       NSSToken **tokens = nssPKIObject_GetTokens(&c->object, NULL);
       if (tokens) {
           for (tp = tokens; *tp; tp++) {
              if (*tp == tok) {
                  isToken = PR_TRUE;
                  break;
              }
           }
           if (!isToken) {
              NSSCertificate_Destroy(c);
              c = NULL;
           }
           nssTokenArray_Destroy(tokens);
       }
    }
    return c ? STAN_GetCERTCertificateOrRelease(c) : NULL;
} 
CERTCertificate* PK11_FindCertFromDERSubjectAndNickname ( PK11SlotInfo *  slot,
CERTCertificate *  cert,
char *  nickname,
void wincx 
)

Definition at line 1972 of file pk11cert.c.

{
    CK_OBJECT_CLASS certClass = CKO_CERTIFICATE;
    CK_ATTRIBUTE theTemplate[] = {
       { CKA_SUBJECT, NULL, 0 },
       { CKA_LABEL, NULL, 0 },
       { CKA_CLASS, NULL, 0 }
    };
    /* if you change the array, change the variable below as well */
    int tsize = sizeof(theTemplate)/sizeof(theTemplate[0]);
    CK_OBJECT_HANDLE certh;
    CK_ATTRIBUTE *attrs = theTemplate;
    SECStatus rv;

    PK11_SETATTRS(attrs, CKA_SUBJECT, cert->derSubject.data, 
                                          cert->derSubject.len); attrs++;
    PK11_SETATTRS(attrs, CKA_LABEL, nickname, PORT_Strlen(nickname));
    PK11_SETATTRS(attrs, CKA_CLASS, &certClass, sizeof(certClass));

    /*
     * issue the find
     */
    rv = pk11_AuthenticateUnfriendly(slot, PR_TRUE, wincx);
    if (rv != SECSuccess) return NULL;

    certh = pk11_getcerthandle(slot,cert,theTemplate,tsize);
    if (certh == CK_INVALID_HANDLE) {
       return NULL;
    }

    return PK11_MakeCertFromHandle(slot, certh, NULL);
}
SECItem* PK11_FindCrlByName ( PK11SlotInfo **  slot,
CK_OBJECT_HANDLE handle,
SECItem *  derName,
int  type,
char **  url 
)

Definition at line 428 of file pk11nobj.c.

{
    NSSCRL **crls, **crlp, *crl = NULL;
    NSSDER subject;
    SECItem *rvItem;
    NSSTrustDomain *td = STAN_GetDefaultTrustDomain();
    char * url = NULL;

    PORT_SetError(0);
    NSSITEM_FROM_SECITEM(&subject, name);
    if (*slot) {
       nssCryptokiObject **instances;
       nssPKIObjectCollection *collection;
       nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
       NSSToken *token = PK11Slot_GetNSSToken(*slot);
       collection = nssCRLCollection_Create(td, NULL);
       if (!collection) {
           goto loser;
       }
       instances = nssToken_FindCRLsBySubject(token, NULL, &subject, 
                                              tokenOnly, 0, NULL);
       nssPKIObjectCollection_AddInstances(collection, instances, 0);
       nss_ZFreeIf(instances);
       crls = nssPKIObjectCollection_GetCRLs(collection, NULL, 0, NULL);
       nssPKIObjectCollection_Destroy(collection);
    } else {
       crls = nssTrustDomain_FindCRLsBySubject(td, &subject);
    }
    if ((!crls) || (*crls == NULL)) {
       if (crls) {
           nssCRLArray_Destroy(crls);
       }
       if (NSS_GetError() == NSS_ERROR_NOT_FOUND) {
           PORT_SetError(SEC_ERROR_CRL_NOT_FOUND);
       }
       goto loser;
    }
    for (crlp = crls; *crlp; crlp++) {
       if ((!(*crlp)->isKRL && type == SEC_CRL_TYPE) ||
           ((*crlp)->isKRL && type != SEC_CRL_TYPE)) 
       {
           crl = nssCRL_AddRef(*crlp);
           break;
       }
    }
    nssCRLArray_Destroy(crls);
    if (!crl) { 
       /* CRL collection was found, but no interesting CRL's were on it.
        * Not an error */
       PORT_SetError(SEC_ERROR_CRL_NOT_FOUND);
       goto loser;
    }
    if (crl->url) {
       url = PORT_Strdup(crl->url);
       if (!url) {
           goto loser;
       }
    }
    rvItem = SECITEM_AllocItem(NULL, NULL, crl->encoding.size);
    if (!rvItem) {
       goto loser;
    }
    memcpy(rvItem->data, crl->encoding.data, crl->encoding.size);
    *slot = PK11_ReferenceSlot(crl->object.instances[0]->token->pk11slot);
    *crlHandle = crl->object.instances[0]->handle;
    *pUrl = url;
    nssCRL_Destroy(crl);
    return rvItem;

loser:
    if (url)
       PORT_Free(url);
    if (crl)
       nssCRL_Destroy(crl);
    if (PORT_GetError() == 0) {
       PORT_SetError(SEC_ERROR_CRL_NOT_FOUND);
    }
    return NULL;
}
CK_OBJECT_HANDLE PK11_FindObjectForCert ( CERTCertificate *  cert,
void wincx,
PK11SlotInfo **  pSlot 
)

Definition at line 1578 of file pk11cert.c.

{
    CK_OBJECT_HANDLE certHandle;
    CK_ATTRIBUTE searchTemplate    = { CKA_VALUE, NULL, 0 };
    
    PK11_SETATTRS(&searchTemplate, CKA_VALUE, cert->derCert.data,
                cert->derCert.len);

    if (cert->slot) {
       certHandle = pk11_getcerthandle(cert->slot,cert,&searchTemplate,1);
       if (certHandle != CK_INVALID_HANDLE) {
           *pSlot = PK11_ReferenceSlot(cert->slot);
           return certHandle;
       }
    }

    certHandle = pk11_FindCertObjectByTemplate(pSlot,&searchTemplate,1,wincx);
    if (certHandle != CK_INVALID_HANDLE) {
       if (cert->slot == NULL) {
           cert->slot = PK11_ReferenceSlot(*pSlot);
           cert->pkcs11ID = certHandle;
           cert->ownSlot = PR_TRUE;
           cert->series = cert->slot->series;
       }
    }

    return(certHandle);
}
CK_OBJECT_HANDLE* PK11_FindObjectsFromNickname ( char *  nickname,
PK11SlotInfo **  slotptr,
CK_OBJECT_CLASS  objclass,
int returnCount,
void wincx 
)

Definition at line 1605 of file pk11obj.c.

{
    char *tokenName;
    char *delimit;
    PK11SlotInfo *slot;
    CK_OBJECT_HANDLE *objID;
    CK_ATTRIBUTE findTemplate[] = {
        { CKA_LABEL, NULL, 0},
        { CKA_CLASS, NULL, 0},
    };
    int findCount = sizeof(findTemplate)/sizeof(findTemplate[0]);
    SECStatus rv;
    PK11_SETATTRS(&findTemplate[1], CKA_CLASS, &objclass, sizeof(objclass));

    *slotptr = slot = NULL;
    *returnCount = 0;
    /* first find the slot associated with this nickname */
    if ((delimit = PORT_Strchr(nickname,':')) != NULL) {
       int len = delimit - nickname;
       tokenName = (char*)PORT_Alloc(len+1);
       PORT_Memcpy(tokenName,nickname,len);
       tokenName[len] = 0;

        slot = *slotptr = PK11_FindSlotByName(tokenName);
        PORT_Free(tokenName);
       /* if we couldn't find a slot, assume the nickname is an internal cert
        * with no proceding slot name */
       if (slot == NULL) {
              slot = *slotptr = PK11_GetInternalKeySlot();
       } else {
              nickname = delimit+1;
       }
    } else {
       *slotptr = slot = PK11_GetInternalKeySlot();
    }
    if (slot == NULL) {
        return CK_INVALID_HANDLE;
    }

    rv = pk11_AuthenticateUnfriendly(slot, PR_TRUE, wincx);
    if (rv != SECSuccess) {
       PK11_FreeSlot(slot);
       *slotptr = NULL;
       return CK_INVALID_HANDLE;
    }

    findTemplate[0].pValue = nickname;
    findTemplate[0].ulValueLen = PORT_Strlen(nickname);
    objID = pk11_FindObjectsByTemplate(slot,findTemplate,findCount,returnCount);
    if (objID == NULL) {
       /* PKCS #11 isn't clear on whether or not the NULL is
        * stored in the template.... try the find again with the
        * full null terminated string. */
       findTemplate[0].ulValueLen += 1;
        objID = pk11_FindObjectsByTemplate(slot,findTemplate,findCount,
                                                        returnCount);
       if (objID == NULL) {
           /* Well that's the best we can do. It's just not here */
           /* what about faked nicknames? */
           PK11_FreeSlot(slot);
           *slotptr = NULL;
           *returnCount = 0;
       }
    }

    return objID;
}
SECKEYPrivateKey* PK11_FindPrivateKeyFromNickname ( char *  nickname,
void wincx 
)
PK11SlotInfo* PK11_FindSlotBySerial ( char *  serial)

Definition at line 617 of file pk11slot.c.

{
   SECMODModuleList *mlp;
   SECMODModuleList *modules = SECMOD_GetDefaultModuleList();
   SECMODListLock *moduleLock = SECMOD_GetDefaultModuleListLock();
   int i;
   PK11SlotInfo *slot = NULL;

   /* work through all the slots */
   SECMOD_GetReadLock(moduleLock);
   for(mlp = modules; mlp != NULL; mlp = mlp->next) {
       for (i=0; i < mlp->module->slotCount; i++) {
           PK11SlotInfo *tmpSlot = mlp->module->slots[i];
           if (PK11_IsPresent(tmpSlot)) {
              if (PORT_Memcmp(tmpSlot->serial,serial,
                                   sizeof(tmpSlot->serial)) == 0) {
                  slot = PK11_ReferenceSlot(tmpSlot);
                  break;
              }
           }
       }
       if (slot != NULL) break;
    }
    SECMOD_ReleaseReadLock(moduleLock);

    if (slot == NULL) {
       PORT_SetError(SEC_ERROR_NO_TOKEN);
    }

    return slot;
}
PK11SlotListElement* PK11_FindSlotElement ( PK11SlotList *  list,
PK11SlotInfo *  slot 
)

Definition at line 328 of file pk11slot.c.

