Back to index

lightning-sunbird  0.9+nobinonly
Typedefs | Functions
lowkeyi.h File Reference
#include "prtypes.h"
#include "seccomon.h"
#include "secoidt.h"
#include "pcertt.h"
#include "lowkeyti.h"
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Typedefs

typedef char *(* NSSLOWKEYDBNameFunc )(void *arg, int dbVersion)

Functions

SEC_BEGIN_PROTOS void prepare_low_rsa_priv_key_for_asn1 (NSSLOWKEYPrivateKey *key)
void prepare_low_pqg_params_for_asn1 (PQGParams *params)
void prepare_low_dsa_priv_key_for_asn1 (NSSLOWKEYPrivateKey *key)
void prepare_low_dsa_priv_key_export_for_asn1 (NSSLOWKEYPrivateKey *key)
void prepare_low_dh_priv_key_for_asn1 (NSSLOWKEYPrivateKey *key)
NSSLOWKEYDBHandle * nsslowkey_OpenKeyDB (PRBool readOnly, const char *domain, const char *prefix, NSSLOWKEYDBNameFunc namecb, void *cbarg)
SECStatus nsslowkey_ResetKeyDB (NSSLOWKEYDBHandle *handle)
void nsslowkey_CloseKeyDB (NSSLOWKEYDBHandle *handle)
int nsslowkey_GetKeyDBVersion (NSSLOWKEYDBHandle *handle)
void nsslowkey_SetDefaultKeyDB (NSSLOWKEYDBHandle *handle)
NSSLOWKEYDBHandle * nsslowkey_GetDefaultKeyDB (void)
void nsslowkey_SetDefaultKeyDBAlg (SECOidTag alg)
SECItem * nsslowkey_HashPassword (char *pw, SECItem *salt)
SECItem * nsslowkey_DeriveKeyDBPassword (NSSLOWKEYDBHandle *handle, char *pw)
SECStatus nsslowkey_DeleteKey (NSSLOWKEYDBHandle *handle, SECItem *pubkey)
SECStatus nsslowkey_StoreKeyByPublicKey (NSSLOWKEYDBHandle *handle, NSSLOWKEYPrivateKey *pk, SECItem *pubKeyData, char *nickname, SECItem *arg)
PRBool nsslowkey_KeyForCertExists (NSSLOWKEYDBHandle *handle, NSSLOWCERTCertificate *cert)
PRBool nsslowkey_KeyForIDExists (NSSLOWKEYDBHandle *handle, SECItem *id)
SECStatus nsslowkey_HasKeyDBPassword (NSSLOWKEYDBHandle *handle)
SECStatus nsslowkey_SetKeyDBPassword (NSSLOWKEYDBHandle *handle, SECItem *pwitem)
SECStatus nsslowkey_CheckKeyDBPassword (NSSLOWKEYDBHandle *handle, SECItem *pwitem)
SECStatus nsslowkey_ChangeKeyDBPassword (NSSLOWKEYDBHandle *handle, SECItem *oldpwitem, SECItem *newpwitem)
void nsslowkey_DestroyPrivateKey (NSSLOWKEYPrivateKey *key)
void nsslowkey_DestroyPublicKey (NSSLOWKEYPublicKey *key)
unsigned int nsslowkey_PublicModulusLen (NSSLOWKEYPublicKey *pubKey)
unsigned int nsslowkey_PrivateModulusLen (NSSLOWKEYPrivateKey *privKey)
NSSLOWKEYPublicKey * nsslowkey_ConvertToPublicKey (NSSLOWKEYPrivateKey *privateKey)
SECStatus nsslowkey_SetKeyDBPasswordAlg (NSSLOWKEYDBHandle *handle, SECItem *pwitem, SECOidTag algorithm)
SECStatus nsslowkey_CheckKeyDBPasswordAlg (NSSLOWKEYDBHandle *handle, SECItem *pwitem, SECOidTag algorithm)
SECStatus nsslowkey_ChangeKeyDBPasswordAlg (NSSLOWKEYDBHandle *handle, SECItem *oldpwitem, SECItem *newpwitem, SECOidTag old_algorithm)
SECStatus nsslowkey_UpdateNickname (NSSLOWKEYDBHandle *handle, NSSLOWKEYPrivateKey *privkey, SECItem *pubKeyData, char *nickname, SECItem *arg)
SECStatus nsslowkey_StoreKeyByPublicKeyAlg (NSSLOWKEYDBHandle *handle, NSSLOWKEYPrivateKey *privkey, SECItem *pubKeyData, char *nickname, SECItem *arg, SECOidTag algorithm, PRBool update)
NSSLOWKEYPrivateKey * nsslowkey_FindKeyByPublicKey (NSSLOWKEYDBHandle *handle, SECItem *modulus, SECItem *arg)
char * nsslowkey_FindKeyNicknameByPublicKey (NSSLOWKEYDBHandle *handle, SECItem *modulus, SECItem *pwitem)
NSSLOWKEYPrivateKey * nsslowkey_CopyPrivateKey (NSSLOWKEYPrivateKey *privKey)

Typedef Documentation

typedef char*(* NSSLOWKEYDBNameFunc)(void *arg, int dbVersion)

Definition at line 68 of file lowkeyi.h.


Function Documentation

SECStatus nsslowkey_ChangeKeyDBPassword ( NSSLOWKEYDBHandle *  handle,
SECItem *  oldpwitem,
SECItem *  newpwitem 
)

Definition at line 2646 of file keydb.c.

{
    SECStatus rv;
    
    if (handle == NULL) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       rv = SECFailure;
       goto loser;
    }

    rv = nsslowkey_CheckKeyDBPassword(handle, oldpwitem);
    if ( rv != SECSuccess ) {
       return(SECFailure);  /* return rv? */
    }

    rv = ChangeKeyDBPasswordAlg(handle, oldpwitem, newpwitem, 
                            nsslowkey_GetDefaultKeyDBAlg());

loser:
    return(rv);
}
SECStatus nsslowkey_ChangeKeyDBPasswordAlg ( NSSLOWKEYDBHandle *  handle,
SECItem *  oldpwitem,
SECItem *  newpwitem,
SECOidTag  old_algorithm 
)
SECStatus nsslowkey_CheckKeyDBPassword ( NSSLOWKEYDBHandle *  handle,
SECItem *  pwitem 
)

Definition at line 2405 of file keydb.c.

{
    DBT checkkey;
    DBT checkdata;
    NSSPKCS5PBEParameter *param = NULL;
    SECStatus rv = SECFailure;
    NSSLOWKEYDBKey *dbkey = NULL;
    SECItem *key = NULL;
    SECItem *dest = NULL;
    SECOidTag algorithm;
    SECItem oid;
    SECItem encstring;
    PRBool update = PR_FALSE;
    int ret;
    
    if (handle == NULL) {
       goto loser;
    }

    checkkey.data = KEYDB_PW_CHECK_STRING;
    checkkey.size = KEYDB_PW_CHECK_LEN;
    
    dbkey = get_dbkey(handle, &checkkey);
    
    if ( dbkey == NULL ) {
       checkkey.data = KEYDB_FAKE_PW_CHECK_STRING;
       checkkey.size = KEYDB_FAKE_PW_CHECK_LEN;
       ret = keydb_Get(handle, &checkkey, &checkdata, 0 );
       if (ret) {
           goto loser;
       }
       /* if we have the fake PW_CHECK, then try to decode the key
        * rather than the pwcheck item.
        */
       rv = seckey_CheckKeyDB1Password(handle,pwitem);
       if (rv == SECSuccess) {
           /* OK we have enough to complete our conversion */
           nsslowkey_UpdateKeyDBPass2(handle,pwitem);
       }
       return rv;
    }

    /* build the oid item */
    oid.len = dbkey->derPK.data[0];
    oid.data = &dbkey->derPK.data[1];
    
    /* make sure entry is the correct length
     * since we are probably using a block cipher, the block will be
     * padded, so we may get a bit more than the exact size we need.
     */
    if ( dbkey->derPK.len < (KEYDB_PW_CHECK_LEN + 1 + oid.len ) ) {
       goto loser;
    }

    /* find the algorithm tag */
    algorithm = SECOID_FindOIDTag(&oid);

    /* make a secitem of the encrypted check string */
    encstring.len = dbkey->derPK.len - ( oid.len + 1 );
    encstring.data = &dbkey->derPK.data[oid.len+1];
    encstring.type = 0;
    
    switch(algorithm)
    {
       case SEC_OID_RC4:
           key = seckey_create_rc4_key(pwitem, &dbkey->salt);
           if(key != NULL) {
              dest = seckey_rc4_decode(key, &encstring);
              SECITEM_FreeItem(key, PR_TRUE);
           }
           break;
       default:
           param = nsspkcs5_NewParam(algorithm, &dbkey->salt, 1);
           if (param != NULL) {
                /* Decrypt - this function implements a workaround for
                 * a previous coding error.  It will decrypt values using
                 * DES rather than 3DES, if the initial try at 3DES
                 * decryption fails.  In this case, the update flag is
                 * set to TRUE.  This indication is used later to force
                 * an update of the database to "real" 3DES encryption.
                 */
              dest = nsspkcs5_CipherData(param, pwitem, 
                                      &encstring, PR_FALSE, &update);
              nsspkcs5_DestroyPBEParameter(param);
           }  
           break;
    }