{
    PK11SlotListElement *le;

    for (le = PK11_GetFirstSafe(list); le;
                            le = PK11_GetNextSafe(list,le,PR_TRUE)) {
       if (le->slot == slot) return le;
    }
    return NULL;
}

Here is the caller graph for this function:

SECItem* PK11_FindSMimeProfile ( PK11SlotInfo **  slotp,
char *  emailAddr,
SECItem *  derSubj,
SECItem **  profileTime 
)

Definition at line 569 of file pk11nobj.c.

{
    CK_OBJECT_CLASS smimeClass = CKO_NETSCAPE_SMIME;
    CK_ATTRIBUTE theTemplate[] = {
       { CKA_SUBJECT, NULL, 0 },
       { CKA_CLASS, NULL, 0 },
       { CKA_NETSCAPE_EMAIL, NULL, 0 },
    };
    CK_ATTRIBUTE smimeData[] =  {
       { CKA_SUBJECT, NULL, 0 },
       { CKA_VALUE, NULL, 0 },
    };
    /* if you change the array, change the variable below as well */
    int tsize = sizeof(theTemplate)/sizeof(theTemplate[0]);
    CK_OBJECT_HANDLE smimeh = CK_INVALID_HANDLE;
    CK_ATTRIBUTE *attrs = theTemplate;
    CK_RV crv;
    SECItem *emailProfile = NULL;

    if (!emailAddr || !emailAddr[0]) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       return NULL;
    }

    PK11_SETATTRS(attrs, CKA_SUBJECT, name->data, name->len); attrs++;
    PK11_SETATTRS(attrs, CKA_CLASS, &smimeClass, sizeof(smimeClass)); attrs++;
    PK11_SETATTRS(attrs, CKA_NETSCAPE_EMAIL, emailAddr, strlen(emailAddr)); 
                                                            attrs++;

    if (*slot) {
       smimeh = pk11_FindObjectByTemplate(*slot,theTemplate,tsize);
    } else {
       PK11SlotList *list = PK11_GetAllTokens(CKM_INVALID_MECHANISM,
                                                 PR_FALSE,PR_TRUE,NULL);
       PK11SlotListElement *le;

       /* loop through all the slots */
       for (le = list->head; le; le = le->next) {
           smimeh = pk11_FindObjectByTemplate(le->slot,theTemplate,tsize);
           if (smimeh != CK_INVALID_HANDLE) {
              *slot = PK11_ReferenceSlot(le->slot);
              break;
           }
       }
       PK11_FreeSlotList(list);
    }
    
    if (smimeh == CK_INVALID_HANDLE) {
       PORT_SetError(SEC_ERROR_NO_KRL);
       return NULL;
    }

    if (profileTime) {
       PK11_SETATTRS(smimeData, CKA_NETSCAPE_SMIME_TIMESTAMP, NULL, 0);
    } 
    
    crv = PK11_GetAttributes(NULL,*slot,smimeh,smimeData,2);
    if (crv != CKR_OK) {
       PORT_SetError(PK11_MapError (crv));
       goto loser;
    }

    if (!profileTime) {
       SECItem profileSubject;

       profileSubject.data = (unsigned char*) smimeData[0].pValue;
       profileSubject.len = smimeData[0].ulValueLen;
       if (!SECITEM_ItemsAreEqual(&profileSubject,name)) {
           goto loser;
       }
    }

    emailProfile = (SECItem *)PORT_ZAlloc(sizeof(SECItem));    
    if (emailProfile == NULL) {
       goto loser;
    }

    emailProfile->data = (unsigned char*) smimeData[1].pValue;
    emailProfile->len = smimeData[1].ulValueLen;

    if (profileTime) {
       *profileTime = (SECItem *)PORT_ZAlloc(sizeof(SECItem));    
       if (*profileTime) {
           (*profileTime)->data = (unsigned char*) smimeData[0].pValue;
           (*profileTime)->len = smimeData[0].ulValueLen;
       }
    }

loser:
    if (emailProfile == NULL) {
       if (smimeData[1].pValue) {
           PORT_Free(smimeData[1].pValue);
       }
    }
    if (profileTime == NULL || *profileTime == NULL) {
       if (smimeData[0].pValue) {
           PORT_Free(smimeData[0].pValue);
       }
    }
    return emailProfile;
}
PK11SymKey* PK11_GenDES3TokenKey ( PK11SlotInfo *  slot,
SECItem *  keyid,
void cx 
)

Definition at line 1052 of file pk11skey.c.

{
  return PK11_TokenKeyGen(slot, CKM_DES3_CBC, 0, 0, keyid, PR_TRUE, cx);
}

Here is the caller graph for this function:

CK_RV PK11_GetAttributes ( PRArenaPool arena,
PK11SlotInfo *  slot,
CK_OBJECT_HANDLE  obj,
CK_ATTRIBUTE attr,
int  count 
)

Definition at line 210 of file pk11obj.c.

{
    int i;
    /* make pedantic happy... note that it's only used arena != NULL */ 
    void *mark = NULL; 
    CK_RV crv;
    PORT_Assert(slot->session != CK_INVALID_SESSION);
    if (slot->session == CK_INVALID_SESSION)
       return CKR_SESSION_HANDLE_INVALID;

    /*
     * first get all the lengths of the parameters.
     */
    PK11_EnterSlotMonitor(slot);
    crv = PK11_GETTAB(slot)->C_GetAttributeValue(slot->session,obj,attr,count);
    if (crv != CKR_OK) {
       PK11_ExitSlotMonitor(slot);
       return crv;
    }

    if (arena) {
       mark = PORT_ArenaMark(arena);
       if (mark == NULL) return CKR_HOST_MEMORY;
    }

    /*
     * now allocate space to store the results.
     */
    for (i=0; i < count; i++) {
       if (arena) {
           attr[i].pValue = PORT_ArenaAlloc(arena,attr[i].ulValueLen);
           if (attr[i].pValue == NULL) {
              /* arena failures, just release the mark */
              PORT_ArenaRelease(arena,mark);
              PK11_ExitSlotMonitor(slot);
              return CKR_HOST_MEMORY;
           }
       } else {
           attr[i].pValue = PORT_Alloc(attr[i].ulValueLen);
           if (attr[i].pValue == NULL) {
              /* Separate malloc failures, loop to release what we have 
               * so far */
              int j;
              for (j= 0; j < i; j++) { 
                  PORT_Free(attr[j].pValue);
                  /* don't give the caller pointers to freed memory */
                  attr[j].pValue = NULL; 
              }
              PK11_ExitSlotMonitor(slot);
              return CKR_HOST_MEMORY;
           }
       }
    }

    /*
     * finally get the results.
     */
    crv = PK11_GETTAB(slot)->C_GetAttributeValue(slot->session,obj,attr,count);
    PK11_ExitSlotMonitor(slot);
    if (crv != CKR_OK) {
       if (arena) {
           PORT_ArenaRelease(arena,mark);
       } else {
           for (i= 0; i < count; i++) {
              PORT_Free(attr[i].pValue);
              /* don't give the caller pointers to freed memory */
              attr[i].pValue = NULL;
           }
       }
    } else if (arena && mark) {
       PORT_ArenaUnmark(arena,mark);
    }
    return crv;
}

Definition at line 122 of file pk11load.c.

{
    return finalizeModules;
}
SECStatus PK11_GetKEAMatchedCerts ( PK11SlotInfo *  slot1,
PK11SlotInfo *  slot2,
CERTCertificate **  cert1,
CERTCertificate **  cert2 
)

Definition at line 2176 of file pk11cert.c.

{
    CERTCertificate *returnedCert = NULL;
    int i;

    for (i=0; i < slot1->cert_count; i++) {
       CERTCertificate *cert = slot1->cert_array[i];

       if (PK11_FortezzaHasKEA(cert)) {
           returnedCert = pk11_GetKEAMate(slot2,cert);
           if (returnedCert != NULL) {
              *cert2 = returnedCert;
              *cert1 = CERT_DupCertificate(cert);
              return SECSuccess;
           }
       }
    }
    return SECFailure;
}

Definition at line 413 of file pk11mech.c.

{
    switch (type) {
    case CKM_AES_ECB:
    case CKM_AES_CBC:
    case CKM_AES_MAC:
    case CKM_AES_MAC_GENERAL:
    case CKM_AES_CBC_PAD:
    case CKM_AES_KEY_GEN:
       return CKM_AES_KEY_GEN;
    case CKM_DES_ECB:
    case CKM_DES_CBC:
    case CKM_DES_MAC:
    case CKM_DES_MAC_GENERAL:
    case CKM_KEY_WRAP_LYNKS:
    case CKM_DES_CBC_PAD:
    case CKM_DES_KEY_GEN:
       return CKM_DES_KEY_GEN;
    case CKM_DES3_ECB:
    case CKM_DES3_CBC:
    case CKM_DES3_MAC:
    case CKM_DES3_MAC_GENERAL:
    case CKM_DES3_CBC_PAD:
       return (size == 16) ? CKM_DES2_KEY_GEN : CKM_DES3_KEY_GEN;
    case CKM_DES3_KEY_GEN:
       return CKM_DES3_KEY_GEN;
    case CKM_DES2_KEY_GEN:
       return CKM_DES2_KEY_GEN;
    case CKM_CDMF_ECB:
    case CKM_CDMF_CBC:
    case CKM_CDMF_MAC:
    case CKM_CDMF_MAC_GENERAL:
    case CKM_CDMF_CBC_PAD:
    case CKM_CDMF_KEY_GEN:
       return CKM_CDMF_KEY_GEN;
    case CKM_RC2_ECB:
    case CKM_RC2_CBC:
    case CKM_RC2_MAC:
    case CKM_RC2_MAC_GENERAL:
    case CKM_RC2_CBC_PAD:
    case CKM_RC2_KEY_GEN:
       return CKM_RC2_KEY_GEN;
    case CKM_RC4:
    case CKM_RC4_KEY_GEN:
       return CKM_RC4_KEY_GEN;
    case CKM_RC5_ECB:
    case CKM_RC5_CBC:
    case CKM_RC5_MAC:
    case CKM_RC5_MAC_GENERAL:
    case CKM_RC5_CBC_PAD:
    case CKM_RC5_KEY_GEN:
       return CKM_RC5_KEY_GEN;
    case CKM_SKIPJACK_CBC64:
    case CKM_SKIPJACK_ECB64:
    case CKM_SKIPJACK_OFB64:
    case CKM_SKIPJACK_CFB64:
    case CKM_SKIPJACK_CFB32:
    case CKM_SKIPJACK_CFB16:
    case CKM_SKIPJACK_CFB8:
    case CKM_SKIPJACK_WRAP:
    case CKM_SKIPJACK_KEY_GEN:
       return CKM_SKIPJACK_KEY_GEN;
    case CKM_BATON_ECB128:
    case CKM_BATON_ECB96:
    case CKM_BATON_CBC128:
    case CKM_BATON_COUNTER:
    case CKM_BATON_SHUFFLE:
    case CKM_BATON_WRAP:
    case CKM_BATON_KEY_GEN:
       return CKM_BATON_KEY_GEN;
    case CKM_JUNIPER_ECB128:
    case CKM_JUNIPER_CBC128:
    case CKM_JUNIPER_COUNTER:
    case CKM_JUNIPER_SHUFFLE:
    case CKM_JUNIPER_WRAP:
    case CKM_JUNIPER_KEY_GEN:
       return CKM_JUNIPER_KEY_GEN;
    case CKM_IDEA_CBC:
    case CKM_IDEA_ECB:
    case CKM_IDEA_MAC:
    case CKM_IDEA_MAC_GENERAL:
    case CKM_IDEA_CBC_PAD:
    case CKM_IDEA_KEY_GEN:
       return CKM_IDEA_KEY_GEN;
    case CKM_CAST_ECB:
    case CKM_CAST_CBC:
    case CKM_CAST_MAC:
    case CKM_CAST_MAC_GENERAL:
    case CKM_CAST_CBC_PAD:
    case CKM_CAST_KEY_GEN:
       return CKM_CAST_KEY_GEN;
    case CKM_CAST3_ECB:
    case CKM_CAST3_CBC:
    case CKM_CAST3_MAC:
    case CKM_CAST3_MAC_GENERAL:
    case CKM_CAST3_CBC_PAD:
    case CKM_CAST3_KEY_GEN:
       return CKM_CAST3_KEY_GEN;
    case CKM_CAST5_ECB:
    case CKM_CAST5_CBC:
    case CKM_CAST5_MAC:
    case CKM_CAST5_MAC_GENERAL:
    case CKM_CAST5_CBC_PAD:
    case CKM_CAST5_KEY_GEN:
       return CKM_CAST5_KEY_GEN;
    case CKM_RSA_PKCS:
    case CKM_RSA_9796:
    case CKM_RSA_X_509:
    case CKM_MD2_RSA_PKCS:
    case CKM_MD5_RSA_PKCS:
    case CKM_SHA1_RSA_PKCS:
    case CKM_SHA256_RSA_PKCS:
    case CKM_SHA384_RSA_PKCS:
    case CKM_SHA512_RSA_PKCS:
    case CKM_KEY_WRAP_SET_OAEP:
    case CKM_RSA_PKCS_KEY_PAIR_GEN:
       return CKM_RSA_PKCS_KEY_PAIR_GEN;
    case CKM_RSA_X9_31_KEY_PAIR_GEN:
       return CKM_RSA_X9_31_KEY_PAIR_GEN;
    case CKM_DSA:
    case CKM_DSA_SHA1:
    case CKM_DSA_KEY_PAIR_GEN:
       return CKM_DSA_KEY_PAIR_GEN;
    case CKM_DH_PKCS_DERIVE:
    case CKM_DH_PKCS_KEY_PAIR_GEN:
       return CKM_DH_PKCS_KEY_PAIR_GEN;
    case CKM_KEA_KEY_DERIVE:
    case CKM_KEA_KEY_PAIR_GEN:
       return CKM_KEA_KEY_PAIR_GEN;
    case CKM_ECDSA:
    case CKM_ECDSA_SHA1:
    case CKM_EC_KEY_PAIR_GEN: /* aka CKM_ECDSA_KEY_PAIR_GEN */
    case CKM_ECDH1_DERIVE:
        return CKM_EC_KEY_PAIR_GEN; 
    case CKM_SSL3_PRE_MASTER_KEY_GEN:
    case CKM_SSL3_MASTER_KEY_DERIVE:
    case CKM_SSL3_KEY_AND_MAC_DERIVE:
    case CKM_SSL3_SHA1_MAC:
    case CKM_SSL3_MD5_MAC:
    case CKM_TLS_MASTER_KEY_DERIVE:
    case CKM_TLS_KEY_AND_MAC_DERIVE:
       return CKM_SSL3_PRE_MASTER_KEY_GEN;
    case CKM_SHA_1_HMAC:
    case CKM_SHA_1_HMAC_GENERAL:
    case CKM_SHA256_HMAC:
    case CKM_SHA256_HMAC_GENERAL:
    case CKM_SHA384_HMAC:
    case CKM_SHA384_HMAC_GENERAL:
    case CKM_SHA512_HMAC:
    case CKM_SHA512_HMAC_GENERAL:
    case CKM_MD2_HMAC:
    case CKM_MD2_HMAC_GENERAL:
    case CKM_MD5_HMAC:
    case CKM_MD5_HMAC_GENERAL:
    case CKM_TLS_PRF_GENERAL:
    case CKM_GENERIC_SECRET_KEY_GEN:
       return CKM_GENERIC_SECRET_KEY_GEN;
    case CKM_PBE_MD2_DES_CBC:
    case CKM_PBE_MD5_DES_CBC:
    case CKM_PBA_SHA1_WITH_SHA1_HMAC:
    case CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN:
    case CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN:
    case CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN:
    case CKM_NETSCAPE_PBE_SHA1_DES_CBC:
    case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC:
    case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC:
    case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4:
    case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4:
    case CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC:
    case CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC:
    case CKM_PBE_SHA1_RC2_40_CBC:
    case CKM_PBE_SHA1_RC2_128_CBC:
    case CKM_PBE_SHA1_RC4_40:
    case CKM_PBE_SHA1_RC4_128:
    case CKM_PBE_SHA1_DES3_EDE_CBC:
    case CKM_PBE_SHA1_DES2_EDE_CBC:
       return type;
    default:
       return pk11_lookup(type)->keyGen;
    }
}

Definition at line 175 of file pk11mech.c.

{
    switch (type) {
    case CKK_AES:
       return CKM_AES_CBC;
    case CKK_DES:
       return CKM_DES_CBC;
    case CKK_DES3:
       return CKM_DES3_KEY_GEN;
    case CKK_DES2:
       return CKM_DES2_KEY_GEN;
    case CKK_CDMF:
       return CKM_CDMF_CBC;
    case CKK_RC2:
       return CKM_RC2_CBC;
    case CKK_RC4:
       return CKM_RC4;
    case CKK_RC5:
       return CKM_RC5_CBC;
    case CKK_SKIPJACK:
       return CKM_SKIPJACK_CBC64;
    case CKK_BATON:
       return CKM_BATON_CBC128;
    case CKK_JUNIPER:
       return CKM_JUNIPER_CBC128;
    case CKK_IDEA:
       return CKM_IDEA_CBC;
    case CKK_CAST:
       return CKM_CAST_CBC;
    case CKK_CAST3:
       return CKM_CAST3_CBC;
    case CKK_CAST5:
       return CKM_CAST5_CBC;
    case CKK_RSA:
       return CKM_RSA_PKCS;
    case CKK_DSA:
       return CKM_DSA;
    case CKK_DH:
       return CKM_DH_PKCS_DERIVE;
    case CKK_KEA:
       return CKM_KEA_KEY_DERIVE;
    case CKK_EC:  /* CKK_ECDSA is deprecated */
       return CKM_ECDSA;
    case CKK_GENERIC_SECRET:
    default:
       return CKM_SHA_1_HMAC;
    }
}
char* PK11_GetObjectNickname ( PK11SlotInfo *  slot,
CK_OBJECT_HANDLE  id 
)

Definition at line 293 of file pk11obj.c.

{
    char *nickname = NULL;
    SECItem result;
    SECStatus rv;

    rv = PK11_ReadAttribute(slot,id,CKA_LABEL,NULL,&result);
    if (rv != SECSuccess) {
       return NULL;
    }

    nickname = PORT_ZAlloc(result.len+1);
    if (nickname == NULL) {
       PORT_Free(result.data);
       return NULL;
    }
    PORT_Memcpy(nickname, result.data, result.len);
    PORT_Free(result.data);
    return nickname;
}
PK11SlotList* PK11_GetPrivateKeyTokens ( CK_MECHANISM_TYPE  type,
PRBool  needRW,
void wincx 
)

Definition at line 1998 of file pk11slot.c.

{
    PK11SlotList *list = PK11_GetAllTokens(type,needRW,PR_TRUE,wincx);
    PK11SlotListElement *le, *next ;
    SECStatus rv;

    if (list == NULL) return list;

    for (le = list->head ; le; le = next) {
       next = le->next; /* save the pointer here in case we have to 
                       * free the element later */
        rv = PK11_Authenticate(le->slot,PR_TRUE,wincx);
       if (rv != SECSuccess) {
           PK11_DeleteSlotFromList(list,le);
           continue;
       }
    }
    return list;
}
CK_SESSION_HANDLE PK11_GetRWSession ( PK11SlotInfo *  slot)

Definition at line 666 of file pk11slot.c.

{
    CK_SESSION_HANDLE rwsession;
    CK_RV crv;
    PRBool haveMonitor = PR_FALSE;

    if (!slot->isThreadSafe || slot->defRWSession) {
       PK11_EnterSlotMonitor(slot);
       haveMonitor = PR_TRUE;
    }
    if (slot->defRWSession) {
       PORT_Assert(slot->session != CK_INVALID_SESSION);
       if (slot->session != CK_INVALID_SESSION) 
           return slot->session;
    }

    crv = PK11_GETTAB(slot)->C_OpenSession(slot->slotID,
                            CKF_RW_SESSION|CKF_SERIAL_SESSION,
                                     slot, pk11_notify,&rwsession);
    PORT_Assert(rwsession != CK_INVALID_SESSION || crv != CKR_OK);
    if (crv != CKR_OK || rwsession == CK_INVALID_SESSION) {
       if (crv == CKR_OK) 
           crv = CKR_DEVICE_ERROR;
       if (haveMonitor)
           PK11_ExitSlotMonitor(slot);
       PORT_SetError(PK11_MapError(crv));
       return CK_INVALID_SESSION;
    }
    if (slot->defRWSession) { /* we have the monitor */
       slot->session = rwsession;
    }
    return rwsession;
}

Here is the caller graph for this function:

PK11SlotList* PK11_GetSlotList ( CK_MECHANISM_TYPE  type)

Definition at line 802 of file pk11slot.c.