    if(dest == NULL) {
       goto loser;
    }

    if ((dest->len == KEYDB_PW_CHECK_LEN) &&
       (PORT_Memcmp(dest->data, 
                   KEYDB_PW_CHECK_STRING, KEYDB_PW_CHECK_LEN) == 0)) {
       rv = SECSuccess;
       /* we succeeded */
       if ( algorithm == SEC_OID_RC4 ) {
           /* partially updated database */
           nsslowkey_UpdateKeyDBPass2(handle, pwitem);
       }
        /* Force an update of the password to remove the incorrect DES
         * encryption (see the note above)
         */
       if (update && 
            (algorithm == SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC)) {
           /* data base was encoded with DES not triple des, fix it */
           nsslowkey_UpdateKeyDBPass2(handle,pwitem);
       }
    }
                     
loser:
    sec_destroy_dbkey(dbkey);
    if(dest != NULL) {
       SECITEM_ZfreeItem(dest, PR_TRUE);
    }

    return(rv);
}
SECStatus nsslowkey_CheckKeyDBPasswordAlg ( NSSLOWKEYDBHandle *  handle,
SECItem *  pwitem,
SECOidTag  algorithm 
)
void nsslowkey_CloseKeyDB ( NSSLOWKEYDBHandle *  handle)

Definition at line 1146 of file keydb.c.

{
    if (handle != NULL) {
       if (handle->db != NULL) {
           keydb_Close(handle);
       }
       if (handle->updatedb) {
           handle->updatedb->close(handle->updatedb);
        }
       if (handle->dbname) PORT_Free(handle->dbname);
       if (handle->appname) PORT_Free(handle->appname);
       if (handle->global_salt) {
           SECITEM_FreeItem(handle->global_salt,PR_TRUE);
       }
       keydb_DestroyLocks(handle);
           
       PORT_Free(handle);
    }
}
NSSLOWKEYPublicKey* nsslowkey_ConvertToPublicKey ( NSSLOWKEYPrivateKey *  privateKey)

Definition at line 267 of file lowkey.c.

{
    NSSLOWKEYPublicKey *pubk;
    PLArenaPool *arena;


    arena = PORT_NewArena (DER_DEFAULT_CHUNKSIZE);
    if (arena == NULL) {
        PORT_SetError (SEC_ERROR_NO_MEMORY);
        return NULL;
    }

    switch(privk->keyType) {
      case NSSLOWKEYRSAKey:
      case NSSLOWKEYNullKey:
       pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
                                          sizeof (NSSLOWKEYPublicKey));
       if (pubk != NULL) {
           SECStatus rv;

           pubk->arena = arena;
           pubk->keyType = privk->keyType;
           if (privk->keyType == NSSLOWKEYNullKey) return pubk;
           rv = SECITEM_CopyItem(arena, &pubk->u.rsa.modulus,
                              &privk->u.rsa.modulus);
           if (rv == SECSuccess) {
              rv = SECITEM_CopyItem (arena, &pubk->u.rsa.publicExponent,
                                   &privk->u.rsa.publicExponent);
              if (rv == SECSuccess)
                  return pubk;
           }
       } else {
           PORT_SetError (SEC_ERROR_NO_MEMORY);
       }
       break;
      case NSSLOWKEYDSAKey:
       pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
                                              sizeof(NSSLOWKEYPublicKey));
       if (pubk != NULL) {
           SECStatus rv;

           pubk->arena = arena;
           pubk->keyType = privk->keyType;
           rv = SECITEM_CopyItem(arena, &pubk->u.dsa.publicValue,
                              &privk->u.dsa.publicValue);
           if (rv != SECSuccess) break;
           rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.prime,
                              &privk->u.dsa.params.prime);
           if (rv != SECSuccess) break;
           rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.subPrime,
                              &privk->u.dsa.params.subPrime);
           if (rv != SECSuccess) break;
           rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.base,
                              &privk->u.dsa.params.base);
           if (rv == SECSuccess) return pubk;
       }
       break;
      case NSSLOWKEYDHKey:
       pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
                                              sizeof(NSSLOWKEYPublicKey));
       if (pubk != NULL) {
           SECStatus rv;

           pubk->arena = arena;
           pubk->keyType = privk->keyType;
           rv = SECITEM_CopyItem(arena, &pubk->u.dh.publicValue,
                              &privk->u.dh.publicValue);
           if (rv != SECSuccess) break;
           rv = SECITEM_CopyItem(arena, &pubk->u.dh.prime,
                              &privk->u.dh.prime);
           if (rv != SECSuccess) break;
           rv = SECITEM_CopyItem(arena, &pubk->u.dh.base,
                              &privk->u.dh.base);
           if (rv == SECSuccess) return pubk;
       }
       break;
#ifdef NSS_ENABLE_ECC
      case NSSLOWKEYECKey:
       pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
                                              sizeof(NSSLOWKEYPublicKey));
       if (pubk != NULL) {
           SECStatus rv;

           pubk->arena = arena;
           pubk->keyType = privk->keyType;
           rv = SECITEM_CopyItem(arena, &pubk->u.ec.publicValue,
                              &privk->u.ec.publicValue);
           if (rv != SECSuccess) break;
           pubk->u.ec.ecParams.arena = arena;
           /* Copy the rest of the params */
           rv = EC_CopyParams(arena, &(pubk->u.ec.ecParams),
                            &(privk->u.ec.ecParams));
           if (rv == SECSuccess) return pubk;
       }
       break;
#endif /* NSS_ENABLE_ECC */
       /* No Fortezza in Low Key implementations (Fortezza keys aren't
        * stored in our data base */
    default:
       break;
    }

    PORT_FreeArena (arena, PR_FALSE);
    return NULL;
}
NSSLOWKEYPrivateKey* nsslowkey_CopyPrivateKey ( NSSLOWKEYPrivateKey *  privKey)

Definition at line 374 of file lowkey.c.