{
/* XXX a workaround for Bugzilla bug #55267 */
#if defined(HPUX) && defined(__LP64__)
    if (CKM_INVALID_MECHANISM == type)
        return NULL;
#endif
    switch (type) {
    case CKM_AES_CBC:
    case CKM_AES_ECB:
       return &pk11_aesSlotList;
    case CKM_DES_CBC:
    case CKM_DES_ECB:
    case CKM_DES3_ECB:
    case CKM_DES3_CBC:
       return &pk11_desSlotList;
    case CKM_RC4:
       return &pk11_rc4SlotList;
    case CKM_RC5_CBC:
       return &pk11_rc5SlotList;
    case CKM_SHA_1:
       return &pk11_sha1SlotList;
    case CKM_SHA256:
       return &pk11_sha256SlotList;
    case CKM_SHA384:
    case CKM_SHA512:
       return &pk11_sha512SlotList;
    case CKM_MD5:
       return &pk11_md5SlotList;
    case CKM_MD2:
       return &pk11_md2SlotList;
    case CKM_RC2_ECB:
    case CKM_RC2_CBC:
       return &pk11_rc2SlotList;
    case CKM_RSA_PKCS:
    case CKM_RSA_PKCS_KEY_PAIR_GEN:
    case CKM_RSA_X_509:
       return &pk11_rsaSlotList;
    case CKM_DSA:
       return &pk11_dsaSlotList;
    case CKM_DH_PKCS_KEY_PAIR_GEN:
    case CKM_DH_PKCS_DERIVE:
       return &pk11_dhSlotList;
    case CKM_ECDSA:
    case CKM_ECDSA_SHA1:
    case CKM_EC_KEY_PAIR_GEN: /* aka CKM_ECDSA_KEY_PAIR_GEN */
    case CKM_ECDH1_DERIVE:
       return &pk11_ecSlotList;
    case CKM_SSL3_PRE_MASTER_KEY_GEN:
    case CKM_SSL3_MASTER_KEY_DERIVE:
    case CKM_SSL3_SHA1_MAC:
    case CKM_SSL3_MD5_MAC:
       return &pk11_sslSlotList;
    case CKM_TLS_MASTER_KEY_DERIVE:
    case CKM_TLS_KEY_AND_MAC_DERIVE:
       return &pk11_tlsSlotList;
    case CKM_IDEA_CBC:
    case CKM_IDEA_ECB:
       return &pk11_ideaSlotList;
    case CKM_FAKE_RANDOM:
       return &pk11_randomSlotList;
    }
    return NULL;
}

Here is the caller graph for this function:

void PK11_HandlePasswordCheck ( PK11SlotInfo *  slot,
void wincx 
)

Definition at line 208 of file pk11auth.c.

{
    int askpw = slot->askpw;
    PRBool NeedAuth = PR_FALSE;

    if (!slot->needLogin) return;

    if ((slot->defaultFlags & PK11_OWN_PW_DEFAULTS) == 0) {
       PK11SlotInfo *def_slot = PK11_GetInternalKeySlot();

       if (def_slot) {
           askpw = def_slot->askpw;
           PK11_FreeSlot(def_slot);
       }
    }

    /* timeouts are handled by isLoggedIn */
    if (!PK11_IsLoggedIn(slot,wincx)) {
       NeedAuth = PR_TRUE;
    } else if (askpw == -1) {
       if (!PK11_Global.inTransaction     ||
                      (PK11_Global.transaction != slot->authTransact)) {
           PK11_EnterSlotMonitor(slot);
           PK11_GETTAB(slot)->C_Logout(slot->session);
           slot->lastLoginCheck = 0;
           PK11_ExitSlotMonitor(slot);
           NeedAuth = PR_TRUE;
       }
    }
    if (NeedAuth) PK11_DoPassword(slot,PR_TRUE,wincx);
}
CK_BBOOL PK11_HasAttributeSet ( PK11SlotInfo *  slot,
CK_OBJECT_HANDLE  id,
CK_ATTRIBUTE_TYPE  type 
)

Definition at line 182 of file pk11obj.c.

{
    CK_BBOOL ckvalue = CK_FALSE;
    CK_ATTRIBUTE theTemplate;
    CK_RV crv;

    /* Prepare to retrieve the attribute. */
    PK11_SETATTRS( &theTemplate, type, &ckvalue, sizeof( CK_BBOOL ) );

    /* Retrieve attribute value. */
    PK11_EnterSlotMonitor(slot);
    crv = PK11_GETTAB( slot )->C_GetAttributeValue( slot->session, id,
                                                    &theTemplate, 1 );
    PK11_ExitSlotMonitor(slot);
    if( crv != CKR_OK ) {
        PORT_SetError( PK11_MapError( crv ) );
        return CK_FALSE;
    }

    return ckvalue;
}

Definition at line 582 of file pk11cxt.c.

                             {
    PK11Context *cx;

    cx = PK11_CreateDigestContext(algID);
    if (cx == NULL) return PR_FALSE;
    PK11_DestroyContext(cx, PR_TRUE);
    return PR_TRUE;
}
void PK11_InitSlot ( SECMODModule *  mod,
CK_SLOT_ID  slotID,
PK11SlotInfo *  slot 
)

Definition at line 1471 of file pk11slot.c.

{
    SECStatus rv;
    char *tmp;
    CK_SLOT_INFO slotInfo;

    slot->functionList = mod->functionList;
    slot->isInternal = mod->internal;
    slot->slotID = slotID;
    slot->isThreadSafe = mod->isThreadSafe;
    slot->hasRSAInfo = PR_FALSE;
    
    if (PK11_GETTAB(slot)->C_GetSlotInfo(slotID,&slotInfo) != CKR_OK) {
       slot->disabled = PR_TRUE;
       slot->reason = PK11_DIS_COULD_NOT_INIT_TOKEN;
       return;
    }

    /* test to make sure claimed mechanism work */
    slot->needTest = mod->internal ? PR_FALSE : PR_TRUE;
    slot->module = mod; /* NOTE: we don't make a reference here because
                      * modules have references to their slots. This
                      * works because modules keep implicit references
                      * from their slots, and won't unload and disappear
                      * until all their slots have been freed */
    tmp = PK11_MakeString(NULL,slot->slot_name,
        (char *)slotInfo.slotDescription, sizeof(slotInfo.slotDescription));
    slot->isHW = (PRBool)((slotInfo.flags & CKF_HW_SLOT) == CKF_HW_SLOT);
#define ACTIVE_CARD "ActivCard SA"
    slot->isActiveCard = (PRBool)(PORT_Strncmp((char *)slotInfo.manufacturerID,
                            ACTIVE_CARD, sizeof(ACTIVE_CARD)-1) == 0);
    if ((slotInfo.flags & CKF_REMOVABLE_DEVICE) == 0) {
       slot->isPerm = PR_TRUE;
       /* permanment slots must have the token present always */
       if ((slotInfo.flags & CKF_TOKEN_PRESENT) == 0) {
           slot->disabled = PR_TRUE;
           slot->reason = PK11_DIS_TOKEN_NOT_PRESENT;
           return; /* nothing else to do */
       }
    }
    /* if the token is present, initialize it */
    if ((slotInfo.flags & CKF_TOKEN_PRESENT) != 0) {
       rv = PK11_InitToken(slot,PR_TRUE);
       /* the only hard failures are on permanent devices, or function
        * verify failures... function verify failures are already handled
        * by tokenInit */
       if ((rv != SECSuccess) && (slot->isPerm) && (!slot->disabled)) {
           slot->disabled = PR_TRUE;
           slot->reason = PK11_DIS_COULD_NOT_INIT_TOKEN;
       }
    }
    if (pk11_isRootSlot(slot)) {
       if (!slot->hasRootCerts) {
           slot->module->trustOrder = 100;
       }
       slot->hasRootCerts= PR_TRUE;
    }
}

Here is the caller graph for this function:

SECStatus PK11_InitToken ( PK11SlotInfo *  slot,
PRBool  loadCerts 
)

Definition at line 1252 of file pk11slot.c.

{
    CK_TOKEN_INFO tokenInfo;
    CK_RV crv;
    char *tmp;
    SECStatus rv;

    /* set the slot flags to the current token values */
    if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);
    crv = PK11_GETTAB(slot)->C_GetTokenInfo(slot->slotID,&tokenInfo);
    if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
    if (crv != CKR_OK) {
       PORT_SetError(PK11_MapError(crv));
       return SECFailure;
    }

    /* set the slot flags to the current token values */
    slot->series++; /* allow other objects to detect that the 
                    * slot is different */
    slot->flags = tokenInfo.flags;
    slot->needLogin = ((tokenInfo.flags & CKF_LOGIN_REQUIRED) ? 
                                                 PR_TRUE : PR_FALSE);
    slot->readOnly = ((tokenInfo.flags & CKF_WRITE_PROTECTED) ? 
                                                 PR_TRUE : PR_FALSE);
    slot->hasRandom = ((tokenInfo.flags & CKF_RNG) ? PR_TRUE : PR_FALSE);
    slot->protectedAuthPath =
              ((tokenInfo.flags & CKF_PROTECTED_AUTHENTICATION_PATH) 
                                                 ? PR_TRUE : PR_FALSE);
    slot->lastLoginCheck = 0;
    slot->lastState = 0;
    /* on some platforms Active Card incorrectly sets the 
     * CKF_PROTECTED_AUTHENTICATION_PATH bit when it doesn't mean to. */
    if (slot->isActiveCard) {
       slot->protectedAuthPath = PR_FALSE;
    }
    tmp = PK11_MakeString(NULL,slot->token_name,
                     (char *)tokenInfo.label, sizeof(tokenInfo.label));
    slot->minPassword = tokenInfo.ulMinPinLen;
    slot->maxPassword = tokenInfo.ulMaxPinLen;
    PORT_Memcpy(slot->serial,tokenInfo.serialNumber,sizeof(slot->serial));

    nssToken_UpdateName(slot->nssToken);

    slot->defRWSession = (PRBool)((!slot->readOnly) && 
                                   (tokenInfo.ulMaxSessionCount == 1));
    rv = PK11_ReadMechanismList(slot);
    if (rv != SECSuccess) return rv;

    slot->hasRSAInfo = PR_FALSE;
    slot->RSAInfoFlags = 0;

    /* initialize the maxKeyCount value */
    if (tokenInfo.ulMaxSessionCount == 0) {
       slot->maxKeyCount = 800; /* should be #define or a config param */
    } else if (tokenInfo.ulMaxSessionCount < 20) {
       /* don't have enough sessions to keep that many keys around */
       slot->maxKeyCount = 0;
    } else {
       slot->maxKeyCount = tokenInfo.ulMaxSessionCount/2;
    }

    /* Make sure our session handle is valid */
    if (slot->session == CK_INVALID_SESSION) {
       /* we know we don't have a valid session, go get one */
       CK_SESSION_HANDLE session;

       /* session should be Readonly, serial */
       if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);
       crv = PK11_GETTAB(slot)->C_OpenSession(slot->slotID,
             (slot->defRWSession ? CKF_RW_SESSION : 0) | CKF_SERIAL_SESSION,
                              slot,pk11_notify,&session);
       if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
       if (crv != CKR_OK) {
           PORT_SetError(PK11_MapError(crv));
           return SECFailure;
       }
       slot->session = session;
    } else {
       /* The session we have may be defunct (the token associated with it)
        * has been removed   */
       CK_SESSION_INFO sessionInfo;

       if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);
       crv = PK11_GETTAB(slot)->C_GetSessionInfo(slot->session,&sessionInfo);
        if (crv == CKR_DEVICE_ERROR) {
           PK11_GETTAB(slot)->C_CloseSession(slot->session);
           crv = CKR_SESSION_CLOSED;
       }
       if ((crv==CKR_SESSION_CLOSED) || (crv==CKR_SESSION_HANDLE_INVALID)) {
           crv =PK11_GETTAB(slot)->C_OpenSession(slot->slotID,
             (slot->defRWSession ? CKF_RW_SESSION : 0) | CKF_SERIAL_SESSION,
                                   slot,pk11_notify,&slot->session);
           if (crv != CKR_OK) {
               PORT_SetError(PK11_MapError(crv));
              slot->session = CK_INVALID_SESSION;
              if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
              return SECFailure;
           }
       }
       if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
    }

    nssToken_Refresh(slot->nssToken);

    if (!(slot->needLogin)) {
       return pk11_CheckVerifyTest(slot);
    }


    if (!(slot->isInternal) && (slot->hasRandom)) {
       /* if this slot has a random number generater, use it to add entropy
        * to the internal slot. */
       PK11SlotInfo *int_slot = PK11_GetInternalSlot();

       if (int_slot) {
           unsigned char random_bytes[32];

           /* if this slot can issue random numbers, get some entropy from
            * that random number generater and give it to our internal token.
            */
           PK11_EnterSlotMonitor(slot);
           crv = PK11_GETTAB(slot)->C_GenerateRandom
                     (slot->session,random_bytes, sizeof(random_bytes));
           PK11_ExitSlotMonitor(slot);
           if (crv == CKR_OK) {
               PK11_EnterSlotMonitor(int_slot);
              PK11_GETTAB(int_slot)->C_SeedRandom(int_slot->session,
                                   random_bytes, sizeof(random_bytes));
               PK11_ExitSlotMonitor(int_slot);
           }

           /* Now return the favor and send entropy to the token's random 
            * number generater */
           PK11_EnterSlotMonitor(int_slot);
           crv = PK11_GETTAB(int_slot)->C_GenerateRandom(int_slot->session,
                                   random_bytes, sizeof(random_bytes));
           PK11_ExitSlotMonitor(int_slot);
           if (crv == CKR_OK) {
               PK11_EnterSlotMonitor(slot);
              PK11_GETTAB(slot)->C_SeedRandom(slot->session,
                                   random_bytes, sizeof(random_bytes));
               PK11_ExitSlotMonitor(slot);
           }
           PK11_FreeSlot(int_slot);
       }
    }

       
    return SECSuccess;
}

Here is the caller graph for this function:

PRBool PK11_IsPermObject ( PK11SlotInfo *  slot,
CK_OBJECT_HANDLE  handle 
)

Definition at line 287 of file pk11obj.c.

void PK11_LoadSlotList ( PK11SlotInfo *  slot,
PK11PreSlotInfo *  psi,
int  count 
)

Definition at line 873 of file pk11slot.c.

{
    int i;

    for (i=0; i < count; i++) {
       if (psi[i].slotID == slot->slotID)
           break;
    }

    if (i == count) return;

    slot->defaultFlags = psi[i].defaultFlags;
    slot->askpw = psi[i].askpw;
    slot->timeout = psi[i].timeout;
    slot->hasRootCerts = psi[i].hasRootCerts;

    /* if the slot is already disabled, don't load them into the
     * default slot lists. We get here so we can save the default
     * list value. */
    if (slot->disabled) return;

    /* if the user has disabled us, don't load us in */
    if (slot->defaultFlags & PK11_DISABLE_FLAG) {
       slot->disabled = PR_TRUE;
       slot->reason = PK11_DIS_USER_SELECTED;
       /* free up sessions and things?? */
       return;
    }

    for (i=0; i < num_pk11_default_mechanisms; i++) {
       if (slot->defaultFlags & PK11_DefaultArray[i].flag) {
           CK_MECHANISM_TYPE mechanism = PK11_DefaultArray[i].mechanism;
           PK11SlotList *slotList = PK11_GetSlotList(mechanism);

           if (slotList) PK11_AddSlotToList(slotList,slot);
       }
    }

    return;
}

Here is the caller graph for this function:

SECStatus PK11_LookupCrls ( CERTCrlHeadNode *  nodes,
int  type,
void wincx 
)

Definition at line 251 of file pk11nobj.c.

                                                               {
    pk11TraverseSlot creater;
    CK_ATTRIBUTE theTemplate[2];
    CK_ATTRIBUTE *attrs;
    CK_OBJECT_CLASS certClass = CKO_NETSCAPE_CRL;
    CK_BBOOL isKrl = CK_FALSE;

    attrs = theTemplate;
    PK11_SETATTRS(attrs, CKA_CLASS, &certClass, sizeof(certClass)); attrs++;
    if (type != -1) {
       isKrl = (CK_BBOOL) (type == SEC_KRL_TYPE);
        PK11_SETATTRS(attrs, CKA_NETSCAPE_KRL, &isKrl, sizeof(isKrl)); attrs++;
    }

    creater.callback = pk11_CollectCrls;
    creater.callbackArg = (void *) nodes;
    creater.findTemplate = theTemplate;
    creater.templateCount = (attrs - theTemplate);

    return pk11_TraverseAllSlots(PK11_TraverseSlot, &creater, PR_FALSE, wincx);
}
char* PK11_MakeString ( PRArenaPool arena,
char *  space,
char *  staticSring,
int  stringLen 
)

Definition at line 988 of file pk11slot.c.

{
       int i;
       char *newString;
       for(i=(stringLen-1); i >= 0; i--) {
         if (staticString[i] != ' ') break;
       }
       /* move i to point to the last space */
       i++;
       if (arena) {
           newString = (char*)PORT_ArenaAlloc(arena,i+1 /* space for NULL */);
       } else if (space) {
           newString = space;
       } else {
           newString = (char*)PORT_Alloc(i+1 /* space for NULL */);
       }
       if (newString == NULL) return NULL;

       if (i) PORT_Memcpy(newString,staticString, i);
       newString[i] = 0;

       return newString;
}

Here is the caller graph for this function:

int PK11_MapError ( CK_RV  error)

Definition at line 63 of file pk11err.c.

                        {

       switch (rv) {
#define MAPERROR(x,y) case x: return y;

#endif

/* the guts mapping */
       MAPERROR(CKR_OK, 0)
       MAPERROR(CKR_CANCEL, SEC_ERROR_IO)
       MAPERROR(CKR_HOST_MEMORY, SEC_ERROR_NO_MEMORY)
       MAPERROR(CKR_SLOT_ID_INVALID, SEC_ERROR_BAD_DATA)
       MAPERROR(CKR_ATTRIBUTE_READ_ONLY, SEC_ERROR_READ_ONLY)
       MAPERROR(CKR_ATTRIBUTE_SENSITIVE, SEC_ERROR_IO) /* XX SENSITIVE */
       MAPERROR(CKR_ATTRIBUTE_TYPE_INVALID, SEC_ERROR_BAD_DATA)
       MAPERROR(CKR_ATTRIBUTE_VALUE_INVALID, SEC_ERROR_BAD_DATA)
       MAPERROR(CKR_DATA_INVALID, SEC_ERROR_BAD_DATA)
       MAPERROR(CKR_DATA_LEN_RANGE, SEC_ERROR_BAD_DATA)
       MAPERROR(CKR_DEVICE_ERROR, SEC_ERROR_IO)
       MAPERROR(CKR_DEVICE_MEMORY, SEC_ERROR_NO_MEMORY)
       MAPERROR(CKR_DEVICE_REMOVED, SEC_ERROR_NO_TOKEN)
       MAPERROR(CKR_ENCRYPTED_DATA_INVALID, SEC_ERROR_BAD_DATA)
       MAPERROR(CKR_ENCRYPTED_DATA_LEN_RANGE, SEC_ERROR_BAD_DATA)
       MAPERROR(CKR_FUNCTION_CANCELED, SEC_ERROR_LIBRARY_FAILURE)
       MAPERROR(CKR_FUNCTION_NOT_PARALLEL, SEC_ERROR_LIBRARY_FAILURE)
       MAPERROR(CKR_KEY_HANDLE_INVALID, SEC_ERROR_INVALID_KEY)
       MAPERROR(CKR_KEY_SIZE_RANGE, SEC_ERROR_INVALID_KEY)
       MAPERROR(CKR_KEY_TYPE_INCONSISTENT, SEC_ERROR_INVALID_KEY)
       MAPERROR(CKR_MECHANISM_INVALID, SEC_ERROR_BAD_DATA)
       MAPERROR(CKR_MECHANISM_PARAM_INVALID, SEC_ERROR_BAD_DATA)
       MAPERROR(CKR_NO_EVENT, SEC_ERROR_NO_EVENT)
       MAPERROR(CKR_OBJECT_HANDLE_INVALID, SEC_ERROR_BAD_DATA)
       MAPERROR(CKR_OPERATION_ACTIVE, SEC_ERROR_LIBRARY_FAILURE)
       MAPERROR(CKR_OPERATION_NOT_INITIALIZED,SEC_ERROR_LIBRARY_FAILURE )
       MAPERROR(CKR_PIN_INCORRECT, SEC_ERROR_BAD_PASSWORD)
       MAPERROR(CKR_PIN_INVALID, SEC_ERROR_INVALID_PASSWORD)
       MAPERROR(CKR_PIN_LEN_RANGE, SEC_ERROR_INVALID_PASSWORD)
       MAPERROR(CKR_SESSION_CLOSED, SEC_ERROR_LIBRARY_FAILURE)
       MAPERROR(CKR_SESSION_COUNT, SEC_ERROR_NO_MEMORY) /* XXXX? */
       MAPERROR(CKR_SESSION_HANDLE_INVALID, SEC_ERROR_BAD_DATA)
       MAPERROR(CKR_SESSION_PARALLEL_NOT_SUPPORTED, SEC_ERROR_LIBRARY_FAILURE)
       MAPERROR(CKR_SESSION_READ_ONLY, SEC_ERROR_LIBRARY_FAILURE)
       MAPERROR(CKR_SIGNATURE_INVALID, SEC_ERROR_BAD_SIGNATURE)
       MAPERROR(CKR_SIGNATURE_LEN_RANGE, SEC_ERROR_BAD_SIGNATURE)
       MAPERROR(CKR_TEMPLATE_INCOMPLETE, SEC_ERROR_BAD_DATA)
       MAPERROR(CKR_TEMPLATE_INCONSISTENT, SEC_ERROR_BAD_DATA)
       MAPERROR(CKR_TOKEN_NOT_PRESENT, SEC_ERROR_NO_TOKEN)
       MAPERROR(CKR_TOKEN_NOT_RECOGNIZED, SEC_ERROR_IO)
       MAPERROR(CKR_TOKEN_WRITE_PROTECTED, SEC_ERROR_READ_ONLY)
       MAPERROR(CKR_UNWRAPPING_KEY_HANDLE_INVALID, SEC_ERROR_INVALID_KEY)
       MAPERROR(CKR_UNWRAPPING_KEY_SIZE_RANGE, SEC_ERROR_INVALID_KEY)
       MAPERROR(CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, SEC_ERROR_INVALID_KEY)
       MAPERROR(CKR_USER_ALREADY_LOGGED_IN, 0)
       MAPERROR(CKR_USER_NOT_LOGGED_IN, SEC_ERROR_TOKEN_NOT_LOGGED_IN)
       MAPERROR(CKR_USER_PIN_NOT_INITIALIZED, SEC_ERROR_NO_TOKEN)
       MAPERROR(CKR_USER_TYPE_INVALID, SEC_ERROR_LIBRARY_FAILURE)
       MAPERROR(CKR_WRAPPED_KEY_INVALID, SEC_ERROR_INVALID_KEY)
       MAPERROR(CKR_WRAPPED_KEY_LEN_RANGE, SEC_ERROR_INVALID_KEY)
       MAPERROR(CKR_WRAPPING_KEY_HANDLE_INVALID, SEC_ERROR_INVALID_KEY)
       MAPERROR(CKR_WRAPPING_KEY_SIZE_RANGE, SEC_ERROR_INVALID_KEY)
       MAPERROR(CKR_WRAPPING_KEY_TYPE_INCONSISTENT, SEC_ERROR_INVALID_KEY)
       MAPERROR(CKR_VENDOR_DEFINED, SEC_ERROR_LIBRARY_FAILURE)
       MAPERROR(CKR_NETSCAPE_CERTDB_FAILED, SEC_ERROR_BAD_DATABASE)
       MAPERROR(CKR_NETSCAPE_KEYDB_FAILED, SEC_ERROR_BAD_DATABASE)
       MAPERROR(CKR_CANT_LOCK, SEC_ERROR_INCOMPATIBLE_PKCS11)