{
    NSSLOWKEYPrivateKey *returnKey = NULL;
    SECStatus rv = SECFailure;
    PLArenaPool *poolp;

    if(!privKey) {
       return NULL;
    }

    poolp = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if(!poolp) {
       return NULL;
    }

    returnKey = (NSSLOWKEYPrivateKey*)PORT_ArenaZAlloc(poolp, sizeof(NSSLOWKEYPrivateKey));
    if(!returnKey) {
       rv = SECFailure;
       goto loser;
    }

    returnKey->keyType = privKey->keyType;
    returnKey->arena = poolp;

    switch(privKey->keyType) {
       case NSSLOWKEYRSAKey:
           rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.modulus), 
                                   &(privKey->u.rsa.modulus));
           if(rv != SECSuccess) break;
           rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.version), 
                                   &(privKey->u.rsa.version));
           if(rv != SECSuccess) break;
           rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.publicExponent), 
                                   &(privKey->u.rsa.publicExponent));
           if(rv != SECSuccess) break;
           rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.privateExponent), 
                                   &(privKey->u.rsa.privateExponent));
           if(rv != SECSuccess) break;
           rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.prime1), 
                                   &(privKey->u.rsa.prime1));
           if(rv != SECSuccess) break;
           rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.prime2), 
                                   &(privKey->u.rsa.prime2));
           if(rv != SECSuccess) break;
           rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.exponent1), 
                                   &(privKey->u.rsa.exponent1));
           if(rv != SECSuccess) break;
           rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.exponent2), 
                                   &(privKey->u.rsa.exponent2));
           if(rv != SECSuccess) break;
           rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.coefficient), 
                                   &(privKey->u.rsa.coefficient));
           if(rv != SECSuccess) break;
           break;
       case NSSLOWKEYDSAKey:
           rv = SECITEM_CopyItem(poolp, &(returnKey->u.dsa.publicValue),
                                   &(privKey->u.dsa.publicValue));
           if(rv != SECSuccess) break;
           rv = SECITEM_CopyItem(poolp, &(returnKey->u.dsa.privateValue),
                                   &(privKey->u.dsa.privateValue));
           if(rv != SECSuccess) break;
           returnKey->u.dsa.params.arena = poolp;
           rv = SECITEM_CopyItem(poolp, &(returnKey->u.dsa.params.prime),
                                   &(privKey->u.dsa.params.prime));
           if(rv != SECSuccess) break;
           rv = SECITEM_CopyItem(poolp, &(returnKey->u.dsa.params.subPrime),
                                   &(privKey->u.dsa.params.subPrime));
           if(rv != SECSuccess) break;
           rv = SECITEM_CopyItem(poolp, &(returnKey->u.dsa.params.base),
                                   &(privKey->u.dsa.params.base));
           if(rv != SECSuccess) break;
           break;
       case NSSLOWKEYDHKey:
           rv = SECITEM_CopyItem(poolp, &(returnKey->u.dh.publicValue),
                                   &(privKey->u.dh.publicValue));
           if(rv != SECSuccess) break;
           rv = SECITEM_CopyItem(poolp, &(returnKey->u.dh.privateValue),
                                   &(privKey->u.dh.privateValue));
           if(rv != SECSuccess) break;
           returnKey->u.dsa.params.arena = poolp;
           rv = SECITEM_CopyItem(poolp, &(returnKey->u.dh.prime),
                                   &(privKey->u.dh.prime));
           if(rv != SECSuccess) break;
           rv = SECITEM_CopyItem(poolp, &(returnKey->u.dh.base),
                                   &(privKey->u.dh.base));
           if(rv != SECSuccess) break;
           break;
#ifdef NSS_ENABLE_ECC
       case NSSLOWKEYECKey:
           rv = SECITEM_CopyItem(poolp, &(returnKey->u.ec.version),
                                   &(privKey->u.ec.version));
           if(rv != SECSuccess) break;
           rv = SECITEM_CopyItem(poolp, &(returnKey->u.ec.publicValue),
                                   &(privKey->u.ec.publicValue));
           if(rv != SECSuccess) break;
           rv = SECITEM_CopyItem(poolp, &(returnKey->u.ec.privateValue),
                                   &(privKey->u.ec.privateValue));
           if(rv != SECSuccess) break;
           returnKey->u.ec.ecParams.arena = poolp;
           /* Copy the rest of the params */
           rv = EC_CopyParams(poolp, &(returnKey->u.ec.ecParams),
                            &(privKey->u.ec.ecParams));
           if (rv != SECSuccess) break;
           break;
#endif /* NSS_ENABLE_ECC */
       default:
           rv = SECFailure;
    }

loser:

    if(rv != SECSuccess) {
       PORT_FreeArena(poolp, PR_TRUE);
       returnKey = NULL;
    }

    return returnKey;
}
SECStatus nsslowkey_DeleteKey ( NSSLOWKEYDBHandle *  handle,
SECItem *  pubkey 
)

Definition at line 1179 of file keydb.c.

{
    DBT namekey;
    int ret;

    if (handle == NULL) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       return(SECFailure);
    }

    /* set up db key and data */
    namekey.data = pubkey->data;
    namekey.size = pubkey->len;

    /* delete it from the database */
    ret = keydb_Del(handle, &namekey, 0);
    if ( ret ) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       return(SECFailure);
    }

    /* sync the database */
    ret = keydb_Sync(handle, 0);
    if ( ret ) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       return(SECFailure);
    }

    return(SECSuccess);
}
SECItem* nsslowkey_DeriveKeyDBPassword ( NSSLOWKEYDBHandle *  handle,
char *  pw 
)

Definition at line 1418 of file keydb.c.

{
    PORT_Assert(keydb != NULL);
    PORT_Assert(pw != NULL);
    if (keydb == NULL || pw == NULL) return(NULL);

    return nsslowkey_HashPassword(pw, keydb->global_salt);
}
void nsslowkey_DestroyPrivateKey ( NSSLOWKEYPrivateKey *  key)

Definition at line 218 of file lowkey.c.

{
    if (privk && privk->arena) {
       PORT_FreeArena(privk->arena, PR_TRUE);
    }
}
void nsslowkey_DestroyPublicKey ( NSSLOWKEYPublicKey *  key)

Definition at line 226 of file lowkey.c.

{
    if (pubk && pubk->arena) {
       PORT_FreeArena(pubk->arena, PR_FALSE);
    }
}
NSSLOWKEYPrivateKey* nsslowkey_FindKeyByPublicKey ( NSSLOWKEYDBHandle *  handle,
SECItem *  modulus,
SECItem *  arg 
)

Definition at line 2164 of file keydb.c.

{
    DBT namekey;
    NSSLOWKEYPrivateKey *pk = NULL;

    if (handle == NULL) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       return NULL;
    }

    /* set up db key */
    namekey.data = modulus->data;
    namekey.size = modulus->len;

    pk = seckey_get_private_key(handle, &namekey, NULL, pwitem);
    
    /* no need to free dbkey, since its on the stack, and the data it
     * points to is owned by the database
     */
    return(pk);
}
char* nsslowkey_FindKeyNicknameByPublicKey ( NSSLOWKEYDBHandle *  handle,
SECItem *  modulus,
SECItem *  pwitem 
)

Definition at line 2188 of file keydb.c.

{
    DBT namekey;
    NSSLOWKEYPrivateKey *pk = NULL;
    char *nickname = NULL;

    if (handle == NULL) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       return NULL;
    }

    /* set up db key */
    namekey.data = modulus->data;
    namekey.size = modulus->len;

    pk = seckey_get_private_key(handle, &namekey, &nickname, pwitem);
    if (pk) {
       nsslowkey_DestroyPrivateKey(pk);
    }
    
    /* no need to free dbkey, since its on the stack, and the data it
     * points to is owned by the database
     */
    return(nickname);
}
NSSLOWKEYDBHandle* nsslowkey_GetDefaultKeyDB ( void  )
int nsslowkey_GetKeyDBVersion ( NSSLOWKEYDBHandle *  handle)

Definition at line 1168 of file keydb.c.

{
    PORT_Assert(handle != NULL);

    return handle->version;
}
SECItem* nsslowkey_HashPassword ( char *  pw,
SECItem *  salt 
)

Definition at line 1390 of file keydb.c.

{
    SECItem *pwitem;
    SECStatus rv;
    
    pwitem = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
    if ( pwitem == NULL ) {
       return(NULL);
    }
    pwitem->len = SHA1_LENGTH;
    pwitem->data = (unsigned char *)PORT_ZAlloc(SHA1_LENGTH);
    if ( pwitem->data == NULL ) {
       PORT_Free(pwitem);
       return(NULL);
    }
    if ( pw ) {
       rv = HashPassword(pwitem->data, pw, salt);
       if ( rv != SECSuccess ) {
           SECITEM_ZfreeItem(pwitem, PR_TRUE);
           return(NULL);
       }
    }
    
    return(pwitem);
}
SECStatus nsslowkey_HasKeyDBPassword ( NSSLOWKEYDBHandle *  handle)

Definition at line 1329 of file keydb.c.