#ifdef PK11_ERROR_USE_ARRAY 
};

int
PK11_MapError(CK_RV rv) {
    int size = sizeof(pk11_error_map)/sizeof(pk11_error_map[0]);

    for (i=0; i < size; i++) {
       if (pk11_error_map[i].pk11_error == rv) {
           return pk11_error_map[i].sec_error;
       }
    }
    return SEC_ERROR_IO;
 }


#else

    default:
       break;
    }
    return SEC_ERROR_IO;
}
CK_OBJECT_HANDLE PK11_MatchItem ( PK11SlotInfo *  slot,
CK_OBJECT_HANDLE  peer,
CK_OBJECT_CLASS  o_class 
)

Definition at line 1456 of file pk11obj.c.

{
    CK_ATTRIBUTE theTemplate[] = {
       { CKA_ID, NULL, 0 },
       { CKA_CLASS, NULL, 0 }
    };
    /* if you change the array, change the variable below as well */
    CK_ATTRIBUTE *keyclass = &theTemplate[1];
    int tsize = sizeof(theTemplate)/sizeof(theTemplate[0]);
    /* if you change the array, change the variable below as well */
    CK_OBJECT_HANDLE peerID;
    CK_OBJECT_HANDLE parent;
    PRArenaPool *arena;
    CK_RV crv;

    /* now we need to create space for the public key */
    arena = PORT_NewArena( DER_DEFAULT_CHUNKSIZE);
    if (arena == NULL) return CK_INVALID_HANDLE;

    crv = PK11_GetAttributes(arena,slot,searchID,theTemplate,tsize);
    if (crv != CKR_OK) {
       PORT_FreeArena(arena,PR_FALSE);
       PORT_SetError( PK11_MapError(crv) );
       return CK_INVALID_HANDLE;
    }

    if ((theTemplate[0].ulValueLen == 0) || (theTemplate[0].ulValueLen == -1)) {
       PORT_FreeArena(arena,PR_FALSE);
       PORT_SetError(SEC_ERROR_BAD_KEY);
       return CK_INVALID_HANDLE;
     }
       
       

    /*
     * issue the find
     */
    parent = *(CK_OBJECT_CLASS *)(keyclass->pValue);
    *(CK_OBJECT_CLASS *)(keyclass->pValue) = matchclass;

    peerID = pk11_FindObjectByTemplate(slot,theTemplate,tsize);
    PORT_FreeArena(arena,PR_FALSE);

    return peerID;
}
PRBool PK11_NeedPWInitForSlot ( PK11SlotInfo *  slot)

Definition at line 647 of file pk11auth.c.

{
    if (slot->needLogin && PK11_NeedUserInit(slot)) {
       return PR_TRUE;
    }
    if (!slot->needLogin && !PK11_NeedUserInit(slot)) {
       return PR_TRUE;
    }
    return PR_FALSE;
}
PK11SlotInfo* PK11_NewSlotInfo ( SECMODModule *  mod)

Definition at line 346 of file pk11slot.c.

{
    PK11SlotInfo *slot;

    slot = (PK11SlotInfo *)PORT_Alloc(sizeof(PK11SlotInfo));
    if (slot == NULL) return slot;

    slot->sessionLock = mod->isThreadSafe ?
       PZ_NewLock(nssILockSession) : mod->refLock;
    if (slot->sessionLock == NULL) {
       PORT_Free(slot);
       return NULL;
    }
    slot->freeListLock = PZ_NewLock(nssILockFreelist);
    if (slot->freeListLock == NULL) {
       if (mod->isThreadSafe) {
           PZ_DestroyLock(slot->sessionLock);
       }
       PORT_Free(slot);
       return NULL;
    }
    slot->freeSymKeysWithSessionHead = NULL;
    slot->freeSymKeysHead = NULL;
    slot->keyCount = 0;
    slot->maxKeyCount = 0;
    slot->functionList = NULL;
    slot->needTest = PR_TRUE;
    slot->isPerm = PR_FALSE;
    slot->isHW = PR_FALSE;
    slot->isInternal = PR_FALSE;
    slot->isThreadSafe = PR_FALSE;
    slot->disabled = PR_FALSE;
    slot->series = 1;
    slot->wrapKey = 0;
    slot->wrapMechanism = CKM_INVALID_MECHANISM;
    slot->refKeys[0] = CK_INVALID_HANDLE;
    slot->reason = PK11_DIS_NONE;
    slot->readOnly = PR_TRUE;
    slot->needLogin = PR_FALSE;
    slot->hasRandom = PR_FALSE;
    slot->defRWSession = PR_FALSE;
    slot->protectedAuthPath = PR_FALSE;
    slot->flags = 0;
    slot->session = CK_INVALID_SESSION;
    slot->slotID = 0;
    slot->defaultFlags = 0;
    slot->refCount = 1;
    slot->askpw = 0;
    slot->timeout = 0;
    slot->mechanismList = NULL;
    slot->mechanismCount = 0;
    slot->cert_array = NULL;
    slot->cert_count = 0;
    slot->slot_name[0] = 0;
    slot->token_name[0] = 0;
    PORT_Memset(slot->serial,' ',sizeof(slot->serial));
    slot->module = NULL;
    slot->authTransact = 0;
    slot->authTime = LL_ZERO;
    slot->minPassword = 0;
    slot->maxPassword = 0;
    slot->hasRootCerts = PR_FALSE;
    slot->nssToken = NULL;
    return slot;
}

Here is the caller graph for this function:

SEC_BEGIN_PROTOS PK11SlotList* PK11_NewSlotList ( void  )

Definition at line 128 of file pk11slot.c.

{
    PK11SlotList *list;
 
    list = (PK11SlotList *)PORT_Alloc(sizeof(PK11SlotList));
    if (list == NULL) return NULL;
    list->head = NULL;
    list->tail = NULL;
    list->lock = PZ_NewLock(nssILockList);
    if (list->lock == NULL) {
       PORT_Free(list);
       return NULL;
    }

    return list;
}

Here is the caller graph for this function:

int PK11_NumberCertsForCertSubject ( CERTCertificate *  cert)

Definition at line 1671 of file pk11cert.c.

{
    CK_OBJECT_CLASS certClass = CKO_CERTIFICATE;
    CK_ATTRIBUTE theTemplate[] = {
       { CKA_CLASS, NULL, 0 },
       { CKA_SUBJECT, NULL, 0 },
    };
    CK_ATTRIBUTE *attr = theTemplate;
   int templateSize = sizeof(theTemplate)/sizeof(theTemplate[0]);

    PK11_SETATTRS(attr,CKA_CLASS, &certClass, sizeof(certClass)); attr++;
    PK11_SETATTRS(attr,CKA_SUBJECT,cert->derSubject.data,cert->derSubject.len);

    if (cert->slot == NULL) {
       PK11SlotList *list = PK11_GetAllTokens(CKM_INVALID_MECHANISM,
                                                 PR_FALSE,PR_TRUE,NULL);
       PK11SlotListElement *le;
       int count = 0;

       /* loop through all the fortezza tokens */
       for (le = list->head; le; le = le->next) {
           count += PK11_NumberObjectsFor(le->slot,theTemplate,templateSize);
       }
       PK11_FreeSlotList(list);
       return count;
    }

    return PK11_NumberObjectsFor(cert->slot,theTemplate,templateSize);
}
CK_OBJECT_HANDLE PK11_PutCrl ( PK11SlotInfo *  slot,
SECItem *  crl,
SECItem *  name,
char *  url,
int  type 
)

Definition at line 510 of file pk11nobj.c.

{
    NSSItem derCRL, derSubject;
    NSSToken *token = PK11Slot_GetNSSToken(slot);
    nssCryptokiObject *object;
    PRBool isKRL = (type == SEC_CRL_TYPE) ? PR_FALSE : PR_TRUE;
    CK_OBJECT_HANDLE rvH;

    NSSITEM_FROM_SECITEM(&derSubject, name);
    NSSITEM_FROM_SECITEM(&derCRL, crl);

    object = nssToken_ImportCRL(token, NULL, 
                                &derSubject, &derCRL, isKRL, url, PR_TRUE);

    if (object) {
       rvH = object->handle;
       nssCryptokiObject_Destroy(object);
    } else {
       rvH = CK_INVALID_HANDLE;
    }
    return rvH;
}
SECStatus PK11_ReadAttribute ( PK11SlotInfo *  slot,
CK_OBJECT_HANDLE  id,
CK_ATTRIBUTE_TYPE  type,
PRArenaPool arena,
SECItem *  result 
)

Definition at line 120 of file pk11obj.c.