{
    DBT checkkey, checkdata;
    int ret;

    if (handle == NULL) {
       return(SECFailure);
    }

    checkkey.data = KEYDB_PW_CHECK_STRING;
    checkkey.size = KEYDB_PW_CHECK_LEN;
    
    ret = keydb_Get(handle, &checkkey, &checkdata, 0 );
    if ( ret ) {
       /* see if this was an updated DB first */
       checkkey.data = KEYDB_FAKE_PW_CHECK_STRING;
       checkkey.size = KEYDB_FAKE_PW_CHECK_LEN;
       ret = keydb_Get(handle, &checkkey, &checkdata, 0 );
       if ( ret ) {
           return(SECFailure);
       }
    }

    return(SECSuccess);
}
PRBool nsslowkey_KeyForCertExists ( NSSLOWKEYDBHandle *  handle,
NSSLOWCERTCertificate *  cert 
)

Definition at line 1258 of file keydb.c.

{
    NSSLOWKEYPublicKey *pubkey = NULL;
    DBT namekey;
    DBT dummy;
    int status;
    
    /* get cert's public key */
    pubkey = nsslowcert_ExtractPublicKey(cert);
    if ( pubkey == NULL ) {
       return PR_FALSE;
    }

    /* TNH - make key from NSSLOWKEYPublicKey */
    switch (pubkey->keyType) {
      case NSSLOWKEYRSAKey:
       namekey.data = pubkey->u.rsa.modulus.data;
       namekey.size = pubkey->u.rsa.modulus.len;
       break;
      case NSSLOWKEYDSAKey:
       namekey.data = pubkey->u.dsa.publicValue.data;
       namekey.size = pubkey->u.dsa.publicValue.len;
       break;
      case NSSLOWKEYDHKey:
       namekey.data = pubkey->u.dh.publicValue.data;
       namekey.size = pubkey->u.dh.publicValue.len;
       break;
#ifdef NSS_ENABLE_ECC
      case NSSLOWKEYECKey:
       namekey.data = pubkey->u.ec.publicValue.data;
       namekey.size = pubkey->u.ec.publicValue.len;
       break;
#endif /* NSS_ENABLE_ECC */
      default:
       /* XXX We don't do Fortezza or DH yet. */
       return PR_FALSE;
    }

    if (handle->version != 3) {
       unsigned char buf[SHA1_LENGTH];
       SHA1_HashBuf(buf,namekey.data,namekey.size);
       /* NOTE: don't use pubkey after this! it's now thrashed */
       PORT_Memcpy(namekey.data,buf,sizeof(buf));
       namekey.size = sizeof(buf);
    }

    status = keydb_Get(handle, &namekey, &dummy, 0);
    /* some databases have the key stored as a signed value */
    if (status) {
       unsigned char *buf = (unsigned char *)PORT_Alloc(namekey.size+1);
       if (buf) {
           PORT_Memcpy(&buf[1], namekey.data, namekey.size);
           buf[0] = 0;
           namekey.data = buf;
           namekey.size ++;
           status = keydb_Get(handle, &namekey, &dummy, 0);
           PORT_Free(buf);
       }
    }
    nsslowkey_DestroyPublicKey(pubkey);
    if ( status ) {
       return PR_FALSE;
    }
    
    return PR_TRUE;
}
PRBool nsslowkey_KeyForIDExists ( NSSLOWKEYDBHandle *  handle,
SECItem *  id 
)

Definition at line 1238 of file keydb.c.

{
    DBT namekey;
    DBT dummy;
    int status;

    namekey.data = (char *)id->data;
    namekey.size = id->len;
    status = keydb_Get(handle, &namekey, &dummy, 0);
    if ( status ) {
       return PR_FALSE;
    }
    
    return PR_TRUE;
}
NSSLOWKEYDBHandle* nsslowkey_OpenKeyDB ( PRBool  readOnly,
const char *  domain,
const char *  prefix,
NSSLOWKEYDBNameFunc  namecb,
void cbarg 
)

Definition at line 1074 of file keydb.c.

{
    NSSLOWKEYDBHandle *handle = NULL;
    SECStatus rv;
    int openflags;
    char *dbname = NULL;


    handle = nsslowkey_NewHandle(NULL);

    openflags = readOnly ? NO_RDONLY : NO_RDWR;


    dbname = (*namecb)(cbarg, NSSLOWKEY_DB_FILE_VERSION);
    if ( dbname == NULL ) {
       goto loser;
    }
    handle->appname = appName ? PORT_Strdup(appName) : NULL ;
    handle->dbname = (appName == NULL) ? PORT_Strdup(dbname) : 
                     (prefix ? PORT_Strdup(prefix) : NULL);
    handle->readOnly = readOnly;



    handle->db = openOldDB(appName, prefix, dbname, openflags);
    if (handle->db) {
       verifyVersion(handle);
       if (handle->version == 255) {
           goto loser;
       }
    }

    /* if first open fails, try to create a new DB */
    if ( handle->db == NULL ) {
       if ( readOnly ) {
           goto loser;
       }

       rv = openNewDB(appName, prefix, dbname, handle, namecb, cbarg);
       /* two processes started to initialize the database at the same time.
        * The multiprocess code blocked the second one, then had it retry to
        * see if it can just open the database normally */
       if (rv == SECWouldBlock) {
           handle->db = openOldDB(appName,prefix,dbname, openflags);
           verifyVersion(handle);
           if (handle->db == NULL) {
              goto loser;
           }
       } else if (rv != SECSuccess) {
           goto loser;
       }
    }

    handle->global_salt = GetKeyDBGlobalSalt(handle);
    if ( dbname )
        PORT_Free( dbname );
    return handle;

loser:

    if ( dbname )
        PORT_Free( dbname );
    PORT_SetError(SEC_ERROR_BAD_DATABASE);
    nsslowkey_CloseKeyDB(handle);
    return NULL;
}
unsigned int nsslowkey_PrivateModulusLen ( NSSLOWKEYPrivateKey *  privKey)

Definition at line 251 of file lowkey.c.

{

    unsigned char b0;

    switch (privk->keyType) {
    case NSSLOWKEYRSAKey:
       b0 = privk->u.rsa.modulus.data[0];
       return b0 ? privk->u.rsa.modulus.len : privk->u.rsa.modulus.len - 1;
    default:
       break;
    }
    return 0;
}
unsigned int nsslowkey_PublicModulusLen ( NSSLOWKEYPublicKey *  pubKey)

Definition at line 233 of file lowkey.c.

{
    unsigned char b0;

    /* interpret modulus length as key strength... in
     * fortezza that's the public key length */

    switch (pubk->keyType) {
    case NSSLOWKEYRSAKey:
       b0 = pubk->u.rsa.modulus.data[0];
       return b0 ? pubk->u.rsa.modulus.len : pubk->u.rsa.modulus.len - 1;
    default:
       break;
    }
    return 0;
}
SECStatus nsslowkey_ResetKeyDB ( NSSLOWKEYDBHandle *  handle)

Definition at line 2675 of file keydb.c.

{
    SECStatus rv;
    int ret;
    int errors = 0;

    if ( handle->db == NULL ) {
       return(SECSuccess);
    }

    if (handle->readOnly) {
       /* set an error code */
       return SECFailure;
     }

    if (handle->appname == NULL && handle->dbname == NULL) {
       return SECFailure;
    }

    keydb_Close(handle);
    if (handle->appname) {
       handle->db= 
           rdbopen(handle->appname, handle->dbname, "key", NO_CREATE, NULL);
    } else {
       handle->db = dbopen( handle->dbname, NO_CREATE, 0600, DB_HASH, 0 );
    }
    if (handle->db == NULL) {
       /* set an error code */
       return SECFailure;
    }
    
    rv = makeGlobalVersion(handle);
    if ( rv != SECSuccess ) {
       errors++;
       goto done;
    }

    if (handle->global_salt) {
       rv = StoreKeyDBGlobalSalt(handle);
    } else {
       rv = makeGlobalSalt(handle);
       if ( rv == SECSuccess ) {
           handle->global_salt = GetKeyDBGlobalSalt(handle);
       }
    }
    if ( rv != SECSuccess ) {
       errors++;
    }

done:
    /* sync the database */
    ret = keydb_Sync(handle, 0);
    db_InitComplete(handle->db);

    return (errors == 0 ? SECSuccess : SECFailure);
}
void nsslowkey_SetDefaultKeyDB ( NSSLOWKEYDBHandle *  handle)

Definition at line 133 of file keydb.c.

{
    defaultKeyDBAlg = alg;

    return;
}
SECStatus nsslowkey_SetKeyDBPassword ( NSSLOWKEYDBHandle *  handle,
SECItem *  pwitem 
)

Definition at line 1360 of file keydb.c.

SECStatus nsslowkey_SetKeyDBPasswordAlg ( NSSLOWKEYDBHandle *  handle,
SECItem *  pwitem,
SECOidTag  algorithm 
)

Definition at line 2259 of file keydb.c.

{
    DBT checkkey;
    NSSPKCS5PBEParameter *param = NULL;
    SECStatus rv = SECFailure;
    NSSLOWKEYDBKey *dbkey = NULL;
    PLArenaPool *arena;
    SECItem *salt = NULL;
    SECItem *dest = NULL, test_key;
    
    if (handle == NULL) {
       return(SECFailure);
    }

    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( arena == NULL ) {
       rv = SECFailure;
       goto loser;
    }
    
    dbkey = (NSSLOWKEYDBKey *)PORT_ArenaZAlloc(arena, sizeof(NSSLOWKEYDBKey));
    if ( dbkey == NULL ) {
       rv = SECFailure;
       goto loser;
    }
    
    dbkey->arena = arena;