                                                                     {
    CK_ATTRIBUTE attr = { 0, NULL, 0 };
    CK_RV crv;

    attr.type = type;

    PK11_EnterSlotMonitor(slot);
    crv = PK11_GETTAB(slot)->C_GetAttributeValue(slot->session,id,&attr,1);
    if (crv != CKR_OK) {
       PK11_ExitSlotMonitor(slot);
       PORT_SetError(PK11_MapError(crv));
       return SECFailure;
    }
    if (arena) {
       attr.pValue = PORT_ArenaAlloc(arena,attr.ulValueLen);
    } else {
       attr.pValue = PORT_Alloc(attr.ulValueLen);
    }
    if (attr.pValue == NULL) {
       PK11_ExitSlotMonitor(slot);
       return SECFailure;
    }
    crv = PK11_GETTAB(slot)->C_GetAttributeValue(slot->session,id,&attr,1);
    PK11_ExitSlotMonitor(slot);
    if (crv != CKR_OK) {
       PORT_SetError(PK11_MapError(crv));
       if (!arena) PORT_Free(attr.pValue);
       return SECFailure;
    }

    result->data = (unsigned char*)attr.pValue;
    result->len = attr.ulValueLen;

    return SECSuccess;
}
SECStatus PK11_ReadSlotCerts ( PK11SlotInfo *  slot)
CK_ULONG PK11_ReadULongAttribute ( PK11SlotInfo *  slot,
CK_OBJECT_HANDLE  id,
CK_ATTRIBUTE_TYPE  type 
)

Definition at line 161 of file pk11obj.c.

                                {
    CK_ATTRIBUTE attr;
    CK_ULONG value = CK_UNAVAILABLE_INFORMATION;
    CK_RV crv;

    PK11_SETATTRS(&attr,type,&value,sizeof(value));

    PK11_EnterSlotMonitor(slot);
    crv = PK11_GETTAB(slot)->C_GetAttributeValue(slot->session,id,&attr,1);
    PK11_ExitSlotMonitor(slot);
    if (crv != CKR_OK) {
       PORT_SetError(PK11_MapError(crv));
    }
    return value;
}
void PK11_RestoreROSession ( PK11SlotInfo *  slot,
CK_SESSION_HANDLE  rwsession 
)

Definition at line 725 of file pk11slot.c.

{
    PORT_Assert(rwsession != CK_INVALID_SESSION);
    if (rwsession != CK_INVALID_SESSION) {
       PRBool doExit = PK11_RWSessionHasLock(slot, rwsession);
       if (!pk11_RWSessionIsDefault(slot, rwsession))
           PK11_GETTAB(slot)->C_CloseSession(rwsession);
       if (doExit)
           PK11_ExitSlotMonitor(slot);
    }
}

Here is the caller graph for this function:

SECStatus pk11_RetrieveCrls ( CERTCrlHeadNode *  nodes,
SECItem *  issuer,
void wincx 
)

Definition at line 387 of file pk11nobj.c.

{
    pk11TraverseSlot creater;
    CK_ATTRIBUTE theTemplate[2];
    CK_ATTRIBUTE *attrs;
    CK_OBJECT_CLASS crlClass = CKO_NETSCAPE_CRL;
    crlOptions options;

    attrs = theTemplate;
    PK11_SETATTRS(attrs, CKA_CLASS, &crlClass, sizeof(crlClass)); attrs++;

    options.head = nodes;

    /* - do a partial decoding - we don't need to decode the entries while
       fetching
       - don't copy the DER for optimal performance - CRL can be very large
       - have the CRL objects adopt the DER, so SEC_DestroyCrl will free it
       - keep bad CRL objects. The CRL cache is interested in them, for
         security purposes. Bad CRL objects are a sign of something amiss.
    */

    options.decodeOptions = CRL_DECODE_SKIP_ENTRIES | CRL_DECODE_DONT_COPY_DER |
                            CRL_DECODE_ADOPT_HEAP_DER | CRL_DECODE_KEEP_BAD_CRL;
    if (issuer)
    {
        PK11_SETATTRS(attrs, CKA_SUBJECT, issuer->data, issuer->len); attrs++;
    }

    creater.callback = pk11_RetrieveCrlsCallback;
    creater.callbackArg = (void *) &options;
    creater.findTemplate = theTemplate;
    creater.templateCount = (attrs - theTemplate);

    return pk11_TraverseAllSlots(PK11_TraverseSlot, &creater, PR_FALSE, wincx);
}
PRBool PK11_RWSessionHasLock ( PK11SlotInfo *  slot,
CK_SESSION_HANDLE  session_handle 
)

Definition at line 701 of file pk11slot.c.

{
    PRBool hasLock;
    hasLock = (PRBool)(!slot->isThreadSafe || 
             (slot->defRWSession && slot->session != CK_INVALID_SESSION));
    return hasLock;
}

Here is the caller graph for this function:

SECStatus PK11_SaveSMimeProfile ( PK11SlotInfo *  slot,
char *  emailAddr,
SECItem *  derSubj,
SECItem *  emailProfile,
SECItem *  profileTime 
)

Definition at line 674 of file pk11nobj.c.

{
    CK_OBJECT_CLASS smimeClass = CKO_NETSCAPE_SMIME;
    CK_BBOOL ck_true = CK_TRUE;
    CK_ATTRIBUTE theTemplate[] = {
       { CKA_CLASS, NULL, 0 },
       { CKA_TOKEN, NULL, 0 },
       { CKA_SUBJECT, NULL, 0 },
       { CKA_NETSCAPE_EMAIL, NULL, 0 },
       { CKA_NETSCAPE_SMIME_TIMESTAMP, NULL, 0 },
       { CKA_VALUE, NULL, 0 }
    };
    /* if you change the array, change the variable below as well */
    int realSize = 0;
    CK_OBJECT_HANDLE smimeh = CK_INVALID_HANDLE;
    CK_ATTRIBUTE *attrs = theTemplate;
    CK_SESSION_HANDLE rwsession;
    PK11SlotInfo *free_slot = NULL;
    CK_RV crv;
#ifdef DEBUG
    int tsize = sizeof(theTemplate)/sizeof(theTemplate[0]);
#endif

    PK11_SETATTRS(attrs, CKA_CLASS, &smimeClass, sizeof(smimeClass)); attrs++;
    PK11_SETATTRS(attrs, CKA_TOKEN, &ck_true, sizeof(ck_true)); attrs++;
    PK11_SETATTRS(attrs, CKA_SUBJECT, derSubj->data, derSubj->len); attrs++;
    PK11_SETATTRS(attrs, CKA_NETSCAPE_EMAIL, 
                            emailAddr, PORT_Strlen(emailAddr)+1); attrs++;
    if (profileTime) {
       PK11_SETATTRS(attrs, CKA_NETSCAPE_SMIME_TIMESTAMP, profileTime->data,
                                                   profileTime->len); attrs++;
       PK11_SETATTRS(attrs, CKA_VALUE,emailProfile->data,
                                                   emailProfile->len); attrs++;
    }
    realSize = attrs - theTemplate;
    PORT_Assert (realSize <= tsize);

    if (slot == NULL) {
       free_slot = slot = PK11_GetInternalKeySlot();
       /* we need to free the key slot in the end!!! */
    }

    rwsession = PK11_GetRWSession(slot);
    if (rwsession == CK_INVALID_SESSION) {
       PORT_SetError(SEC_ERROR_READ_ONLY);
       if (free_slot) {
           PK11_FreeSlot(free_slot);
       }
       return SECFailure;
    }

    crv = PK11_GETTAB(slot)->
                        C_CreateObject(rwsession,theTemplate,realSize,&smimeh);
    if (crv != CKR_OK) {
        PORT_SetError( PK11_MapError(crv) );
    }

    PK11_RestoreROSession(slot,rwsession);

    if (free_slot) {
       PK11_FreeSlot(free_slot);
    }
    return SECSuccess;
}
SECStatus pk11_setGlobalOptions ( PRBool  noSingleThreadedModules,
PRBool  allowAlreadyInitializedModules,
PRBool  dontFinalizeModules 
)

Definition at line 100 of file pk11load.c.

{
    if (noSingleThreadedModules) {
        loadSingleThreadedModules = PR_FALSE;
    } else {
        loadSingleThreadedModules = PR_TRUE;
    }
    if (allowAlreadyInitializedModules) {
        enforceAlreadyInitializedError = PR_FALSE;
    } else {
        enforceAlreadyInitializedError = PR_TRUE;
    }
    if (dontFinalizeModules) {
        finalizeModules = PR_FALSE;
    } else {
        finalizeModules = PR_TRUE;
    }
    return SECSuccess;
}

Definition at line 508 of file pk11auth.c.

{
    PK11_Global.isLoggedIn = func;
}
SECStatus PK11_SetObjectNickname ( PK11SlotInfo *  slot,
CK_OBJECT_HANDLE  id,
const char *  nickname 
)

Definition at line 315 of file pk11obj.c.

{
    int len = PORT_Strlen(nickname);
    CK_ATTRIBUTE setTemplate;
    CK_RV crv;
    CK_SESSION_HANDLE rwsession;

    if (len < 0) {
       return SECFailure;
    }

    PK11_SETATTRS(&setTemplate, CKA_LABEL, (CK_CHAR *) nickname, len);
    rwsession = PK11_GetRWSession(slot);
    if (rwsession == CK_INVALID_SESSION) {
       PORT_SetError(SEC_ERROR_BAD_DATA);
       return SECFailure;
    }
    crv = PK11_GETTAB(slot)->C_SetAttributeValue(rwsession, id,
                     &setTemplate, 1);
    PK11_RestoreROSession(slot, rwsession);
    if (crv != CKR_OK) {
       PORT_SetError(PK11_MapError(crv));
       return SECFailure;
    }
    return SECSuccess;
}

Definition at line 502 of file pk11auth.c.

{
    PK11_Global.verifyPass = func;
}
SECStatus pk11_TraverseAllSlots ( SECStatus(*)(PK11SlotInfo *, void *)  callback,
void cbArg,
PRBool  forceLogin,
void pwArg 
)

Definition at line 1576 of file pk11obj.c.