    /* encrypt key */
    checkkey.data = test_key.data = (unsigned char *)KEYDB_PW_CHECK_STRING;
    checkkey.size = test_key.len = KEYDB_PW_CHECK_LEN;

    salt = seckey_create_rc4_salt();
    if(salt == NULL) {
       rv = SECFailure;
       goto loser;
    }

    param = nsspkcs5_NewParam(algorithm, salt, 1);
    if (param == NULL) {
       rv = SECFailure;
       goto loser;
    }

    dest = nsspkcs5_CipherData(param, pwitem, &test_key, PR_TRUE, NULL);
    if (dest == NULL)
    {
       rv = SECFailure;
       goto loser;
    }

    rv = SECITEM_CopyItem(arena, &dbkey->salt, salt);
    if (rv == SECFailure) {
       goto loser;
    }
   
    rv = encodePWCheckEntry(arena, &dbkey->derPK, algorithm, dest);
       
    if ( rv != SECSuccess ) {
       goto loser;
    }
       
    rv = put_dbkey(handle, &checkkey, dbkey, PR_TRUE);
    
    /* let success fall through */
loser: 
    if ( arena != NULL ) {
       PORT_FreeArena(arena, PR_TRUE);
    }
    
    if ( dest != NULL ) {
       SECITEM_ZfreeItem(dest, PR_TRUE);
    }
    
    if ( salt != NULL ) {
       SECITEM_ZfreeItem(salt, PR_TRUE);
    }

    if (param != NULL) {
       nsspkcs5_DestroyPBEParameter(param);
    }
       
    return(rv);
}
SECStatus nsslowkey_StoreKeyByPublicKey ( NSSLOWKEYDBHandle *  handle,
NSSLOWKEYPrivateKey *  pk,
SECItem *  pubKeyData,
char *  nickname,
SECItem *  arg 
)

Definition at line 1214 of file keydb.c.

SECStatus nsslowkey_StoreKeyByPublicKeyAlg ( NSSLOWKEYDBHandle *  handle,
NSSLOWKEYPrivateKey *  privkey,
SECItem *  pubKeyData,
char *  nickname,
SECItem *  arg,
SECOidTag  algorithm,
PRBool  update 
)

Definition at line 1824 of file keydb.c.

{
    DBT namekey;
    SECStatus rv;

    if (handle == NULL) {
       PORT_SetError(SEC_ERROR_BAD_DATABASE);
       return(SECFailure);
    }

    /* set up db key and data */
    namekey.data = pubKeyData->data;
    namekey.size = pubKeyData->len;

    /* encrypt the private key */
    rv = seckey_put_private_key(handle, &namekey, pwitem, privkey, nickname,
                            update, algorithm);
    
    return(rv);
}
SECStatus nsslowkey_UpdateNickname ( NSSLOWKEYDBHandle *  handle,
NSSLOWKEYPrivateKey *  privkey,
SECItem *  pubKeyData,
char *  nickname,
SECItem *  arg 
)

Definition at line 1225 of file keydb.c.

void prepare_low_dh_priv_key_for_asn1 ( NSSLOWKEYPrivateKey *  key)

Definition at line 190 of file lowkey.c.

{
    key->u.dh.prime.type = siUnsignedInteger;
    key->u.dh.base.type = siUnsignedInteger;
    key->u.dh.publicValue.type = siUnsignedInteger;
    key->u.dh.privateValue.type = siUnsignedInteger;
}
void prepare_low_dsa_priv_key_export_for_asn1 ( NSSLOWKEYPrivateKey *  key)

Definition at line 184 of file lowkey.c.

{
    key->u.dsa.privateValue.type = siUnsignedInteger;
}
void prepare_low_dsa_priv_key_for_asn1 ( NSSLOWKEYPrivateKey *  key)

Definition at line 174 of file lowkey.c.

{
    key->u.dsa.publicValue.type = siUnsignedInteger;
    key->u.dsa.privateValue.type = siUnsignedInteger;
    key->u.dsa.params.prime.type = siUnsignedInteger;
    key->u.dsa.params.subPrime.type = siUnsignedInteger;
    key->u.dsa.params.base.type = siUnsignedInteger;
}
void prepare_low_pqg_params_for_asn1 ( PQGParams *  params)

Definition at line 166 of file lowkey.c.

{
    params->prime.type = siUnsignedInteger;
    params->subPrime.type = siUnsignedInteger;
    params->base.type = siUnsignedInteger;
}

Definition at line 153 of file lowkey.c.

{
    key->u.rsa.modulus.type = siUnsignedInteger;
    key->u.rsa.publicExponent.type = siUnsignedInteger;
    key->u.rsa.privateExponent.type = siUnsignedInteger;
    key->u.rsa.prime1.type = siUnsignedInteger;
    key->u.rsa.prime2.type = siUnsignedInteger;
    key->u.rsa.exponent1.type = siUnsignedInteger;
    key->u.rsa.exponent2.type = siUnsignedInteger;
    key->u.rsa.coefficient.type = siUnsignedInteger;
}