                                                                       {
    PK11SlotList *list;
    PK11SlotListElement *le;
    SECStatus rv;

    /* get them all! */
    list = PK11_GetAllTokens(CKM_INVALID_MECHANISM,PR_FALSE,PR_FALSE,wincx);
    if (list == NULL) return SECFailure;

    /* look at each slot and authenticate as necessary */
    for (le = list->head ; le; le = le->next) {
       if (forceLogin) {
           rv = pk11_AuthenticateUnfriendly(le->slot, PR_FALSE, wincx);
           if (rv != SECSuccess) {
              continue;
           }
       }
       if (callback) {
           (*callback)(le->slot,arg);
       }
    }

    PK11_FreeSlotList(list);

    return SECSuccess;
}
SECStatus PK11_TraverseCertsForSubject ( CERTCertificate *  cert,
SECStatus(*)(CERTCertificate *, void *)  callback,
void arg 
)

Definition at line 1705 of file pk11cert.c.

{
    if(!cert) {
       return SECFailure;
    }
    if (cert->slot == NULL) {
       PK11SlotList *list = PK11_GetAllTokens(CKM_INVALID_MECHANISM,
                                                 PR_FALSE,PR_TRUE,NULL);
       PK11SlotListElement *le;

       /* loop through all the tokens */
       for (le = list->head; le; le = le->next) {
           PK11_TraverseCertsForSubjectInSlot(cert,le->slot,callback,arg);
       }
       PK11_FreeSlotList(list);
       return SECSuccess;

    }

    return PK11_TraverseCertsForSubjectInSlot(cert, cert->slot, callback, arg);
}
SECStatus PK11_TraverseCertsInSlot ( PK11SlotInfo *  slot,
SECStatus(*)(CERTCertificate *, void *)  callback,
void arg 
)

Definition at line 1865 of file pk11cert.c.

{
    PRStatus nssrv;
    NSSTrustDomain *td = STAN_GetDefaultTrustDomain();
    NSSToken *tok;
    nssList *certList = NULL;
    nssCryptokiObject **instances;
    nssPKIObjectCollection *collection;
    NSSCertificate **certs;
    nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
    tok = PK11Slot_GetNSSToken(slot);
    if (!nssToken_IsPresent(tok)) {
       return SECSuccess;
    }
    collection = nssCertificateCollection_Create(td, NULL);
    if (!collection) {
       return SECFailure;
    }
    certList = nssList_Create(NULL, PR_FALSE);
    if (!certList) {
       nssPKIObjectCollection_Destroy(collection);
       return SECFailure;
    }
    (void *)nssTrustDomain_GetCertsFromCache(td, certList);
    transfer_token_certs_to_collection(certList, tok, collection);
    instances = nssToken_FindCertificates(tok, NULL,
                                          tokenOnly, 0, &nssrv);
    nssPKIObjectCollection_AddInstances(collection, instances, 0);
    nss_ZFreeIf(instances);
    nssList_Destroy(certList);
    certs = nssPKIObjectCollection_GetCertificates(collection,
                                                   NULL, 0, NULL);
    nssPKIObjectCollection_Destroy(collection);
    if (certs) {
       CERTCertificate *oldie;
       NSSCertificate **cp;
       for (cp = certs; *cp; cp++) {
           oldie = STAN_GetCERTCertificate(*cp);
           if (!oldie) {
              continue;
           }
           if ((*callback)(oldie, arg) != SECSuccess) {
              nssrv = PR_FAILURE;
              break;
           }
       }
       nssCertificateArray_Destroy(certs);
    }
    return (nssrv == PR_SUCCESS) ? SECSuccess : SECFailure;
}
SECStatus PK11_TraversePrivateKeysInSlot ( PK11SlotInfo *  slot,
SECStatus(*)(SECKEYPrivateKey *, void *)  callback,
void arg 
)

Definition at line 1763 of file pk11akey.c.

{
    pk11KeyCallback perKeyCB;
    pk11TraverseSlot perObjectCB;
    CK_OBJECT_CLASS privkClass = CKO_PRIVATE_KEY;
    CK_BBOOL ckTrue = CK_TRUE;
    CK_ATTRIBUTE theTemplate[2];
    int templateSize = 2;

    theTemplate[0].type = CKA_CLASS;
    theTemplate[0].pValue = &privkClass;
    theTemplate[0].ulValueLen = sizeof(privkClass);
    theTemplate[1].type = CKA_TOKEN;
    theTemplate[1].pValue = &ckTrue;
    theTemplate[1].ulValueLen = sizeof(ckTrue);

    if(slot==NULL) {
        return SECSuccess;
    }

    perObjectCB.callback = pk11_DoKeys;
    perObjectCB.callbackArg = &perKeyCB;
    perObjectCB.findTemplate = theTemplate;
    perObjectCB.templateCount = templateSize;
    perKeyCB.callback = callback;
    perKeyCB.callbackArg = arg;
    perKeyCB.wincx = NULL;

    return PK11_TraverseSlot(slot, &perObjectCB);
}
PRBool PK11_VerifyMechanism ( PK11SlotInfo *  slot,
PK11SlotInfo *  intern,
CK_MECHANISM_TYPE  mech,
SECItem *  data,
SECItem *  iv 
)

Definition at line 1018 of file pk11slot.c.

{
    PK11Context *test = NULL, *reference = NULL;
    PK11SymKey *symKey = NULL, *testKey = NULL;
    SECItem *param = NULL;
    unsigned char encTest[8];
    unsigned char encRef[8];
    int outLenTest,outLenRef;
    int key_size = 0;
    PRBool verify = PR_FALSE;
    SECStatus rv;

    if ((mech == CKM_RC2_CBC) || (mech == CKM_RC2_ECB) || (mech == CKM_RC4)) {
       key_size = 16;
    }

    /* initialize the mechanism parameter */
    param = PK11_ParamFromIV(mech,iv);
    if (param == NULL) goto loser;

    /* load the keys and contexts */
    symKey = PK11_KeyGen(intern,mech,NULL, key_size, NULL);
    if (symKey == NULL) goto loser;

    reference = PK11_CreateContextBySymKey(mech, CKA_ENCRYPT, symKey, param);
    if (reference == NULL) goto loser;

    testKey = pk11_CopyToSlot(slot, mech, CKA_ENCRYPT, symKey);
    if (testKey == NULL) goto loser;

    test = PK11_CreateContextBySymKey(mech, CKA_ENCRYPT, testKey, param);
    if (test == NULL) goto loser;
    SECITEM_FreeItem(param,PR_TRUE); param = NULL;

    /* encrypt the test data */
    rv = PK11_CipherOp(test,encTest,&outLenTest,sizeof(encTest),
                                                 data->data,data->len);
    if (rv != SECSuccess) goto loser;
    rv = PK11_CipherOp(reference,encRef,&outLenRef,sizeof(encRef),
                                                 data->data,data->len);
    if (rv != SECSuccess) goto loser;

    PK11_DestroyContext(reference,PR_TRUE); reference = NULL;
    PK11_DestroyContext(test,PR_TRUE); test = NULL;

    if (outLenTest != outLenRef) goto loser;
    if (PORT_Memcmp(encTest, encRef, outLenTest) != 0) goto loser;

    verify = PR_TRUE;

loser:
    if (test) PK11_DestroyContext(test,PR_TRUE);
    if (symKey) PK11_FreeSymKey(symKey);
    if (testKey) PK11_FreeSymKey(testKey);
    if (reference) PK11_DestroyContext(reference,PR_TRUE);
    if (param) SECITEM_FreeItem(param,PR_TRUE);

    return verify;
}

Here is the caller graph for this function:

SECStatus PK11_VerifyPW ( PK11SlotInfo *  slot,
char *  pw 
)

Definition at line 373 of file pk11auth.c.

{
    int len = PORT_Strlen(pw);

    if ((slot->minPassword > len) || (slot->maxPassword < len)) {
       PORT_SetError(SEC_ERROR_BAD_DATA);
       return SECFailure;
    }
    return SECSuccess;
}
PRBool PK11_VerifySlotMechanisms ( PK11SlotInfo *  slot)

Definition at line 1085 of file pk11slot.c.

{
    CK_MECHANISM_TYPE mechListArray[MAX_MECH_LIST_SIZE];
    CK_MECHANISM_TYPE *mechList = mechListArray;
    static SECItem data;
    static SECItem iv;
    static unsigned char dataV[8];
    static unsigned char ivV[8];
    static PRBool generated = PR_FALSE;
    CK_ULONG count;
    int i;
    CK_RV crv;

    PRBool alloced = PR_FALSE;
    PK11SlotInfo *intern = PK11_GetInternalSlot();

    /* if we couldn't initialize an internal module, 
     * we can't check external ones */
    if (intern == NULL) return PR_FALSE;

    /* first get the count of mechanisms */
    if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);
    crv = PK11_GETTAB(slot)->C_GetMechanismList(slot->slotID,NULL,&count);
    if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
    if (crv != CKR_OK) {
       PK11_FreeSlot(intern);
       return PR_FALSE;
    }


    /* don't blow up just because the card supports more mechanisms than
     * we know about, just alloc space for them */
    if (count > MAX_MECH_LIST_SIZE) {
       mechList = (CK_MECHANISM_TYPE *)
                         PORT_Alloc(count *sizeof(CK_MECHANISM_TYPE));
       alloced = PR_TRUE;
       if (mechList == NULL) {
           PK11_FreeSlot(intern);
           return PR_FALSE;
       }
    }
    /* get the list */
    if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);
    crv =PK11_GETTAB(slot)->C_GetMechanismList(slot->slotID, mechList, &count);
    if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
    if (crv != CKR_OK) {
       if (alloced) PORT_Free(mechList);
       PK11_FreeSlot(intern);
       return PR_FALSE;
    }

    if (!generated) {
       data.data = dataV;
       data.len = sizeof(dataV);
       iv.data = ivV;
       iv.len = sizeof(ivV);
       /* ok, this is a cheat, we know our internal random number generater
        * is thread safe */
       PK11_GETTAB(intern)->C_GenerateRandom(intern->session,
                                                 data.data, data.len);
       PK11_GETTAB(intern)->C_GenerateRandom(intern->session,
                                                 iv.data, iv.len);
    }
    for (i=0; i < (int) count; i++) {
       switch (mechList[i]) {
       case CKM_DES_CBC:
       case CKM_DES_ECB:
       case CKM_RC4:
       case CKM_RC2_CBC:
       case CKM_RC2_ECB:
           if (!PK11_VerifyMechanism(slot,intern,mechList[i],&data,&iv)){
              if (alloced) PORT_Free(mechList);
              PK11_FreeSlot(intern);
              return PR_FALSE;
           }
       }
    }
    if (alloced) PORT_Free(mechList);
    PK11_FreeSlot(intern);
    return PR_TRUE;
}

Here is the caller graph for this function: